All Classes and Interfaces

Class	Description
AbstractAccessDecisionManager	Deprecated. Use AuthorizationManager instead
AbstractAclVoter	Deprecated. Now used by only-deprecated classes.
AbstractAuthenticationEvent	Represents an application authentication event.
AbstractAuthenticationFailureEvent	Abstract application event which indicates authentication failure for some reason.
AbstractAuthenticationToken	Base class for Authentication objects.
AbstractAuthorizationEvent	Deprecated. Authorization events have moved.
AbstractFallbackMethodSecurityMetadataSource	Deprecated. Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization
AbstractJaasAuthenticationProvider	An AuthenticationProvider implementation that retrieves user details from a JAAS login configuration.
AbstractMethodSecurityMetadataSource	Deprecated. Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization
AbstractSecurityExpressionHandler<T>	Base implementation of the facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects.
AbstractSecurityInterceptor	Deprecated. Use org.springframework.security.web.access.intercept.AuthorizationFilter instead for filter security, org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor for messaging security, or AuthorizationManagerBeforeMethodInterceptor and AuthorizationManagerAfterMethodInterceptor for method security.
AbstractSessionEvent	Abstract superclass for all session related events.
AbstractUserDetailsAuthenticationProvider	A base AuthenticationProvider that allows subclasses to override and work with UserDetails objects.
AbstractUserDetailsReactiveAuthenticationManager	A base ReactiveAuthenticationManager that allows subclasses to override and work with UserDetails objects.
AccessDecisionManager	Deprecated. Use AuthorizationManager instead
AccessDecisionVoter<S>	Deprecated. Use AuthorizationManager instead
AccessDeniedException	Thrown if an Authentication object does not hold a required authority.
AccountExpiredException	Thrown if an authentication request is rejected because the account has expired.
AccountStatusException	Base class for authentication exceptions which are caused by a particular user account status (locked, disabled etc).
AccountStatusUserDetailsChecker
AffirmativeBased	Deprecated. Use AuthorizationManager instead
AfterInvocationManager	Deprecated. Use delegation with AuthorizationManager
AfterInvocationProvider	Deprecated. Use delegation with AuthorizationManager
AfterInvocationProviderManager	Deprecated. Use delegation with AuthorizationManager
AnnotationMetadataExtractor<A extends Annotation>	Deprecated. Used only by now-deprecated classes.
AnnotationParameterNameDiscoverer	Allows finding parameter names using the value attribute of any number of Annotation instances.
AnnotationTemplateExpressionDefaults	A component for configuring the expression attribute template of the parsed Spring Security annotation
AnonymousAuthenticationProvider	An AuthenticationProvider implementation that validates AnonymousAuthenticationTokens.
AnonymousAuthenticationToken	Represents an anonymous Authentication.
AspectJCallback	Deprecated. This class will be removed from the public API.
AspectJMethodSecurityInterceptor	Deprecated. This class will be removed from the public API.
Attributes2GrantedAuthoritiesMapper	Interface to be implemented by classes that can map a list of security attributes (such as roles or group names) to a collection of Spring Security GrantedAuthoritys.
AuthenticatedAuthorizationManager<T>	An AuthorizationManager that determines if the current user is authenticated.
AuthenticatedPrincipal	Representation of an authenticated Principal once an Authentication request has been successfully authenticated by the AuthenticationManager.authenticate(Authentication) method.
AuthenticatedReactiveAuthorizationManager<T>	A ReactiveAuthorizationManager that determines if the current user is authenticated.
AuthenticatedVoter	Deprecated. Use AuthorityAuthorizationManager instead
Authentication	Represents the token for an authentication request or for an authenticated principal once the request has been processed by the AuthenticationManager.authenticate(Authentication) method.
AuthenticationCredentialsNotFoundEvent	Deprecated. Authentication is now separated from authorization.
AuthenticationCredentialsNotFoundException	Thrown if an authentication request is rejected because there is no Authentication object in the SecurityContext.
AuthenticationDetailsSource<C,T>	Provides a Authentication.getDetails() object for a given web request.
AuthenticationEventPublisher
AuthenticationException	Abstract superclass for all exceptions related to an Authentication object being invalid for whatever reason.
AuthenticationFailureBadCredentialsEvent	Application event which indicates authentication failure due to invalid credentials being presented.
AuthenticationFailureCredentialsExpiredEvent	Application event which indicates authentication failure due to the user's credentials having expired.
AuthenticationFailureDisabledEvent	Application event which indicates authentication failure due to the user's account being disabled.
AuthenticationFailureExpiredEvent	Application event which indicates authentication failure due to the user's account having expired.
AuthenticationFailureLockedEvent	Application event which indicates authentication failure due to the user's account having been locked.
AuthenticationFailureProviderNotFoundEvent	Application event which indicates authentication failure due to there being no registered AuthenticationProvider that can process the request.
AuthenticationFailureProxyUntrustedEvent	Application event which indicates authentication failure due to the CAS user's ticket being generated by an untrusted proxy.
AuthenticationFailureServiceExceptionEvent	Application event which indicates authentication failure due to there being a problem internal to the AuthenticationManager.
AuthenticationManager	Processes an Authentication request.
AuthenticationManagerResolver<C>	An interface for resolving an AuthenticationManager based on the provided context
AuthenticationObservationContext	An Observation.Context used during authentications
AuthenticationObservationConvention	An ObservationConvention for translating authentications into KeyValues.
AuthenticationPrincipal	Annotation that is used to resolve Authentication.getPrincipal() to a method argument.
AuthenticationProvider	Indicates a class can process a specific Authentication implementation.
AuthenticationServiceException	Thrown if an authentication request could not be processed due to a system problem.
AuthenticationSuccessEvent	Application event which indicates successful authentication.
AuthenticationTrustResolver	Evaluates Authentication tokens
AuthenticationTrustResolverImpl	Basic implementation of AuthenticationTrustResolver.
AuthenticationUserDetailsService<T extends Authentication>	Interface that allows for retrieving a UserDetails object based on an Authentication object.
AuthoritiesAuthorizationManager	An AuthorizationManager that determines if the current user is authorized by evaluating if the Authentication contains any of the specified authorities.
AuthorityAuthorizationDecision	Represents an AuthorizationDecision based on a collection of authorities
AuthorityAuthorizationManager<T>	An AuthorizationManager that determines if the current user is authorized by evaluating if the Authentication contains a specified authority.
AuthorityGranter	The AuthorityGranter interface is used to map a given principal to role names.
AuthorityReactiveAuthorizationManager<T>	A ReactiveAuthorizationManager that determines if the current user is authorized by evaluating if the Authentication contains a specified authority.
AuthorityUtils	Utility method for manipulating GrantedAuthority collections etc.
AuthorizationAdvisor	An interface that indicates method security advice
AuthorizationAdvisorProxyFactory	A proxy factory for applying authorization advice to an arbitrary object.
AuthorizationAdvisorProxyFactory.TargetVisitor	An interface to handle how the AuthorizationAdvisorProxyFactory should step through the target's object hierarchy.
AuthorizationDecision
AuthorizationDeniedEvent<T>	An ApplicationEvent which indicates failed authorization.
AuthorizationDeniedException	An AccessDeniedException that contains the AuthorizationResult
AuthorizationEvent	A parent class for AuthorizationGrantedEvent and AuthorizationDeniedEvent.
AuthorizationEventPublisher	A contract for publishing authorization events
AuthorizationFailureEvent	Deprecated. Use AuthorizationDeniedEvent instead
AuthorizationGrantedEvent<T>	An ApplicationEvent which indicates successful authorization.
AuthorizationInterceptorsOrder	Ordering of Spring Security's authorization Advisors
AuthorizationManager<T>	An Authorization manager which can determine if an Authentication has access to a specific object.
AuthorizationManagerAfterMethodInterceptor	A MethodInterceptor which can determine if an Authentication has access to the result of an MethodInvocation using an AuthorizationManager
AuthorizationManagerAfterReactiveMethodInterceptor	A MethodInterceptor which can determine if an Authentication has access to the returned object from the MethodInvocation using the configured ReactiveAuthorizationManager.
AuthorizationManagerBeforeMethodInterceptor	A MethodInterceptor which uses a AuthorizationManager to determine if an Authentication may invoke the given MethodInvocation
AuthorizationManagerBeforeReactiveMethodInterceptor	A MethodInterceptor which can determine if an Authentication has access to the MethodInvocation using the configured ReactiveAuthorizationManager.
AuthorizationManagers	A factory class to create an AuthorizationManager instances.
AuthorizationObservationContext<T>	An Observation.Context used during authorizations
AuthorizationObservationConvention	An ObservationConvention for translating authorizations into KeyValues.
AuthorizationProxy	An interface that is typically implemented by Spring Security's AOP support to identify an instance as being proxied by Spring Security.
AuthorizationProxyFactory	A factory for wrapping arbitrary objects in authorization-related advice
AuthorizationResult	Represents an authorization result
AuthorizationServiceException	Thrown if an authorization request could not be processed due to a system problem.
AuthorizedEvent	Deprecated. Use AuthorizationGrantedEvent instead
AuthorizeReturnObject	Wraps Spring Security method authorization advice around the return object of any method this annotation is applied to.
AuthorizeReturnObjectCoreHintsRegistrar	A SecurityHintsRegistrar that scans all beans for methods that use AuthorizeReturnObject and registers those return objects as TypeHints.
AuthorizeReturnObjectHintsRegistrar	A SecurityHintsRegistrar implementation that registers only the classes provided in the constructor.
AuthorizeReturnObjectMethodInterceptor	A method interceptor that applies the given AuthorizationProxyFactory to any return value annotated with AuthorizeReturnObject
BadCredentialsException	Thrown if an authentication request is rejected because the credentials are invalid.
CachingUserDetailsService	Implementation of UserDetailsService that utilizes caching through a UserCache
CompromisedPasswordChecker	An API for checking if a password has been compromised.
CompromisedPasswordDecision
CompromisedPasswordException	Indicates that the provided password is compromised
ConfigAttribute	Deprecated. In modern Spring Security APIs, each API manages its own configuration context.
ConsensusBased	Deprecated. Use AuthorizationManager instead
CoreJackson2Module	Jackson module for spring-security-core.
CredentialsContainer	Indicates that the implementing object contains sensitive data, which can be erased using the eraseCredentials method.
CredentialsExpiredException	Thrown if an authentication request is rejected because the account's credentials have expired.
CurrentSecurityContext	Annotation that is used to resolve the SecurityContext as a method argument.
CycleInRoleHierarchyException	Exception that is thrown because of a cycle in the role hierarchy definition
DaoAuthenticationProvider	An AuthenticationProvider implementation that retrieves user details from a UserDetailsService.
DefaultAuthenticationEventPublisher	The default strategy for publishing authentication events.
DefaultJaasAuthenticationProvider	Creates a LoginContext using the Configuration provided to it.
DefaultLoginExceptionResolver	This LoginExceptionResolver simply wraps the LoginException with an AuthenticationServiceException.
DefaultMethodSecurityExpressionHandler	The standard implementation of MethodSecurityExpressionHandler.
DefaultOneTimeToken	A default implementation of OneTimeToken
DefaultSecurityParameterNameDiscoverer	Spring Security's default ParameterNameDiscoverer which tries a number of ParameterNameDiscoverer depending on what is found on the classpath.
DefaultToken	The default implementation of Token.
DeferredSecurityContext	An interface that allows delayed access to a SecurityContext that may be generated.
DelegatingApplicationListener	Used for delegating to a number of SmartApplicationListener instances.
DelegatingMethodSecurityMetadataSource	Deprecated. Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization
DelegatingReactiveAuthenticationManager	A ReactiveAuthenticationManager that delegates to other ReactiveAuthenticationManager instances.
DelegatingSecurityContextAsyncTaskExecutor	An AsyncTaskExecutor which wraps each Runnable in a DelegatingSecurityContextRunnable and each Callable in a DelegatingSecurityContextCallable.
DelegatingSecurityContextCallable<V>	Wraps a delegate Callable with logic for setting up a SecurityContext before invoking the delegate Callable and then removing the SecurityContext after the delegate has completed.
DelegatingSecurityContextExecutor	An Executor which wraps each Runnable in a DelegatingSecurityContextRunnable.
DelegatingSecurityContextExecutorService	An ExecutorService which wraps each Runnable in a DelegatingSecurityContextRunnable and each Callable in a DelegatingSecurityContextCallable.
DelegatingSecurityContextRunnable	Wraps a delegate Runnable with logic for setting up a SecurityContext before invoking the delegate Runnable and then removing the SecurityContext after the delegate has completed.
DelegatingSecurityContextScheduledExecutorService	An ScheduledExecutorService which wraps each Runnable in a DelegatingSecurityContextRunnable and each Callable in a DelegatingSecurityContextCallable.
DelegatingSecurityContextSchedulingTaskExecutor	An SchedulingTaskExecutor which wraps each Runnable in a DelegatingSecurityContextRunnable and each Callable in a DelegatingSecurityContextCallable.
DelegatingSecurityContextTaskExecutor	An TaskExecutor which wraps each Runnable in a DelegatingSecurityContextRunnable.
DelegatingSecurityContextTaskScheduler	An implementation of TaskScheduler invoking it whenever the trigger indicates a next execution time.
DenyAllPermissionEvaluator	A null PermissionEvaluator which denies all access.
DisabledException	Thrown if an authentication request is rejected because the account is disabled.
ExpressionAttributeAuthorizationDecision	Deprecated. Use ExpressionAuthorizationDecision instead
ExpressionAuthorizationDecision	Represents an AuthorizationDecision based on a Expression
ExpressionBasedAnnotationAttributeFactory	Deprecated. Use AuthorizationManager interceptors instead
ExpressionBasedPostInvocationAdvice	Deprecated. Use AuthorizationManagerAfterMethodInterceptor instead
ExpressionBasedPreInvocationAdvice	Deprecated. Use AuthorizationManagerAfterMethodInterceptor instead
ExpressionUtils
FieldUtils	Offers static methods for directly manipulating fields.
GenerateOneTimeTokenRequest	Class to store information related to an One-Time Token authentication request
GrantedAuthoritiesContainer	Indicates that a object stores GrantedAuthority objects.
GrantedAuthoritiesMapper	Mapping interface which can be injected into the authentication layer to convert the authorities loaded from storage into those which will be used in the Authentication object.
GrantedAuthority	Represents an authority granted to an Authentication object.
GroupManager	Allows management of groups of authorities and their members.
HandleAuthorizationDenied	Annotation for specifying handling behavior when an authorization denied happens in method security or an AuthorizationDeniedException is thrown during method invocation
InMemoryConfiguration	An in memory representation of a JAAS configuration.
InMemoryOneTimeTokenService	Provides an in-memory implementation of the OneTimeTokenService interface that uses a ConcurrentHashMap to store the generated OneTimeToken.
InMemoryReactiveOneTimeTokenService	Reactive adapter for InMemoryOneTimeTokenService
InMemoryReactiveSessionRegistry	Provides an in-memory implementation of ReactiveSessionRegistry.
InMemoryResource	An in memory implementation of Spring's Resource interface.
InMemoryUserDetailsManager	Non-persistent implementation of UserDetailsManager which is backed by an in-memory map.
InsufficientAuthenticationException	Thrown if an authentication request is rejected because the credentials are not sufficiently trusted.
InteractiveAuthenticationSuccessEvent	Indicates an interactive authentication was successful.
InterceptorStatusToken	Deprecated. Use delegation with AuthorizationManager
InternalAuthenticationServiceException	Thrown if an authentication request could not be processed due to a system problem that occurred internally.
InvalidOneTimeTokenException	An AuthenticationException that indicates an invalid one-time token.
JaasAuthenticationCallbackHandler	The JaasAuthenticationCallbackHandler is similar to the javax.security.auth.callback.CallbackHandler interface in that it defines a handle method.
JaasAuthenticationEvent	Parent class for events fired by the JaasAuthenticationProvider.
JaasAuthenticationFailedEvent	Fired when LoginContext.login throws a LoginException, or if any other exception is thrown during that time.
JaasAuthenticationProvider	An AuthenticationProvider implementation that retrieves user details from a JAAS login configuration.
JaasAuthenticationSuccessEvent	Fired by the JaasAuthenticationProvider after successfully logging the user into the LoginContext, handling all callbacks, and calling all AuthorityGranters.
JaasAuthenticationToken	UsernamePasswordAuthenticationToken extension to carry the Jaas LoginContext that the user was logged into
JaasGrantedAuthority	GrantedAuthority which, in addition to the assigned role, holds the principal that an AuthorityGranter used as a reason to grant this authority.
JaasNameCallbackHandler	The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback.
JaasPasswordCallbackHandler	The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback.
JdbcDaoImpl	UserDetailsService implementation which retrieves the user details (username, password, enabled flag, and authorities) from a database using JDBC queries.
JdbcOneTimeTokenService	A JDBC implementation of an OneTimeTokenService that uses a JdbcOperations for OneTimeToken persistence.
JdbcUserDetailsManager	Jdbc user management service, based on the same table structure as its parent class, JdbcDaoImpl.
Jsr250AuthorizationManager	An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating if the Authentication contains a specified authority from the JSR-250 security annotations.
Jsr250MethodSecurityMetadataSource	Deprecated. Use Jsr250AuthorizationManager instead
Jsr250SecurityConfig	Deprecated. Use AuthorizationManagerBeforeMethodInterceptor.jsr250() instead
Jsr250Voter	Deprecated. Use Jsr250AuthorizationManager instead
KeyBasedPersistenceTokenService	Basic implementation of TokenService that is compatible with clusters and across machine restarts, without requiring database persistence.
ListeningSecurityContextHolderStrategy	An API for notifying when the SecurityContext changes.
LockedException	Thrown if an authentication request is rejected because the account is locked.
LoggerListener	Deprecated. Logging is now embedded in Spring Security components.
LoggerListener	Outputs authentication-related application events to Commons Logging.
LoginExceptionResolver	The JaasAuthenticationProvider takes an instance of LoginExceptionResolver to resolve LoginModule specific exceptions to Spring Security AuthenticationExceptions.
LogoutSuccessEvent	Application event which indicates successful logout
MapBasedAttributes2GrantedAuthoritiesMapper	This class implements the Attributes2GrantedAuthoritiesMapper and MappableAttributesRetriever interfaces based on the supplied Map.
MapBasedMethodSecurityMetadataSource	Deprecated. Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization
MappableAttributesRetriever	Interface to be implemented by classes that can retrieve a list of mappable security attribute strings (for example the list of all available J2EE roles in a web or EJB application).
MapReactiveUserDetailsService	A Map based implementation of ReactiveUserDetailsService
MethodAuthorizationDeniedHandler	An interface used to define a strategy to handle denied method invocations
MethodExpressionAuthorizationManager	An expression-based AuthorizationManager that determines the access by evaluating the provided expression against the MethodInvocation.
MethodInvocationAdapter	Deprecated. This class will be removed from the public API.
MethodInvocationPrivilegeEvaluator	Deprecated. Use AuthorizationManager instead
MethodInvocationResult	A context object that contains a MethodInvocation and the result of that MethodInvocation.
MethodInvocationUtils	Static utility methods for creating MethodInvocations usable within Spring Security.
MethodSecurityExpressionHandler	Extended expression-handler facade which adds methods which are specific to securing method invocations.
MethodSecurityExpressionOperations	Interface which must be implemented if you want to use filtering in method security expressions.
MethodSecurityInterceptor	Deprecated. Please use AuthorizationManagerBeforeMethodInterceptor and AuthorizationManagerAfterMethodInterceptor instead
MethodSecurityMetadataSource	Deprecated. Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization
MethodSecurityMetadataSourceAdvisor	Deprecated. Use EnableMethodSecurity or publish interceptors directly
NullAuthoritiesMapper
NullRoleHierarchy
NullUserCache	Does not perform any caching.
ObservationAuthenticationManager	An AuthenticationManager that observes the authentication
ObservationAuthorizationManager<T>	An AuthorizationManager that observes the authorization
ObservationReactiveAuthenticationManager	An ReactiveAuthenticationManager that observes the authentication
ObservationReactiveAuthorizationManager<T>	An ReactiveAuthorizationManager that observes the authentication
ObservationSecurityContextChangedListener	A SecurityContextChangedListener that adds events to an existing Observation If no Observation is present when an event is fired, then the event is unrecorded.
OneTimeToken	Represents a one-time use token with an associated username and expiration time.
OneTimeTokenAuthenticationProvider	An AuthenticationProvider responsible for authenticating users based on one-time tokens.
OneTimeTokenAuthenticationToken	Represents a One-Time Token authentication that can be authenticated or not.
OneTimeTokenReactiveAuthenticationManager	A ReactiveAuthenticationManager for one time tokens.
OneTimeTokenService	Interface for generating and consuming one-time tokens.
P	Deprecated. use @{code org.springframework.security.core.parameters.P}
P	An annotation that can be used along with AnnotationParameterNameDiscoverer to specify parameter names.
PermissionCacheOptimizer	Allows permissions to be pre-cached when using pre or post filtering with expressions
PermissionEvaluator	Strategy used in expression evaluation to determine whether a user has a permission or permissions for a given domain object.
PostAuthorize	Annotation for specifying a method access-control expression which will be evaluated after a method has been invoked.
PostAuthorizeAuthorizationManager	An AuthorizationManager which can determine if an Authentication may return the result from an invoked MethodInvocation by evaluating an expression from the PostAuthorize annotation.
PostAuthorizeReactiveAuthorizationManager	A ReactiveAuthorizationManager which can determine if an Authentication has access to the returned object from the MethodInvocation by evaluating an expression from the PostAuthorize annotation.
PostFilter	Annotation for specifying a method filtering expression which will be evaluated after a method has been invoked.
PostFilterAuthorizationMethodInterceptor	A MethodInterceptor which filters a returnedObject from the MethodInvocation by evaluating an expression from the PostFilter annotation.
PostFilterAuthorizationReactiveMethodInterceptor	A MethodInterceptor which filters the returned object from the MethodInvocation by evaluating an expression from the PostFilter annotation.
PostInvocationAdviceProvider	Deprecated. Use AuthorizationManagerAfterMethodInterceptor instead
PostInvocationAttribute	Deprecated. Use AuthorizationManagerAfterMethodInterceptor instead
PostInvocationAuthorizationAdvice	Deprecated. Use AuthorizationManagerAfterMethodInterceptor instead
PreAuthorize	Annotation for specifying a method access-control expression which will be evaluated to decide whether a method invocation is allowed or not.
PreAuthorizeAuthorizationManager	An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating an expression from the PreAuthorize annotation.
PreAuthorizeReactiveAuthorizationManager	A ReactiveAuthorizationManager which can determine if an Authentication has access to the MethodInvocation by evaluating an expression from the PreAuthorize annotation.
PreFilter	Annotation for specifying a method filtering expression which will be evaluated before a method has been invoked.
PreFilterAuthorizationMethodInterceptor	A MethodInterceptor which filters a method argument by evaluating an expression from the PreFilter annotation.
PreFilterAuthorizationReactiveMethodInterceptor	A MethodInterceptor which filters a reactive method argument by evaluating an expression from the PreFilter annotation.
PreInvocationAttribute	Deprecated. Use AuthorizationManagerBeforeMethodInterceptor instead
PreInvocationAuthorizationAdvice	Deprecated. Use AuthorizationManagerBeforeMethodInterceptor instead
PreInvocationAuthorizationAdviceVoter	Deprecated. Use AuthorizationManagerBeforeMethodInterceptor instead
PrePostAdviceReactiveMethodInterceptor	Deprecated. Use AuthorizationManagerBeforeReactiveMethodInterceptor or AuthorizationManagerAfterReactiveMethodInterceptor
PrePostAnnotationSecurityMetadataSource	Deprecated. Use PreAuthorizeAuthorizationManager and PostAuthorizeAuthorizationManager instead
PrePostAuthorizeExpressionBeanHintsRegistrar	A SecurityHintsRegistrar that scans all provided classes for methods that use PreAuthorize or PostAuthorize and registers hints for the beans used within the security expressions.
PrePostAuthorizeHintsRegistrar	A SecurityHintsRegistrar that scans all beans for methods that use PreAuthorize or PostAuthorize and registers appropriate hints for the annotations.
PrePostInvocationAttributeFactory	Deprecated. Use delegation with AuthorizationManager
PrePostTemplateDefaults	Deprecated. Please use AnnotationTemplateExpressionDefaults instead
ProviderManager	Iterates an Authentication request through a list of AuthenticationProviders.
ProviderNotFoundException	Thrown by ProviderManager if no AuthenticationProvider could be found that supports the presented Authentication object.
PublicInvocationEvent	Deprecated. Only used by now-deprecated classes.
ReactiveAuthenticationManager	Determines if the provided Authentication can be authenticated.
ReactiveAuthenticationManagerAdapter	Adapts an AuthenticationManager to the reactive APIs.
ReactiveAuthenticationManagerResolver<C>	An interface for resolving a ReactiveAuthenticationManager based on the provided context
ReactiveAuthorizationManager<T>	A reactive authorization manager which can determine if an Authentication has access to a specific object.
ReactiveCompromisedPasswordChecker	A Reactive API for checking if a password has been compromised.
ReactiveOneTimeTokenService	Reactive interface for generating and consuming one-time tokens.
ReactiveSecurityContextHolder	Allows getting and setting the Spring SecurityContext into a Context.
ReactiveSecurityContextHolderThreadLocalAccessor	A ThreadLocalAccessor for accessing a SecurityContext with the ReactiveSecurityContextHolder.
ReactiveSessionInformation
ReactiveSessionRegistry	Maintains a registry of ReactiveSessionInformation instances.
ReactiveUserDetailsPasswordService	An API for changing a UserDetails password.
ReactiveUserDetailsService	An API for finding the UserDetails by username.
RememberMeAuthenticationProvider	An AuthenticationProvider implementation that validates RememberMeAuthenticationTokens.
RememberMeAuthenticationToken	Represents a remembered Authentication.
RoleHierarchy	The simple interface of a role hierarchy.
RoleHierarchyAuthoritiesMapper
RoleHierarchyImpl	This class defines a role hierarchy for use with various access checking components.
RoleHierarchyImpl.Builder	Builder class for constructing a RoleHierarchyImpl based on a hierarchical role structure.
RoleHierarchyUtils	Utility methods for RoleHierarchy.
RoleHierarchyVoter	Deprecated. Use AuthorityAuthorizationManager.setRoleHierarchy(org.springframework.security.access.hierarchicalroles.RoleHierarchy) instead
RoleVoter	Deprecated. Use AuthorityAuthorizationManager instead
RsaKeyConverters	Used for creating Key converter instances
RunAsImplAuthenticationProvider	Deprecated. Authentication is now separated from authorization in Spring Security.
RunAsManager	Deprecated. Authentication is now separated from authorization in Spring Security.
RunAsManagerImpl	Deprecated. Authentication is now separated from authorization in Spring Security.
RunAsUserToken	Deprecated. Authentication is now separated from authorization in Spring Security.
Secured	Java 5 annotation for describing service layer security attributes.
SecuredAnnotationSecurityMetadataSource	Deprecated. Use AuthorizationManagerBeforeMethodInterceptor.secured()
SecuredAuthorizationManager	An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating if the Authentication contains a specified authority from the Spring Security's Secured annotation.
SecureRandomFactoryBean	Creates a SecureRandom instance.
SecurityAnnotationScanner<A extends Annotation>	An interface to scan for and synthesize an annotation on a type, method, or method parameter into an annotation of type <A>.
SecurityAnnotationScanners	Factory for creating SecurityAnnotationScanner instances.
SecurityConfig	Deprecated. In modern Spring Security APIs, each API manages its own configuration context.
SecurityContext	Interface defining the minimum security information associated with the current thread of execution.
SecurityContextChangedEvent	An event that represents a change in SecurityContext
SecurityContextChangedListener	A listener for SecurityContextChangedEvents
SecurityContextHolder	Associates a given SecurityContext with the current execution thread.
SecurityContextHolderStrategy	A strategy for storing security context information against a thread.
SecurityContextHolderThreadLocalAccessor	A ThreadLocalAccessor for accessing a SecurityContext with the SecurityContextHolder.
SecurityContextImpl	Base implementation of SecurityContext.
SecurityContextLoginModule	An implementation of LoginModule that uses a Spring Security SecurityContext to provide authentication.
SecurityExpressionHandler<T>	Facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects
SecurityExpressionOperations	Standard interface for expression root objects used with expression-based security.
SecurityExpressionRoot	Base root object for use in Spring Security expression evaluations.
SecurityHintsRegistrar	An interface for registering AOT hints.
SecurityJackson2Modules	This utility class will find all the SecurityModules in classpath.
SecurityMetadataSource	Deprecated. In modern Spring Security APIs, each API manages its own configuration context.
SessionCreationEvent	Generic session creation event which indicates that a session (potentially represented by a security context) has begun.
SessionDestroyedEvent	Generic "session termination" event which indicates that a session (potentially represented by a security context) has ended.
SessionIdChangedEvent	Generic "session ID changed" event which indicates that a session identifier (potentially represented by a security context) has changed.
SessionInformation	Represents a record of a session within the Spring Security framework.
SessionRegistry	Maintains a registry of SessionInformation instances.
SessionRegistryImpl	Default implementation of SessionRegistry which listens for SessionDestroyedEvents published in the Spring application context.
Sha512DigestUtils	Provides SHA512 digest methods.
SimpleAttributes2GrantedAuthoritiesMapper	This class implements the Attributes2GrantedAuthoritiesMapper interface by doing a one-to-one mapping from roles to Spring Security GrantedAuthorities.
SimpleAuthorityMapper	Simple one-to-one GrantedAuthoritiesMapper which allows for case conversion of the authority name and the addition of a string prefix (which defaults to ROLE_ ).
SimpleGrantedAuthority	Basic concrete implementation of a GrantedAuthority.
SimpleGrantedAuthorityMixin	Jackson Mixin class helps in serialize/deserialize SimpleGrantedAuthority.
SimpleMappableAttributesRetriever	This class implements the MappableAttributesRetriever interface by just returning a list of mappable attributes as previously set using the corresponding setter method.
SimpleMethodInvocation	Represents the AOP Alliance MethodInvocation.
SingleResultAuthorizationManager<C>	An AuthorizationManager which creates permit-all and deny-all AuthorizationManager instances.
SpringAuthorizationEventPublisher	An implementation of AuthorizationEventPublisher that uses Spring's event publishing support.
SpringCacheBasedUserCache	Caches UserDetails instances in a Spring defined Cache.
SpringSecurityCoreVersion	Internal class used for checking version compatibility in a deployed application.
SpringSecurityMessageSource	The default MessageSource used by Spring Security.
TestingAuthenticationProvider	An AuthenticationProvider implementation for the TestingAuthenticationToken.
TestingAuthenticationToken	An Authentication implementation that is designed for use whilst unit testing.
ThrowingMethodAuthorizationDeniedHandler	An implementation of MethodAuthorizationDeniedHandler that throws AuthorizationDeniedException
Token	A token issued by TokenService.
TokenService	Provides a mechanism to allocate and rebuild secure, randomised tokens.
Transient	A marker for Authentications that should never be stored across requests, for example a bearer token authentication
TransientSecurityContext	A SecurityContext that is annotated with @Transient and thus should never be stored across requests.
UnanimousBased	Deprecated. Use AuthorizationManager instead
User	Models core user information retrieved by a UserDetailsService.
User.UserBuilder	Builds the user to be added.
UserAttribute	Used by InMemoryUserDetailsManager to temporarily store the attributes associated with a user.
UserAttributeEditor	Property editor that creates a UserAttribute from a comma separated list of values.
UserCache	Provides a cache of UserDetails objects.
UserDetails	Provides core user information.
UserDetailsByNameServiceWrapper<T extends Authentication>	This implementation for AuthenticationUserDetailsService wraps a regular Spring Security UserDetailsService implementation, to retrieve a UserDetails object based on the user name contained in an Authentication object.
UserDetailsChecker	Called by classes which make use of a UserDetailsService to check the status of the loaded UserDetails object.
UserDetailsManager	An extension of the UserDetailsService which provides the ability to create new users and update existing ones.
UserDetailsPasswordService	An API for changing a UserDetails password.
UserDetailsRepositoryReactiveAuthenticationManager	A ReactiveAuthenticationManager that uses a ReactiveUserDetailsService to validate the provided username and password.
UserDetailsService	Core interface which loads user-specific data.
UsernameNotFoundException	Thrown if an UserDetailsService implementation cannot locate a User by its username.
UsernamePasswordAuthenticationToken	An Authentication implementation that is designed for simple presentation of a username and password.