All Classes Interface Summary Class Summary Enum Summary Exception Summary Annotation Types Summary
Class |
Description |
AbstractAuthenticationProcessingFilter |
Abstract processor of browser-based HTTP-based authentication requests.
|
AbstractAuthenticationTargetUrlRequestHandler |
Base class containing the logic used by strategies which handle redirection to a URL
and are passed an Authentication object as part of the contract.
|
AbstractPreAuthenticatedProcessingFilter |
Base class for processing filters that handle pre-authenticated authentication
requests, where it is assumed that the principal has already been authenticated by an
external system.
|
AbstractRememberMeServices |
Base class for RememberMeServices implementations.
|
AbstractRequestParameterAllowFromStrategy |
Deprecated.
|
AbstractRetryEntryPoint |
|
AbstractSecurityWebApplicationInitializer |
Registers the DelegatingFilterProxy to use the springSecurityFilterChain before
any other registered Filter .
|
AbstractSessionFixationProtectionStrategy |
A base class for performing session fixation protection.
|
AbstractSessionFixationProtectionStrategy.NullEventPublisher |
|
AccessDeniedHandler |
|
AccessDeniedHandlerImpl |
|
AllowFromStrategy |
Deprecated.
|
AndRequestMatcher |
|
AndServerWebExchangeMatcher |
|
AnonymousAuthenticationFilter |
Detects if there is no Authentication object in the
SecurityContextHolder , and populates it with one if needed.
|
AnonymousAuthenticationWebFilter |
Detects if there is no Authentication object in the
ReactiveSecurityContextHolder , and populates it with one if needed.
|
AntPathRequestMatcher |
Matcher which compares a pre-defined ant-style pattern against the URL (
servletPath + pathInfo ) of an HttpServletRequest .
|
AnyRequestMatcher |
Matches any supplied request.
|
AuthenticationConverter |
A strategy used for converting from a HttpServletRequest to an
Authentication of particular type.
|
AuthenticationConverterServerWebExchangeMatcher |
|
AuthenticationEntryPoint |
|
AuthenticationEntryPointFailureHandler |
|
AuthenticationFailureHandler |
Strategy used to handle a failed authentication attempt.
|
AuthenticationFilter |
A Filter that performs authentication of a particular request.
|
AuthenticationPrincipal |
Deprecated.
|
AuthenticationPrincipalArgumentResolver |
Deprecated.
|
AuthenticationPrincipalArgumentResolver |
Allows resolving the Authentication.getPrincipal() using the
AuthenticationPrincipal annotation.
|
AuthenticationPrincipalArgumentResolver |
Resolves the Authentication
|
AuthenticationSuccessHandler |
Strategy used to handle a successful user authentication.
|
AuthenticationSwitchUserEvent |
Application event which indicates that a user context switch.
|
AuthenticationWebFilter |
A WebFilter that performs authentication of a particular request.
|
AuthorizationContext |
|
AuthorizationFilter |
An authorization filter that restricts access to the URL using
AuthorizationManager .
|
AuthorizationManagerWebInvocationPrivilegeEvaluator |
|
AuthorizationWebFilter |
|
BasicAuthenticationConverter |
Converts from a HttpServletRequest to UsernamePasswordAuthenticationToken that
can be authenticated.
|
BasicAuthenticationEntryPoint |
|
BasicAuthenticationFilter |
Processes a HTTP request's BASIC authorization headers, putting the result into the
SecurityContextHolder .
|
CacheControlHeadersWriter |
Inserts headers to prevent caching if no cache control headers have been specified.
|
CacheControlServerHttpHeadersWriter |
Writes cache control related headers.
|
ChangeSessionIdAuthenticationStrategy |
Uses HttpServletRequest.changeSessionId() to protect against session fixation
attacks.
|
ChannelDecisionManager |
Decides whether a web channel provides sufficient security.
|
ChannelDecisionManagerImpl |
|
ChannelEntryPoint |
|
ChannelProcessingFilter |
Ensures a web request is delivered over the required channel.
|
ChannelProcessor |
Decides whether a web channel meets a specific security condition.
|
ClearSiteDataHeaderWriter |
|
ClearSiteDataHeaderWriter.Directive |
|
ClearSiteDataServerHttpHeadersWriter |
Writes the Clear-Site-Data response header when the request is secure.
|
ClearSiteDataServerHttpHeadersWriter.Directive |
|
CompositeHeaderWriter |
|
CompositeLogoutHandler |
|
CompositeRequestRejectedHandler |
|
CompositeServerHttpHeadersWriter |
|
CompositeSessionAuthenticationStrategy |
|
ConcurrentSessionControlAuthenticationStrategy |
Strategy which handles concurrent session-control.
|
ConcurrentSessionFilter |
Filter required by concurrent session handling package.
|
ContentSecurityPolicyHeaderWriter |
|
ContentSecurityPolicyServerHttpHeadersWriter |
Writes the Contet-Security-Policy response header with configured policy
directives.
|
ContentTypeOptionsServerHttpHeadersWriter |
Adds X-Content-Type-Options: nosniff
|
CookieClearingLogoutHandler |
A logout handler which clears either - A defined list of cookie names, using the
context path as the cookie path OR - A given list of Cookies
|
CookieCsrfTokenRepository |
A CsrfTokenRepository that persists the CSRF token in a cookie named
"XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
AngularJS.
|
CookieRequestCache |
An Implementation of RequestCache which saves the original request URI in a
cookie.
|
CookieServerCsrfTokenRepository |
A ServerCsrfTokenRepository that persists the CSRF token in a cookie named
"XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
AngularJS.
|
CookieServerRequestCache |
|
CookieTheftException |
|
CrossOriginEmbedderPolicyHeaderWriter |
Inserts Cross-Origin-Embedder-Policy header.
|
CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy |
|
CrossOriginEmbedderPolicyServerHttpHeadersWriter |
Inserts Cross-Origin-Embedder-Policy headers.
|
CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy |
|
CrossOriginOpenerPolicyHeaderWriter |
Inserts the Cross-Origin-Opener-Policy header
|
CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy |
|
CrossOriginOpenerPolicyServerHttpHeadersWriter |
Inserts Cross-Origin-Opener-Policy header.
|
CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy |
|
CrossOriginResourcePolicyHeaderWriter |
Inserts Cross-Origin-Resource-Policy header
|
CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy |
|
CrossOriginResourcePolicyServerHttpHeadersWriter |
Inserts Cross-Origin-Resource-Policy headers.
|
CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy |
|
CsrfAuthenticationStrategy |
|
CsrfException |
Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest
|
CsrfException |
Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest
|
CsrfFilter |
Applies
CSRF
protection using a synchronizer token pattern.
|
CsrfLogoutHandler |
|
CsrfRequestDataValueProcessor |
|
CsrfRequestDataValueProcessor |
Integration with Spring Web MVC that automatically adds the CsrfToken into
forms with hidden inputs when using Spring tag libraries.
|
CsrfServerLogoutHandler |
|
CsrfToken |
Provides the information about an expected CSRF token.
|
CsrfToken |
|
CsrfTokenArgumentResolver |
|
CsrfTokenRepository |
An API to allow changing the method in which the expected CsrfToken is
associated to the HttpServletRequest .
|
CsrfTokenRequestAttributeHandler |
An implementation of the CsrfTokenRequestHandler interface that is capable of
making the CsrfToken available as a request attribute and resolving the token
value as either a header or parameter value of the request.
|
CsrfTokenRequestHandler |
|
CsrfTokenRequestResolver |
Implementations of this interface are capable of resolving the token value of a
CsrfToken from the provided HttpServletRequest .
|
CsrfWebFilter |
Applies
CSRF
protection using a synchronizer token pattern.
|
CurrentSecurityContextArgumentResolver |
Allows resolving the SecurityContext using the CurrentSecurityContext
annotation.
|
CurrentSecurityContextArgumentResolver |
Resolves the SecurityContext
|
DebugFilter |
Spring Security debugging filter.
|
DefaultCsrfToken |
A CSRF token that is used to protect against CSRF attacks.
|
DefaultCsrfToken |
A CSRF token that is used to protect against CSRF attacks.
|
DefaultFilterInvocationSecurityMetadataSource |
Default implementation of FilterInvocationDefinitionSource.
|
DefaultHttpFirewall |
User's should consider using StrictHttpFirewall because rather than trying to
sanitize a malicious URL it rejects the malicious URL providing better security
guarantees.
|
DefaultHttpSecurityExpressionHandler |
|
DefaultLoginPageGeneratingFilter |
For internal use with namespace configuration in the case where a user doesn't
configure a login page.
|
DefaultLogoutPageGeneratingFilter |
Generates a default log out page.
|
DefaultRedirectStrategy |
Simple implementation of RedirectStrategy which is the default used throughout
the framework.
|
DefaultRequestRejectedHandler |
|
DefaultSavedRequest |
Represents central information from a HttpServletRequest .
|
DefaultSavedRequest.Builder |
|
DefaultSecurityFilterChain |
Standard implementation of SecurityFilterChain .
|
DefaultServerRedirectStrategy |
|
DefaultWebInvocationPrivilegeEvaluator |
Deprecated.
|
DefaultWebSecurityExpressionHandler |
|
DeferredCsrfToken |
An interface that allows delayed access to a CsrfToken that may be generated.
|
DelegatingAccessDeniedHandler |
|
DelegatingAuthenticationEntryPoint |
An AuthenticationEntryPoint which selects a concrete
AuthenticationEntryPoint based on a RequestMatcher evaluation.
|
DelegatingAuthenticationFailureHandler |
|
DelegatingLogoutSuccessHandler |
Delegates to logout handlers based on matched request matchers
|
DelegatingReactiveAuthorizationManager |
|
DelegatingReactiveAuthorizationManager.Builder |
|
DelegatingRequestMatcherHeaderWriter |
|
DelegatingSecurityContextRepository |
|
DelegatingServerAuthenticationEntryPoint |
|
DelegatingServerAuthenticationEntryPoint.DelegateEntry |
|
DelegatingServerAuthenticationSuccessHandler |
|
DelegatingServerLogoutHandler |
|
DigestAuthenticationEntryPoint |
|
DigestAuthenticationFilter |
Processes a HTTP request's Digest authorization headers, putting the result into the
SecurityContextHolder .
|
DisableEncodeUrlFilter |
Disables encoding URLs using the HttpServletResponse to prevent including the
session id in URLs which is not considered URL because the session id can be leaked in
things like HTTP access logs.
|
DispatcherTypeRequestMatcher |
Checks the DispatcherType to decide whether to match a given request.
|
ELRequestMatcher |
A RequestMatcher implementation which uses a SpEL expression
|
Enumerator<T> |
Adapter that wraps an Enumeration around a Java 2 collection
Iterator .
|
ExceptionMappingAuthenticationFailureHandler |
Uses the internal map of exceptions types to URLs to determine the destination on
authentication failure.
|
ExceptionTranslationFilter |
Handles any AccessDeniedException and AuthenticationException
thrown within the filter chain.
|
ExceptionTranslationWebFilter |
|
ExchangeMatcherRedirectWebFilter |
|
ExpressionBasedFilterInvocationSecurityMetadataSource |
Expression-based FilterInvocationSecurityMetadataSource .
|
FastHttpDateFormat |
Utility class to generate HTTP dates.
|
FeaturePolicyHeaderWriter |
|
FeaturePolicyServerHttpHeadersWriter |
Writes the Feature-Policy response header with configured policy directives.
|
FilterChainProxy |
Delegates Filter requests to a list of Spring-managed filter beans.
|
FilterChainProxy.FilterChainValidator |
|
FilterInvocation |
Holds objects associated with a HTTP filter.
|
FilterInvocationSecurityMetadataSource |
Marker interface for SecurityMetadataSource implementations that are
designed to perform lookups keyed on FilterInvocation s.
|
FilterSecurityInterceptor |
Deprecated.
|
FirewalledRequest |
Request wrapper which is returned by the HttpFirewall interface.
|
ForceEagerSessionCreationFilter |
Eagerly creates HttpSession if it does not already exist.
|
ForwardAuthenticationFailureHandler |
Forward Authentication Failure Handler
|
ForwardAuthenticationSuccessHandler |
Forward Authentication Success Handler
|
ForwardLogoutSuccessHandler |
LogoutSuccessHandler implementation that will perform a request dispatcher
"forward" to the specified target URL.
|
Header |
Represents a Header to be added to the HttpServletResponse
|
HeaderWriter |
Contract for writing headers to a HttpServletResponse
|
HeaderWriterFilter |
Filter implementation to add headers to the current response.
|
HeaderWriterLogoutHandler |
|
HeaderWriterServerLogoutHandler |
|
HpkpHeaderWriter |
Deprecated.
|
HstsHeaderWriter |
|
Http403ForbiddenEntryPoint |
In the pre-authenticated authentication case (unlike CAS, for example) the user will
already have been identified through some external mechanism and a secure context
established by the time the security-enforcement filter is invoked.
|
HttpBasicServerAuthenticationEntryPoint |
Prompts a user for HTTP Basic authentication.
|
HttpFirewall |
Interface which can be used to reject potentially dangerous requests and/or wrap them
to control their behaviour.
|
HttpHeaderWriterWebFilter |
|
HttpRequestResponseHolder |
Deprecated.
|
HttpSessionCreatedEvent |
|
HttpSessionCsrfTokenRepository |
|
HttpSessionDestroyedEvent |
|
HttpSessionEventPublisher |
Declared in web.xml as
|
HttpSessionIdChangedEvent |
|
HttpSessionRequestCache |
RequestCache which stores the SavedRequest in the HttpSession.
|
HttpSessionSecurityContextRepository |
A SecurityContextRepository implementation which stores the security context in
the HttpSession between requests.
|
HttpsRedirectWebFilter |
Redirects any non-HTTPS request to its HTTPS equivalent.
|
HttpStatusEntryPoint |
|
HttpStatusRequestRejectedHandler |
|
HttpStatusReturningLogoutSuccessHandler |
|
HttpStatusReturningServerLogoutSuccessHandler |
|
HttpStatusServerAccessDeniedHandler |
Sets the provided HTTP Status when access is denied.
|
HttpStatusServerEntryPoint |
|
InMemoryTokenRepositoryImpl |
Simple PersistentTokenRepository implementation backed by a Map.
|
InsecureChannelProcessor |
Ensures channel security is inactive by review of
HttpServletRequest.isSecure() responses.
|
InvalidCookieException |
Exception thrown by a RememberMeServices implementation to indicate that a submitted
cookie is of an invalid format or has expired.
|
InvalidCsrfTokenException |
Thrown when an expected CsrfToken exists, but it does not match the value
present on the HttpServletRequest
|
InvalidSessionAccessDeniedHandler |
|
InvalidSessionStrategy |
Determines the behaviour of the SessionManagementFilter when an invalid session
Id is submitted and detected in the SessionManagementFilter .
|
IpAddressMatcher |
Matches a request based on IP Address or subnet mask matching against the remote
address.
|
IpAddressReactiveAuthorizationManager |
A ReactiveAuthorizationManager , that determines if the current request contains
the specified address or range of addresses
|
IpAddressServerWebExchangeMatcher |
Matches a request based on IP Address or subnet mask matching against the remote
address.
|
J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource |
Implementation of AuthenticationDetailsSource which converts the user's J2EE roles (as
obtained by calling HttpServletRequest.isUserInRole(String) ) into
GrantedAuthority s and stores these in the authentication details object.
|
J2eePreAuthenticatedProcessingFilter |
This AbstractPreAuthenticatedProcessingFilter implementation is based on the J2EE
container-based authentication mechanism.
|
JaasApiIntegrationFilter |
A Filter which attempts to obtain a JAAS Subject and continue
the FilterChain running as that Subject .
|
JdbcTokenRepositoryImpl |
JDBC based persistent login token repository implementation.
|
LazyCsrfTokenRepository |
Deprecated.
|
LoginPageGeneratingWebFilter |
Generates a default log in page used for authenticating users.
|
LoginUrlAuthenticationEntryPoint |
|
LogoutFilter |
Logs a principal out.
|
LogoutHandler |
Indicates a class that is able to participate in logout handling.
|
LogoutPageGeneratingWebFilter |
Generates a default log out page.
|
LogoutSuccessEventPublishingLogoutHandler |
A logout handler which publishes LogoutSuccessEvent
|
LogoutSuccessHandler |
Strategy that is called after a successful logout by the LogoutFilter , to
handle redirection or forwarding to the appropriate destination.
|
LogoutWebFilter |
|
MatcherSecurityWebFilterChain |
|
MediaTypeRequestMatcher |
Allows matching HttpServletRequest based upon the MediaType 's resolved
from a ContentNegotiationStrategy .
|
MediaTypeServerWebExchangeMatcher |
Matches based upon the accept headers.
|
MissingCsrfTokenException |
Thrown when no expected CsrfToken is found but is required.
|
MvcRequestMatcher |
A RequestMatcher that uses Spring MVC's HandlerMappingIntrospector to
match the path and extract variables.
|
MvcRequestMatcher.Builder |
|
NegatedRequestMatcher |
|
NegatedServerWebExchangeMatcher |
Negates the provided matcher.
|
NonceExpiredException |
Thrown if an authentication request is rejected because the digest nonce has expired.
|
NoOpServerRequestCache |
|
NoOpServerSecurityContextRepository |
|
NullAuthenticatedSessionStrategy |
|
NullRememberMeServices |
|
NullRequestCache |
Null implementation of RequestCache.
|
NullSecurityContextRepository |
|
OnCommittedResponseWrapper |
Base class for response wrappers which encapsulate the logic for handling an event when
the HttpServletResponse is committed.
|
OrRequestMatcher |
|
OrServerWebExchangeMatcher |
|
PathPatternParserServerWebExchangeMatcher |
Matches if the PathPattern matches the path within the application.
|
PermissionsPolicyHeaderWriter |
|
PermissionsPolicyServerHttpHeadersWriter |
Writes the Permissions-Policy response header with configured policy
directives.
|
PersistentRememberMeToken |
|
PersistentTokenBasedRememberMeServices |
|
PersistentTokenRepository |
|
PortMapper |
PortMapper implementations provide callers with information about which
HTTP ports are associated with which HTTPS ports on the system, and vice versa.
|
PortMapperImpl |
Concrete implementation of PortMapper that obtains HTTP:HTTPS pairs from the
application context.
|
PortResolver |
A PortResolver determines the port a web request was received on.
|
PortResolverImpl |
Concrete implementation of PortResolver that obtains the port from
ServletRequest.getServerPort().
|
PreAuthenticatedAuthenticationProvider |
Processes a pre-authenticated authentication request.
|
PreAuthenticatedAuthenticationToken |
Authentication implementation for
pre-authenticated authentication.
|
PreAuthenticatedCredentialsNotFoundException |
|
PreAuthenticatedGrantedAuthoritiesUserDetailsService |
This AuthenticationUserDetailsService implementation creates a UserDetails object based
solely on the information contained in the given PreAuthenticatedAuthenticationToken.
|
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails |
This WebAuthenticationDetails implementation allows for storing a list of
pre-authenticated Granted Authorities.
|
ReactivePreAuthenticatedAuthenticationManager |
|
ReactorContextWebFilter |
|
RedirectServerAuthenticationEntryPoint |
Performs a redirect to a specified location.
|
RedirectServerAuthenticationFailureHandler |
Performs a redirect to a specified location.
|
RedirectServerAuthenticationSuccessHandler |
Performs a redirect on authentication success.
|
RedirectServerLogoutSuccessHandler |
Performs a redirect on log out success.
|
RedirectStrategy |
Encapsulates the redirection logic for all classes in the framework which perform
redirects.
|
RedirectUrlBuilder |
Internal class for building redirect URLs.
|
ReferrerPolicyHeaderWriter |
|
ReferrerPolicyHeaderWriter.ReferrerPolicy |
|
ReferrerPolicyServerHttpHeadersWriter |
Writes the Referrer-Policy response header.
|
ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy |
|
RegExpAllowFromStrategy |
Deprecated.
|
RegexRequestMatcher |
Uses a regular expression to decide whether a supplied the URL of a supplied
HttpServletRequest .
|
RegisterSessionAuthenticationStrategy |
Strategy used to register a user with the SessionRegistry after successful
Authentication .
|
RememberMeAuthenticationException |
This exception is thrown when an
Authentication exception occurs while using
the remember-me authentication.
|
RememberMeAuthenticationFilter |
Detects if there is no Authentication object in the SecurityContext ,
and populates the context with a remember-me authentication token if a
RememberMeServices implementation so requests.
|
RememberMeServices |
Implement by a class that is capable of providing a remember-me service.
|
RequestAttributeAuthenticationFilter |
A simple pre-authenticated filter which obtains the username from request attributes,
for use with SSO systems such as
Stanford
WebAuth or Shibboleth.
|
RequestAttributeSecurityContextRepository |
Stores the SecurityContext on a
ServletRequest.setAttribute(String, Object) so that it can be
restored when different dispatch types occur.
|
RequestAuthorizationContext |
An HttpServletRequest authorization context.
|
RequestCache |
Implements "saved request" logic, allowing a single request to be retrieved and
restarted after redirecting to an authentication mechanism.
|
RequestCacheAwareFilter |
Responsible for reconstituting the saved request if one is cached and it matches the
current request.
|
RequestedUrlRedirectInvalidSessionStrategy |
Performs a redirect to the original request URL when an invalid requested session is
detected by the SessionManagementFilter .
|
RequestHeaderAuthenticationFilter |
A simple pre-authenticated filter which obtains the username from a request header, for
use with systems such as CA Siteminder.
|
RequestHeaderRequestMatcher |
A RequestMatcher that can be used to match request that contain a header with
an expected header name and an expected value.
|
RequestKey |
|
RequestMatcher |
Simple strategy to match an HttpServletRequest.
|
RequestMatcher.MatchResult |
The result of matching against an HttpServletRequest Contains the status, true or
false, of the match and if present, any variables extracted from the match
|
RequestMatcherDelegatingAccessDeniedHandler |
|
RequestMatcherDelegatingAuthenticationManagerResolver |
|
RequestMatcherDelegatingAuthenticationManagerResolver.Builder |
|
RequestMatcherDelegatingAuthorizationManager |
An AuthorizationManager which delegates to a specific
AuthorizationManager based on a RequestMatcher evaluation.
|
RequestMatcherDelegatingAuthorizationManager.Builder |
|
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator |
|
RequestMatcherEditor |
PropertyEditor which creates ELRequestMatcher instances from Strings
This allows to use a String in a BeanDefinition instead of an (inner) bean if a
RequestMatcher is required, e.g.
|
RequestMatcherEntry<T> |
|
RequestMatcherRedirectFilter |
Filter that redirects requests that match RequestMatcher to the specified URL.
|
RequestRejectedException |
|
RequestRejectedHandler |
|
RequestVariablesExtractor |
Deprecated.
|
RetryWithHttpEntryPoint |
Commences an insecure channel by retrying the original request using HTTP.
|
RetryWithHttpsEntryPoint |
Commences a secure channel by retrying the original request using HTTPS.
|
SaveContextOnUpdateOrErrorResponseWrapper |
Deprecated.
|
SavedCookie |
Stores off the values of a cookie in a serializable holder
|
SavedRequest |
Encapsulates the functionality required of a cached request for both an authentication
mechanism (typically form-based login) to redirect to the original URL and for a
RequestCache to build a wrapped request, reproducing the original request
data.
|
SavedRequestAwareAuthenticationSuccessHandler |
|
SecureChannelProcessor |
Ensures channel security is active by review of
HttpServletRequest.isSecure() responses.
|
SecurityContextCallableProcessingInterceptor |
Allows for integration with Spring MVC's Callable support.
|
SecurityContextHolderAwareRequestFilter |
A Filter which populates the ServletRequest with a request
wrapper which implements the servlet API security methods.
|
SecurityContextHolderAwareRequestWrapper |
|
SecurityContextHolderFilter |
|
SecurityContextLogoutHandler |
Performs a logout by modifying the
SecurityContextHolder .
|
SecurityContextPersistenceFilter |
Deprecated.
|
SecurityContextRepository |
Strategy used for persisting a SecurityContext between requests.
|
SecurityContextServerLogoutHandler |
|
SecurityContextServerWebExchange |
Overrides the ServerWebExchange.getPrincipal() with the provided
SecurityContext
|
SecurityContextServerWebExchangeWebFilter |
Override the ServerWebExchange.getPrincipal() to be looked up using
ReactiveSecurityContextHolder .
|
SecurityFilterChain |
Defines a filter chain which is capable of being matched against an
HttpServletRequest .
|
SecurityHeaders |
Utilities for interacting with HttpHeaders
|
SecurityWebApplicationContextUtils |
Spring Security extension to Spring's WebApplicationContextUtils .
|
SecurityWebFilterChain |
Defines a filter chain which is capable of being matched against a
ServerWebExchange in order to decide whether it applies to that request.
|
ServerAccessDeniedHandler |
|
ServerAuthenticationConverter |
A strategy used for converting from a ServerWebExchange to an
Authentication used for authenticating with a provided
ReactiveAuthenticationManager .
|
ServerAuthenticationEntryPoint |
Used to request authentication
|
ServerAuthenticationEntryPointFailureHandler |
|
ServerAuthenticationFailureHandler |
Handles authentication failure
|
ServerAuthenticationSuccessHandler |
Handles authentication success
|
ServerCsrfTokenRepository |
An API to allow changing the method in which the expected CsrfToken is
associated to the ServerWebExchange .
|
ServerCsrfTokenRequestAttributeHandler |
An implementation of the ServerCsrfTokenRequestHandler interface that is
capable of making the CsrfToken available as an exchange attribute and
resolving the token value as either a form data value or header of the request.
|
ServerCsrfTokenRequestHandler |
|
ServerCsrfTokenRequestResolver |
Implementations of this interface are capable of resolving the token value of a
CsrfToken from the provided ServerWebExchange .
|
ServerFormLoginAuthenticationConverter |
Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form
data HTTP parameters.
|
ServerFormLoginAuthenticationConverter |
Deprecated.
|
ServerHttpBasicAuthenticationConverter |
Converts from a ServerWebExchange to an Authentication that can be
authenticated.
|
ServerHttpBasicAuthenticationConverter |
Deprecated.
|
ServerHttpHeadersWriter |
Interface for writing headers just before the response is committed.
|
ServerLogoutHandler |
Handles log out
|
ServerLogoutSuccessHandler |
Strategy for when log out was successfully performed (typically after
ServerLogoutHandler is invoked).
|
ServerRedirectStrategy |
A strategy for performing redirects.
|
ServerRequestCache |
Saves a ServerHttpRequest so it can be "replayed" later.
|
ServerRequestCacheWebFilter |
|
ServerSecurityContextRepository |
Strategy used for persisting a SecurityContext between requests.
|
ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver |
|
ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder |
|
ServerWebExchangeDelegatingServerAccessDeniedHandler |
|
ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry |
|
ServerWebExchangeDelegatingServerHttpHeadersWriter |
|
ServerWebExchangeMatcher |
|
ServerWebExchangeMatcher.MatchResult |
The result of matching
|
ServerWebExchangeMatcherEntry<T> |
|
ServerWebExchangeMatchers |
|
ServerX509AuthenticationConverter |
|
SessionAuthenticationException |
Thrown by an SessionAuthenticationStrategy to indicate that an authentication
object is not valid for the current session, typically because the same user has
exceeded the number of sessions they are allowed to have concurrently.
|
SessionAuthenticationStrategy |
Allows pluggable support for HttpSession-related behaviour when an authentication
occurs.
|
SessionFixationProtectionEvent |
Indicates a session ID was changed for the purposes of session fixation protection.
|
SessionFixationProtectionStrategy |
Uses HttpServletRequest.invalidate() to protect against session fixation
attacks.
|
SessionInformationExpiredEvent |
An event for when a SessionInformation is expired.
|
SessionInformationExpiredStrategy |
Determines the behaviour of the ConcurrentSessionFilter when an expired session
is detected in the ConcurrentSessionFilter .
|
SessionManagementFilter |
Detects that a user has been authenticated since the start of the request and, if they
have, calls the configured SessionAuthenticationStrategy to perform any
session-related activity such as activating session-fixation protection mechanisms or
checking for multiple concurrent logins.
|
SimpleRedirectInvalidSessionStrategy |
Performs a redirect to a fixed URL when an invalid requested session is detected by the
SessionManagementFilter .
|
SimpleRedirectSessionInformationExpiredStrategy |
Performs a redirect to a fixed URL when an expired session is detected by the
ConcurrentSessionFilter .
|
SimpleSavedRequest |
A Bean implementation of SavedRequest
|
SimpleUrlAuthenticationFailureHandler |
AuthenticationFailureHandler which performs a redirect to the value of the
defaultFailureUrl property when the
onAuthenticationFailure method is called.
|
SimpleUrlAuthenticationSuccessHandler |
AuthenticationSuccessHandler which can be configured with a default URL which
users should be sent to upon successful authentication.
|
SimpleUrlLogoutSuccessHandler |
|
StaticAllowFromStrategy |
Deprecated.
|
StaticHeadersWriter |
HeaderWriter implementation which writes the same Header instance.
|
StaticServerHttpHeadersWriter |
Allows specifying HttpHeaders that should be written to the response.
|
StaticServerHttpHeadersWriter.Builder |
|
StrictHttpFirewall |
|
StrictTransportSecurityServerHttpHeadersWriter |
Writes the Strict-Transport-Security if the request is secure.
|
SubjectDnX509PrincipalExtractor |
Obtains the principal from a certificate using a regular expression match against the
Subject (as returned by a call to X509Certificate.getSubjectDN() ).
|
SwitchUserAuthorityChanger |
Allows subclasses to modify the GrantedAuthority list that will be assigned to
the principal when they assume the identity of a different principal.
|
SwitchUserFilter |
Switch User processing filter responsible for user context switching.
|
SwitchUserGrantedAuthority |
|
SwitchUserWebFilter |
Switch User processing filter responsible for user context switching.
|
TextEscapeUtils |
Internal utility for escaping characters in HTML strings.
|
ThrowableAnalyzer |
Handler for analyzing Throwable instances.
|
ThrowableCauseExtractor |
Interface for handlers extracting the cause out of a specific Throwable type.
|
TokenBasedRememberMeServices |
Identifies previously remembered users by a Base-64 encoded cookie.
|
TokenBasedRememberMeServices.RememberMeTokenAlgorithm |
|
UrlUtils |
Provides static methods for composing URLs.
|
UsernamePasswordAuthenticationFilter |
Processes an authentication form submission.
|
WebAsyncManagerIntegrationFilter |
|
WebAttributes |
Well-known keys which are used to store Spring Security information in request or
session scope.
|
WebAuthenticationDetails |
A holder of selected HTTP details related to a web authentication request.
|
WebAuthenticationDetailsSource |
Implementation of AuthenticationDetailsSource which builds the details object
from an HttpServletRequest object, creating a WebAuthenticationDetails
.
|
WebExpressionAuthorizationManager |
An expression-based AuthorizationManager that determines the access by
evaluating the provided expression.
|
WebExpressionVoter |
Deprecated.
|
WebFilterChainProxy |
|
WebFilterChainServerAuthenticationSuccessHandler |
Success handler that continues the filter chain after authentication success.
|
WebFilterExchange |
A composite of the ServerWebExchange and the WebFilterChain .
|
WebInvocationPrivilegeEvaluator |
Allows users to determine whether they have privileges for a given web URI.
|
WebJackson2Module |
Jackson module for spring-security-web.
|
WebSecurityExpressionRoot |
|
WebServerJackson2Module |
Jackson module for spring-security-web-flux.
|
WebServletJackson2Module |
Jackson module for spring-security-web related to servlet.
|
WebSessionServerCsrfTokenRepository |
|
WebSessionServerLogoutHandler |
|
WebSessionServerRequestCache |
An implementation of ServerRequestCache that saves the
ServerHttpRequest in the WebSession .
|
WebSessionServerSecurityContextRepository |
Stores the SecurityContext in the
WebSession .
|
WebSpherePreAuthenticatedProcessingFilter |
This AbstractPreAuthenticatedProcessingFilter implementation is based on WebSphere
authentication.
|
WebSpherePreAuthenticatedWebAuthenticationDetailsSource |
This AuthenticationDetailsSource implementation will set the pre-authenticated granted
authorities based on the WebSphere groups for the current WebSphere user, mapped using
the configured Attributes2GrantedAuthoritiesMapper.
|
WebXmlMappableAttributesRetriever |
|
WhiteListedAllowFromStrategy |
Deprecated.
|
X509AuthenticationFilter |
|
X509PrincipalExtractor |
Obtains the principal from an X509Certificate for use within the framework.
|
XContentTypeOptionsHeaderWriter |
|
XContentTypeOptionsServerHttpHeadersWriter |
Adds X-Content-Type-Options: nosniff
|
XFrameOptionsHeaderWriter |
HeaderWriter implementation for the X-Frame-Options headers.
|
XFrameOptionsHeaderWriter.XFrameOptionsMode |
The possible values for the X-Frame-Options header.
|
XFrameOptionsServerHttpHeadersWriter |
ServerHttpHeadersWriter implementation for the X-Frame-Options headers.
|
XFrameOptionsServerHttpHeadersWriter.Mode |
The X-Frame-Options values.
|
XorCsrfTokenRequestAttributeHandler |
An implementation of the CsrfTokenRequestHandler interface that is capable of
masking the value of the CsrfToken on each request and resolving the raw token
value from the masked value as either a header or parameter value of the request.
|
XorServerCsrfTokenRequestAttributeHandler |
|
XXssProtectionHeaderWriter |
|
XXssProtectionHeaderWriter.HeaderValue |
The value of the x-xss-protection header.
|
XXssProtectionServerHttpHeadersWriter |
Add the x-xss-protection header.
|
XXssProtectionServerHttpHeadersWriter.HeaderValue |
The value of the x-xss-protection header.
|