A B C D E F G H I J L M N O P R S T U V W X
All Classes All Packages
All Classes All Packages
All Classes All Packages
A
- AbstractAuthenticationProcessingFilter - Class in org.springframework.security.web.authentication
-
Abstract processor of browser-based HTTP-based authentication requests.
- AbstractAuthenticationProcessingFilter(String) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- AbstractAuthenticationProcessingFilter(String, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Creates a new instance with a default filterProcessesUrl and an
AuthenticationManager
- AbstractAuthenticationProcessingFilter(RequestMatcher) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Creates a new instance
- AbstractAuthenticationProcessingFilter(RequestMatcher, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Creates a new instance with a
RequestMatcher
and anAuthenticationManager
- AbstractAuthenticationTargetUrlRequestHandler - Class in org.springframework.security.web.authentication
-
Base class containing the logic used by strategies which handle redirection to a URL and are passed an
Authentication
object as part of the contract. - AbstractAuthenticationTargetUrlRequestHandler() - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
- AbstractPreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth
-
Base class for processing filters that handle pre-authenticated authentication requests, where it is assumed that the principal has already been authenticated by an external system.
- AbstractPreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
- AbstractRememberMeServices - Class in org.springframework.security.web.authentication.rememberme
-
Base class for RememberMeServices implementations.
- AbstractRememberMeServices(String, UserDetailsService) - Constructor for class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- AbstractRequestParameterAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- AbstractRetryEntryPoint - Class in org.springframework.security.web.access.channel
- AbstractRetryEntryPoint(String, int) - Constructor for class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- AbstractSecurityWebApplicationInitializer - Class in org.springframework.security.web.context
-
Registers the
DelegatingFilterProxy
to use the springSecurityFilterChain before any other registeredFilter
. - AbstractSecurityWebApplicationInitializer() - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Creates a new instance that assumes the Spring Security configuration is loaded by some other means than this class.
- AbstractSecurityWebApplicationInitializer(Class<?>...) - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Creates a new instance that will instantiate the
ContextLoaderListener
with the specified classes. - AbstractSessionFixationProtectionStrategy - Class in org.springframework.security.web.authentication.session
-
A base class for performing session fixation protection.
- AbstractSessionFixationProtectionStrategy.NullEventPublisher - Class in org.springframework.security.web.authentication.session
- ACCESS_DENIED_403 - Static variable in class org.springframework.security.web.WebAttributes
-
Used to cache an
AccessDeniedException
in the request for rendering. - AccessDeniedHandler - Interface in org.springframework.security.web.access
-
Used by
ExceptionTranslationFilter
to handle anAccessDeniedException
. - AccessDeniedHandlerImpl - Class in org.springframework.security.web.access
-
Base implementation of
AccessDeniedHandler
. - AccessDeniedHandlerImpl() - Constructor for class org.springframework.security.web.access.AccessDeniedHandlerImpl
- add(ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>>) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder
- add(RequestMatcher, AuthorizationManager<RequestAuthorizationContext>) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
-
Maps a
RequestMatcher
to anAuthorizationManager
. - addHeader(String, String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
- addSha256Pins(String...) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
- afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- afterPropertiesSet() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Check whether all required properties have been set.
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
-
Check that all required properties have been set.
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
-
Loads the web.xml file using the configured ResourceLoader and parses the role-name elements from it, using these as the set of mappableAttributes.
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
Check whether all required properties have been set.
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.FilterChainProxy
- afterPropertiesSet() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
- afterSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Invoked after the springSecurityFilterChain is added.
- ALL - org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- ALL - org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- ALLOW_FROM - org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- allowableSessionsExceeded(List<SessionInformation>, int, SessionRegistry) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
-
Allows subclasses to customise behaviour when too many sessions are detected.
- allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
-
Deprecated.Method to be implemented by base classes, used to determine if the supplied origin is allowed.
- allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy
-
Deprecated.
- allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy
-
Deprecated.
- AllowFromStrategy - Interface in org.springframework.security.web.header.writers.frameoptions
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- AndRequestMatcher - Class in org.springframework.security.web.util.matcher
-
RequestMatcher
that will return true if all of the passed inRequestMatcher
instances match. - AndRequestMatcher(List<RequestMatcher>) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher
-
Creates a new instance
- AndRequestMatcher(RequestMatcher...) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher
-
Creates a new instance
- AndServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
-
Matches if all the provided
ServerWebExchangeMatcher
match - AndServerWebExchangeMatcher(List<ServerWebExchangeMatcher>) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
- AndServerWebExchangeMatcher(ServerWebExchangeMatcher...) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
- AnonymousAuthenticationFilter - Class in org.springframework.security.web.authentication
-
Detects if there is no
Authentication
object in theSecurityContextHolder
, and populates it with one if needed. - AnonymousAuthenticationFilter(String) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
-
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
- AnonymousAuthenticationFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- AnonymousAuthenticationWebFilter - Class in org.springframework.security.web.server.authentication
-
Detects if there is no
Authentication
object in theReactiveSecurityContextHolder
, and populates it with one if needed. - AnonymousAuthenticationWebFilter(String) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
-
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
- AnonymousAuthenticationWebFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
- AntPathRequestMatcher - Class in org.springframework.security.web.util.matcher
-
Matcher which compares a pre-defined ant-style pattern against the URL (
servletPath + pathInfo
) of anHttpServletRequest
. - AntPathRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the specific pattern which will match all HTTP methods in a case sensitive manner.
- AntPathRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the supplied pattern and HTTP method in a case sensitive manner.
- AntPathRequestMatcher(String, String, boolean) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the supplied pattern which will match the specified Http method
- AntPathRequestMatcher(String, String, boolean, UrlPathHelper) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the supplied pattern which will match the specified Http method
- ANY_CHANNEL - Static variable in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- anyExchange() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
-
Matches any exchange
- AnyRequestMatcher - Class in org.springframework.security.web.util.matcher
-
Matches any supplied request.
- appendFilters(ServletContext, Filter...) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Inserts the provided
Filter
s after existingFilter
s using default generated names,AbstractSecurityWebApplicationInitializer.getSecurityDispatcherTypes()
, andAbstractSecurityWebApplicationInitializer.isAsyncSecuritySupported()
. - apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
-
Deprecated.
- apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
-
Deprecated.
- attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Performs actual authentication.
- attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- attemptExitUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Attempt to exit from an already switched user.
- attemptSwitchUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Attempt to switch to another user.
- authenticate(Authentication) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
Authenticate the given PreAuthenticatedAuthenticationToken.
- authenticate(Authentication) - Method in class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
- AUTHENTICATION_EXCEPTION - Static variable in class org.springframework.security.web.WebAttributes
-
Used to cache an authentication-failure exception in the session.
- AUTHENTICATION_SCHEME_BASIC - Static variable in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- AuthenticationConverter - Interface in org.springframework.security.web.authentication
-
A strategy used for converting from a
HttpServletRequest
to anAuthentication
of particular type. - AuthenticationConverterServerWebExchangeMatcher - Class in org.springframework.security.web.server.authentication
- AuthenticationConverterServerWebExchangeMatcher(ServerAuthenticationConverter) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher
- authenticationDetailsSource - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- AuthenticationEntryPoint - Interface in org.springframework.security.web
-
Used by
ExceptionTranslationFilter
to commence an authentication scheme. - AuthenticationEntryPointFailureHandler - Class in org.springframework.security.web.authentication
-
Adapts a
AuthenticationEntryPoint
into aAuthenticationFailureHandler
- AuthenticationEntryPointFailureHandler(AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler
- AuthenticationFailureHandler - Interface in org.springframework.security.web.authentication
-
Strategy used to handle a failed authentication attempt.
- AuthenticationFilter - Class in org.springframework.security.web.authentication
-
A
Filter
that performs authentication of a particular request. - AuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter
- AuthenticationFilter(AuthenticationManager, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter
- AuthenticationPrincipal - Annotation Type in org.springframework.security.web.bind.annotation
-
Deprecated.Use
AuthenticationPrincipal
instead. - AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.bind.support
-
Deprecated.Use
AuthenticationPrincipalArgumentResolver
instead. - AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.method.annotation
-
Allows resolving the
Authentication.getPrincipal()
using theAuthenticationPrincipal
annotation. - AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.reactive.result.method.annotation
-
Resolves the Authentication
- AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
-
Deprecated.
- AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
- AuthenticationPrincipalArgumentResolver(ReactiveAdapterRegistry) - Constructor for class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
- AuthenticationSuccessHandler - Interface in org.springframework.security.web.authentication
-
Strategy used to handle a successful user authentication.
- AuthenticationSwitchUserEvent - Class in org.springframework.security.web.authentication.switchuser
-
Application event which indicates that a user context switch.
- AuthenticationSwitchUserEvent(Authentication, UserDetails) - Constructor for class org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent
-
Switch user context event constructor
- AuthenticationWebFilter - Class in org.springframework.security.web.server.authentication
-
A
WebFilter
that performs authentication of a particular request. - AuthenticationWebFilter(ReactiveAuthenticationManager) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Creates an instance
- AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Creates an instance
- AuthorizationContext - Class in org.springframework.security.web.server.authorization
- AuthorizationContext(ServerWebExchange) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext
- AuthorizationContext(ServerWebExchange, Map<String, Object>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext
- AuthorizationFilter - Class in org.springframework.security.web.access.intercept
-
An authorization filter that restricts access to the URL using
AuthorizationManager
. - AuthorizationFilter(AuthorizationManager<HttpServletRequest>) - Constructor for class org.springframework.security.web.access.intercept.AuthorizationFilter
-
Creates an instance.
- AuthorizationManagerWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access
-
An implementation of
WebInvocationPrivilegeEvaluator
which delegates the checks to an instance ofAuthorizationManager
- AuthorizationManagerWebInvocationPrivilegeEvaluator(AuthorizationManager<HttpServletRequest>) - Constructor for class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
- AuthorizationWebFilter - Class in org.springframework.security.web.server.authorization
- AuthorizationWebFilter(ReactiveAuthorizationManager<? super ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationWebFilter
- autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
- autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Template implementation which locates the Spring Security cookie, decodes it into a delimited array of tokens and submits it to subclasses for processing via the processAutoLoginCookie method.
- autoLogin(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.RememberMeServices
-
This method will be called whenever the
SecurityContextHolder
does not contain anAuthentication
object and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities.
B
- BASIC - Static variable in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
-
Deprecated.
- BasicAuthenticationConverter - Class in org.springframework.security.web.authentication.www
-
Converts from a HttpServletRequest to
UsernamePasswordAuthenticationToken
that can be authenticated. - BasicAuthenticationConverter() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- BasicAuthenticationConverter(AuthenticationDetailsSource<HttpServletRequest, ?>) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- BasicAuthenticationEntryPoint - Class in org.springframework.security.web.authentication.www
-
Used by the
ExceptionTranslationFilter
to commence authentication via theBasicAuthenticationFilter
. - BasicAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
- BasicAuthenticationFilter - Class in org.springframework.security.web.authentication.www
-
Processes a HTTP request's BASIC authorization headers, putting the result into the
SecurityContextHolder
. - BasicAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-
Creates an instance which will authenticate against the supplied
AuthenticationManager
and which will ignore failed authentication attempts, allowing the request to proceed down the filter chain. - BasicAuthenticationFilter(AuthenticationManager, AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-
Creates an instance which will authenticate against the supplied
AuthenticationManager
and use the suppliedAuthenticationEntryPoint
to handle authentication failures. - bearerToken(String) - Static method in class org.springframework.security.web.http.SecurityHeaders
-
Sets the provided value as a Bearer token in a header with the name of
HttpHeaders.AUTHORIZATION
- beforeConcurrentHandling(NativeWebRequest, Callable<T>) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
- beforeSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Invoked before the springSecurityFilterChain is added.
- build() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
-
Creates a
RequestMatcherDelegatingAuthorizationManager
instance. - build() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- build() - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder
- build() - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
- buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
-
Builds the authentication details object.
- buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
- buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.WebAuthenticationDetailsSource
- builder() - Static method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager
-
Creates a builder for
RequestMatcherDelegatingAuthorizationManager
. - builder() - Static method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager
- builder() - Static method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter
- Builder() - Constructor for class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
- Builder() - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- Builder() - Constructor for class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
- buildFullRequestUrl(String, String, int, String, String) - Static method in class org.springframework.security.web.util.UrlUtils
-
Obtains the full URL the client used to make the request.
- buildFullRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils
- buildHttpsRedirectUrlForRequest(HttpServletRequest) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
-
Builds a URL to redirect the supplied request to HTTPS.
- buildRedirectUrlToLoginPage(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- buildRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils
-
Obtains the web application-specific fragment of the request URL.
C
- CACHE - org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- CACHE - org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- CACHE_CONTRTOL_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
-
The value for cache control value
- CacheControlHeadersWriter - Class in org.springframework.security.web.header.writers
-
Inserts headers to prevent caching if no cache control headers have been specified.
- CacheControlHeadersWriter() - Constructor for class org.springframework.security.web.header.writers.CacheControlHeadersWriter
-
Creates a new instance
- CacheControlServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes cache control related headers.
- CacheControlServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
- calculateLoginLifetime(HttpServletRequest, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
-
Calculates the validity period in seconds for a newly generated remember-me login.
- calculateRedirectUrl(String, String) - Method in class org.springframework.security.web.DefaultRedirectStrategy
- cancelCookie(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Sets a "cancel cookie" (with maxAge = 0) on the response to disable persistent logins.
- ChangeSessionIdAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
-
Uses
HttpServletRequest.changeSessionId()
to protect against session fixation attacks. - ChangeSessionIdAuthenticationStrategy() - Constructor for class org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy
- ChannelDecisionManager - Interface in org.springframework.security.web.access.channel
-
Decides whether a web channel provides sufficient security.
- ChannelDecisionManagerImpl - Class in org.springframework.security.web.access.channel
-
Implementation of
ChannelDecisionManager
. - ChannelDecisionManagerImpl() - Constructor for class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- ChannelEntryPoint - Interface in org.springframework.security.web.access.channel
-
May be used by a
ChannelProcessor
to launch a web channel. - ChannelProcessingFilter - Class in org.springframework.security.web.access.channel
-
Ensures a web request is delivered over the required channel.
- ChannelProcessingFilter() - Constructor for class org.springframework.security.web.access.channel.ChannelProcessingFilter
- ChannelProcessor - Interface in org.springframework.security.web.access.channel
-
Decides whether a web channel meets a specific security condition.
- check(Supplier<Authentication>, HttpServletRequest) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager
-
Delegates to a specific
AuthorizationManager
based on aRequestMatcher
evaluation. - check(Mono<Authentication>, ServerWebExchange) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager
- CLEAR_SITE_DATA_HEADER - Static variable in class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
- clearAuthenticationAttributes(HttpServletRequest) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
-
Removes temporary authentication-related data which may have been stored in the session during the authentication process.
- ClearSiteDataHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for Clear Site Data.
- ClearSiteDataHeaderWriter(ClearSiteDataHeaderWriter.Directive...) - Constructor for class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter
-
Creates a new instance of
ClearSiteDataHeaderWriter
with given sources. - ClearSiteDataHeaderWriter.Directive - Enum in org.springframework.security.web.header.writers
-
Represents the directive values expected by the
ClearSiteDataHeaderWriter
. - ClearSiteDataServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the
Clear-Site-Data
response header when the request is secure. - ClearSiteDataServerHttpHeadersWriter(ClearSiteDataServerHttpHeadersWriter.Directive...) - Constructor for class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
-
Constructs a new instance using the given directives.
- ClearSiteDataServerHttpHeadersWriter.Directive - Enum in org.springframework.security.web.server.header
-
Represents the directive values expected by the
ClearSiteDataServerHttpHeadersWriter
- commence(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- commence(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.access.channel.ChannelEntryPoint
-
Commences a secure channel.
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.Http403ForbiddenEntryPoint
-
Always returns a 403 error code to the client.
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.HttpStatusEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
-
Performs the redirect (or forward) to the login form URL.
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in interface org.springframework.security.web.AuthenticationEntryPoint
-
Commences an authentication scheme.
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in interface org.springframework.security.web.server.ServerAuthenticationEntryPoint
-
Initiates the authentication flow
- CompositeHeaderWriter - Class in org.springframework.security.web.header.writers
-
A
HeaderWriter
that delegates to several otherHeaderWriter
s. - CompositeHeaderWriter(List<HeaderWriter>) - Constructor for class org.springframework.security.web.header.writers.CompositeHeaderWriter
-
Creates a new instance.
- CompositeLogoutHandler - Class in org.springframework.security.web.authentication.logout
-
Performs a logout through all the
LogoutHandler
implementations. - CompositeLogoutHandler(List<LogoutHandler>) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
- CompositeLogoutHandler(LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
- CompositeServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Combines multiple
ServerHttpHeadersWriter
instances into a single instance. - CompositeServerHttpHeadersWriter(List<ServerHttpHeadersWriter>) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
- CompositeServerHttpHeadersWriter(ServerHttpHeadersWriter...) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
- CompositeSessionAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
-
A
SessionAuthenticationStrategy
that accepts multipleSessionAuthenticationStrategy
implementations to delegate to. - CompositeSessionAuthenticationStrategy(List<SessionAuthenticationStrategy>) - Constructor for class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
- ConcurrentSessionControlAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
-
Strategy which handles concurrent session-control.
- ConcurrentSessionControlAuthenticationStrategy(SessionRegistry) - Constructor for class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
- ConcurrentSessionFilter - Class in org.springframework.security.web.session
-
Filter required by concurrent session handling package.
- ConcurrentSessionFilter(SessionRegistry) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
- ConcurrentSessionFilter(SessionRegistry, String) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
-
Deprecated.
- ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
- containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
- containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
- containsContext(HttpServletRequest) - Method in interface org.springframework.security.web.context.SecurityContextRepository
-
Allows the repository to be queried as to whether it contains a security context for the current request.
- CONTENT_SECURITY_POLICY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
- CONTENT_SECURITY_POLICY_REPORT_ONLY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
- ContentSecurityPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for Content Security Policy (CSP) Level 2.
- ContentSecurityPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
-
Creates a new instance.
- ContentSecurityPolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
-
Creates a new instance
- ContentSecurityPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the
Contet-Security-Policy
response header with configured policy directives. - ContentSecurityPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
- ContentTypeOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Adds X-Content-Type-Options: nosniff
- ContentTypeOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
- convert(HttpServletRequest) - Method in interface org.springframework.security.web.authentication.AuthenticationConverter
- convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- convert(ServerWebExchange) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationConverter
-
Converts a
ServerWebExchange
to anAuthentication
- convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter
- convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter
- convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter
- CookieClearingLogoutHandler - Class in org.springframework.security.web.authentication.logout
-
A logout handler which clears either - A defined list of cookie names, using the context path as the cookie path OR - A given list of Cookies
- CookieClearingLogoutHandler(String...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
- CookieClearingLogoutHandler(Cookie...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
- CookieCsrfTokenRepository - Class in org.springframework.security.web.csrf
-
A
CsrfTokenRepository
that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS. - CookieCsrfTokenRepository() - Constructor for class org.springframework.security.web.csrf.CookieCsrfTokenRepository
- CookieRequestCache - Class in org.springframework.security.web.savedrequest
-
An Implementation of
RequestCache
which saves the original request URI in a cookie. - CookieRequestCache() - Constructor for class org.springframework.security.web.savedrequest.CookieRequestCache
- COOKIES - org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- COOKIES - org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- CookieServerCsrfTokenRepository - Class in org.springframework.security.web.server.csrf
-
A
ServerCsrfTokenRepository
that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS. - CookieServerCsrfTokenRepository() - Constructor for class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
- CookieServerRequestCache - Class in org.springframework.security.web.server.savedrequest
-
An implementation of
ServerRequestCache
that saves the requested URI in a cookie. - CookieServerRequestCache() - Constructor for class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
- CookieTheftException - Exception in org.springframework.security.web.authentication.rememberme
- CookieTheftException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.CookieTheftException
- CREATE_TABLE_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
Default SQL for creating the database table to store the tokens
- createAuthentication(HttpServletRequest) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- createAuthentication(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
- createELContext(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher
-
Subclasses can override this methode if they want to use a different EL root context
- createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
- createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
- createNewToken(PersistentRememberMeToken) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
- createSecurityExpressionRoot(Authentication, FilterInvocation) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
- createSuccessfulAuthentication(HttpServletRequest, UserDetails) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Creates the final Authentication object returned from the autoLogin method.
- createUserDetails(Authentication, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService
-
Creates the final UserDetails object.
- CsrfAuthenticationStrategy - Class in org.springframework.security.web.csrf
-
CsrfAuthenticationStrategy
is in charge of removing theCsrfToken
upon authenticating. - CsrfAuthenticationStrategy(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfAuthenticationStrategy
-
Creates a new instance
- CsrfException - Exception in org.springframework.security.web.csrf
-
Thrown when an invalid or missing
CsrfToken
is found in the HttpServletRequest - CsrfException - Exception in org.springframework.security.web.server.csrf
-
Thrown when an invalid or missing
CsrfToken
is found in the HttpServletRequest - CsrfException(String) - Constructor for exception org.springframework.security.web.csrf.CsrfException
- CsrfException(String) - Constructor for exception org.springframework.security.web.server.csrf.CsrfException
- CsrfFilter - Class in org.springframework.security.web.csrf
-
Applies CSRF protection using a synchronizer token pattern.
- CsrfFilter(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfFilter
- CsrfLogoutHandler - Class in org.springframework.security.web.csrf
-
CsrfLogoutHandler
is in charge of removing theCsrfToken
upon logout. - CsrfLogoutHandler(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfLogoutHandler
-
Creates a new instance
- CsrfRequestDataValueProcessor - Class in org.springframework.security.web.reactive.result.view
- CsrfRequestDataValueProcessor - Class in org.springframework.security.web.servlet.support.csrf
-
Integration with Spring Web MVC that automatically adds the
CsrfToken
into forms with hidden inputs when using Spring tag libraries. - CsrfRequestDataValueProcessor() - Constructor for class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
- CsrfRequestDataValueProcessor() - Constructor for class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
- CsrfServerLogoutHandler - Class in org.springframework.security.web.server.csrf
-
CsrfServerLogoutHandler
is in charge of removing theCsrfToken
upon logout. - CsrfServerLogoutHandler(ServerCsrfTokenRepository) - Constructor for class org.springframework.security.web.server.csrf.CsrfServerLogoutHandler
-
Creates a new instance
- CsrfToken - Interface in org.springframework.security.web.csrf
-
Provides the information about an expected CSRF token.
- CsrfToken - Interface in org.springframework.security.web.server.csrf
- CsrfTokenArgumentResolver - Class in org.springframework.security.web.method.annotation
-
Allows resolving the current
CsrfToken
. - CsrfTokenArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver
- CsrfTokenRepository - Interface in org.springframework.security.web.csrf
-
An API to allow changing the method in which the expected
CsrfToken
is associated to theHttpServletRequest
. - CsrfWebFilter - Class in org.springframework.security.web.server.csrf
-
Applies CSRF protection using a synchronizer token pattern.
- CsrfWebFilter() - Constructor for class org.springframework.security.web.server.csrf.CsrfWebFilter
- currentDate - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Current formatted date.
- currentDateGenerated - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Instant on which the currentDate object was generated.
- CurrentSecurityContextArgumentResolver - Class in org.springframework.security.web.method.annotation
-
Allows resolving the
SecurityContext
using theCurrentSecurityContext
annotation. - CurrentSecurityContextArgumentResolver - Class in org.springframework.security.web.reactive.result.method.annotation
-
Resolves the
SecurityContext
- CurrentSecurityContextArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
- CurrentSecurityContextArgumentResolver(ReactiveAdapterRegistry) - Constructor for class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
D
- DebugFilter - Class in org.springframework.security.web.debug
-
Spring Security debugging filter.
- DebugFilter(FilterChainProxy) - Constructor for class org.springframework.security.web.debug.DebugFilter
- decide(FilterInvocation, Collection<ConfigAttribute>) - Method in interface org.springframework.security.web.access.channel.ChannelDecisionManager
-
Decided whether the presented
FilterInvocation
provides the appropriate level of channel security based on the requested list of ConfigAttributes. - decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- decide(FilterInvocation, Collection<ConfigAttribute>) - Method in interface org.springframework.security.web.access.channel.ChannelProcessor
-
Decided whether the presented
FilterInvocation
provides the appropriate level of channel security based on the requested list of ConfigAttributes. - decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- decodeCookie(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Decodes the cookie and splits it into a set of token strings using the ":" delimiter.
- DEF_INSERT_TOKEN_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
The default SQL used by createNewToken
- DEF_REMOVE_USER_TOKENS_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
The default SQL used by removeUserTokens
- DEF_TOKEN_BY_SERIES_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
The default SQL used by the getTokenBySeries query
- DEF_UPDATE_TOKEN_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
The default SQL used by updateToken
- DEFAULT_CSRF_ATTR_NAME - Static variable in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
-
The default request attribute to look for a
CsrfToken
. - DEFAULT_CSRF_MATCHER - Static variable in class org.springframework.security.web.csrf.CsrfFilter
-
The default
RequestMatcher
that indicates if CSRF protection is required or not. - DEFAULT_CSRF_MATCHER - Static variable in class org.springframework.security.web.server.csrf.CsrfWebFilter
- DEFAULT_EXTRACTOR - Static variable in class org.springframework.security.web.util.ThrowableAnalyzer
-
Default extractor for
Throwable
instances. - DEFAULT_FILTER_NAME - Static variable in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
- DEFAULT_LOGIN_PAGE_URL - Static variable in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- DEFAULT_LOGOUT_SUCCESS_URL - Static variable in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
- DEFAULT_PARAMETER - Static variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- DEFAULT_SERIES_LENGTH - Static variable in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME - Static variable in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
-
The default session attribute name to save and load the
SecurityContext
- DEFAULT_TOKEN_LENGTH - Static variable in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- DefaultCsrfToken - Class in org.springframework.security.web.csrf
-
A CSRF token that is used to protect against CSRF attacks.
- DefaultCsrfToken - Class in org.springframework.security.web.server.csrf
-
A CSRF token that is used to protect against CSRF attacks.
- DefaultCsrfToken(String, String, String) - Constructor for class org.springframework.security.web.csrf.DefaultCsrfToken
-
Creates a new instance
- DefaultCsrfToken(String, String, String) - Constructor for class org.springframework.security.web.server.csrf.DefaultCsrfToken
-
Creates a new instance
- DefaultFilterInvocationSecurityMetadataSource - Class in org.springframework.security.web.access.intercept
-
Default implementation of FilterInvocationDefinitionSource.
- DefaultFilterInvocationSecurityMetadataSource(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>) - Constructor for class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
-
Sets the internal request map from the supplied map.
- DefaultHttpFirewall - Class in org.springframework.security.web.firewall
-
User's should consider using
StrictHttpFirewall
because rather than trying to sanitize a malicious URL it rejects the malicious URL providing better security guarantees. - DefaultHttpFirewall() - Constructor for class org.springframework.security.web.firewall.DefaultHttpFirewall
- DefaultLoginPageGeneratingFilter - Class in org.springframework.security.web.authentication.ui
-
For internal use with namespace configuration in the case where a user doesn't configure a login page.
- DefaultLoginPageGeneratingFilter() - Constructor for class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- DefaultLoginPageGeneratingFilter(AbstractAuthenticationProcessingFilter) - Constructor for class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- DefaultLoginPageGeneratingFilter(UsernamePasswordAuthenticationFilter, AbstractAuthenticationProcessingFilter) - Constructor for class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- DefaultLogoutPageGeneratingFilter - Class in org.springframework.security.web.authentication.ui
-
Generates a default log out page.
- DefaultLogoutPageGeneratingFilter() - Constructor for class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
- DefaultRedirectStrategy - Class in org.springframework.security.web
-
Simple implementation of RedirectStrategy which is the default used throughout the framework.
- DefaultRedirectStrategy() - Constructor for class org.springframework.security.web.DefaultRedirectStrategy
- DefaultRequestRejectedHandler - Class in org.springframework.security.web.firewall
-
Default implementation of
RequestRejectedHandler
that simply rethrows the exception. - DefaultRequestRejectedHandler() - Constructor for class org.springframework.security.web.firewall.DefaultRequestRejectedHandler
- DefaultSavedRequest - Class in org.springframework.security.web.savedrequest
-
Represents central information from a
HttpServletRequest
. - DefaultSavedRequest(HttpServletRequest, PortResolver) - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest
- DefaultSavedRequest.Builder - Class in org.springframework.security.web.savedrequest
- DefaultSecurityFilterChain - Class in org.springframework.security.web
-
Standard implementation of
SecurityFilterChain
. - DefaultSecurityFilterChain(RequestMatcher, List<Filter>) - Constructor for class org.springframework.security.web.DefaultSecurityFilterChain
- DefaultSecurityFilterChain(RequestMatcher, Filter...) - Constructor for class org.springframework.security.web.DefaultSecurityFilterChain
- DefaultServerRedirectStrategy - Class in org.springframework.security.web.server
-
The default
ServerRedirectStrategy
to use. - DefaultServerRedirectStrategy() - Constructor for class org.springframework.security.web.server.DefaultServerRedirectStrategy
- DefaultWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access
-
Allows users to determine whether they have privileges for a given web URI.
- DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor) - Constructor for class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
- DefaultWebSecurityExpressionHandler - Class in org.springframework.security.web.access.expression
- DefaultWebSecurityExpressionHandler() - Constructor for class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
- DelegateEntry(ServerWebExchangeMatcher, ServerAccessDeniedHandler) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry
- DelegateEntry(ServerWebExchangeMatcher, ServerAuthenticationEntryPoint) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry
- DelegatingAccessDeniedHandler - Class in org.springframework.security.web.access
-
An
AccessDeniedHandler
that delegates to otherAccessDeniedHandler
instances based upon the type ofAccessDeniedException
passed intoDelegatingAccessDeniedHandler.handle(HttpServletRequest, HttpServletResponse, AccessDeniedException)
. - DelegatingAccessDeniedHandler(LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler>, AccessDeniedHandler) - Constructor for class org.springframework.security.web.access.DelegatingAccessDeniedHandler
-
Creates a new instance
- DelegatingAuthenticationEntryPoint - Class in org.springframework.security.web.authentication
-
An
AuthenticationEntryPoint
which selects a concreteAuthenticationEntryPoint
based on aRequestMatcher
evaluation. - DelegatingAuthenticationEntryPoint(LinkedHashMap<RequestMatcher, AuthenticationEntryPoint>) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
- DelegatingAuthenticationFailureHandler - Class in org.springframework.security.web.authentication
-
An
AuthenticationFailureHandler
that delegates to otherAuthenticationFailureHandler
instances based upon the type ofAuthenticationException
passed intoDelegatingAuthenticationFailureHandler.onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException)
. - DelegatingAuthenticationFailureHandler(LinkedHashMap<Class<? extends AuthenticationException>, AuthenticationFailureHandler>, AuthenticationFailureHandler) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationFailureHandler
-
Creates a new instance
- DelegatingLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout
-
Delegates to logout handlers based on matched request matchers
- DelegatingLogoutSuccessHandler(LinkedHashMap<RequestMatcher, LogoutSuccessHandler>) - Constructor for class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler
- DelegatingReactiveAuthorizationManager - Class in org.springframework.security.web.server.authorization
- DelegatingReactiveAuthorizationManager.Builder - Class in org.springframework.security.web.server.authorization
- DelegatingRequestMatcherHeaderWriter - Class in org.springframework.security.web.header.writers
-
Delegates to the provided
HeaderWriter
whenRequestMatcher.matches(HttpServletRequest)
returns true. - DelegatingRequestMatcherHeaderWriter(RequestMatcher, HeaderWriter) - Constructor for class org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter
-
Creates a new instance
- DelegatingServerAuthenticationEntryPoint - Class in org.springframework.security.web.server
-
A
ServerAuthenticationEntryPoint
which delegates to multipleServerAuthenticationEntryPoint
based on aServerWebExchangeMatcher
- DelegatingServerAuthenticationEntryPoint(List<DelegatingServerAuthenticationEntryPoint.DelegateEntry>) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
- DelegatingServerAuthenticationEntryPoint(DelegatingServerAuthenticationEntryPoint.DelegateEntry...) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
- DelegatingServerAuthenticationEntryPoint.DelegateEntry - Class in org.springframework.security.web.server
- DelegatingServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication
-
Delegates to a collection of
ServerAuthenticationSuccessHandler
implementations. - DelegatingServerAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler...) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler
- DelegatingServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout
-
Delegates to a collection of
ServerLogoutHandler
implementations. - DelegatingServerLogoutHandler(Collection<ServerLogoutHandler>) - Constructor for class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler
- DelegatingServerLogoutHandler(ServerLogoutHandler...) - Constructor for class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler
- DENY - org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
- DENY - org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode
-
A browser receiving content with this header field MUST NOT display this content in any frame.
- destroy() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Not used (we rely on IoC container lifecycle services instead)
- destroy() - Method in class org.springframework.security.web.debug.DebugFilter
- determineCauseChain(Throwable) - Method in class org.springframework.security.web.util.ThrowableAnalyzer
-
Determines the cause chain of the provided
Throwable
. - determineExpiredUrl(HttpServletRequest, SessionInformation) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
-
Deprecated.
- determineTargetUrl(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
Builds the target URL according to the logic defined in the main class Javadoc.
- determineTargetUrl(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
Builds the target URL according to the logic defined in the main class Javadoc
- determineUrlToUseForThisRequest(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
-
Allows subclasses to modify the login form URL that should be applicable for a given request.
- DigestAuthenticationEntryPoint - Class in org.springframework.security.web.authentication.www
-
Used by the
SecurityEnforcementFilter
to commence authentication via theDigestAuthenticationFilter
. - DigestAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- DigestAuthenticationFilter - Class in org.springframework.security.web.authentication.www
-
Processes a HTTP request's Digest authorization headers, putting the result into the
SecurityContextHolder
. - DigestAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- disableOnResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Invoke this method to disable invoking
OnCommittedResponseWrapper.onResponseCommitted()
when theHttpServletResponse
is committed. - disableSaveOnResponseCommitted() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
-
Invoke this method to disable automatic saving of the
SecurityContext
when theHttpServletResponse
is committed. - DispatcherTypeRequestMatcher - Class in org.springframework.security.web.util.matcher
-
Checks the
DispatcherType
to decide whether to match a given request. - DispatcherTypeRequestMatcher(DispatcherType) - Constructor for class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher
-
Creates an instance which matches requests with the provided
DispatcherType
- DispatcherTypeRequestMatcher(DispatcherType, HttpMethod) - Constructor for class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher
-
Creates an instance which matches requests with the provided
DispatcherType
andHttpMethod
- doesRequestMatch(HttpServletRequest, PortResolver) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
-
Determines if the current request matches the
DefaultSavedRequest
. - doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Method that is actually called by the filter chain.
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Invokes the
requiresAuthentication
method to determine whether the request is for authentication and should be handled by this filter. - doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.context.SecurityContextPersistenceFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.debug.DebugFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.FilterChainProxy
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
-
Attempts to obtain and run as a JAAS
Subject
usingJaasApiIntegrationFilter.obtainSubject(ServletRequest)
. - doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.savedrequest.RequestCacheAwareFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.session.SessionManagementFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.csrf.CsrfFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.header.HeaderWriterFilter
E
- ELRequestMatcher - Class in org.springframework.security.web.util.matcher
-
A RequestMatcher implementation which uses a SpEL expression
- ELRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.ELRequestMatcher
- enableHttpSessionEventPublisher() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Override this if
HttpSessionEventPublisher
should be added as a listener. - encodeCookie(String[]) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Inverse operation of decodeCookie.
- encodeRedirectUrl(String) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
- encodeRedirectURL(String) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
- encodeUrl(String) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
- encodeURL(String) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
- Enumerator<T> - Class in org.springframework.security.web.savedrequest
-
Adapter that wraps an
Enumeration
around a Java 2 collectionIterator
. - Enumerator(Collection<T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
-
Return an Enumeration over the values of the specified Collection.
- Enumerator(Collection<T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
-
Return an Enumeration over the values of the specified Collection.
- Enumerator(Iterator<T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
-
Return an Enumeration over the values returned by the specified Iterator.
- Enumerator(Iterator<T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
-
Return an Enumeration over the values returned by the specified Iterator.
- Enumerator(Map<?, T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
-
Return an Enumeration over the values of the specified Map.
- Enumerator(Map<?, T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
-
Return an Enumeration over the values of the specified Map.
- equals(Object) - Method in class org.springframework.security.web.access.intercept.RequestKey
- equals(Object) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
- equals(Object) - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
- equals(Object) - Method in class org.springframework.security.web.header.Header
- equals(Object) - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
- equals(Object) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
- equals(Object) - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
- ERROR_PARAMETER_NAME - Static variable in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- errorOnInvalidType() - Method in annotation type org.springframework.security.web.bind.annotation.AuthenticationPrincipal
-
Deprecated.True if a
ClassCastException
should be thrown when the currentAuthentication.getPrincipal()
is the incorrect type. - escapeEntities(String) - Static method in class org.springframework.security.web.util.TextEscapeUtils
- eventPublisher - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- ExceptionMappingAuthenticationFailureHandler - Class in org.springframework.security.web.authentication
-
Uses the internal map of exceptions types to URLs to determine the destination on authentication failure.
- ExceptionMappingAuthenticationFailureHandler() - Constructor for class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler
- ExceptionTranslationFilter - Class in org.springframework.security.web.access
-
Handles any
AccessDeniedException
andAuthenticationException
thrown within the filter chain. - ExceptionTranslationFilter(AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.access.ExceptionTranslationFilter
- ExceptionTranslationFilter(AuthenticationEntryPoint, RequestCache) - Constructor for class org.springframework.security.web.access.ExceptionTranslationFilter
- ExceptionTranslationWebFilter - Class in org.springframework.security.web.server.authorization
- ExceptionTranslationWebFilter() - Constructor for class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
- EXECUTION_CONTEXTS - org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- EXECUTION_CONTEXTS - org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- exitSwitchUser(WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Attempt to exit from an already switched user.
- EXPIRES_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
-
The value for expires value
- ExpressionBasedFilterInvocationSecurityMetadataSource - Class in org.springframework.security.web.access.expression
-
Expression-based
FilterInvocationSecurityMetadataSource
. - ExpressionBasedFilterInvocationSecurityMetadataSource(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>, SecurityExpressionHandler<FilterInvocation>) - Constructor for class org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource
- extractAttributes(HttpSession) - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy
-
Called to extract the existing attributes from the session, prior to invalidating it.
- extractCause(Throwable) - Method in interface org.springframework.security.web.util.ThrowableCauseExtractor
-
Extracts the cause from the provided
Throwable
. - extractPrincipal(X509Certificate) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
- extractPrincipal(X509Certificate) - Method in interface org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor
-
Returns the principal (usually a String) for the given certificate.
- extractRememberMeCookie(HttpServletRequest) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Locates the Spring Security remember me cookie in the request and returns its value.
- extractUriTemplateVariables(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
-
Deprecated.
- extractUriTemplateVariables(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Deprecated.
- extractUriTemplateVariables(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestVariablesExtractor
-
Deprecated.Extract URL template variables from the request.
F
- FastHttpDateFormat - Class in org.springframework.security.web.savedrequest
-
Utility class to generate HTTP dates.
- FEATURE_POLICY - Static variable in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
- FeaturePolicyHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for Feature Policy.
- FeaturePolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter
-
Create a new instance of
FeaturePolicyHeaderWriter
with supplied security policy directive(s). - FeaturePolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the
Feature-Policy
response header with configured policy directives. - FeaturePolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authorization.AuthorizationWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.context.ReactorContextWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.header.HttpHeaderWriterWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.WebFilterChainProxy
- FilterChainProxy - Class in org.springframework.security.web
-
Delegates
Filter
requests to a list of Spring-managed filter beans. - FilterChainProxy() - Constructor for class org.springframework.security.web.FilterChainProxy
- FilterChainProxy(List<SecurityFilterChain>) - Constructor for class org.springframework.security.web.FilterChainProxy
- FilterChainProxy(SecurityFilterChain) - Constructor for class org.springframework.security.web.FilterChainProxy
- FilterChainProxy.FilterChainValidator - Interface in org.springframework.security.web
- FilterInvocation - Class in org.springframework.security.web
-
Holds objects associated with a HTTP filter.
- FilterInvocation(String, String) - Constructor for class org.springframework.security.web.FilterInvocation
- FilterInvocation(String, String, String) - Constructor for class org.springframework.security.web.FilterInvocation
- FilterInvocation(String, String, String, String, String) - Constructor for class org.springframework.security.web.FilterInvocation
- FilterInvocation(String, String, String, String, String, ServletContext) - Constructor for class org.springframework.security.web.FilterInvocation
- FilterInvocation(String, String, String, ServletContext) - Constructor for class org.springframework.security.web.FilterInvocation
- FilterInvocation(ServletRequest, ServletResponse, FilterChain) - Constructor for class org.springframework.security.web.FilterInvocation
- FilterInvocationSecurityMetadataSource - Interface in org.springframework.security.web.access.intercept
-
Marker interface for
SecurityMetadataSource
implementations that are designed to perform lookups keyed onFilterInvocation
s. - FilterSecurityInterceptor - Class in org.springframework.security.web.access.intercept
-
Performs security handling of HTTP resources via a filter implementation.
- FilterSecurityInterceptor() - Constructor for class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
- findRequiredWebApplicationContext(ServletContext) - Static method in class org.springframework.security.web.context.support.SecurityWebApplicationContextUtils
-
Find a unique
WebApplicationContext
for this web app: either the root web app context (preferred) or a uniqueWebApplicationContext
among the registeredServletContext
attributes (typically coming from a singleDispatcherServlet
in the current web application). - FirewalledRequest - Class in org.springframework.security.web.firewall
-
Request wrapper which is returned by the
HttpFirewall
interface. - FirewalledRequest(HttpServletRequest) - Constructor for class org.springframework.security.web.firewall.FirewalledRequest
-
Constructs a request object wrapping the given request.
- flushBuffer() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Makes sure
OnCommittedResponseWrapper.onResponseCommitted()
is invoked before calling the superclassflushBuffer()
- format - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
HTTP date format.
- formatCache - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Formatter cache.
- formatDate(long, DateFormat) - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Formats a specified date to HTTP format.
- formats - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
The set of SimpleDateFormat formats to use in
getDateHeader()
. - ForwardAuthenticationFailureHandler - Class in org.springframework.security.web.authentication
-
Forward Authentication Failure Handler
- ForwardAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler
- ForwardAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication
-
Forward Authentication Success Handler
- ForwardAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler
- ForwardLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout
-
LogoutSuccessHandler
implementation that will perform a request dispatcher "forward" to the specified target URL. - ForwardLogoutSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.logout.ForwardLogoutSuccessHandler
-
Construct a new
ForwardLogoutSuccessHandler
with the given target URL.
G
- generateNewContext() - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
By default, calls
SecurityContextHolder.createEmptyContext()
to obtain a new context (there should be no context present in the holder when this method is called). - generateSeriesData() - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
- generateToken(HttpServletRequest) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository
-
Generates a
CsrfToken
- generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
- generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository
-
Generates a new token
- generateToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
- generateToken(ServerWebExchange) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository
-
Generates a
CsrfToken
- generateToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
- generateTokenData() - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- get(String) - Static method in enum org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- getAccessDeniedHandler() - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry
- getAllConfigAttributes() - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
- getAllowFromValue(HttpServletRequest) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
-
Deprecated.
- getAllowFromValue(HttpServletRequest) - Method in interface org.springframework.security.web.header.writers.frameoptions.AllowFromStrategy
-
Deprecated.Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
- getAllowFromValue(HttpServletRequest) - Method in class org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy
-
Deprecated.
- getAllowSessionCreation() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- getAttributes(Object) - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
- getAuthenticationConverter() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
- getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- getAuthenticationEntryPoint() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- getAuthenticationEntryPoint() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- getAuthenticationEntryPoint() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- getAuthenticationManager() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- getAuthenticationManager() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- getAuthenticationManagerResolver() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- getAuthenticationTrustResolver() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- getAuthorities() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- getAuthority() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
- getAuthorizationManager() - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
-
Gets the
AuthorizationManager
used by this filter - getChain() - Method in class org.springframework.security.web.FilterInvocation
- getChain() - Method in class org.springframework.security.web.server.WebFilterExchange
-
The filter chain
- getChannelDecisionManager() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
- getChannelProcessors() - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- getComment() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getContextPath() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getCookie() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getCookieName() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- getCookiePath() - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Get the path that the CSRF cookie will be set to.
- getCookies() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getCookies() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getCookies() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getCredentials() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
-
Get the credentials
- getCredentialsCharset() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- getCredentialsCharset(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- getCredentialsCharset(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- getCurrentDate() - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Gets the current date in HTTP format.
- getDate() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
- getDecodedUrlBlacklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Provides the existing decoded url blocklist which can add/remove entries from
- getDecodedUrlBlocklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Provides the existing decoded url blocklist which can add/remove entries from
- getDefaultTargetUrl() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
Supplies the default target Url that will be used if no saved request is found or the
alwaysUseDefaultTargetUrl
property is set to true. - getDispatcherWebApplicationContextSuffix() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Return the <servlet-name> to use the DispatcherServlet's
WebApplicationContext
to find theDelegatingFilterProxy
or null to use the parentApplicationContext
. - getDomain() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getEncodedUrlBlacklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Deprecated.Use
StrictHttpFirewall.getEncodedUrlBlocklist()
instead - getEncodedUrlBlocklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Provides the existing encoded url blocklist which can add/remove entries from
- getEntry() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry
- getEntry() - Method in class org.springframework.security.web.util.matcher.RequestMatcherEntry
- getEntryPoint() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- getEntryPoint() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- getEntryPoint() - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry
- getExchange() - Method in class org.springframework.security.web.server.authorization.AuthorizationContext
- getExchange() - Method in class org.springframework.security.web.server.WebFilterExchange
-
Get the exchange
- getExtraHiddenFields(HttpServletRequest) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
- getExtraHiddenFields(ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
- getFailureHandler() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- getFailureHandler() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- getFilterChainProxy() - Method in class org.springframework.security.web.debug.DebugFilter
- getFilterChains() - Method in class org.springframework.security.web.FilterChainProxy
- getFilters() - Method in class org.springframework.security.web.DefaultSecurityFilterChain
- getFilters() - Method in interface org.springframework.security.web.SecurityFilterChain
- getFilters(String) - Method in class org.springframework.security.web.FilterChainProxy
-
Convenience method, mainly for testing.
- getFirewalledRequest(HttpServletRequest) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall
- getFirewalledRequest(HttpServletRequest) - Method in interface org.springframework.security.web.firewall.HttpFirewall
-
Provides the request object which will be passed through the filter chain.
- getFirewalledRequest(HttpServletRequest) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
- getFirewalledResponse(HttpServletResponse) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall
- getFirewalledResponse(HttpServletResponse) - Method in interface org.springframework.security.web.firewall.HttpFirewall
-
Provides the response which will be passed through the filter chain.
- getFirewalledResponse(HttpServletResponse) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
- getFirstThrowableOfType(Class<? extends Throwable>, Throwable[]) - Method in class org.springframework.security.web.util.ThrowableAnalyzer
-
Returns the first throwable from the passed in array that is assignable to the provided type.
- getFullRequestUrl() - Method in class org.springframework.security.web.FilterInvocation
-
Indicates the URL that the user agent used for this request.
- getGrantedAuthorities() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
- getHeaderName() - Method in interface org.springframework.security.web.csrf.CsrfToken
-
Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter.
- getHeaderName() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken
- getHeaderName() - Method in interface org.springframework.security.web.server.csrf.CsrfToken
-
Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter.
- getHeaderName() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
- getHeaderNames() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getHeaderNames() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getHeaderNames() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getHeaderValue() - Method in enum org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- getHeaderValue() - Method in enum org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- getHeaderValues(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getHeaderValues(String) - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getHeaderValues(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getHttpRequest() - Method in class org.springframework.security.web.FilterInvocation
- getHttpResponse() - Method in class org.springframework.security.web.FilterInvocation
- getId() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent
- getInsecureKeyword() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- getInstance() - Static method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository
- getInstance() - Static method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
- getKey() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- getKey() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- getLocales() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getLocales() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getLocales() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getLoginFormUrl() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- getLoginPageUrl() - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- getMappableAttributes() - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
- getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.RetryWithHttpEntryPoint
- getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint
- getMatcher() - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry
- getMatcher() - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry
- getMatcher() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry
- getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
- getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
- getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
- getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache
-
Returns a wrapper around the saved request, if it matches the current request.
- getMaxAge() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getMaximumSessionsForThisUser(Authentication) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
-
Method intended for use by subclasses to override the maximum number of sessions that are permitted for a particular authentication.
- getMethod() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getMethod() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getMethod() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getName() - Method in class org.springframework.security.web.header.Header
-
Gets the name of the header.
- getName() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getNewSessionId() - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent
-
Getter for the session ID after it was changed.
- getNewSessionId() - Method in class org.springframework.security.web.session.HttpSessionIdChangedEvent
- getNonceValiditySeconds() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- getOldSessionId() - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent
-
Getter for the session ID before it was changed.
- getOldSessionId() - Method in class org.springframework.security.web.session.HttpSessionIdChangedEvent
- getOrder() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
- getOrder() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- getOutputStream() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Makes sure
OnCommittedResponseWrapper.onResponseCommitted()
is invoked before calling the callinggetOutputStream().close()
orgetOutputStream().flush()
- getParameter() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- getParameterMap() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getParameterMap() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getParameterMap() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getParameterName() - Method in interface org.springframework.security.web.csrf.CsrfToken
-
Gets the HTTP parameter name that should contain the token.
- getParameterName() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken
- getParameterName() - Method in interface org.springframework.security.web.server.csrf.CsrfToken
-
Gets the HTTP parameter name that should contain the token.
- getParameterName() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
- getParameterNames() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getParameterValues(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getParameterValues(String) - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getParameterValues(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getPasswordParameter() - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- getPath() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getPathInfo() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getPattern() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
- getPolicy() - Method in enum org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- getPolicy() - Method in enum org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- getPortMapper() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- getPortMapper() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- getPortMapper() - Method in class org.springframework.security.web.PortResolverImpl
- getPortResolver() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- getPortResolver() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Override to extract the credentials (if applicable) from the current request.
- getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter
-
For J2EE container-based authentication there is no generic way to retrieve the credentials, as such this method returns a fixed dummy value.
- getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
-
Credentials aren't usually applicable, but if a
credentialsEnvironmentVariable
is set, this will be read and used as the credentials value. - getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
-
Credentials aren't usually applicable, but if a
credentialsRequestHeader
is set, this will be read and used as the credentials value. - getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter
-
For J2EE container-based authentication there is no generic way to retrieve the credentials, as such this method returns a fixed dummy value.
- getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
- getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Override to extract the principal information from the current request
- getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter
-
Return the J2EE user name.
- getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
-
Read and returns the variable named by
principalEnvironmentVariable
from the request. - getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
-
Read and returns the header named by
principalRequestHeader
from the request. - getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter
-
Return the WebSphere user name.
- getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
- getPrincipal() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- getPrincipal() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
-
Get the principal
- getPrincipal() - Method in class org.springframework.security.web.server.context.SecurityContextServerWebExchange
- getQueryString() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getRealmName() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
- getRealmName() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- getRedirectStrategy() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- getRedirectStrategy() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
- getRedirectStrategy() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
- getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
- getRedirectUri(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache
-
Get the URI that can be redirected to trigger the saved request to be used
- getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
- getRedirectUrl() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
-
Indicates the URL that the user agent used for this request.
- getRedirectUrl() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getRedirectUrl() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getRememberMeServices() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- getRememberMeServices() - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
- getRemoteAddress() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
-
Indicates the TCP/IP address the authentication request was received from.
- getRemoteUser() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
-
Returns the principal's name, as obtained from the
SecurityContextHolder
. - getRequest() - Method in class org.springframework.security.web.access.intercept.RequestAuthorizationContext
-
Returns the
HttpServletRequest
. - getRequest() - Method in class org.springframework.security.web.context.HttpRequestResponseHolder
- getRequest() - Method in class org.springframework.security.web.FilterInvocation
- getRequest() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
- getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
- getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
- getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
- getRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache
-
Returns the saved request, leaving it cached.
- getRequestMatcher() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- getRequestMatcher() - Method in class org.springframework.security.web.DefaultSecurityFilterChain
- getRequestMatcher() - Method in class org.springframework.security.web.util.matcher.RequestMatcherEntry
- getRequestURI() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getRequestUrl() - Method in class org.springframework.security.web.FilterInvocation
-
Obtains the web application-specific fragment of the URL.
- getRequestURL() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getResponse() - Method in class org.springframework.security.web.context.HttpRequestResponseHolder
- getResponse() - Method in class org.springframework.security.web.FilterInvocation
- getResponse() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
- getScheme() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getSecureKeyword() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- getSecureObjectClass() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
- getSecurityContexts() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent
- getSecurityDispatcherTypes() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Get the
DispatcherType
for the springSecurityFilterChain. - getSecurityMetadataSource() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
- getSecurityMetadataSource() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
- getSeries() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
- getServerName() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getServerPort() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getServerPort(ServletRequest) - Method in interface org.springframework.security.web.PortResolver
-
Indicates the port the
ServletRequest
was received on. - getServerPort(ServletRequest) - Method in class org.springframework.security.web.PortResolverImpl
- getServletPath() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getServletPath() - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
- getSession() - Method in class org.springframework.security.web.session.HttpSessionCreatedEvent
- getSession() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent
- getSessionId() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
-
Indicates the
HttpSession
id the authentication request was received from. - getSessionInformation() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
- getSessionTrackingModes() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Determines how a session should be tracked.
- getSource() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
-
Returns the original user associated with a successful user switch.
- getSuccessHandler() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- getSuccessHandler() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- getTargetUrlParameter() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
- getTargetUser() - Method in class org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent
- getToken() - Method in interface org.springframework.security.web.csrf.CsrfToken
-
Gets the token value.
- getToken() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken
- getToken() - Method in interface org.springframework.security.web.server.csrf.CsrfToken
-
Gets the token value.
- getToken() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
- getTokenForSeries(String) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
- getTokenForSeries(String) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
Loads the token data for the supplied series identifier.
- getTokenForSeries(String) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
- getTokenValiditySeconds() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- getTokenValue() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
- getTranslatedPortMappings() - Method in class org.springframework.security.web.PortMapperImpl
-
Returns the translated (Integer -> Integer) version of the original port mapping specified via setHttpsPortMapping()
- getUrl() - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- getUserCache() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- getUserDetailsService() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- getUserDetailsService() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- getUsername() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
- getUsername(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Returns the name of the target user.
- getUsernameParameter() - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- getUserPrincipal() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
-
Returns the
Authentication
(which is a subclass ofPrincipal
), ornull
if unavailable. - getUserRoles(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
-
Obtains the list of user roles based on the current user's JEE roles.
- getValue() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getValues() - Method in class org.springframework.security.web.header.Header
-
Gets the values of the header.
- getVariables() - Method in class org.springframework.security.web.access.intercept.RequestAuthorizationContext
-
Returns the extracted variable values where the key is the variable name and the value is the variable value.
- getVariables() - Method in class org.springframework.security.web.server.authorization.AuthorizationContext
- getVariables() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
-
Gets potential variables and their values
- getVariables() - Method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
-
Returns the extracted variable values where the key is the variable name and the value is the variable value
- getVersion() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getWebFilters() - Method in class org.springframework.security.web.server.MatcherSecurityWebFilterChain
- getWebFilters() - Method in interface org.springframework.security.web.server.SecurityWebFilterChain
-
The
WebFilter
to use - getWriter() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Makes sure
OnCommittedResponseWrapper.onResponseCommitted()
is invoked before calling thegetWriter().close()
orgetWriter().flush()
- gmtZone - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
GMT time zone - all HTTP dates are on GMT
H
- handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in interface org.springframework.security.web.access.AccessDeniedHandler
-
Handles an access denied failure.
- handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.AccessDeniedHandlerImpl
- handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.DelegatingAccessDeniedHandler
- handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingAccessDeniedHandler
- handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.session.InvalidSessionAccessDeniedHandler
- handle(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
Invokes the configured
RedirectStrategy
with the URL returned by thedetermineTargetUrl
method. - handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.DefaultRequestRejectedHandler
- handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler
- handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in interface org.springframework.security.web.firewall.RequestRejectedHandler
-
Handles an request rejected failure.
- handle(ServerWebExchange, AccessDeniedException) - Method in class org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler
- handle(ServerWebExchange, AccessDeniedException) - Method in interface org.springframework.security.web.server.authorization.ServerAccessDeniedHandler
- handle(ServerWebExchange, AccessDeniedException) - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler
- hashCode() - Method in class org.springframework.security.web.access.intercept.RequestKey
- hashCode() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
- hashCode() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
- hashCode() - Method in class org.springframework.security.web.header.Header
- hashCode() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
- hashCode() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
- hashCode() - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
- hasIpAddress(String) - Method in class org.springframework.security.web.access.expression.WebSecurityExpressionRoot
-
Takes a specific IP address or a range using the IP/Netmask (e.g.
- hasMoreElements() - Method in class org.springframework.security.web.savedrequest.Enumerator
-
Tests if this enumeration contains more elements.
- header(String, String...) - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
- Header - Class in org.springframework.security.web.header
-
Represents a Header to be added to the
HttpServletResponse
- Header(String, String...) - Constructor for class org.springframework.security.web.header.Header
-
Creates a new instance
- HeaderWriter - Interface in org.springframework.security.web.header
-
Contract for writing headers to a
HttpServletResponse
- HeaderWriterFilter - Class in org.springframework.security.web.header
-
Filter implementation to add headers to the current response.
- HeaderWriterFilter(List<HeaderWriter>) - Constructor for class org.springframework.security.web.header.HeaderWriterFilter
-
Creates a new instance.
- HeaderWriterLogoutHandler - Class in org.springframework.security.web.authentication.logout
- HeaderWriterLogoutHandler(HeaderWriter) - Constructor for class org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler
-
Constructs a new instance using the passed
HeaderWriter
implementation - HeaderWriterServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout
-
A
ServerLogoutHandler
implementation which writes HTTP headers during logout. - HeaderWriterServerLogoutHandler(ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.authentication.logout.HeaderWriterServerLogoutHandler
-
Constructs a new instance using the
ServerHttpHeadersWriter
implementation. - HpkpHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for HTTP Public Key Pinning (HPKP).
- HpkpHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Creates a new instance
- HpkpHeaderWriter(long) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Creates a new instance
- HpkpHeaderWriter(long, boolean) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Creates a new instance
- HpkpHeaderWriter(long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Creates a new instance
- HstsHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for HTTP Strict Transport Security (HSTS).
- HstsHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- HstsHeaderWriter(boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- HstsHeaderWriter(long) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- HstsHeaderWriter(long, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- HstsHeaderWriter(long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- HstsHeaderWriter(RequestMatcher, long, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- HstsHeaderWriter(RequestMatcher, long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- Http403ForbiddenEntryPoint - Class in org.springframework.security.web.authentication
-
In the pre-authenticated authentication case (unlike CAS, for example) the user will already have been identified through some external mechanism and a secure context established by the time the security-enforcement filter is invoked.
- Http403ForbiddenEntryPoint() - Constructor for class org.springframework.security.web.authentication.Http403ForbiddenEntryPoint
- HttpBasicServerAuthenticationEntryPoint - Class in org.springframework.security.web.server.authentication
-
Prompts a user for HTTP Basic authentication.
- HttpBasicServerAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint
- HttpFirewall - Interface in org.springframework.security.web.firewall
-
Interface which can be used to reject potentially dangerous requests and/or wrap them to control their behaviour.
- HttpHeaderWriterWebFilter - Class in org.springframework.security.web.server.header
-
Invokes a
ServerHttpHeadersWriter
onReactiveHttpOutputMessage.beforeCommit(java.util.function.Supplier)
. - HttpHeaderWriterWebFilter(ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.header.HttpHeaderWriterWebFilter
- HttpRequestResponseHolder - Class in org.springframework.security.web.context
-
Used to pass the incoming request to
SecurityContextRepository.loadContext(HttpRequestResponseHolder)
, allowing the method to swap the request for a wrapped version, as well as returning the SecurityContext value. - HttpRequestResponseHolder(HttpServletRequest, HttpServletResponse) - Constructor for class org.springframework.security.web.context.HttpRequestResponseHolder
- HttpSessionCreatedEvent - Class in org.springframework.security.web.session
-
Published by the
HttpSessionEventPublisher
when anHttpSession
is created by the container - HttpSessionCreatedEvent(HttpSession) - Constructor for class org.springframework.security.web.session.HttpSessionCreatedEvent
- HttpSessionCsrfTokenRepository - Class in org.springframework.security.web.csrf
- HttpSessionCsrfTokenRepository() - Constructor for class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
- HttpSessionDestroyedEvent - Class in org.springframework.security.web.session
-
Published by the
HttpSessionEventPublisher
when a HttpSession is removed from the container - HttpSessionDestroyedEvent(HttpSession) - Constructor for class org.springframework.security.web.session.HttpSessionDestroyedEvent
- HttpSessionEventPublisher - Class in org.springframework.security.web.session
-
Declared in web.xml as
- HttpSessionEventPublisher() - Constructor for class org.springframework.security.web.session.HttpSessionEventPublisher
- HttpSessionIdChangedEvent - Class in org.springframework.security.web.session
-
Published by the
HttpSessionEventPublisher
when anHttpSession
ID is changed. - HttpSessionIdChangedEvent(HttpSession, String) - Constructor for class org.springframework.security.web.session.HttpSessionIdChangedEvent
- HttpSessionRequestCache - Class in org.springframework.security.web.savedrequest
-
RequestCache
which stores theSavedRequest
in the HttpSession. - HttpSessionRequestCache() - Constructor for class org.springframework.security.web.savedrequest.HttpSessionRequestCache
- HttpSessionSecurityContextRepository - Class in org.springframework.security.web.context
-
A
SecurityContextRepository
implementation which stores the security context in theHttpSession
between requests. - HttpSessionSecurityContextRepository() - Constructor for class org.springframework.security.web.context.HttpSessionSecurityContextRepository
- HttpsRedirectWebFilter - Class in org.springframework.security.web.server.transport
-
Redirects any non-HTTPS request to its HTTPS equivalent.
- HttpsRedirectWebFilter() - Constructor for class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
- HttpStatusEntryPoint - Class in org.springframework.security.web.authentication
-
An
AuthenticationEntryPoint
that sends a genericHttpStatus
as a response. - HttpStatusEntryPoint(HttpStatus) - Constructor for class org.springframework.security.web.authentication.HttpStatusEntryPoint
-
Creates a new instance.
- HttpStatusRequestRejectedHandler - Class in org.springframework.security.web.firewall
-
A simple implementation of
RequestRejectedHandler
that sends an error with configurable status code. - HttpStatusRequestRejectedHandler() - Constructor for class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler
-
Constructs an instance which uses
400
as response code. - HttpStatusRequestRejectedHandler(int) - Constructor for class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler
-
Constructs an instance which uses a configurable http code as response.
- HttpStatusReturningLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout
-
Implementation of the
LogoutSuccessHandler
. - HttpStatusReturningLogoutSuccessHandler() - Constructor for class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler
-
Initialize the
HttpStatusLogoutSuccessHandler
with the defaultHttpStatus.OK
. - HttpStatusReturningLogoutSuccessHandler(HttpStatus) - Constructor for class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler
-
Initialize the
HttpStatusLogoutSuccessHandler
with a user-definedHttpStatus
. - HttpStatusReturningServerLogoutSuccessHandler - Class in org.springframework.security.web.server.authentication.logout
-
Implementation of the
ServerLogoutSuccessHandler
. - HttpStatusReturningServerLogoutSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler
-
Initialize the
HttpStatusReturningServerLogoutSuccessHandler
with the defaultHttpStatus.OK
. - HttpStatusReturningServerLogoutSuccessHandler(HttpStatus) - Constructor for class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler
-
Initialize the
HttpStatusReturningServerLogoutSuccessHandler
with a user-definedHttpStatus
. - HttpStatusServerAccessDeniedHandler - Class in org.springframework.security.web.server.authorization
-
Sets the provided HTTP Status when access is denied.
- HttpStatusServerAccessDeniedHandler(HttpStatus) - Constructor for class org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler
-
Creates an instance with the provided status
- HttpStatusServerEntryPoint - Class in org.springframework.security.web.server.authentication
-
A
ServerAuthenticationEntryPoint
that sends a genericHttpStatus
as a response. - HttpStatusServerEntryPoint(HttpStatus) - Constructor for class org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint
I
- init(FilterConfig) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Not used (we rely on IoC container lifecycle services instead)
- init(FilterConfig) - Method in class org.springframework.security.web.debug.DebugFilter
- initDao() - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
- initExtractorMap() - Method in class org.springframework.security.web.util.ThrowableAnalyzer
-
Initializes associations between
Throwable
s andThrowableCauseExtractor
s. - InMemoryTokenRepositoryImpl - Class in org.springframework.security.web.authentication.rememberme
-
Simple PersistentTokenRepository implementation backed by a Map.
- InMemoryTokenRepositoryImpl() - Constructor for class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
- InsecureChannelProcessor - Class in org.springframework.security.web.access.channel
-
Ensures channel security is inactive by review of
HttpServletRequest.isSecure()
responses. - InsecureChannelProcessor() - Constructor for class org.springframework.security.web.access.channel.InsecureChannelProcessor
- insertFilters(ServletContext, Filter...) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Inserts the provided
Filter
s before existingFilter
s using default generated names,AbstractSecurityWebApplicationInitializer.getSecurityDispatcherTypes()
, andAbstractSecurityWebApplicationInitializer.isAsyncSecuritySupported()
. - INSTANCE - Static variable in class org.springframework.security.web.util.matcher.AnyRequestMatcher
- InvalidCookieException - Exception in org.springframework.security.web.authentication.rememberme
-
Exception thrown by a RememberMeServices implementation to indicate that a submitted cookie is of an invalid format or has expired.
- InvalidCookieException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.InvalidCookieException
- InvalidCsrfTokenException - Exception in org.springframework.security.web.csrf
-
Thrown when an expected
CsrfToken
exists, but it does not match the value present on theHttpServletRequest
- InvalidCsrfTokenException(CsrfToken, String) - Constructor for exception org.springframework.security.web.csrf.InvalidCsrfTokenException
- InvalidSessionAccessDeniedHandler - Class in org.springframework.security.web.session
-
An adapter of
InvalidSessionStrategy
toAccessDeniedHandler
- InvalidSessionAccessDeniedHandler(InvalidSessionStrategy) - Constructor for class org.springframework.security.web.session.InvalidSessionAccessDeniedHandler
-
Creates a new instance
- InvalidSessionStrategy - Interface in org.springframework.security.web.session
-
Determines the behaviour of the
SessionManagementFilter
when an invalid session Id is submitted and detected in theSessionManagementFilter
. - INVOCATIONTARGET_EXTRACTOR - Static variable in class org.springframework.security.web.util.ThrowableAnalyzer
-
Default extractor for
InvocationTargetException
instances. - invoke(FilterInvocation) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
- IpAddressMatcher - Class in org.springframework.security.web.util.matcher
-
Matches a request based on IP Address or subnet mask matching against the remote address.
- IpAddressMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.IpAddressMatcher
-
Takes a specific IP address or a range specified using the IP/Netmask (e.g.
- isAbsoluteUrl(String) - Static method in class org.springframework.security.web.util.UrlUtils
-
Decides if a URL is absolute based on whether it contains a valid scheme name, as defined in RFC 1738.
- isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
- isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
-
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
- isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
-
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
- isAllowed(String, String, String, Authentication) - Method in interface org.springframework.security.web.access.WebInvocationPrivilegeEvaluator
-
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
- isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
- isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
-
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
- isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
-
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
- isAllowed(String, Authentication) - Method in interface org.springframework.security.web.access.WebInvocationPrivilegeEvaluator
-
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
- isAllowSessionCreation() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- isAlwaysUseDefaultTargetUrl() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
- isAsyncSecuritySupported() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Determine if the springSecurityFilterChain should be marked as supporting asynch.
- isContextRelative() - Method in class org.springframework.security.web.DefaultRedirectStrategy
-
Returns true, if the redirection URL should be calculated minus the protocol and context path (defaults to false).
- isContextSaved() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
-
Tells if the response wrapper has called
saveContext()
because of this wrapper. - isDisableOnResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Returns true if
OnCommittedResponseWrapper.onResponseCommitted()
will be invoked when the response is committed, else false. - isEnabled() - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- isForceHttps() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- isIgnoreFailure() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- isInvalidateHttpSession() - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
- isMatch() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
- isMatch() - Method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
- isObserveOncePerRequest() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Indicates whether once-per-request handling will be observed.
- isSecure() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- isTokenExpired(long) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
- isUseForward() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- isUseForward() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- isUserInRole(String) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
-
Simple searches for an exactly matching
GrantedAuthority.getAuthority()
. - isValidRedirectUrl(String) - Static method in class org.springframework.security.web.util.UrlUtils
-
Returns true if the supplied URL starts with a "/" or is absolute.
J
- J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource - Class in org.springframework.security.web.authentication.preauth.j2ee
-
Implementation of AuthenticationDetailsSource which converts the user's J2EE roles (as obtained by calling
HttpServletRequest.isUserInRole(String)
) intoGrantedAuthority
s and stores these in the authentication details object. - J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
- j2eeMappableRoles - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
-
The role attributes returned by the configured
MappableAttributesRetriever
- J2eePreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth.j2ee
-
This AbstractPreAuthenticatedProcessingFilter implementation is based on the J2EE container-based authentication mechanism.
- J2eePreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter
- j2eeUserRoles2GrantedAuthoritiesMapper - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
- JaasApiIntegrationFilter - Class in org.springframework.security.web.jaasapi
-
A
Filter
which attempts to obtain a JAASSubject
and continue theFilterChain
running as thatSubject
. - JaasApiIntegrationFilter() - Constructor for class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
- JdbcTokenRepositoryImpl - Class in org.springframework.security.web.authentication.rememberme
-
JDBC based persistent login token repository implementation.
- JdbcTokenRepositoryImpl() - Constructor for class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
L
- LazyCsrfTokenRepository - Class in org.springframework.security.web.csrf
-
A
CsrfTokenRepository
that delays saving newCsrfToken
until the attributes of theCsrfToken
that were generated are accessed. - LazyCsrfTokenRepository(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.LazyCsrfTokenRepository
-
Creates a new instance
- load(ServerWebExchange) - Method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository
- load(ServerWebExchange) - Method in interface org.springframework.security.web.server.context.ServerSecurityContextRepository
-
Loads the SecurityContext associated with the
ServerWebExchange
- load(ServerWebExchange) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
- loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
Gets the security context for the current request (if available) and returns it.
- loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
- loadContext(HttpRequestResponseHolder) - Method in interface org.springframework.security.web.context.SecurityContextRepository
-
Obtains the security context for the supplied request.
- loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
- loadToken(HttpServletRequest) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository
-
Loads the expected
CsrfToken
from theHttpServletRequest
- loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
- loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository
-
Delegates to the injected
CsrfTokenRepository
- loadToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
- loadToken(ServerWebExchange) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository
-
Loads the expected
CsrfToken
from theServerWebExchange
- loadToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
- loadUserDetails(PreAuthenticatedAuthenticationToken) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService
-
Get a UserDetails object based on the user name contained in the given token, and the GrantedAuthorities as returned by the GrantedAuthoritiesContainer implementation as returned by the token.getDetails() method.
- log - Variable in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
-
Deprecated.Logger for use by subclasses
- logger - Static variable in class org.springframework.security.web.access.AccessDeniedHandlerImpl
- logger - Variable in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- logger - Static variable in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
- logger - Variable in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
- logger - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
- logger - Variable in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
- logger - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
- logger - Variable in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
- logger - Variable in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
- logger - Variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- logger - Variable in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
- logger - Variable in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
- logger - Variable in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- logger - Variable in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
- logger - Variable in class org.springframework.security.web.DefaultRedirectStrategy
- logger - Variable in class org.springframework.security.web.savedrequest.CookieRequestCache
- logger - Static variable in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- logger - Variable in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
- logger - Variable in class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter
- loginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
- loginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- loginFail(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.RememberMeServices
-
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.
- LoginPageGeneratingWebFilter - Class in org.springframework.security.web.server.ui
-
Generates a default log in page used for authenticating users.
- LoginPageGeneratingWebFilter() - Constructor for class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
- loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
- loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Called whenever an interactive authentication attempt is successful.
- loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.RememberMeServices
-
Called whenever an interactive authentication attempt is successful.
- LoginUrlAuthenticationEntryPoint - Class in org.springframework.security.web.authentication
-
Used by the
ExceptionTranslationFilter
to commence a form login authentication via theUsernamePasswordAuthenticationFilter
. - LoginUrlAuthenticationEntryPoint(String) - Constructor for class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.logout.LogoutHandler
-
Causes a logout to be completed.
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
-
Requires the request to be passed in.
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Implementation of
LogoutHandler
. - logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.csrf.CsrfLogoutHandler
-
Clears the
CsrfToken
- logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler
- logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.HeaderWriterServerLogoutHandler
- logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler
- logout(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.logout.ServerLogoutHandler
-
Invoked when log out is requested
- logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.csrf.CsrfServerLogoutHandler
-
Clears the
CsrfToken
- LogoutFilter - Class in org.springframework.security.web.authentication.logout
-
Logs a principal out.
- LogoutFilter(String, LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.LogoutFilter
- LogoutFilter(LogoutSuccessHandler, LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.LogoutFilter
-
Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out.
- LogoutHandler - Interface in org.springframework.security.web.authentication.logout
-
Indicates a class that is able to participate in logout handling.
- LogoutPageGeneratingWebFilter - Class in org.springframework.security.web.server.ui
-
Generates a default log out page.
- LogoutPageGeneratingWebFilter() - Constructor for class org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter
- LogoutSuccessEventPublishingLogoutHandler - Class in org.springframework.security.web.authentication.logout
-
A logout handler which publishes
LogoutSuccessEvent
- LogoutSuccessEventPublishingLogoutHandler() - Constructor for class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler
- LogoutSuccessHandler - Interface in org.springframework.security.web.authentication.logout
-
Strategy that is called after a successful logout by the
LogoutFilter
, to handle redirection or forwarding to the appropriate destination. - LogoutWebFilter - Class in org.springframework.security.web.server.authentication.logout
-
If the request matches, logs an authenticated user out by delegating to a
ServerLogoutHandler
. - LogoutWebFilter() - Constructor for class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
- lookupHttpPort(Integer) - Method in interface org.springframework.security.web.PortMapper
-
Locates the HTTP port associated with the specified HTTPS port.
- lookupHttpPort(Integer) - Method in class org.springframework.security.web.PortMapperImpl
- lookupHttpsPort(Integer) - Method in interface org.springframework.security.web.PortMapper
-
Locates the HTTPS port associated with the specified HTTP port.
- lookupHttpsPort(Integer) - Method in class org.springframework.security.web.PortMapperImpl
M
- makeTokenSignature(long, String, String) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
-
Calculates the digital signature to be put in the cookie.
- match() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
-
Creates an instance of
ServerWebExchangeMatcher.MatchResult
that is a match with no variables - match() - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
-
Creates an instance of
RequestMatcher.MatchResult
that is a match with no variables - match(Map<String, Object>) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
-
Creates an instance of
ServerWebExchangeMatcher.MatchResult
that is a match with the specified variables - match(Map<String, String>) - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
-
Creates an instance of
RequestMatcher.MatchResult
that is a match with the specified variables - matcher(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
- matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
- matcher(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestMatcher
-
Returns a MatchResult for this RequestMatcher The default implementation returns
Collections.emptyMap()
whenRequestMatcher.MatchResult.getVariables()
is invoked. - matchers(ServerWebExchangeMatcher...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
-
Creates a matcher that will match on any of the provided matchers
- MatcherSecurityWebFilterChain - Class in org.springframework.security.web.server
-
A
SecurityWebFilterChain
that leverages aServerWebExchangeMatcher
to determine whichWebFilter
to execute. - MatcherSecurityWebFilterChain(ServerWebExchangeMatcher, List<WebFilter>) - Constructor for class org.springframework.security.web.server.MatcherSecurityWebFilterChain
- matches(String) - Method in class org.springframework.security.web.util.matcher.IpAddressMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.DefaultSecurityFilterChain
- matches(HttpServletRequest) - Method in interface org.springframework.security.web.SecurityFilterChain
- matches(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AndRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Returns true if the configured pattern (and HTTP-Method) match those of the supplied request.
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher
-
Performs the match against the request's method and dispatcher type.
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.IpAddressMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.NegatedRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.OrRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.RegexRequestMatcher
-
Performs the match of the request URL (
servletPath + pathInfo + queryString
) against the compiled pattern. - matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher
- matches(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestMatcher
-
Decides whether the rule implemented by the strategy matches the supplied request.
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.MatcherSecurityWebFilterChain
- matches(ServerWebExchange) - Method in interface org.springframework.security.web.server.SecurityWebFilterChain
-
Determines if this
SecurityWebFilterChain
matches the providedServerWebExchange
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
- matches(ServerWebExchange) - Method in interface org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher
-
Determines if a request matches or not
- MediaTypeRequestMatcher - Class in org.springframework.security.web.util.matcher
-
Allows matching
HttpServletRequest
based upon theMediaType
's resolved from aContentNegotiationStrategy
. - MediaTypeRequestMatcher(Collection<MediaType>) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
-
Creates an instance
- MediaTypeRequestMatcher(MediaType...) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
-
Creates an instance
- MediaTypeRequestMatcher(ContentNegotiationStrategy, Collection<MediaType>) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
-
Creates an instance
- MediaTypeRequestMatcher(ContentNegotiationStrategy, MediaType...) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
-
Creates an instance
- MediaTypeServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
-
Matches based upon the accept headers.
- MediaTypeServerWebExchangeMatcher(Collection<MediaType>) - Constructor for class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
-
Creates a new instance
- MediaTypeServerWebExchangeMatcher(MediaType...) - Constructor for class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
-
Creates a new instance
- messages - Variable in class org.springframework.security.web.access.ExceptionTranslationFilter
- messages - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- messages - Variable in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
- messages - Variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- messages - Variable in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
- messages - Variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- messages - Variable in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- MissingCsrfTokenException - Exception in org.springframework.security.web.csrf
-
Thrown when no expected
CsrfToken
is found but is required. - MissingCsrfTokenException(String) - Constructor for exception org.springframework.security.web.csrf.MissingCsrfTokenException
- modifyGrantedAuthorities(UserDetails, Authentication, Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.web.authentication.switchuser.SwitchUserAuthorityChanger
-
Allow subclasses to add or remove authorities that will be granted when in switch user mode.
- MvcRequestMatcher - Class in org.springframework.security.web.servlet.util.matcher
-
A
RequestMatcher
that uses Spring MVC'sHandlerMappingIntrospector
to match the path and extract variables. - MvcRequestMatcher(HandlerMappingIntrospector, String) - Constructor for class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
N
- NegatedRequestMatcher - Class in org.springframework.security.web.util.matcher
-
A
RequestMatcher
that will negate theRequestMatcher
passed in. - NegatedRequestMatcher(RequestMatcher) - Constructor for class org.springframework.security.web.util.matcher.NegatedRequestMatcher
-
Creates a new instance
- NegatedServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
-
Negates the provided matcher.
- NegatedServerWebExchangeMatcher(ServerWebExchangeMatcher) - Constructor for class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher
- nextElement() - Method in class org.springframework.security.web.savedrequest.Enumerator
-
Returns the next element of this enumeration if this enumeration has at least one more element to provide.
- NO_REFERRER - org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- NO_REFERRER - org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- NO_REFERRER_WHEN_DOWNGRADE - org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- NO_REFERRER_WHEN_DOWNGRADE - org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- NonceExpiredException - Exception in org.springframework.security.web.authentication.www
-
Thrown if an authentication request is rejected because the digest nonce has expired.
- NonceExpiredException(String) - Constructor for exception org.springframework.security.web.authentication.www.NonceExpiredException
-
Constructs a
NonceExpiredException
with the specified message. - NonceExpiredException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.www.NonceExpiredException
-
Constructs a
NonceExpiredException
with the specified message and root cause. - NoOpServerRequestCache - Class in org.springframework.security.web.server.savedrequest
-
An implementation of
ServerRequestCache
that does nothing. - NoOpServerSecurityContextRepository - Class in org.springframework.security.web.server.context
-
A do nothing implementation of
ServerSecurityContextRepository
. - NOSNIFF - Static variable in class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
- NOSNIFF - Static variable in class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter
- notMatch() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
-
Creates an instance of
ServerWebExchangeMatcher.MatchResult
that is not a match. - notMatch() - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
-
Creates an instance of
RequestMatcher.MatchResult
that is not a match. - NullAuthenticatedSessionStrategy - Class in org.springframework.security.web.authentication.session
- NullAuthenticatedSessionStrategy() - Constructor for class org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
- NullEventPublisher() - Constructor for class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher
- NullRememberMeServices - Class in org.springframework.security.web.authentication
-
Implementation of
NullRememberMeServices
that does nothing. - NullRememberMeServices() - Constructor for class org.springframework.security.web.authentication.NullRememberMeServices
- NullRequestCache - Class in org.springframework.security.web.savedrequest
-
Null implementation of RequestCache.
- NullRequestCache() - Constructor for class org.springframework.security.web.savedrequest.NullRequestCache
- NullSecurityContextRepository - Class in org.springframework.security.web.context
- NullSecurityContextRepository() - Constructor for class org.springframework.security.web.context.NullSecurityContextRepository
O
- obtainPassword(HttpServletRequest) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
Enables subclasses to override the composition of the password, such as by including additional values and a separator.
- obtainSecurityMetadataSource() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
- obtainSubject(ServletRequest) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
-
Obtains the
Subject
to run as ornull
if noSubject
is available. - obtainUsername(HttpServletRequest) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
Enables subclasses to override the composition of the username, such as by including additional values and a separator.
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
-
Called when a user is newly authenticated.
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
-
In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy
-
In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
-
Performs Http session-related functionality when a new authentication occurs.
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.CsrfAuthenticationStrategy
- onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler
- onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in interface org.springframework.security.web.authentication.AuthenticationFailureHandler
-
Called when an authentication attempt fails.
- onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationFailureHandler
- onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler
- onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler
- onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
-
Performs the redirect or forward to the
defaultFailureUrl
if set, otherwise returns a 401 error code. - onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler
- onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler
- onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler
-
Invoked when authentication attempt fails
- onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - Method in interface org.springframework.security.web.authentication.AuthenticationSuccessHandler
-
Called when a user has been successfully authenticated.
- onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.AuthenticationSuccessHandler
-
Called when a user has been successfully authenticated.
- onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler
- onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
- onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
-
Calls the parent class
handle()
method to forward or redirect to the target URL, and then callsclearAuthenticationAttributes()
to remove any leftover session data. - onAuthenticationSuccess(Authentication, WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
- onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler
- onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
- onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler
-
Invoked when the application authenticates successfully
- onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.WebFilterChainServerAuthenticationSuccessHandler
- OnCommittedResponseWrapper - Class in org.springframework.security.web.util
-
Base class for response wrappers which encapsulate the logic for handling an event when the
HttpServletResponse
is committed. - OnCommittedResponseWrapper(HttpServletResponse) - Constructor for class org.springframework.security.web.util.OnCommittedResponseWrapper
- onExpiredSessionDetected(SessionInformationExpiredEvent) - Method in interface org.springframework.security.web.session.SessionInformationExpiredStrategy
- onExpiredSessionDetected(SessionInformationExpiredEvent) - Method in class org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy
- onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.session.InvalidSessionStrategy
- onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy
- onLoginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Called from loginSuccess when a remember-me login has been requested.
- onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
-
Creates a new persistent login token with a new series number, stores the data in the persistent token repository and adds the corresponding cookie to the response.
- onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
- onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler
- onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.ForwardLogoutSuccessHandler
- onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler
- onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.logout.LogoutSuccessHandler
- onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler
- onLogoutSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler
- onLogoutSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
- onLogoutSuccess(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler
-
Invoked after log out was successful
- onResponseCommitted() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
-
Calls
saveContext()
with the current contents of the SecurityContextHolder as long as()
was not invoked. - onResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Implement the logic for handling the
HttpServletResponse
being committed - onSessionChange(String, HttpSession, Authentication) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
-
Called when the session has been changed and the old attributes have been migrated to the new session.
- onStartup(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
- onSuccessfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
-
Called if a remember-me token is presented and successfully authenticated by the
RememberMeServices
autoLogin
method and theAuthenticationManager
. - onSuccessfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- onUnsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
-
Called if the
AuthenticationManager
rejects the authentication object returned from theRememberMeServices
autoLogin
method. - onUnsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- org.springframework.security.web - package org.springframework.security.web
-
Spring Security's web security module.
- org.springframework.security.web.access - package org.springframework.security.web.access
-
Access-control related classes and packages.
- org.springframework.security.web.access.channel - package org.springframework.security.web.access.channel
-
Classes that ensure web requests are received over required transport channels.
- org.springframework.security.web.access.expression - package org.springframework.security.web.access.expression
-
Implementation of web security expressions.
- org.springframework.security.web.access.intercept - package org.springframework.security.web.access.intercept
-
Enforcement of security for HTTP requests, typically by the URL requested.
- org.springframework.security.web.authentication - package org.springframework.security.web.authentication
-
Authentication processing mechanisms, which respond to the submission of authentication credentials using various protocols (eg BASIC, CAS, form login etc).
- org.springframework.security.web.authentication.logout - package org.springframework.security.web.authentication.logout
-
Logout functionality based around a filter which handles a specific logout URL.
- org.springframework.security.web.authentication.preauth - package org.springframework.security.web.authentication.preauth
-
Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming request has already been authenticated by some externally configured system.
- org.springframework.security.web.authentication.preauth.j2ee - package org.springframework.security.web.authentication.preauth.j2ee
-
Pre-authentication support for container-authenticated requests.
- org.springframework.security.web.authentication.preauth.websphere - package org.springframework.security.web.authentication.preauth.websphere
-
Websphere-specific pre-authentication classes.
- org.springframework.security.web.authentication.preauth.x509 - package org.springframework.security.web.authentication.preauth.x509
-
X.509 client certificate authentication support.
- org.springframework.security.web.authentication.rememberme - package org.springframework.security.web.authentication.rememberme
-
Support for remembering a user between different web sessions.
- org.springframework.security.web.authentication.session - package org.springframework.security.web.authentication.session
-
Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.
- org.springframework.security.web.authentication.switchuser - package org.springframework.security.web.authentication.switchuser
-
Provides HTTP-based "switch user" (su) capabilities.
- org.springframework.security.web.authentication.ui - package org.springframework.security.web.authentication.ui
-
Authentication user-interface rendering code.
- org.springframework.security.web.authentication.www - package org.springframework.security.web.authentication.www
-
WWW-Authenticate based authentication mechanism implementations: Basic and Digest authentication.
- org.springframework.security.web.bind.annotation - package org.springframework.security.web.bind.annotation
- org.springframework.security.web.bind.support - package org.springframework.security.web.bind.support
- org.springframework.security.web.context - package org.springframework.security.web.context
-
Classes which are responsible for maintaining the security context between HTTP requests.
- org.springframework.security.web.context.request.async - package org.springframework.security.web.context.request.async
- org.springframework.security.web.context.support - package org.springframework.security.web.context.support
- org.springframework.security.web.csrf - package org.springframework.security.web.csrf
- org.springframework.security.web.debug - package org.springframework.security.web.debug
- org.springframework.security.web.firewall - package org.springframework.security.web.firewall
- org.springframework.security.web.header - package org.springframework.security.web.header
- org.springframework.security.web.header.writers - package org.springframework.security.web.header.writers
- org.springframework.security.web.header.writers.frameoptions - package org.springframework.security.web.header.writers.frameoptions
- org.springframework.security.web.http - package org.springframework.security.web.http
- org.springframework.security.web.jaasapi - package org.springframework.security.web.jaasapi
-
Makes a JAAS Subject available as the current Subject.
- org.springframework.security.web.jackson2 - package org.springframework.security.web.jackson2
-
Mix-in classes to provide Jackson serialization support.
- org.springframework.security.web.method.annotation - package org.springframework.security.web.method.annotation
- org.springframework.security.web.reactive.result.method.annotation - package org.springframework.security.web.reactive.result.method.annotation
- org.springframework.security.web.reactive.result.view - package org.springframework.security.web.reactive.result.view
- org.springframework.security.web.savedrequest - package org.springframework.security.web.savedrequest
-
Classes related to the caching of an
HttpServletRequest
which requires authentication. - org.springframework.security.web.server - package org.springframework.security.web.server
- org.springframework.security.web.server.authentication - package org.springframework.security.web.server.authentication
- org.springframework.security.web.server.authentication.logout - package org.springframework.security.web.server.authentication.logout
- org.springframework.security.web.server.authorization - package org.springframework.security.web.server.authorization
- org.springframework.security.web.server.context - package org.springframework.security.web.server.context
- org.springframework.security.web.server.csrf - package org.springframework.security.web.server.csrf
- org.springframework.security.web.server.header - package org.springframework.security.web.server.header
- org.springframework.security.web.server.jackson2 - package org.springframework.security.web.server.jackson2
- org.springframework.security.web.server.savedrequest - package org.springframework.security.web.server.savedrequest
- org.springframework.security.web.server.transport - package org.springframework.security.web.server.transport
- org.springframework.security.web.server.ui - package org.springframework.security.web.server.ui
- org.springframework.security.web.server.util.matcher - package org.springframework.security.web.server.util.matcher
- org.springframework.security.web.servlet.support.csrf - package org.springframework.security.web.servlet.support.csrf
- org.springframework.security.web.servlet.util.matcher - package org.springframework.security.web.servlet.util.matcher
- org.springframework.security.web.servletapi - package org.springframework.security.web.servletapi
-
Populates a Servlet request with a new Spring Security compliant
HttpServletRequestWrapper
. - org.springframework.security.web.session - package org.springframework.security.web.session
-
Session management filters,
HttpSession
events and publisher classes. - org.springframework.security.web.util - package org.springframework.security.web.util
-
Web utility classes.
- org.springframework.security.web.util.matcher - package org.springframework.security.web.util.matcher
- ORIGIN - org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- ORIGIN - org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- ORIGIN_WHEN_CROSS_ORIGIN - org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- ORIGIN_WHEN_CROSS_ORIGIN - org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- OrRequestMatcher - Class in org.springframework.security.web.util.matcher
-
RequestMatcher
that will return true if any of the passed inRequestMatcher
instances match. - OrRequestMatcher(List<RequestMatcher>) - Constructor for class org.springframework.security.web.util.matcher.OrRequestMatcher
-
Creates a new instance
- OrRequestMatcher(RequestMatcher...) - Constructor for class org.springframework.security.web.util.matcher.OrRequestMatcher
-
Creates a new instance
- OrServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
-
Matches if any of the provided
ServerWebExchangeMatcher
match - OrServerWebExchangeMatcher(List<ServerWebExchangeMatcher>) - Constructor for class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
- OrServerWebExchangeMatcher(ServerWebExchangeMatcher...) - Constructor for class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
P
- parseCache - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Parser cache.
- parseDate(String, DateFormat[]) - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Tries to parse the given date as an HTTP date.
- pathMatchers(String...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
-
Creates a matcher that matches on any of the provided patterns.
- pathMatchers(HttpMethod, String...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
-
Creates a matcher that matches on the specific method and any of the provided patterns.
- PathPatternParserServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
-
Matches if the
PathPattern
matches the path within the application. - PathPatternParserServerWebExchangeMatcher(String) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
- PathPatternParserServerWebExchangeMatcher(String, HttpMethod) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
- PathPatternParserServerWebExchangeMatcher(PathPattern) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
- PathPatternParserServerWebExchangeMatcher(PathPattern, HttpMethod) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
- PERMISSIONS_POLICY - Static variable in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
- PermissionsPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for Permisisons Policy.
- PermissionsPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
-
Create a new instance of
PermissionsPolicyHeaderWriter
. - PermissionsPolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
-
Create a new instance of
PermissionsPolicyHeaderWriter
with supplied security policy. - PermissionsPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the
Permissions-Policy
response header with configured policy directives. - PermissionsPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
- PersistentRememberMeToken - Class in org.springframework.security.web.authentication.rememberme
- PersistentRememberMeToken(String, String, String, Date) - Constructor for class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
- PersistentTokenBasedRememberMeServices - Class in org.springframework.security.web.authentication.rememberme
-
RememberMeServices
implementation based on Barry Jaspan's Improved Persistent Login Cookie Best Practice. - PersistentTokenBasedRememberMeServices(String, UserDetailsService, PersistentTokenRepository) - Constructor for class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- PersistentTokenRepository - Interface in org.springframework.security.web.authentication.rememberme
-
The abstraction used by
PersistentTokenBasedRememberMeServices
to store the persistent login tokens for a user. - PortMapper - Interface in org.springframework.security.web
-
PortMapper
implementations provide callers with information about which HTTP ports are associated with which HTTPS ports on the system, and vice versa. - PortMapperImpl - Class in org.springframework.security.web
-
Concrete implementation of
PortMapper
that obtains HTTP:HTTPS pairs from the application context. - PortMapperImpl() - Constructor for class org.springframework.security.web.PortMapperImpl
- PortResolver - Interface in org.springframework.security.web
-
A
PortResolver
determines the port a web request was received on. - PortResolverImpl - Class in org.springframework.security.web
-
Concrete implementation of
PortResolver
that obtains the port from ServletRequest.getServerPort(). - PortResolverImpl() - Constructor for class org.springframework.security.web.PortResolverImpl
- postProcess(NativeWebRequest, Callable<T>, Object) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
- PRAGMA_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
-
The value for pragma value
- PreAuthenticatedAuthenticationProvider - Class in org.springframework.security.web.authentication.preauth
-
Processes a pre-authenticated authentication request.
- PreAuthenticatedAuthenticationProvider() - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
- PreAuthenticatedAuthenticationToken - Class in org.springframework.security.web.authentication.preauth
-
Authentication
implementation for pre-authenticated authentication. - PreAuthenticatedAuthenticationToken(Object, Object) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
-
Constructor used for an authentication request.
- PreAuthenticatedAuthenticationToken(Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
-
Constructor used for an authentication response.
- PreAuthenticatedCredentialsNotFoundException - Exception in org.springframework.security.web.authentication.preauth
- PreAuthenticatedCredentialsNotFoundException(String) - Constructor for exception org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException
- PreAuthenticatedCredentialsNotFoundException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException
- PreAuthenticatedGrantedAuthoritiesUserDetailsService - Class in org.springframework.security.web.authentication.preauth
-
This AuthenticationUserDetailsService implementation creates a UserDetails object based solely on the information contained in the given PreAuthenticatedAuthenticationToken.
- PreAuthenticatedGrantedAuthoritiesUserDetailsService() - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService
- PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails - Class in org.springframework.security.web.authentication.preauth
-
This WebAuthenticationDetails implementation allows for storing a list of pre-authenticated Granted Authorities.
- PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(HttpServletRequest, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
- preProcess(NativeWebRequest, Callable<T>) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
- principalChanged(HttpServletRequest, Authentication) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Determines if the current principal has changed.
- processAction(HttpServletRequest, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
- processAction(HttpServletRequest, String, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
- processAction(ServerWebExchange, String, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
- processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Called from autoLogin to process the submitted persistent login cookie.
- processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
-
Locates the presented cookie data in the token repository, using the series id.
- processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
- processFormFieldValue(HttpServletRequest, String, String, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
- processFormFieldValue(ServerWebExchange, String, String, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
- processUrl(HttpServletRequest, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
- processUrl(ServerWebExchange, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
- publishEvent(Object) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher
- publishEvent(ApplicationEvent) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher
R
- ReactivePreAuthenticatedAuthenticationManager - Class in org.springframework.security.web.server.authentication
-
Reactive version of
PreAuthenticatedAuthenticationProvider
This manager receives aPreAuthenticatedAuthenticationToken
, checks that associated account is not disabled, expired, or blocked, and returns new authenticatedPreAuthenticatedAuthenticationToken
. - ReactivePreAuthenticatedAuthenticationManager(ReactiveUserDetailsService) - Constructor for class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
- ReactivePreAuthenticatedAuthenticationManager(ReactiveUserDetailsService, UserDetailsChecker) - Constructor for class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
- ReactorContextWebFilter - Class in org.springframework.security.web.server.context
-
Uses a
ServerSecurityContextRepository
to provide theSecurityContext
to initialize theReactiveSecurityContextHolder
. - ReactorContextWebFilter(ServerSecurityContextRepository) - Constructor for class org.springframework.security.web.server.context.ReactorContextWebFilter
- RedirectServerAuthenticationEntryPoint - Class in org.springframework.security.web.server.authentication
-
Performs a redirect to a specified location.
- RedirectServerAuthenticationEntryPoint(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
-
Creates an instance
- RedirectServerAuthenticationFailureHandler - Class in org.springframework.security.web.server.authentication
-
Performs a redirect to a specified location.
- RedirectServerAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler
-
Creates an instance
- RedirectServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication
-
Performs a redirect on authentication success.
- RedirectServerAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
-
Creates a new instance with location of "/"
- RedirectServerAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
-
Creates a new instance with the specified location
- RedirectServerLogoutSuccessHandler - Class in org.springframework.security.web.server.authentication.logout
-
Performs a redirect on log out success.
- RedirectServerLogoutSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
- RedirectStrategy - Interface in org.springframework.security.web
-
Encapsulates the redirection logic for all classes in the framework which perform redirects.
- RedirectUrlBuilder - Class in org.springframework.security.web.util
-
Internal class for building redirect URLs.
- RedirectUrlBuilder() - Constructor for class org.springframework.security.web.util.RedirectUrlBuilder
- REFERRER_POLICY - Static variable in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
- ReferrerPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for Referrer Policy.
- ReferrerPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
-
Creates a new instance.
- ReferrerPolicyHeaderWriter(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Constructor for class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
-
Creates a new instance.
- ReferrerPolicyHeaderWriter.ReferrerPolicy - Enum in org.springframework.security.web.header.writers
- ReferrerPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the
Referrer-Policy
response header. - ReferrerPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
- ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy - Enum in org.springframework.security.web.server.header
- RegExpAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- RegExpAllowFromStrategy(String) - Constructor for class org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy
-
Deprecated.Creates a new instance
- RegexRequestMatcher - Class in org.springframework.security.web.util.matcher
-
Uses a regular expression to decide whether a supplied the URL of a supplied
HttpServletRequest
. - RegexRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.RegexRequestMatcher
-
Creates a case-sensitive
Pattern
instance to match against the request. - RegexRequestMatcher(String, String, boolean) - Constructor for class org.springframework.security.web.util.matcher.RegexRequestMatcher
-
As above, but allows setting of whether case-insensitive matching should be used.
- registerExtractor(Class<? extends Throwable>, ThrowableCauseExtractor) - Method in class org.springframework.security.web.util.ThrowableAnalyzer
-
Registers a
ThrowableCauseExtractor
for the specified type. - RegisterSessionAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
-
Strategy used to register a user with the
SessionRegistry
after successfulAuthentication
. - RegisterSessionAuthenticationStrategy(SessionRegistry) - Constructor for class org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy
- RememberMeAuthenticationException - Exception in org.springframework.security.web.authentication.rememberme
-
This exception is thrown when an
Authentication
exception occurs while using the remember-me authentication. - RememberMeAuthenticationException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException
-
Constructs an
RememberMeAuthenticationException
with the specified message and no root cause. - RememberMeAuthenticationException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException
-
Constructs a
RememberMeAuthenticationException
with the specified message and root cause. - RememberMeAuthenticationFilter - Class in org.springframework.security.web.authentication.rememberme
-
Detects if there is no
Authentication
object in theSecurityContext
, and populates the context with a remember-me authentication token if aRememberMeServices
implementation so requests. - RememberMeAuthenticationFilter(AuthenticationManager, RememberMeServices) - Constructor for class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
- rememberMeRequested(HttpServletRequest, String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Allows customization of whether a remember-me login has been requested.
- RememberMeServices - Interface in org.springframework.security.web.authentication
-
Implement by a class that is capable of providing a remember-me service.
- removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
- removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
- removeMatchingRequest(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache
-
If the provided
ServerWebExchange
matches the savedServerHttpRequest
gets the savedServerHttpRequest
- removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
- removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
- removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
- removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
- removeRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache
-
Removes the cached request.
- removeUserTokens(String) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
- removeUserTokens(String) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
- removeUserTokens(String) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
- request - Variable in class org.springframework.security.web.access.expression.WebSecurityExpressionRoot
-
Allows direct access to the request object
- RequestAttributeAuthenticationFilter - Class in org.springframework.security.web.authentication.preauth
-
A simple pre-authenticated filter which obtains the username from request attributes, for use with SSO systems such as Stanford WebAuth or Shibboleth.
- RequestAttributeAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
- RequestAuthorizationContext - Class in org.springframework.security.web.access.intercept
-
An
HttpServletRequest
authorization context. - RequestAuthorizationContext(HttpServletRequest) - Constructor for class org.springframework.security.web.access.intercept.RequestAuthorizationContext
-
Creates an instance.
- RequestAuthorizationContext(HttpServletRequest, Map<String, String>) - Constructor for class org.springframework.security.web.access.intercept.RequestAuthorizationContext
-
Creates an instance.
- RequestCache - Interface in org.springframework.security.web.savedrequest
-
Implements "saved request" logic, allowing a single request to be retrieved and restarted after redirecting to an authentication mechanism.
- RequestCacheAwareFilter - Class in org.springframework.security.web.savedrequest
-
Responsible for reconstituting the saved request if one is cached and it matches the current request.
- RequestCacheAwareFilter() - Constructor for class org.springframework.security.web.savedrequest.RequestCacheAwareFilter
- RequestCacheAwareFilter(RequestCache) - Constructor for class org.springframework.security.web.savedrequest.RequestCacheAwareFilter
- RequestHeaderAuthenticationFilter - Class in org.springframework.security.web.authentication.preauth
-
A simple pre-authenticated filter which obtains the username from a request header, for use with systems such as CA Siteminder.
- RequestHeaderAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
- RequestHeaderRequestMatcher - Class in org.springframework.security.web.util.matcher
-
A
RequestMatcher
that can be used to match request that contain a header with an expected header name and an expected value. - RequestHeaderRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher
-
Creates a new instance that will match if a header by the name of
RequestHeaderRequestMatcher.expectedHeaderName
is present. - RequestHeaderRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher
-
Creates a new instance that will match if a header by the name of
RequestHeaderRequestMatcher.expectedHeaderName
is present and if theRequestHeaderRequestMatcher.expectedHeaderValue
is non-null the first value is the same. - RequestKey - Class in org.springframework.security.web.access.intercept
- RequestKey(String) - Constructor for class org.springframework.security.web.access.intercept.RequestKey
- RequestKey(String, String) - Constructor for class org.springframework.security.web.access.intercept.RequestKey
- RequestMatcher - Interface in org.springframework.security.web.util.matcher
-
Simple strategy to match an HttpServletRequest.
- RequestMatcher.MatchResult - Class in org.springframework.security.web.util.matcher
-
The result of matching against an HttpServletRequest Contains the status, true or false, of the match and if present, any variables extracted from the match
- RequestMatcherDelegatingAccessDeniedHandler - Class in org.springframework.security.web.access
-
An
AccessDeniedHandler
that delegates to otherAccessDeniedHandler
instances based upon the type ofHttpServletRequest
passed intoRequestMatcherDelegatingAccessDeniedHandler.handle(HttpServletRequest, HttpServletResponse, AccessDeniedException)
. - RequestMatcherDelegatingAccessDeniedHandler(LinkedHashMap<RequestMatcher, AccessDeniedHandler>, AccessDeniedHandler) - Constructor for class org.springframework.security.web.access.RequestMatcherDelegatingAccessDeniedHandler
-
Creates a new instance
- RequestMatcherDelegatingAuthorizationManager - Class in org.springframework.security.web.access.intercept
-
An
AuthorizationManager
which delegates to a specificAuthorizationManager
based on aRequestMatcher
evaluation. - RequestMatcherDelegatingAuthorizationManager.Builder - Class in org.springframework.security.web.access.intercept
-
A builder for
RequestMatcherDelegatingAuthorizationManager
. - RequestMatcherDelegatingWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access
-
A
WebInvocationPrivilegeEvaluator
which delegates to a list ofWebInvocationPrivilegeEvaluator
based on aRequestMatcher
evaluation - RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(List<RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>>>) - Constructor for class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
- RequestMatcherEditor - Class in org.springframework.security.web.util.matcher
-
PropertyEditor which creates ELRequestMatcher instances from Strings This allows to use a String in a BeanDefinition instead of an (inner) bean if a RequestMatcher is required, e.g.
- RequestMatcherEditor() - Constructor for class org.springframework.security.web.util.matcher.RequestMatcherEditor
- RequestMatcherEntry<T> - Class in org.springframework.security.web.util.matcher
-
A rich object for associating a
RequestMatcher
to another object. - RequestMatcherEntry(RequestMatcher, T) - Constructor for class org.springframework.security.web.util.matcher.RequestMatcherEntry
- RequestRejectedException - Exception in org.springframework.security.web.firewall
- RequestRejectedException(String) - Constructor for exception org.springframework.security.web.firewall.RequestRejectedException
- RequestRejectedHandler - Interface in org.springframework.security.web.firewall
-
Used by
FilterChainProxy
to handle anRequestRejectedException
. - RequestVariablesExtractor - Interface in org.springframework.security.web.util.matcher
-
Deprecated.
- requiresAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Indicates whether this filter should attempt to process a login request for the current invocation.
- requiresExitUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Checks the request URI for the presence of exitUserUrl.
- requiresLogout(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
-
Allow subclasses to modify when a logout should take place.
- requiresSwitchUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Checks the request URI for the presence of switchUserUrl.
- reset() - Method in class org.springframework.security.web.firewall.FirewalledRequest
-
This method will be called once the request has passed through the security filter chain, when it is about to proceed to the application proper.
- resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
-
Deprecated.
- resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
- resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver
- resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
- resolveArgument(MethodParameter, BindingContext, ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
- resolveArgument(MethodParameter, BindingContext, ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
- retrievePassword(Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
- retrieveUserName(Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
- RetryWithHttpEntryPoint - Class in org.springframework.security.web.access.channel
-
Commences an insecure channel by retrying the original request using HTTP.
- RetryWithHttpEntryPoint() - Constructor for class org.springframework.security.web.access.channel.RetryWithHttpEntryPoint
- RetryWithHttpsEntryPoint - Class in org.springframework.security.web.access.channel
-
Commences a secure channel by retrying the original request using HTTPS.
- RetryWithHttpsEntryPoint() - Constructor for class org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint
- ROLE_PREVIOUS_ADMINISTRATOR - Static variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- ROLE_PREVIOUS_ADMINISTRATOR - Static variable in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
S
- SAME_ORIGIN - org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- SAME_ORIGIN - org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- SAMEORIGIN - org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
- SAMEORIGIN - org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode
-
A browser receiving content with this header field MUST NOT display this content in any frame from a page of different origin than the content itself.
- save(ServerWebExchange, SecurityContext) - Method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository
- save(ServerWebExchange, SecurityContext) - Method in interface org.springframework.security.web.server.context.ServerSecurityContextRepository
-
Saves the SecurityContext
- save(ServerWebExchange, SecurityContext) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
- saveContext(SecurityContext) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
-
Implements the logic for storing the security context.
- saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
- saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
- saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.context.SecurityContextRepository
-
Stores the security context on completion of a request.
- SaveContextOnUpdateOrErrorResponseWrapper - Class in org.springframework.security.web.context
-
Base class for response wrappers which encapsulate the logic for storing a security context and which store the
SecurityContext
when asendError()
,sendRedirect
,getOutputStream().close()
,getOutputStream().flush()
,getWriter().close()
, orgetWriter().flush()
happens on the same thread that thisSaveContextOnUpdateOrErrorResponseWrapper
was created. - SaveContextOnUpdateOrErrorResponseWrapper(HttpServletResponse, boolean) - Constructor for class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
- SavedCookie - Class in org.springframework.security.web.savedrequest
-
Stores off the values of a cookie in a serializable holder
- SavedCookie(String, String, String, String, int, String, boolean, int) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie
- SavedCookie(Cookie) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie
- SavedRequest - Interface in org.springframework.security.web.savedrequest
-
Encapsulates the functionality required of a cached request for both an authentication mechanism (typically form-based login) to redirect to the original URL and for a RequestCache to build a wrapped request, reproducing the original request data.
- SavedRequestAwareAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication
-
An authentication success strategy which can make use of the
DefaultSavedRequest
which may have been stored in the session by theExceptionTranslationFilter
. - SavedRequestAwareAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
- saveException(HttpServletRequest, AuthenticationException) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
-
Caches the
AuthenticationException
for use in view rendering. - saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
- saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
-
Stores the current request, provided the configuration properties allow it.
- saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
- saveRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache
-
Caches the current request for later retrieval, once authentication has taken place.
- saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
- saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
- saveRequest(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache
-
Save the
ServerHttpRequest
- saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
- saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
- saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository
- saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
- saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository
-
Does nothing if the
CsrfToken
is not null. - saveToken(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
- saveToken(ServerWebExchange, CsrfToken) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository
-
Saves the
CsrfToken
using theServerWebExchange
. - saveToken(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
- SecureChannelProcessor - Class in org.springframework.security.web.access.channel
-
Ensures channel security is active by review of
HttpServletRequest.isSecure()
responses. - SecureChannelProcessor() - Constructor for class org.springframework.security.web.access.channel.SecureChannelProcessor
- SecurityContextCallableProcessingInterceptor - Class in org.springframework.security.web.context.request.async
-
Allows for integration with Spring MVC's
Callable
support. - SecurityContextCallableProcessingInterceptor() - Constructor for class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
-
Create a new
SecurityContextCallableProcessingInterceptor
that uses theSecurityContext
from theSecurityContextHolder
at the timeSecurityContextCallableProcessingInterceptor.beforeConcurrentHandling(NativeWebRequest, Callable)
is invoked. - SecurityContextCallableProcessingInterceptor(SecurityContext) - Constructor for class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
-
Creates a new
SecurityContextCallableProcessingInterceptor
with the specifiedSecurityContext
. - SecurityContextHolderAwareRequestFilter - Class in org.springframework.security.web.servletapi
-
A
Filter
which populates theServletRequest
with a request wrapper which implements the servlet API security methods. - SecurityContextHolderAwareRequestFilter() - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
- SecurityContextHolderAwareRequestWrapper - Class in org.springframework.security.web.servletapi
-
A Spring Security-aware
HttpServletRequestWrapper
, which uses theSecurityContext
-definedAuthentication
object to implement the servlet API security methods:SecurityContextHolderAwareRequestWrapper.getUserPrincipal()
SecurityContextHolderAwareRequestWrapper.isUserInRole(String)
HttpServletRequestWrapper.getRemoteUser()
. - SecurityContextHolderAwareRequestWrapper(HttpServletRequest, String) - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
-
Creates a new instance with
AuthenticationTrustResolverImpl
. - SecurityContextHolderAwareRequestWrapper(HttpServletRequest, AuthenticationTrustResolver, String) - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
-
Creates a new instance
- SecurityContextLogoutHandler - Class in org.springframework.security.web.authentication.logout
-
Performs a logout by modifying the
SecurityContextHolder
. - SecurityContextLogoutHandler() - Constructor for class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
- SecurityContextPersistenceFilter - Class in org.springframework.security.web.context
-
Populates the
SecurityContextHolder
with information obtained from the configuredSecurityContextRepository
prior to the request and stores it back in the repository once the request has completed and clearing the context holder. - SecurityContextPersistenceFilter() - Constructor for class org.springframework.security.web.context.SecurityContextPersistenceFilter
- SecurityContextPersistenceFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.context.SecurityContextPersistenceFilter
- SecurityContextRepository - Interface in org.springframework.security.web.context
-
Strategy used for persisting a
SecurityContext
between requests. - SecurityContextServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout
-
A
ServerLogoutHandler
which removes the SecurityContext using the providedServerSecurityContextRepository
- SecurityContextServerLogoutHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler
- SecurityContextServerWebExchange - Class in org.springframework.security.web.server.context
-
Overrides the
ServerWebExchange.getPrincipal()
with the provided SecurityContext - SecurityContextServerWebExchange(ServerWebExchange, Mono<SecurityContext>) - Constructor for class org.springframework.security.web.server.context.SecurityContextServerWebExchange
- SecurityContextServerWebExchangeWebFilter - Class in org.springframework.security.web.server.context
-
Override the
ServerWebExchange.getPrincipal()
to be looked up usingReactiveSecurityContextHolder
. - SecurityContextServerWebExchangeWebFilter() - Constructor for class org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter
- SecurityFilterChain - Interface in org.springframework.security.web
-
Defines a filter chain which is capable of being matched against an
HttpServletRequest
. - SecurityHeaders - Class in org.springframework.security.web.http
-
Utilities for interacting with
HttpHeaders
- SecurityWebApplicationContextUtils - Class in org.springframework.security.web.context.support
-
Spring Security extension to Spring's
WebApplicationContextUtils
. - SecurityWebApplicationContextUtils() - Constructor for class org.springframework.security.web.context.support.SecurityWebApplicationContextUtils
- SecurityWebFilterChain - Interface in org.springframework.security.web.server
-
Defines a filter chain which is capable of being matched against a
ServerWebExchange
in order to decide whether it applies to that request. - sendError(int) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Makes sure
OnCommittedResponseWrapper.onResponseCommitted()
is invoked before calling the superclasssendError()
- sendError(int, String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Makes sure
OnCommittedResponseWrapper.onResponseCommitted()
is invoked before calling the superclasssendError()
- sendRedirect(String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Makes sure
OnCommittedResponseWrapper.onResponseCommitted()
is invoked before calling the superclasssendRedirect()
- sendRedirect(HttpServletRequest, HttpServletResponse, String) - Method in class org.springframework.security.web.DefaultRedirectStrategy
-
Redirects the response to the supplied URL.
- sendRedirect(HttpServletRequest, HttpServletResponse, String) - Method in interface org.springframework.security.web.RedirectStrategy
-
Performs a redirect to the supplied URL
- sendRedirect(ServerWebExchange, URI) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy
- sendRedirect(ServerWebExchange, URI) - Method in interface org.springframework.security.web.server.ServerRedirectStrategy
-
Performs a redirect based upon the provided
ServerWebExchange
andURI
- sendStartAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, AuthenticationException) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- ServerAccessDeniedHandler - Interface in org.springframework.security.web.server.authorization
- ServerAuthenticationConverter - Interface in org.springframework.security.web.server.authentication
-
A strategy used for converting from a
ServerWebExchange
to anAuthentication
used for authenticating with a providedReactiveAuthenticationManager
. - ServerAuthenticationEntryPoint - Interface in org.springframework.security.web.server
-
Used to request authentication
- ServerAuthenticationEntryPointFailureHandler - Class in org.springframework.security.web.server.authentication
-
Adapts a
ServerAuthenticationEntryPoint
into aServerAuthenticationFailureHandler
- ServerAuthenticationEntryPointFailureHandler(ServerAuthenticationEntryPoint) - Constructor for class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler
- ServerAuthenticationFailureHandler - Interface in org.springframework.security.web.server.authentication
-
Handles authentication failure
- ServerAuthenticationSuccessHandler - Interface in org.springframework.security.web.server.authentication
-
Handles authentication success
- ServerCsrfTokenRepository - Interface in org.springframework.security.web.server.csrf
-
An API to allow changing the method in which the expected
CsrfToken
is associated to theServerWebExchange
. - ServerFormLoginAuthenticationConverter - Class in org.springframework.security.web.server.authentication
-
Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form data HTTP parameters.
- ServerFormLoginAuthenticationConverter - Class in org.springframework.security.web.server
-
Deprecated.use
ServerFormLoginAuthenticationConverter
instead. - ServerFormLoginAuthenticationConverter() - Constructor for class org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter
- ServerFormLoginAuthenticationConverter() - Constructor for class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
-
Deprecated.
- ServerHttpBasicAuthenticationConverter - Class in org.springframework.security.web.server.authentication
-
Converts from a
ServerWebExchange
to anAuthentication
that can be authenticated. - ServerHttpBasicAuthenticationConverter - Class in org.springframework.security.web.server
-
Deprecated.Use
ServerHttpBasicAuthenticationConverter
instead. - ServerHttpBasicAuthenticationConverter() - Constructor for class org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter
- ServerHttpBasicAuthenticationConverter() - Constructor for class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
-
Deprecated.
- ServerHttpHeadersWriter - Interface in org.springframework.security.web.server.header
-
Interface for writing headers just before the response is committed.
- ServerLogoutHandler - Interface in org.springframework.security.web.server.authentication.logout
-
Handles log out
- ServerLogoutSuccessHandler - Interface in org.springframework.security.web.server.authentication.logout
-
Strategy for when log out was successfully performed (typically after
ServerLogoutHandler
is invoked). - ServerRedirectStrategy - Interface in org.springframework.security.web.server
-
A strategy for performing redirects.
- ServerRequestCache - Interface in org.springframework.security.web.server.savedrequest
-
Saves a
ServerHttpRequest
so it can be "replayed" later. - ServerRequestCacheWebFilter - Class in org.springframework.security.web.server.savedrequest
-
A
WebFilter
that replays any matching request inServerRequestCache
- ServerRequestCacheWebFilter() - Constructor for class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter
- ServerSecurityContextRepository - Interface in org.springframework.security.web.server.context
-
Strategy used for persisting a
SecurityContext
between requests. - ServerWebExchangeDelegatingServerAccessDeniedHandler - Class in org.springframework.security.web.server.authorization
-
A
ServerAccessDeniedHandler
which delegates to multipleServerAccessDeniedHandler
s based on aServerWebExchangeMatcher
- ServerWebExchangeDelegatingServerAccessDeniedHandler(List<ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry>) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler
-
Creates a new instance
- ServerWebExchangeDelegatingServerAccessDeniedHandler(ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry...) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler
-
Creates a new instance
- ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry - Class in org.springframework.security.web.server.authorization
- ServerWebExchangeMatcher - Interface in org.springframework.security.web.server.util.matcher
-
An interface for determining if a
ServerWebExchangeMatcher
matches. - ServerWebExchangeMatcher.MatchResult - Class in org.springframework.security.web.server.util.matcher
-
The result of matching
- ServerWebExchangeMatcherEntry<T> - Class in org.springframework.security.web.server.util.matcher
-
A rich object for associating a
ServerWebExchangeMatcher
to another object. - ServerWebExchangeMatcherEntry(ServerWebExchangeMatcher, T) - Constructor for class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry
- ServerWebExchangeMatchers - Class in org.springframework.security.web.server.util.matcher
-
Provides factory methods for creating common
ServerWebExchangeMatcher
- ServerX509AuthenticationConverter - Class in org.springframework.security.web.server.authentication
-
Converts from a
SslInfo
provided by a request to anPreAuthenticatedAuthenticationToken
that can be authenticated. - ServerX509AuthenticationConverter(X509PrincipalExtractor) - Constructor for class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter
- SessionAuthenticationException - Exception in org.springframework.security.web.authentication.session
-
Thrown by an SessionAuthenticationStrategy to indicate that an authentication object is not valid for the current session, typically because the same user has exceeded the number of sessions they are allowed to have concurrently.
- SessionAuthenticationException(String) - Constructor for exception org.springframework.security.web.authentication.session.SessionAuthenticationException
- SessionAuthenticationStrategy - Interface in org.springframework.security.web.authentication.session
-
Allows pluggable support for HttpSession-related behaviour when an authentication occurs.
- sessionCreated(HttpSessionEvent) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher
-
Handles the HttpSessionEvent by publishing a
HttpSessionCreatedEvent
to the application appContext. - sessionDestroyed(HttpSessionEvent) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher
-
Handles the HttpSessionEvent by publishing a
HttpSessionDestroyedEvent
to the application appContext. - SessionFixationProtectionEvent - Class in org.springframework.security.web.authentication.session
-
Indicates a session ID was changed for the purposes of session fixation protection.
- SessionFixationProtectionEvent(Authentication, String, String) - Constructor for class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent
-
Constructs a new session fixation protection event.
- SessionFixationProtectionStrategy - Class in org.springframework.security.web.authentication.session
-
Uses
HttpServletRequest.invalidate()
to protect against session fixation attacks. - SessionFixationProtectionStrategy() - Constructor for class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy
- sessionIdChanged(HttpSessionEvent, String) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher
- SessionInformationExpiredEvent - Class in org.springframework.security.web.session
-
An event for when a
SessionInformation
is expired. - SessionInformationExpiredEvent(SessionInformation, HttpServletRequest, HttpServletResponse) - Constructor for class org.springframework.security.web.session.SessionInformationExpiredEvent
-
Creates a new instance
- SessionInformationExpiredStrategy - Interface in org.springframework.security.web.session
-
Determines the behaviour of the
ConcurrentSessionFilter
when an expired session is detected in theConcurrentSessionFilter
. - SessionManagementFilter - Class in org.springframework.security.web.session
-
Detects that a user has been authenticated since the start of the request and, if they have, calls the configured
SessionAuthenticationStrategy
to perform any session-related activity such as activating session-fixation protection mechanisms or checking for multiple concurrent logins. - SessionManagementFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.session.SessionManagementFilter
- SessionManagementFilter(SecurityContextRepository, SessionAuthenticationStrategy) - Constructor for class org.springframework.security.web.session.SessionManagementFilter
- setAccessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- setAccessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.web.csrf.CsrfFilter
-
Specifies a
AccessDeniedHandler
that should be used when CSRF protection fails. - setAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
-
Sets the access denied handler.
- setAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
- setAllowBackSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a backslash "\" or a URL encoded backslash "%5C" should be allowed in the path or not.
- setAllowedHeaderNames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines which header names should be allowed.
- setAllowedHeaderValues(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines which header values should be allowed.
- setAllowedHostnames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines which hostnames should be allowed.
- setAllowedHttpMethods(Collection<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines which HTTP methods should be allowed.
- setAllowedParameterNames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines which parameter names should be allowed.
- setAllowedParameterValues(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines which parameter values should be allowed.
- setAllowFromParameterName(String) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
-
Deprecated.Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.
- setAllowNull(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a null "\0" or a URL encoded nul "%00" should be allowed in the path or not.
- setAllowSemicolon(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if semicolon is allowed in the URL (i.e.
- setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
If set to true (the default), a session will be created (if required) to store the security context if it is determined that its contents are different from the default empty context value.
- setAllowUrlEncodedCarriageReturn(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a URL encoded Carriage Return is allowed in the path or not.
- setAllowUrlEncodedDoubleSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if double slash "//" that is URL encoded "%2F%2F" should be allowed in the path or not.
- setAllowUrlEncodedLineFeed(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a URL encoded Line Feed is allowed in the path or not.
- setAllowUrlEncodedLineSeparator(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a URL encoded line separator is allowed in the path or not.
- setAllowUrlEncodedParagraphSeparator(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a URL encoded paragraph separator is allowed in the path or not.
- setAllowUrlEncodedPercent(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a percent "%" that is URL encoded "%25" should be allowed in the path or not.
- setAllowUrlEncodedPeriod(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a period "." that is URL encoded "%2E" should be allowed in the path or not.
- setAllowUrlEncodedSlash(boolean) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall
-
Sets if the application should allow a URL encoded slash character.
- setAllowUrlEncodedSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a slash "/" that is URL encoded "%2F" should be allowed in the path or not.
- setAlwaysCreateSession(boolean) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
- setAlwaysRemember(boolean) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setAlwaysUseDefaultTargetUrl(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
If
true
, will always redirect to the value ofdefaultTargetUrl
(defaults tofalse
). - setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler
- setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
- setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
- setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
-
Sets the
ApplicationEventPublisher
to use for submittingSessionFixationProtectionEvent
. - setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- setAsText(String) - Method in class org.springframework.security.web.util.matcher.RequestMatcherEditor
- setAuthenticationConverter(Function<ServerWebExchange, Mono<Authentication>>) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Deprecated.As of 5.1 in favor of
AuthenticationWebFilter.setServerAuthenticationConverter(ServerAuthenticationConverter)
- setAuthenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- setAuthenticationEntryPoint(DigestAuthenticationEntryPoint) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- setAuthenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
-
Sets the
AuthenticationEntryPoint
used when integratingHttpServletRequest
with Servlet 3 APIs. - setAuthenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
-
Sets the authentication entry point used when authentication is required
- setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Sets the strategy used to handle a failed authentication.
- setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.session.SessionManagementFilter
-
The handler which will be invoked if the AuthenticatedSessionStrategy raises a SessionAuthenticationException, indicating that the user is not allowed to be authenticated for this session (typically because they already have too many sessions open).
- setAuthenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Sets the failure handler used when authentication fails.
- setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
- setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
-
Sets the
AuthenticationManager
used when integratingHttpServletRequest
with Servlet 3 APIs. - setAuthenticationManagerResolver(AuthenticationManagerResolver<HttpServletRequest>) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Sets the strategy used to handle a successful authentication.
- setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Sets the strategy used to handle a successful authentication.
- setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
-
Allows control over the destination a remembered user is sent to when they are successfully authenticated.
- setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Sets the authentication success handler.
- setAuthenticationTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- setAuthenticationUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
-
Sets the
BeanResolver
to be used on the expressions - setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
-
Set the
BeanResolver
to be used on the expressions - setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
-
Sets the
BeanResolver
to be used on the expressions - setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
-
Sets the
BeanResolver
to be used on the expressions - setBlock(boolean) - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
-
If false, will not specify the mode as blocked.
- setBlock(boolean) - Method in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
-
If false, will not specify the mode as blocked.
- setChannelDecisionManager(ChannelDecisionManager) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
- setChannelProcessors(List<?>) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- setCheckForPrincipalChanges(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
If set, the pre-authenticated principal will be checked on each request and compared against the name of the current Authentication object.
- setClearAuthentication(boolean) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
-
If true, removes the
Authentication
from theSecurityContext
to prevent issues with concurrent requests. - setContentLength(int) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
- setContentLengthLong(long) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
- setContextPath(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setContextPath(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setContextRelative(boolean) - Method in class org.springframework.security.web.DefaultRedirectStrategy
-
If true, causes any redirection URLs to be calculated minus the protocol and context path (defaults to false).
- setContextRelative(boolean) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy
-
Sets if the location is relative to the context.
- setContinueChainBeforeSuccessfulAuthentication(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Indicates if the filter chain should be continued prior to delegation to
AbstractAuthenticationProcessingFilter.successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication)
, which may be useful in certain environment (such as Tapestry applications). - setContinueFilterChainOnUnsuccessfulAuthentication(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
If set to
true
(the default), anyAuthenticationException
raised by theAuthenticationManager
will be swallowed, and the request will be allowed to proceed, potentially using alternative authentication mechanisms. - setCookie(String[], int, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Sets the cookie on the response.
- setCookieDomain(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setCookieDomain(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Sets the domain of the cookie that the expected CSRF token is saved to and read from.
- setCookieDomain(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Sets the cookie domain
- setCookieHttpOnly(boolean) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Sets the HttpOnly attribute on the cookie containing the CSRF token.
- setCookieHttpOnly(boolean) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Sets the HttpOnly attribute on the cookie containing the CSRF token
- setCookieMaxAge(int) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Sets maximum age in seconds for the cookie that the expected CSRF token is saved to and read from.
- setCookieName(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setCookieName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Sets the name of the cookie that the expected CSRF token is saved to and read from.
- setCookieName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Sets the cookie name
- setCookiePath(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Set the path that the Cookie will be created with.
- setCookiePath(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Sets the cookie path
- setCookies(List<Cookie>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- setCookies(List<SavedCookie>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setCreateAuthenticatedToken(boolean) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
-
If you set this property, the Authentication object, which is created after the successful digest authentication will be marked as authenticated and filled with the authorities loaded by the UserDetailsService.
- setCreateEmptySubject(boolean) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
-
Sets
createEmptySubject
. - setCreateNewSession(boolean) - Method in class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy
-
Determines whether a new session should be created before redirecting (to avoid possible looping issues where the same session ID is sent with the redirected request).
- setCreateSessionAllowed(boolean) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
-
If
true
, indicates that it is permitted to store the target URL and exception information in a newHttpSession
(the default). - setCreateTableOnStartup(boolean) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
Intended for convenience in debugging.
- setCredentialsCharset(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- setCredentialsCharset(Charset) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- setCredentialsEnvironmentVariable(String) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
- setCredentialsRequestHeader(String) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
- setCsrfTokenRepository(ServerCsrfTokenRepository) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
- setDefaultAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler
-
Use this
ServerAccessDeniedHandler
when noServerWebExchangeMatcher
matches. - setDefaultEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
-
EntryPoint which is used when no RequestMatcher returned true
- setDefaultEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
-
EntryPoint which is used when no RequestMatcher returned true
- setDefaultFailureUrl(String) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
-
The URL which will be used as the failure destination.
- setDefaultLogoutSuccessHandler(LogoutSuccessHandler) - Method in class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler
-
Sets the default
LogoutSuccessHandler
if no other handlers available - setDefaultRolePrefix(String) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
-
Sets the default prefix to be added to
SecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
. - setDefaultTargetUrl(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
Supplies the default target Url that will be used if no saved request is found in the session, or the
alwaysUseDefaultTargetUrl
property is set to true. - setDetails(HttpServletRequest, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
Provided so that subclasses may configure what is put into the authentication request's details property.
- setDisableUrlRewriting(boolean) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
Allows the use of session identifiers in URLs to be disabled.
- setEnabled(boolean) - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
-
If true, will contain a value of 1.
- setEnabled(boolean) - Method in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
-
If true, will contain a value of 1.
- setEntryPoint(ChannelEntryPoint) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- setEntryPoint(ChannelEntryPoint) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- setErrorPage(String) - Method in class org.springframework.security.web.access.AccessDeniedHandlerImpl
-
The error page to use.
- setExceptionIfHeaderMissing(boolean) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
-
Defines whether an exception should be raised if the principal header is missing.
- setExceptionIfMaximumExceeded(boolean) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
-
Sets the exceptionIfMaximumExceeded property, which determines whether the user should be prevented from opening more sessions than allowed.
- setExceptionIfVariableMissing(boolean) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
-
Defines whether an exception should be raised if the principal variable is missing.
- setExceptionMappings(Map<?, ?>) - Method in class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler
-
Sets the map of exception types (by name) to URLs.
- setExitUserMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Set the matcher to respond to exit user processing.
- setExitUserMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Set the matcher to respond to exit user processing.
- setExitUserUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Set the URL to respond to exit user processing.
- setExitUserUrl(String) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Set the URL to respond to exit user processing.
- setExpressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter
- setFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- setFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Used to define custom behaviour when a switch fails.
- setFailureUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setFilterChainValidator(FilterChainProxy.FilterChainValidator) - Method in class org.springframework.security.web.FilterChainProxy
-
Used (internally) to specify a validation strategy for the filters in each configured chain.
- setFilterProcessesUrl(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Sets the URL that determines if authentication is required
- setFilterProcessesUrl(String) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
- setFirewall(HttpFirewall) - Method in class org.springframework.security.web.FilterChainProxy
-
Sets the "firewall" implementation which will be used to validate and wrap (or potentially reject) the incoming requests.
- setForceEagerSessionCreation(boolean) - Method in class org.springframework.security.web.context.SecurityContextPersistenceFilter
- setForceHttps(boolean) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
-
Set to true to force login form access to be via https.
- setFormLoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setFormLoginEnabled(boolean) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
- setHeaderName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Sets the name of the HTTP header that should be used to provide the token.
- setHeaderName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
- setHeaderName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Sets the header name
- setHeaderName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
- setHeaders(Map<String, List<String>>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setHeaders(Map<String, List<String>>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- setHttpStatus(HttpStatus) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy
-
The
HttpStatus
to use for the redirect. - setIgnoredMediaTypes(Set<MediaType>) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
-
Set the
MediaType
to ignore from theContentNegotiationStrategy
. - setIgnoredMediaTypes(Set<MediaType>) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
-
Set the
MediaType
to ignore from theContentNegotiationStrategy
. - setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
If true, the pinning policy applies to this pinned host as well as any subdomains of the host's domain name.
- setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
-
If true, subdomains should be considered HSTS Hosts too.
- setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
-
Sets if subdomains should be included.
- setInsecureKeyword(String) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- setInvalidateHttpSession(boolean) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
-
Causes the
HttpSession
to be invalidated when thisLogoutHandler
is invoked. - setInvalidateSessionOnPrincipalChange(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
If checkForPrincipalChanges is set, and a change of principal is detected, determines whether any existing session should be invalidated before proceeding to authenticate the new principal.
- setInvalidSessionStrategy(InvalidSessionStrategy) - Method in class org.springframework.security.web.session.SessionManagementFilter
-
Sets the strategy which will be invoked instead of allowing the filter chain to proceed, if the user agent requests an invalid session ID.
- setKey(String) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- setLocales(List<Locale>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setLocales(List<Locale>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- setLocation(URI) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
-
Where the user is redirected to upon authentication success
- setLoginPageUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setLogoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
-
Sets the
ServerLogoutHandler
. - setLogoutHandlers(List<LogoutHandler>) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
-
Sets the
LogoutHandler
s used when integrating withHttpServletRequest
with Servlet 3 APIs. - setLogoutHandlers(List<LogoutHandler>) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
-
Set list of
LogoutHandler
- setLogoutHandlers(LogoutHandler[]) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
- setLogoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
- setLogoutSuccessHandler(ServerLogoutSuccessHandler) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
-
Sets the
ServerLogoutSuccessHandler
. - setLogoutSuccessUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setLogoutSuccessUrl(URI) - Method in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
-
The URL to redirect to after successfully logging out.
- setMappableRolesRetriever(MappableAttributesRetriever) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
- setMaxAge(Duration) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
-
Sets the max age of the header.
- setMaxAgeInSeconds(long) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header.
- setMaxAgeInSeconds(long) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.
- setMaximumSessions(int) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
-
Sets the maxSessions property.
- setMessageSource(MessageSource) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
- setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
-
Sets the
MessageSource
used for reporting errors back to the user when the user has exceeded the maximum number of authentications. - setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- setMethod(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setMethod(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- setMethod(HttpMethod) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
- setMigrateSessionAttributes(boolean) - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy
-
Defines whether attributes should be migrated to a new session or not.
- setMode(XFrameOptionsServerHttpHeadersWriter.Mode) - Method in class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
-
Sets the X-Frame-Options mode.
- setNonceValiditySeconds(int) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- setOauth2AuthenticationUrlToClientName(Map<String, String>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setOauth2AuthenticationUrlToClientName(Map<String, String>) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
- setOauth2LoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setObserveOncePerRequest(boolean) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
- setOpenIDauthenticationUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setOpenIdEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setOpenIDusernameParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setOrder(int) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
- setOrder(int) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- setParameter(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Sets the name of the parameter which should be checked for to see if a remember-me has been requested during a login request.
- setParameterName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Sets the name of the HTTP request parameter that should be used to provide a token.
- setParameterName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
-
Sets the
HttpServletRequest
parameter name that theCsrfToken
is expected to appear on - setParameterName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Sets the parameter name
- setParameterName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
-
Sets the
HttpServletRequest
parameter name that theCsrfToken
is expected to appear on - setParameters(Map<String, String[]>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setParameters(Map<String, String[]>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- setPasswordAlreadyEncoded(boolean) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- setPasswordParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setPasswordParameter(String) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
Sets the parameter name which will be used to obtain the password from the login request..
- setPasswordParameter(String) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
-
Deprecated.The parameter name of the form data to extract the password
- setPathInfo(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setPathInfo(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setPins(Map<String, String>) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Sets the value for the pin- directive of the Public-Key-Pins header.
- setPolicy(String) - Method in class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
-
Sets the policy to be used in the response header.
- setPolicy(String) - Method in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
-
Set the policy to be used in the response header.
- setPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
-
Sets the policy to be used in the response header.
- setPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
-
Set the policy to be used in the response header.
- setPolicyDirectives(String) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
-
Sets the security policy directive(s) to be used in the response header.
- setPolicyDirectives(String) - Method in class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter
-
Set the security policy directive(s) to be used in the response header.
- setPolicyDirectives(String) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
-
Set the policy directive(s) to be used in the response header.
- setPolicyDirectives(String) - Method in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
-
Set the policy directive(s) to be used in the response header.
- setPort(int) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setPortMapper(PortMapper) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- setPortMapper(PortMapper) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- setPortMapper(PortMapper) - Method in class org.springframework.security.web.PortResolverImpl
- setPortMapper(PortMapper) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
-
Use this
PortMapper
for mapping custom ports - setPortMappings(Map<String, String>) - Method in class org.springframework.security.web.PortMapperImpl
-
Set to override the default HTTP port to HTTPS port mappings of 80:443, and 8080:8443.
- setPortResolver(PortResolver) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- setPortResolver(PortResolver) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- setPortResolver(PortResolver) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
- setPostOnly(boolean) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
Defines whether only HTTP POST requests will be allowed by this filter.
- setPreAuthenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
Set the AuthenticatedUserDetailsService to be used to load the
UserDetails
for the authenticated user. - setPreload(boolean) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
-
If true, preload will be included in HSTS Header.
- setPreload(boolean) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
-
Sets if preload should be included.
- setPrincipalEnvironmentVariable(String) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
- setPrincipalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
- setPrincipalRequestHeader(String) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
- setQuery(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setQueryString(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setRealm(String) - Method in class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint
-
Sets the realm to be used
- setRealmName(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
- setRealmName(String) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
-
Sets the strategy to be used for redirecting to the required channel URL.
- setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
Allows overriding of the behaviour when redirecting to a target URL.
- setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
-
Allows overriding of the behaviour when redirecting to a target URL.
- setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
-
Deprecated.
- setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
-
Sets the RedirectStrategy to use.
- setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler
-
Sets the RedirectStrategy to use.
- setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
-
The RedirectStrategy to use.
- setRedirectUrl(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- setRememberMeParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setRememberMeServices(RememberMeServices) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setRememberMeServices(RememberMeServices) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- setReportOnly(boolean) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
-
If true, includes the Content-Security-Policy-Report-Only header in the response, otherwise, defaults to the Content-Security-Policy header.
- setReportOnly(boolean) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
To get a Public-Key-Pins header you should set this to false, otherwise the header will be Public-Key-Pins-Report-Only.
- setReportOnly(boolean) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
-
Set whether to include the
Content-Security-Policy-Report-Only
header in the response. - setReportUri(String) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Sets the URI to which the browser should report pin validation failures.
- setReportUri(URI) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Sets the URI to which the browser should report pin validation failures.
- setRequest(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpRequestResponseHolder
- setRequestCache(RequestCache) - Method in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
- setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
-
The request cache to use to save the request before sending a redirect.
- setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
-
Sets the
ServerRequestCache
used to redirect to. - setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter
- setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Sets the
RequestMatcher
used to determine if the "Strict-Transport-Security" should be added. - setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
-
Allows selective use of saved requests for a subset of requests.
- setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
-
Allows selective use of saved requests for a subset of requests.
- setRequestRejectedHandler(RequestRejectedHandler) - Method in class org.springframework.security.web.FilterChainProxy
-
Sets the
RequestRejectedHandler
to be used for requests rejected by the firewall. - setRequestURI(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setRequestURL(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setRequireCsrfProtectionMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
- setRequireCsrfProtectionMatcher(RequestMatcher) - Method in class org.springframework.security.web.csrf.CsrfFilter
-
Specifies a
RequestMatcher
that is used to determine if CSRF protection should be applied. - setRequiresAuthenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Sets the matcher used to determine when creating an
Authentication
fromAuthenticationWebFilter.setServerAuthenticationConverter(ServerAuthenticationConverter)
to be authentication. - setRequiresAuthenticationRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setRequiresAuthenticationRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Sets the request matcher to check whether to proceed the request further.
- setRequiresHttpsRedirectMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
-
Use this
ServerWebExchangeMatcher
to narrow which requests are redirected to HTTPS. - setRequiresLogoutMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
- setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
-
Sets a Function used to resolve a Map of the hidden inputs where the key is the name of the input and the value is the value of the input.
- setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
-
Sets a Function used to resolve a Map of the hidden inputs where the key is the name of the input and the value is the value of the input.
- setResourceLoader(ResourceLoader) - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
- setResponse(HttpServletResponse) - Method in class org.springframework.security.web.context.HttpRequestResponseHolder
- setRolePrefix(String) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
- setSaml2AuthenticationUrlToProviderName(Map<String, String>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setSaml2LoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setSaveRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
-
Sets the matcher to determine if the request should be saved.
- setSaveRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
-
Sets the matcher to determine if the request should be saved.
- setScheme(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setScheme(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setSecure(boolean) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Sets the cookie secure flag.
- setSecure(Boolean) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Sets secure flag of the cookie that the expected CSRF token is saved to and read from.
- setSecureKeyword(String) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- setSecurityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Sets the repository for persisting the SecurityContext.
- setSecurityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler
-
Sets the
ServerSecurityContextRepository
that should be used for logging out. - setSecurityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Sets the repository for persisting the SecurityContext.
- setSecurityMetadataSource(FilterInvocationSecurityMetadataSource) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
- setSecurityMetadataSource(FilterInvocationSecurityMetadataSource) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
- setSeriesLength(int) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- setServerAuthenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Sets the strategy used for converting from a
ServerWebExchange
to anAuthentication
used for authenticating with the providedReactiveAuthenticationManager
. - setServerName(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setServerName(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setServerPort(int) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setServletContext(ServletContext) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
- setServletContext(ServletContext) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
- setServletContext(ServletContext) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
- setServletPath(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setServletPath(String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
-
The servlet path to match on.
- setServletPath(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setSessionAttributeName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
-
Sets the
HttpSession
attribute name that theCsrfToken
is stored in - setSessionAttributeName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
-
Sets the
HttpSession
attribute name that theCsrfToken
is stored in - setSessionAttrName(String) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
-
If the
sessionAttrName
property is set, the request is stored in the session using this attribute name. - setSessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
The session handling strategy which will be invoked immediately after an authentication request is successfully processed by the AuthenticationManager.
- setShouldWriteHeadersEagerly(boolean) - Method in class org.springframework.security.web.header.HeaderWriterFilter
-
Allow writing headers at the beginning of the request.
- setSpringSecurityContextAttrName(String) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
-
Sets the session attribute name used to save and load the
SecurityContext
- setSpringSecurityContextKey(String) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
Allows the session attribute name to be customized for this repository instance.
- setSubjectDnRegex(String) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
-
Sets the regular expression which will by used to extract the user name from the certificate's Subject DN.
- setSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- setSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Used to define custom behaviour on a successful switch or exit user.
- setSwitchAuthorityRole(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Allows the role of the switchAuthority to be customized.
- setSwitchFailureUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Sets the URL to which a user should be redirected if the switch fails.
- setSwitchUserAuthorityChanger(SwitchUserAuthorityChanger) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- setSwitchUserMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Set the matcher to respond to switch user processing.
- setSwitchUserMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Set the matcher to respond to switch user processing.
- setSwitchUserUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Set the URL to respond to switch user processing.
- setSwitchUserUrl(String) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Set the URL to respond to switch user processing.
- setTargetUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Sets the URL to go to after a successful switch / exit user request.
- setTargetUrlParameter(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
If this property is set, the current request will be checked for this a parameter with this name and the value used as the target URL if present.
- setThrowableAnalyzer(ThrowableAnalyzer) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- setThrowExceptionWhenTokenRejected(boolean) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
If true, causes the provider to throw a BadCredentialsException if the presented authentication request is invalid (contains a null principal or credentials).
- setTokenFromMultipartDataEnabled(boolean) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
-
Specifies if the
CsrfWebFilter
should try to resolve the actual CSRF token from the body of multipart data requests. - setTokenLength(int) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- setTokenValiditySeconds(int) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setTokenValiditySeconds(int) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
-
Sets the
AuthenticationTrustResolver
to be used. - setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
Sets the
AuthenticationTrustResolver
to be used. - setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
-
Sets the
AuthenticationTrustResolver
to be used. - setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.session.SessionManagementFilter
-
Sets the
AuthenticationTrustResolver
to be used. - setUnsafeAllowAnyHttpMethod(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Sets if any HTTP method is allowed.
- setupModule(Module.SetupContext) - Method in class org.springframework.security.web.jackson2.WebJackson2Module
- setupModule(Module.SetupContext) - Method in class org.springframework.security.web.jackson2.WebServletJackson2Module
- setupModule(Module.SetupContext) - Method in class org.springframework.security.web.server.jackson2.WebServerJackson2Module
- setUseEquals(boolean) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
-
If set to true, matches on exact
MediaType
, else usesMediaType.isCompatibleWith(MediaType)
. - setUseEquals(boolean) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
-
If set to true, matches on exact
MediaType
, else usesMediaType.isCompatibleWith(MediaType)
. - setUseForward(boolean) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
-
Tells if we are to do a forward to the
loginFormUrl
using theRequestDispatcher
, instead of a 302 redirect. - setUseForward(boolean) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
-
If set to true, performs a forward to the failure destination URL instead of a redirect.
- setUserCache(UserCache) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
Sets the strategy which will be used to validate the loaded UserDetails object for the user.
- setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Sets the strategy to be used to validate the
UserDetails
object obtained for the user when processing a remember-me cookie to automatically log in a user. - setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Sets the
UserDetailsChecker
that is called on the target user whenever the user is switched. - setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Sets the authentication data access object.
- setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- setUseReferer(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
If set to
true
theReferer
header will be used (if available). - setUsernameParameter(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Allows the parameter containing the username to be customized.
- setUsernameParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setUsernameParameter(String) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
Sets the parameter name which will be used to obtain the username from the login request.
- setUsernameParameter(String) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
-
Deprecated.The parameter name of the form data to extract the username
- setUserRoles2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
- setUseSecureCookie(boolean) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Whether the cookie should be flagged as secure or not.
- setWebSphereGroups2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
- shouldNotFilter(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CsrfFilter
- SimpleRedirectInvalidSessionStrategy - Class in org.springframework.security.web.session
-
Performs a redirect to a fixed URL when an invalid requested session is detected by the
SessionManagementFilter
. - SimpleRedirectInvalidSessionStrategy(String) - Constructor for class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy
- SimpleRedirectSessionInformationExpiredStrategy - Class in org.springframework.security.web.session
-
Performs a redirect to a fixed URL when an expired session is detected by the
ConcurrentSessionFilter
. - SimpleRedirectSessionInformationExpiredStrategy(String) - Constructor for class org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy
- SimpleRedirectSessionInformationExpiredStrategy(String, RedirectStrategy) - Constructor for class org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy
- SimpleSavedRequest - Class in org.springframework.security.web.savedrequest
-
A Bean implementation of SavedRequest
- SimpleSavedRequest() - Constructor for class org.springframework.security.web.savedrequest.SimpleSavedRequest
- SimpleSavedRequest(String) - Constructor for class org.springframework.security.web.savedrequest.SimpleSavedRequest
- SimpleSavedRequest(SavedRequest) - Constructor for class org.springframework.security.web.savedrequest.SimpleSavedRequest
- SimpleUrlAuthenticationFailureHandler - Class in org.springframework.security.web.authentication
-
AuthenticationFailureHandler which performs a redirect to the value of the
defaultFailureUrl
property when the onAuthenticationFailure method is called. - SimpleUrlAuthenticationFailureHandler() - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- SimpleUrlAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- SimpleUrlAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication
-
AuthenticationSuccessHandler which can be configured with a default URL which users should be sent to upon successful authentication.
- SimpleUrlAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
- SimpleUrlAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
-
Constructor which sets the defaultTargetUrl property of the base class.
- SimpleUrlLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout
-
Handles the navigation on logout by delegating to the
AbstractAuthenticationTargetUrlRequestHandler
base class logic. - SimpleUrlLogoutSuccessHandler() - Constructor for class org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler
- skipExchange(ServerWebExchange) - Static method in class org.springframework.security.web.server.csrf.CsrfWebFilter
- skipRequest(HttpServletRequest) - Static method in class org.springframework.security.web.csrf.CsrfFilter
- SPRING_SECURITY_CONTEXT_KEY - Static variable in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
The default key under which the security context will be stored in the session.
- SPRING_SECURITY_FORM_PASSWORD_KEY - Static variable in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- SPRING_SECURITY_FORM_USERNAME_KEY - Static variable in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY - Static variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- SPRING_SECURITY_SWITCH_USERNAME_KEY - Static variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- SPRING_SECURITY_SWITCH_USERNAME_KEY - Static variable in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
- StaticAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- StaticAllowFromStrategy(URI) - Constructor for class org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy
-
Deprecated.
- StaticHeadersWriter - Class in org.springframework.security.web.header.writers
-
HeaderWriter
implementation which writes the sameHeader
instance. - StaticHeadersWriter(String, String...) - Constructor for class org.springframework.security.web.header.writers.StaticHeadersWriter
-
Creates a new instance with a single header
- StaticHeadersWriter(List<Header>) - Constructor for class org.springframework.security.web.header.writers.StaticHeadersWriter
-
Creates a new instance
- StaticServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Allows specifying
HttpHeaders
that should be written to the response. - StaticServerHttpHeadersWriter(HttpHeaders) - Constructor for class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter
- StaticServerHttpHeadersWriter.Builder - Class in org.springframework.security.web.server.header
- STORAGE - org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- STORAGE - org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- STRICT_ORIGIN - org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- STRICT_ORIGIN - org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- STRICT_ORIGIN_WHEN_CROSS_ORIGIN - org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- STRICT_ORIGIN_WHEN_CROSS_ORIGIN - org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- STRICT_TRANSPORT_SECURITY - Static variable in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
- StrictHttpFirewall - Class in org.springframework.security.web.firewall
-
A strict implementation of
HttpFirewall
that rejects any suspicious requests with aRequestRejectedException
. - StrictHttpFirewall() - Constructor for class org.springframework.security.web.firewall.StrictHttpFirewall
- StrictTransportSecurityServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the Strict-Transport-Security if the request is secure.
- StrictTransportSecurityServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
- SubjectDnX509PrincipalExtractor - Class in org.springframework.security.web.authentication.preauth.x509
-
Obtains the principal from a certificate using a regular expression match against the Subject (as returned by a call to
X509Certificate.getSubjectDN()
). - SubjectDnX509PrincipalExtractor() - Constructor for class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
- successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Default behaviour for successful authentication.
- successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Puts the
Authentication
instance returned by the authentication manager into the secure context. - supports(Class<?>) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter
- supports(Class<?>) - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
- supports(Class<?>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
Indicate that this provider only supports PreAuthenticatedAuthenticationToken (sub)classes.
- supports(ConfigAttribute) - Method in interface org.springframework.security.web.access.channel.ChannelDecisionManager
-
Indicates whether this
ChannelDecisionManager
is able to process the passedConfigAttribute
. - supports(ConfigAttribute) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- supports(ConfigAttribute) - Method in interface org.springframework.security.web.access.channel.ChannelProcessor
-
Indicates whether this
ChannelProcessor
is able to process the passedConfigAttribute
. - supports(ConfigAttribute) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- supports(ConfigAttribute) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- supports(ConfigAttribute) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter
- supportsParameter(MethodParameter) - Method in class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
-
Deprecated.
- supportsParameter(MethodParameter) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
- supportsParameter(MethodParameter) - Method in class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver
- supportsParameter(MethodParameter) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
- supportsParameter(MethodParameter) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
- supportsParameter(MethodParameter) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
- switchUser(WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Attempt to switch to another user.
- SwitchUserAuthorityChanger - Interface in org.springframework.security.web.authentication.switchuser
-
Allows subclasses to modify the
GrantedAuthority
list that will be assigned to the principal when they assume the identity of a different principal. - SwitchUserFilter - Class in org.springframework.security.web.authentication.switchuser
-
Switch User processing filter responsible for user context switching.
- SwitchUserFilter() - Constructor for class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- SwitchUserGrantedAuthority - Class in org.springframework.security.web.authentication.switchuser
-
Custom
GrantedAuthority
used bySwitchUserFilter
- SwitchUserGrantedAuthority(String, Authentication) - Constructor for class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
- SwitchUserWebFilter - Class in org.springframework.security.web.server.authentication
-
Switch User processing filter responsible for user context switching.
- SwitchUserWebFilter(ReactiveUserDetailsService, String, String) - Constructor for class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Creates a filter for the user context switching
- SwitchUserWebFilter(ReactiveUserDetailsService, ServerAuthenticationSuccessHandler, ServerAuthenticationFailureHandler) - Constructor for class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Creates a filter for the user context switching
T
- TextEscapeUtils - Class in org.springframework.security.web.util
-
Internal utility for escaping characters in HTML strings.
- TextEscapeUtils() - Constructor for class org.springframework.security.web.util.TextEscapeUtils
- ThrowableAnalyzer - Class in org.springframework.security.web.util
-
Handler for analyzing
Throwable
instances. - ThrowableAnalyzer() - Constructor for class org.springframework.security.web.util.ThrowableAnalyzer
-
Creates a new
ThrowableAnalyzer
instance. - ThrowableCauseExtractor - Interface in org.springframework.security.web.util
-
Interface for handlers extracting the cause out of a specific
Throwable
type. - TokenBasedRememberMeServices - Class in org.springframework.security.web.authentication.rememberme
-
Identifies previously remembered users by a Base-64 encoded cookie.
- TokenBasedRememberMeServices(String, UserDetailsService) - Constructor for class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
- toString() - Method in class org.springframework.security.web.access.intercept.RequestKey
- toString() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
- toString() - Method in class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
- toString() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
- toString() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
- toString() - Method in class org.springframework.security.web.DefaultSecurityFilterChain
- toString() - Method in class org.springframework.security.web.FilterChainProxy
- toString() - Method in class org.springframework.security.web.FilterInvocation
- toString() - Method in class org.springframework.security.web.firewall.FirewalledRequest
- toString() - Method in class org.springframework.security.web.header.Header
- toString() - Method in class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter
- toString() - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
- toString() - Method in class org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter
- toString() - Method in class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter
- toString() - Method in class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
- toString() - Method in class org.springframework.security.web.header.writers.StaticHeadersWriter
- toString() - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
- toString() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- toString() - Method in class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
- toString() - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
- toString() - Method in class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher
- toString() - Method in class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
- toString() - Method in class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
- toString() - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
- toString() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
- toString() - Method in class org.springframework.security.web.util.matcher.AndRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.NegatedRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.OrRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.RegexRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher
- TWO_WEEKS_S - Static variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
U
- UNSAFE_URL - org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- UNSAFE_URL - org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Default behaviour for unsuccessful authentication.
- unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Ensures the authentication object in the secure context is set to null when authentication fails.
- updateToken(String, String, Date) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
- updateToken(String, String, Date) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
- updateToken(String, String, Date) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
- UrlUtils - Class in org.springframework.security.web.util
-
Provides static methods for composing URLs.
- UsernamePasswordAuthenticationFilter - Class in org.springframework.security.web.authentication
-
Processes an authentication form submission.
- UsernamePasswordAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- UsernamePasswordAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
V
- validate(FilterChainProxy) - Method in interface org.springframework.security.web.FilterChainProxy.FilterChainValidator
- valueOf(String) - Static method in enum org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
-
Returns the enum constant of this type with the specified name.
- valueOf(String) - Static method in enum org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
-
Returns the enum constant of this type with the specified name.
- valueOf(String) - Static method in enum org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
-
Returns the enum constant of this type with the specified name.
- valueOf(String) - Static method in enum org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
-
Returns the enum constant of this type with the specified name.
- valueOf(String) - Static method in enum org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
-
Returns the enum constant of this type with the specified name.
- valueOf(String) - Static method in enum org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode
-
Returns the enum constant of this type with the specified name.
- values() - Static method in enum org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
-
Returns an array containing the constants of this enum type, in the order they are declared.
- values() - Static method in enum org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
-
Returns an array containing the constants of this enum type, in the order they are declared.
- values() - Static method in enum org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
-
Returns an array containing the constants of this enum type, in the order they are declared.
- values() - Static method in enum org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
-
Returns an array containing the constants of this enum type, in the order they are declared.
- values() - Static method in enum org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
-
Returns an array containing the constants of this enum type, in the order they are declared.
- values() - Static method in enum org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode
-
Returns an array containing the constants of this enum type, in the order they are declared.
- verifyThrowableHierarchy(Throwable, Class<? extends Throwable>) - Static method in class org.springframework.security.web.util.ThrowableAnalyzer
-
Verifies that the provided throwable is a valid subclass of the provided type (or of the type itself).
- vote(Authentication, FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter
W
- WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE - Static variable in class org.springframework.security.web.WebAttributes
-
Set as a request attribute to override the default
WebInvocationPrivilegeEvaluator
- WebAsyncManagerIntegrationFilter - Class in org.springframework.security.web.context.request.async
-
Provides integration between the
SecurityContext
and Spring Web'sWebAsyncManager
by using theSecurityContextCallableProcessingInterceptor.beforeConcurrentHandling(org.springframework.web.context.request.NativeWebRequest, Callable)
to populate theSecurityContext
on theCallable
. - WebAsyncManagerIntegrationFilter() - Constructor for class org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
- WebAttributes - Class in org.springframework.security.web
-
Well-known keys which are used to store Spring Security information in request or session scope.
- WebAuthenticationDetails - Class in org.springframework.security.web.authentication
-
A holder of selected HTTP details related to a web authentication request.
- WebAuthenticationDetails(HttpServletRequest) - Constructor for class org.springframework.security.web.authentication.WebAuthenticationDetails
-
Records the remote address and will also set the session Id if a session already exists (it won't create one).
- WebAuthenticationDetailsSource - Class in org.springframework.security.web.authentication
-
Implementation of
AuthenticationDetailsSource
which builds the details object from an HttpServletRequest object, creating aWebAuthenticationDetails
. - WebAuthenticationDetailsSource() - Constructor for class org.springframework.security.web.authentication.WebAuthenticationDetailsSource
- WebExpressionVoter - Class in org.springframework.security.web.access.expression
-
Voter which handles web authorisation decisions.
- WebExpressionVoter() - Constructor for class org.springframework.security.web.access.expression.WebExpressionVoter
- WebFilterChainProxy - Class in org.springframework.security.web.server
-
Used to delegate to a List of
SecurityWebFilterChain
instances. - WebFilterChainProxy(List<SecurityWebFilterChain>) - Constructor for class org.springframework.security.web.server.WebFilterChainProxy
- WebFilterChainProxy(SecurityWebFilterChain...) - Constructor for class org.springframework.security.web.server.WebFilterChainProxy
- WebFilterChainServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication
-
Success handler that continues the filter chain after authentication success.
- WebFilterChainServerAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.WebFilterChainServerAuthenticationSuccessHandler
- WebFilterExchange - Class in org.springframework.security.web.server
-
A composite of the
ServerWebExchange
and theWebFilterChain
. - WebFilterExchange(ServerWebExchange, WebFilterChain) - Constructor for class org.springframework.security.web.server.WebFilterExchange
- WebInvocationPrivilegeEvaluator - Interface in org.springframework.security.web.access
-
Allows users to determine whether they have privileges for a given web URI.
- WebJackson2Module - Class in org.springframework.security.web.jackson2
-
Jackson module for spring-security-web.
- WebJackson2Module() - Constructor for class org.springframework.security.web.jackson2.WebJackson2Module
- WebSecurityExpressionRoot - Class in org.springframework.security.web.access.expression
- WebSecurityExpressionRoot(Authentication, FilterInvocation) - Constructor for class org.springframework.security.web.access.expression.WebSecurityExpressionRoot
- WebServerJackson2Module - Class in org.springframework.security.web.server.jackson2
-
Jackson module for spring-security-web-flux.
- WebServerJackson2Module() - Constructor for class org.springframework.security.web.server.jackson2.WebServerJackson2Module
- WebServletJackson2Module - Class in org.springframework.security.web.jackson2
-
Jackson module for spring-security-web related to servlet.
- WebServletJackson2Module() - Constructor for class org.springframework.security.web.jackson2.WebServletJackson2Module
- WebSessionServerCsrfTokenRepository - Class in org.springframework.security.web.server.csrf
- WebSessionServerCsrfTokenRepository() - Constructor for class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
- WebSessionServerRequestCache - Class in org.springframework.security.web.server.savedrequest
- WebSessionServerRequestCache() - Constructor for class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
- WebSessionServerSecurityContextRepository - Class in org.springframework.security.web.server.context
-
Stores the
SecurityContext
in theWebSession
. - WebSessionServerSecurityContextRepository() - Constructor for class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
- WebSpherePreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth.websphere
-
This AbstractPreAuthenticatedProcessingFilter implementation is based on WebSphere authentication.
- WebSpherePreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter
-
Public constructor which overrides the default AuthenticationDetails class to be used.
- WebSpherePreAuthenticatedWebAuthenticationDetailsSource - Class in org.springframework.security.web.authentication.preauth.websphere
-
This AuthenticationDetailsSource implementation will set the pre-authenticated granted authorities based on the WebSphere groups for the current WebSphere user, mapped using the configured Attributes2GrantedAuthoritiesMapper.
- WebSpherePreAuthenticatedWebAuthenticationDetailsSource() - Constructor for class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
- WebSpherePreAuthenticatedWebAuthenticationDetailsSource(WASUsernameAndGroupsExtractor) - Constructor for class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
- WebXmlMappableAttributesRetriever - Class in org.springframework.security.web.authentication.preauth.j2ee
-
This MappableAttributesRetriever implementation reads the list of defined J2EE roles from a web.xml file and returns these from {
WebXmlMappableAttributesRetriever.getMappableAttributes()
. - WebXmlMappableAttributesRetriever() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
- WhiteListedAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- WhiteListedAllowFromStrategy(Collection<String>) - Constructor for class org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy
-
Deprecated.Creates a new instance
- withHttpOnlyFalse() - Static method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Factory method to conveniently create an instance that has
CookieCsrfTokenRepository.setCookieHttpOnly(boolean)
set to false. - withHttpOnlyFalse() - Static method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Factory method to conveniently create an instance that has
CookieServerCsrfTokenRepository.setCookieHttpOnly(boolean)
set to false. - writeHeaders(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.header.HeaderWriter
-
Create a
Header
instance. - writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CacheControlHeadersWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CompositeHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
-
Writes the X-Frame-Options header value, overwritting any previous value.
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.StaticHeadersWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in interface org.springframework.security.web.server.header.ServerHttpHeadersWriter
-
Write the headers to the response.
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
X
- X_CONTENT_OPTIONS - Static variable in class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
- X_CONTENT_OPTIONS - Static variable in class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter
- X_FRAME_OPTIONS - Static variable in class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
- X_XSS_PROTECTION - Static variable in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
- X509AuthenticationFilter - Class in org.springframework.security.web.authentication.preauth.x509
- X509AuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
- X509PrincipalExtractor - Interface in org.springframework.security.web.authentication.preauth.x509
-
Obtains the principal from an X509Certificate for use within the framework.
- XContentTypeOptionsHeaderWriter - Class in org.springframework.security.web.header.writers
-
A
StaticHeadersWriter
that inserts headers to prevent content sniffing. - XContentTypeOptionsHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.XContentTypeOptionsHeaderWriter
-
Creates a new instance
- XContentTypeOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Adds X-Content-Type-Options: nosniff
- XContentTypeOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter
- XFRAME_OPTIONS_HEADER - Static variable in class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
- XFrameOptionsHeaderWriter - Class in org.springframework.security.web.header.writers.frameoptions
-
HeaderWriter
implementation for the X-Frame-Options headers. - XFrameOptionsHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
-
Creates an instance with
XFrameOptionsHeaderWriter.XFrameOptionsMode.DENY
- XFrameOptionsHeaderWriter(AllowFromStrategy) - Constructor for class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode) - Constructor for class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
-
Creates a new instance
- XFrameOptionsHeaderWriter.XFrameOptionsMode - Enum in org.springframework.security.web.header.writers.frameoptions
-
The possible values for the X-Frame-Options header.
- XFrameOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
ServerHttpHeadersWriter
implementation for the X-Frame-Options headers. - XFrameOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
- XFrameOptionsServerHttpHeadersWriter.Mode - Enum in org.springframework.security.web.server.header
-
The X-Frame-Options values.
- XXssProtectionHeaderWriter - Class in org.springframework.security.web.header.writers
-
Renders the X-XSS-Protection header.
- XXssProtectionHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
-
Create a new instance
- XXssProtectionServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Add the x-xss-protection header.
- XXssProtectionServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
-
Creates a new instance
All Classes All Packages