Index (spring-security-web 6.3.7 API)

A B C D E F G H I J L M N O P R S T U V W X
All Classes and Interfaces|All Packages|Constant Field Values|Serialized Form

A

AbstractAuthenticationProcessingFilter - Class in org.springframework.security.web.authentication: Abstract processor of browser-based HTTP-based authentication requests.
AbstractAuthenticationProcessingFilter(String) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
AbstractAuthenticationProcessingFilter(String, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter: Creates a new instance with a default filterProcessesUrl and an AuthenticationManager
AbstractAuthenticationProcessingFilter(RequestMatcher) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter: Creates a new instance
AbstractAuthenticationProcessingFilter(RequestMatcher, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter: Creates a new instance with a RequestMatcher and an AuthenticationManager
AbstractAuthenticationTargetUrlRequestHandler - Class in org.springframework.security.web.authentication: Base class containing the logic used by strategies which handle redirection to a URL and are passed an Authentication object as part of the contract.
AbstractAuthenticationTargetUrlRequestHandler() - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
AbstractPreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth: Base class for processing filters that handle pre-authenticated authentication requests, where it is assumed that the principal has already been authenticated by an external system.
AbstractPreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
AbstractRememberMeServices - Class in org.springframework.security.web.authentication.rememberme: Base class for RememberMeServices implementations.
AbstractRememberMeServices(String, UserDetailsService) - Constructor for class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
AbstractRequestParameterAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions: Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
AbstractRetryEntryPoint - Class in org.springframework.security.web.access.channel
AbstractRetryEntryPoint(String, int) - Constructor for class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
AbstractSecurityWebApplicationInitializer - Class in org.springframework.security.web.context: Registers the DelegatingFilterProxy to use the springSecurityFilterChain before any other registered Filter.
AbstractSecurityWebApplicationInitializer() - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer: Creates a new instance that assumes the Spring Security configuration is loaded by some other means than this class.
AbstractSecurityWebApplicationInitializer(Class<?>...) - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer: Creates a new instance that will instantiate the ContextLoaderListener with the specified classes.
AbstractSessionFixationProtectionStrategy - Class in org.springframework.security.web.authentication.session: A base class for performing session fixation protection.
AbstractSessionFixationProtectionStrategy.NullEventPublisher - Class in org.springframework.security.web.authentication.session
ACCESS_DENIED_403 - Static variable in class org.springframework.security.web.WebAttributes: Used to cache an AccessDeniedException in the request for rendering.
AccessDeniedHandler - Interface in org.springframework.security.web.access: Used by ExceptionTranslationFilter to handle an AccessDeniedException.
AccessDeniedHandlerImpl - Class in org.springframework.security.web.access: Base implementation of AccessDeniedHandler.
AccessDeniedHandlerImpl() - Constructor for class org.springframework.security.web.access.AccessDeniedHandlerImpl
add(ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>>) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder
add(ServerWebExchangeMatcher, ReactiveAuthenticationManager) - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder: Maps a ServerWebExchangeMatcher to an ReactiveAuthenticationManager.
add(RequestMatcher, AuthenticationManager) - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver.Builder: Maps a RequestMatcher to an AuthorizationManager.
add(RequestMatcher, AuthorizationManager<RequestAuthorizationContext>) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder: Maps a RequestMatcher to an AuthorizationManager.
addHeader(String, String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
addSha256Pins(String...) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter: Deprecated.

Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
afterPropertiesSet() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter: Check whether all required properties have been set.
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource: Check that all required properties have been set.
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever: Loads the web.xml file using the configured ResourceLoader and parses the role-name elements from it, using these as the set of mappableAttributes.
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider: Check whether all required properties have been set.
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
afterPropertiesSet() - Method in class org.springframework.security.web.FilterChainProxy
afterPropertiesSet() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
afterPropertiesSet() - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
afterSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer: Invoked after the springSecurityFilterChain is added.
ALL - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
ALL - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
allOf(RequestMatcher...) - Static method in class org.springframework.security.web.util.matcher.RequestMatchers: Creates a RequestMatcher that matches if all the given RequestMatchers match, if matchers are empty then the returned matcher always matches.
ALLOW_FROM - Enum constant in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode: Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
allowableSessionsExceeded(List<SessionInformation>, int, SessionRegistry) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy: Allows subclasses to customise behaviour when too many sessions are detected.
allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy: Deprecated.

Method to be implemented by base classes, used to determine if the supplied origin is allowed.
allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy: Deprecated.
allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy: Deprecated.
ALLOWED_HEADER_NAMES - Static variable in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
ALLOWED_HEADER_VALUES - Static variable in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
ALLOWED_PARAMETER_NAMES - Static variable in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
ALLOWED_PARAMETER_VALUES - Static variable in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
AllowFromStrategy - Interface in org.springframework.security.web.header.writers.frameoptions: Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
AndRequestMatcher - Class in org.springframework.security.web.util.matcher: RequestMatcher that will return true if all of the passed in RequestMatcher instances match.
AndRequestMatcher(List<RequestMatcher>) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher: Creates a new instance
AndRequestMatcher(RequestMatcher...) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher: Creates a new instance
AndServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher: Matches if all the provided ServerWebExchangeMatcher match
AndServerWebExchangeMatcher(List<ServerWebExchangeMatcher>) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
AndServerWebExchangeMatcher(ServerWebExchangeMatcher...) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
anonymous() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl: Specify that URLs are allowed by anonymous users.
AnonymousAuthenticationFilter - Class in org.springframework.security.web.authentication: Detects if there is no Authentication object in the SecurityContextHolder, and populates it with one if needed.
AnonymousAuthenticationFilter(String) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter: Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
AnonymousAuthenticationFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
AnonymousAuthenticationWebFilter - Class in org.springframework.security.web.server.authentication: Detects if there is no Authentication object in the ReactiveSecurityContextHolder, and populates it with one if needed.
AnonymousAuthenticationWebFilter(String) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter: Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
AnonymousAuthenticationWebFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
antMatcher(String) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher: Creates a matcher with the specific pattern which will match all HTTP methods in a case-sensitive manner.
antMatcher(HttpMethod) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher: Creates a matcher that will match all request with the supplied HTTP method in a case-sensitive manner.
antMatcher(HttpMethod, String) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher: Creates a matcher with the supplied pattern and HTTP method in a case-sensitive manner.
AntPathRequestMatcher - Class in org.springframework.security.web.util.matcher: Matcher which compares a pre-defined ant-style pattern against the URL ( servletPath + pathInfo) of an HttpServletRequest.
AntPathRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher: Creates a matcher with the specific pattern which will match all HTTP methods in a case sensitive manner.
AntPathRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher: Creates a matcher with the supplied pattern and HTTP method in a case sensitive manner.
AntPathRequestMatcher(String, String, boolean) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher: Creates a matcher with the supplied pattern which will match the specified Http method
AntPathRequestMatcher(String, String, boolean, UrlPathHelper) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher: Creates a matcher with the supplied pattern which will match the specified Http method
ANY_CHANNEL - Static variable in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
anyExchange() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers: Matches any exchange
anyOf(RequestMatcher...) - Static method in class org.springframework.security.web.util.matcher.RequestMatchers: Creates a RequestMatcher that matches if at least one of the given RequestMatchers matches, if matchers are empty then the returned matcher never matches.
anyRequest() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder: Maps any request.
AnyRequestMatcher - Class in org.springframework.security.web.util.matcher: Matches any supplied request.
appendFilters(ServletContext, Filter...) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer: Inserts the provided Filters after existing Filters using default generated names, AbstractSecurityWebApplicationInitializer.getSecurityDispatcherTypes(), and AbstractSecurityWebApplicationInitializer.isAsyncSecuritySupported().
apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter: Deprecated.
apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter: Deprecated.
attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter: Performs actual authentication.
attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
attemptExitUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter: Attempt to exit from an already switched user.
attemptSwitchUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter: Attempt to switch to another user.
authenticate(Authentication) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider: Authenticate the given PreAuthenticatedAuthenticationToken.
authenticate(Authentication) - Method in class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
authenticated() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl: Specify that URLs are allowed by any authenticated user.
AUTHENTICATION_EXCEPTION - Static variable in class org.springframework.security.web.WebAttributes: Used to cache an authentication-failure exception in the session.
AUTHENTICATION_SCHEME_BASIC - Static variable in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
AuthenticationConverter - Interface in org.springframework.security.web.authentication: A strategy used for converting from a HttpServletRequest to an Authentication of particular type.
AuthenticationConverterServerWebExchangeMatcher - Class in org.springframework.security.web.server.authentication: Matches if the ServerAuthenticationConverter can convert a ServerWebExchange to an Authentication.
AuthenticationConverterServerWebExchangeMatcher(ServerAuthenticationConverter) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher
authenticationDetailsSource - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
AuthenticationEntryPoint - Interface in org.springframework.security.web: Used by ExceptionTranslationFilter to commence an authentication scheme.
AuthenticationEntryPointFailureHandler - Class in org.springframework.security.web.authentication: Adapts a AuthenticationEntryPoint into a AuthenticationFailureHandler
AuthenticationEntryPointFailureHandler(AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler
AuthenticationFailureHandler - Interface in org.springframework.security.web.authentication: Strategy used to handle a failed authentication attempt.
AuthenticationFilter - Class in org.springframework.security.web.authentication: A Filter that performs authentication of a particular request.
AuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter
AuthenticationFilter(AuthenticationManager, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter
authenticationIsRequired(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
AuthenticationPrincipal - Annotation Interface in org.springframework.security.web.bind.annotation: Deprecated.
Use AuthenticationPrincipal instead.
AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.bind.support: Deprecated.
Use AuthenticationPrincipalArgumentResolver instead.
AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.method.annotation: Allows resolving the Authentication.getPrincipal() using the AuthenticationPrincipal annotation.
AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.reactive.result.method.annotation: Resolves the Authentication
AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver: Deprecated.
AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
AuthenticationPrincipalArgumentResolver(ReactiveAdapterRegistry) - Constructor for class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
AuthenticationSuccessHandler - Interface in org.springframework.security.web.authentication: Strategy used to handle a successful user authentication.
AuthenticationSwitchUserEvent - Class in org.springframework.security.web.authentication.switchuser: Application event which indicates that a user context switch.
AuthenticationSwitchUserEvent(Authentication, UserDetails) - Constructor for class org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent: Switch user context event constructor
AuthenticationWebFilter - Class in org.springframework.security.web.server.authentication: A WebFilter that performs authentication of a particular request.
AuthenticationWebFilter(ReactiveAuthenticationManager) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter: Creates an instance
AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter: Creates an instance
AuthorizationContext - Class in org.springframework.security.web.server.authorization
AuthorizationContext(ServerWebExchange) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext
AuthorizationContext(ServerWebExchange, Map<String, Object>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext
AuthorizationFilter - Class in org.springframework.security.web.access.intercept: An authorization filter that restricts access to the URL using AuthorizationManager.
AuthorizationFilter(AuthorizationManager<HttpServletRequest>) - Constructor for class org.springframework.security.web.access.intercept.AuthorizationFilter: Creates an instance.
AuthorizationManagerWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access: An implementation of WebInvocationPrivilegeEvaluator which delegates the checks to an instance of AuthorizationManager
AuthorizationManagerWebInvocationPrivilegeEvaluator(AuthorizationManager<HttpServletRequest>) - Constructor for class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer - Interface in org.springframework.security.web.access: Used to transform the HttpServletRequest prior to passing it into the AuthorizationManager.
AuthorizationWebFilter - Class in org.springframework.security.web.server.authorization
AuthorizationWebFilter(ReactiveAuthorizationManager<? super ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationWebFilter
autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices: Template implementation which locates the Spring Security cookie, decodes it into a delimited array of tokens and submits it to subclasses for processing via the processAutoLoginCookie method.
autoLogin(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.RememberMeServices: This method will be called whenever the SecurityContextHolder does not contain an Authentication object and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities.

B

BASIC - Static variable in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter: Deprecated.
BasicAuthenticationConverter - Class in org.springframework.security.web.authentication.www: Converts from a HttpServletRequest to UsernamePasswordAuthenticationToken that can be authenticated.
BasicAuthenticationConverter() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
BasicAuthenticationConverter(AuthenticationDetailsSource<HttpServletRequest, ?>) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
BasicAuthenticationEntryPoint - Class in org.springframework.security.web.authentication.www: Used by the ExceptionTranslationFilter to commence authentication via the BasicAuthenticationFilter.
BasicAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
BasicAuthenticationFilter - Class in org.springframework.security.web.authentication.www: Processes a HTTP request's BASIC authorization headers, putting the result into the SecurityContextHolder.
BasicAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter: Creates an instance which will authenticate against the supplied AuthenticationManager and which will ignore failed authentication attempts, allowing the request to proceed down the filter chain.
BasicAuthenticationFilter(AuthenticationManager, AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter: Creates an instance which will authenticate against the supplied AuthenticationManager and use the supplied AuthenticationEntryPoint to handle authentication failures.
bearerToken(String) - Static method in class org.springframework.security.web.http.SecurityHeaders: Sets the provided value as a Bearer token in a header with the name of HttpHeaders.AUTHORIZATION
beforeConcurrentHandling(NativeWebRequest, Callable<T>) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
beforeSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer: Invoked before the springSecurityFilterChain is added.
build() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder: Creates a RequestMatcherDelegatingAuthorizationManager instance.
build() - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver.Builder: Creates a RequestMatcherDelegatingAuthenticationManagerResolver instance.
build() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
build() - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder: Creates a ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver instance.
build() - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder
build() - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource: Builds the authentication details object.
buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.WebAuthenticationDetailsSource
builder() - Static method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager: Creates a builder for RequestMatcherDelegatingAuthorizationManager.
builder() - Static method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver: Creates a builder for RequestMatcherDelegatingAuthorizationManager.
builder() - Static method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver: Creates a builder for RequestMatcherDelegatingAuthorizationManager.
builder() - Static method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager
builder() - Static method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter
Builder() - Constructor for class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
Builder() - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
Builder() - Constructor for class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
Builder(HandlerMappingIntrospector) - Constructor for class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder: Construct a new instance of this builder
buildFullRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils
buildFullRequestUrl(String, String, int, String, String) - Static method in class org.springframework.security.web.util.UrlUtils: Obtains the full URL the client used to make the request.
buildHttpsRedirectUrlForRequest(HttpServletRequest) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint: Builds a URL to redirect the supplied request to HTTPS.
buildRedirectUrlToLoginPage(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
buildRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils: Obtains the web application-specific fragment of the request URL.

C

CACHE - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
CACHE - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
CACHE_CONTRTOL_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter: The value for cache control value
CacheControlHeadersWriter - Class in org.springframework.security.web.header.writers: Inserts headers to prevent caching if no cache control headers have been specified.
CacheControlHeadersWriter() - Constructor for class org.springframework.security.web.header.writers.CacheControlHeadersWriter: Creates a new instance
CacheControlServerHttpHeadersWriter - Class in org.springframework.security.web.server.header: Writes cache control related headers.
CacheControlServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
calculateLoginLifetime(HttpServletRequest, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices: Calculates the validity period in seconds for a newly generated remember-me login.
calculateRedirectUrl(String, String) - Method in class org.springframework.security.web.DefaultRedirectStrategy
cancelCookie(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices: Sets a "cancel cookie" (with maxAge = 0) on the response to disable persistent logins.
ChangeSessionIdAuthenticationStrategy - Class in org.springframework.security.web.authentication.session: Uses HttpServletRequest.changeSessionId() to protect against session fixation attacks.
ChangeSessionIdAuthenticationStrategy() - Constructor for class org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy
ChannelDecisionManager - Interface in org.springframework.security.web.access.channel: Decides whether a web channel provides sufficient security.
ChannelDecisionManagerImpl - Class in org.springframework.security.web.access.channel: Implementation of ChannelDecisionManager.
ChannelDecisionManagerImpl() - Constructor for class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
ChannelEntryPoint - Interface in org.springframework.security.web.access.channel: May be used by a ChannelProcessor to launch a web channel.
ChannelProcessingFilter - Class in org.springframework.security.web.access.channel: Ensures a web request is delivered over the required channel.
ChannelProcessingFilter() - Constructor for class org.springframework.security.web.access.channel.ChannelProcessingFilter
ChannelProcessor - Interface in org.springframework.security.web.access.channel: Decides whether a web channel meets a specific security condition.
check(String) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker
check(String) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiReactivePasswordChecker
check(Supplier<Authentication>, HttpServletRequest) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager: Delegates to a specific AuthorizationManager based on a RequestMatcher evaluation.
check(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager: Determines the access by evaluating the provided expression.
check(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.IpAddressAuthorizationManager
check(Mono<Authentication>, AuthorizationContext) - Method in class org.springframework.security.web.server.authorization.IpAddressReactiveAuthorizationManager
check(Mono<Authentication>, ServerWebExchange) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager
CLEAR_SITE_DATA_HEADER - Static variable in class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
clearAuthenticationAttributes(HttpServletRequest) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler: Removes temporary authentication-related data which may have been stored in the session during the authentication process.
ClearSiteDataHeaderWriter - Class in org.springframework.security.web.header.writers: Provides support for Clear Site Data.
ClearSiteDataHeaderWriter(ClearSiteDataHeaderWriter.Directive...) - Constructor for class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter: Creates a new instance of ClearSiteDataHeaderWriter with given sources.
ClearSiteDataHeaderWriter.Directive - Enum Class in org.springframework.security.web.header.writers: Represents the directive values expected by the ClearSiteDataHeaderWriter.
ClearSiteDataServerHttpHeadersWriter - Class in org.springframework.security.web.server.header: Writes the Clear-Site-Data response header when the request is secure.
ClearSiteDataServerHttpHeadersWriter(ClearSiteDataServerHttpHeadersWriter.Directive...) - Constructor for class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter: Constructs a new instance using the given directives.
ClearSiteDataServerHttpHeadersWriter.Directive - Enum Class in org.springframework.security.web.server.header: Represents the directive values expected by the ClearSiteDataServerHttpHeadersWriter
commence(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
commence(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.access.channel.ChannelEntryPoint: Commences a secure channel.
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.Http403ForbiddenEntryPoint: Always returns a 403 error code to the client.
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.HttpStatusEntryPoint
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint: Performs the redirect (or forward) to the login form URL.
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.NoOpAuthenticationEntryPoint
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in interface org.springframework.security.web.AuthenticationEntryPoint: Commences an authentication scheme.
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
commence(ServerWebExchange, AuthenticationException) - Method in interface org.springframework.security.web.server.ServerAuthenticationEntryPoint: Initiates the authentication flow
CompositeAccessDeniedHandler - Class in org.springframework.security.web.access
CompositeAccessDeniedHandler(Collection<AccessDeniedHandler>) - Constructor for class org.springframework.security.web.access.CompositeAccessDeniedHandler
CompositeAccessDeniedHandler(AccessDeniedHandler...) - Constructor for class org.springframework.security.web.access.CompositeAccessDeniedHandler
CompositeHeaderWriter - Class in org.springframework.security.web.header.writers: A HeaderWriter that delegates to several other HeaderWriters.
CompositeHeaderWriter(List<HeaderWriter>) - Constructor for class org.springframework.security.web.header.writers.CompositeHeaderWriter: Creates a new instance.
CompositeLogoutHandler - Class in org.springframework.security.web.authentication.logout: Performs a logout through all the LogoutHandler implementations.
CompositeLogoutHandler(List<LogoutHandler>) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
CompositeLogoutHandler(LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
CompositeRequestRejectedHandler - Class in org.springframework.security.web.firewall: A RequestRejectedHandler that delegates to several other RequestRejectedHandlers.
CompositeRequestRejectedHandler(RequestRejectedHandler...) - Constructor for class org.springframework.security.web.firewall.CompositeRequestRejectedHandler: Creates a new instance.
CompositeServerHttpHeadersWriter - Class in org.springframework.security.web.server.header: Combines multiple ServerHttpHeadersWriter instances into a single instance.
CompositeServerHttpHeadersWriter(List<ServerHttpHeadersWriter>) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
CompositeServerHttpHeadersWriter(ServerHttpHeadersWriter...) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
CompositeSessionAuthenticationStrategy - Class in org.springframework.security.web.authentication.session: A SessionAuthenticationStrategy that accepts multiple SessionAuthenticationStrategy implementations to delegate to.
CompositeSessionAuthenticationStrategy(List<SessionAuthenticationStrategy>) - Constructor for class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
ConcurrentSessionControlAuthenticationStrategy - Class in org.springframework.security.web.authentication.session: Strategy which handles concurrent session-control.
ConcurrentSessionControlAuthenticationStrategy(SessionRegistry) - Constructor for class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
ConcurrentSessionControlServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication: Controls the number of sessions a user can have concurrently authenticated in an application.
ConcurrentSessionControlServerAuthenticationSuccessHandler(ReactiveSessionRegistry, ServerMaximumSessionsExceededHandler) - Constructor for class org.springframework.security.web.server.authentication.ConcurrentSessionControlServerAuthenticationSuccessHandler
ConcurrentSessionFilter - Class in org.springframework.security.web.session: Filter required by concurrent session handling package.
ConcurrentSessionFilter(SessionRegistry) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
ConcurrentSessionFilter(SessionRegistry, String) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter: Deprecated.
use ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) with SimpleRedirectSessionInformationExpiredStrategy instead.
ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository
containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
containsContext(HttpServletRequest) - Method in interface org.springframework.security.web.context.SecurityContextRepository: Allows the repository to be queried as to whether it contains a security context for the current request.
CONTENT_SECURITY_POLICY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
CONTENT_SECURITY_POLICY_REPORT_ONLY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
ContentSecurityPolicyHeaderWriter - Class in org.springframework.security.web.header.writers: Provides support for Content Security Policy (CSP) Level 2.
ContentSecurityPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter: Creates a new instance.
ContentSecurityPolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter: Creates a new instance
ContentSecurityPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header: Writes the Contet-Security-Policy response header with configured policy directives.
ContentSecurityPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
ContentTypeOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header: Adds X-Content-Type-Options: nosniff
ContentTypeOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
convert(HttpServletRequest) - Method in interface org.springframework.security.web.authentication.AuthenticationConverter
convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationConverter
convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter
convert(ServerWebExchange) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationConverter: Converts a ServerWebExchange to an Authentication
convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter
convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter
convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter
CookieClearingLogoutHandler - Class in org.springframework.security.web.authentication.logout: A logout handler which clears either - A defined list of cookie names, using the context path as the cookie path OR - A given list of Cookies
CookieClearingLogoutHandler(Cookie...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
CookieClearingLogoutHandler(String...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
CookieCsrfTokenRepository - Class in org.springframework.security.web.csrf: A CsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.
CookieCsrfTokenRepository() - Constructor for class org.springframework.security.web.csrf.CookieCsrfTokenRepository
CookieRequestCache - Class in org.springframework.security.web.savedrequest: An Implementation of RequestCache which saves the original request URI in a cookie.
CookieRequestCache() - Constructor for class org.springframework.security.web.savedrequest.CookieRequestCache
COOKIES - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
COOKIES - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
CookieServerCsrfTokenRepository - Class in org.springframework.security.web.server.csrf: A ServerCsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.
CookieServerCsrfTokenRepository() - Constructor for class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
CookieServerRequestCache - Class in org.springframework.security.web.server.savedrequest: An implementation of ServerRequestCache that saves the requested URI in a cookie.
CookieServerRequestCache() - Constructor for class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
CookieTheftException - Exception in org.springframework.security.web.authentication.rememberme
CookieTheftException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.CookieTheftException
CREATE_TABLE_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl: Default SQL for creating the database table to store the tokens
createAuthentication(HttpServletRequest) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
createAuthentication(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
createELContext(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher: Subclasses can override this methode if they want to use a different EL root context
createEvaluationContext(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
createNewToken(PersistentRememberMeToken) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
createSecurityExpressionRoot(Authentication, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
createSecurityExpressionRoot(Authentication, FilterInvocation) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
createSuccessfulAuthentication(HttpServletRequest, UserDetails) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices: Creates the final Authentication object returned from the autoLogin method.
createUserDetails(Authentication, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService: Creates the final UserDetails object.
CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
CrossOriginEmbedderPolicyHeaderWriter - Class in org.springframework.security.web.header.writers: Inserts Cross-Origin-Embedder-Policy header.
CrossOriginEmbedderPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter
CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy - Enum Class in org.springframework.security.web.header.writers
CrossOriginEmbedderPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header: Inserts Cross-Origin-Embedder-Policy headers.
CrossOriginEmbedderPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter
CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy - Enum Class in org.springframework.security.web.server.header
CrossOriginOpenerPolicyHeaderWriter - Class in org.springframework.security.web.header.writers: Inserts the Cross-Origin-Opener-Policy header
CrossOriginOpenerPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter
CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy - Enum Class in org.springframework.security.web.header.writers
CrossOriginOpenerPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header: Inserts Cross-Origin-Opener-Policy header.
CrossOriginOpenerPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter
CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy - Enum Class in org.springframework.security.web.server.header
CrossOriginResourcePolicyHeaderWriter - Class in org.springframework.security.web.header.writers: Inserts Cross-Origin-Resource-Policy header
CrossOriginResourcePolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter
CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy - Enum Class in org.springframework.security.web.header.writers
CrossOriginResourcePolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header: Inserts Cross-Origin-Resource-Policy headers.
CrossOriginResourcePolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter
CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy - Enum Class in org.springframework.security.web.server.header
CsrfAuthenticationStrategy - Class in org.springframework.security.web.csrf: CsrfAuthenticationStrategy is in charge of removing the CsrfToken upon authenticating.
CsrfAuthenticationStrategy(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfAuthenticationStrategy: Creates a new instance
CsrfException - Exception in org.springframework.security.web.csrf: Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest
CsrfException - Exception in org.springframework.security.web.server.csrf: Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest
CsrfException(String) - Constructor for exception org.springframework.security.web.csrf.CsrfException
CsrfException(String) - Constructor for exception org.springframework.security.web.server.csrf.CsrfException
CsrfFilter - Class in org.springframework.security.web.csrf: Applies CSRF protection using a synchronizer token pattern.
CsrfFilter(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfFilter: Creates a new instance.
CsrfLogoutHandler - Class in org.springframework.security.web.csrf: CsrfLogoutHandler is in charge of removing the CsrfToken upon logout.
CsrfLogoutHandler(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfLogoutHandler: Creates a new instance
CsrfRequestDataValueProcessor - Class in org.springframework.security.web.reactive.result.view
CsrfRequestDataValueProcessor - Class in org.springframework.security.web.servlet.support.csrf: Integration with Spring Web MVC that automatically adds the CsrfToken into forms with hidden inputs when using Spring tag libraries.
CsrfRequestDataValueProcessor() - Constructor for class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
CsrfRequestDataValueProcessor() - Constructor for class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
CsrfServerLogoutHandler - Class in org.springframework.security.web.server.csrf: CsrfServerLogoutHandler is in charge of removing the CsrfToken upon logout.
CsrfServerLogoutHandler(ServerCsrfTokenRepository) - Constructor for class org.springframework.security.web.server.csrf.CsrfServerLogoutHandler: Creates a new instance
CsrfToken - Interface in org.springframework.security.web.csrf: Provides the information about an expected CSRF token.
CsrfToken - Interface in org.springframework.security.web.server.csrf
CsrfTokenArgumentResolver - Class in org.springframework.security.web.method.annotation: Allows resolving the current CsrfToken.
CsrfTokenArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver
CsrfTokenRepository - Interface in org.springframework.security.web.csrf: An API to allow changing the method in which the expected CsrfToken is associated to the HttpServletRequest.
CsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.csrf: An implementation of the CsrfTokenRequestHandler interface that is capable of making the CsrfToken available as a request attribute and resolving the token value as either a header or parameter value of the request.
CsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler
CsrfTokenRequestHandler - Interface in org.springframework.security.web.csrf: A callback interface that is used to make the CsrfToken created by the CsrfTokenRepository available as a request attribute.
CsrfTokenRequestResolver - Interface in org.springframework.security.web.csrf: Implementations of this interface are capable of resolving the token value of a CsrfToken from the provided HttpServletRequest.
CsrfWebFilter - Class in org.springframework.security.web.server.csrf: Applies CSRF protection using a synchronizer token pattern.
CsrfWebFilter() - Constructor for class org.springframework.security.web.server.csrf.CsrfWebFilter
currentDate - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat: Current formatted date.
currentDateGenerated - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat: Instant on which the currentDate object was generated.
CurrentSecurityContextArgumentResolver - Class in org.springframework.security.web.method.annotation: Allows resolving the SecurityContext using the CurrentSecurityContext annotation.
CurrentSecurityContextArgumentResolver - Class in org.springframework.security.web.reactive.result.method.annotation: Resolves the SecurityContext
CurrentSecurityContextArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
CurrentSecurityContextArgumentResolver(ReactiveAdapterRegistry) - Constructor for class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver

D

DebugFilter - Class in org.springframework.security.web.debug: Spring Security debugging filter.
DebugFilter(FilterChainProxy) - Constructor for class org.springframework.security.web.debug.DebugFilter
decide(FilterInvocation, Collection<ConfigAttribute>) - Method in interface org.springframework.security.web.access.channel.ChannelDecisionManager: Decided whether the presented FilterInvocation provides the appropriate level of channel security based on the requested list of ConfigAttributes.
decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
decide(FilterInvocation, Collection<ConfigAttribute>) - Method in interface org.springframework.security.web.access.channel.ChannelProcessor: Decided whether the presented FilterInvocation provides the appropriate level of channel security based on the requested list of ConfigAttributes.
decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
decodeCookie(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices: Decodes the cookie and splits it into a set of token strings using the ":" delimiter.
decorate(FilterChain) - Method in interface org.springframework.security.web.FilterChainProxy.FilterChainDecorator: Provide a new FilterChain that accounts for needed security considerations when there are no security filters.
decorate(FilterChain) - Method in class org.springframework.security.web.FilterChainProxy.VirtualFilterChainDecorator: Provide a new FilterChain that accounts for needed security considerations when there are no security filters.
decorate(FilterChain) - Method in class org.springframework.security.web.ObservationFilterChainDecorator
decorate(FilterChain, List<Filter>) - Method in interface org.springframework.security.web.FilterChainProxy.FilterChainDecorator: Provide a new FilterChain that accounts for the provided filters as well as the original filter chain.
decorate(FilterChain, List<Filter>) - Method in class org.springframework.security.web.FilterChainProxy.VirtualFilterChainDecorator: Provide a new FilterChain that accounts for the provided filters as well as the original filter chain.
decorate(FilterChain, List<Filter>) - Method in class org.springframework.security.web.ObservationFilterChainDecorator
decorate(WebFilterChain) - Method in class org.springframework.security.web.server.ObservationWebFilterChainDecorator
decorate(WebFilterChain) - Method in class org.springframework.security.web.server.WebFilterChainProxy.DefaultWebFilterChainDecorator: Provide a new FilterChain that accounts for needed security considerations when there are no security filters.
decorate(WebFilterChain) - Method in interface org.springframework.security.web.server.WebFilterChainProxy.WebFilterChainDecorator: Provide a new FilterChain that accounts for needed security considerations when there are no security filters.
decorate(WebFilterChain, List<WebFilter>) - Method in class org.springframework.security.web.server.ObservationWebFilterChainDecorator
decorate(WebFilterChain, List<WebFilter>) - Method in class org.springframework.security.web.server.WebFilterChainProxy.DefaultWebFilterChainDecorator: Provide a new FilterChain that accounts for the provided filters as well as the original filter chain.
decorate(WebFilterChain, List<WebFilter>) - Method in interface org.springframework.security.web.server.WebFilterChainProxy.WebFilterChainDecorator: Provide a new FilterChain that accounts for the provided filters as well as the original filter chain.
DEF_INSERT_TOKEN_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl: The default SQL used by createNewToken
DEF_REMOVE_USER_TOKENS_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl: The default SQL used by removeUserTokens
DEF_TOKEN_BY_SERIES_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl: The default SQL used by the getTokenBySeries query
DEF_UPDATE_TOKEN_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl: The default SQL used by updateToken
DEFAULT_CSRF_ATTR_NAME - Static variable in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor: The default request attribute to look for a CsrfToken.
DEFAULT_CSRF_MATCHER - Static variable in class org.springframework.security.web.csrf.CsrfFilter: The default RequestMatcher that indicates if CSRF protection is required or not.
DEFAULT_CSRF_MATCHER - Static variable in class org.springframework.security.web.server.csrf.CsrfWebFilter
DEFAULT_EXTRACTOR - Static variable in class org.springframework.security.web.util.ThrowableAnalyzer: Default extractor for Throwable instances.
DEFAULT_FILTER_NAME - Static variable in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
DEFAULT_LOGIN_PAGE_URL - Static variable in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
DEFAULT_LOGOUT_SUCCESS_URL - Static variable in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
DEFAULT_PARAMETER - Static variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
DEFAULT_REQUEST_ATTR_NAME - Static variable in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository: The default request attribute name to use.
DEFAULT_SERIES_LENGTH - Static variable in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME - Static variable in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository: The default session attribute name to save and load the SecurityContext
DEFAULT_TOKEN_LENGTH - Static variable in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
DefaultCsrfToken - Class in org.springframework.security.web.csrf: A CSRF token that is used to protect against CSRF attacks.
DefaultCsrfToken - Class in org.springframework.security.web.server.csrf: A CSRF token that is used to protect against CSRF attacks.
DefaultCsrfToken(String, String, String) - Constructor for class org.springframework.security.web.csrf.DefaultCsrfToken: Creates a new instance
DefaultCsrfToken(String, String, String) - Constructor for class org.springframework.security.web.server.csrf.DefaultCsrfToken: Creates a new instance
DefaultFilterInvocationSecurityMetadataSource - Class in org.springframework.security.web.access.intercept: Default implementation of FilterInvocationDefinitionSource.
DefaultFilterInvocationSecurityMetadataSource(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>) - Constructor for class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource: Sets the internal request map from the supplied map.
DefaultHttpFirewall - Class in org.springframework.security.web.firewall: User's should consider using StrictHttpFirewall because rather than trying to sanitize a malicious URL it rejects the malicious URL providing better security guarantees.
DefaultHttpFirewall() - Constructor for class org.springframework.security.web.firewall.DefaultHttpFirewall
DefaultHttpSecurityExpressionHandler - Class in org.springframework.security.web.access.expression: A SecurityExpressionHandler that uses a RequestAuthorizationContext to create a WebSecurityExpressionRoot.
DefaultHttpSecurityExpressionHandler() - Constructor for class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
DefaultLoginPageGeneratingFilter - Class in org.springframework.security.web.authentication.ui: For internal use with namespace configuration in the case where a user doesn't configure a login page.
DefaultLoginPageGeneratingFilter() - Constructor for class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
DefaultLoginPageGeneratingFilter(UsernamePasswordAuthenticationFilter) - Constructor for class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
DefaultLogoutPageGeneratingFilter - Class in org.springframework.security.web.authentication.ui: Generates a default log out page.
DefaultLogoutPageGeneratingFilter() - Constructor for class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
DefaultRedirectStrategy - Class in org.springframework.security.web: Simple implementation of RedirectStrategy which is the default used throughout the framework.
DefaultRedirectStrategy() - Constructor for class org.springframework.security.web.DefaultRedirectStrategy
DefaultRequestRejectedHandler - Class in org.springframework.security.web.firewall: Default implementation of RequestRejectedHandler that simply rethrows the exception.
DefaultRequestRejectedHandler() - Constructor for class org.springframework.security.web.firewall.DefaultRequestRejectedHandler
DefaultSavedRequest - Class in org.springframework.security.web.savedrequest: Represents central information from a HttpServletRequest.
DefaultSavedRequest(HttpServletRequest, PortResolver) - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest
DefaultSavedRequest(HttpServletRequest, PortResolver, String) - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest
DefaultSavedRequest.Builder - Class in org.springframework.security.web.savedrequest
DefaultSecurityFilterChain - Class in org.springframework.security.web: Standard implementation of SecurityFilterChain.
DefaultSecurityFilterChain(RequestMatcher, Filter...) - Constructor for class org.springframework.security.web.DefaultSecurityFilterChain
DefaultSecurityFilterChain(RequestMatcher, List<Filter>) - Constructor for class org.springframework.security.web.DefaultSecurityFilterChain
DefaultServerRedirectStrategy - Class in org.springframework.security.web.server: The default ServerRedirectStrategy to use.
DefaultServerRedirectStrategy() - Constructor for class org.springframework.security.web.server.DefaultServerRedirectStrategy
DefaultWebFilterChainDecorator() - Constructor for class org.springframework.security.web.server.WebFilterChainProxy.DefaultWebFilterChainDecorator
DefaultWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access: Deprecated.
Use AuthorizationManagerWebInvocationPrivilegeEvaluator instead
DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor) - Constructor for class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator: Deprecated.
DefaultWebSecurityExpressionHandler - Class in org.springframework.security.web.access.expression
DefaultWebSecurityExpressionHandler() - Constructor for class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
DeferredCsrfToken - Interface in org.springframework.security.web.csrf: An interface that allows delayed access to a CsrfToken that may be generated.
DelegateEntry(ServerWebExchangeMatcher, ServerAccessDeniedHandler) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry
DelegateEntry(ServerWebExchangeMatcher, ServerAuthenticationEntryPoint) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry
DelegatingAccessDeniedHandler - Class in org.springframework.security.web.access: An AccessDeniedHandler that delegates to other AccessDeniedHandler instances based upon the type of AccessDeniedException passed into DelegatingAccessDeniedHandler.handle(HttpServletRequest, HttpServletResponse, AccessDeniedException).
DelegatingAccessDeniedHandler(LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler>, AccessDeniedHandler) - Constructor for class org.springframework.security.web.access.DelegatingAccessDeniedHandler: Creates a new instance
DelegatingAuthenticationConverter - Class in org.springframework.security.web.authentication: A AuthenticationConverter, that iterates over multiple AuthenticationConverter.
DelegatingAuthenticationConverter(List<AuthenticationConverter>) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationConverter
DelegatingAuthenticationConverter(AuthenticationConverter...) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationConverter
DelegatingAuthenticationEntryPoint - Class in org.springframework.security.web.authentication: An AuthenticationEntryPoint which selects a concrete AuthenticationEntryPoint based on a RequestMatcher evaluation.
DelegatingAuthenticationEntryPoint(LinkedHashMap<RequestMatcher, AuthenticationEntryPoint>) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
DelegatingAuthenticationFailureHandler - Class in org.springframework.security.web.authentication: An AuthenticationFailureHandler that delegates to other AuthenticationFailureHandler instances based upon the type of AuthenticationException passed into DelegatingAuthenticationFailureHandler.onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) .
DelegatingAuthenticationFailureHandler(LinkedHashMap<Class<? extends AuthenticationException>, AuthenticationFailureHandler>, AuthenticationFailureHandler) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationFailureHandler: Creates a new instance
DelegatingLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout: Delegates to logout handlers based on matched request matchers
DelegatingLogoutSuccessHandler(LinkedHashMap<RequestMatcher, LogoutSuccessHandler>) - Constructor for class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler
DelegatingReactiveAuthorizationManager - Class in org.springframework.security.web.server.authorization
DelegatingReactiveAuthorizationManager.Builder - Class in org.springframework.security.web.server.authorization
DelegatingRequestMatcherHeaderWriter - Class in org.springframework.security.web.header.writers: Delegates to the provided HeaderWriter when RequestMatcher.matches(HttpServletRequest) returns true.
DelegatingRequestMatcherHeaderWriter(RequestMatcher, HeaderWriter) - Constructor for class org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter: Creates a new instance
DelegatingSecurityContextRepository - Class in org.springframework.security.web.context
DelegatingSecurityContextRepository(List<SecurityContextRepository>) - Constructor for class org.springframework.security.web.context.DelegatingSecurityContextRepository
DelegatingSecurityContextRepository(SecurityContextRepository...) - Constructor for class org.springframework.security.web.context.DelegatingSecurityContextRepository
DelegatingServerAuthenticationConverter - Class in org.springframework.security.web.server.authentication: A ServerAuthenticationConverter that delegates to other ServerAuthenticationConverter instances.
DelegatingServerAuthenticationConverter(List<ServerAuthenticationConverter>) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter
DelegatingServerAuthenticationConverter(ServerAuthenticationConverter...) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter
DelegatingServerAuthenticationEntryPoint - Class in org.springframework.security.web.server: A ServerAuthenticationEntryPoint which delegates to multiple ServerAuthenticationEntryPoint based on a ServerWebExchangeMatcher
DelegatingServerAuthenticationEntryPoint(List<DelegatingServerAuthenticationEntryPoint.DelegateEntry>) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
DelegatingServerAuthenticationEntryPoint(DelegatingServerAuthenticationEntryPoint.DelegateEntry...) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
DelegatingServerAuthenticationEntryPoint.DelegateEntry - Class in org.springframework.security.web.server
DelegatingServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication: Delegates to a collection of ServerAuthenticationSuccessHandler implementations.
DelegatingServerAuthenticationSuccessHandler(List<ServerAuthenticationSuccessHandler>) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler: Creates a new instance with the provided list of delegates
DelegatingServerAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler...) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler
DelegatingServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout: Delegates to a collection of ServerLogoutHandler implementations.
DelegatingServerLogoutHandler(Collection<ServerLogoutHandler>) - Constructor for class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler
DelegatingServerLogoutHandler(ServerLogoutHandler...) - Constructor for class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler
DENY - Enum constant in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
DENY - Enum constant in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode: A browser receiving content with this header field MUST NOT display this content in any frame.
denyAll() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl: Specify that URLs are not allowed by anyone.
destroy() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Deprecated.

Not used (we rely on IoC container lifecycle services instead)
destroy() - Method in class org.springframework.security.web.debug.DebugFilter
determineCauseChain(Throwable) - Method in class org.springframework.security.web.util.ThrowableAnalyzer: Determines the cause chain of the provided Throwable.
determineExpiredUrl(HttpServletRequest, SessionInformation) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter: Deprecated.
Use ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) instead.
determineTargetUrl(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler: Builds the target URL according to the logic defined in the main class Javadoc.
determineTargetUrl(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler: Builds the target URL according to the logic defined in the main class Javadoc
determineUrlToUseForThisRequest(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint: Allows subclasses to modify the login form URL that should be applicable for a given request.
DigestAuthenticationEntryPoint - Class in org.springframework.security.web.authentication.www: Used by the SecurityEnforcementFilter to commence authentication via the DigestAuthenticationFilter.
DigestAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
DigestAuthenticationFilter - Class in org.springframework.security.web.authentication.www: Processes a HTTP request's Digest authorization headers, putting the result into the SecurityContextHolder.
DigestAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
DISABLED - Enum constant in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
DISABLED - Enum constant in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
DisableEncodeUrlFilter - Class in org.springframework.security.web.session: Disables encoding URLs using the HttpServletResponse to prevent including the session id in URLs which is not considered URL because the session id can be leaked in things like HTTP access logs.
DisableEncodeUrlFilter() - Constructor for class org.springframework.security.web.session.DisableEncodeUrlFilter
disableOnResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper: Invoke this method to disable invoking OnCommittedResponseWrapper.onResponseCommitted() when the HttpServletResponse is committed.
disableSaveOnResponseCommitted() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper: Deprecated.

Invoke this method to disable automatic saving of the SecurityContext when the HttpServletResponse is committed.
DispatcherTypeRequestMatcher - Class in org.springframework.security.web.util.matcher: Checks the DispatcherType to decide whether to match a given request.
DispatcherTypeRequestMatcher(DispatcherType) - Constructor for class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher: Creates an instance which matches requests with the provided DispatcherType
DispatcherTypeRequestMatcher(DispatcherType, HttpMethod) - Constructor for class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher: Creates an instance which matches requests with the provided DispatcherType and HttpMethod
doesRequestMatch(HttpServletRequest, PortResolver) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest: Determines if the current request matches the DefaultSavedRequest.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Deprecated.

Method that is actually called by the filter chain.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter: Invokes the requiresAuthentication method to determine whether the request is for authentication and should be handled by this filter.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter: Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.context.SecurityContextHolderFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.context.SecurityContextPersistenceFilter: Deprecated.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.debug.DebugFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.FilterChainProxy
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter: Attempts to obtain and run as a JAAS Subject using JaasApiIntegrationFilter.obtainSubject(ServletRequest).
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.savedrequest.RequestCacheAwareFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.session.SessionManagementFilter
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.csrf.CsrfFilter
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.header.HeaderWriterFilter
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.RequestMatcherRedirectFilter
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.session.DisableEncodeUrlFilter
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.session.ForceEagerSessionCreationFilter

E

ELRequestMatcher - Class in org.springframework.security.web.util.matcher: A RequestMatcher implementation which uses a SpEL expression
ELRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.ELRequestMatcher
EMBEDDER_POLICY - Static variable in class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter
ENABLED - Enum constant in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
ENABLED - Enum constant in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
ENABLED_MODE_BLOCK - Enum constant in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
ENABLED_MODE_BLOCK - Enum constant in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
enableHttpSessionEventPublisher() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer: Override this if HttpSessionEventPublisher should be added as a listener.
encodeCookie(String[]) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices: Inverse operation of decodeCookie.
encodeRedirectURL(String) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper: Deprecated.
encodeURL(String) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper: Deprecated.
Enumerator<T> - Class in org.springframework.security.web.savedrequest: Adapter that wraps an Enumeration around a Java 2 collection Iterator.
Enumerator(Collection<T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator: Return an Enumeration over the values of the specified Collection.
Enumerator(Collection<T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator: Return an Enumeration over the values of the specified Collection.
Enumerator(Iterator<T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator: Return an Enumeration over the values returned by the specified Iterator.
Enumerator(Iterator<T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator: Return an Enumeration over the values returned by the specified Iterator.
Enumerator(Map<?, T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator: Return an Enumeration over the values of the specified Map.
Enumerator(Map<?, T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator: Return an Enumeration over the values of the specified Map.
equals(Object) - Method in class org.springframework.security.web.access.intercept.RequestKey
equals(Object) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
equals(Object) - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
equals(Object) - Method in class org.springframework.security.web.header.Header
equals(Object) - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
equals(Object) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
equals(Object) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
equals(Object) - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
ERROR_PARAMETER_NAME - Static variable in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
errorOnInvalidType() - Element in annotation interface org.springframework.security.web.bind.annotation.AuthenticationPrincipal: Deprecated.

True if a ClassCastException should be thrown when the current Authentication.getPrincipal() is the incorrect type.
escapeEntities(String) - Static method in class org.springframework.security.web.util.TextEscapeUtils
eventPublisher - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
ExceptionMappingAuthenticationFailureHandler - Class in org.springframework.security.web.authentication: Uses the internal map of exceptions types to URLs to determine the destination on authentication failure.
ExceptionMappingAuthenticationFailureHandler() - Constructor for class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler
ExceptionTranslationFilter - Class in org.springframework.security.web.access: Handles any AccessDeniedException and AuthenticationException thrown within the filter chain.
ExceptionTranslationFilter(AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.access.ExceptionTranslationFilter
ExceptionTranslationFilter(AuthenticationEntryPoint, RequestCache) - Constructor for class org.springframework.security.web.access.ExceptionTranslationFilter
ExceptionTranslationWebFilter - Class in org.springframework.security.web.server.authorization
ExceptionTranslationWebFilter() - Constructor for class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
ExchangeMatcherRedirectWebFilter - Class in org.springframework.security.web.server: Web filter that redirects requests that match ServerWebExchangeMatcher to the specified URL.
ExchangeMatcherRedirectWebFilter(ServerWebExchangeMatcher, String) - Constructor for class org.springframework.security.web.server.ExchangeMatcherRedirectWebFilter: Create and initialize an instance of the web filter.
EXECUTION_CONTEXTS - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
EXECUTION_CONTEXTS - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
exitSwitchUser(WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter: Attempt to exit from an already switched user.
EXPIRES_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter: The value for expires value
ExpressionBasedFilterInvocationSecurityMetadataSource - Class in org.springframework.security.web.access.expression: Expression-based FilterInvocationSecurityMetadataSource.
ExpressionBasedFilterInvocationSecurityMetadataSource(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>, SecurityExpressionHandler<FilterInvocation>) - Constructor for class org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource
extractAttributes(HttpSession) - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy: Called to extract the existing attributes from the session, prior to invalidating it.
extractCause(Throwable) - Method in interface org.springframework.security.web.util.ThrowableCauseExtractor: Extracts the cause from the provided Throwable.
extractPrincipal(X509Certificate) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
extractPrincipal(X509Certificate) - Method in interface org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor: Returns the principal (usually a String) for the given certificate.
extractRememberMeCookie(HttpServletRequest) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices: Locates the Spring Security remember me cookie in the request and returns its value.
extractUriTemplateVariables(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher: Deprecated.
extractUriTemplateVariables(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher: Deprecated.
extractUriTemplateVariables(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestVariablesExtractor: Deprecated.

Extract URL template variables from the request.

F

FastHttpDateFormat - Class in org.springframework.security.web.savedrequest: Utility class to generate HTTP dates.
FEATURE_POLICY - Static variable in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
FeaturePolicyHeaderWriter - Class in org.springframework.security.web.header.writers: Provides support for Feature Policy.
FeaturePolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter: Create a new instance of FeaturePolicyHeaderWriter with supplied security policy directive(s).
FeaturePolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header: Writes the Feature-Policy response header with configured policy directives.
FeaturePolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authorization.AuthorizationWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.context.ReactorContextWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ExchangeMatcherRedirectWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.header.HttpHeaderWriterWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.WebFilterChainProxy
FilterChainProxy - Class in org.springframework.security.web: Delegates Filter requests to a list of Spring-managed filter beans.
FilterChainProxy() - Constructor for class org.springframework.security.web.FilterChainProxy
FilterChainProxy(List<SecurityFilterChain>) - Constructor for class org.springframework.security.web.FilterChainProxy
FilterChainProxy(SecurityFilterChain) - Constructor for class org.springframework.security.web.FilterChainProxy
FilterChainProxy.FilterChainDecorator - Interface in org.springframework.security.web: A strategy for decorating the provided filter chain with one that accounts for the SecurityFilterChain for a given request.
FilterChainProxy.FilterChainValidator - Interface in org.springframework.security.web
FilterChainProxy.VirtualFilterChainDecorator - Class in org.springframework.security.web: A FilterChainProxy.FilterChainDecorator that uses the FilterChainProxy.VirtualFilterChain
FilterInvocation - Class in org.springframework.security.web: Holds objects associated with a HTTP filter.
FilterInvocation(ServletRequest, ServletResponse, FilterChain) - Constructor for class org.springframework.security.web.FilterInvocation
FilterInvocation(String, String) - Constructor for class org.springframework.security.web.FilterInvocation
FilterInvocation(String, String, String) - Constructor for class org.springframework.security.web.FilterInvocation
FilterInvocation(String, String, String, ServletContext) - Constructor for class org.springframework.security.web.FilterInvocation
FilterInvocation(String, String, String, String, String) - Constructor for class org.springframework.security.web.FilterInvocation
FilterInvocation(String, String, String, String, String, ServletContext) - Constructor for class org.springframework.security.web.FilterInvocation
FilterInvocationSecurityMetadataSource - Interface in org.springframework.security.web.access.intercept: Marker interface for SecurityMetadataSource implementations that are designed to perform lookups keyed on FilterInvocations.
FilterSecurityInterceptor - Class in org.springframework.security.web.access.intercept: Deprecated.
Use AuthorizationFilter instead
FilterSecurityInterceptor() - Constructor for class org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Deprecated.
findRequiredWebApplicationContext(ServletContext) - Static method in class org.springframework.security.web.context.support.SecurityWebApplicationContextUtils: Find a unique WebApplicationContext for this web app: either the root web app context (preferred) or a unique WebApplicationContext among the registered ServletContext attributes (typically coming from a single DispatcherServlet in the current web application).
FirewalledRequest - Class in org.springframework.security.web.firewall: Request wrapper which is returned by the HttpFirewall interface.
FirewalledRequest(HttpServletRequest) - Constructor for class org.springframework.security.web.firewall.FirewalledRequest: Constructs a request object wrapping the given request.
flushBuffer() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper: Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the superclass flushBuffer()
ForceEagerSessionCreationFilter - Class in org.springframework.security.web.session: Eagerly creates HttpSession if it does not already exist.
ForceEagerSessionCreationFilter() - Constructor for class org.springframework.security.web.session.ForceEagerSessionCreationFilter
format - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat: HTTP date format.
formatCache - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat: Formatter cache.
formatDate(long, DateFormat) - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat: Formats a specified date to HTTP format.
formats - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat: The set of SimpleDateFormat formats to use in getDateHeader().
ForwardAuthenticationFailureHandler - Class in org.springframework.security.web.authentication: Forward Authentication Failure Handler
ForwardAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler
ForwardAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication: Forward Authentication Success Handler
ForwardAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler
ForwardLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout: LogoutSuccessHandler implementation that will perform a request dispatcher "forward" to the specified target URL.
ForwardLogoutSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.logout.ForwardLogoutSuccessHandler: Construct a new ForwardLogoutSuccessHandler with the given target URL.
from(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
from(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
from(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
from(String) - Static method in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
fullyAuthenticated() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl: Specify that URLs are allowed by users who have authenticated and were not "remembered".

G

generateNewContext() - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository: By default, calls SecurityContextHolder.createEmptyContext() to obtain a new context (there should be no context present in the holder when this method is called).
generateSeriesData() - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
generateToken(HttpServletRequest) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository: Generates a CsrfToken
generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository: Deprecated.

Generates a new token
generateToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
generateToken(ServerWebExchange) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository: Generates a CsrfToken
generateToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
generateTokenData() - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
get() - Method in interface org.springframework.security.web.csrf.DeferredCsrfToken: Gets the CsrfToken
get(String) - Static method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
getAccessDeniedHandler() - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry
getAllConfigAttributes() - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
getAllowFromValue(HttpServletRequest) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy: Deprecated.
getAllowFromValue(HttpServletRequest) - Method in interface org.springframework.security.web.header.writers.frameoptions.AllowFromStrategy: Deprecated.

Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
getAllowFromValue(HttpServletRequest) - Method in class org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy: Deprecated.
getAllowSessionCreation() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
getAttributes(Object) - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
getAuthentication() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext
getAuthenticationConverter() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
getAuthenticationEntryPoint() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
getAuthenticationEntryPoint() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
getAuthenticationEntryPoint() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
getAuthenticationManager() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
getAuthenticationManager() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
getAuthenticationManagerResolver() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
getAuthenticationTrustResolver() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
getAuthorities() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
getAuthority() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
getAuthorizationManager() - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter: Gets the AuthorizationManager used by this filter
getChain() - Method in class org.springframework.security.web.FilterInvocation
getChain() - Method in class org.springframework.security.web.server.WebFilterExchange: The filter chain
getChannelDecisionManager() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
getChannelProcessors() - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
getComment() - Method in class org.springframework.security.web.savedrequest.SavedCookie: Deprecated, for removal: This API element is subject to removal in a future version.
getContextPath() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getCookie() - Method in class org.springframework.security.web.savedrequest.SavedCookie
getCookieName() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
getCookiePath() - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository: Get the path that the CSRF cookie will be set to.
getCookies() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getCookies() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
getCookies() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
getCredentials() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken: Get the credentials
getCredentialsCharset() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
getCredentialsCharset(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
getCredentialsCharset(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
getCurrentDate() - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat: Gets the current date in HTTP format.
getCurrentSession() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext
getDate() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
getDecodedUrlBlacklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall: Provides the existing decoded url blocklist which can add/remove entries from
getDecodedUrlBlocklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall: Provides the existing decoded url blocklist which can add/remove entries from
getDecodedUrlBlocklist() - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
getDefaultTargetUrl() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler: Supplies the default target Url that will be used if no saved request is found or the alwaysUseDefaultTargetUrl property is set to true.
getDigestAlgorithm() - Method in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm
getDispatcherWebApplicationContextSuffix() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer: Return the <servlet-name> to use the DispatcherServlet's WebApplicationContext to find the DelegatingFilterProxy or null to use the parent ApplicationContext.
getDomain() - Method in class org.springframework.security.web.savedrequest.SavedCookie
getEncodedUrlBlacklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall: Deprecated.
Use StrictHttpFirewall.getEncodedUrlBlocklist() instead
getEncodedUrlBlocklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall: Provides the existing encoded url blocklist which can add/remove entries from
getEncodedUrlBlocklist() - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
getEntry() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry
getEntry() - Method in class org.springframework.security.web.util.matcher.RequestMatcherEntry
getEntryPoint() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
getEntryPoint() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
getEntryPoint() - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry
getExchange() - Method in class org.springframework.security.web.server.authorization.AuthorizationContext
getExchange() - Method in class org.springframework.security.web.server.WebFilterExchange: Get the exchange
getExtraHiddenFields(HttpServletRequest) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
getExtraHiddenFields(ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
getFailureHandler() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
getFailureHandler() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
getFilterChainProxy() - Method in class org.springframework.security.web.debug.DebugFilter
getFilterChains() - Method in class org.springframework.security.web.FilterChainProxy
getFilters() - Method in class org.springframework.security.web.DefaultSecurityFilterChain
getFilters() - Method in interface org.springframework.security.web.SecurityFilterChain
getFilters(String) - Method in class org.springframework.security.web.FilterChainProxy: Convenience method, mainly for testing.
getFirewalledExchange(ServerWebExchange) - Method in interface org.springframework.security.web.server.firewall.ServerWebExchangeFirewall: Get a ServerWebExchange that has firewall rules applied to it.
getFirewalledExchange(ServerWebExchange) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
getFirewalledRequest(HttpServletRequest) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall
getFirewalledRequest(HttpServletRequest) - Method in interface org.springframework.security.web.firewall.HttpFirewall: Provides the request object which will be passed through the filter chain.
getFirewalledRequest(HttpServletRequest) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
getFirewalledResponse(HttpServletResponse) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall
getFirewalledResponse(HttpServletResponse) - Method in interface org.springframework.security.web.firewall.HttpFirewall: Provides the response which will be passed through the filter chain.
getFirewalledResponse(HttpServletResponse) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
getFirstThrowableOfType(Class<? extends Throwable>, Throwable[]) - Method in class org.springframework.security.web.util.ThrowableAnalyzer: Returns the first throwable from the passed in array that is assignable to the provided type.
getFullRequestUrl() - Method in class org.springframework.security.web.FilterInvocation: Indicates the URL that the user agent used for this request.
getGrantedAuthorities() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
getHeaderName() - Method in interface org.springframework.security.web.csrf.CsrfToken: Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter.
getHeaderName() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken
getHeaderName() - Method in interface org.springframework.security.web.server.csrf.CsrfToken: Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter.
getHeaderName() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
getHeaderNames() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getHeaderNames() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
getHeaderNames() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
getHeaderValue() - Method in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
getHeaderValue() - Method in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
getHeaderValues(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getHeaderValues(String) - Method in interface org.springframework.security.web.savedrequest.SavedRequest
getHeaderValues(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
getHttpRequest() - Method in class org.springframework.security.web.FilterInvocation
getHttpResponse() - Method in class org.springframework.security.web.FilterInvocation
getId() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent
getInsecureKeyword() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
getInstance() - Static method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository
getInstance() - Static method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
getKey() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
getKey() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
getLocales() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getLocales() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
getLocales() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
getLoginFormUrl() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
getLoginPageUrl() - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
getMappableAttributes() - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.RetryWithHttpEntryPoint
getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint
getMatcher() - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry
getMatcher() - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry
getMatcher() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry
getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache: Returns a wrapper around the saved request, if it matches the current request.
getMaxAge() - Method in class org.springframework.security.web.savedrequest.SavedCookie
getMaximumSessionsAllowed() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext
getMaximumSessionsForThisUser(Authentication) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy: Method intended for use by subclasses to override the maximum number of sessions that are permitted for a particular authentication.
getMethod() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getMethod() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
getMethod() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
getName() - Method in class org.springframework.security.web.header.Header: Gets the name of the header.
getName() - Method in class org.springframework.security.web.savedrequest.SavedCookie
getNewSessionId() - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent: Getter for the session ID after it was changed.
getNewSessionId() - Method in class org.springframework.security.web.session.HttpSessionIdChangedEvent
getNonceValiditySeconds() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
getOldSessionId() - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent: Getter for the session ID before it was changed.
getOldSessionId() - Method in class org.springframework.security.web.session.HttpSessionIdChangedEvent
getOrder() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
getOrder() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
getOutputStream() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper: Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the calling getOutputStream().close() or getOutputStream().flush()
getParameter() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
getParameterMap() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getParameterMap() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
getParameterMap() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
getParameterName() - Method in interface org.springframework.security.web.csrf.CsrfToken: Gets the HTTP parameter name that should contain the token.
getParameterName() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken
getParameterName() - Method in interface org.springframework.security.web.server.csrf.CsrfToken: Gets the HTTP parameter name that should contain the token.
getParameterName() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
getParameterNames() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getParameterValues(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getParameterValues(String) - Method in interface org.springframework.security.web.savedrequest.SavedRequest
getParameterValues(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
getPasswordParameter() - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
getPath() - Method in class org.springframework.security.web.savedrequest.SavedCookie
getPathInfo() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getPattern() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
getPolicy() - Method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
getPolicy() - Method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
getPolicy() - Method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
getPolicy() - Method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
getPolicy() - Method in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy
getPolicy() - Method in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
getPolicy() - Method in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
getPolicy() - Method in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
getPortMapper() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
getPortMapper() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
getPortMapper() - Method in class org.springframework.security.web.PortResolverImpl
getPortResolver() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
getPortResolver() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter: Override to extract the credentials (if applicable) from the current request.
getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter: For J2EE container-based authentication there is no generic way to retrieve the credentials, as such this method returns a fixed dummy value.
getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter: Credentials aren't usually applicable, but if a credentialsEnvironmentVariable is set, this will be read and used as the credentials value.
getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter: Credentials aren't usually applicable, but if a credentialsRequestHeader is set, this will be read and used as the credentials value.
getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter: For J2EE container-based authentication there is no generic way to retrieve the credentials, as such this method returns a fixed dummy value.
getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter: Override to extract the principal information from the current request
getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter: Return the J2EE user name.
getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter: Read and returns the variable named by principalEnvironmentVariable from the request.
getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter: Read and returns the header named by principalRequestHeader from the request.
getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter: Return the WebSphere user name.
getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
getPrincipal() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
getPrincipal() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken: Get the principal
getPrincipal() - Method in class org.springframework.security.web.server.context.SecurityContextServerWebExchange
getQueryString() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getRealmName() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
getRealmName() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
getRedirectStrategy() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
getRedirectStrategy() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
getRedirectStrategy() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
getRedirectUri(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache: Get the URI that can be redirected to trigger the saved request to be used
getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
getRedirectUrl() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest: Indicates the URL that the user agent used for this request.
getRedirectUrl() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
getRedirectUrl() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
getRememberMeServices() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
getRememberMeServices() - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
getRemoteAddress() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails: Indicates the TCP/IP address the authentication request was received from.
getRemoteUser() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper: Returns the principal's name, as obtained from the SecurityContextHolder.
getRequest() - Method in class org.springframework.security.web.access.intercept.RequestAuthorizationContext: Returns the HttpServletRequest.
getRequest() - Method in class org.springframework.security.web.context.HttpRequestResponseHolder: Deprecated.
getRequest() - Method in class org.springframework.security.web.FilterInvocation
getRequest() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
getRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache: Returns the saved request, leaving it cached.
getRequestMatcher() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
getRequestMatcher() - Method in class org.springframework.security.web.DefaultSecurityFilterChain
getRequestMatcher() - Method in class org.springframework.security.web.util.matcher.RequestMatcherEntry
getRequestURI() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getRequestUrl() - Method in class org.springframework.security.web.FilterInvocation: Obtains the web application-specific fragment of the URL.
getRequestURL() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getResponse() - Method in class org.springframework.security.web.context.HttpRequestResponseHolder: Deprecated.
getResponse() - Method in class org.springframework.security.web.FilterInvocation
getResponse() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
getScheme() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getSecureKeyword() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
getSecureObjectClass() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Deprecated.
getSecurityContexts() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent
getSecurityDispatcherTypes() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer: Get the DispatcherType for the springSecurityFilterChain.
getSecurityMetadataSource() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
getSecurityMetadataSource() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Deprecated.
getSeries() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
getServerName() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getServerPort() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getServerPort(ServletRequest) - Method in interface org.springframework.security.web.PortResolver: Indicates the port the ServletRequest was received on.
getServerPort(ServletRequest) - Method in class org.springframework.security.web.PortResolverImpl
getServletPath() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
getServletPath() - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
getSession() - Method in class org.springframework.security.web.session.HttpSessionCreatedEvent
getSession() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent
getSessionId() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails: Indicates the HttpSession id the authentication request was received from.
getSessionInformation() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
getSessions() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext
getSessionTrackingModes() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer: Determines how a session should be tracked.
getSource() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority: Returns the original user associated with a successful user switch.
getSuccessHandler() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
getSuccessHandler() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
getTargetUrlParameter() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
getTargetUser() - Method in class org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent
getToken() - Method in interface org.springframework.security.web.csrf.CsrfToken: Gets the token value.
getToken() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken
getToken() - Method in interface org.springframework.security.web.server.csrf.CsrfToken: Gets the token value.
getToken() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
getTokenForSeries(String) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
getTokenForSeries(String) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl: Loads the token data for the supplied series identifier.
getTokenForSeries(String) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
getTokenValiditySeconds() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
getTokenValue() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
getTranslatedPortMappings() - Method in class org.springframework.security.web.PortMapperImpl: Returns the translated (Integer -> Integer) version of the original port mapping specified via setHttpsPortMapping()
getUrl() - Method in class org.springframework.security.web.util.RedirectUrlBuilder
getUserCache() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
getUserDetailsService() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
getUserDetailsService() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
getUsername() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
getUsername(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter: Returns the name of the target user.
getUsernameParameter() - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
getUserPrincipal() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper: Returns the Authentication (which is a subclass of Principal), or null if unavailable.
getUserRoles(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource: Obtains the list of user roles based on the current user's JEE roles.
getValue() - Method in class org.springframework.security.web.savedrequest.SavedCookie
getValues() - Method in class org.springframework.security.web.header.Header: Gets the values of the header.
getVariables() - Method in class org.springframework.security.web.access.intercept.RequestAuthorizationContext: Returns the extracted variable values where the key is the variable name and the value is the variable value.
getVariables() - Method in class org.springframework.security.web.server.authorization.AuthorizationContext
getVariables() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult: Gets potential variables and their values
getVariables() - Method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult: Returns the extracted variable values where the key is the variable name and the value is the variable value
getVersion() - Method in class org.springframework.security.web.savedrequest.SavedCookie: Deprecated, for removal: This API element is subject to removal in a future version.
getWebFilters() - Method in class org.springframework.security.web.server.MatcherSecurityWebFilterChain
getWebFilters() - Method in interface org.springframework.security.web.server.SecurityWebFilterChain: The WebFilter to use
getWriter() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper: Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the getWriter().close() or getWriter().flush()
gmtZone - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat: GMT time zone - all HTTP dates are on GMT

H

handle(HttpServletRequest, HttpServletResponse, Supplier<CsrfToken>) - Method in class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler
handle(HttpServletRequest, HttpServletResponse, Supplier<CsrfToken>) - Method in interface org.springframework.security.web.csrf.CsrfTokenRequestHandler: Handles a request using a CsrfToken.
handle(HttpServletRequest, HttpServletResponse, Supplier<CsrfToken>) - Method in class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in interface org.springframework.security.web.access.AccessDeniedHandler: Handles an access denied failure.
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.AccessDeniedHandlerImpl
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.CompositeAccessDeniedHandler
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.DelegatingAccessDeniedHandler
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.NoOpAccessDeniedHandler
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.ObservationMarkingAccessDeniedHandler
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingAccessDeniedHandler
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.session.InvalidSessionAccessDeniedHandler
handle(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler: Invokes the configured RedirectStrategy with the URL returned by the determineTargetUrl method.
handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.CompositeRequestRejectedHandler
handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.DefaultRequestRejectedHandler
handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler
handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.ObservationMarkingRequestRejectedHandler
handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in interface org.springframework.security.web.firewall.RequestRejectedHandler: Handles an request rejected failure.
handle(MaximumSessionsContext) - Method in class org.springframework.security.web.server.authentication.InvalidateLeastUsedServerMaximumSessionsExceededHandler
handle(MaximumSessionsContext) - Method in class org.springframework.security.web.server.authentication.PreventLoginServerMaximumSessionsExceededHandler
handle(MaximumSessionsContext) - Method in interface org.springframework.security.web.server.authentication.ServerMaximumSessionsExceededHandler: Handles the scenario when the maximum number of sessions for a user has been reached.
handle(ServerWebExchange, AccessDeniedException) - Method in class org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler
handle(ServerWebExchange, AccessDeniedException) - Method in interface org.springframework.security.web.server.authorization.ServerAccessDeniedHandler
handle(ServerWebExchange, AccessDeniedException) - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler
handle(ServerWebExchange, ServerExchangeRejectedException) - Method in class org.springframework.security.web.server.firewall.HttpStatusExchangeRejectedHandler
handle(ServerWebExchange, ServerExchangeRejectedException) - Method in interface org.springframework.security.web.server.firewall.ServerExchangeRejectedHandler: Handles an request rejected failure.
handle(ServerWebExchange, Mono<CsrfToken>) - Method in class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
handle(ServerWebExchange, Mono<CsrfToken>) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler: Handles a request using a CsrfToken.
handle(ServerWebExchange, Mono<CsrfToken>) - Method in class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler
HandlerMappingIntrospectorRequestTransformer - Class in org.springframework.security.web.access: Transforms by passing it into HandlerMappingIntrospector.setCache(HttpServletRequest).
HandlerMappingIntrospectorRequestTransformer(HandlerMappingIntrospector) - Constructor for class org.springframework.security.web.access.HandlerMappingIntrospectorRequestTransformer
hasAnyAuthority(String...) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl: Specifies that a user requires one of many authorities.
hasAnyRole(String...) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl: Specifies that a user requires one of many roles.
hasAuthority(String) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl: Specifies a user requires an authority.
hashCode() - Method in class org.springframework.security.web.access.intercept.RequestKey
hashCode() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
hashCode() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
hashCode() - Method in class org.springframework.security.web.header.Header
hashCode() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
hashCode() - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
hashCode() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
hashCode() - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
hasIpAddress(String) - Method in class org.springframework.security.web.access.expression.WebSecurityExpressionRoot: Takes a specific IP address or a range using the IP/Netmask (e.g.
hasIpAddress(String) - Static method in class org.springframework.security.web.access.IpAddressAuthorizationManager: Creates an instance of IpAddressAuthorizationManager with the provided IP address.
hasIpAddress(String) - Static method in class org.springframework.security.web.server.authorization.IpAddressReactiveAuthorizationManager: Creates an instance of IpAddressReactiveAuthorizationManager with the provided IP address.
hasMoreElements() - Method in class org.springframework.security.web.savedrequest.Enumerator: Tests if this enumeration contains more elements.
hasRole(String) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl: Specifies a user requires a role.
HaveIBeenPwnedRestApiPasswordChecker - Class in org.springframework.security.web.authentication.password: Checks if the provided password was leaked by relying on Have I Been Pwned REST API.
HaveIBeenPwnedRestApiPasswordChecker() - Constructor for class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker
HaveIBeenPwnedRestApiReactivePasswordChecker - Class in org.springframework.security.web.authentication.password: Checks if the provided password was leaked by relying on Have I Been Pwned REST API.
HaveIBeenPwnedRestApiReactivePasswordChecker() - Constructor for class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiReactivePasswordChecker
header(String, String...) - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
Header - Class in org.springframework.security.web.header: Represents a Header to be added to the HttpServletResponse
Header(String, String...) - Constructor for class org.springframework.security.web.header.Header: Creates a new instance
HeaderWriter - Interface in org.springframework.security.web.header: Contract for writing headers to a HttpServletResponse
HeaderWriterFilter - Class in org.springframework.security.web.header: Filter implementation to add headers to the current response.
HeaderWriterFilter(List<HeaderWriter>) - Constructor for class org.springframework.security.web.header.HeaderWriterFilter: Creates a new instance.
HeaderWriterLogoutHandler - Class in org.springframework.security.web.authentication.logout
HeaderWriterLogoutHandler(HeaderWriter) - Constructor for class org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler: Constructs a new instance using the passed HeaderWriter implementation
HeaderWriterServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout: A ServerLogoutHandler implementation which writes HTTP headers during logout.
HeaderWriterServerLogoutHandler(ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.authentication.logout.HeaderWriterServerLogoutHandler: Constructs a new instance using the ServerHttpHeadersWriter implementation.
HpkpHeaderWriter - Class in org.springframework.security.web.header.writers: Deprecated.
see Certificate and Public Key Pinning for more context
HpkpHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter: Deprecated.

Creates a new instance
HpkpHeaderWriter(long) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter: Deprecated.

Creates a new instance
HpkpHeaderWriter(long, boolean) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter: Deprecated.

Creates a new instance
HpkpHeaderWriter(long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter: Deprecated.

Creates a new instance
HstsHeaderWriter - Class in org.springframework.security.web.header.writers: Provides support for HTTP Strict Transport Security (HSTS).
HstsHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter: Creates a new instance
HstsHeaderWriter(boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter: Creates a new instance
HstsHeaderWriter(long) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter: Creates a new instance
HstsHeaderWriter(long, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter: Creates a new instance
HstsHeaderWriter(long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter: Creates a new instance
HstsHeaderWriter(RequestMatcher, long, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter: Creates a new instance
HstsHeaderWriter(RequestMatcher, long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter: Creates a new instance
Http403ForbiddenEntryPoint - Class in org.springframework.security.web.authentication: In the pre-authenticated authentication case (unlike CAS, for example) the user will already have been identified through some external mechanism and a secure context established by the time the security-enforcement filter is invoked.
Http403ForbiddenEntryPoint() - Constructor for class org.springframework.security.web.authentication.Http403ForbiddenEntryPoint
HttpBasicServerAuthenticationEntryPoint - Class in org.springframework.security.web.server.authentication: Prompts a user for HTTP Basic authentication.
HttpBasicServerAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint
HttpFirewall - Interface in org.springframework.security.web.firewall: Interface which can be used to reject potentially dangerous requests and/or wrap them to control their behaviour.
HttpHeaderWriterWebFilter - Class in org.springframework.security.web.server.header: Invokes a ServerHttpHeadersWriter on ReactiveHttpOutputMessage.beforeCommit(java.util.function.Supplier).
HttpHeaderWriterWebFilter(ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.header.HttpHeaderWriterWebFilter
HttpRequestResponseHolder - Class in org.springframework.security.web.context: Deprecated.
Use SecurityContextRepository.loadDeferredContext(HttpServletRequest)
HttpRequestResponseHolder(HttpServletRequest, HttpServletResponse) - Constructor for class org.springframework.security.web.context.HttpRequestResponseHolder: Deprecated.
HttpSessionCreatedEvent - Class in org.springframework.security.web.session: Published by the HttpSessionEventPublisher when an HttpSession is created by the container
HttpSessionCreatedEvent(HttpSession) - Constructor for class org.springframework.security.web.session.HttpSessionCreatedEvent
HttpSessionCsrfTokenRepository - Class in org.springframework.security.web.csrf: A CsrfTokenRepository that stores the CsrfToken in the HttpSession.
HttpSessionCsrfTokenRepository() - Constructor for class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
HttpSessionDestroyedEvent - Class in org.springframework.security.web.session: Published by the HttpSessionEventPublisher when a HttpSession is removed from the container
HttpSessionDestroyedEvent(HttpSession) - Constructor for class org.springframework.security.web.session.HttpSessionDestroyedEvent
HttpSessionEventPublisher - Class in org.springframework.security.web.session: Declared in web.xml as
HttpSessionEventPublisher() - Constructor for class org.springframework.security.web.session.HttpSessionEventPublisher
HttpSessionIdChangedEvent - Class in org.springframework.security.web.session: Published by the HttpSessionEventPublisher when an HttpSession ID is changed.
HttpSessionIdChangedEvent(HttpSession, String) - Constructor for class org.springframework.security.web.session.HttpSessionIdChangedEvent
HttpSessionRequestCache - Class in org.springframework.security.web.savedrequest: RequestCache which stores the SavedRequest in the HttpSession.
HttpSessionRequestCache() - Constructor for class org.springframework.security.web.savedrequest.HttpSessionRequestCache
HttpSessionSecurityContextRepository - Class in org.springframework.security.web.context: A SecurityContextRepository implementation which stores the security context in the HttpSession between requests.
HttpSessionSecurityContextRepository() - Constructor for class org.springframework.security.web.context.HttpSessionSecurityContextRepository
HttpsRedirectWebFilter - Class in org.springframework.security.web.server.transport: Redirects any non-HTTPS request to its HTTPS equivalent.
HttpsRedirectWebFilter() - Constructor for class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
HttpStatusEntryPoint - Class in org.springframework.security.web.authentication: An AuthenticationEntryPoint that sends a generic HttpStatus as a response.
HttpStatusEntryPoint(HttpStatus) - Constructor for class org.springframework.security.web.authentication.HttpStatusEntryPoint: Creates a new instance.
HttpStatusExchangeRejectedHandler - Class in org.springframework.security.web.server.firewall: A simple implementation of ServerExchangeRejectedHandler that sends an error with configurable status code.
HttpStatusExchangeRejectedHandler() - Constructor for class org.springframework.security.web.server.firewall.HttpStatusExchangeRejectedHandler: Constructs an instance which uses 400 as response code.
HttpStatusExchangeRejectedHandler(HttpStatus) - Constructor for class org.springframework.security.web.server.firewall.HttpStatusExchangeRejectedHandler: Constructs an instance which uses a configurable http code as response.
HttpStatusRequestRejectedHandler - Class in org.springframework.security.web.firewall: A simple implementation of RequestRejectedHandler that sends an error with configurable status code.
HttpStatusRequestRejectedHandler() - Constructor for class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler: Constructs an instance which uses 400 as response code.
HttpStatusRequestRejectedHandler(int) - Constructor for class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler: Constructs an instance which uses a configurable http code as response.
HttpStatusReturningLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout: Implementation of the LogoutSuccessHandler.
HttpStatusReturningLogoutSuccessHandler() - Constructor for class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler: Initialize the HttpStatusLogoutSuccessHandler with the default HttpStatus.OK.
HttpStatusReturningLogoutSuccessHandler(HttpStatus) - Constructor for class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler: Initialize the HttpStatusLogoutSuccessHandler with a user-defined HttpStatus.
HttpStatusReturningServerLogoutSuccessHandler - Class in org.springframework.security.web.server.authentication.logout: Implementation of the ServerLogoutSuccessHandler.
HttpStatusReturningServerLogoutSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler: Initialize the HttpStatusReturningServerLogoutSuccessHandler with the default HttpStatus.OK.
HttpStatusReturningServerLogoutSuccessHandler(HttpStatus) - Constructor for class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler: Initialize the HttpStatusReturningServerLogoutSuccessHandler with a user-defined HttpStatus.
HttpStatusServerAccessDeniedHandler - Class in org.springframework.security.web.server.authorization: Sets the provided HTTP Status when access is denied.
HttpStatusServerAccessDeniedHandler(HttpStatus) - Constructor for class org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler: Creates an instance with the provided status
HttpStatusServerEntryPoint - Class in org.springframework.security.web.server.authentication: A ServerAuthenticationEntryPoint that sends a generic HttpStatus as a response.
HttpStatusServerEntryPoint(HttpStatus) - Constructor for class org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint

I

IDENTITY - Static variable in interface org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer
init(FilterConfig) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Deprecated.

Not used (we rely on IoC container lifecycle services instead)
init(FilterConfig) - Method in class org.springframework.security.web.debug.DebugFilter
initDao() - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
initExtractorMap() - Method in class org.springframework.security.web.util.ThrowableAnalyzer: Initializes associations between Throwables and ThrowableCauseExtractors.
InMemoryTokenRepositoryImpl - Class in org.springframework.security.web.authentication.rememberme: Simple PersistentTokenRepository implementation backed by a Map.
InMemoryTokenRepositoryImpl() - Constructor for class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
INSECURE_NOOP - Static variable in interface org.springframework.security.web.server.firewall.ServerWebExchangeFirewall: An implementation of StrictServerWebExchangeFirewall that does nothing.
InsecureChannelProcessor - Class in org.springframework.security.web.access.channel: Ensures channel security is inactive by review of HttpServletRequest.isSecure() responses.
InsecureChannelProcessor() - Constructor for class org.springframework.security.web.access.channel.InsecureChannelProcessor
insertFilters(ServletContext, Filter...) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer: Inserts the provided Filters before existing Filters using default generated names, AbstractSecurityWebApplicationInitializer.getSecurityDispatcherTypes(), and AbstractSecurityWebApplicationInitializer.isAsyncSecuritySupported().
INSTANCE - Static variable in class org.springframework.security.web.util.matcher.AnyRequestMatcher
InvalidateLeastUsedServerMaximumSessionsExceededHandler - Class in org.springframework.security.web.server.authentication: Implementation of ServerMaximumSessionsExceededHandler that invalidates the least recently used ReactiveSessionInformation and removes the related sessions from the WebSessionStore.
InvalidateLeastUsedServerMaximumSessionsExceededHandler(WebSessionStore) - Constructor for class org.springframework.security.web.server.authentication.InvalidateLeastUsedServerMaximumSessionsExceededHandler
InvalidCookieException - Exception in org.springframework.security.web.authentication.rememberme: Exception thrown by a RememberMeServices implementation to indicate that a submitted cookie is of an invalid format or has expired.
InvalidCookieException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.InvalidCookieException
InvalidCsrfTokenException - Exception in org.springframework.security.web.csrf: Thrown when an expected CsrfToken exists, but it does not match the value present on the HttpServletRequest
InvalidCsrfTokenException(CsrfToken, String) - Constructor for exception org.springframework.security.web.csrf.InvalidCsrfTokenException
InvalidSessionAccessDeniedHandler - Class in org.springframework.security.web.session: An adapter of InvalidSessionStrategy to AccessDeniedHandler
InvalidSessionAccessDeniedHandler(InvalidSessionStrategy) - Constructor for class org.springframework.security.web.session.InvalidSessionAccessDeniedHandler: Creates a new instance
InvalidSessionStrategy - Interface in org.springframework.security.web.session: Determines the behaviour of the SessionManagementFilter when an invalid session Id is submitted and detected in the SessionManagementFilter.
INVOCATIONTARGET_EXTRACTOR - Static variable in class org.springframework.security.web.util.ThrowableAnalyzer: Default extractor for InvocationTargetException instances.
invoke(FilterInvocation) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Deprecated.
IpAddressAuthorizationManager - Class in org.springframework.security.web.access: A AuthorizationManager, that determines if the current request contains the specified address or range of addresses
IpAddressMatcher - Class in org.springframework.security.web.util.matcher: Matches a request based on IP Address or subnet mask matching against the remote address.
IpAddressMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.IpAddressMatcher: Takes a specific IP address or a range specified using the IP/Netmask (e.g.
IpAddressReactiveAuthorizationManager - Class in org.springframework.security.web.server.authorization: A ReactiveAuthorizationManager, that determines if the current request contains the specified address or range of addresses
IpAddressServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher: Matches a request based on IP Address or subnet mask matching against the remote address.
IpAddressServerWebExchangeMatcher(String) - Constructor for class org.springframework.security.web.server.util.matcher.IpAddressServerWebExchangeMatcher: Takes a specific IP address or a range specified using the IP/Netmask (e.g.
isAbsoluteUrl(String) - Static method in class org.springframework.security.web.util.UrlUtils: Decides if a URL is absolute based on whether it contains a valid scheme name, as defined in RFC 1738.
isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator: Deprecated.

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator: Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
isAllowed(String, String, String, Authentication) - Method in interface org.springframework.security.web.access.WebInvocationPrivilegeEvaluator: Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator: Deprecated.

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator: Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
isAllowed(String, Authentication) - Method in interface org.springframework.security.web.access.WebInvocationPrivilegeEvaluator: Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
isAllowSessionCreation() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
isAlwaysUseDefaultTargetUrl() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
isAsyncSecuritySupported() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer: Determine if the springSecurityFilterChain should be marked as supporting asynch.
isContextRelative() - Method in class org.springframework.security.web.DefaultRedirectStrategy: Returns true, if the redirection URL should be calculated minus the protocol and context path (defaults to false).
isContextSaved() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper: Deprecated.

Tells if the response wrapper has called saveContext() because of this wrapper.
isDisableOnResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper: Returns true if OnCommittedResponseWrapper.onResponseCommitted() will be invoked when the response is committed, else false.
isEnabled() - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
isForceHttps() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
isGenerated() - Method in interface org.springframework.security.web.csrf.DeferredCsrfToken: Returns true if DeferredCsrfToken.get() refers to a generated CsrfToken or false if it already existed.
isIgnoreFailure() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
isInvalidateHttpSession() - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
isMatch() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
isMatch() - Method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
isObserveOncePerRequest() - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
isObserveOncePerRequest() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Deprecated.

Indicates whether once-per-request handling will be observed.
isSecure() - Method in class org.springframework.security.web.savedrequest.SavedCookie
isTokenExpired(long) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
isUseForward() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
isUseForward() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
isUserInRole(String) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper: Simple searches for an exactly matching GrantedAuthority.getAuthority().
isValidRedirectUrl(String) - Static method in class org.springframework.security.web.util.UrlUtils: Returns true if the supplied URL starts with a "/" or is absolute.

J

J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource - Class in org.springframework.security.web.authentication.preauth.j2ee: Implementation of AuthenticationDetailsSource which converts the user's J2EE roles (as obtained by calling HttpServletRequest.isUserInRole(String)) into GrantedAuthoritys and stores these in the authentication details object.
J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
j2eeMappableRoles - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource: The role attributes returned by the configured MappableAttributesRetriever
J2eePreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth.j2ee: This AbstractPreAuthenticatedProcessingFilter implementation is based on the J2EE container-based authentication mechanism.
J2eePreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter
j2eeUserRoles2GrantedAuthoritiesMapper - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
JaasApiIntegrationFilter - Class in org.springframework.security.web.jaasapi: A Filter which attempts to obtain a JAAS Subject and continue the FilterChain running as that Subject.
JaasApiIntegrationFilter() - Constructor for class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
JdbcTokenRepositoryImpl - Class in org.springframework.security.web.authentication.rememberme: JDBC based persistent login token repository implementation.
JdbcTokenRepositoryImpl() - Constructor for class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

L

LazyCsrfTokenRepository - Class in org.springframework.security.web.csrf: Deprecated.
Use CsrfTokenRepository.loadDeferredToken(HttpServletRequest, HttpServletResponse) which returns a DeferredCsrfToken
LazyCsrfTokenRepository(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.LazyCsrfTokenRepository: Deprecated.

Creates a new instance
load(ServerWebExchange) - Method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository
load(ServerWebExchange) - Method in interface org.springframework.security.web.server.context.ServerSecurityContextRepository: Loads the SecurityContext associated with the ServerWebExchange
load(ServerWebExchange) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository
loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository: Gets the security context for the current request (if available) and returns it.
loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
loadContext(HttpRequestResponseHolder) - Method in interface org.springframework.security.web.context.SecurityContextRepository: Deprecated.
Use SecurityContextRepository.loadDeferredContext(HttpServletRequest) instead.
loadDeferredContext(HttpServletRequest) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository
loadDeferredContext(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
loadDeferredContext(HttpServletRequest) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
loadDeferredContext(HttpServletRequest) - Method in interface org.springframework.security.web.context.SecurityContextRepository: Defers loading the SecurityContext using the HttpServletRequest until it is needed by the application.
loadDeferredToken(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository: Defers loading the CsrfToken using the HttpServletRequest and HttpServletResponse until it is needed by the application.
loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
loadToken(HttpServletRequest) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository: Loads the expected CsrfToken from the HttpServletRequest
loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository: Deprecated.

Delegates to the injected CsrfTokenRepository
loadToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
loadToken(ServerWebExchange) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository: Loads the expected CsrfToken from the ServerWebExchange
loadToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
loadUserDetails(PreAuthenticatedAuthenticationToken) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService: Get a UserDetails object based on the user name contained in the given token, and the GrantedAuthorities as returned by the GrantedAuthoritiesContainer implementation as returned by the token.getDetails() method.
log - Variable in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy: Deprecated.

Logger for use by subclasses
logger - Static variable in class org.springframework.security.web.access.AccessDeniedHandlerImpl
logger - Variable in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
logger - Static variable in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator: Deprecated.
logger - Variable in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
logger - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
logger - Variable in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
logger - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
logger - Variable in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
logger - Variable in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
logger - Variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
logger - Variable in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
logger - Variable in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
logger - Variable in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
logger - Variable in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
logger - Variable in class org.springframework.security.web.DefaultRedirectStrategy
logger - Variable in class org.springframework.security.web.savedrequest.CookieRequestCache
logger - Static variable in class org.springframework.security.web.savedrequest.DefaultSavedRequest
logger - Variable in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
logger - Variable in class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter
loginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
loginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
loginFail(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.RememberMeServices: Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.
LoginPageGeneratingWebFilter - Class in org.springframework.security.web.server.ui: Generates a default log in page used for authenticating users.
LoginPageGeneratingWebFilter() - Constructor for class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices: Called whenever an interactive authentication attempt is successful.
loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.RememberMeServices: Called whenever an interactive authentication attempt is successful.
LoginUrlAuthenticationEntryPoint - Class in org.springframework.security.web.authentication: Used by the ExceptionTranslationFilter to commence a form login authentication via the UsernamePasswordAuthenticationFilter.
LoginUrlAuthenticationEntryPoint(String) - Constructor for class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.logout.LogoutHandler: Causes a logout to be completed.
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler: Requires the request to be passed in.
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices: Implementation of LogoutHandler.
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.csrf.CsrfLogoutHandler: Clears the CsrfToken
logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler
logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.HeaderWriterServerLogoutHandler
logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler
logout(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.logout.ServerLogoutHandler: Invoked when log out is requested
logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.WebSessionServerLogoutHandler
logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.csrf.CsrfServerLogoutHandler: Clears the CsrfToken
LogoutFilter - Class in org.springframework.security.web.authentication.logout: Logs a principal out.
LogoutFilter(String, LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.LogoutFilter
LogoutFilter(LogoutSuccessHandler, LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.LogoutFilter: Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out.
LogoutHandler - Interface in org.springframework.security.web.authentication.logout: Indicates a class that is able to participate in logout handling.
LogoutPageGeneratingWebFilter - Class in org.springframework.security.web.server.ui: Generates a default log out page.
LogoutPageGeneratingWebFilter() - Constructor for class org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter
LogoutSuccessEventPublishingLogoutHandler - Class in org.springframework.security.web.authentication.logout: A logout handler which publishes LogoutSuccessEvent
LogoutSuccessEventPublishingLogoutHandler() - Constructor for class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler
LogoutSuccessHandler - Interface in org.springframework.security.web.authentication.logout: Strategy that is called after a successful logout by the LogoutFilter, to handle redirection or forwarding to the appropriate destination.
LogoutWebFilter - Class in org.springframework.security.web.server.authentication.logout: If the request matches, logs an authenticated user out by delegating to a ServerLogoutHandler.
LogoutWebFilter() - Constructor for class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
lookupHttpPort(Integer) - Method in interface org.springframework.security.web.PortMapper: Locates the HTTP port associated with the specified HTTPS port.
lookupHttpPort(Integer) - Method in class org.springframework.security.web.PortMapperImpl
lookupHttpsPort(Integer) - Method in interface org.springframework.security.web.PortMapper: Locates the HTTPS port associated with the specified HTTP port.
lookupHttpsPort(Integer) - Method in class org.springframework.security.web.PortMapperImpl

M

makeTokenSignature(long, String, String) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices: Calculates the digital signature to be put in the cookie.
makeTokenSignature(long, String, String, TokenBasedRememberMeServices.RememberMeTokenAlgorithm) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices: Calculates the digital signature to be put in the cookie.
mappings(Consumer<List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>>>) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder: Allows to configure the RequestMatcher to AuthorizationManager mappings.
match() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult: Creates an instance of ServerWebExchangeMatcher.MatchResult that is a match with no variables
match() - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult: Creates an instance of RequestMatcher.MatchResult that is a match with no variables
match(Map<String, Object>) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult: Creates an instance of ServerWebExchangeMatcher.MatchResult that is a match with the specified variables
match(Map<String, String>) - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult: Creates an instance of RequestMatcher.MatchResult that is a match with the specified variables
matcher(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AndRequestMatcher: Returns a RequestMatcher.MatchResult for this HttpServletRequest.
matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.OrRequestMatcher: Returns a RequestMatcher.MatchResult for this HttpServletRequest.
matcher(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestMatcher: Returns a MatchResult for this RequestMatcher The default implementation returns Collections.emptyMap() when RequestMatcher.MatchResult.getVariables() is invoked.
matchers(ServerWebExchangeMatcher...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers: Creates a matcher that will match on any of the provided matchers
MatcherSecurityWebFilterChain - Class in org.springframework.security.web.server: A SecurityWebFilterChain that leverages a ServerWebExchangeMatcher to determine which WebFilter to execute.
MatcherSecurityWebFilterChain(ServerWebExchangeMatcher, List<WebFilter>) - Constructor for class org.springframework.security.web.server.MatcherSecurityWebFilterChain
matches(HttpServletRequest) - Method in class org.springframework.security.web.DefaultSecurityFilterChain
matches(HttpServletRequest) - Method in interface org.springframework.security.web.SecurityFilterChain
matches(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AndRequestMatcher
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher: Returns true if the configured pattern (and HTTP-Method) match those of the supplied request.
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher: Performs the match against the request's method and dispatcher type.
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.IpAddressMatcher
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.NegatedRequestMatcher
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.OrRequestMatcher
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.RegexRequestMatcher: Performs the match of the request URL (servletPath + pathInfo + queryString ) against the compiled pattern.
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher
matches(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestMatcher: Decides whether the rule implemented by the strategy matches the supplied request.
matches(String) - Method in class org.springframework.security.web.util.matcher.IpAddressMatcher
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.MatcherSecurityWebFilterChain
matches(ServerWebExchange) - Method in interface org.springframework.security.web.server.SecurityWebFilterChain: Determines if this SecurityWebFilterChain matches the provided ServerWebExchange
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.IpAddressServerWebExchangeMatcher
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
matches(ServerWebExchange) - Method in interface org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher: Determines if a request matches or not
MaximumSessionsContext - Class in org.springframework.security.web.server.authentication
MaximumSessionsContext(Authentication, List<ReactiveSessionInformation>, int, WebSession) - Constructor for class org.springframework.security.web.server.authentication.MaximumSessionsContext
MD5 - Enum constant in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm
MediaTypeRequestMatcher - Class in org.springframework.security.web.util.matcher: Allows matching HttpServletRequest based upon the MediaType's resolved from a ContentNegotiationStrategy.
MediaTypeRequestMatcher(Collection<MediaType>) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher: Creates an instance
MediaTypeRequestMatcher(MediaType...) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher: Creates an instance
MediaTypeRequestMatcher(ContentNegotiationStrategy, Collection<MediaType>) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher: Creates an instance
MediaTypeRequestMatcher(ContentNegotiationStrategy, MediaType...) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher: Creates an instance
MediaTypeServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher: Matches based upon the accept headers.
MediaTypeServerWebExchangeMatcher(Collection<MediaType>) - Constructor for class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher: Creates a new instance
MediaTypeServerWebExchangeMatcher(MediaType...) - Constructor for class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher: Creates a new instance
messages - Variable in class org.springframework.security.web.access.ExceptionTranslationFilter
messages - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
messages - Variable in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
messages - Variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
messages - Variable in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
messages - Variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
messages - Variable in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
MissingCsrfTokenException - Exception in org.springframework.security.web.csrf: Thrown when no expected CsrfToken is found but is required.
MissingCsrfTokenException(String) - Constructor for exception org.springframework.security.web.csrf.MissingCsrfTokenException
modifyGrantedAuthorities(UserDetails, Authentication, Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.web.authentication.switchuser.SwitchUserAuthorityChanger: Allow subclasses to add or remove authorities that will be granted when in switch user mode.
MvcRequestMatcher - Class in org.springframework.security.web.servlet.util.matcher: A RequestMatcher that uses Spring MVC's HandlerMappingIntrospector to match the path and extract variables.
MvcRequestMatcher(HandlerMappingIntrospector, String) - Constructor for class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
MvcRequestMatcher.Builder - Class in org.springframework.security.web.servlet.util.matcher: A builder for MvcRequestMatcher

N

NegatedRequestMatcher - Class in org.springframework.security.web.util.matcher: A RequestMatcher that will negate the RequestMatcher passed in.
NegatedRequestMatcher(RequestMatcher) - Constructor for class org.springframework.security.web.util.matcher.NegatedRequestMatcher: Creates a new instance
NegatedServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher: Negates the provided matcher.
NegatedServerWebExchangeMatcher(ServerWebExchangeMatcher) - Constructor for class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher
nextElement() - Method in class org.springframework.security.web.savedrequest.Enumerator: Returns the next element of this enumeration if this enumeration has at least one more element to provide.
NO_REFERRER - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
NO_REFERRER - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
NO_REFERRER_WHEN_DOWNGRADE - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
NO_REFERRER_WHEN_DOWNGRADE - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
NonceExpiredException - Exception in org.springframework.security.web.authentication.www: Thrown if an authentication request is rejected because the digest nonce has expired.
NonceExpiredException(String) - Constructor for exception org.springframework.security.web.authentication.www.NonceExpiredException: Constructs a NonceExpiredException with the specified message.
NonceExpiredException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.www.NonceExpiredException: Constructs a NonceExpiredException with the specified message and root cause.
NoOpAccessDeniedHandler - Class in org.springframework.security.web.access: An AccessDeniedHandler implementation that does nothing.
NoOpAccessDeniedHandler() - Constructor for class org.springframework.security.web.access.NoOpAccessDeniedHandler
NoOpAuthenticationEntryPoint - Class in org.springframework.security.web.authentication: An AuthenticationEntryPoint implementation that does nothing.
NoOpAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.NoOpAuthenticationEntryPoint
NoOpServerRequestCache - Class in org.springframework.security.web.server.savedrequest: An implementation of ServerRequestCache that does nothing.
NoOpServerSecurityContextRepository - Class in org.springframework.security.web.server.context: A do nothing implementation of ServerSecurityContextRepository.
NOSNIFF - Static variable in class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
NOSNIFF - Static variable in class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter
not(RequestMatcher) - Static method in class org.springframework.security.web.util.matcher.RequestMatchers: Creates a RequestMatcher that matches if the given RequestMatcher does not match.
notMatch() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult: Creates an instance of ServerWebExchangeMatcher.MatchResult that is not a match.
notMatch() - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult: Creates an instance of RequestMatcher.MatchResult that is not a match.
NullAuthenticatedSessionStrategy - Class in org.springframework.security.web.authentication.session
NullAuthenticatedSessionStrategy() - Constructor for class org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
NullEventPublisher() - Constructor for class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher
NullRememberMeServices - Class in org.springframework.security.web.authentication: Implementation of NullRememberMeServices that does nothing.
NullRememberMeServices() - Constructor for class org.springframework.security.web.authentication.NullRememberMeServices
NullRequestCache - Class in org.springframework.security.web.savedrequest: Null implementation of RequestCache.
NullRequestCache() - Constructor for class org.springframework.security.web.savedrequest.NullRequestCache
NullSecurityContextRepository - Class in org.springframework.security.web.context
NullSecurityContextRepository() - Constructor for class org.springframework.security.web.context.NullSecurityContextRepository

O

ObservationFilterChainDecorator - Class in org.springframework.security.web: A FilterChainProxy.FilterChainDecorator that wraps the chain in before and after observations
ObservationFilterChainDecorator(ObservationRegistry) - Constructor for class org.springframework.security.web.ObservationFilterChainDecorator
ObservationMarkingAccessDeniedHandler - Class in org.springframework.security.web.access
ObservationMarkingAccessDeniedHandler(ObservationRegistry) - Constructor for class org.springframework.security.web.access.ObservationMarkingAccessDeniedHandler
ObservationMarkingRequestRejectedHandler - Class in org.springframework.security.web.firewall
ObservationMarkingRequestRejectedHandler(ObservationRegistry) - Constructor for class org.springframework.security.web.firewall.ObservationMarkingRequestRejectedHandler
ObservationWebFilterChainDecorator - Class in org.springframework.security.web.server: A WebFilterChainProxy.WebFilterChainDecorator that wraps the chain in before and after observations
ObservationWebFilterChainDecorator(ObservationRegistry) - Constructor for class org.springframework.security.web.server.ObservationWebFilterChainDecorator
obtainPassword(HttpServletRequest) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter: Enables subclasses to override the composition of the password, such as by including additional values and a separator.
obtainSecurityMetadataSource() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Deprecated.
obtainSubject(ServletRequest) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter: Obtains the Subject to run as or null if no Subject is available.
obtainUsername(HttpServletRequest) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter: Enables subclasses to override the composition of the username, such as by including additional values and a separator.
of(int) - Static method in interface org.springframework.security.web.server.authentication.SessionLimit: Creates a SessionLimit that always returns the given value for any user
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy: Called when a user is newly authenticated.
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy: In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy: In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.session.SessionAuthenticationStrategy: Performs Http session-related functionality when a new authentication occurs.
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.CsrfAuthenticationStrategy
onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler
onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in interface org.springframework.security.web.authentication.AuthenticationFailureHandler: Called when an authentication attempt fails.
onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationFailureHandler
onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler
onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler
onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler: Performs the redirect or forward to the defaultFailureUrl if set, otherwise returns a 401 error code.
onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler
onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler
onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler: Invoked when authentication attempt fails
onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - Method in interface org.springframework.security.web.authentication.AuthenticationSuccessHandler: Called when a user has been successfully authenticated.
onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.AuthenticationSuccessHandler: Called when a user has been successfully authenticated.
onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler
onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler: Calls the parent class handle() method to forward or redirect to the target URL, and then calls clearAuthenticationAttributes() to remove any leftover session data.
onAuthenticationSuccess(Authentication, WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.ConcurrentSessionControlServerAuthenticationSuccessHandler
onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler
onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.RegisterSessionServerAuthenticationSuccessHandler
onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler: Invoked when the application authenticates successfully
onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.WebFilterChainServerAuthenticationSuccessHandler
OnCommittedResponseWrapper - Class in org.springframework.security.web.util: Base class for response wrappers which encapsulate the logic for handling an event when the HttpServletResponse is committed.
OnCommittedResponseWrapper(HttpServletResponse) - Constructor for class org.springframework.security.web.util.OnCommittedResponseWrapper
onExpiredSessionDetected(SessionInformationExpiredEvent) - Method in interface org.springframework.security.web.session.SessionInformationExpiredStrategy
onExpiredSessionDetected(SessionInformationExpiredEvent) - Method in class org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy
onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.session.InvalidSessionStrategy
onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy
onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy
onLoginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices: Called from loginSuccess when a remember-me login has been requested.
onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices: Creates a new persistent login token with a new series number, stores the data in the persistent token repository and adds the corresponding cookie to the response.
onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler
onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.ForwardLogoutSuccessHandler
onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler: Implementation of LogoutSuccessHandler.onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) .
onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.logout.LogoutSuccessHandler
onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler
onLogoutSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler: Implementation of ServerLogoutSuccessHandler.onLogoutSuccess(WebFilterExchange, Authentication).
onLogoutSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
onLogoutSuccess(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler: Invoked after log out was successful
onResponseCommitted() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper: Deprecated.

Calls saveContext() with the current contents of the SecurityContextHolder as long as () was not invoked.
onResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper: Implement the logic for handling the HttpServletResponse being committed
onSessionChange(String, HttpSession, Authentication) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy: Called when the session has been changed and the old attributes have been migrated to the new session.
onStartup(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
onSuccessfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter: Called if a remember-me token is presented and successfully authenticated by the RememberMeServices autoLogin method and the AuthenticationManager.
onSuccessfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
onUnsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter: Called if the AuthenticationManager rejects the authentication object returned from the RememberMeServices autoLogin method.
onUnsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
OPENER_POLICY - Static variable in class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter
org.springframework.security.web - package org.springframework.security.web: Spring Security's web security module.
org.springframework.security.web.access - package org.springframework.security.web.access: Access-control related classes and packages.
org.springframework.security.web.access.channel - package org.springframework.security.web.access.channel: Classes that ensure web requests are received over required transport channels.
org.springframework.security.web.access.expression - package org.springframework.security.web.access.expression: Implementation of web security expressions.
org.springframework.security.web.access.intercept - package org.springframework.security.web.access.intercept: Enforcement of security for HTTP requests, typically by the URL requested.
org.springframework.security.web.authentication - package org.springframework.security.web.authentication: Authentication processing mechanisms, which respond to the submission of authentication credentials using various protocols (eg BASIC, CAS, form login etc).
org.springframework.security.web.authentication.logout - package org.springframework.security.web.authentication.logout: Logout functionality based around a filter which handles a specific logout URL.
org.springframework.security.web.authentication.password - package org.springframework.security.web.authentication.password
org.springframework.security.web.authentication.preauth - package org.springframework.security.web.authentication.preauth: Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming request has already been authenticated by some externally configured system.
org.springframework.security.web.authentication.preauth.j2ee - package org.springframework.security.web.authentication.preauth.j2ee: Pre-authentication support for container-authenticated requests.
org.springframework.security.web.authentication.preauth.websphere - package org.springframework.security.web.authentication.preauth.websphere: Websphere-specific pre-authentication classes.
org.springframework.security.web.authentication.preauth.x509 - package org.springframework.security.web.authentication.preauth.x509: X.509 client certificate authentication support.
org.springframework.security.web.authentication.rememberme - package org.springframework.security.web.authentication.rememberme: Support for remembering a user between different web sessions.
org.springframework.security.web.authentication.session - package org.springframework.security.web.authentication.session: Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.
org.springframework.security.web.authentication.switchuser - package org.springframework.security.web.authentication.switchuser: Provides HTTP-based "switch user" (su) capabilities.
org.springframework.security.web.authentication.ui - package org.springframework.security.web.authentication.ui: Authentication user-interface rendering code.
org.springframework.security.web.authentication.www - package org.springframework.security.web.authentication.www: WWW-Authenticate based authentication mechanism implementations: Basic and Digest authentication.
org.springframework.security.web.bind.annotation - package org.springframework.security.web.bind.annotation
org.springframework.security.web.bind.support - package org.springframework.security.web.bind.support
org.springframework.security.web.context - package org.springframework.security.web.context: Classes which are responsible for maintaining the security context between HTTP requests.
org.springframework.security.web.context.request.async - package org.springframework.security.web.context.request.async
org.springframework.security.web.context.support - package org.springframework.security.web.context.support
org.springframework.security.web.csrf - package org.springframework.security.web.csrf
org.springframework.security.web.debug - package org.springframework.security.web.debug
org.springframework.security.web.firewall - package org.springframework.security.web.firewall
org.springframework.security.web.header - package org.springframework.security.web.header
org.springframework.security.web.header.writers - package org.springframework.security.web.header.writers
org.springframework.security.web.header.writers.frameoptions - package org.springframework.security.web.header.writers.frameoptions
org.springframework.security.web.http - package org.springframework.security.web.http
org.springframework.security.web.jaasapi - package org.springframework.security.web.jaasapi: Makes a JAAS Subject available as the current Subject.
org.springframework.security.web.jackson2 - package org.springframework.security.web.jackson2: Mix-in classes to provide Jackson serialization support.
org.springframework.security.web.method.annotation - package org.springframework.security.web.method.annotation
org.springframework.security.web.reactive.result.method.annotation - package org.springframework.security.web.reactive.result.method.annotation
org.springframework.security.web.reactive.result.view - package org.springframework.security.web.reactive.result.view
org.springframework.security.web.savedrequest - package org.springframework.security.web.savedrequest: Classes related to the caching of an HttpServletRequest which requires authentication.
org.springframework.security.web.server - package org.springframework.security.web.server
org.springframework.security.web.server.authentication - package org.springframework.security.web.server.authentication
org.springframework.security.web.server.authentication.logout - package org.springframework.security.web.server.authentication.logout
org.springframework.security.web.server.authorization - package org.springframework.security.web.server.authorization
org.springframework.security.web.server.context - package org.springframework.security.web.server.context
org.springframework.security.web.server.csrf - package org.springframework.security.web.server.csrf
org.springframework.security.web.server.firewall - package org.springframework.security.web.server.firewall
org.springframework.security.web.server.header - package org.springframework.security.web.server.header
org.springframework.security.web.server.jackson2 - package org.springframework.security.web.server.jackson2
org.springframework.security.web.server.savedrequest - package org.springframework.security.web.server.savedrequest
org.springframework.security.web.server.transport - package org.springframework.security.web.server.transport
org.springframework.security.web.server.ui - package org.springframework.security.web.server.ui
org.springframework.security.web.server.util.matcher - package org.springframework.security.web.server.util.matcher
org.springframework.security.web.servlet.support.csrf - package org.springframework.security.web.servlet.support.csrf
org.springframework.security.web.servlet.util.matcher - package org.springframework.security.web.servlet.util.matcher
org.springframework.security.web.servletapi - package org.springframework.security.web.servletapi: Populates a Servlet request with a new Spring Security compliant HttpServletRequestWrapper.
org.springframework.security.web.session - package org.springframework.security.web.session: Session management filters, HttpSession events and publisher classes.
org.springframework.security.web.util - package org.springframework.security.web.util: Web utility classes.
org.springframework.security.web.util.matcher - package org.springframework.security.web.util.matcher
ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
OrRequestMatcher - Class in org.springframework.security.web.util.matcher: RequestMatcher that will return true if any of the passed in RequestMatcher instances match.
OrRequestMatcher(List<RequestMatcher>) - Constructor for class org.springframework.security.web.util.matcher.OrRequestMatcher: Creates a new instance
OrRequestMatcher(RequestMatcher...) - Constructor for class org.springframework.security.web.util.matcher.OrRequestMatcher: Creates a new instance
OrServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher: Matches if any of the provided ServerWebExchangeMatcher match
OrServerWebExchangeMatcher(List<ServerWebExchangeMatcher>) - Constructor for class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
OrServerWebExchangeMatcher(ServerWebExchangeMatcher...) - Constructor for class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher

P

parseCache - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat: Parser cache.
parseDate(String, DateFormat[]) - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat: Tries to parse the given date as an HTTP date.
pathMatchers(String...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers: Creates a matcher that matches on any of the provided patterns.
pathMatchers(HttpMethod, String...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers: Creates a matcher that matches on the specific method and any of the provided patterns.
pathMatchers(HttpMethod, PathPattern...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers: Creates a matcher that matches on the specific method and any of the provided PathPatterns.
pathMatchers(PathPattern...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers: Creates a matcher that matches on any of the provided PathPatterns.
PathPatternParserServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher: Matches if the PathPattern matches the path within the application.
PathPatternParserServerWebExchangeMatcher(String) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
PathPatternParserServerWebExchangeMatcher(String, HttpMethod) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
PathPatternParserServerWebExchangeMatcher(PathPattern) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
PathPatternParserServerWebExchangeMatcher(PathPattern, HttpMethod) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
pattern(String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder: Creates an MvcRequestMatcher that uses the provided pattern to match
pattern(HttpMethod, String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder: Creates an MvcRequestMatcher that uses the provided pattern and HTTP method to match
PERMISSIONS_POLICY - Static variable in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
PermissionsPolicyHeaderWriter - Class in org.springframework.security.web.header.writers: Provides support for Permisisons Policy.
PermissionsPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter: Create a new instance of PermissionsPolicyHeaderWriter.
PermissionsPolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter: Create a new instance of PermissionsPolicyHeaderWriter with supplied security policy.
PermissionsPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header: Writes the Permissions-Policy response header with configured policy directives.
PermissionsPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
permitAll() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl: Specify that URLs are allowed by anyone.
PersistentRememberMeToken - Class in org.springframework.security.web.authentication.rememberme
PersistentRememberMeToken(String, String, String, Date) - Constructor for class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
PersistentTokenBasedRememberMeServices - Class in org.springframework.security.web.authentication.rememberme: RememberMeServices implementation based on Barry Jaspan's Improved Persistent Login Cookie Best Practice.
PersistentTokenBasedRememberMeServices(String, UserDetailsService, PersistentTokenRepository) - Constructor for class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
PersistentTokenRepository - Interface in org.springframework.security.web.authentication.rememberme: The abstraction used by PersistentTokenBasedRememberMeServices to store the persistent login tokens for a user.
PortMapper - Interface in org.springframework.security.web: PortMapper implementations provide callers with information about which HTTP ports are associated with which HTTPS ports on the system, and vice versa.
PortMapperImpl - Class in org.springframework.security.web: Concrete implementation of PortMapper that obtains HTTP:HTTPS pairs from the application context.
PortMapperImpl() - Constructor for class org.springframework.security.web.PortMapperImpl
PortResolver - Interface in org.springframework.security.web: A PortResolver determines the port a web request was received on.
PortResolverImpl - Class in org.springframework.security.web: Concrete implementation of PortResolver that obtains the port from ServletRequest.getServerPort().
PortResolverImpl() - Constructor for class org.springframework.security.web.PortResolverImpl
postProcess(NativeWebRequest, Callable<T>, Object) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
PRAGMA_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter: The value for pragma value
PreAuthenticatedAuthenticationProvider - Class in org.springframework.security.web.authentication.preauth: Processes a pre-authenticated authentication request.
PreAuthenticatedAuthenticationProvider() - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
PreAuthenticatedAuthenticationToken - Class in org.springframework.security.web.authentication.preauth: Authentication implementation for pre-authenticated authentication.
PreAuthenticatedAuthenticationToken(Object, Object) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken: Constructor used for an authentication request.
PreAuthenticatedAuthenticationToken(Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken: Constructor used for an authentication response.
PreAuthenticatedCredentialsNotFoundException - Exception in org.springframework.security.web.authentication.preauth
PreAuthenticatedCredentialsNotFoundException(String) - Constructor for exception org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException
PreAuthenticatedCredentialsNotFoundException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException
PreAuthenticatedGrantedAuthoritiesUserDetailsService - Class in org.springframework.security.web.authentication.preauth: This AuthenticationUserDetailsService implementation creates a UserDetails object based solely on the information contained in the given PreAuthenticatedAuthenticationToken.
PreAuthenticatedGrantedAuthoritiesUserDetailsService() - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails - Class in org.springframework.security.web.authentication.preauth: This WebAuthenticationDetails implementation allows for storing a list of pre-authenticated Granted Authorities.
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(HttpServletRequest, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
preProcess(NativeWebRequest, Callable<T>) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
PreventLoginServerMaximumSessionsExceededHandler - Class in org.springframework.security.web.server.authentication: Returns a Mono that terminates with SessionAuthenticationException when the maximum number of sessions for a user has been reached.
PreventLoginServerMaximumSessionsExceededHandler() - Constructor for class org.springframework.security.web.server.authentication.PreventLoginServerMaximumSessionsExceededHandler
principalChanged(HttpServletRequest, Authentication) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter: Determines if the current principal has changed.
processAction(HttpServletRequest, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
processAction(HttpServletRequest, String, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
processAction(ServerWebExchange, String, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices: Called from autoLogin to process the submitted persistent login cookie.
processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices: Locates the presented cookie data in the token repository, using the series id.
processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
processFormFieldValue(HttpServletRequest, String, String, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
processFormFieldValue(ServerWebExchange, String, String, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
processUrl(HttpServletRequest, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
processUrl(ServerWebExchange, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
publishEvent(Object) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher
publishEvent(ApplicationEvent) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher

R

ReactivePreAuthenticatedAuthenticationManager - Class in org.springframework.security.web.server.authentication: Reactive version of PreAuthenticatedAuthenticationProvider This manager receives a PreAuthenticatedAuthenticationToken, checks that associated account is not disabled, expired, or blocked, and returns new authenticated PreAuthenticatedAuthenticationToken.
ReactivePreAuthenticatedAuthenticationManager(ReactiveUserDetailsService) - Constructor for class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
ReactivePreAuthenticatedAuthenticationManager(ReactiveUserDetailsService, UserDetailsChecker) - Constructor for class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
ReactorContextWebFilter - Class in org.springframework.security.web.server.context: Uses a ServerSecurityContextRepository to provide the SecurityContext to initialize the ReactiveSecurityContextHolder.
ReactorContextWebFilter(ServerSecurityContextRepository) - Constructor for class org.springframework.security.web.server.context.ReactorContextWebFilter
RedirectServerAuthenticationEntryPoint - Class in org.springframework.security.web.server.authentication: Performs a redirect to a specified location.
RedirectServerAuthenticationEntryPoint(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint: Creates an instance
RedirectServerAuthenticationFailureHandler - Class in org.springframework.security.web.server.authentication: Performs a redirect to a specified location.
RedirectServerAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler: Creates an instance
RedirectServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication: Performs a redirect on authentication success.
RedirectServerAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler: Creates a new instance with location of "/"
RedirectServerAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler: Creates a new instance with the specified location
RedirectServerLogoutSuccessHandler - Class in org.springframework.security.web.server.authentication.logout: Performs a redirect on log out success.
RedirectServerLogoutSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
RedirectStrategy - Interface in org.springframework.security.web: Encapsulates the redirection logic for all classes in the framework which perform redirects.
RedirectUrlBuilder - Class in org.springframework.security.web.util: Internal class for building redirect URLs.
RedirectUrlBuilder() - Constructor for class org.springframework.security.web.util.RedirectUrlBuilder
REFERRER_POLICY - Static variable in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
ReferrerPolicyHeaderWriter - Class in org.springframework.security.web.header.writers: Provides support for Referrer Policy.
ReferrerPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter: Creates a new instance.
ReferrerPolicyHeaderWriter(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Constructor for class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter: Creates a new instance.
ReferrerPolicyHeaderWriter.ReferrerPolicy - Enum Class in org.springframework.security.web.header.writers
ReferrerPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header: Writes the Referrer-Policy response header.
ReferrerPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy - Enum Class in org.springframework.security.web.server.header
regexMatcher(String) - Static method in class org.springframework.security.web.util.matcher.RegexRequestMatcher: Creates a case-sensitive Pattern instance to match against the request.
regexMatcher(HttpMethod) - Static method in class org.springframework.security.web.util.matcher.RegexRequestMatcher: Creates an instance that matches to all requests with the same HttpMethod.
regexMatcher(HttpMethod, String) - Static method in class org.springframework.security.web.util.matcher.RegexRequestMatcher: Creates a case-sensitive Pattern instance to match against the request.
RegExpAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions: Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
RegExpAllowFromStrategy(String) - Constructor for class org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy: Deprecated.

Creates a new instance
RegexRequestMatcher - Class in org.springframework.security.web.util.matcher: Uses a regular expression to decide whether a supplied the URL of a supplied HttpServletRequest.
RegexRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.RegexRequestMatcher: Creates a case-sensitive Pattern instance to match against the request.
RegexRequestMatcher(String, String, boolean) - Constructor for class org.springframework.security.web.util.matcher.RegexRequestMatcher: As above, but allows setting of whether case-insensitive matching should be used.
registerExtractor(Class<? extends Throwable>, ThrowableCauseExtractor) - Method in class org.springframework.security.web.util.ThrowableAnalyzer: Registers a ThrowableCauseExtractor for the specified type.
RegisterSessionAuthenticationStrategy - Class in org.springframework.security.web.authentication.session: Strategy used to register a user with the SessionRegistry after successful Authentication.
RegisterSessionAuthenticationStrategy(SessionRegistry) - Constructor for class org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy
RegisterSessionServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication: An implementation of ServerAuthenticationSuccessHandler that will register a ReactiveSessionInformation with the provided ReactiveSessionRegistry.
RegisterSessionServerAuthenticationSuccessHandler(ReactiveSessionRegistry) - Constructor for class org.springframework.security.web.server.authentication.RegisterSessionServerAuthenticationSuccessHandler
rememberMe() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl: Specify that URLs are allowed by users that have been remembered.
RememberMeAuthenticationException - Exception in org.springframework.security.web.authentication.rememberme: This exception is thrown when an Authentication exception occurs while using the remember-me authentication.
RememberMeAuthenticationException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException: Constructs an RememberMeAuthenticationException with the specified message and no root cause.
RememberMeAuthenticationException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException: Constructs a RememberMeAuthenticationException with the specified message and root cause.
RememberMeAuthenticationFilter - Class in org.springframework.security.web.authentication.rememberme: Detects if there is no Authentication object in the SecurityContext, and populates the context with a remember-me authentication token if a RememberMeServices implementation so requests.
RememberMeAuthenticationFilter(AuthenticationManager, RememberMeServices) - Constructor for class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
rememberMeRequested(HttpServletRequest, String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices: Allows customization of whether a remember-me login has been requested.
RememberMeServices - Interface in org.springframework.security.web.authentication: Implement by a class that is capable of providing a remember-me service.
removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
removeMatchingRequest(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache: If the provided ServerWebExchange matches the saved ServerHttpRequest gets the saved ServerHttpRequest
removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
removeRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache: Removes the cached request.
removeUserTokens(String) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
removeUserTokens(String) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
removeUserTokens(String) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
request - Variable in class org.springframework.security.web.access.expression.WebSecurityExpressionRoot: Allows direct access to the request object
RequestAttributeAuthenticationFilter - Class in org.springframework.security.web.authentication.preauth: A simple pre-authenticated filter which obtains the username from request attributes, for use with SSO systems such as Stanford WebAuth or Shibboleth.
RequestAttributeAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
RequestAttributeSecurityContextRepository - Class in org.springframework.security.web.context: Stores the SecurityContext on a ServletRequest.setAttribute(String, Object) so that it can be restored when different dispatch types occur.
RequestAttributeSecurityContextRepository() - Constructor for class org.springframework.security.web.context.RequestAttributeSecurityContextRepository: Creates a new instance using RequestAttributeSecurityContextRepository.DEFAULT_REQUEST_ATTR_NAME.
RequestAttributeSecurityContextRepository(String) - Constructor for class org.springframework.security.web.context.RequestAttributeSecurityContextRepository: Creates a new instance with the specified request attribute name.
RequestAuthorizationContext - Class in org.springframework.security.web.access.intercept: An HttpServletRequest authorization context.
RequestAuthorizationContext(HttpServletRequest) - Constructor for class org.springframework.security.web.access.intercept.RequestAuthorizationContext: Creates an instance.
RequestAuthorizationContext(HttpServletRequest, Map<String, String>) - Constructor for class org.springframework.security.web.access.intercept.RequestAuthorizationContext: Creates an instance.
RequestCache - Interface in org.springframework.security.web.savedrequest: Implements "saved request" logic, allowing a single request to be retrieved and restarted after redirecting to an authentication mechanism.
RequestCacheAwareFilter - Class in org.springframework.security.web.savedrequest: Responsible for reconstituting the saved request if one is cached and it matches the current request.
RequestCacheAwareFilter() - Constructor for class org.springframework.security.web.savedrequest.RequestCacheAwareFilter
RequestCacheAwareFilter(RequestCache) - Constructor for class org.springframework.security.web.savedrequest.RequestCacheAwareFilter
RequestedUrlRedirectInvalidSessionStrategy - Class in org.springframework.security.web.session: Performs a redirect to the original request URL when an invalid requested session is detected by the SessionManagementFilter.
RequestedUrlRedirectInvalidSessionStrategy() - Constructor for class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy
RequestHeaderAuthenticationFilter - Class in org.springframework.security.web.authentication.preauth: A simple pre-authenticated filter which obtains the username from a request header, for use with systems such as CA Siteminder.
RequestHeaderAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
RequestHeaderRequestMatcher - Class in org.springframework.security.web.util.matcher: A RequestMatcher that can be used to match request that contain a header with an expected header name and an expected value.
RequestHeaderRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher: Creates a new instance that will match if a header by the name of RequestHeaderRequestMatcher.expectedHeaderName is present.
RequestHeaderRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher: Creates a new instance that will match if a header by the name of RequestHeaderRequestMatcher.expectedHeaderName is present and if the RequestHeaderRequestMatcher.expectedHeaderValue is non-null the first value is the same.
RequestKey - Class in org.springframework.security.web.access.intercept
RequestKey(String) - Constructor for class org.springframework.security.web.access.intercept.RequestKey
RequestKey(String, String) - Constructor for class org.springframework.security.web.access.intercept.RequestKey
RequestMatcher - Interface in org.springframework.security.web.util.matcher: Simple strategy to match an HttpServletRequest.
RequestMatcher.MatchResult - Class in org.springframework.security.web.util.matcher: The result of matching against an HttpServletRequest Contains the status, true or false, of the match and if present, any variables extracted from the match
RequestMatcherDelegatingAccessDeniedHandler - Class in org.springframework.security.web.access: An AccessDeniedHandler that delegates to other AccessDeniedHandler instances based upon the type of HttpServletRequest passed into RequestMatcherDelegatingAccessDeniedHandler.handle(HttpServletRequest, HttpServletResponse, AccessDeniedException).
RequestMatcherDelegatingAccessDeniedHandler(LinkedHashMap<RequestMatcher, AccessDeniedHandler>, AccessDeniedHandler) - Constructor for class org.springframework.security.web.access.RequestMatcherDelegatingAccessDeniedHandler: Creates a new instance
RequestMatcherDelegatingAuthenticationManagerResolver - Class in org.springframework.security.web.authentication: An AuthenticationManagerResolver that returns a AuthenticationManager instances based upon the type of HttpServletRequest passed into RequestMatcherDelegatingAuthenticationManagerResolver.resolve(HttpServletRequest).
RequestMatcherDelegatingAuthenticationManagerResolver.Builder - Class in org.springframework.security.web.authentication: A builder for RequestMatcherDelegatingAuthenticationManagerResolver.
RequestMatcherDelegatingAuthorizationManager - Class in org.springframework.security.web.access.intercept: An AuthorizationManager which delegates to a specific AuthorizationManager based on a RequestMatcher evaluation.
RequestMatcherDelegatingAuthorizationManager.Builder - Class in org.springframework.security.web.access.intercept: A builder for RequestMatcherDelegatingAuthorizationManager.
RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl - Class in org.springframework.security.web.access.intercept: An object that allows configuring the AuthorizationManager for RequestMatchers.
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access: A WebInvocationPrivilegeEvaluator which delegates to a list of WebInvocationPrivilegeEvaluator based on a RequestMatcher evaluation
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(List<RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>>>) - Constructor for class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
RequestMatcherEditor - Class in org.springframework.security.web.util.matcher: PropertyEditor which creates ELRequestMatcher instances from Strings This allows to use a String in a BeanDefinition instead of an (inner) bean if a RequestMatcher is required, e.g.
RequestMatcherEditor() - Constructor for class org.springframework.security.web.util.matcher.RequestMatcherEditor
RequestMatcherEntry<T> - Class in org.springframework.security.web.util.matcher: A rich object for associating a RequestMatcher to another object.
RequestMatcherEntry(RequestMatcher, T) - Constructor for class org.springframework.security.web.util.matcher.RequestMatcherEntry
RequestMatcherRedirectFilter - Class in org.springframework.security.web: Filter that redirects requests that match RequestMatcher to the specified URL.
RequestMatcherRedirectFilter(RequestMatcher, String) - Constructor for class org.springframework.security.web.RequestMatcherRedirectFilter: Create and initialize an instance of the filter.
requestMatchers(RequestMatcher...) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder: Maps RequestMatchers to AuthorizationManager.
RequestMatchers - Class in org.springframework.security.web.util.matcher: A factory class to create RequestMatcher instances.
RequestRejectedException - Exception in org.springframework.security.web.firewall
RequestRejectedException(String) - Constructor for exception org.springframework.security.web.firewall.RequestRejectedException
RequestRejectedHandler - Interface in org.springframework.security.web.firewall: Used by FilterChainProxy to handle an RequestRejectedException.
RequestVariablesExtractor - Interface in org.springframework.security.web.util.matcher: Deprecated.
use RequestMatcher.MatchResult from RequestMatcher.matcher(HttpServletRequest)
REQUIRE_CORP - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
REQUIRE_CORP - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy
requiresAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter: Indicates whether this filter should attempt to process a login request for the current invocation.
requiresExitUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter: Checks the request URI for the presence of exitUserUrl.
requiresLogout(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter: Allow subclasses to modify when a logout should take place.
requiresSwitchUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter: Checks the request URI for the presence of switchUserUrl.
reset() - Method in class org.springframework.security.web.firewall.FirewalledRequest: This method will be called once the request has passed through the security filter chain, when it is about to proceed to the application proper.
resolve(HttpServletRequest) - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver
resolve(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver
resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver: Deprecated.
resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver
resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
resolveArgument(MethodParameter, BindingContext, ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
resolveArgument(MethodParameter, BindingContext, ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
resolveCsrfTokenValue(HttpServletRequest, CsrfToken) - Method in interface org.springframework.security.web.csrf.CsrfTokenRequestHandler
resolveCsrfTokenValue(HttpServletRequest, CsrfToken) - Method in interface org.springframework.security.web.csrf.CsrfTokenRequestResolver: Returns the token value resolved from the provided HttpServletRequest and CsrfToken or null if not available.
resolveCsrfTokenValue(HttpServletRequest, CsrfToken) - Method in class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler
resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler
resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRequestResolver: Returns the token value resolved from the provided ServerWebExchange and CsrfToken or Mono.empty() if not available.
resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler
RESOURCE_POLICY - Static variable in class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter
retrievePassword(Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
retrieveUserName(Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
RetryWithHttpEntryPoint - Class in org.springframework.security.web.access.channel: Commences an insecure channel by retrying the original request using HTTP.
RetryWithHttpEntryPoint() - Constructor for class org.springframework.security.web.access.channel.RetryWithHttpEntryPoint
RetryWithHttpsEntryPoint - Class in org.springframework.security.web.access.channel: Commences a secure channel by retrying the original request using HTTPS.
RetryWithHttpsEntryPoint() - Constructor for class org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint
ROLE_PREVIOUS_ADMINISTRATOR - Static variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
ROLE_PREVIOUS_ADMINISTRATOR - Static variable in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

S

SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy

SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy

SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy

SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy

SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy

SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy

SAME_ORIGIN_ALLOW_POPUPS - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy

SAME_ORIGIN_ALLOW_POPUPS - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy

SAME_SITE - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy

SAME_SITE - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy

SAMEORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode

SAMEORIGIN - Enum constant in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode

A browser receiving content with this header field MUST NOT display this content in any frame from a page of different origin than the content itself.

save(ServerWebExchange, SecurityContext) - Method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository

save(ServerWebExchange, SecurityContext) - Method in interface org.springframework.security.web.server.context.ServerSecurityContextRepository

Saves the SecurityContext

save(ServerWebExchange, SecurityContext) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository

saveContext(SecurityContext) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper

Deprecated.

Implements the logic for storing the security context.

saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository

saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.NullSecurityContextRepository

saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository

saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.context.SecurityContextRepository

Stores the security context on completion of a request.

SaveContextOnUpdateOrErrorResponseWrapper - Class in org.springframework.security.web.context

Deprecated.

Use SecurityContextRepository.loadDeferredContext(HttpServletRequest) instead.

SaveContextOnUpdateOrErrorResponseWrapper(HttpServletResponse, boolean) - Constructor for class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper

Deprecated.

SavedCookie - Class in org.springframework.security.web.savedrequest

Stores off the values of a cookie in a serializable holder

SavedCookie(Cookie) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie

SavedCookie(String, String, String, int, String, boolean) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie

SavedCookie(String, String, String, String, int, String, boolean, int) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie

Deprecated, for removal: This API element is subject to removal in a future version.

use SavedCookie(String, String, String, int, String, boolean) instead

SavedRequest - Interface in org.springframework.security.web.savedrequest

Encapsulates the functionality required of a cached request for both an authentication mechanism (typically form-based login) to redirect to the original URL and for a RequestCache to build a wrapped request, reproducing the original request data.

SavedRequestAwareAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication

An authentication success strategy which can make use of the DefaultSavedRequest which may have been stored in the session by the ExceptionTranslationFilter.

SavedRequestAwareAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

saveException(HttpServletRequest, AuthenticationException) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

Caches the AuthenticationException for use in view rendering.

saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache

saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

Stores the current request, provided the configuration properties allow it.

saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache

saveRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache

Caches the current request for later retrieval, once authentication has taken place.

saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache

saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache

saveRequest(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache

Save the ServerHttpRequest

saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache

saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository

Saves the CsrfToken using the HttpServletRequest and HttpServletResponse.

saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository

saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository

Deprecated.

Does nothing if the CsrfToken is not null.

saveToken(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

saveToken(ServerWebExchange, CsrfToken) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository

Saves the CsrfToken using the ServerWebExchange.

saveToken(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository

SecureChannelProcessor - Class in org.springframework.security.web.access.channel

Ensures channel security is active by review of HttpServletRequest.isSecure() responses.

SecureChannelProcessor() - Constructor for class org.springframework.security.web.access.channel.SecureChannelProcessor

SecurityContextCallableProcessingInterceptor - Class in org.springframework.security.web.context.request.async

Allows for integration with Spring MVC's Callable support.

SecurityContextCallableProcessingInterceptor() - Constructor for class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor

Create a new SecurityContextCallableProcessingInterceptor that uses the SecurityContext from the SecurityContextHolder at the time SecurityContextCallableProcessingInterceptor.beforeConcurrentHandling(NativeWebRequest, Callable) is invoked.

SecurityContextCallableProcessingInterceptor(SecurityContext) - Constructor for class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor

Creates a new SecurityContextCallableProcessingInterceptor with the specified SecurityContext.

SecurityContextHolderAwareRequestFilter - Class in org.springframework.security.web.servletapi

A Filter which populates the ServletRequest with a request wrapper which implements the servlet API security methods.

SecurityContextHolderAwareRequestFilter() - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

SecurityContextHolderAwareRequestWrapper - Class in org.springframework.security.web.servletapi

A Spring Security-aware HttpServletRequestWrapper, which uses the SecurityContext-defined Authentication object to implement the servlet API security methods: SecurityContextHolderAwareRequestWrapper.getUserPrincipal() SecurityContextHolderAwareRequestWrapper.isUserInRole(String) HttpServletRequestWrapper.getRemoteUser().

SecurityContextHolderAwareRequestWrapper(HttpServletRequest, String) - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper

Creates a new instance with AuthenticationTrustResolverImpl.

SecurityContextHolderAwareRequestWrapper(HttpServletRequest, AuthenticationTrustResolver, String) - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper

Creates a new instance

SecurityContextHolderFilter - Class in org.springframework.security.web.context

A Filter that uses the SecurityContextRepository to obtain the SecurityContext and set it on the SecurityContextHolder.

SecurityContextHolderFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.context.SecurityContextHolderFilter

Creates a new instance.

SecurityContextLogoutHandler - Class in org.springframework.security.web.authentication.logout

Performs a logout by modifying the SecurityContextHolder.

SecurityContextLogoutHandler() - Constructor for class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler

SecurityContextPersistenceFilter - Class in org.springframework.security.web.context

Deprecated.

Use SecurityContextHolderFilter

SecurityContextPersistenceFilter() - Constructor for class org.springframework.security.web.context.SecurityContextPersistenceFilter

Deprecated.

SecurityContextPersistenceFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.context.SecurityContextPersistenceFilter

Deprecated.

SecurityContextRepository - Interface in org.springframework.security.web.context

Strategy used for persisting a SecurityContext between requests.

SecurityContextServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout

A ServerLogoutHandler which removes the SecurityContext using the provided ServerSecurityContextRepository

SecurityContextServerLogoutHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler

SecurityContextServerWebExchange - Class in org.springframework.security.web.server.context

Overrides the ServerWebExchange.getPrincipal() with the provided SecurityContext

SecurityContextServerWebExchange(ServerWebExchange, Mono<SecurityContext>) - Constructor for class org.springframework.security.web.server.context.SecurityContextServerWebExchange

SecurityContextServerWebExchangeWebFilter - Class in org.springframework.security.web.server.context

Override the ServerWebExchange.getPrincipal() to be looked up using ReactiveSecurityContextHolder.

SecurityContextServerWebExchangeWebFilter() - Constructor for class org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter

SecurityFilterChain - Interface in org.springframework.security.web

Defines a filter chain which is capable of being matched against an HttpServletRequest.

SecurityHeaders - Class in org.springframework.security.web.http

Utilities for interacting with HttpHeaders

SecurityWebApplicationContextUtils - Class in org.springframework.security.web.context.support

Spring Security extension to Spring's WebApplicationContextUtils.

SecurityWebApplicationContextUtils() - Constructor for class org.springframework.security.web.context.support.SecurityWebApplicationContextUtils

SecurityWebFilterChain - Interface in org.springframework.security.web.server

Defines a filter chain which is capable of being matched against a ServerWebExchange in order to decide whether it applies to that request.

sendError(int) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the superclass sendError()

sendError(int, String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the superclass sendError()

sendRedirect(HttpServletRequest, HttpServletResponse, String) - Method in class org.springframework.security.web.DefaultRedirectStrategy

Redirects the response to the supplied URL.

sendRedirect(HttpServletRequest, HttpServletResponse, String) - Method in interface org.springframework.security.web.RedirectStrategy

Performs a redirect to the supplied URL

sendRedirect(String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the superclass sendRedirect()

sendRedirect(ServerWebExchange, URI) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy

sendRedirect(ServerWebExchange, URI) - Method in interface org.springframework.security.web.server.ServerRedirectStrategy

Performs a redirect based upon the provided ServerWebExchange and URI

sendStartAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, AuthenticationException) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

ServerAccessDeniedHandler - Interface in org.springframework.security.web.server.authorization

ServerAuthenticationConverter - Interface in org.springframework.security.web.server.authentication

A strategy used for converting from a ServerWebExchange to an Authentication used for authenticating with a provided ReactiveAuthenticationManager.

ServerAuthenticationEntryPoint - Interface in org.springframework.security.web.server

Used to request authentication

ServerAuthenticationEntryPointFailureHandler - Class in org.springframework.security.web.server.authentication

Adapts a ServerAuthenticationEntryPoint into a ServerAuthenticationFailureHandler

ServerAuthenticationEntryPointFailureHandler(ServerAuthenticationEntryPoint) - Constructor for class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler

ServerAuthenticationFailureHandler - Interface in org.springframework.security.web.server.authentication

Handles authentication failure

ServerAuthenticationSuccessHandler - Interface in org.springframework.security.web.server.authentication

Handles authentication success

ServerCsrfTokenRepository - Interface in org.springframework.security.web.server.csrf

An API to allow changing the method in which the expected CsrfToken is associated to the ServerWebExchange.

ServerCsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.server.csrf

An implementation of the ServerCsrfTokenRequestHandler interface that is capable of making the CsrfToken available as an exchange attribute and resolving the token value as either a form data value or header of the request.

ServerCsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler

ServerCsrfTokenRequestHandler - Interface in org.springframework.security.web.server.csrf

A callback interface that is used to make the CsrfToken created by the ServerCsrfTokenRepository available as an exchange attribute.

ServerCsrfTokenRequestResolver - Interface in org.springframework.security.web.server.csrf

Implementations of this interface are capable of resolving the token value of a CsrfToken from the provided ServerWebExchange.

ServerExchangeRejectedException - Exception in org.springframework.security.web.server.firewall

Thrown when a ServerWebExchange is rejected.

ServerExchangeRejectedException(String) - Constructor for exception org.springframework.security.web.server.firewall.ServerExchangeRejectedException

ServerExchangeRejectedHandler - Interface in org.springframework.security.web.server.firewall

Handles ServerExchangeRejectedException thrown by ServerWebExchangeFirewall.

ServerFormLoginAuthenticationConverter - Class in org.springframework.security.web.server.authentication

Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form data HTTP parameters.

ServerFormLoginAuthenticationConverter - Class in org.springframework.security.web.server

Deprecated.

use ServerFormLoginAuthenticationConverter instead.

ServerFormLoginAuthenticationConverter() - Constructor for class org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter

ServerFormLoginAuthenticationConverter() - Constructor for class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter

Deprecated.

ServerHttpBasicAuthenticationConverter - Class in org.springframework.security.web.server.authentication

Converts from a ServerWebExchange to an Authentication that can be authenticated.

ServerHttpBasicAuthenticationConverter - Class in org.springframework.security.web.server

Deprecated.

Use ServerHttpBasicAuthenticationConverter instead.

ServerHttpBasicAuthenticationConverter() - Constructor for class org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter

ServerHttpBasicAuthenticationConverter() - Constructor for class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter

Deprecated.

ServerHttpHeadersWriter - Interface in org.springframework.security.web.server.header

Interface for writing headers just before the response is committed.

ServerLogoutHandler - Interface in org.springframework.security.web.server.authentication.logout

Handles log out

ServerLogoutSuccessHandler - Interface in org.springframework.security.web.server.authentication.logout

Strategy for when log out was successfully performed (typically after ServerLogoutHandler is invoked).

ServerMaximumSessionsExceededHandler - Interface in org.springframework.security.web.server.authentication

Strategy for handling the scenario when the maximum number of sessions for a user has been reached.

ServerRedirectStrategy - Interface in org.springframework.security.web.server

A strategy for performing redirects.

ServerRequestCache - Interface in org.springframework.security.web.server.savedrequest

Saves a ServerHttpRequest so it can be "replayed" later.

ServerRequestCacheWebFilter - Class in org.springframework.security.web.server.savedrequest

A WebFilter that replays any matching request in ServerRequestCache

ServerRequestCacheWebFilter() - Constructor for class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter

ServerSecurityContextRepository - Interface in org.springframework.security.web.server.context

Strategy used for persisting a SecurityContext between requests.

ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver - Class in org.springframework.security.web.server.authentication

A ReactiveAuthenticationManagerResolver that returns a ReactiveAuthenticationManager instances based upon the type of ServerWebExchange passed into ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.resolve(ServerWebExchange).

ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder - Class in org.springframework.security.web.server.authentication

A builder for ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.

ServerWebExchangeDelegatingServerAccessDeniedHandler - Class in org.springframework.security.web.server.authorization

A ServerAccessDeniedHandler which delegates to multiple ServerAccessDeniedHandlers based on a ServerWebExchangeMatcher

ServerWebExchangeDelegatingServerAccessDeniedHandler(List<ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry>) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler

Creates a new instance

ServerWebExchangeDelegatingServerAccessDeniedHandler(ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry...) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler

Creates a new instance

ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry - Class in org.springframework.security.web.server.authorization

ServerWebExchangeDelegatingServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Delegates to a provided ServerHttpHeadersWriter if ServerWebExchangeMatcher.matches(ServerWebExchange) returns a match.

ServerWebExchangeDelegatingServerHttpHeadersWriter(ServerWebExchangeMatcherEntry<ServerHttpHeadersWriter>) - Constructor for class org.springframework.security.web.server.header.ServerWebExchangeDelegatingServerHttpHeadersWriter

Creates a new instance

ServerWebExchangeDelegatingServerHttpHeadersWriter(ServerWebExchangeMatcher, ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.header.ServerWebExchangeDelegatingServerHttpHeadersWriter

Creates a new instance

ServerWebExchangeFirewall - Interface in org.springframework.security.web.server.firewall

Interface which can be used to reject potentially dangerous requests and/or wrap them to control their behaviour.

ServerWebExchangeMatcher - Interface in org.springframework.security.web.server.util.matcher

An interface for determining if a ServerWebExchangeMatcher matches.

ServerWebExchangeMatcher.MatchResult - Class in org.springframework.security.web.server.util.matcher

The result of matching

ServerWebExchangeMatcherEntry<T> - Class in org.springframework.security.web.server.util.matcher

A rich object for associating a ServerWebExchangeMatcher to another object.

ServerWebExchangeMatcherEntry(ServerWebExchangeMatcher, T) - Constructor for class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry

ServerWebExchangeMatchers - Class in org.springframework.security.web.server.util.matcher

Provides factory methods for creating common ServerWebExchangeMatcher

ServerX509AuthenticationConverter - Class in org.springframework.security.web.server.authentication

Converts from a SslInfo provided by a request to an PreAuthenticatedAuthenticationToken that can be authenticated.

ServerX509AuthenticationConverter(X509PrincipalExtractor) - Constructor for class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter

servletPath(String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder

Sets the servlet path to be used by the MvcRequestMatcher generated by this builder

SessionAuthenticationException - Exception in org.springframework.security.web.authentication.session

Thrown by an SessionAuthenticationStrategy or ServerSessionAuthenticationStrategy to indicate that an authentication object is not valid for the current session, typically because the same user has exceeded the number of sessions they are allowed to have concurrently.

SessionAuthenticationException(String) - Constructor for exception org.springframework.security.web.authentication.session.SessionAuthenticationException

SessionAuthenticationStrategy - Interface in org.springframework.security.web.authentication.session

Allows pluggable support for HttpSession-related behaviour when an authentication occurs.

sessionCreated(HttpSessionEvent) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher

Handles the HttpSessionEvent by publishing a HttpSessionCreatedEvent to the application appContext.

sessionDestroyed(HttpSessionEvent) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher

Handles the HttpSessionEvent by publishing a HttpSessionDestroyedEvent to the application appContext.

SessionFixationProtectionEvent - Class in org.springframework.security.web.authentication.session

Indicates a session ID was changed for the purposes of session fixation protection.

SessionFixationProtectionEvent(Authentication, String, String) - Constructor for class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent

Constructs a new session fixation protection event.

SessionFixationProtectionStrategy - Class in org.springframework.security.web.authentication.session

Uses HttpServletRequest.invalidate() to protect against session fixation attacks.

SessionFixationProtectionStrategy() - Constructor for class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy

sessionIdChanged(HttpSessionEvent, String) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher

SessionInformationExpiredEvent - Class in org.springframework.security.web.session

An event for when a SessionInformation is expired.

SessionInformationExpiredEvent(SessionInformation, HttpServletRequest, HttpServletResponse) - Constructor for class org.springframework.security.web.session.SessionInformationExpiredEvent

Creates a new instance

SessionInformationExpiredStrategy - Interface in org.springframework.security.web.session

Determines the behaviour of the ConcurrentSessionFilter when an expired session is detected in the ConcurrentSessionFilter.

SessionLimit - Interface in org.springframework.security.web.server.authentication

Represents the maximum number of sessions allowed.

SessionManagementFilter - Class in org.springframework.security.web.session

Detects that a user has been authenticated since the start of the request and, if they have, calls the configured SessionAuthenticationStrategy to perform any session-related activity such as activating session-fixation protection mechanisms or checking for multiple concurrent logins.

SessionManagementFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.session.SessionManagementFilter

SessionManagementFilter(SecurityContextRepository, SessionAuthenticationStrategy) - Constructor for class org.springframework.security.web.session.SessionManagementFilter

setAccessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

setAccessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.web.csrf.CsrfFilter

Specifies a AccessDeniedHandler that should be used when CSRF protection fails.

setAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter

Sets the access denied handler.

setAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter

setAllowBackSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a backslash "\" or a URL encoded backslash "%5C" should be allowed in the path or not.

setAllowBackSlash(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a backslash "\" or a URL encoded backslash "%5C" should be allowed in the path or not.

setAllowedHeaderNames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines which header names should be allowed.

setAllowedHeaderNames(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines which header names should be allowed.

setAllowedHeaderValues(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines which header values should be allowed.

setAllowedHeaderValues(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines which header values should be allowed.

setAllowedHostnames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines which hostnames should be allowed.

setAllowedHostnames(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines which hostnames should be allowed.

setAllowedHttpMethods(Collection<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines which HTTP methods should be allowed.

setAllowedHttpMethods(Collection<HttpMethod>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines which HTTP methods should be allowed.

setAllowedParameterNames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines which parameter names should be allowed.

setAllowedParameterNames(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines which parameter names should be allowed.

setAllowedParameterValues(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines which parameter values should be allowed.

setAllowedParameterValues(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines which parameter values should be allowed.

setAllowFromParameterName(String) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy

Deprecated.

Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.

setAllowNull(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a null "\0" or a URL encoded nul "%00" should be allowed in the path or not.

setAllowNull(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a null "\0" or a URL encoded nul "%00" should be allowed in the path or not.

setAllowSemicolon(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if semicolon is allowed in the URL (i.e.

setAllowSemicolon(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if semicolon is allowed in the URL (i.e.

setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

If set to true (the default), a session will be created (if required) to store the security context if it is determined that its contents are different from the default empty context value.

setAllowUrlEncodedCarriageReturn(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a URL encoded Carriage Return is allowed in the path or not.

setAllowUrlEncodedCarriageReturn(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a URL encoded Carriage Return is allowed in the path or not.

setAllowUrlEncodedDoubleSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if double slash "//" that is URL encoded "%2F%2F" should be allowed in the path or not.

setAllowUrlEncodedDoubleSlash(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if double slash "//" that is URL encoded "%2F%2F" should be allowed in the path or not.

setAllowUrlEncodedLineFeed(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a URL encoded Line Feed is allowed in the path or not.

setAllowUrlEncodedLineFeed(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a URL encoded Line Feed is allowed in the path or not.

setAllowUrlEncodedLineSeparator(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a URL encoded line separator is allowed in the path or not.

setAllowUrlEncodedLineSeparator(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a URL encoded line separator is allowed in the path or not.

setAllowUrlEncodedParagraphSeparator(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a URL encoded paragraph separator is allowed in the path or not.

setAllowUrlEncodedParagraphSeparator(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a URL encoded paragraph separator is allowed in the path or not.

setAllowUrlEncodedPercent(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a percent "%" that is URL encoded "%25" should be allowed in the path or not.

setAllowUrlEncodedPercent(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a percent "%" that is URL encoded "%25" should be allowed in the path or not.

setAllowUrlEncodedPeriod(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a period "." that is URL encoded "%2E" should be allowed in the path or not.

setAllowUrlEncodedPeriod(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a period "." that is URL encoded "%2E" should be allowed in the path or not.

setAllowUrlEncodedSlash(boolean) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall

Sets if the application should allow a URL encoded slash character.

setAllowUrlEncodedSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a slash "/" that is URL encoded "%2F" should be allowed in the path or not.

setAllowUrlEncodedSlash(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a slash "/" that is URL encoded "%2F" should be allowed in the path or not.

setAlwaysCreateSession(boolean) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

setAlwaysRemember(boolean) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

setAlwaysUseDefaultTargetUrl(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

If true, will always redirect to the value of defaultTargetUrl (defaults to false).

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

Sets the ApplicationEventPublisher to use for submitting SessionFixationProtectionEvent.

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

setAsText(String) - Method in class org.springframework.security.web.util.matcher.RequestMatcherEditor

setAuthenticationConverter(Function<ServerWebExchange, Mono<Authentication>>) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter

Deprecated.

As of 5.1 in favor of AuthenticationWebFilter.setServerAuthenticationConverter(ServerAuthenticationConverter)

setAuthenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.web.authentication.AuthenticationFilter

setAuthenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

Sets the AuthenticationConverter to use.

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

Sets the AuthenticationDetailsSource to use.

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

setAuthenticationEntryPoint(DigestAuthenticationEntryPoint) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

setAuthenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

Sets the AuthenticationEntryPoint used when integrating HttpServletRequest with Servlet 3 APIs.

setAuthenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter

Sets the authentication entry point used when authentication is required

setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Sets the strategy used to handle a failed authentication.

setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.session.SessionManagementFilter

The handler which will be invoked if the AuthenticatedSessionStrategy raises a SessionAuthenticationException, indicating that the user is not allowed to be authenticated for this session (typically because they already have too many sessions open).

setAuthenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter

Sets the failure handler used when authentication fails.

setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

Sets the AuthenticationManager used when integrating HttpServletRequest with Servlet 3 APIs.

setAuthenticationManagerResolver(AuthenticationManagerResolver<HttpServletRequest>) - Method in class org.springframework.security.web.authentication.AuthenticationFilter

setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Sets the strategy used to handle a successful authentication.

setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Sets the strategy used to handle a successful authentication.

setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

Allows control over the destination a remembered user is sent to when they are successfully authenticated.

setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter

Sets the authentication success handler.

setAuthenticationTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

setAuthenticationTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter

Sets the authentication trust resolver.

setAuthenticationUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

setAuthorizationEventPublisher(AuthorizationEventPublisher) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter

Use this AuthorizationEventPublisher to publish AuthorizationDeniedEvents and AuthorizationGrantedEvents.

setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver

Sets the BeanResolver to be used on the expressions

setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver

Set the BeanResolver to be used on the expressions

setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver

Sets the BeanResolver to be used on the expressions

setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver

Sets the BeanResolver to be used on the expressions

setCacheSecurityContext(boolean) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository

If set to true the result of WebSessionServerSecurityContextRepository.load(ServerWebExchange) will use Mono.cache() to prevent multiple lookups.

setChannelDecisionManager(ChannelDecisionManager) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter

setChannelProcessors(List<?>) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl

setCheckForPrincipalChanges(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

If set, the pre-authenticated principal will be checked on each request and compared against the name of the current Authentication object.

setClearAuthentication(boolean) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler

If true, removes the Authentication from the SecurityContext to prevent issues with concurrent requests.

setContentLength(int) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

setContentLengthLong(long) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

setContextPath(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setContextPath(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder

setContextRelative(boolean) - Method in class org.springframework.security.web.DefaultRedirectStrategy

If true, causes any redirection URLs to be calculated minus the protocol and context path (defaults to false).

setContextRelative(boolean) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy

Sets if the location is relative to the context.

setContinueChainBeforeSuccessfulAuthentication(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Indicates if the filter chain should be continued prior to delegation to

AbstractAuthenticationProcessingFilter.successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication)

, which may be useful in certain environment (such as Tapestry applications).

setContinueFilterChainOnUnsuccessfulAuthentication(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

If set to true (the default), any AuthenticationException raised by the AuthenticationManager will be swallowed, and the request will be allowed to proceed, potentially using alternative authentication mechanisms.

setContinueOnError(boolean) - Method in class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter

Continue iterating when a delegate errors, defaults to false

setCookie(String[], int, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Sets the cookie on the response.

setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder>) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Add a Consumer for a ResponseCookieBuilder that will be invoked for each cookie being built, just before the call to build().

setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder>) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Add a Consumer for a ResponseCookieBuilder that will be invoked for each cookie being built, just before the call to build().

setCookieDomain(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

setCookieDomain(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Deprecated.

Use CookieCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setCookieDomain(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Deprecated.

Use CookieServerCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setCookieHttpOnly(boolean) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Deprecated.

Use CookieCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setCookieHttpOnly(boolean) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Deprecated.

Use CookieServerCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setCookieMaxAge(int) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Deprecated.

Use CookieCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setCookieMaxAge(int) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Deprecated.

Use CookieServerCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setCookieName(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

setCookieName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Sets the name of the cookie that the expected CSRF token is saved to and read from.

setCookieName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Sets the cookie name

setCookiePath(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Set the path that the Cookie will be created with.

setCookiePath(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Sets the cookie path

setCookies(List<Cookie>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

setCookies(List<SavedCookie>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setCreateAuthenticatedToken(boolean) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

If you set this property, the Authentication object, which is created after the successful digest authentication will be marked as authenticated and filled with the authorities loaded by the UserDetailsService.

setCreateEmptySubject(boolean) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter

Sets createEmptySubject.

setCreateNewSession(boolean) - Method in class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy

Determines whether a new session should be created before redirecting (to avoid possible looping issues where the same session ID is sent with the redirected request).

setCreateNewSession(boolean) - Method in class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy

Determines whether a new session should be created before redirecting (to avoid possible looping issues where the same session ID is sent with the redirected request).

setCreateSessionAllowed(boolean) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

If true, indicates that it is permitted to store the target URL and exception information in a new HttpSession (the default).

setCreateTableOnStartup(boolean) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

Intended for convenience in debugging.

setCredentialsCharset(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

Sets the charset to use when decoding credentials to Strings.

setCredentialsCharset(Charset) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter

setCredentialsCharset(Charset) - Method in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter

Deprecated.

Sets the Charset used to decode the Base64-encoded bytes of the basic authentication credentials.

setCredentialsEnvironmentVariable(String) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter

setCredentialsRequestHeader(String) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter

setCsrfRequestAttributeName(String) - Method in class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler

The CsrfToken is available as a request attribute named CsrfToken.class.getName().

setCsrfTokenRepository(ServerCsrfTokenRepository) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter

setDefaultAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler

Use this ServerAccessDeniedHandler when no ServerWebExchangeMatcher matches.

setDefaultAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver

Set the default AuthenticationManager to use when a request does not match

setDefaultAuthenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver

Set the default ReactiveAuthenticationManager to use when a request does not match

setDefaultEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint

EntryPoint which is used when no RequestMatcher returned true

setDefaultEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint

EntryPoint which is used when no RequestMatcher returned true

setDefaultFailureUrl(String) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

The URL which will be used as the failure destination.

setDefaultLogoutSuccessHandler(LogoutSuccessHandler) - Method in class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler

Sets the default LogoutSuccessHandler if no other handlers available

setDefaultRolePrefix(String) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler

Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String).

setDefaultRolePrefix(String) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler

Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String).

setDefaultTargetUrl(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

Supplies the default target Url that will be used if no saved request is found in the session, or the alwaysUseDefaultTargetUrl property is set to true.

setDeferLoadToken(boolean) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository

Deprecated.

Determines if LazyCsrfTokenRepository.loadToken(HttpServletRequest) should be lazily loaded.

setDetails(HttpServletRequest, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Provided so that subclasses may configure what is put into the authentication request's details property.

setDisableUrlRewriting(boolean) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

Allows the use of session identifiers in URLs to be disabled.

setEntryPoint(ChannelEntryPoint) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor

setEntryPoint(ChannelEntryPoint) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor

setErrorPage(String) - Method in class org.springframework.security.web.access.AccessDeniedHandlerImpl

The error page to use.

setExceptionIfHeaderMissing(boolean) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter

Defines whether an exception should be raised if the principal header is missing.

setExceptionIfMaximumExceeded(boolean) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy

Sets the exceptionIfMaximumExceeded property, which determines whether the user should be prevented from opening more sessions than allowed.

setExceptionIfVariableMissing(boolean) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter

Defines whether an exception should be raised if the principal variable is missing.

setExceptionMappings(Map<?, ?>) - Method in class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler

Sets the map of exception types (by name) to URLs.

setExchangeRejectedHandler(ServerExchangeRejectedHandler) - Method in class org.springframework.security.web.server.WebFilterChainProxy

Handles ServerExchangeRejectedException when the ServerWebExchangeFirewall rejects the provided ServerWebExchange.

setExitUserMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

Set the matcher to respond to exit user processing.

setExitUserMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Set the matcher to respond to exit user processing.

setExitUserUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Set the URL to respond to exit user processing.

setExitUserUrl(String) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

Set the URL to respond to exit user processing.

setExpressionHandler(SecurityExpressionHandler<RequestAuthorizationContext>) - Method in class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager

Sets the SecurityExpressionHandler to be used.

setExpressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter

Deprecated.

setFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.AuthenticationFilter

setFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Used to define custom behaviour when a switch fails.

setFailureUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setFilterAsyncDispatch(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter

If set to true, the filter will be applied to the async dispatcher.

setFilterChainDecorator(FilterChainProxy.FilterChainDecorator) - Method in class org.springframework.security.web.FilterChainProxy

Used to decorate the original FilterChain for each request

setFilterChainDecorator(WebFilterChainProxy.WebFilterChainDecorator) - Method in class org.springframework.security.web.server.WebFilterChainProxy

Used to decorate the original FilterChain for each request

setFilterChainValidator(FilterChainProxy.FilterChainValidator) - Method in class org.springframework.security.web.FilterChainProxy

Used (internally) to specify a validation strategy for the filters in each configured chain.

setFilterErrorDispatch(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter

If set to true, the filter will be applied to error dispatcher.

setFilterProcessesUrl(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Sets the URL that determines if authentication is required

setFilterProcessesUrl(String) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter

setFirewall(HttpFirewall) - Method in class org.springframework.security.web.FilterChainProxy

Sets the "firewall" implementation which will be used to validate and wrap (or potentially reject) the incoming requests.

setFirewall(ServerWebExchangeFirewall) - Method in class org.springframework.security.web.server.WebFilterChainProxy

Protects the application using the provided StrictServerWebExchangeFirewall.

setForceEagerSessionCreation(boolean) - Method in class org.springframework.security.web.context.SecurityContextPersistenceFilter

Deprecated.

setForceHttps(boolean) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

Set to true to force login form access to be via https.

setFormLoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setFormLoginEnabled(boolean) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter

setHeaderName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Sets the name of the HTTP header that should be used to provide the token.

setHeaderName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository

Sets the header name that the CsrfToken is expected to appear on and the header that the response will contain the CsrfToken.

setHeaderName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Sets the header name

setHeaderName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository

Sets the header name that the CsrfToken is expected to appear on and the header that the response will contain the CsrfToken.

setHeaders(Map<String, List<String>>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setHeaders(Map<String, List<String>>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

setHeaderValue(XXssProtectionHeaderWriter.HeaderValue) - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter

Sets the value of the X-XSS-PROTECTION header.

setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue) - Method in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter

Sets the value of the X-XSS-PROTECTION header.

setHttpStatus(HttpStatus) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy

The HttpStatus to use for the redirect.

setIgnoredMediaTypes(Set<MediaType>) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher

Set the MediaType to ignore from the ContentNegotiationStrategy.

setIgnoredMediaTypes(Set<MediaType>) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher

Set the MediaType to ignore from the ContentNegotiationStrategy.

setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

If true, the pinning policy applies to this pinned host as well as any subdomains of the host's domain name.

setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter

If true, subdomains should be considered HSTS Hosts too.

setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter

Sets if subdomains should be included.

setInsecureKeyword(String) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor

setInvalidateHttpSession(boolean) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler

Causes the HttpSession to be invalidated when this LogoutHandler is invoked.

setInvalidateSessionOnPrincipalChange(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

If checkForPrincipalChanges is set, and a change of principal is detected, determines whether any existing session should be invalidated before proceeding to authenticate the new principal.

setInvalidSessionStrategy(InvalidSessionStrategy) - Method in class org.springframework.security.web.session.SessionManagementFilter

Sets the strategy which will be invoked instead of allowing the filter chain to proceed, if the user agent requests an invalid session ID.

setKey(String) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

setLocales(List<Locale>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setLocales(List<Locale>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

setLocation(URI) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler

Where the user is redirected to upon authentication success

setLoginPageUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setLogoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter

Sets the ServerLogoutHandler.

setLogoutHandlers(List<LogoutHandler>) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

Sets the LogoutHandlers used when integrating with HttpServletRequest with Servlet 3 APIs.

setLogoutHandlers(List<LogoutHandler>) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter

Set list of LogoutHandler

setLogoutHandlers(LogoutHandler[]) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter

setLogoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter

setLogoutSuccessHandler(ServerLogoutSuccessHandler) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter

Sets the ServerLogoutSuccessHandler.

setLogoutSuccessUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setLogoutSuccessUrl(URI) - Method in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler

The URL to redirect to after successfully logging out.

setMappableRolesRetriever(MappableAttributesRetriever) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

setMatchingAlgorithm(TokenBasedRememberMeServices.RememberMeTokenAlgorithm) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

Sets the algorithm to be used to match the token signature

setMatchingRequestParameterName(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setMatchingRequestParameterName(String) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

Specify the name of a query parameter that is added to the URL that specifies the request cache should be checked in HttpSessionRequestCache.getMatchingRequest(HttpServletRequest, HttpServletResponse)

setMatchingRequestParameterName(String) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache

Specify the name of a query parameter that is added to the URL in WebSessionServerRequestCache.getRedirectUri(ServerWebExchange) and is required for WebSessionServerRequestCache.removeMatchingRequest(ServerWebExchange) to look up the ServerHttpRequest.

setMaxAge(Duration) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter

Sets the max age of the header.

setMaxAgeInSeconds(long) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header.

setMaxAgeInSeconds(long) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter

Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.

setMaximumSessions(int) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy

Sets the maxSessions property.

setMessageSource(MessageSource) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor

setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy

Sets the MessageSource used for reporting errors back to the user when the user has exceeded the maximum number of authentications.

setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

setMethod(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setMethod(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

setMethod(HttpMethod) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher

setMigrateSessionAttributes(boolean) - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy

Defines whether attributes should be migrated to a new session or not.

setMode(XFrameOptionsServerHttpHeadersWriter.Mode) - Method in class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter

Sets the X-Frame-Options mode.

setNonceValiditySeconds(int) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

setOauth2AuthenticationUrlToClientName(Map<String, String>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setOauth2AuthenticationUrlToClientName(Map<String, String>) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter

setOauth2LoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setObserveOncePerRequest(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter

Sets whether this filter apply only once per request.

setObserveOncePerRequest(boolean) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor

Deprecated.

setOrder(int) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider

setOrder(int) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

setParameter(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Sets the name of the parameter which should be checked for to see if a remember-me has been requested during a login request.

setParameterName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Sets the name of the HTTP request parameter that should be used to provide a token.

setParameterName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository

Sets the HttpServletRequest parameter name that the CsrfToken is expected to appear on

setParameterName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Sets the parameter name

setParameterName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository

Sets the HttpServletRequest parameter name that the CsrfToken is expected to appear on

setParameters(Map<String, String[]>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setParameters(Map<String, String[]>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

setPasswordAlreadyEncoded(boolean) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

setPasswordParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setPasswordParameter(String) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Sets the parameter name which will be used to obtain the password from the login request..

setPasswordParameter(String) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter

Deprecated.

The parameter name of the form data to extract the password

setPathInfo(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setPathInfo(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder

setPins(Map<String, String>) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

Sets the value for the pin- directive of the Public-Key-Pins header.

setPolicy(String) - Method in class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter

Sets the policy to be used in the response header.

setPolicy(String) - Method in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter

Set the policy to be used in the response header.

setPolicy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter

Sets the CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy value to be used in the Cross-Origin-Embedder-Policy header

setPolicy(CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter

Sets the CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy value to be used in the Cross-Origin-Opener-Policy header

setPolicy(CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter

Sets the CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy value to be used in the Cross-Origin-Resource-Policy header

setPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter

Sets the policy to be used in the response header.

setPolicy(CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter

Sets the CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy value to be used in the Cross-Origin-Embedder-Policy header

setPolicy(CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter

Sets the CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy value to be used in the Cross-Origin-Opener-Policy header

setPolicy(CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter

Sets the CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy value to be used in the Cross-Origin-Embedder-Policy header

setPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter

Set the policy to be used in the response header.

setPolicyDirectives(String) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter

Sets the security policy directive(s) to be used in the response header.

setPolicyDirectives(String) - Method in class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter

Set the security policy directive(s) to be used in the response header.

setPolicyDirectives(String) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter

Set the policy directive(s) to be used in the response header.

setPolicyDirectives(String) - Method in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter

Set the policy directive(s) to be used in the response header.

setPort(int) - Method in class org.springframework.security.web.util.RedirectUrlBuilder

setPortMapper(PortMapper) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint

setPortMapper(PortMapper) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

setPortMapper(PortMapper) - Method in class org.springframework.security.web.PortResolverImpl

setPortMapper(PortMapper) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter

Use this PortMapper for mapping custom ports

setPortMappings(Map<String, String>) - Method in class org.springframework.security.web.PortMapperImpl

Set to override the default HTTP port to HTTPS port mappings of 80:443, and 8080:8443.

setPortResolver(PortResolver) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint

setPortResolver(PortResolver) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

setPortResolver(PortResolver) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

setPostOnly(boolean) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Defines whether only HTTP POST requests will be allowed by this filter.

setPreAuthenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider

Set the AuthenticatedUserDetailsService to be used to load the UserDetails for the authenticated user.

setPreload(boolean) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter

If true, preload will be included in HSTS Header.

setPreload(boolean) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter

Sets if preload should be included.

setPrincipalEnvironmentVariable(String) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter

setPrincipalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter

setPrincipalRequestHeader(String) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter

setQuery(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder

setQueryString(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setRealm(String) - Method in class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint

Sets the realm to be used

setRealmName(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint

setRealmName(String) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint

Sets the strategy to be used for redirecting to the required channel URL.

setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

Allows overriding of the behaviour when redirecting to a target URL.

setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

Allows overriding of the behaviour when redirecting to a target URL.

setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter

Deprecated.

use ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) instead.

setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy

Sets the redirect strategy to use.

setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint

Sets the RedirectStrategy to use.

setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler

Sets the RedirectStrategy to use.

setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler

The RedirectStrategy to use.

setRedirectUrl(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

setRememberMeParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setRememberMeServices(RememberMeServices) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setRememberMeServices(RememberMeServices) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

setReportOnly(boolean) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter

If true, includes the Content-Security-Policy-Report-Only header in the response, otherwise, defaults to the Content-Security-Policy header.

setReportOnly(boolean) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

To get a Public-Key-Pins header you should set this to false, otherwise the header will be Public-Key-Pins-Report-Only.

setReportOnly(boolean) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter

Set whether to include the Content-Security-Policy-Report-Only header in the response.

setReportUri(String) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

Sets the URI to which the browser should report pin validation failures.

setReportUri(URI) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

Sets the URI to which the browser should report pin validation failures.

setRequest(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpRequestResponseHolder

Deprecated.

setRequestCache(RequestCache) - Method in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint

The request cache to use to save the request before sending a redirect.

setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler

Sets the ServerRequestCache used to redirect to.

setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter

setRequestHandler(CsrfTokenRequestHandler) - Method in class org.springframework.security.web.csrf.CsrfAuthenticationStrategy

Specify a CsrfTokenRequestHandler to use for making the CsrfToken available as a request attribute.

setRequestHandler(CsrfTokenRequestHandler) - Method in class org.springframework.security.web.csrf.CsrfFilter

Specifies a CsrfTokenRequestHandler that is used to make the CsrfToken available as a request attribute.

setRequestHandler(ServerCsrfTokenRequestHandler) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter

Specifies a ServerCsrfTokenRequestHandler that is used to make the CsrfToken available as an exchange attribute.

setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.AuthenticationFilter

setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter

Sets the RequestMatcher used to determine if the "Strict-Transport-Security" should be added.

setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache

Allows selective use of saved requests for a subset of requests.

setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

Allows selective use of saved requests for a subset of requests.

setRequestRejectedHandler(RequestRejectedHandler) - Method in class org.springframework.security.web.FilterChainProxy

Sets the RequestRejectedHandler to be used for requests rejected by the firewall.

setRequestTransformer(AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator

Set a AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer to be used prior to passing to the AuthorizationManager.

setRequestURI(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setRequestURL(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setRequireCsrfProtectionMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter

setRequireCsrfProtectionMatcher(RequestMatcher) - Method in class org.springframework.security.web.csrf.CsrfFilter

Specifies a RequestMatcher that is used to determine if CSRF protection should be applied.

setRequiresAuthenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter

Sets the matcher used to determine when creating an Authentication from AuthenticationWebFilter.setServerAuthenticationConverter(ServerAuthenticationConverter) to be authentication.

setRequiresAuthenticationRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setRequiresAuthenticationRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Sets the request matcher to check whether to proceed the request further.

setRequiresHttpsRedirectMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter

Use this ServerWebExchangeMatcher to narrow which requests are redirected to HTTPS.

setRequiresLogoutMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter

setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

Sets a Function used to resolve a Map of the hidden inputs where the key is the name of the input and the value is the value of the input.

setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter

Sets a Function used to resolve a Map of the hidden inputs where the key is the name of the input and the value is the value of the input.

setResourceLoader(ResourceLoader) - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever

setResponse(HttpServletResponse) - Method in class org.springframework.security.web.context.HttpRequestResponseHolder

Deprecated.

setRestClient(RestClient) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker

Sets the RestClient to use when making requests to Have I Been Pwned REST API.

setRethrowAuthenticationServiceException(boolean) - Method in class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler

Set whether to rethrow AuthenticationServiceExceptions (defaults to true)

setRethrowAuthenticationServiceException(boolean) - Method in class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler

Set whether to rethrow AuthenticationServiceExceptions (defaults to true)

setRolePrefix(String) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

setSaml2AuthenticationUrlToProviderName(Map<String, String>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setSaml2LoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setSaveRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache

Sets the matcher to determine if the request should be saved.

setSaveRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache

Sets the matcher to determine if the request should be saved.

setScheme(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setScheme(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder

setSecure(boolean) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Deprecated.

Use CookieServerCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setSecure(Boolean) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Deprecated.

Use CookieCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setSecureKeyword(String) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor

setSecureRandom(SecureRandom) - Method in class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler

Specifies the SecureRandom used to generate random bytes that are used to mask the value of the CsrfToken on each request.

setSecureRandom(SecureRandom) - Method in class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler

Specifies the SecureRandom used to generate random bytes that are used to mask the value of the CsrfToken on each request.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter