Package | Description |
---|---|
org.springframework.security.access |
Core access-control related code, including security metadata related classes, interception code, access control
annotations, EL support and voter-based implementations of the central
AccessDecisionManager interface. |
org.springframework.security.access.annotation |
Support for JSR-250 and Spring Security
@Secured annotations. |
org.springframework.security.access.event |
Authorization event and listener classes.
|
org.springframework.security.access.expression |
Expression handling code to support the use of Spring-EL based expressions in
@PreAuthorize , @PreFilter ,
@PostAuthorize and @PostFilter annotations. |
org.springframework.security.access.expression.method |
Implementation of expression-based method security.
|
org.springframework.security.access.intercept |
Abstract level security interception classes which are responsible for enforcing the
configured security constraints for a secure object.
|
org.springframework.security.access.prepost |
Contains the infrastructure classes for handling the
@PreAuthorize , @PreFilter , @PostAuthorize
and @PostFilter annotations. |
org.springframework.security.access.vote |
Implements a vote-based approach to authorization decisions.
|
org.springframework.security.acls |
The Spring Security ACL package which implements instance-based security for domain objects.
|
org.springframework.security.acls.afterinvocation |
After-invocation providers for collection and array filtering.
|
org.springframework.security.acls.domain |
Basic implementation of access control lists (ACLs) interfaces.
|
org.springframework.security.acls.model |
Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.
|
org.springframework.security.authentication |
Core classes and interfaces related to user authentication, which are used throughout Spring Security.
|
org.springframework.security.authentication.dao |
An
AuthenticationProvider which relies upon a data access object. |
org.springframework.security.authentication.event |
Authentication success and failure events which can be published to the Spring application context.
|
org.springframework.security.authentication.jaas |
An authentication provider for JAAS.
|
org.springframework.security.authentication.jaas.event |
JAAS authentication events which can be published to the Spring application context by the JAAS authentication
provider.
|
org.springframework.security.authentication.rcp |
Allows remote clients to authenticate and obtain a populated
Authentication object. |
org.springframework.security.cas.authentication |
An
AuthenticationProvider that can process CAS service tickets and proxy tickets. |
org.springframework.security.cas.web |
Authenticates standard web browser users via CAS.
|
org.springframework.security.config.authentication |
Parsing of <authentication-manager> and related elements.
|
org.springframework.security.core |
Core classes and interfaces related to user authentication and authorization, as well as the maintenance of
a security context.
|
org.springframework.security.core.context |
Classes related to the establishment of a security context for the duration of a request (such as
an HTTP or RMI invocation).
|
org.springframework.security.core.userdetails |
The standard interfaces for implementing user data DAOs.
|
org.springframework.security.ldap.authentication |
The LDAP authentication provider package.
|
org.springframework.security.openid |
Authenticates standard web browser users via OpenID.
|
org.springframework.security.provisioning |
Contains simple user and authority group account provisioning interfaces together with a a
JDBC-based implementation.
|
org.springframework.security.remoting.rmi |
Enables use of Spring's RMI remoting extension points to propagate the
SecurityContextHolder (which
should contain an Authentication request token) from one JVM to the remote JVM. |
org.springframework.security.web.access |
Access-control related classes and packages.
|
org.springframework.security.web.access.expression |
Implementation of web security expressions.
|
org.springframework.security.web.authentication |
Authentication processing mechanisms, which respond to the submission of authentication
credentials using various protocols (eg BASIC, CAS, form login etc).
|
org.springframework.security.web.authentication.logout |
Logout functionality based around a filter which handles a specific logout URL.
|
org.springframework.security.web.authentication.preauth |
Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming request has already been
authenticated by some externally configured system.
|
org.springframework.security.web.authentication.rememberme |
Support for remembering a user between different web sessions.
|
org.springframework.security.web.authentication.session |
Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.
|
org.springframework.security.web.authentication.switchuser |
Provides HTTP-based "switch user" (su) capabilities.
|
org.springframework.security.web.authentication.www |
WWW-Authenticate based authentication mechanism implementations: Basic and Digest authentication.
|
org.springframework.security.web.csrf |
Modifier and Type | Method and Description |
---|---|
void |
PermissionCacheOptimizer.cachePermissionsFor(Authentication a,
Collection<?> objects)
Optimises the permission cache for anticipated operation on the supplied collection of objects.
|
void |
AccessDecisionManager.decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> configAttributes)
Resolves an access control decision for the passed parameters.
|
Object |
AfterInvocationProvider.decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes,
Object returnedObject) |
boolean |
PermissionEvaluator.hasPermission(Authentication authentication,
Object targetDomainObject,
Object permission) |
boolean |
PermissionEvaluator.hasPermission(Authentication authentication,
Serializable targetId,
String targetType,
Object permission)
Alternative method for evaluating a permission where only the identifier of the target object
is available, rather than the target instance itself.
|
int |
AccessDecisionVoter.vote(Authentication authentication,
S object,
Collection<ConfigAttribute> attributes)
Indicates whether or not access is granted.
|
Modifier and Type | Method and Description |
---|---|
int |
Jsr250Voter.vote(Authentication authentication,
Object object,
Collection<ConfigAttribute> definition)
Votes according to JSR 250.
|
Modifier and Type | Method and Description |
---|---|
Authentication |
AuthorizedEvent.getAuthentication() |
Authentication |
AuthorizationFailureEvent.getAuthentication() |
Constructor and Description |
---|
AuthorizationFailureEvent(Object secureObject,
Collection<ConfigAttribute> attributes,
Authentication authentication,
AccessDeniedException accessDeniedException)
Construct the event.
|
AuthorizedEvent(Object secureObject,
Collection<ConfigAttribute> attributes,
Authentication authentication)
Construct the event.
|
Modifier and Type | Field and Description |
---|---|
protected Authentication |
SecurityExpressionRoot.authentication |
Modifier and Type | Method and Description |
---|---|
Authentication |
SecurityExpressionRoot.getAuthentication() |
Authentication |
SecurityExpressionOperations.getAuthentication()
Gets the
Authentication used for evaluating the expressions |
Modifier and Type | Method and Description |
---|---|
org.springframework.expression.EvaluationContext |
AbstractSecurityExpressionHandler.createEvaluationContext(Authentication authentication,
T invocation)
Invokes the internal template methods to create
StandardEvaluationContext and SecurityExpressionRoot
objects. |
org.springframework.expression.EvaluationContext |
SecurityExpressionHandler.createEvaluationContext(Authentication authentication,
T invocation)
Provides an evaluation context in which to evaluate security expressions for the invocation type.
|
protected org.springframework.expression.spel.support.StandardEvaluationContext |
AbstractSecurityExpressionHandler.createEvaluationContextInternal(Authentication authentication,
T invocation)
Override to create a custom instance of
StandardEvaluationContext . |
protected abstract SecurityExpressionOperations |
AbstractSecurityExpressionHandler.createSecurityExpressionRoot(Authentication authentication,
T invocation)
Implement in order to create a root object of the correct type for the supported invocation type.
|
boolean |
DenyAllPermissionEvaluator.hasPermission(Authentication authentication,
Object target,
Object permission) |
boolean |
DenyAllPermissionEvaluator.hasPermission(Authentication authentication,
Serializable targetId,
String targetType,
Object permission) |
Constructor and Description |
---|
SecurityExpressionRoot(Authentication authentication)
Creates a new instance
|
Modifier and Type | Method and Description |
---|---|
Object |
ExpressionBasedPostInvocationAdvice.after(Authentication authentication,
org.aopalliance.intercept.MethodInvocation mi,
PostInvocationAttribute postAttr,
Object returnedObject) |
boolean |
ExpressionBasedPreInvocationAdvice.before(Authentication authentication,
org.aopalliance.intercept.MethodInvocation mi,
PreInvocationAttribute attr) |
org.springframework.expression.spel.support.StandardEvaluationContext |
DefaultMethodSecurityExpressionHandler.createEvaluationContextInternal(Authentication auth,
org.aopalliance.intercept.MethodInvocation mi)
Uses a
MethodSecurityEvaluationContext as the EvaluationContext implementation. |
protected MethodSecurityExpressionOperations |
DefaultMethodSecurityExpressionHandler.createSecurityExpressionRoot(Authentication authentication,
org.aopalliance.intercept.MethodInvocation invocation)
Creates the root object for expression evaluation.
|
Modifier and Type | Class and Description |
---|---|
class |
RunAsUserToken
An immutable
Authentication implementation that supports RunAsManagerImpl . |
Modifier and Type | Method and Description |
---|---|
Authentication |
RunAsImplAuthenticationProvider.authenticate(Authentication authentication) |
Authentication |
RunAsManagerImpl.buildRunAs(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes) |
Authentication |
RunAsManager.buildRunAs(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes)
Returns a replacement
Authentication object for the current secure object invocation, or
null if replacement not required. |
Modifier and Type | Method and Description |
---|---|
Class<? extends Authentication> |
RunAsUserToken.getOriginalAuthentication() |
Modifier and Type | Method and Description |
---|---|
Authentication |
RunAsImplAuthenticationProvider.authenticate(Authentication authentication) |
Authentication |
RunAsManagerImpl.buildRunAs(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes) |
Authentication |
RunAsManager.buildRunAs(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes)
Returns a replacement
Authentication object for the current secure object invocation, or
null if replacement not required. |
Object |
AfterInvocationProviderManager.decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> config,
Object returnedObject) |
Object |
AfterInvocationManager.decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes,
Object returnedObject)
Given the details of a secure object invocation including its returned
Object , make an
access control decision or optionally modify the returned Object . |
boolean |
MethodInvocationPrivilegeEvaluator.isAllowed(org.aopalliance.intercept.MethodInvocation mi,
Authentication authentication) |
Constructor and Description |
---|
RunAsUserToken(String key,
Object principal,
Object credentials,
Collection<? extends GrantedAuthority> authorities,
Class<? extends Authentication> originalAuthentication) |
Modifier and Type | Method and Description |
---|---|
Object |
PostInvocationAuthorizationAdvice.after(Authentication authentication,
org.aopalliance.intercept.MethodInvocation mi,
PostInvocationAttribute pia,
Object returnedObject) |
boolean |
PreInvocationAuthorizationAdvice.before(Authentication authentication,
org.aopalliance.intercept.MethodInvocation mi,
PreInvocationAttribute preInvocationAttribute)
The "before" advice which should be executed to perform any filtering necessary and to decide whether
the method call is authorised.
|
Object |
PostInvocationAdviceProvider.decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> config,
Object returnedObject) |
int |
PreInvocationAuthorizationAdviceVoter.vote(Authentication authentication,
org.aopalliance.intercept.MethodInvocation method,
Collection<ConfigAttribute> attributes) |
Modifier and Type | Method and Description |
---|---|
void |
ConsensusBased.decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> configAttributes)
This concrete implementation simply polls all configured
AccessDecisionVoter s and upon
completion determines the consensus of granted against denied responses. |
void |
UnanimousBased.decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes)
This concrete implementation polls all configured
AccessDecisionVoter s for each ConfigAttribute and grants access if only grant (or abstain) votes were received. |
void |
AffirmativeBased.decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> configAttributes)
This concrete implementation simply polls all configured
AccessDecisionVoter s and grants access
if any AccessDecisionVoter voted affirmatively. |
int |
AuthenticatedVoter.vote(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes) |
int |
RoleVoter.vote(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes) |
Modifier and Type | Method and Description |
---|---|
void |
AclPermissionCacheOptimizer.cachePermissionsFor(Authentication authentication,
Collection<?> objects) |
boolean |
AclPermissionEvaluator.hasPermission(Authentication authentication,
Object domainObject,
Object permission)
Determines whether the user has the given permission(s) on the domain object using the ACL
configuration.
|
boolean |
AclPermissionEvaluator.hasPermission(Authentication authentication,
Serializable targetId,
String targetType,
Object permission) |
int |
AclEntryVoter.vote(Authentication authentication,
org.aopalliance.intercept.MethodInvocation object,
Collection<ConfigAttribute> attributes) |
Modifier and Type | Method and Description |
---|---|
Object |
AclEntryAfterInvocationCollectionFilteringProvider.decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> config,
Object returnedObject) |
Object |
AclEntryAfterInvocationProvider.decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> config,
Object returnedObject) |
protected boolean |
AbstractAclProvider.hasPermission(Authentication authentication,
Object domainObject) |
Modifier and Type | Method and Description |
---|---|
List<Sid> |
SidRetrievalStrategyImpl.getSids(Authentication authentication) |
Constructor and Description |
---|
PrincipalSid(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
List<Sid> |
SidRetrievalStrategy.getSids(Authentication authentication) |
Modifier and Type | Class and Description |
---|---|
class |
AbstractAuthenticationToken
Base class for
Authentication objects. |
class |
AnonymousAuthenticationToken
Represents an anonymous
Authentication . |
class |
RememberMeAuthenticationToken
Represents a remembered
Authentication . |
class |
TestingAuthenticationToken
An
Authentication implementation that is designed for use whilst unit testing. |
class |
UsernamePasswordAuthenticationToken
An
Authentication implementation that is designed for simple presentation
of a username and password. |
Modifier and Type | Method and Description |
---|---|
Authentication |
AnonymousAuthenticationProvider.authenticate(Authentication authentication) |
Authentication |
TestingAuthenticationProvider.authenticate(Authentication authentication) |
Authentication |
AuthenticationProvider.authenticate(Authentication authentication)
Performs authentication with the same contract as
AuthenticationManager.authenticate(Authentication) . |
Authentication |
AuthenticationManager.authenticate(Authentication authentication)
Attempts to authenticate the passed
Authentication object, returning a fully populated
Authentication object (including granted authorities) if successful. |
Authentication |
RememberMeAuthenticationProvider.authenticate(Authentication authentication) |
Authentication |
ProviderManager.authenticate(Authentication authentication)
Attempts to authenticate the passed
Authentication object. |
Modifier and Type | Method and Description |
---|---|
Authentication |
AnonymousAuthenticationProvider.authenticate(Authentication authentication) |
Authentication |
TestingAuthenticationProvider.authenticate(Authentication authentication) |
Authentication |
AuthenticationProvider.authenticate(Authentication authentication)
Performs authentication with the same contract as
AuthenticationManager.authenticate(Authentication) . |
Authentication |
AuthenticationManager.authenticate(Authentication authentication)
Attempts to authenticate the passed
Authentication object, returning a fully populated
Authentication object (including granted authorities) if successful. |
Authentication |
RememberMeAuthenticationProvider.authenticate(Authentication authentication) |
Authentication |
ProviderManager.authenticate(Authentication authentication)
Attempts to authenticate the passed
Authentication object. |
boolean |
AuthenticationTrustResolver.isAnonymous(Authentication authentication)
Indicates whether the passed
Authentication token represents an anonymous user. |
boolean |
AuthenticationTrustResolverImpl.isAnonymous(Authentication authentication) |
boolean |
AuthenticationTrustResolver.isRememberMe(Authentication authentication)
Indicates whether the passed
Authentication token represents user that has been remembered
(i.e. |
boolean |
AuthenticationTrustResolverImpl.isRememberMe(Authentication authentication) |
void |
DefaultAuthenticationEventPublisher.publishAuthenticationFailure(AuthenticationException exception,
Authentication authentication) |
void |
AuthenticationEventPublisher.publishAuthenticationFailure(AuthenticationException exception,
Authentication authentication) |
void |
DefaultAuthenticationEventPublisher.publishAuthenticationSuccess(Authentication authentication) |
void |
AuthenticationEventPublisher.publishAuthenticationSuccess(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
void |
AuthenticationTrustResolverImpl.setAnonymousClass(Class<? extends Authentication> anonymousClass) |
void |
AuthenticationTrustResolverImpl.setRememberMeClass(Class<? extends Authentication> rememberMeClass) |
Modifier and Type | Method and Description |
---|---|
Authentication |
AbstractUserDetailsAuthenticationProvider.authenticate(Authentication authentication) |
protected Authentication |
AbstractUserDetailsAuthenticationProvider.createSuccessAuthentication(Object principal,
Authentication authentication,
UserDetails user)
Creates a successful
Authentication object. |
Modifier and Type | Method and Description |
---|---|
Authentication |
AbstractUserDetailsAuthenticationProvider.authenticate(Authentication authentication) |
protected Authentication |
AbstractUserDetailsAuthenticationProvider.createSuccessAuthentication(Object principal,
Authentication authentication,
UserDetails user)
Creates a successful
Authentication object. |
Modifier and Type | Method and Description |
---|---|
Authentication |
AbstractAuthenticationEvent.getAuthentication()
Getters for the
Authentication request that caused the event. |
Modifier and Type | Class and Description |
---|---|
class |
JaasAuthenticationToken
UsernamePasswordAuthenticationToken extension to carry the Jaas LoginContext that the user was logged into
|
Modifier and Type | Method and Description |
---|---|
Authentication |
AbstractJaasAuthenticationProvider.authenticate(Authentication auth)
Attempts to login the user given the Authentication objects principal and credential
|
Modifier and Type | Method and Description |
---|---|
Authentication |
AbstractJaasAuthenticationProvider.authenticate(Authentication auth)
Attempts to login the user given the Authentication objects principal and credential
|
void |
JaasNameCallbackHandler.handle(Callback callback,
Authentication authentication)
If the callback passed to the 'handle' method is an instance of NameCallback, the
JaasNameCallbackHandler will call, callback.setName(authentication.getPrincipal().toString()).
|
void |
JaasAuthenticationCallbackHandler.handle(Callback callback,
Authentication auth)
Handle the Callback.
|
void |
JaasPasswordCallbackHandler.handle(Callback callback,
Authentication auth)
If the callback passed to the 'handle' method is an instance of PasswordCallback, the
JaasPasswordCallbackHandler will call, callback.setPassword(authentication.getCredentials().toString()).
|
Modifier and Type | Method and Description |
---|---|
Authentication |
JaasAuthenticationEvent.getAuthentication()
Pre-casted method that returns the 'source' of the event.
|
Constructor and Description |
---|
JaasAuthenticationEvent(Authentication auth)
The Authentication object is stored as the ApplicationEvent 'source'.
|
JaasAuthenticationFailedEvent(Authentication auth,
Exception exception) |
JaasAuthenticationSuccessEvent(Authentication auth) |
Modifier and Type | Method and Description |
---|---|
Authentication |
RemoteAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
Authentication |
RemoteAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Class and Description |
---|---|
class |
CasAssertionAuthenticationToken
Temporary authentication object needed to load the user details service.
|
class |
CasAuthenticationToken
Represents a successful CAS
Authentication . |
Modifier and Type | Method and Description |
---|---|
Authentication |
CasAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
Authentication |
CasAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
Authentication |
CasAuthenticationFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
Modifier and Type | Method and Description |
---|---|
protected void |
CasAuthenticationFilter.successfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain,
Authentication authResult) |
Modifier and Type | Method and Description |
---|---|
Authentication |
AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
Authentication |
AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
Authentication |
AuthenticationException.getAuthentication()
Deprecated.
to avoid potential leaking of sensitive information (e.g. through serialization/remoting).
|
Modifier and Type | Method and Description |
---|---|
void |
AuthenticationException.setAuthentication(Authentication authentication)
Deprecated.
|
Modifier and Type | Method and Description |
---|---|
Authentication |
SecurityContextImpl.getAuthentication() |
Authentication |
SecurityContext.getAuthentication()
Obtains the currently authenticated principal, or an authentication request token.
|
Modifier and Type | Method and Description |
---|---|
void |
SecurityContextImpl.setAuthentication(Authentication authentication) |
void |
SecurityContext.setAuthentication(Authentication authentication)
Changes the currently authenticated principal, or removes the authentication information.
|
Modifier and Type | Interface and Description |
---|---|
interface |
AuthenticationUserDetailsService<T extends Authentication>
Interface that allows for retrieving a UserDetails object based on an Authentication object.
|
class |
UserDetailsByNameServiceWrapper<T extends Authentication>
This implementation for AuthenticationUserDetailsService wraps a regular
Spring Security UserDetailsService implementation, to retrieve a UserDetails object
based on the user name contained in an Authentication object.
|
Modifier and Type | Method and Description |
---|---|
Authentication |
AbstractLdapAuthenticationProvider.authenticate(Authentication authentication) |
protected Authentication |
AbstractLdapAuthenticationProvider.createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication,
UserDetails user)
Creates the final
Authentication object which will be returned from the authenticate method. |
Modifier and Type | Method and Description |
---|---|
org.springframework.ldap.core.DirContextOperations |
PasswordComparisonAuthenticator.authenticate(Authentication authentication) |
Authentication |
AbstractLdapAuthenticationProvider.authenticate(Authentication authentication) |
org.springframework.ldap.core.DirContextOperations |
BindAuthenticator.authenticate(Authentication authentication) |
org.springframework.ldap.core.DirContextOperations |
LdapAuthenticator.authenticate(Authentication authentication)
Authenticates as a user and obtains additional user information from the directory.
|
Modifier and Type | Class and Description |
---|---|
class |
OpenIDAuthenticationToken
OpenID Authentication Token
|
Modifier and Type | Method and Description |
---|---|
Authentication |
OpenIDAuthenticationFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Authentication has two phases.
|
Authentication |
OpenIDAuthenticationProvider.authenticate(Authentication authentication) |
protected Authentication |
OpenIDAuthenticationProvider.createSuccessfulAuthentication(UserDetails userDetails,
OpenIDAuthenticationToken auth)
Handles the creation of the final Authentication object which will be returned by the provider.
|
Modifier and Type | Method and Description |
---|---|
Authentication |
OpenIDAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
protected Authentication |
JdbcUserDetailsManager.createNewAuthentication(Authentication currentAuth,
String newPassword) |
Modifier and Type | Method and Description |
---|---|
protected Authentication |
JdbcUserDetailsManager.createNewAuthentication(Authentication currentAuth,
String newPassword) |
Modifier and Type | Method and Description |
---|---|
protected Authentication |
ContextPropagatingRemoteInvocation.createAuthenticationRequest(String principal,
String credentials)
Creates the server-side authentication request object.
|
Modifier and Type | Method and Description |
---|---|
boolean |
WebInvocationPrivilegeEvaluator.isAllowed(String uri,
Authentication authentication)
Determines whether the user represented by the supplied Authentication object is
allowed to invoke the supplied URI.
|
boolean |
DefaultWebInvocationPrivilegeEvaluator.isAllowed(String uri,
Authentication authentication)
Determines whether the user represented by the supplied Authentication object is
allowed to invoke the supplied URI.
|
boolean |
WebInvocationPrivilegeEvaluator.isAllowed(String contextPath,
String uri,
String method,
Authentication authentication)
Determines whether the user represented by the supplied Authentication object is
allowed to invoke the supplied URI, with the given .
|
boolean |
DefaultWebInvocationPrivilegeEvaluator.isAllowed(String contextPath,
String uri,
String method,
Authentication authentication)
Determines whether the user represented by the supplied Authentication object is
allowed to invoke the supplied URI, with the given .
|
Modifier and Type | Method and Description |
---|---|
org.springframework.expression.EvaluationContext |
WebSecurityExpressionHandler.createEvaluationContext(Authentication authentication,
FilterInvocation invocation)
Deprecated.
|
protected SecurityExpressionOperations |
DefaultWebSecurityExpressionHandler.createSecurityExpressionRoot(Authentication authentication,
FilterInvocation fi) |
int |
WebExpressionVoter.vote(Authentication authentication,
FilterInvocation fi,
Collection<ConfigAttribute> attributes) |
Constructor and Description |
---|
WebSecurityExpressionRoot(Authentication a,
FilterInvocation fi) |
Modifier and Type | Method and Description |
---|---|
Authentication |
UsernamePasswordAuthenticationFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
abstract Authentication |
AbstractAuthenticationProcessingFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Performs actual authentication.
|
Authentication |
NullRememberMeServices.autoLogin(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
Authentication |
RememberMeServices.autoLogin(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
This method will be called whenever the
SecurityContextHolder does not contain an
Authentication object and Spring Security wishes to provide an implementation with an
opportunity to authenticate the request using remember-me capabilities. |
protected Authentication |
AnonymousAuthenticationFilter.createAuthentication(javax.servlet.http.HttpServletRequest request) |
Modifier and Type | Method and Description |
---|---|
protected void |
AbstractAuthenticationTargetUrlRequestHandler.handle(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Invokes the configured
RedirectStrategy with the URL returned by the determineTargetUrl method. |
void |
NullRememberMeServices.loginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication successfulAuthentication) |
void |
RememberMeServices.loginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication successfulAuthentication)
Called whenever an interactive authentication attempt is successful.
|
void |
SavedRequestAwareAuthenticationSuccessHandler.onAuthenticationSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication) |
void |
AuthenticationSuccessHandler.onAuthenticationSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Called when a user has been successfully authenticated.
|
void |
SimpleUrlAuthenticationSuccessHandler.onAuthenticationSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Calls the parent class
handle() method to forward or redirect to the target URL, and
then calls clearAuthenticationAttributes() to remove any leftover session data. |
protected void |
AbstractAuthenticationProcessingFilter.successfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
Deprecated.
|
protected void |
AbstractAuthenticationProcessingFilter.successfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain,
Authentication authResult)
Default behaviour for successful authentication.
|
Modifier and Type | Method and Description |
---|---|
void |
CookieClearingLogoutHandler.logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication) |
void |
SecurityContextLogoutHandler.logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Requires the request to be passed in.
|
void |
LogoutHandler.logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Causes a logout to be completed.
|
void |
SimpleUrlLogoutSuccessHandler.onLogoutSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication) |
void |
LogoutSuccessHandler.onLogoutSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication) |
Modifier and Type | Class and Description |
---|---|
class |
PreAuthenticatedAuthenticationToken
Authentication implementation for pre-authenticated
authentication. |
Modifier and Type | Method and Description |
---|---|
Authentication |
PreAuthenticatedAuthenticationProvider.authenticate(Authentication authentication)
Authenticate the given PreAuthenticatedAuthenticationToken.
|
Modifier and Type | Method and Description |
---|---|
Authentication |
PreAuthenticatedAuthenticationProvider.authenticate(Authentication authentication)
Authenticate the given PreAuthenticatedAuthenticationToken.
|
protected UserDetails |
PreAuthenticatedGrantedAuthoritiesUserDetailsService.createuserDetails(Authentication token,
Collection<? extends GrantedAuthority> authorities)
|
protected UserDetails |
PreAuthenticatedGrantedAuthoritiesUserDetailsService.createUserDetails(Authentication token,
Collection<? extends GrantedAuthority> authorities)
Creates the final UserDetails object.
|
protected boolean |
AbstractPreAuthenticatedProcessingFilter.principalChanged(javax.servlet.http.HttpServletRequest request,
Authentication currentAuthentication)
Determines if the current principal has changed.
|
protected void |
AbstractPreAuthenticatedProcessingFilter.successfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
Puts the
Authentication instance returned by the
authentication manager into the secure context. |
Modifier and Type | Method and Description |
---|---|
Authentication |
AbstractRememberMeServices.autoLogin(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Template implementation which locates the Spring Security cookie, decodes it into
a delimited array of tokens and submits it to subclasses for processing
via the processAutoLoginCookie method.
|
protected Authentication |
AbstractRememberMeServices.createSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
UserDetails user)
Creates the final Authentication object returned from the autoLogin method.
|
Modifier and Type | Method and Description |
---|---|
protected int |
TokenBasedRememberMeServices.calculateLoginLifetime(javax.servlet.http.HttpServletRequest request,
Authentication authentication)
Calculates the validity period in seconds for a newly generated remember-me login.
|
void |
AbstractRememberMeServices.loginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication successfulAuthentication)
Called whenever an interactive authentication attempt is successful.
|
void |
PersistentTokenBasedRememberMeServices.logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication) |
void |
AbstractRememberMeServices.logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Implementation of
LogoutHandler . |
void |
TokenBasedRememberMeServices.onLoginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication successfulAuthentication) |
protected void |
PersistentTokenBasedRememberMeServices.onLoginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication successfulAuthentication)
Creates a new persistent login token with a new series number, stores the data in the
persistent token repository and adds the corresponding cookie to the response.
|
protected abstract void |
AbstractRememberMeServices.onLoginSuccess(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication successfulAuthentication)
Called from loginSuccess when a remember-me login has been requested.
|
protected void |
RememberMeAuthenticationFilter.onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult)
Called if a remember-me token is presented and successfully authenticated by the
RememberMeServices
autoLogin method and the AuthenticationManager . |
protected String |
TokenBasedRememberMeServices.retrievePassword(Authentication authentication) |
protected String |
TokenBasedRememberMeServices.retrieveUserName(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
protected int |
ConcurrentSessionControlAuthenticationStrategy.getMaximumSessionsForThisUser(Authentication authentication)
Method intended for use by subclasses to override the maximum number of sessions that are permitted for
a particular authentication.
|
protected int |
ConcurrentSessionControlStrategy.getMaximumSessionsForThisUser(Authentication authentication)
Deprecated.
Method intended for use by subclasses to override the maximum number of sessions that are permitted for
a particular authentication.
|
void |
NullAuthenticatedSessionStrategy.onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
void |
RegisterSessionAuthenticationStrategy.onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
|
void |
ConcurrentSessionControlAuthenticationStrategy.onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
|
void |
SessionAuthenticationStrategy.onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Performs Http session-related functionality when a new authentication occurs.
|
void |
ConcurrentSessionControlStrategy.onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Deprecated.
In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
|
void |
CompositeSessionAuthenticationStrategy.onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
Constructor and Description |
---|
SessionFixationProtectionEvent(Authentication authentication,
String oldSessionId,
String newSessionId)
Constructs a new session fixation protection event.
|
Modifier and Type | Method and Description |
---|---|
protected Authentication |
SwitchUserFilter.attemptExitUser(javax.servlet.http.HttpServletRequest request)
Attempt to exit from an already switched user.
|
protected Authentication |
SwitchUserFilter.attemptSwitchUser(javax.servlet.http.HttpServletRequest request)
Attempt to switch to another user.
|
Authentication |
SwitchUserGrantedAuthority.getSource()
Returns the original user associated with a successful user switch.
|
Modifier and Type | Method and Description |
---|---|
Collection<? extends GrantedAuthority> |
SwitchUserAuthorityChanger.modifyGrantedAuthorities(UserDetails targetUser,
Authentication currentAuthentication,
Collection<? extends GrantedAuthority> authoritiesToBeGranted)
Allow subclasses to add or remove authorities that will be granted when in switch user mode.
|
Constructor and Description |
---|
AuthenticationSwitchUserEvent(Authentication authentication,
UserDetails targetUser)
Switch user context event constructor
|
SwitchUserGrantedAuthority(String role,
Authentication source) |
Modifier and Type | Method and Description |
---|---|
protected void |
BasicAuthenticationFilter.onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authResult) |
Modifier and Type | Method and Description |
---|---|
void |
CsrfLogoutHandler.logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Clears the
CsrfToken |
void |
CsrfAuthenticationStrategy.onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
Copyright © 2019. All rights reserved.