Package | Description |
---|---|
org.springframework.security.access.intercept |
Abstract level security interception classes which are responsible for enforcing the
configured security constraints for a secure object.
|
org.springframework.security.authentication |
Core classes and interfaces related to user authentication, which are used throughout Spring Security.
|
org.springframework.security.authentication.dao |
An
AuthenticationProvider which relies upon a data access object. |
org.springframework.security.authentication.event |
Authentication success and failure events which can be published to the Spring application context.
|
org.springframework.security.authentication.jaas |
An authentication provider for JAAS.
|
org.springframework.security.authentication.rcp |
Allows remote clients to authenticate and obtain a populated
Authentication object. |
org.springframework.security.cas.authentication |
An
AuthenticationProvider that can process CAS service tickets and proxy tickets. |
org.springframework.security.cas.web |
Authenticates standard web browser users via CAS.
|
org.springframework.security.config.authentication |
Parsing of <authentication-manager> and related elements.
|
org.springframework.security.core.userdetails |
The standard interfaces for implementing user data DAOs.
|
org.springframework.security.ldap.authentication |
The LDAP authentication provider package.
|
org.springframework.security.ldap.authentication.ad | |
org.springframework.security.openid |
Authenticates standard web browser users via OpenID.
|
org.springframework.security.provisioning |
Contains simple user and authority group account provisioning interfaces together with a a
JDBC-based implementation.
|
org.springframework.security.web |
Spring Security's web security module.
|
org.springframework.security.web.access |
Access-control related classes and packages.
|
org.springframework.security.web.authentication |
Authentication processing mechanisms, which respond to the submission of authentication
credentials using various protocols (eg BASIC, CAS, form login etc).
|
org.springframework.security.web.authentication.preauth |
Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming request has already been
authenticated by some externally configured system.
|
org.springframework.security.web.authentication.rememberme |
Support for remembering a user between different web sessions.
|
org.springframework.security.web.authentication.session |
Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.
|
org.springframework.security.web.authentication.switchuser |
Provides HTTP-based "switch user" (su) capabilities.
|
org.springframework.security.web.authentication.www |
WWW-Authenticate based authentication mechanism implementations: Basic and Digest authentication.
|
Modifier and Type | Method and Description |
---|---|
Authentication |
RunAsImplAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Class and Description |
---|---|
class |
AccountExpiredException
Thrown if an authentication request is rejected because the account has expired.
|
class |
AccountStatusException
Base class for authentication exceptions which are caused by a particular
user account status (locked, disabled etc).
|
class |
AuthenticationCredentialsNotFoundException
Thrown if an authentication request is rejected because there is no
Authentication object in the SecurityContext . |
class |
AuthenticationServiceException
Thrown if an authentication request could not be processed due to a system problem.
|
class |
BadCredentialsException
Thrown if an authentication request is rejected because the credentials are invalid.
|
class |
CredentialsExpiredException
Thrown if an authentication request is rejected because the account's credentials have expired.
|
class |
DisabledException
Thrown if an authentication request is rejected because the account is disabled.
|
class |
InsufficientAuthenticationException
Thrown if an authentication request is rejected because the credentials are not sufficiently trusted.
|
class |
InternalAuthenticationServiceException
Thrown if an authentication request could not be processed due to a system problem that occurred internally.
|
class |
LockedException
Thrown if an authentication request is rejected because the account is locked.
|
class |
ProviderNotFoundException
Thrown by
ProviderManager if no AuthenticationProvider could be found that supports the
presented Authentication object. |
Modifier and Type | Method and Description |
---|---|
void |
AuthenticationEventPublisher.publishAuthenticationFailure(AuthenticationException exception,
Authentication authentication) |
void |
DefaultAuthenticationEventPublisher.publishAuthenticationFailure(AuthenticationException exception,
Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
Authentication |
RememberMeAuthenticationProvider.authenticate(Authentication authentication) |
Authentication |
AuthenticationProvider.authenticate(Authentication authentication)
Performs authentication with the same contract as
AuthenticationManager.authenticate(Authentication) . |
Authentication |
AnonymousAuthenticationProvider.authenticate(Authentication authentication) |
Authentication |
AuthenticationManager.authenticate(Authentication authentication)
Attempts to authenticate the passed
Authentication object, returning a fully populated
Authentication object (including granted authorities) if successful. |
Authentication |
ProviderManager.authenticate(Authentication authentication)
Attempts to authenticate the passed
Authentication object. |
Authentication |
TestingAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
protected void |
DaoAuthenticationProvider.additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication) |
protected abstract void |
AbstractUserDetailsAuthenticationProvider.additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication)
Allows subclasses to perform any additional checks of a returned (or cached)
UserDetails
for a given authentication request. |
Authentication |
AbstractUserDetailsAuthenticationProvider.authenticate(Authentication authentication) |
protected UserDetails |
DaoAuthenticationProvider.retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication) |
protected abstract UserDetails |
AbstractUserDetailsAuthenticationProvider.retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication)
Allows subclasses to actually retrieve the
UserDetails from an implementation-specific
location, with the option of throwing an AuthenticationException immediately if the presented
credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in
order to obtain or generate a UserDetails ). |
Modifier and Type | Method and Description |
---|---|
AuthenticationException |
AbstractAuthenticationFailureEvent.getException() |
Modifier and Type | Method and Description |
---|---|
AuthenticationException |
DefaultLoginExceptionResolver.resolveException(LoginException e) |
AuthenticationException |
LoginExceptionResolver.resolveException(LoginException e)
Translates a Jaas LoginException to an SpringSecurityException.
|
Modifier and Type | Method and Description |
---|---|
protected void |
AbstractJaasAuthenticationProvider.publishFailureEvent(UsernamePasswordAuthenticationToken token,
AuthenticationException ase)
Publishes the
JaasAuthenticationFailedEvent . |
protected void |
JaasAuthenticationProvider.publishFailureEvent(UsernamePasswordAuthenticationToken token,
AuthenticationException ase)
Publishes the
JaasAuthenticationFailedEvent . |
Modifier and Type | Method and Description |
---|---|
Authentication |
AbstractJaasAuthenticationProvider.authenticate(Authentication auth)
Attempts to login the user given the Authentication objects principal and credential
|
Modifier and Type | Method and Description |
---|---|
Authentication |
RemoteAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
Authentication |
CasAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
void |
CasAuthenticationEntryPoint.commence(javax.servlet.http.HttpServletRequest servletRequest,
javax.servlet.http.HttpServletResponse response,
AuthenticationException authenticationException) |
Modifier and Type | Method and Description |
---|---|
Authentication |
CasAuthenticationFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
Modifier and Type | Method and Description |
---|---|
Authentication |
AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Class and Description |
---|---|
class |
UsernameNotFoundException
Thrown if an
UserDetailsService implementation cannot locate a User by its username. |
Modifier and Type | Method and Description |
---|---|
Authentication |
AbstractLdapAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Class and Description |
---|---|
class |
ActiveDirectoryAuthenticationException
Thrown as a translation of an
AuthenticationException when attempting to authenticate against
Active Directory using ActiveDirectoryLdapAuthenticationProvider . |
Modifier and Type | Class and Description |
---|---|
class |
AuthenticationCancelledException
Indicates that OpenID authentication was cancelled
|
Modifier and Type | Method and Description |
---|---|
Authentication |
OpenIDAuthenticationFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Authentication has two phases.
|
Authentication |
OpenIDAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
void |
JdbcUserDetailsManager.changePassword(String oldPassword,
String newPassword) |
Modifier and Type | Method and Description |
---|---|
void |
AuthenticationEntryPoint.commence(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException authException)
Commences an authentication scheme.
|
Modifier and Type | Method and Description |
---|---|
protected void |
ExceptionTranslationFilter.sendStartAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain,
AuthenticationException reason) |
Modifier and Type | Method and Description |
---|---|
protected String |
LoginUrlAuthenticationEntryPoint.buildRedirectUrlToLoginPage(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException authException) |
void |
Http403ForbiddenEntryPoint.commence(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException arg2)
Always returns a 403 error code to the client.
|
void |
LoginUrlAuthenticationEntryPoint.commence(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException authException)
Performs the redirect (or forward) to the login form URL.
|
void |
DelegatingAuthenticationEntryPoint.commence(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException authException) |
protected String |
LoginUrlAuthenticationEntryPoint.determineUrlToUseForThisRequest(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException exception)
Allows subclasses to modify the login form URL that should be applicable for a given request.
|
void |
SimpleUrlAuthenticationFailureHandler.onAuthenticationFailure(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException exception)
Performs the redirect or forward to the
defaultFailureUrl if set, otherwise returns a 401 error code. |
void |
ExceptionMappingAuthenticationFailureHandler.onAuthenticationFailure(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException exception) |
void |
AuthenticationFailureHandler.onAuthenticationFailure(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException exception)
Called when an authentication attempt fails.
|
protected void |
SimpleUrlAuthenticationFailureHandler.saveException(javax.servlet.http.HttpServletRequest request,
AuthenticationException exception)
Caches the
AuthenticationException for use in view rendering. |
protected void |
AbstractAuthenticationProcessingFilter.unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
Default behaviour for unsuccessful authentication.
|
Modifier and Type | Method and Description |
---|---|
Authentication |
UsernamePasswordAuthenticationFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
abstract Authentication |
AbstractAuthenticationProcessingFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Performs actual authentication.
|
Modifier and Type | Class and Description |
---|---|
class |
PreAuthenticatedCredentialsNotFoundException |
Modifier and Type | Method and Description |
---|---|
protected void |
AbstractPreAuthenticatedProcessingFilter.unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
Ensures the authentication object in the secure context is set to null when authentication fails.
|
Modifier and Type | Method and Description |
---|---|
Authentication |
PreAuthenticatedAuthenticationProvider.authenticate(Authentication authentication)
Authenticate the given PreAuthenticatedAuthenticationToken.
|
UserDetails |
PreAuthenticatedGrantedAuthoritiesUserDetailsService.loadUserDetails(PreAuthenticatedAuthenticationToken token)
Get a UserDetails object based on the user name contained in the given
token, and the GrantedAuthorities as returned by the
GrantedAuthoritiesContainer implementation as returned by
the token.getDetails() method.
|
Modifier and Type | Class and Description |
---|---|
class |
CookieTheftException |
class |
InvalidCookieException
Exception thrown by a RememberMeServices implementation to indicate
that a submitted cookie is of an invalid format or has expired.
|
class |
RememberMeAuthenticationException |
Modifier and Type | Method and Description |
---|---|
protected void |
RememberMeAuthenticationFilter.onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
Called if the
AuthenticationManager rejects the authentication object returned from the
RememberMeServices autoLogin method. |
Modifier and Type | Class and Description |
---|---|
class |
SessionAuthenticationException
Thrown by an SessionAuthenticationStrategy to indicate that an authentication object is not valid for
the current session, typically because the same user has exceeded the number of sessions they are allowed to have
concurrently.
|
Modifier and Type | Method and Description |
---|---|
protected Authentication |
SwitchUserFilter.attemptSwitchUser(javax.servlet.http.HttpServletRequest request)
Attempt to switch to another user.
|
Modifier and Type | Class and Description |
---|---|
class |
NonceExpiredException
Thrown if an authentication request is rejected because the digest nonce has expired.
|
Modifier and Type | Method and Description |
---|---|
void |
BasicAuthenticationEntryPoint.commence(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException authException) |
void |
DigestAuthenticationEntryPoint.commence(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException authException) |
protected void |
BasicAuthenticationFilter.onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed) |
Copyright © 2015. All rights reserved.