Index (spring-security-config 7.0.0-RC2 API)

A B C D E F G H I J K L M N O P R S T U V W X
All Classes and Interfaces|All Packages|Constant Field Values|Serialized Form

A

AbstractAuthenticationFilterConfigurer,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter> - Class in org.springframework.security.config.annotation.web.configurers: Base class for configuring AbstractAuthenticationFilterConfigurer.
AbstractAuthenticationFilterConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Creates a new instance with minimal defaults
AbstractAuthenticationFilterConfigurer(F, String) - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Creates a new instance
AbstractConfigAttributeRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
In modern Spring Security APIs, each API manages its own configuration context. As such there is no direct replacement for this interface. In the case of method security, please see SecurityAnnotationScanner and AuthorizationManager. In the case of channel security, please see HttpsRedirectFilter. In the case of web security, please see AuthorizationManager.
AbstractConfigAttributeRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry: Deprecated.
AbstractConfiguredSecurityBuilder<O,B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation: A base SecurityBuilder that allows SecurityConfigurer to be applied to it.
AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Creates a new instance with the provided ObjectPostProcessor.
AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>, boolean) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Creates a new instance with the provided ObjectPostProcessor.
AbstractDaoAuthenticationConfigurer,C extends AbstractDaoAuthenticationConfigurer<B,C,U>,U extends org.springframework.security.core.userdetails.UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails: Allows configuring a DaoAuthenticationProvider
AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T,B>,B extends HttpSecurityBuilder> - Class in org.springframework.security.config.annotation.web.configurers: Adds a convenient base class for SecurityConfigurer instances that operate on HttpSecurity.
AbstractHttpConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
AbstractLdapAuthenticationManagerFactory<T extends org.springframework.security.ldap.authentication.AbstractLdapAuthenticator> - Class in org.springframework.security.config.ldap: Creates an AuthenticationManager that can perform LDAP authentication.
AbstractRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web: A base class for registering RequestMatcher's.
AbstractRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
AbstractSecurityBuilder<O> - Class in org.springframework.security.config.annotation: A base SecurityBuilder that ensures the object being built is only built one time.
AbstractSecurityBuilder() - Constructor for class org.springframework.security.config.annotation.AbstractSecurityBuilder
AbstractServerWebExchangeMatcherRegistry<T> - Class in org.springframework.security.config.web.server
AbstractUserDetailsServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
AbstractUserDetailsServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
access(AuthorizationManager<? super RequestAuthorizationContext>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Allows specifying a custom AuthorizationManager.
access(ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
access(ReactiveAuthorizationManager<AuthorizationContext>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Allows plugging in a custom authorization strategy
Access() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
ACCESS_DENIED_HANDLER - Static variable in class org.springframework.security.config.Elements
accessDecisionManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Allows subclasses to provide a custom AccessDecisionManager.
accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Specifies the AccessDeniedHandler to be used
accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec: Configures the ServerAccessDeniedHandler used when a CSRF token is invalid.
accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec: Configures what to do when an authenticated user does not hold a required authority
accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Configures the ServerAccessDeniedHandler to use for requests authenticating with Bearer Tokens.
accessDeniedPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Shortcut to specify the AccessDeniedHandler to be used is a specific error page
accessTokenRequestConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenEndpointConfigurer: Adds an AuthenticationConverter used when attempting to extract an Access Token Request from HttpServletRequest to an instance of OAuth2AuthorizationGrantAuthenticationToken used for authenticating the authorization grant.
accessTokenRequestConverters(Consumer<List<AuthenticationConverter>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationConverter's allowing the ability to add, remove, or customize a specific AuthenticationConverter.
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer: Sets the client used for requesting the access token credential from the Token Endpoint.
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig: Sets the client used for requesting the access token credential from the Token Endpoint.
accessTokenResponseHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenEndpointConfigurer: Sets the AuthenticationSuccessHandler used for handling an OAuth2AccessTokenAuthenticationToken and returning the Access Token Response.
accountExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Defines if the account is expired or not.
accountLocked(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Defines if the account is locked or not.
addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration: Deprecated.
addFilter(Filter) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
addFilter(Filter) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Adds a Filter that must be an instance of or extend one of the Filters provided within the Security framework.
addFilterAfter(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
addFilterAfter(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Allows adding a Filter after one of the known Filter classes.
addFilterAfter(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Adds a WebFilter after specific position.
addFilterAt(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Adds the Filter at the location of the specified Filter class.
addFilterAt(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Adds a WebFilter at a specific position.
addFilterBefore(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
addFilterBefore(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Allows adding a Filter before one of the known Filter classes.
addFilterBefore(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Adds a WebFilter before specific position.
addHeaderWriter(HeaderWriter) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Adds a HeaderWriter instance
addLogoutHandler(LogoutHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Adds a LogoutHandler.
addObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter: Adds an ObjectPostProcessor to be used for this SecurityConfigurerAdapter.
addPayloadInterceptor(PayloadInterceptor) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity: Adds a PayloadInterceptor to be used.
addSecurityFilterChainBuilder(SecurityBuilder<? extends SecurityFilterChain>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Adds builders to create SecurityFilterChain instances.
addSessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Adds an additional SessionAuthenticationStrategy to be used within the CompositeSessionAuthenticationStrategy.
addSha256Pins(String...) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
AFTER_INVOCATION_PROVIDER - Static variable in class org.springframework.security.config.Elements
afterInvocationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Provide a custom AfterInvocationManager for the default implementation of GlobalMethodSecurityConfiguration.methodSecurityInterceptor(MethodSecurityMetadataSource).
afterPropertiesSet() - Method in class org.springframework.security.config.http.PathPatternRequestMatcherFactoryBean
afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.
allowedOrigins(String...) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer: Convenience method for WebAuthnConfigurer.allowedOrigins(Set)
allowedOrigins(Set<String>) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer: Sets the allowed origins.
AlreadyBuiltException - Exception in org.springframework.security.config.annotation: Thrown when SecurityBuilder.build() is two or more times.
AlreadyBuiltException(String) - Constructor for exception org.springframework.security.config.annotation.AlreadyBuiltException
ALWAYS - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy: Always create an HttpSession
alwaysRemember(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Whether the cookie should always be created even if the remember-me parameter is not set.
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: Gets the LdapAuthenticationProviderConfigurer for further customizations
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer: Allows obtaining a reference to the LdapAuthenticationProviderConfigurer for further customizations
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Returns the UserDetailsManagerConfigurer for method chaining (i.e.
and() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer: Returns the WebSecurity to be returned for chaining.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FeaturePolicyConfig: Allows completing configuration of Feature Policy and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

Allows completing configuration of Public Key Pinning and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FeaturePolicySpec: Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use #featurePolicy(Customizer) instead
anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specify that URLs are allowed by anonymous users.
anonymous(Customizer<RSocketSecurity.AnonymousAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity: Adds anonymous authentication
anonymous(Customizer<AnonymousConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring how an anonymous user is represented.
anonymous(Customizer<ServerHttpSecurity.AnonymousSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Enables and Configures anonymous authentication.
ANONYMOUS - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder: Where anonymous authentication is placed.
ANONYMOUS - Static variable in class org.springframework.security.config.Elements
ANONYMOUS_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder: Instance of AnonymousAuthenticationWebFilter
AnonymousConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Configures Anonymous authentication (i.e.
AnonymousConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Creates a new instance
anyExchange() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec: Always matches
anyExchange() - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry: Maps any request.
anyExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec: Disables authorization.
anyRequest() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec: Matches if PayloadExchangeType.isRequest() is true, else not a match
anyRequest() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Maps any request.
apply(C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Applies a SecurityConfigurer to this SecurityBuilder overriding any SecurityConfigurer of the exact same class.
ATT_GROUP_ROLE_ATTRIBUTE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
ATT_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
ATT_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
ATT_HASH - Static variable in class org.springframework.security.config.authentication.PasswordEncoderParser
ATT_LDIF_FILE - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser: Optionally defines an ldif resource to be loaded.
ATT_PORT - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser: Defines the port the LDAP_PROVIDER server should run on
ATT_ROOT_SUFFIX - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser: sets the configuration suffix (default is "dc=springframework,dc=org").
ATT_SERVER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
ATT_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
ATT_USER_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
authenticate(Authentication) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider
authenticated() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specify that URLs are allowed by any authenticated user.
authenticated() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Require an authenticated user
authenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Specifies the AuthenticationUserDetailsService that is used with the PreAuthenticatedAuthenticationProvider.
AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder: A generic placeholder for other types of authentication.
AUTHENTICATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.BeanIds: The "global" AuthenticationManager instance, registered by the <authentication-manager> element
AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.Elements
AUTHENTICATION_PROVIDER - Static variable in class org.springframework.security.config.Elements
AuthenticationConfiguration - Class in org.springframework.security.config.annotation.authentication.configuration: Exports the authentication Configuration
AuthenticationConfiguration() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
authenticationConverter(OpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
authenticationConverter(ReactiveOpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientAuthenticationConfigurer: Adds an AuthenticationConverter used when attempting to extract client credentials from HttpServletRequest to an instance of OAuth2ClientAuthenticationToken used for authenticating the client.
authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer: Sets the AuthenticationConverter to use.
authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer: Use this AuthenticationConverter when converting incoming requests to an Authentication.
authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Use this AuthenticationConverter when converting incoming requests to an Authentication.
authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Sets the converter to use
authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Sets the converter to use
authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: Use this ServerAuthenticationConverter when converting incoming requests to an Authentication.
authenticationConverters(Consumer<List<AuthenticationConverter>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientAuthenticationConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationConverter's allowing the ability to add, remove, or customize a specific AuthenticationConverter.
authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies a custom AuthenticationDetailsSource.
authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer: Specifies a custom AuthenticationDetailsSource to use for basic authentication.
authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer: Specifies the AuthenticationDetailsSource
authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Sets the AuthenticationEntryPoint to be used.
authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer: The AuthenticationEntryPoint to be populated on BasicAuthenticationFilter in the event that authentication fails.
authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec: Configures what to do when the application request authentication
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: How to request for authentication.
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec: Allows easily setting the entry point.
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Configures the ServerAuthenticationEntryPoint to use for requests authenticating with Bearer Tokens.
authenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Sets the AuthenticationEventPublisher
authenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer: Deprecated.
Use AbstractAuthenticationFilterConfigurer.failureHandler(AuthenticationFailureHandler) instead
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: Configures how a failed authentication is handled.
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: The ServerAuthenticationFailureHandler used after authentication failure.
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: Specifies the ServerAuthenticationFailureHandler to use when authentication fails.
authenticationFilter(AnonymousAuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Sets the AnonymousAuthenticationFilter used to populate an anonymous user.
authenticationFilter(AnonymousAuthenticationWebFilter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec: Sets the AnonymousAuthenticationWebFilter used to populate an anonymous user.
authenticationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Allows providing a custom AuthenticationManager.
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configure the default AuthenticationManager.
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Allows a configuration of a AuthenticationManager to be used during SAML 2 authentication.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configure the default authentication manager.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: The ReactiveAuthenticationManager used to authenticate.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec: The ReactiveAuthenticationManager used to authenticate.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Configures the ReactiveAuthenticationManager to use.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Configures the ReactiveAuthenticationManager to use.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec: Configures the ReactiveAuthenticationManager to use
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: Specifies ReactiveAuthenticationManager for one time tokens.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
AuthenticationManagerBeanDefinitionParser - Class in org.springframework.security.config.authentication: Registers the central ProviderManager used by the namespace configuration, and allows the configuration of an alias, allowing users to reference it in their beans and clearly see where the name is coming from.
AuthenticationManagerBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser
AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider - Class in org.springframework.security.config.authentication: Provider which doesn't provide any service.
authenticationManagerBuilder(ObjectPostProcessor<Object>, ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
AuthenticationManagerBuilder - Class in org.springframework.security.config.annotation.authentication.builders: SecurityBuilder used to create an AuthenticationManager.
AuthenticationManagerBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Creates a new instance
AuthenticationManagerFactoryBean - Class in org.springframework.security.config.authentication: Factory bean for the namespace AuthenticationManager, which allows a more meaningful error message to be reported in the NoSuchBeanDefinitionException, if the user has forgotten to declare the <authentication-manager> element.
AuthenticationManagerFactoryBean() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
authenticationManagerResolver(AuthenticationManagerResolver<HttpServletRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
authenticationManagerResolver(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Configures the ReactiveAuthenticationManagerResolver
authenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Sets the matcher used for determining if the request is an authentication request.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Add authentication based upon the custom AuthenticationProvider that is passed in.
authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.authentication.ProviderManagerBuilder: Add authentication based upon the custom AuthenticationProvider that is passed in.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Sets the AuthenticationProvider used to validate an anonymous user.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationEndpointConfigurer: Adds an AuthenticationProvider used for authenticating an OAuth2AuthorizationCodeRequestAuthenticationToken.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientAuthenticationConfigurer: Adds an AuthenticationProvider used for authenticating an OAuth2ClientAuthenticationToken.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientRegistrationEndpointConfigurer: Adds an AuthenticationProvider used for authenticating an OAuth2ClientRegistrationAuthenticationToken.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceAuthorizationEndpointConfigurer: Adds an AuthenticationProvider used for authenticating an OAuth2DeviceAuthorizationRequestAuthenticationToken.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceVerificationEndpointConfigurer: Adds an AuthenticationProvider used for authenticating an OAuth2DeviceVerificationAuthenticationToken or OAuth2DeviceAuthorizationConsentAuthenticationToken.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2PushedAuthorizationRequestEndpointConfigurer: Adds an AuthenticationProvider used for authenticating an OAuth2PushedAuthorizationRequestAuthenticationToken.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenEndpointConfigurer: Adds an AuthenticationProvider used for authenticating a type of OAuth2AuthorizationGrantAuthenticationToken.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenIntrospectionEndpointConfigurer: Adds an AuthenticationProvider used for authenticating a type of OAuth2TokenIntrospectionAuthenticationToken.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenRevocationEndpointConfigurer: Adds an AuthenticationProvider used for authenticating a type of OAuth2TokenRevocationAuthenticationToken.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcClientRegistrationEndpointConfigurer: Adds an AuthenticationProvider used for authenticating an OidcClientRegistrationAuthenticationToken.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcLogoutEndpointConfigurer: Adds an AuthenticationProvider used for authenticating an OidcLogoutAuthenticationToken.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcUserInfoEndpointConfigurer: Adds an AuthenticationProvider used for authenticating an OidcUserInfoAuthenticationToken.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer: Specifies the AuthenticationProvider to use when authenticating the user.
authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Allows adding an additional AuthenticationProvider to be used
AuthenticationProviderBeanDefinitionParser - Class in org.springframework.security.config.authentication: Wraps a UserDetailsService bean with a DaoAuthenticationProvider and registers the latter with the ProviderManager.
AuthenticationProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser
authenticationProviders(Consumer<List<AuthenticationProvider>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationProvider's allowing the ability to add, remove, or customize a specific AuthenticationProvider.
authenticationProviders(Consumer<List<AuthenticationProvider>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientAuthenticationConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationProvider's allowing the ability to add, remove, or customize a specific AuthenticationProvider.
authenticationProviders(Consumer<List<AuthenticationProvider>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientRegistrationEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationProvider's allowing the ability to add, remove, or customize a specific AuthenticationProvider.
authenticationProviders(Consumer<List<AuthenticationProvider>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceAuthorizationEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationProvider's allowing the ability to add, remove, or customize a specific AuthenticationProvider.
authenticationProviders(Consumer<List<AuthenticationProvider>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceVerificationEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationProvider's allowing the ability to add, remove, or customize a specific AuthenticationProvider.
authenticationProviders(Consumer<List<AuthenticationProvider>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2PushedAuthorizationRequestEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationProvider's allowing the ability to add, remove, or customize a specific AuthenticationProvider.
authenticationProviders(Consumer<List<AuthenticationProvider>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationProvider's allowing the ability to add, remove, or customize a specific AuthenticationProvider.
authenticationProviders(Consumer<List<AuthenticationProvider>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenIntrospectionEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationProvider's allowing the ability to add, remove, or customize a specific AuthenticationProvider.
authenticationProviders(Consumer<List<AuthenticationProvider>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenRevocationEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationProvider's allowing the ability to add, remove, or customize a specific AuthenticationProvider.
authenticationProviders(Consumer<List<AuthenticationProvider>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcClientRegistrationEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationProvider's allowing the ability to add, remove, or customize a specific AuthenticationProvider.
authenticationProviders(Consumer<List<AuthenticationProvider>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcLogoutEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationProvider's allowing the ability to add, remove, or customize a specific AuthenticationProvider.
authenticationProviders(Consumer<List<AuthenticationProvider>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcUserInfoEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationProvider's allowing the ability to add, remove, or customize a specific AuthenticationProvider.
authenticationRequestResolver(Saml2AuthenticationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Use this Saml2AuthenticationRequestResolver for generating SAML 2.0 Authentication Requests.
authenticationRequestUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Deprecated.
Use Saml2LoginConfigurer.authenticationRequestUriQuery(java.lang.String) instead
authenticationRequestUriQuery(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Customize the URL that the SAML Authentication Request will be sent to.
authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: Allows customizing the list of ServerAuthenticationSuccessHandler.
authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec: Allows customizing the list of ServerAuthenticationSuccessHandler.
authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Allows customizing the list of ServerAuthenticationSuccessHandler.
authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: Allows customizing the list of ServerAuthenticationSuccessHandler.
authenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientAuthenticationConfigurer: Sets the AuthenticationSuccessHandler used for handling a successful client authentication and associating the OAuth2ClientAuthenticationToken to the SecurityContext.
authenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer: Deprecated.
Use AbstractAuthenticationFilterConfigurer.successHandler(AuthenticationSuccessHandler) instead
authenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Allows control over the destination a remembered user is sent to when they are successfully authenticated.
authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: The ServerAuthenticationSuccessHandler used after authentication success.
authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec: The ServerAuthenticationSuccessHandler used after authentication success.
authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: The ServerAuthenticationSuccessHandler used after authentication success.
authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: Specifies the ServerAuthenticationSuccessHandler
authenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer: Specifies the AuthenticationUserDetailsService to use.
authorities() - Element in annotation interface org.springframework.security.config.annotation.authorization.EnableMultiFactorAuthentication: The additional authorities that are required.
authorities(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Populates the authorities.
authorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Sets the Authentication.getAuthorities() for anonymous users
authorities(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec: Sets the Authentication.getAuthorities() for anonymous users
authorities(List<? extends GrantedAuthority>) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Populates the authorities.
authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Sets the Authentication.getAuthorities() for anonymous users
authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec: Sets the Authentication.getAuthorities() for anonymous users
authorities(GrantedAuthority...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Populates the authorities.
authoritiesByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer: Sets the query to be used for finding a user's authorities by their username.
authoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Specifies the GrantedAuthoritiesMapper.
AUTHORIZATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder: Where authorization is placed.
AUTHORIZATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
authorizationCodeGrant(Customizer<OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer: Configures the OAuth 2.0 Authorization Code Grant.
authorizationConsentService(OAuth2AuthorizationConsentService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Sets the authorization consent service.
authorizationEndpoint(Customizer<OAuth2LoginConfigurer.AuthorizationEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Configures the Authorization Server's Authorization Endpoint.
authorizationEndpoint(Customizer<OAuth2AuthorizationEndpointConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Configures the OAuth 2.0 Authorization Endpoint.
authorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer: Sets the redirect strategy for Authorization Endpoint redirect URI.
authorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig: Sets the redirect strategy for Authorization Endpoint redirect URI.
authorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Sets the redirect strategy for Authorization Endpoint redirect URI.
authorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Sets the redirect strategy for Authorization Endpoint redirect URI.
authorizationRequestConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationEndpointConfigurer: Adds an AuthenticationConverter used when attempting to extract an Authorization Request (or Consent) from HttpServletRequest to an instance of OAuth2AuthorizationCodeRequestAuthenticationToken or OAuth2AuthorizationConsentAuthenticationToken used for authenticating the request.
authorizationRequestConverters(Consumer<List<AuthenticationConverter>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationConverter's allowing the ability to add, remove, or customize a specific AuthenticationConverter.
authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer: Sets the repository used for storing OAuth2AuthorizationRequest's.
authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig: Sets the repository used for storing OAuth2AuthorizationRequest's.
authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Sets the repository to use for storing OAuth2AuthorizationRequest's.
authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Sets the repository to use for storing OAuth2AuthorizationRequest's.
authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer: Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig: Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizationResponseHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationEndpointConfigurer: Sets the AuthenticationSuccessHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationToken and returning the Authorization Response.
authorizationServerMetadataCustomizer(Consumer<OAuth2AuthorizationServerMetadata.Builder>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerMetadataEndpointConfigurer: Sets the Consumer providing access to the OAuth2AuthorizationServerMetadata.Builder allowing the ability to customize the claims of the Authorization Server's configuration.
authorizationServerMetadataEndpoint(Customizer<OAuth2AuthorizationServerMetadataEndpointConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Configures the OAuth 2.0 Authorization Server Metadata Endpoint.
authorizationServerSecurityFilterChain(HttpSecurity) - Method in class org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration
authorizationServerSettings(AuthorizationServerSettings) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Sets the authorization server settings.
authorizationService(OAuth2AuthorizationService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Sets the authorization service.
authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer: Sets the repository for authorized client(s).
authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Sets the repository for authorized client(s).
authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Configures the ReactiveClientRegistrationRepository.
authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer: Sets the service for authorized client(s).
authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Sets the service for authorized client(s).
authorizedClientService(ReactiveOAuth2AuthorizedClientService) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
authorizeExchange(Customizer<ServerHttpSecurity.AuthorizeExchangeSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures authorization.
AuthorizeExchangeSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
authorizeHttpRequests(Customizer<AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows restricting access based upon the HttpServletRequest using RequestMatcher implementations (i.e.
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds a URL based authorization using AuthorizationManager.
AuthorizeHttpRequestsConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer: Creates an instance.
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers: Registry for mapping a RequestMatcher to an AuthorizationManager.
AuthorizeHttpRequestsConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers: An object that allows configuring the AuthorizationManager for RequestMatchers.
AuthorizeHttpRequestsConfigurer.AuthorizedUrl.AuthorizedUrlVariable - Class in org.springframework.security.config.annotation.web.configurers: An object that allows configuring RequestMatchers with URI path variables
authorizePayload(Customizer<RSocketSecurity.AuthorizePayloadsSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
AuthorizePayloadsSpec() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
AutowiredWebSecurityConfigurersIgnoreParents - Class in org.springframework.security.config.annotation.web.configuration: A class used to get all the WebSecurityConfigurer instances from the current ApplicationContext but ignoring the parent.

B

backChannel(Customizer<OidcLogoutConfigurer.BackChannelLogoutConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer: Configure OIDC Back-Channel Logout using the provided Consumer
backChannel(Customizer<ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec: Configure OIDC Back-Channel Logout using the provided Consumer
BackChannelLogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.BackChannelLogoutConfigurer
BackChannelLogoutConfigurer() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer
baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig: Sets the base URI used for authorization requests.
baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig: Sets the URI where the authorization response will be processed.
BASIC_AUTH - Static variable in class org.springframework.security.config.Elements
BASIC_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder: Deprecated.
please see PayloadInterceptorOrder.AUTHENTICATION
basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity: Deprecated.
Use RSocketSecurity.simpleAuthentication(Customizer)
BeanIds - Class in org.springframework.security.config: Contains globally used default Bean IDs for beans created by the namespace support in Spring Security 2.
BeanIds() - Constructor for class org.springframework.security.config.BeanIds
bearerTokenConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Configures the ServerAuthenticationConverter to use for requests authenticating with Bearer Tokens.
bearerTokenResolver(BearerTokenResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
beforeConfigure() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Invoked prior to invoking each SecurityConfigurer.configure(SecurityBuilder) method.
beforeConfigure() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
beforeInit() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Invoked prior to invoking each SecurityConfigurer.init(SecurityBuilder) method.
build() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AnonymousAuthenticationSpec
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec
build() - Method in interface org.springframework.security.config.annotation.SecurityBuilder: Builds the object and returns it or null.
build() - Method in class org.springframework.security.config.observation.SecurityObservationSettings.Builder
build() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Builds the SecurityWebFilterChain

C

cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures cache control headers
cacheControl(Customizer<HeadersConfigurer.CacheControlConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows customizing the CacheControlHeadersWriter.
CACHING_SUFFIX - Static variable in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry: Deprecated.

Marks the RequestMatcher's as unmapped and then calls AbstractConfigAttributeRequestMatcherRegistry.chainRequestMatchersInternal(List).
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry: Deprecated.

Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry: Deprecated.
changePasswordPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer: Sets the change password page.
changePasswordPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec: Sets the change password page.
changeSessionId() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer: Specifies that the Servlet container-provided session fixation protection should be used.
ChannelAttributeFactory - Class in org.springframework.security.config.http: Deprecated.
In modern Spring Security APIs, each API manages its own configuration context. As such there is no direct replacement for this interface. In the case of method security, please see SecurityAnnotationScanner and AuthorizationManager. In the case of channel security, please see HttpsRedirectFilter. In the case of web security, please see AuthorizationManager.
channelProcessors(List<ChannelProcessor>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry: Deprecated.

Sets the ChannelProcessor instances to use in ChannelDecisionManagerImpl
ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
please use HttpsRedirectConfigurer instead
ChannelSecurityConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer: Deprecated.

Creates a new instance
ChannelSecurityConfigurer.ChannelRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
no replacement planned
ChannelSecurityConfigurer.RequiresChannelUrl - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
no replacement planned
ChildAuthenticationManagerFactoryBean(List<AuthenticationProvider>, AuthenticationManager) - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
ciRegex - Enum constant in enum class org.springframework.security.config.http.MatcherType
clearAuthentication(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Specifies if SecurityContextLogoutHandler should clear the Authentication at the time of logout.
CLIENT_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements
clientAuthentication(Customizer<OAuth2ClientAuthenticationConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Configures OAuth 2.0 Client Authentication.
clientRegistrationEndpoint(Customizer<OAuth2ClientRegistrationEndpointConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Configures the OAuth 2.0 Dynamic Client Registration Endpoint.
clientRegistrationEndpoint(Customizer<OidcClientRegistrationEndpointConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcConfigurer: Configures the OpenID Connect Dynamic Client Registration 1.0 Endpoint.
clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer: Sets the repository of client registrations.
clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Sets the repository of client registrations.
clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer: Sets the repository of client registrations.
clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Configures the ReactiveClientRegistrationRepository.
clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec: Configures the ReactiveClientRegistrationRepository.
clientRegistrationRequestConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientRegistrationEndpointConfigurer: Adds an AuthenticationConverter used when attempting to extract a Client Registration Request from HttpServletRequest to an instance of OAuth2ClientRegistrationAuthenticationToken used for authenticating the request.
clientRegistrationRequestConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcClientRegistrationEndpointConfigurer: Adds an AuthenticationConverter used when attempting to extract a Client Registration Request from HttpServletRequest to an instance of OidcClientRegistrationAuthenticationToken used for authenticating the request.
clientRegistrationRequestConverters(Consumer<List<AuthenticationConverter>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientRegistrationEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationConverter's allowing the ability to add, remove, or customize a specific AuthenticationConverter.
clientRegistrationRequestConverters(Consumer<List<AuthenticationConverter>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcClientRegistrationEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationConverter's allowing the ability to add, remove, or customize a specific AuthenticationConverter.
clientRegistrationResponseHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientRegistrationEndpointConfigurer: Sets the AuthenticationSuccessHandler used for handling an OAuth2ClientRegistrationAuthenticationToken and returning the Client Registration Response.
clientRegistrationResponseHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcClientRegistrationEndpointConfigurer: Sets the AuthenticationSuccessHandler used for handling an OidcClientRegistrationAuthenticationToken and returning the Client Registration Response.
ClientRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.oauth2.client
ClientRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser
CommonOAuth2Provider - Enum Class in org.springframework.security.config.oauth2.client: Common OAuth2 Providers that can be used to create builders pre-configured with sensible defaults for the HttpSecurity.oauth2Login(Customizer) flow.
CONCURRENT_SESSIONS - Static variable in class org.springframework.security.config.Elements
concurrentSessions(Customizer<ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec: Configures how many sessions are allowed for a given user.
ConcurrentSessionsSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec
configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec: Configures the CorsConfigurationSource to be used
configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer
configure(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer: Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer: Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer: Deprecated.
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.HttpsRedirectConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Sub classes can override this method to register different types of authentication.
configure(HttpSecurity) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer
configure(HttpSecurity) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceAuthorizationEndpointConfigurer
configure(HttpSecurity) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceVerificationEndpointConfigurer
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
consentPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationEndpointConfigurer: Specify the URI to redirect Resource Owners to if consent is required during the authorization_code flow.
consentPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceVerificationEndpointConfigurer: Specify the URI to redirect Resource Owners to if consent is required during the device_code flow.
contentSecurityPolicy(Customizer<HeadersConfigurer.ContentSecurityPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Content Security Policy (CSP) Level 2.
contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures Content-Security-Policy response header.
contentTypeOptions(Customizer<HeadersConfigurer.ContentTypeOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Configures the XContentTypeOptionsHeaderWriter which inserts the X-Content-Type-Options:
contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures content type response headers
CONTEXT_SOURCE - Static variable in class org.springframework.security.config.BeanIds
CONTEXT_SOURCE_SETTING_POST_PROCESSOR - Static variable in class org.springframework.security.config.BeanIds
contextSource() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Allows easily configuring of a BaseLdapPathContextSource with defaults pointing to an embedded LDAP server that is created.
contextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Specifies the BaseLdapPathContextSource to be used.
ContextSourceSettingPostProcessor - Class in org.springframework.security.config.ldap: Checks for the presence of a ContextSource instance.
conversionServicePostProcessor() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
cors(Customizer<CorsConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Adds a CorsFilter to be used.
cors(Customizer<ServerHttpSecurity.CorsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures CORS headers.
CORS - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder: CorsWebFilter
CORS - Static variable in class org.springframework.security.config.Elements
CorsBeanDefinitionParser - Class in org.springframework.security.config.http: Parser for the CorsFilter.
CorsBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CorsBeanDefinitionParser
CorsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds CorsFilter to the Spring Security filter chain.
CorsConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.CorsConfigurer: Creates a new instance
createAuthenticationManager() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Returns the configured AuthenticationManager that can be used to perform LDAP authentication.
createChannelAttributes(String) - Static method in class org.springframework.security.config.http.ChannelAttributeFactory: Deprecated.
createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Allows subclasses to supply the default AbstractLdapAuthenticator.
createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory
createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory
createExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Provide a MethodSecurityExpressionHandler that is registered with the ExpressionBasedPreInvocationAdvice.
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Create the RequestMatcher given a loginProcessingUrl
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
createMatcher(ParserContext, String, String) - Method in enum class org.springframework.security.config.http.MatcherType
createMatcher(ParserContext, String, String, String) - Method in enum class org.springframework.security.config.http.MatcherType
createPasswordEncoderBeanDefinition(String) - Static method in class org.springframework.security.config.authentication.PasswordEncoderParser
creationOptionsRepository(PublicKeyCredentialCreationOptionsRepository) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer: Sets PublicKeyCredentialCreationOptionsRepository
credentialsExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Defines if the credentials are expired or not.
crossOriginEmbedderPolicy(Customizer<HeadersConfigurer.CrossOriginEmbedderPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Cross-Origin-Embedder-Policy header.
crossOriginEmbedderPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures the Cross-Origin-Embedder-Policy header.
CrossOriginEmbedderPolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig
crossOriginOpenerPolicy(Customizer<HeadersConfigurer.CrossOriginOpenerPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Cross-Origin-Opener-Policy header.
crossOriginOpenerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures the Cross-Origin-Opener-Policy header.
CrossOriginOpenerPolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig
crossOriginResourcePolicy(Customizer<HeadersConfigurer.CrossOriginResourcePolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Cross-Origin-Resource-Policy header.
crossOriginResourcePolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures the Cross-Origin-Resource-Policy header.
CrossOriginResourcePolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig
csrf(Customizer<CsrfConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Enables CSRF protection.
csrf(Customizer<ServerHttpSecurity.CsrfSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures CSRF Protection which is enabled by default.
CSRF - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder: CsrfWebFilter
CSRF - Static variable in class org.springframework.security.config.Elements
CsrfBeanDefinitionParser - Class in org.springframework.security.config.http: Parser for the CsrfFilter.
CsrfBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CsrfBeanDefinitionParser
CsrfConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds CSRF protection for the methods as specified by CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).
CsrfConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Creates a new instance
csrfTokenRepository(CsrfTokenRepository) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Specify the CsrfTokenRepository to use.
csrfTokenRepository(ServerCsrfTokenRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec: Configures the ServerCsrfTokenRepository used to persist the CSRF Token.
csrfTokenRequestHandler(CsrfTokenRequestHandler) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Specify a CsrfTokenRequestHandler to use for making the CsrfToken available as a request attribute.
csrfTokenRequestHandler(ServerCsrfTokenRequestHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec: Specifies a ServerCsrfTokenRequestHandler that is used to make the CsrfToken available as an exchange attribute.
CUSTOM_FILTER - Static variable in class org.springframework.security.config.Elements
customize(WebSecurity) - Method in interface org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer: Performs the customizations on WebSecurity.
customize(T) - Method in interface org.springframework.security.config.Customizer: Performs the customizations on the input argument.
customize(T) - Method in interface org.springframework.security.config.ThrowingCustomizer: Default Customizer.customize(Object) that wraps any thrown checked exceptions (by default in a RuntimeException).
Customizer<T> - Interface in org.springframework.security.config: Callback interface that accepts a single input argument and returns no result.
customizeWithException(T) - Method in interface org.springframework.security.config.ThrowingCustomizer: Performs the customization on the given object, possibly throwing a checked exception.
customMethodSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Provides a custom MethodSecurityMetadataSource that is registered with the GlobalMethodSecurityConfiguration.methodSecurityMetadataSource().

D

DaoAuthenticationConfigurer,U extends org.springframework.security.core.userdetails.UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails: Allows configuring a DaoAuthenticationProvider
DaoAuthenticationConfigurer(U) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer: Creates a new instance
dataSource(DataSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer: Populates the DataSource to be used.
debug() - Element in annotation interface org.springframework.security.config.annotation.web.configuration.EnableWebSecurity: Controls debugging support for Spring Security.
debug(boolean) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Controls debugging support for Spring Security.
DEBUG - Static variable in class org.springframework.security.config.Elements
DEBUG_FILTER - Static variable in class org.springframework.security.config.BeanIds
DebugBeanDefinitionParser - Class in org.springframework.security.config
DebugBeanDefinitionParser() - Constructor for class org.springframework.security.config.DebugBeanDefinitionParser
decoder(JwtDecoder) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator
decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator
decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.SecurityNamespaceHandler
DEF_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
DEF_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
DEF_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
defaultAccessDeniedHandlerFor(AccessDeniedHandler, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Sets a default AccessDeniedHandler to be used which prefers being invoked for the provided RequestMatcher.
defaultAuthenticationEntryPointFor(AuthenticationEntryPoint, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Sets a default AuthenticationEntryPoint to be used which prefers being invoked for the provided RequestMatcher.
defaultDeniedHandlerForMissingAuthority(Consumer<DelegatingAuthenticationEntryPoint.Builder>, String) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Sets a default AuthenticationEntryPoint to be used which prefers being invoked for the provided missing GrantedAuthority.
defaultDeniedHandlerForMissingAuthority(AuthenticationEntryPoint, String) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Sets a default AuthenticationEntryPoint to be used which prefers being invoked for the provided missing GrantedAuthority.
DefaultFilterChainValidator - Class in org.springframework.security.config.http
DefaultFilterChainValidator() - Constructor for class org.springframework.security.config.http.DefaultFilterChainValidator
DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds a Filter that will generate a login page if one is not specified otherwise when using EnableWebSecurity.
DefaultLoginPageConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
defaultLogoutSuccessHandlerFor(LogoutSuccessHandler, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Sets a default LogoutSuccessHandler to be used which prefers being invoked for the provided RequestMatcher.
defaultsDisabled() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Clears all of the default headers from the response.
defaultSubmitPageUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer: Sets the URL that the default submit page will be generated.
defaultSubmitPageUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: Sets the URL that the default submit page will be generated.
defaultSuccessUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating.
defaultSuccessUrl(String, boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating or alwaysUse is true.
delegatingApplicationListener() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
deleteCookies(String...) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Allows specifying the names of cookies to be removed on logout success.
deny() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig: Specify to DENY framing any content from this application.
denyAll() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
denyAll() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specify that URLs are not allowed by anyone.
denyAll() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Deny access for everyone
destroy() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
deviceAuthorizationEndpoint(Customizer<OAuth2DeviceAuthorizationEndpointConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Configures the OAuth 2.0 Device Authorization Endpoint.
deviceAuthorizationRequestConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceAuthorizationEndpointConfigurer: Sets the AuthenticationConverter used when attempting to extract a Device Authorization Request from HttpServletRequest to an instance of OAuth2DeviceAuthorizationRequestAuthenticationToken used for authenticating the request.
deviceAuthorizationRequestConverters(Consumer<List<AuthenticationConverter>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceAuthorizationEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationConverter's allowing the ability to add, remove, or customize a specific AuthenticationConverter.
deviceAuthorizationResponseHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceAuthorizationEndpointConfigurer: Sets the AuthenticationSuccessHandler used for handling an OAuth2DeviceAuthorizationRequestAuthenticationToken and returning the Device Authorization Response.
deviceVerificationEndpoint(Customizer<OAuth2DeviceVerificationEndpointConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Configures the OAuth 2.0 Device Verification Endpoint.
deviceVerificationRequestConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceVerificationEndpointConfigurer: Sets the AuthenticationConverter used when attempting to extract a Device Verification Request (or Device Authorization Consent) from HttpServletRequest to an instance of OAuth2DeviceVerificationAuthenticationToken or OAuth2DeviceAuthorizationConsentAuthenticationToken used for authenticating the request.
deviceVerificationRequestConverters(Consumer<List<AuthenticationConverter>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceVerificationEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationConverter's allowing the ability to add, remove, or customize a specific AuthenticationConverter.
deviceVerificationResponseHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceVerificationEndpointConfigurer: Sets the AuthenticationSuccessHandler used for handling an OAuth2DeviceVerificationAuthenticationToken and returning the response.
disable() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AnonymousAuthenticationSpec
disable() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer: Disables the AbstractHttpConfigurer by removing it.
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig: Disables Cache Control
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig: Removes the X-XSS-Protection header.
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig: Prevents the header from being added to the response.
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

Prevents the header from being added to the response.
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig: Disables Strict Transport Security
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig: Disables X-XSS-Protection header (does not include it)
disable() - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec: Disables anonymous authentication.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec: Disables CORS support within Spring Security.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec: Disables CSRF Protection.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: Disables HTTP Basic authentication.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CacheSpec: Disables cache control response headers
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec: Disables the content type options response header
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Disables http response headers
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FrameOptionsSpec: Disables frame options response header
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec: Disables strict transport security response header
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.XssProtectionSpec: Disables the x-xss-protection response header
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec: Disables HTTP Basic authentication.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec: Disables log out
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec: Disables the ServerHttpSecurity.RequestCacheSpec
disabled(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Defines if the account is disabled or not.
disableDefaultRegistrationPage(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer: Configures whether the default webauthn registration should be disabled.
dispatcherTypeMatchers(DispatcherType...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Create a List of DispatcherTypeRequestMatcher instances that do not specify an HttpMethod.
dispatcherTypeMatchers(HttpMethod, DispatcherType...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Maps a List of DispatcherTypeRequestMatcher instances.
doBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Executes the build using the SecurityConfigurer's that have been applied using the following steps: Invokes AbstractConfiguredSecurityBuilder.beforeInit() for any subclass to hook into Invokes SecurityConfigurer.init(SecurityBuilder) for any SecurityConfigurer that was applied to this builder. Invokes AbstractConfiguredSecurityBuilder.beforeConfigure() for any subclass to hook into Invokes AbstractConfiguredSecurityBuilder.performBuild() which actually builds the Object
doBuild() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder: Subclasses should implement this to perform the build.
doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser
doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser
doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

E

Elements - Class in org.springframework.security.config: Contains all the element names used by Spring Security 3 namespace support.
Elements() - Constructor for class org.springframework.security.config.Elements
EMBEDDED_UNBOUNDID - Static variable in class org.springframework.security.config.BeanIds
EmbeddedLdapServerContextSourceFactoryBean - Class in org.springframework.security.config.ldap: Creates a DefaultSpringSecurityContextSource used to perform LDAP authentication and starts and in-memory LDAP server.
EmbeddedLdapServerContextSourceFactoryBean() - Constructor for class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
EnableGlobalAuthentication - Annotation Interface in org.springframework.security.config.annotation.authentication.configuration: The EnableGlobalAuthentication annotation signals that the annotated class can be used to configure a global instance of AuthenticationManagerBuilder.
enableGlobalAuthenticationAutowiredConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
EnableGlobalMethodSecurity - Annotation Interface in org.springframework.security.config.annotation.method.configuration: Deprecated.
Use EnableMethodSecurity instead
EnableMethodSecurity - Annotation Interface in org.springframework.security.config.annotation.method.configuration: Enables Spring Security Method Security.
EnableMultiFactorAuthentication - Annotation Interface in org.springframework.security.config.annotation.authorization: Enables Multi-Factor Authentication (MFA) support within Spring Security.
EnableReactiveMethodSecurity - Annotation Interface in org.springframework.security.config.annotation.method.configuration
EnableRSocketSecurity - Annotation Interface in org.springframework.security.config.annotation.rsocket: Add this annotation to a Configuration class to have Spring Security RSocketSecurity support added.
enableSessionUrlRewriting(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: If set to true, allows HTTP sessions to be rewritten in the URLs when using HttpServletResponse.encodeRedirectURL(String) or HttpServletResponse.encodeURL(String), otherwise disallows HTTP sessions to be included in the URL.
EnableWebFluxSecurity - Annotation Interface in org.springframework.security.config.annotation.web.reactive: Add this annotation to a Configuration class to have Spring Security WebFlux support added.
EnableWebSecurity - Annotation Interface in org.springframework.security.config.annotation.web.configuration: Add this annotation to an @Configuration class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by exposing a SecurityFilterChain bean:
EnableWebSocketSecurity - Annotation Interface in org.springframework.security.config.annotation.web.socket: Allows configuring WebSocket Authorization.
equalTo(Function<Authentication, String>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl.AuthorizedUrlVariable: Compares the value of a path variable in the URI with an `Authentication` attribute
eraseCredentials(boolean) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
errorResponseHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationEndpointConfigurer: Sets the AuthenticationFailureHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationException and returning the Error Response.
errorResponseHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientAuthenticationConfigurer: Sets the AuthenticationFailureHandler used for handling a failed client authentication and returning the Error Response.
errorResponseHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientRegistrationEndpointConfigurer: Sets the AuthenticationFailureHandler used for handling an OAuth2AuthenticationException and returning the Error Response.
errorResponseHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceAuthorizationEndpointConfigurer: Sets the AuthenticationFailureHandler used for handling an OAuth2AuthenticationException and returning the Error Response.
errorResponseHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceVerificationEndpointConfigurer: Sets the AuthenticationFailureHandler used for handling an OAuth2AuthenticationException and returning the Error Response.
errorResponseHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2PushedAuthorizationRequestEndpointConfigurer: Sets the AuthenticationFailureHandler used for handling an OAuth2AuthorizationCodeRequestAuthenticationException and returning the Error Response.
errorResponseHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenEndpointConfigurer: Sets the AuthenticationFailureHandler used for handling an OAuth2AuthenticationException and returning the Error Response.
errorResponseHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenIntrospectionEndpointConfigurer: Sets the AuthenticationFailureHandler used for handling an OAuth2AuthenticationException and returning the Error Response.
errorResponseHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenRevocationEndpointConfigurer: Sets the AuthenticationFailureHandler used for handling an OAuth2AuthenticationException and returning the Error Response.
errorResponseHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcClientRegistrationEndpointConfigurer: Sets the AuthenticationFailureHandler used for handling an OAuth2AuthenticationException and returning the Error Response.
errorResponseHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcLogoutEndpointConfigurer: Sets the AuthenticationFailureHandler used for handling an OAuth2AuthenticationException and returning the Error Response.
errorResponseHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcUserInfoEndpointConfigurer: Sets the AuthenticationFailureHandler used for handling an OAuth2AuthenticationException and returning the Error Response.
EXCEPTION_TRANSLATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
exceptionHandling(Customizer<ExceptionHandlingConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring exception handling.
exceptionHandling(Customizer<ServerHttpSecurity.ExceptionHandlingSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures exception handling (i.e.
ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds exception handling for Spring Security related exceptions to an application.
ExceptionHandlingConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Creates a new instance
expiredSessionStrategy(SessionInformationExpiredStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer: Determines the behaviour when an expired session is detected.
expiredUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer: The URL to redirect to if a user tries to access a resource and their session has been expired due to too many sessions for the current user.
EXPRESSION_HANDLER - Static variable in class org.springframework.security.config.Elements
expressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Set the SecurityExpressionHandler to be used.

F

FACEBOOK - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
failureForwardUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer: Forward Authentication Failure Handler
failureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies the AuthenticationFailureHandler to use when authentication fails.
failureUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: The URL to send users if authentication fails.
featurePolicy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Deprecated.
For removal in 7.0. Use HeadersConfigurer.permissionsPolicy(Customizer) or permissionsPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
featurePolicy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Deprecated.
For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer) instead.
FILTER_CHAIN - Static variable in class org.springframework.security.config.Elements
FILTER_CHAIN_MAP - Static variable in class org.springframework.security.config.Elements
FILTER_CHAIN_PROXY - Static variable in class org.springframework.security.config.BeanIds
FILTER_CHAINS - Static variable in class org.springframework.security.config.BeanIds
FILTER_SECURITY_METADATA_SOURCE - Static variable in class org.springframework.security.config.Elements
FilterChainBeanDefinitionParser - Class in org.springframework.security.config.http
FilterChainBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.FilterChainBeanDefinitionParser
FilterChainDecoratorFactory() - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory
FilterChainMapBeanDefinitionDecorator - Class in org.springframework.security.config.http: Sets the filter chain Map for a FilterChainProxy bean declaration.
FilterChainMapBeanDefinitionDecorator() - Constructor for class org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator
FilterInvocationSecurityMetadataSourceParser - Class in org.springframework.security.config.http: Deprecated.
Use `use-authorization-manager` property instead
FilterInvocationSecurityMetadataSourceParser() - Constructor for class org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser: Deprecated.
FIRST - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
FORM_LOGIN - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder: Instance of AuthenticationWebFilter
FORM_LOGIN - Static variable in class org.springframework.security.config.Elements
formLogin(Customizer<FormLoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Specifies to support form based authentication.
formLogin(Customizer<ServerHttpSecurity.FormLoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures form based authentication.
FormLoginBeanDefinitionParser - Class in org.springframework.security.config.http
FormLoginConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds form based authentication.
FormLoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer: Creates a new instance
frameOptions(Customizer<HeadersConfigurer.FrameOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows customizing the XFrameOptionsHeaderWriter.
frameOptions(Customizer<ServerHttpSecurity.HeaderSpec.FrameOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures frame options response headers
fromEmbeddedLdapServer() - Static method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean: Create an EmbeddedLdapServerContextSourceFactoryBean that will use an embedded LDAP server to perform LDAP authentication.
fromResource(Resource) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean: Create a ReactiveUserDetailsServiceResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResource(Resource) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean: Create a UserDetailsResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResource(Resource) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean: Create a UserDetailsManagerResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResourceLocation(String) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean: Create a ReactiveUserDetailsServiceResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResourceLocation(String) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean: Create a UserDetailsResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResourceLocation(String) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean: Create a UserDetailsManagerResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromString(String) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean: Create a ReactiveUserDetailsServiceResourceFactoryBean with a String that is in the format defined in UserDetailsResourceFactoryBean.
fromString(String) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean: Creates a UserDetailsResourceFactoryBean with a resource from the provided String
fromString(String) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean: Create a UserDetailsManagerResourceFactoryBean with a String that is in the format defined in UserDetailsResourceFactoryBean.
fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specify that URLs are allowed by users who have authenticated and were not "remembered".

G

generateRequestResolver(GenerateOneTimeTokenRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer: Use this GenerateOneTimeTokenRequestResolver when resolving GenerateOneTimeTokenRequest from HttpServletRequest.
generateRequestResolver(ServerGenerateOneTimeTokenRequestResolver) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: Use this ServerGenerateOneTimeTokenRequestResolver when resolving GenerateOneTimeTokenRequest from ServerWebExchange.
getApplicationContext() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Gets the ApplicationContext
getAuthenticationConverter() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
getAuthenticationEntryPoint() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Gets the Authentication Entry Point
getAuthenticationEntryPointMatcher(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
getAuthenticationFilter() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Gets the Authentication Filter
getAuthenticationManager() - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
getAuthenticationManager() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
getAuthoritiesMapper() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Gets the GrantedAuthoritiesMapper and defaults to SimpleAuthorityMapper.
getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser
getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser
getBeanClassName(Element) - Method in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
getBuilder() - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter: Gets the SecurityBuilder.
getBuilder(String) - Method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider: Create a new ClientRegistration.Builder pre-configured with provider defaults.
getBuilder(String, ClientAuthenticationMethod, String) - Method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
getConfigurer(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Gets the SecurityConfigurer by its class name or null if not found.
getConfigurer(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Gets the SecurityConfigurer by its class name or null if not found.
getConfigurers(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Gets all the SecurityConfigurer instances by its class name or an empty List if not found.
getContext() - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer: Deprecated.
Use this.context instead
getContextSource() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Gets the BaseLdapPathContextSource used to perform LDAP authentication.
getDatabasePopulator() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
getDefaultUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Gets the default UserDetailsService for the AuthenticationManagerBuilder.
getEndpointsMatcher() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Returns a RequestMatcher for the authorization server endpoints.
getExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Gets the MethodSecurityExpressionHandler or creates it using GlobalMethodSecurityConfiguration.expressionHandler.
getExpressionHandler() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Gets the SecurityExpressionHandler to be used.
getFailureUrl() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Gets the URL to send users to if authentication fails
getIntrospector() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
getJwtAuthenticationConverter() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
getJwtDecoder() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
getLoginPage() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Gets the login page
getLoginProcessingUrl() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Gets the URL to submit an authentication request to (i.e.
getLogoutHandlers() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Gets the LogoutHandler instances that will be used.
getLogoutSuccessHandler() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Gets the LogoutSuccessHandler if not null, otherwise creates a new SimpleUrlLogoutSuccessHandler using the LogoutConfigurer.logoutSuccessUrl(String).
getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
getObject() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder: Gets the object that was built.
getObject() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
getObject() - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
getObject() - Method in class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean
getObject() - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
getObject() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
getObject() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory
getObject() - Method in class org.springframework.security.config.http.MessageMatcherFactoryBean: Deprecated.
getObject() - Method in class org.springframework.security.config.http.PathPatternRequestMatcherFactoryBean
getObject() - Method in class org.springframework.security.config.http.RequestMatcherFactoryBean: Deprecated.
getObject() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
getObject() - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
getObject() - Method in class org.springframework.security.config.web.messaging.PathPatternMessageMatcherBuilderFactoryBean
getObject() - Method in class org.springframework.security.config.web.PathPatternRequestMatcherBuilderFactoryBean
getObjectPostProcessor() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceVerificationEndpointConfigurer
getObjectType() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
getObjectType() - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
getObjectType() - Method in class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean
getObjectType() - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
getObjectType() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
getObjectType() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory
getObjectType() - Method in class org.springframework.security.config.http.MessageMatcherFactoryBean: Deprecated.
getObjectType() - Method in class org.springframework.security.config.http.PathPatternRequestMatcherFactoryBean
getObjectType() - Method in class org.springframework.security.config.http.RequestMatcherFactoryBean: Deprecated.
getObjectType() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
getObjectType() - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
getObjectType() - Method in class org.springframework.security.config.web.messaging.PathPatternMessageMatcherBuilderFactoryBean
getObjectType() - Method in class org.springframework.security.config.web.PathPatternRequestMatcherBuilderFactoryBean
getOrBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Similar to SecurityBuilder.build() and AbstractSecurityBuilder.getObject() but checks the state to determine if SecurityBuilder.build() needs to be called first.
getOrder() - Method in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
getOrder() - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor
getOrder() - Method in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
getPasswordEncoder() - Method in class org.springframework.security.config.authentication.PasswordEncoderParser
getPathPatternParser() - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
getPathPatternParser() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
getPrivilegeEvaluator() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Gets the WebInvocationPrivilegeEvaluator to be used.
getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer: The AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry is what users will interact with after applying the AuthorizeHttpRequestsConfigurer.
getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer: Deprecated.
getRequestMatcherBuilder() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
getRolePrefix() - Method in class org.springframework.security.config.core.GrantedAuthorityDefaults: The default prefix used with role based authorization.
getSecurityContextHolderStrategy() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
getSharedObject(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Gets a shared Object.
getSharedObject(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Gets a shared Object.
getSharedObjects() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Gets the shared objects
getSource(Element, ParserContext) - Method in class org.springframework.security.config.http.CorsBeanDefinitionParser
getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer: Gets the UserDetailsService that is used with the DaoAuthenticationProvider
getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer: Gets the UserDetailsService or null if it is not available
getWebSecurityConfigurers() - Method in class org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents
GITHUB - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
GLOBAL_METHOD_SECURITY - Static variable in class org.springframework.security.config.Elements
GlobalAuthenticationConfigurerAdapter - Class in org.springframework.security.config.annotation.authentication.configuration: A SecurityConfigurer that can be exposed as a bean to configure the global AuthenticationManagerBuilder.
GlobalAuthenticationConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
GlobalMethodSecurityBeanDefinitionParser - Class in org.springframework.security.config.method: Deprecated.
Use MethodSecurityBeanDefinitionParser instead
GlobalMethodSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser: Deprecated.
GlobalMethodSecurityConfiguration - Class in org.springframework.security.config.annotation.method.configuration: Deprecated.
Use PrePostMethodSecurityConfiguration, SecuredMethodSecurityConfiguration, or Jsr250MethodSecurityConfiguration instead
GlobalMethodSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.
GOOGLE - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
GrantedAuthorityDefaults - Class in org.springframework.security.config.core: Allows providing defaults for GrantedAuthority
GrantedAuthorityDefaults(String) - Constructor for class org.springframework.security.config.core.GrantedAuthorityDefaults
groupAuthoritiesByUsername(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer: An SQL statement to query user's group authorities given a username.
groupRoleAttribute(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Specifies the attribute name which contains the role name.
groupSearchBase(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: The search base for group membership searches.
groupSearchFilter(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: The LDAP filter to search for groups.
groupSearchSubtree(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: If set to true, a subtree scope search will be performed for group membership.

H

hasAllAuthorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specifies that a user requires all the provided authorities.
hasAllRoles(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specifies that a user requires all the provided roles.
hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specifies that a user requires one of many authorities.
hasAnyAuthority(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Require any authority
hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specifies that a user requires one of many roles.
hasAnyRole(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Require any specific role.
hasAuthority(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specifies a user requires an authority.
hasAuthority(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Require a specific authority.
hasIpAddress(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Require a specific IP address or range using an IP/Netmask (e.g.
hasRole(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specifies a user requires a role.
hasRole(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Require a specific role.
hasVariable(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specify that a path variable in URL to be compared.
headers(Customizer<HeadersConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Adds the Security headers to the response.
headers(Customizer<ServerHttpSecurity.HeaderSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures HTTP Response Headers.
HEADERS - Static variable in class org.springframework.security.config.Elements
HeadersBeanDefinitionParser - Class in org.springframework.security.config.http: Parser for the HeadersFilter.
HeadersBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HeadersBeanDefinitionParser
HeadersConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds the Security HTTP headers to the response.
HeadersConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Creates a new instance
HeadersConfigurer.CacheControlConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.ContentSecurityPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.ContentTypeOptionsConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.CrossOriginEmbedderPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.CrossOriginOpenerPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.CrossOriginResourcePolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.FeaturePolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.FrameOptionsConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.HpkpConfig - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
see Certificate and Public Key Pinning for more context
HeadersConfigurer.HstsConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.PermissionsPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.ReferrerPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.XXssConfig - Class in org.springframework.security.config.annotation.web.configurers
headerValue(XXssProtectionHeaderWriter.HeaderValue) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig: Sets the value of the X-XSS-PROTECTION header.
headerValue(XXssProtectionServerHttpHeadersWriter.HeaderValue) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.XssProtectionSpec: Sets the value of x-xss-protection header.
hsts(Customizer<ServerHttpSecurity.HeaderSpec.HstsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures the Strict Transport Security response headers
http() - Static method in class org.springframework.security.config.web.server.ServerHttpSecurity: Creates a new instance.
http(int) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer: Adds a port mapping
HTTP - Static variable in class org.springframework.security.config.Elements
HTTP_BASIC - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder: Instance of AuthenticationWebFilter
HTTP_FIREWALL - Static variable in class org.springframework.security.config.Elements
HTTP_HEADERS_WRITER - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
httpBasic(Customizer<HttpBasicConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures HTTP Basic authentication.
httpBasic(Customizer<ServerHttpSecurity.HttpBasicSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures HTTP Basic authentication.
HttpBasicConfigurer> - Class in org.springframework.security.config.annotation.web.configurers: Adds HTTP basic based authentication.
HttpBasicConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer: Creates a new instance
httpFirewall(HttpFirewall) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Allows customizing the HttpFirewall.
HttpFirewallBeanDefinitionParser - Class in org.springframework.security.config.http: Injects the supplied HttpFirewall bean reference into the FilterChainProxy.
HttpFirewallBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HttpFirewallBeanDefinitionParser
httpPublicKeyPinning(Customizer<HeadersConfigurer.HpkpConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Deprecated.
see Certificate and Public Key Pinning for more context
HTTPS_REDIRECT - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder: HttpsRedirectWebFilter
HttpSecurity - Class in org.springframework.security.config.annotation.web.builders: A HttpSecurity is similar to Spring Security's XML <http> element in the namespace configuration.
HttpSecurity(ObjectPostProcessor<Object>, AuthenticationManagerBuilder, Map<Class<?>, Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.HttpSecurity: Creates a new instance
HttpSecurity.RequestMatcherConfigurer - Class in org.springframework.security.config.annotation.web.builders: Allows mapping HTTP requests that this HttpSecurity will be used for
HttpSecurityBeanDefinitionParser - Class in org.springframework.security.config.http: Sets up HTTP security: filter stack and protected URLs.
HttpSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser
HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean - Class in org.springframework.security.config.http
HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory - Class in org.springframework.security.config.http
HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor - Class in org.springframework.security.config.http
HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> - Interface in org.springframework.security.config.annotation.web
HttpsRedirectConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Specifies for what requests the application should redirect to HTTPS.
HttpsRedirectConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.HttpsRedirectConfigurer
HttpsRedirectSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
httpsRedirectWhen(Function<ServerWebExchange, Boolean>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec: Configures when this filter should redirect to https By default, the filter will redirect whenever an exchange's scheme is not https
httpsRedirectWhen(ServerWebExchangeMatcher...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec: Configures when this filter should redirect to https By default, the filter will redirect whenever an exchange's scheme is not https
httpStrictTransportSecurity(Customizer<HeadersConfigurer.HstsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows customizing the HstsHeaderWriter which provides support for HTTP Strict Transport Security (HSTS).

I

identity() - Static method in interface org.springframework.security.config.ObjectPostProcessor
IF_REQUIRED - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy: Spring Security will only create an HttpSession if required
ignoring() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Allows adding RequestMatcher instances that Spring Security should ignore.
ignoringRequestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Allows specifying HttpServletRequest that should not use CSRF Protection even if they match the CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).
ignoringRequestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Allows specifying HttpServletRequests that should not use CSRF Protection even if they match the CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).
includeSubdomains(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec: Configures if subdomains should be included.
includeSubDomains(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

If true, the pinning policy applies to this pinned host as well as any subdomains of the host's domain name.
includeSubDomains(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig: If true, subdomains should be considered HSTS Hosts too.
INET_ORG_PERSON_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
init() - Method in class org.springframework.security.config.SecurityNamespaceHandler
init(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer: Initialize the SecurityBuilder.
init(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Initialize the SecurityBuilder.
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Populates a PreAuthenticatedAuthenticationProvider into HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider) and a Http403ForbiddenEntryPoint into HttpSecurityBuilder.setSharedObject(Class, Object)
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
init(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
init(HttpSecurity) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer
init(HttpSecurity) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceAuthorizationEndpointConfigurer
init(HttpSecurity) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceVerificationEndpointConfigurer
initializeAuthenticationProviderBeanManagerConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
initializeUserDetailsBeanManagerConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer: Populates the users that have been added.
initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer: Allows subclasses to initialize the UserDetailsService.
inMemoryAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Add in memory authentication to the AuthenticationManagerBuilder and return a InMemoryUserDetailsManagerConfigurer to allow customization of the in memory authentication.
InMemoryUserDetailsManagerConfigurer> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning: Configures an AuthenticationManagerBuilder to have in memory authentication.
InMemoryUserDetailsManagerConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer: Creates a new instance
INTERCEPT_MESSAGE - Static variable in class org.springframework.security.config.Elements
INTERCEPT_METHODS - Static variable in class org.springframework.security.config.Elements
INTERCEPT_URL - Static variable in class org.springframework.security.config.Elements
InterceptMethodsBeanDefinitionDecorator - Class in org.springframework.security.config.method
InterceptMethodsBeanDefinitionDecorator() - Constructor for class org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator
introspectionClientCredentials(String, String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
introspectionClientCredentials(String, String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec: Configures the credentials for Introspection endpoint
introspectionRequestConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenIntrospectionEndpointConfigurer: Adds an AuthenticationConverter used when attempting to extract an Introspection Request from HttpServletRequest to an instance of OAuth2TokenIntrospectionAuthenticationToken used for authenticating the request.
introspectionRequestConverters(Consumer<List<AuthenticationConverter>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenIntrospectionEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationConverter's allowing the ability to add, remove, or customize a specific AuthenticationConverter.
introspectionResponseHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenIntrospectionEndpointConfigurer: Sets the AuthenticationSuccessHandler used for handling an OAuth2TokenIntrospectionAuthenticationToken.
introspectionUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
introspectionUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec: Configures the URI of the Introspection endpoint
introspector(OpaqueTokenIntrospector) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
introspector(ReactiveOpaqueTokenIntrospector) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
invalidateHttpSession(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Configures SecurityContextLogoutHandler to invalidate the HttpSession at the time of logout.
invalidSessionStrategy(InvalidSessionStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Setting this attribute will inject the provided invalidSessionStrategy into the SessionManagementFilter.
invalidSessionUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Setting this attribute will inject the SessionManagementFilter with a SimpleRedirectInvalidSessionStrategy configured with the attribute value.
INVOCATION_ATTRIBUTE_FACTORY - Static variable in class org.springframework.security.config.Elements
INVOCATION_HANDLING - Static variable in class org.springframework.security.config.Elements
isConfigured() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Determines if the AuthenticationManagerBuilder is configured to build a non null AuthenticationManager.
isCustomLoginPage() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
isSingleton() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

J

j2eePreAuthenticatedProcessingFilter(J2eePreAuthenticatedProcessingFilter) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Allows specifying the J2eePreAuthenticatedProcessingFilter to use.
JDBC_USER_SERVICE - Static variable in class org.springframework.security.config.Elements
jdbcAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Add JDBC authentication to the AuthenticationManagerBuilder and return a JdbcUserDetailsManagerConfigurer to allow customization of the JDBC authentication.
JdbcUserDetailsManagerConfigurer> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning: Configures an AuthenticationManagerBuilder to have JDBC authentication.
JdbcUserDetailsManagerConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
JdbcUserDetailsManagerConfigurer(JdbcUserDetailsManager) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
JdbcUserServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
JdbcUserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser
jee(Customizer<JeeConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures container based pre authentication.
JEE - Static variable in class org.springframework.security.config.Elements
JeeConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds support for J2EE pre authentication.
JeeConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Creates a new instance
Jsr250AuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
jsr250Enabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity: Deprecated.

Determines if JSR-250 annotations should be enabled.
jsr250Enabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity: Determines if JSR-250 annotations should be enabled.
jwkSetUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
jwkSetUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec: Configures a ReactiveJwtDecoder using JSON Web Key (JWK) URL
jwt(Customizer<RSocketSecurity.JwtSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
jwt(Customizer<OAuth2ResourceServerConfigurer.JwtConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer: Enables Jwt-encoded bearer token support.
jwt(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Enables JWT Resource Server support.
JWT - Static variable in class org.springframework.security.config.Elements
JWT_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder: Deprecated.
please see PayloadInterceptorOrder.AUTHENTICATION
jwtAuthenticationConverter(Converter<Jwt, ? extends AbstractAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
jwtAuthenticationConverter(Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec: Configures the Converter to use for converting a Jwt into an AbstractAuthenticationToken.
jwtDecoder(JWKSource<SecurityContext>) - Static method in class org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration
jwtDecoder(ReactiveJwtDecoder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec: Configures the ReactiveJwtDecoder to use
JwtSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

K

key(String) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Sets the key to identify tokens created for anonymous authentication.
key(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Sets the key to identify tokens created for remember me authentication.
key(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec: Sets the key to identify tokens created for anonymous authentication.

L

LAST - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
LDAP_AUTHORITIES_POPULATOR_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
LDAP_PASSWORD_COMPARE - Static variable in class org.springframework.security.config.Elements
LDAP_PROVIDER - Static variable in class org.springframework.security.config.Elements
LDAP_SEARCH_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
LDAP_SERVER - Static variable in class org.springframework.security.config.Elements
LDAP_USER_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
LDAP_USER_SERVICE - Static variable in class org.springframework.security.config.Elements
ldapAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Add LDAP authentication to the AuthenticationManagerBuilder and return a LdapAuthenticationProviderConfigurer to allow customization of the LDAP authentication.
LdapAuthenticationProviderConfigurer> - Class in org.springframework.security.config.annotation.authentication.configurers.ldap: Configures LDAP AuthenticationProvider in the ProviderManagerBuilder.
LdapAuthenticationProviderConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
LdapAuthenticationProviderConfigurer.ContextSourceBuilder - Class in org.springframework.security.config.annotation.authentication.configurers.ldap: Allows building a BaseLdapPathContextSource and optionally creating an embedded LDAP instance.
LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer - Class in org.springframework.security.config.annotation.authentication.configurers.ldap: Sets up Password based comparison
ldapAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Specifies the LdapAuthoritiesPopulator.
LdapBindAuthenticationManagerFactory - Class in org.springframework.security.config.ldap: Creates an AuthenticationManager that can perform LDAP authentication using bind authentication.
LdapBindAuthenticationManagerFactory(BaseLdapPathContextSource) - Constructor for class org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory
LdapPasswordComparisonAuthenticationManagerFactory - Class in org.springframework.security.config.ldap: Creates an AuthenticationManager that can perform LDAP authentication using password comparison.
LdapPasswordComparisonAuthenticationManagerFactory(BaseLdapPathContextSource, PasswordEncoder) - Constructor for class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory
LdapProviderBeanDefinitionParser - Class in org.springframework.security.config.ldap: Ldap authentication provider namespace configuration.
LdapProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser
LdapServerBeanDefinitionParser - Class in org.springframework.security.config.ldap
LdapServerBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
LdapUserServiceBeanDefinitionParser - Class in org.springframework.security.config.ldap
LdapUserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
ldif(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: Specifies an ldif to load at startup for an embedded LDAP server.
logger - Variable in class org.springframework.security.config.http.FormLoginBeanDefinitionParser
LOGIN_PAGE_GENERATING - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies the URL to send users to if login is required.
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer: Specifies the URL to send users to if login is required.
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer: Specifies the URL to send users to if login is required.
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
loginPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: Configures the log in page to redirect to, the authentication failure page, and when authentication is performed.
loginPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Specifies the URL to send users to if login is required.
loginPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: Specifies the URL to send users to if login is required.
loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies the URL to validate the credentials.
loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer: Specifies the URL to process the login request, defaults to /login/ott.
loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Specifies the URL to validate the credentials.
loginProcessingUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: Specifies the URL to process the login request, defaults to /login/ott.
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler
logout(Customizer<LogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Provides logout support.
logout(Customizer<ServerHttpSecurity.LogoutSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures log out.
logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler
LOGOUT - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
LOGOUT - Static variable in class org.springframework.security.config.Elements
LOGOUT_PAGE_GENERATING - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
LogoutConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds logout support.
LogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Creates a new instance
logoutEndpoint(Customizer<OidcLogoutEndpointConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcConfigurer: Configures the OpenID Connect 1.0 RP-Initiated Logout Endpoint.
logoutHandler(Consumer<List<ServerLogoutHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec: Allows managing the list of ServerLogoutHandler instances.
logoutHandler(LogoutHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.BackChannelLogoutConfigurer: Configure what and how per-session logout will be performed.
logoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec: Configures the logout handler.
logoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer: Configure what and how per-session logout will be performed.
logoutRequest(Customizer<Saml2LogoutConfigurer.LogoutRequestConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: Configures SAML 2.0 Logout Request components
logoutRequestConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcLogoutEndpointConfigurer: Adds an AuthenticationConverter used when attempting to extract a Logout Request from HttpServletRequest to an instance of OidcLogoutAuthenticationToken used for authenticating the request.
logoutRequestConverters(Consumer<List<AuthenticationConverter>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcLogoutEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationConverter's allowing the ability to add, remove, or customize a specific AuthenticationConverter.
logoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: The RequestMatcher that triggers log out to occur.
logoutRequestRepository(Saml2LogoutRequestRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer: Use this Saml2LogoutRequestRepository for storing logout requests
logoutRequestResolver(Saml2LogoutRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer: Use this Saml2LogoutRequestResolver for producing a logout request to send to the asserting party
logoutRequestValidator(Saml2LogoutRequestValidator) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer: Use this LogoutHandler for processing a logout request from the asserting party
logoutResponse(Customizer<Saml2LogoutConfigurer.LogoutResponseConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: Configures SAML 2.0 Logout Response components
logoutResponseHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcLogoutEndpointConfigurer: Sets the AuthenticationSuccessHandler used for handling an OidcLogoutAuthenticationToken and performing the logout.
logoutResponseResolver(Saml2LogoutResponseResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer: Use this Saml2LogoutRequestResolver for producing a logout response to send to the asserting party
logoutResponseValidator(Saml2LogoutResponseValidator) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer: Use this LogoutHandler for processing a logout response from the asserting party
logoutSuccessHandler(LogoutSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Sets the LogoutSuccessHandler to use.
logoutSuccessHandler(ServerLogoutSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
logoutSuccessUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: The URL to redirect to after logout has occurred.
logoutUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.BackChannelLogoutConfigurer: Use this endpoint when invoking a back-channel logout.
logoutUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer: Use this endpoint when invoking a back-channel logout.
logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: The URL that triggers log out to occur (default is "/logout").
logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer: The URL by which the asserting party can send a SAML 2.0 Logout Request
logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer: The URL by which the asserting party can send a SAML 2.0 Logout Response
logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: The URL by which the relying or asserting party can trigger logout.
logoutUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec: Configures what URL a POST to will trigger a log out.

M

managerDn(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: Username (DN) of the "manager" user identity (i.e.
managerPassword(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: The password for the manager DN.
mappableAuthorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Specifies roles to use map from the HttpServletRequest to the UserDetails.
mappableAuthorities(Set<String>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Specifies roles to use map from the HttpServletRequest to the UserDetails.
mappableRoles(String...) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Specifies roles to use map from the HttpServletRequest to the UserDetails and automatically prefixes it with "ROLE_".
mapsTo(int) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer.HttpPortMapping: Maps the given HTTP port to the provided HTTPS port and vice versa.
matcher(PayloadExchangeMatcher) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
matchers - Variable in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
matchers(ServerWebExchangeMatcher...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry: Associates a list of ServerWebExchangeMatcher instances
MatcherType - Enum Class in org.springframework.security.config.http: Defines the RequestMatcher types supported by the namespace.
maxAge(Duration) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec: Configures the max age.
maxAgeInSeconds(long) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header.
maxAgeInSeconds(long) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig: Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.
maximumSessions(int) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer: Controls the maximum number of sessions for a user.
maximumSessions(int) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Controls the maximum number of sessions for a user.
maximumSessions(SessionLimit) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer: Determines the behaviour when a session limit is detected.
maximumSessions(SessionLimit) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec: Sets the maximum number of sessions allowed for any user.
maximumSessionsExceededHandler(ServerMaximumSessionsExceededHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec: Sets the ServerMaximumSessionsExceededHandler to use when the maximum number of sessions is exceeded.
maxSessionsPreventsLogin(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer: If true, prevents a user from authenticating when the SessionManagementConfigurer.ConcurrencyControlConfigurer.maximumSessions(int) has been reached.
messageConverter(HttpMessageConverter<Object>) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer: Sets HttpMessageConverter used for WebAuthn to read/write to the HTTP request/response.
MessageMatcherFactoryBean - Class in org.springframework.security.config.http: Deprecated.
MessageMatcherFactoryBean(String) - Constructor for class org.springframework.security.config.http.MessageMatcherFactoryBean: Deprecated.
MessageMatcherFactoryBean(String, SimpMessageType) - Constructor for class org.springframework.security.config.http.MessageMatcherFactoryBean: Deprecated.
metadataResponseResolver(Saml2MetadataResponseResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer: Use this Saml2MetadataResponseResolver to parse the request and respond with SAML 2.0 metadata.
metadataUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer: Use this endpoint to request relying party metadata.
METHOD_ACCESS_MANAGER - Static variable in class org.springframework.security.config.BeanIds
METHOD_SECURITY - Static variable in class org.springframework.security.config.Elements
METHOD_SECURITY_METADATA_SOURCE - Static variable in class org.springframework.security.config.Elements
METHOD_SECURITY_METADATA_SOURCE_ADVISOR - Static variable in class org.springframework.security.config.BeanIds
MethodSecurityBeanDefinitionParser - Class in org.springframework.security.config.method: Processes the top-level "method-security" element.
MethodSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser
MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor - Class in org.springframework.security.config.method
MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean - Class in org.springframework.security.config.method
MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor - Class in org.springframework.security.config.method
MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor - Class in org.springframework.security.config.method
MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor - Class in org.springframework.security.config.method
MethodSecurityExpressionHandlerBean() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
methodSecurityInterceptor(MethodSecurityMetadataSource) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Creates the default MethodInterceptor which is a MethodSecurityInterceptor using the following methods to construct it.
methodSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Provides the default MethodSecurityMetadataSource that will be used.
MethodSecurityMetadataSourceBeanDefinitionParser - Class in org.springframework.security.config.method: Deprecated.
Use <intercept-methods>, <method-security>, or @EnableMethodSecurity
MethodSecurityMetadataSourceBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser: Deprecated.
migrateSession() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer: Specifies that a new session should be created and the session attributes from the original HttpSession should be retained.
MISSING_BEAN_ERROR_MESSAGE - Static variable in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
mode() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity: Deprecated.

Indicate how security advice should be applied.
mode() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity: Indicate how security advice should be applied.
mode() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity: Indicate how security advice should be applied.
mode(XFrameOptionsServerHttpHeadersWriter.Mode) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FrameOptionsSpec: The mode to configure.

N

NEVER - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy: Spring Security will never create an HttpSession, but will use the HttpSession if it already exists
newSession() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer: Specifies that a new session should be created, but the session attributes from the original HttpSession should not be retained.
none() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer: Specifies that no session fixation protection should be enabled.
noObservations() - Static method in class org.springframework.security.config.observation.SecurityObservationSettings: Make no Spring Security observations
not() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Negates the following authorization rule.
NullAuthenticationProvider() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider

O

OAUTH2_AUTHORIZATION_CODE - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
OAUTH2_CLIENT - Static variable in class org.springframework.security.config.Elements
OAUTH2_LOGIN - Static variable in class org.springframework.security.config.Elements
OAUTH2_RESOURCE_SERVER - Static variable in class org.springframework.security.config.Elements
OAuth2AuthorizationEndpointConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for the OAuth 2.0 Authorization Endpoint.
oauth2AuthorizationServer(Customizer<OAuth2AuthorizationServerConfigurer>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures OAuth 2.1 Authorization Server support.
OAuth2AuthorizationServerConfiguration - Class in org.springframework.security.config.annotation.web.configuration: Configuration for OAuth 2.1 Authorization Server support.
OAuth2AuthorizationServerConfiguration() - Constructor for class org.springframework.security.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration
OAuth2AuthorizationServerConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: An AbstractHttpConfigurer for OAuth 2.1 Authorization Server support.
OAuth2AuthorizationServerConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer
OAuth2AuthorizationServerMetadataEndpointConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for the OAuth 2.0 Authorization Server Metadata Endpoint.
oauth2Client(Customizer<OAuth2ClientConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures OAuth 2.0 Client support.
oauth2Client(Customizer<ServerHttpSecurity.OAuth2ClientSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures the OAuth2 client.
OAuth2ClientAuthenticationConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for OAuth 2.0 Client Authentication.
OAuth2ClientConfigurer> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: An AbstractHttpConfigurer for OAuth 2.0 Client support.
OAuth2ClientConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: Configuration options for the OAuth 2.0 Authorization Code Grant.
OAuth2ClientRegistrationEndpointConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for OAuth 2.0 Dynamic Client Registration Endpoint.
OAuth2DeviceAuthorizationEndpointConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for the OAuth 2.0 Device Authorization Endpoint.
OAuth2DeviceVerificationEndpointConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for the OAuth 2.0 Device Verification Endpoint.
oauth2Login(Customizer<OAuth2LoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
oauth2Login(Customizer<ServerHttpSecurity.OAuth2LoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
OAuth2LoginConfigurer> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: An AbstractHttpConfigurer for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
OAuth2LoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
OAuth2LoginConfigurer.AuthorizationEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: Configuration options for the Authorization Server's Authorization Endpoint.
OAuth2LoginConfigurer.RedirectionEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: Configuration options for the Client's Redirection Endpoint.
OAuth2LoginConfigurer.TokenEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: Configuration options for the Authorization Server's Token Endpoint.
OAuth2LoginConfigurer.UserInfoEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: Configuration options for the Authorization Server's UserInfo Endpoint.
OAuth2PushedAuthorizationRequestEndpointConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for the OAuth 2.0 Pushed Authorization Request Endpoint.
oauth2ResourceServer(Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures OAuth 2.0 Resource Server support.
oauth2ResourceServer(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures OAuth 2.0 Resource Server support.
OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource: An AbstractHttpConfigurer for OAuth 2.0 Resource Server Support.
OAuth2ResourceServerConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
OAuth2ResourceServerConfigurer.JwtConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
OAuth2ResourceServerConfigurer.ProtectedResourceMetadataConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
OAuth2ResourceServerSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
OAuth2TokenEndpointConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for the OAuth 2.0 Token Endpoint.
OAuth2TokenIntrospectionEndpointConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for the OAuth 2.0 Token Introspection Endpoint.
OAuth2TokenRevocationEndpointConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for the OAuth 2.0 Token Revocation Endpoint.
objectPostProcessor(AutowireCapableBeanFactory) - Method in class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration
objectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Specifies the ObjectPostProcessor to use.
ObjectPostProcessor<T> - Interface in org.springframework.security.config: Allows initialization of Objects.
ObjectPostProcessorConfiguration - Class in org.springframework.security.config.annotation.configuration: Spring Configuration that exports the default ObjectPostProcessor.
ObjectPostProcessorConfiguration() - Constructor for class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration
offset() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity: Indicate additional offset in the ordering of the execution of the security interceptors when multiple advices are applied at a specific joinpoint.
oidc(Customizer<OidcConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Configures OpenID Connect 1.0 support (disabled by default).
OidcBackChannelLogoutHandler - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: A LogoutHandler that locates the sessions associated with a given OIDC Back-Channel Logout Token and invalidates each one.
OidcBackChannelLogoutHandler(OidcSessionRegistry) - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler
OidcBackChannelServerLogoutHandler - Class in org.springframework.security.config.web.server: A ServerLogoutHandler that locates the sessions associated with a given OIDC Back-Channel Logout Token and invalidates each one.
OidcBackChannelServerLogoutHandler(ReactiveOidcSessionRegistry) - Constructor for class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler
OidcClientRegistrationEndpointConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for OpenID Connect 1.0 Dynamic Client Registration Endpoint.
OidcConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for OpenID Connect 1.0 support.
oidcLogout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
oidcLogout(Customizer<OidcLogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
oidcLogout(Customizer<ServerHttpSecurity.OidcLogoutSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures OIDC Connect 1.0 Logout support.
OidcLogoutConfigurer> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: An AbstractHttpConfigurer for OIDC Logout flows
OidcLogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
OidcLogoutConfigurer.BackChannelLogoutConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: A configurer for configuring OIDC Back-Channel Logout
OidcLogoutEndpointConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for OpenID Connect 1.0 RP-Initiated Logout Endpoint.
OidcLogoutSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec
OidcProviderConfigurationEndpointConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for the OpenID Connect 1.0 Provider Configuration Endpoint.
oidcSessionRegistry(ReactiveOidcSessionRegistry) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Configures the ReactiveOidcSessionRegistry to use when logins use OIDC.
oidcSessionRegistry(ReactiveOidcSessionRegistry) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec: Configures the ReactiveOidcSessionRegistry.
oidcSessionRegistry(OidcSessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Sets the registry for managing the OIDC client-provider session link
oidcSessionRegistry(OidcSessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer: Sets the registry for managing the OIDC client-provider session link
OidcUserInfoEndpointConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization: Configurer for OpenID Connect 1.0 UserInfo Endpoint.
oidcUserService(OAuth2UserService<OidcUserRequest, OidcUser>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig: Sets the OpenID Connect 1.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.
OKTA - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
ONE_TIME_TOKEN - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder: GenerateOneTimeTokenWebFilter
ONE_TIME_TOKEN_SUBMIT_PAGE_GENERATING - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder: OneTimeTokenSubmitPageGeneratingWebFilter
oneTimeTokenLogin(Customizer<OneTimeTokenLoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures One-Time Token Login Support.
oneTimeTokenLogin(Customizer<ServerHttpSecurity.OneTimeTokenLoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures One-Time Token Login Support.
OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.ott: An AbstractHttpConfigurer for One-Time Token Login.
OneTimeTokenLoginConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
OneTimeTokenLoginSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
OPAQUE_TOKEN - Static variable in class org.springframework.security.config.Elements
opaqueToken(Customizer<OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer: Enables opaque bearer token support.
opaqueToken(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Enables Opaque Token Resource Server support.
openRegistrationAllowed(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2ClientRegistrationEndpointConfigurer: Set to true if open client registration (with no initial access token) is allowed.
order() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity: Deprecated.

Indicate the ordering of the execution of the security advisor when multiple advices are applied at a specific joinpoint.
order() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity: Indicate the ordering of the execution of the security advisor when multiple advices are applied at a specific joinpoint.
org.springframework.security.config - package org.springframework.security.config: Support classes for the Spring Security namespace.
org.springframework.security.config.annotation - package org.springframework.security.config.annotation
org.springframework.security.config.annotation.authentication - package org.springframework.security.config.annotation.authentication
org.springframework.security.config.annotation.authentication.builders - package org.springframework.security.config.annotation.authentication.builders
org.springframework.security.config.annotation.authentication.configuration - package org.springframework.security.config.annotation.authentication.configuration
org.springframework.security.config.annotation.authentication.configurers.ldap - package org.springframework.security.config.annotation.authentication.configurers.ldap
org.springframework.security.config.annotation.authentication.configurers.provisioning - package org.springframework.security.config.annotation.authentication.configurers.provisioning
org.springframework.security.config.annotation.authentication.configurers.userdetails - package org.springframework.security.config.annotation.authentication.configurers.userdetails
org.springframework.security.config.annotation.authorization - package org.springframework.security.config.annotation.authorization
org.springframework.security.config.annotation.configuration - package org.springframework.security.config.annotation.configuration
org.springframework.security.config.annotation.method.configuration - package org.springframework.security.config.annotation.method.configuration
org.springframework.security.config.annotation.rsocket - package org.springframework.security.config.annotation.rsocket
org.springframework.security.config.annotation.web - package org.springframework.security.config.annotation.web
org.springframework.security.config.annotation.web.builders - package org.springframework.security.config.annotation.web.builders
org.springframework.security.config.annotation.web.configuration - package org.springframework.security.config.annotation.web.configuration
org.springframework.security.config.annotation.web.configurers - package org.springframework.security.config.annotation.web.configurers
org.springframework.security.config.annotation.web.configurers.oauth2.client - package org.springframework.security.config.annotation.web.configurers.oauth2.client
org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization - package org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization
org.springframework.security.config.annotation.web.configurers.oauth2.server.resource - package org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
org.springframework.security.config.annotation.web.configurers.ott - package org.springframework.security.config.annotation.web.configurers.ott
org.springframework.security.config.annotation.web.configurers.saml2 - package org.springframework.security.config.annotation.web.configurers.saml2
org.springframework.security.config.annotation.web.reactive - package org.springframework.security.config.annotation.web.reactive
org.springframework.security.config.annotation.web.servlet.configuration - package org.springframework.security.config.annotation.web.servlet.configuration
org.springframework.security.config.annotation.web.socket - package org.springframework.security.config.annotation.web.socket
org.springframework.security.config.authentication - package org.springframework.security.config.authentication: Parsing of <authentication-manager> and related elements.
org.springframework.security.config.core - package org.springframework.security.config.core
org.springframework.security.config.core.userdetails - package org.springframework.security.config.core.userdetails
org.springframework.security.config.crypto - package org.springframework.security.config.crypto
org.springframework.security.config.debug - package org.springframework.security.config.debug
org.springframework.security.config.http - package org.springframework.security.config.http: Parsing of the <http> namespace element.
org.springframework.security.config.ldap - package org.springframework.security.config.ldap: Security namespace support for LDAP authentication.
org.springframework.security.config.method - package org.springframework.security.config.method: Support for parsing of the <global-method-security> and <intercept-methods> elements.
org.springframework.security.config.oauth2.client - package org.springframework.security.config.oauth2.client
org.springframework.security.config.observation - package org.springframework.security.config.observation
org.springframework.security.config.provisioning - package org.springframework.security.config.provisioning
org.springframework.security.config.saml2 - package org.springframework.security.config.saml2
org.springframework.security.config.web - package org.springframework.security.config.web
org.springframework.security.config.web.messaging - package org.springframework.security.config.web.messaging
org.springframework.security.config.web.server - package org.springframework.security.config.web.server
org.springframework.security.config.websocket - package org.springframework.security.config.websocket

P

parentAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Allows providing a parent AuthenticationManager that will be tried if this AuthenticationManager was unable to attempt to authenticate the provided Authentication.
parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.DebugBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.CorsBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.CsrfBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FilterChainBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser: Deprecated.
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FormLoginBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HeadersBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HttpFirewallBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser: The aim of this method is to build the list of filters which have been defined by the namespace elements and attributes within the <http> configuration, along with any custom-filter's linked to user-defined filter beans.
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.WellKnownChangePasswordBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser: Deprecated.
parse(Element, ParserContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.saml2.RelyingPartyRegistrationsBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.SecurityNamespaceHandler
parse(Element, ParserContext) - Method in class org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser
parseInternal(Element, ParserContext) - Method in class org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser: Deprecated.
password(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Populates the password.
PASSWORD_ENCODER - Static variable in class org.springframework.security.config.Elements
PASSWORD_MANAGEMENT - Static variable in class org.springframework.security.config.Elements
passwordAttribute(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer: The attribute in the directory which contains the user password.
passwordCompare() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer: Allows specifying the PasswordEncoder to use.
passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Specifies the PasswordEncoder to be used when authenticating with password comparison.
passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer: Allows specifying the PasswordEncoder to use with the DaoAuthenticationProvider.
PasswordEncoderParser - Class in org.springframework.security.config.authentication: Stateful parser for the <password-encoder> element.
PasswordEncoderParser(Element, ParserContext) - Constructor for class org.springframework.security.config.authentication.PasswordEncoderParser
passwordManagement(Customizer<PasswordManagementConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Adds support for the password management.
passwordManagement(Customizer<ServerHttpSecurity.PasswordManagementSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures password management.
PasswordManagementConfigurer> - Class in org.springframework.security.config.annotation.web.configurers: Adds password management support.
PasswordManagementConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer
passwordParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer: The HTTP parameter to look for the password when performing authentication.
path - Enum constant in enum class org.springframework.security.config.http.MatcherType
pathMatchers(String...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry: Maps a List of PathPatternParserServerWebExchangeMatcher instances that do not care which HttpMethod is used.
pathMatchers(HttpMethod) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry: Maps a List of PathPatternParserServerWebExchangeMatcher instances.
pathMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry: Maps a List of PathPatternParserServerWebExchangeMatcher instances.
PathPatternMessageMatcherBuilderFactoryBean - Class in org.springframework.security.config.web.messaging: Use this factory bean to configure the PathPatternMessageMatcher.Builder bean used to create request matchers in MessageMatcherDelegatingAuthorizationManager and other parts of the DSL.
PathPatternMessageMatcherBuilderFactoryBean() - Constructor for class org.springframework.security.config.web.messaging.PathPatternMessageMatcherBuilderFactoryBean: Create PathPatternMessageMatchers using PathPatternParser.defaultInstance
PathPatternMessageMatcherBuilderFactoryBean(PathPatternParser) - Constructor for class org.springframework.security.config.web.messaging.PathPatternMessageMatcherBuilderFactoryBean: Create PathPatternMessageMatchers using the given PathPatternParser
PathPatternRequestMatcherBuilderFactoryBean - Class in org.springframework.security.config.web: Use this factory bean to configure the PathPatternRequestMatcher.Builder bean used to create request matchers in AuthorizeHttpRequestsConfigurer and other parts of the DSL.
PathPatternRequestMatcherBuilderFactoryBean() - Constructor for class org.springframework.security.config.web.PathPatternRequestMatcherBuilderFactoryBean: Construct this factory bean using the default PathPatternParser
PathPatternRequestMatcherBuilderFactoryBean(PathPatternParser) - Constructor for class org.springframework.security.config.web.PathPatternRequestMatcherBuilderFactoryBean: Construct this factory bean using this PathPatternParser.
PathPatternRequestMatcherFactoryBean - Class in org.springframework.security.config.http
PayloadInterceptorOrder - Enum Class in org.springframework.security.config.annotation.rsocket: The standard order for PayloadInterceptor to be sorted.
performBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Subclasses must implement this method to build the object that is being returned.
performBuild() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
performBuild() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
performBuild() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
permissionsPolicy(Customizer<HeadersConfigurer.PermissionsPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.permissionsPolicyHeader(Customizer) instead
permissionsPolicy(Customizer<ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures Permissions-Policy response header.
permissionsPolicyHeader(Customizer<HeadersConfigurer.PermissionsPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Permissions Policy.
permitAll() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Equivalent of invoking permitAll(true)
permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specify that URLs are allowed by anyone.
permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: A shortcut for LogoutConfigurer.permitAll(boolean) with true as an argument.
permitAll() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Allow access for anyone
permitAll(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Ensures the urls for AbstractAuthenticationFilterConfigurer.failureUrl(String) as well as for the HttpSecurityBuilder, the AbstractAuthenticationFilterConfigurer.getLoginPage() and AbstractAuthenticationFilterConfigurer.getLoginProcessingUrl() are granted access to any user.
permitAll(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Grants access to the LogoutConfigurer.logoutSuccessUrl(String) and the LogoutConfigurer.logoutUrl(String) for every user.
PERSON_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
policy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig: Sets the policy to be used in the response header.
policy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec: Sets the policy to be used in the response header.
policy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig: Sets the policy to be used in the Cross-Origin-Embedder-Policy header
policy(CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig: Sets the policy to be used in the Cross-Origin-Opener-Policy header
policy(CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig: Sets the policy to be used in the Cross-Origin-Resource-Policy header
policy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig: Sets the policy to be used in the response header.
policy(CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec: Sets the value to be used in the `Cross-Origin-Embedder-Policy` header
policy(CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec: Sets the value to be used in the `Cross-Origin-Opener-Policy` header
policy(CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec: Sets the value to be used in the `Cross-Origin-Resource-Policy` header
policy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec: Sets the policy to be used in the response header.
policyDirectives(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig: Sets the security policy directive(s) to be used in the response header.
policyDirectives(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec: Sets the security policy directive(s) to be used in the response header.
port(int) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: The port to connect to LDAP to (the default is 33389 or random available port if unavailable).
PORT_MAPPING - Static variable in class org.springframework.security.config.Elements
PORT_MAPPINGS - Static variable in class org.springframework.security.config.Elements
portMapper(Customizer<PortMapperConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring a PortMapper that is available from AbstractConfiguredSecurityBuilder.getSharedObject(Class).
portMapper(PortMapper) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer: Allows specifying the PortMapper instance.
portMapper(PortMapper) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec: Configures a custom HTTPS port to redirect to
PortMapperConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Allows configuring a shared PortMapper instance used to determine the ports when redirecting between HTTP and HTTPS.
PortMapperConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer: Creates a new instance
PortMapperConfigurer.HttpPortMapping - Class in org.springframework.security.config.annotation.web.configurers: Allows specifying the HTTPS port for a given HTTP port when redirecting between HTTP and HTTPS.
POST_INVOCATION_ADVICE - Static variable in class org.springframework.security.config.Elements
PostAuthorizeAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
postBuildAction(Runnable) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Executes the Runnable immediately after the build takes place
postProcess(O) - Method in interface org.springframework.security.config.ObjectPostProcessor: Initialize the object possibly returning a modified instance that should be used instead.
postProcess(P) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Performs post processing of an object.
postProcess(T) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter: Performs post processing of an object.
postProcess(T) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceVerificationEndpointConfigurer
postProcessBeanDefinitionRegistry(BeanDefinitionRegistry) - Method in class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor
postProcessBeanDefinitionRegistry(BeanDefinitionRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor
postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor
postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor
postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor
postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor
PRE_INVOCATION_ADVICE - Static variable in class org.springframework.security.config.Elements
PreAuthorizeAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
preInvocationAuthorizationAdvice() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Creates the PreInvocationAuthorizationAdvice to be used.
preload(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig: If true, preload will be included in HSTS Header.
preload(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec: Configures if preload should be included.
prePostEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity: Deprecated.

Determines if Spring Security's pre post annotations should be enabled.
prePostEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity: Determines if Spring Security's PreAuthorize, PostAuthorize, PreFilter, and PostFilter annotations should be enabled.
principal(Object) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Sets the principal for Authentication objects of anonymous users
principal(Object) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec: Sets the principal for Authentication objects of anonymous users
principalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
privilegeEvaluator() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Creates the WebInvocationPrivilegeEvaluator that is necessary to evaluate privileges for a given web URI
privilegeEvaluator(WebInvocationPrivilegeEvaluator) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Set the WebInvocationPrivilegeEvaluator to be used.
PROTECT - Static variable in class org.springframework.security.config.Elements
PROTECT_POINTCUT - Static variable in class org.springframework.security.config.Elements
protectedResourceMetadata(Customizer<OAuth2ResourceServerConfigurer.ProtectedResourceMetadataConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer: Configure OAuth 2.0 Protected Resource Metadata.
protectedResourceMetadataCustomizer(Consumer<OAuth2ProtectedResourceMetadata.Builder>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.ProtectedResourceMetadataConfigurer: Sets the Consumer providing access to the OAuth2ProtectedResourceMetadata.Builder allowing the ability to customize the claims of the Resource Server's configuration.
providerConfigurationCustomizer(Consumer<OidcProviderConfiguration.Builder>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcProviderConfigurationEndpointConfigurer: Sets the Consumer providing access to the OidcProviderConfiguration.Builder allowing the ability to customize the claims of the OpenID Provider's configuration.
providerConfigurationEndpoint(Customizer<OidcProviderConfigurationEndpointConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcConfigurer: Configures the OpenID Connect 1.0 Provider Configuration Endpoint.
ProviderManagerBuilder> - Interface in org.springframework.security.config.annotation.authentication: Interface for operating on a SecurityBuilder that creates a ProviderManager
proxyTargetClass() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity: Deprecated.

Indicate whether subclass-based (CGLIB) proxies are to be created (true) as opposed to standard Java interface-based proxies (false).
proxyTargetClass() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity: Indicate whether subclass-based (CGLIB) proxies are to be created as opposed to standard Java interface-based proxies.
proxyTargetClass() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity: Indicate whether subclass-based (CGLIB) proxies are to be created as opposed to standard Java interface-based proxies.
publicKey(RSAPublicKey) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec: Configures a ReactiveJwtDecoder that leverages the provided RSAPublicKey
pushedAuthorizationRequestConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2PushedAuthorizationRequestEndpointConfigurer: Adds an AuthenticationConverter used when attempting to extract a Pushed Authorization Request from HttpServletRequest to an instance of OAuth2PushedAuthorizationRequestAuthenticationToken used for authenticating the request.
pushedAuthorizationRequestConverters(Consumer<List<AuthenticationConverter>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2PushedAuthorizationRequestEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationConverter's allowing the ability to add, remove, or customize a specific AuthenticationConverter.
pushedAuthorizationRequestEndpoint(Customizer<OAuth2PushedAuthorizationRequestEndpointConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Configures the OAuth 2.0 Pushed Authorization Request Endpoint.
pushedAuthorizationResponseHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2PushedAuthorizationRequestEndpointConfigurer: Sets the AuthenticationSuccessHandler used for handling an OAuth2PushedAuthorizationRequestAuthenticationToken and returning the Pushed Authorization Response.

R

ReactiveUserDetailsServiceResourceFactoryBean - Class in org.springframework.security.config.core.userdetails: Constructs an MapReactiveUserDetailsService from a resource using UserDetailsResourceFactoryBean.
ReactiveUserDetailsServiceResourceFactoryBean() - Constructor for class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
REACTOR_CONTEXT - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder: ReactorContextWebFilter
realmName(String) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer: Allows easily changing the realm, but leaving the remaining defaults in place.
redirectionEndpoint(Customizer<OAuth2LoginConfigurer.RedirectionEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Configures the Client's Redirection Endpoint.
redirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry: Deprecated.

Sets the RedirectStrategy instances to use in RetryWithHttpEntryPoint and RetryWithHttpsEntryPoint
redirectToHttps(Customizer<HttpsRedirectConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures channel security.
redirectToHttps(Customizer<ServerHttpSecurity.HttpsRedirectSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures HTTPS redirection rules.
referrerPolicy(Customizer<HeadersConfigurer.ReferrerPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Referrer Policy.
referrerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures Referrer-Policy response header.
regex - Enum constant in enum class org.springframework.security.config.http.MatcherType
registerAuthenticationEntryPoint(B, AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
registerDefaultAuthenticationEntryPoint(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
registeredClientRepository(RegisteredClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Sets the repository of registered clients.
registerMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry: Subclasses should implement this method for returning the object that is chained to the creation of the ServerWebExchangeMatcher instances.
registerMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
RELYING_PARTY_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements
relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.
relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.
RelyingPartyRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.saml2
RelyingPartyRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.saml2.RelyingPartyRegistrationsBeanDefinitionParser
REMEMBER_ME - Static variable in class org.springframework.security.config.Elements
rememberMe() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specify that URLs are allowed by users that have been remembered.
rememberMe(Customizer<RememberMeConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring of Remember Me authentication.
RememberMeConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Configures Remember Me authentication.
RememberMeConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Creates a new instance
rememberMeCookieDomain(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: The domain name within which the remember me cookie is visible.
rememberMeCookieName(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: The name of cookie which store the token for remember me authentication.
rememberMeParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: The HTTP parameter used to indicate to remember the user at time of login.
rememberMeServices(RememberMeServices) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Specify the RememberMeServices to use.
removeConfigurer(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Removes and returns the SecurityConfigurer by its class name or null if not found.
removeConfigurer(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Removes the SecurityConfigurer by its class name or null if not found.
removeConfigurers(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Removes all the SecurityConfigurer instances by its class name or an empty List if not found.
reportOnly() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig: Enables (includes) the Content-Security-Policy-Report-Only header in the response.
reportOnly(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

If true, the browser should not terminate the connection with the server.
reportOnly(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec: Whether to include the Content-Security-Policy-Report-Only header in the response.
reportUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

Sets the URI to which the browser should report pin validation failures.
reportUri(URI) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

Sets the URI to which the browser should report pin validation failures.
REQUEST_CACHE - Static variable in class org.springframework.security.config.Elements
requestCache(Customizer<RequestCacheConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring the Request Cache.
requestCache(Customizer<ServerHttpSecurity.RequestCacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures the request cache which is used when a flow is interrupted (i.e.
requestCache(RequestCache) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer: Allows explicit configuration of the RequestCache to be used.
requestCache(ServerRequestCache) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec: Configures the cache used
RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds request cache for Spring Security.
RequestCacheConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
requestDataValueProcessor() - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration: Deprecated.
requestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig: Sets the RequestMatcher used to determine if the "Strict-Transport-Security" should be added.
RequestMatcherFactoryBean - Class in org.springframework.security.config.http: Deprecated.
RequestMatcherFactoryBean(String) - Constructor for class org.springframework.security.config.http.RequestMatcherFactoryBean: Deprecated.
RequestMatcherFactoryBean(String, HttpMethod) - Constructor for class org.springframework.security.config.http.RequestMatcherFactoryBean: Deprecated.
requestMatchers - Variable in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl: Deprecated.
requestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Match when the request URI matches one of patterns.
requestMatchers(HttpMethod) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Match when the HttpMethod is method
requestMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Match when the HttpMethod is method and when the request URI matches one of patterns.
requestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Associates a list of RequestMatcher instances with the AbstractRequestMatcherRegistry
requestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.configurers.HttpsRedirectConfigurer
requestRejectedHandler(RequestRejectedHandler) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Sets the handler to handle RequestRejectedException
requireCsrfProtectionMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec: Configures the ServerWebExchangeMatcher used to determine when CSRF protection is enabled.
requireCsrfProtectionMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Specify the RequestMatcher to use for determining when CSRF should be applied.
requireExplicitAuthenticationStrategy(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Setting this means that explicit invocation of SessionAuthenticationStrategy is required.
requireExplicitSave(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
requires(String) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl: Deprecated.
requiresAuthenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: Configures when authentication is performed.
requiresChannel(Customizer<ChannelSecurityConfigurer.ChannelRequestMatcherRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Deprecated.
Use HttpSecurity.redirectToHttps(org.springframework.security.config.Customizer<org.springframework.security.config.annotation.web.configurers.HttpsRedirectConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>>)
requiresInsecure() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl: Deprecated.
requiresLogout(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec: Configures when the log out will be triggered.
requiresSecure() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl: Deprecated.
revocationRequestConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenRevocationEndpointConfigurer: Adds an AuthenticationConverter used when attempting to extract a Revoke Token Request from HttpServletRequest to an instance of OAuth2TokenRevocationAuthenticationToken used for authenticating the request.
revocationRequestConverters(Consumer<List<AuthenticationConverter>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenRevocationEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationConverter's allowing the ability to add, remove, or customize a specific AuthenticationConverter.
revocationResponseHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2TokenRevocationEndpointConfigurer: Sets the AuthenticationSuccessHandler used for handling an OAuth2TokenRevocationAuthenticationToken.
rolePrefix(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: A non-empty string prefix that will be added as a prefix to the existing roles.
rolePrefix(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer: A non-empty string prefix that will be added to role strings loaded from persistent storage (default is "").
rolePrefix(String) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer
roles(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Populates the roles.
root(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: Optional root suffix for the embedded LDAP server.
route(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
rpId(String) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer: The Relying Party id.
rpName(String) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer: Sets the relying party name
RsaKeyConversionServicePostProcessor - Class in org.springframework.security.config.crypto: Adds RsaKeyConverters to the configured ConversionService or PropertyEditors
RsaKeyConversionServicePostProcessor() - Constructor for class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor
RSocketSecurity - Class in org.springframework.security.config.annotation.rsocket: Allows configuring RSocket based security.
RSocketSecurity() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity
RSocketSecurity.AnonymousAuthenticationSpec - Class in org.springframework.security.config.annotation.rsocket
RSocketSecurity.AuthorizePayloadsSpec - Class in org.springframework.security.config.annotation.rsocket
RSocketSecurity.AuthorizePayloadsSpec.Access - Class in org.springframework.security.config.annotation.rsocket
RSocketSecurity.BasicAuthenticationSpec - Class in org.springframework.security.config.annotation.rsocket
RSocketSecurity.JwtSpec - Class in org.springframework.security.config.annotation.rsocket
RSocketSecurity.SimpleAuthenticationSpec - Class in org.springframework.security.config.annotation.rsocket
runAsManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Provide a custom RunAsManager for the default implementation of GlobalMethodSecurityConfiguration.methodSecurityInterceptor(MethodSecurityMetadataSource).

S

sameOrigin() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig: Specify to allow any request that comes from the same origin to frame this application.
SAML2_LOGIN - Static variable in class org.springframework.security.config.Elements
SAML2_LOGOUT - Static variable in class org.springframework.security.config.Elements
saml2Login(Customizer<Saml2LoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures authentication support using an SAML 2.0 Service Provider.
Saml2LoginConfigurer> - Class in org.springframework.security.config.annotation.web.configurers.saml2: An AbstractHttpConfigurer for SAML 2.0 Login, which leverages the SAML 2.0 Web Browser Single Sign On (WebSSO) Flow.
Saml2LoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
saml2Logout(Customizer<Saml2LogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures logout support for an SAML 2.0 Relying Party.
Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.saml2: Adds SAML 2.0 logout support.
Saml2LogoutConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: Creates a new instance
Saml2LogoutConfigurer.LogoutRequestConfigurer - Class in org.springframework.security.config.annotation.web.configurers.saml2: A configurer for SAML 2.0 LogoutRequest components
Saml2LogoutConfigurer.LogoutResponseConfigurer - Class in org.springframework.security.config.annotation.web.configurers.saml2
saml2Metadata(Customizer<Saml2MetadataConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures a SAML 2.0 metadata endpoint that presents relying party configurations in an <md:EntityDescriptor> payload.
Saml2MetadataConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.saml2: An AbstractHttpConfigurer for SAML 2.0 Metadata.
Saml2MetadataConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer
SecuredAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
securedEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity: Deprecated.

Determines if Spring Security's Secured annotations should be enabled.
securedEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity: Determines if Spring Security's Secured annotation should be enabled.
SECURITY_CONTEXT_SERVER_WEB_EXCHANGE - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder: SecurityContextServerWebExchangeWebFilter
SecurityBuilder<O> - Interface in org.springframework.security.config.annotation: Interface for building an Object
SecurityConfigurer<O,B extends SecurityBuilder<O>> - Interface in org.springframework.security.config.annotation: Allows for configuring a SecurityBuilder.
SecurityConfigurerAdapter<O,B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation: A base class for SecurityConfigurer that allows subclasses to only implement the methods they are interested in.
SecurityConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.SecurityConfigurerAdapter
securityContext(Customizer<SecurityContextConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Sets up management of the SecurityContext on the SecurityContextHolder between HttpServletRequest's.
SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Allows persisting and restoring of the SecurityContext found on the SecurityContextHolder for each request by configuring the SecurityContextPersistenceFilter.
SecurityContextConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer: Creates a new instance
securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer: Specifies a custom SecurityContextRepository to use for basic authentication.
securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Sets the SecurityContextRepository to use.
securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer: Specifies the shared SecurityContextRepository that is to be used
securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: The ServerSecurityContextRepository used to save the Authentication.
securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec: The ServerSecurityContextRepository used to save the Authentication.
securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: The ServerSecurityContextRepository used to save the Authentication.
securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: The ServerSecurityContextRepository used to save the Authentication.
securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: The strategy used with ReactorContextWebFilter.
SecurityDebugBeanFactoryPostProcessor - Class in org.springframework.security.config.debug
SecurityDebugBeanFactoryPostProcessor() - Constructor for class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor
securityMatcher(String...) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring the HttpSecurity to only be invoked when matching the provided set of patterns.
securityMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: The ServerExchangeMatcher that determines which requests apply to this HttpSecurity instance.
securityMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring the HttpSecurity to only be invoked when matching the provided RequestMatcher.
securityMatchers(Customizer<HttpSecurity.RequestMatcherConfigurer>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows specifying which HttpServletRequest instances this HttpSecurity will be invoked on.
SecurityNamespaceHandler - Class in org.springframework.security.config: Parses elements from the "security" namespace (http://www.springframework.org/schema/security).
SecurityNamespaceHandler() - Constructor for class org.springframework.security.config.SecurityNamespaceHandler
SecurityObservationSettings - Class in org.springframework.security.config.observation: An ObservationPredicate that can be used to change which Spring Security observations are made with Micrometer.
SecurityObservationSettings.Builder - Class in org.springframework.security.config.observation: A builder for configuring a SecurityObservationSettings
SecurityWebFiltersOrder - Enum Class in org.springframework.security.config.web.server
SERVER_REQUEST_CACHE - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder: ServerRequestCacheWebFilter
serverAuthenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
ServerHttpSecurity - Class in org.springframework.security.config.web.server: A ServerHttpSecurity is similar to Spring Security's HttpSecurity but for WebFlux.
ServerHttpSecurity() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity
ServerHttpSecurity.AnonymousSpec - Class in org.springframework.security.config.web.server: Configures anonymous authentication
ServerHttpSecurity.AuthorizeExchangeSpec - Class in org.springframework.security.config.web.server: Configures authorization
ServerHttpSecurity.AuthorizeExchangeSpec.Access - Class in org.springframework.security.config.web.server: Configures the access for a particular set of exchanges.
ServerHttpSecurity.CorsSpec - Class in org.springframework.security.config.web.server: Configures CORS support within Spring Security.
ServerHttpSecurity.CsrfSpec - Class in org.springframework.security.config.web.server: Configures CSRF Protection
ServerHttpSecurity.ExceptionHandlingSpec - Class in org.springframework.security.config.web.server: Configures exception handling
ServerHttpSecurity.FormLoginSpec - Class in org.springframework.security.config.web.server: Configures Form Based authentication
ServerHttpSecurity.HeaderSpec - Class in org.springframework.security.config.web.server: Configures HTTP Response Headers.
ServerHttpSecurity.HeaderSpec.CacheSpec - Class in org.springframework.security.config.web.server: Configures cache control headers
ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec - Class in org.springframework.security.config.web.server: Configures Content-Security-Policy response header.
ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec - Class in org.springframework.security.config.web.server: The content type headers
ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec - Class in org.springframework.security.config.web.server: Configures the Cross-Origin-Embedder-Policy header
ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec - Class in org.springframework.security.config.web.server: Configures the Cross-Origin-Opener-Policy header
ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec - Class in org.springframework.security.config.web.server: Configures the Cross-Origin-Resource-Policy header
ServerHttpSecurity.HeaderSpec.FeaturePolicySpec - Class in org.springframework.security.config.web.server: Configures Feature-Policy response header.
ServerHttpSecurity.HeaderSpec.FrameOptionsSpec - Class in org.springframework.security.config.web.server: Configures frame options response header
ServerHttpSecurity.HeaderSpec.HstsSpec - Class in org.springframework.security.config.web.server: Configures Strict Transport Security response header
ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec - Class in org.springframework.security.config.web.server: Configures Permissions-Policy response header.
ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec - Class in org.springframework.security.config.web.server: Configures Referrer-Policy response header.
ServerHttpSecurity.HeaderSpec.XssProtectionSpec - Class in org.springframework.security.config.web.server: Configures x-xss-protection response header
ServerHttpSecurity.HttpBasicSpec - Class in org.springframework.security.config.web.server: Configures HTTP Basic Authentication
ServerHttpSecurity.HttpsRedirectSpec - Class in org.springframework.security.config.web.server: Configures HTTPS redirection rules
ServerHttpSecurity.LogoutSpec - Class in org.springframework.security.config.web.server: Configures log out
ServerHttpSecurity.OAuth2ClientSpec - Class in org.springframework.security.config.web.server
ServerHttpSecurity.OAuth2LoginSpec - Class in org.springframework.security.config.web.server
ServerHttpSecurity.OAuth2ResourceServerSpec - Class in org.springframework.security.config.web.server: Configures OAuth2 Resource Server Support
ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec - Class in org.springframework.security.config.web.server: Configures JWT Resource Server Support
ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec - Class in org.springframework.security.config.web.server: Configures Opaque Token Resource Server support
ServerHttpSecurity.OidcLogoutSpec - Class in org.springframework.security.config.web.server: Configures OIDC 1.0 Logout support
ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer - Class in org.springframework.security.config.web.server: A configurer for configuring OIDC Back-Channel Logout
ServerHttpSecurity.OneTimeTokenLoginSpec - Class in org.springframework.security.config.web.server: Configures One-Time Token Login Support
ServerHttpSecurity.PasswordManagementSpec - Class in org.springframework.security.config.web.server: Configures password management.
ServerHttpSecurity.RequestCacheSpec - Class in org.springframework.security.config.web.server: Configures the request cache which is used when a flow is interrupted (i.e.
ServerHttpSecurity.SessionManagementSpec - Class in org.springframework.security.config.web.server: Configures how sessions are managed.
ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec - Class in org.springframework.security.config.web.server: Configures how many sessions are allowed for a given user.
ServerHttpSecurity.X509Spec - Class in org.springframework.security.config.web.server: Configures X509 authentication
servletApi(Customizer<ServletApiConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Integrates the HttpServletRequest methods with the values found on the SecurityContext.
ServletApiConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Implements select methods from the HttpServletRequest using the SecurityContext from the SecurityContextHolder.
ServletApiConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer: Creates a new instance
SESSION_MANAGEMENT - Static variable in class org.springframework.security.config.Elements
sessionAuthenticationErrorUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Defines the URL of the error page which should be shown when the SessionAuthenticationStrategy raises an exception.
sessionAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Defines the AuthenticationFailureHandler which will be used when the SessionAuthenticationStrategy raises an exception.
sessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Specify the SessionAuthenticationStrategy to use.
sessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Allows explicitly specifying the SessionAuthenticationStrategy.
sessionConcurrency(Customizer<SessionManagementConfigurer.ConcurrencyControlConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Controls the maximum number of sessions for a user.
sessionCreationPolicy(SessionCreationPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Allows specifying the SessionCreationPolicy
SessionCreationPolicy - Enum Class in org.springframework.security.config.http: Specifies the various session creation policies for Spring Security.
sessionFixation() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Allows changing the default SessionFixationProtectionStrategy.
sessionFixation(Customizer<SessionManagementConfigurer.SessionFixationConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Allows configuring session fixation protection.
SessionFixationConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
sessionManagement(Customizer<SessionManagementConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring of Session Management.
sessionManagement(Customizer<ServerHttpSecurity.SessionManagementSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures Session Management.
SessionManagementConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Allows configuring session management.
SessionManagementConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Creates a new instance
SessionManagementConfigurer.ConcurrencyControlConfigurer - Class in org.springframework.security.config.annotation.web.configurers: Allows configuring controlling of multiple sessions.
SessionManagementConfigurer.SessionFixationConfigurer - Class in org.springframework.security.config.annotation.web.configurers: Allows configuring SessionFixation protection
SessionManagementSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec
sessionRegistry(ReactiveSessionRegistry) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec: Sets the ReactiveSessionRegistry to use.
sessionRegistry(SessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer: Controls the SessionRegistry implementation used.
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.http.MessageMatcherFactoryBean: Deprecated.
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.http.PathPatternRequestMatcherFactoryBean
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.http.RequestMatcherFactoryBean: Deprecated.
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.http.UserDetailsServiceFactoryBean
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.web.PathPatternRequestMatcherBuilderFactoryBean
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
setAuthenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
setAuthenticationFilter(F) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Sets the Authentication Filter
setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Sets the GrantedAuthoritiesMapper used for converting the authorities loaded from storage to a new set of authorities which will be associated to the UsernamePasswordAuthenticationToken.
setBasePath(String) - Method in class org.springframework.security.config.http.PathPatternRequestMatcherFactoryBean
setBasePath(String) - Method in class org.springframework.security.config.web.PathPatternRequestMatcherBuilderFactoryBean: Use this as the base path for patterns built by the resulting PathPatternRequestMatcher.Builder instance
setBeanFactory(BeanFactory) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.
setBeanFactory(BeanFactory) - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
setBeanFactory(BeanFactory) - Method in class org.springframework.security.config.web.PathPatternRequestMatcherBuilderFactoryBean
setBeanName(String) - Method in class org.springframework.security.config.web.PathPatternRequestMatcherBuilderFactoryBean
setBuilder(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter: Sets the SecurityBuilder to be used.
setContextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Sets the BaseLdapPathContextSource used to perform LDAP authentication.
setDefaultNameRequired(boolean) - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor
setEraseCredentialsAfterAuthentication(boolean) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
setFilterChainProxySecurityConfigurer(ObjectPostProcessor<Object>, ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Sets the <SecurityConfigurer<FilterChainProxy, WebSecurityBuilder> instances used to create the web configuration.
setGlobalAuthenticationConfigurers(List<GlobalAuthenticationConfigurerAdapter>) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
setImportMetadata(AnnotationMetadata) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Obtains the attributes from EnableGlobalMethodSecurity if this class was imported using the EnableGlobalMethodSecurity annotation.
setImportMetadata(AnnotationMetadata) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
setLdapAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Sets the LdapAuthoritiesPopulator used to obtain a list of granted authorities for an LDAP user.
setLdif(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean: Specifies an LDIF to load at startup for an embedded LDAP server.
setLogoutUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler: Use this logout URI for performing per-session logout.
setLogoutUri(String) - Method in class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler: Use this logout URI for performing per-session logout.
setManagerDn(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean: Username (DN) of the "manager" user identity (i.e.
setManagerPassword(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean: The password for the manager DN.
setMethodSecurityExpressionHandler(List<MethodSecurityExpressionHandler>) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.
setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
setPasswordAttribute(String) - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory: The attribute in the directory which contains the user password.
setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory: Specifies the PasswordEncoder to be used when authenticating with password comparison.
setPort(int) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean: The port to connect to LDAP to (the default is 33389 or random available port if unavailable).
setResource(Resource) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean: Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResource(Resource) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean: Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResource(Resource) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean: Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor
setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
setResourceLocation(String) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean: Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResourceLocation(String) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean: Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResourceLocation(String) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean: Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setRoot(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean: Optional root suffix for the embedded LDAP server.
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
setServletContext(ServletContext) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
setSessionCookieName(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler: Use this cookie name for the session identifier.
setSessionCookieName(String) - Method in class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler: Use this cookie name for the session identifier.
setSharedObject(Class<C>, C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Sets an object that is shared by multiple SecurityConfigurer.
setSharedObject(Class<C>, C) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
setSharedObject(Class<C>, C) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Sets an object that is shared by multiple SecurityConfigurer.
setup() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
setUserDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Sets a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication.
setUserDnPatterns(String...) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: If your users are at a fixed location in the directory (i.e.
setUserSearchBase(String) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Search base for user searches.
setUserSearchFilter(String) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: The LDAP filter used to search for users (optional).
shouldObserveAuthentications() - Method in class org.springframework.security.config.observation.SecurityObservationSettings
shouldObserveAuthentications(boolean) - Method in class org.springframework.security.config.observation.SecurityObservationSettings.Builder
shouldObserveAuthorizations() - Method in class org.springframework.security.config.observation.SecurityObservationSettings
shouldObserveAuthorizations(boolean) - Method in class org.springframework.security.config.observation.SecurityObservationSettings.Builder
shouldObserveRequests() - Method in class org.springframework.security.config.observation.SecurityObservationSettings
shouldObserveRequests(boolean) - Method in class org.springframework.security.config.observation.SecurityObservationSettings.Builder
showDefaultSubmitPage(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer: Configures whether the default one-time token submit page should be shown.
showDefaultSubmitPage(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: Configures whether the default one-time token submit page should be shown.
simpleAuthentication(Customizer<RSocketSecurity.SimpleAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity: Adds support for validating a username and password using Simple Authentication
spa() - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Sensible CSRF defaults when used in combination with a single page application.
SPRING_SECURITY_FILTER_CHAIN - Static variable in class org.springframework.security.config.BeanIds: External alias for FilterChainProxy bean, for use in web.xml files
springSecurityFilterChain(ObjectProvider<HttpSecurity>) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Creates the Spring Security Filter Chain
STATELESS - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy: Spring Security will never create an HttpSession and it will never use it to obtain the SecurityContext
subjectPrincipalRegex(String) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer: Deprecated.
Please use {x509PrincipalExtractor(X509PrincipalExtractor) instead
successForwardUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer: Forward Authentication Success Handler
successHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies the AuthenticationSuccessHandler to be used.
supports(Class<?>) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider

T

ThrowingCustomizer<T> - Interface in org.springframework.security.config: A Customizer that allows invocation of code that throws a checked exception.
tokenEndpoint(Customizer<OAuth2LoginConfigurer.TokenEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Configures the Authorization Server's Token Endpoint.
tokenEndpoint(Customizer<OAuth2TokenEndpointConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Configures the OAuth 2.0 Token Endpoint.
tokenGeneratingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer: Specifies the URL that a One-Time Token generate request will be processed.
tokenGeneratingUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: Specifies the URL that a One-Time Token generate request will be processed.
tokenGenerationSuccessHandler(OneTimeTokenGenerationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer: Specifies strategy to be used to handle generated one-time tokens.
tokenGenerationSuccessHandler(ServerOneTimeTokenGenerationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: Specifies strategy to be used to handle generated one-time tokens.
tokenGenerator(OAuth2TokenGenerator<? extends OAuth2Token>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Sets the token generator.
tokenIntrospectionEndpoint(Customizer<OAuth2TokenIntrospectionEndpointConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Configures the OAuth 2.0 Token Introspection Endpoint.
tokenRepository(PersistentTokenRepository) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Specifies the PersistentTokenRepository to use.
tokenRevocationEndpoint(Customizer<OAuth2TokenRevocationEndpointConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer: Configures the OAuth 2.0 Token Revocation Endpoint.
tokenService(OneTimeTokenService) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer: Configures the OneTimeTokenService used to generate and consume OneTimeToken
tokenService(ReactiveOneTimeTokenService) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec: Configures the ReactiveOneTimeTokenService used to generate and consume OneTimeToken
tokenValiditySeconds(int) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Allows specifying how long (in seconds) a token is valid for

U

updateAccessDefaults(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Updates the default values for access.
updateAuthenticationDefaults() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Updates the default values for authentication.
url(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: Specifies the ldap server URL when not using the embedded LDAP server.
useAuthorizationManager() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity: Indicate whether ReactiveAuthorizationManager based Method Security to be used.
USER_DETAILS_SERVICE - Static variable in class org.springframework.security.config.BeanIds
USER_DETAILS_SERVICE_FACTORY - Static variable in class org.springframework.security.config.BeanIds
USER_SERVICE - Static variable in class org.springframework.security.config.Elements
userAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig: Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities().
userCache(UserCache) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer: Defines the UserCache to use
UserDetailsAwareConfigurer,U extends org.springframework.security.core.userdetails.UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails: Base class that allows access to the UserDetailsService for using as a default value with AuthenticationManagerBuilder.
UserDetailsAwareConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer
userDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Allows explicit customization of the loaded user object by specifying a UserDetailsContextMapper bean which will be called with the context information from the user's directory entry.
UserDetailsManagerConfigurer,C extends UserDetailsManagerConfigurer<B,C>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning: Base class for populating an AuthenticationManagerBuilder with a UserDetailsManager.
UserDetailsManagerConfigurer(UserDetailsManager) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer
UserDetailsManagerConfigurer.UserDetailsBuilder - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning: Builds the user to be added.
UserDetailsManagerResourceFactoryBean - Class in org.springframework.security.config.provisioning: Constructs an InMemoryUserDetailsManager from a resource using UserDetailsResourceFactoryBean.
UserDetailsManagerResourceFactoryBean() - Constructor for class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
UserDetailsMapFactoryBean - Class in org.springframework.security.config.core.userdetails: Creates a Collection<UserDetails> from a @{code Map} in the format of
UserDetailsMapFactoryBean(Map<String, String>) - Constructor for class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean
userDetailsPasswordManager(UserDetailsPasswordService) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
UserDetailsResourceFactoryBean - Class in org.springframework.security.config.core.userdetails: Parses a Resource that is a Properties file in the format of: username=password[,enabled|disabled],roles...
UserDetailsResourceFactoryBean() - Constructor for class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Specifies the UserDetailsService used to look up the UserDetails when a remember me token is valid.
userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer: Shortcut for invoking authenticationUserDetailsService(AuthenticationUserDetailsService) with a UserDetailsByNameServiceWrapper.
userDetailsService(UserDetailsService) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Allows adding an additional UserDetailsService to be used
userDetailsService(T) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Add authentication based upon the custom UserDetailsService that is passed in.
UserDetailsServiceConfigurer,C extends UserDetailsServiceConfigurer<B,C,U>,U extends org.springframework.security.core.userdetails.UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails: Allows configuring a UserDetailsService within a AuthenticationManagerBuilder.
UserDetailsServiceConfigurer(U) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer: Creates a new instance
UserDetailsServiceFactoryBean - Class in org.springframework.security.config.http: Bean used to lookup a named UserDetailsService or AuthenticationUserDetailsService.
UserDetailsServiceFactoryBean() - Constructor for class org.springframework.security.config.http.UserDetailsServiceFactoryBean
userDnPatterns(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: If your users are at a fixed location in the directory (i.e.
userInfoEndpoint(Customizer<OAuth2LoginConfigurer.UserInfoEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Configures the Authorization Server's UserInfo Endpoint.
userInfoEndpoint(Customizer<OidcUserInfoEndpointConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcConfigurer: Configures the OpenID Connect 1.0 UserInfo Endpoint.
userInfoMapper(Function<OidcUserInfoAuthenticationContext, OidcUserInfo>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcUserInfoEndpointConfigurer: Sets the Function used to extract claims from OidcUserInfoAuthenticationContext to an instance of OidcUserInfo for the UserInfo response.
userInfoRequestConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcUserInfoEndpointConfigurer: Adds an AuthenticationConverter used when attempting to extract an UserInfo Request from HttpServletRequest to an instance of OidcUserInfoAuthenticationToken used for authenticating the request.
userInfoRequestConverters(Consumer<List<AuthenticationConverter>>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcUserInfoEndpointConfigurer: Sets the Consumer providing access to the List of default and (optionally) added AuthenticationConverter's allowing the ability to add, remove, or customize a specific AuthenticationConverter.
userInfoResponseHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OidcUserInfoEndpointConfigurer: Sets the AuthenticationSuccessHandler used for handling an OidcUserInfoAuthenticationToken and returning the UserInfo Response.
usernameParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer: The HTTP parameter to look for the username when performing authentication.
usersByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer: Sets the query to be used for finding a user by their username.
userSearchBase(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Search base for user searches.
userSearchFilter(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: The LDAP filter used to search for users (optional).
userService(OAuth2UserService<OAuth2UserRequest, OAuth2User>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig: Sets the OAuth 2.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.
UserServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
UserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser
useSecureCookie(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Whether the cookie should be flagged as secure or not.

V

validate(FilterChainProxy) - Method in class org.springframework.security.config.http.DefaultFilterChainValidator
valueOf(String) - Static method in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder: Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.config.http.MatcherType: Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.config.http.SessionCreationPolicy: Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider: Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder: Returns the enum constant of this class with the specified name.
values() - Static method in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder: Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.config.http.MatcherType: Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.config.http.SessionCreationPolicy: Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider: Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder: Returns an array containing the constants of this enum class, in the order they are declared.
verificationUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2DeviceAuthorizationEndpointConfigurer: Sets the end-user verification URI on the authorization server.

W

webAuthn(Customizer<WebAuthnConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Specifies webAuthn/passkeys based authentication.
WebAuthnConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Configures WebAuthn for Spring Security applications
WebAuthnConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer
WebMvcSecurityConfiguration - Class in org.springframework.security.config.annotation.web.servlet.configuration: Deprecated.
This is applied internally using SpringWebMvcImportSelector
WebMvcSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration: Deprecated.
WebSecurity - Class in org.springframework.security.config.annotation.web.builders: The WebSecurity is created by WebSecurityConfiguration to create the FilterChainProxy known as the Spring Security Filter Chain (springSecurityFilterChain).
WebSecurity(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.WebSecurity: Creates a new instance
WebSecurity.IgnoredRequestConfigurer - Class in org.springframework.security.config.annotation.web.builders: Allows registering RequestMatcher instances that should be ignored by Spring Security.
WebSecurityConfiguration - Class in org.springframework.security.config.annotation.web.configuration: Uses a WebSecurity to create the FilterChainProxy that performs the web based security for Spring Security.
WebSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
WebSecurityConfigurer<T extends SecurityBuilder<jakarta.servlet.Filter>> - Interface in org.springframework.security.config.annotation.web: Allows customization to the WebSecurity.
WebSecurityCustomizer - Interface in org.springframework.security.config.annotation.web.configuration: Callback interface for customizing WebSecurity.
webSecurityExpressionHandler() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
WEBSOCKET_MESSAGE_BROKER - Static variable in class org.springframework.security.config.Elements
WebSocketMessageBrokerSecurityBeanDefinitionParser - Class in org.springframework.security.config.websocket: Parses Spring Security's websocket namespace support.
WebSocketMessageBrokerSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser
WellKnownChangePasswordBeanDefinitionParser - Class in org.springframework.security.config.http: The bean definition parser for a Well-Known URL for Changing Passwords.
WellKnownChangePasswordBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.WellKnownChangePasswordBeanDefinitionParser
with(C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Applies a SecurityConfigurerAdapter to this SecurityBuilder and invokes SecurityConfigurerAdapter.setBuilder(SecurityBuilder).
with(C, Customizer<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Applies a SecurityConfigurerAdapter to this SecurityBuilder and invokes SecurityConfigurerAdapter.setBuilder(SecurityBuilder).
withDefaults() - Static method in interface org.springframework.security.config.Customizer: Returns a Customizer that does not alter the input argument.
withDefaults() - Static method in class org.springframework.security.config.observation.SecurityObservationSettings: Begin the configuration of a SecurityObservationSettings
withDefaultSchema() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer: Populates the default schema that allows users and authorities to be stored.
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Adds an ObjectPostProcessor for this class.
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer: Adds an ObjectPostProcessor for this class.
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry: Adds an ObjectPostProcessor for this class.
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry: Deprecated.

Adds an ObjectPostProcessor for this class.
withPins(Map<String, String>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

Sets the value for the pin- directive of the Public-Key-Pins header.
withUser(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer: Allows adding a user to the UserDetailsManager that is being created.
withUser(User.UserBuilder) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer: Allows adding a user to the UserDetailsManager that is being created.
withUser(UserDetails) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer: Allows adding a user to the UserDetailsManager that is being created.
writer(ServerHttpHeadersWriter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures custom headers writer

X

X - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
x509(Customizer<X509Configurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures X509 based pre authentication.
x509(Customizer<ServerHttpSecurity.X509Spec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures x509 authentication using a certificate provided by a client.
X509 - Static variable in class org.springframework.security.config.Elements
x509AuthenticationFilter(X509AuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer: Allows specifying the entire X509AuthenticationFilter.
X509Configurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds X509 based pre authentication to an application.
X509Configurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.X509Configurer: Creates a new instance
x509PrincipalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer: Specifies the X509PrincipalExtractor
xssProtection(Customizer<HeadersConfigurer.XXssConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Note this is not comprehensive XSS protection!
xssProtection(Customizer<ServerHttpSecurity.HeaderSpec.XssProtectionSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures x-xss-protection response header.

A B C D E F G H I J K L M N O P R S T U V W X
All Classes and Interfaces|All Packages|Constant Field Values|Serialized Form