Package | Description |
---|---|
org.acegisecurity |
Provides core Acegi Security System for Spring interfaces and classes.
|
org.acegisecurity.adapters |
Allows external containers to obtain authentication information from the
system.
|
org.acegisecurity.concurrent |
Concurrent session control and registration classes.
|
org.acegisecurity.event.authentication |
Enables events to be published to the Spring application context.
|
org.acegisecurity.providers |
Implements a provider-based approach to authentication decisions.
|
org.acegisecurity.providers.anonymous |
Allows you to secure every invocation (especially useful for web request
URI security) by always having either an actual principal or an anonymous
principal authenticated.
|
org.acegisecurity.providers.cas |
An authentication provider that can process JA-SIG Central Authentication Service (CAS)
service tickets and proxy tickets.
|
org.acegisecurity.providers.cas.populator |
Implementations that populate GrantedAuthority[]s of CAS authentications.
|
org.acegisecurity.providers.cas.ticketvalidator |
Implementations that validate service tickets.
|
org.acegisecurity.providers.dao |
An authentication provider that relies upon a data access object.
|
org.acegisecurity.providers.jaas |
An authentication provider for JAAS.
|
org.acegisecurity.providers.ldap |
The LDAP authentication provider package.
|
org.acegisecurity.providers.rcp |
Allows remote clients to authenticate and obtain a populated
Authentication object. |
org.acegisecurity.providers.rememberme |
Authentication provider that processes
RememberMeAuthenticationToken s. |
org.acegisecurity.providers.siteminder |
A Siteminder authentication provider.
|
org.acegisecurity.providers.x509 |
An authentication provider that can process X.509 certificaties.
|
org.acegisecurity.providers.x509.populator |
Implementations that populate GrantedAuthority[]s of X509 authentications.
|
org.acegisecurity.runas |
Allows secure objects to be run under a different authentication identity.
|
org.acegisecurity.ui |
Authentication processing mechanisms, which respond to the submission of authentication
credentials using various protocols (eg BASIC, CAS, form login etc).
|
org.acegisecurity.ui.basicauth |
Authenticates HTTP BASIC authentication requests.
|
org.acegisecurity.ui.cas |
Authenticates standard web browser users via
JA-SIG Central Authentication Service (CAS).
|
org.acegisecurity.ui.digestauth |
Authenticates HTTP Digest authentication requests.
|
org.acegisecurity.ui.switchuser |
Provides HTTP-based "switch user" (su) capabilities.
|
org.acegisecurity.ui.webapp |
Authenticates users via HTTP properties, headers and session.
|
org.acegisecurity.ui.x509 |
X.509 authentication filter and related classes.
|
org.acegisecurity.userdetails |
Modifier and Type | Class and Description |
---|---|
class |
AccountExpiredException
Thrown if an authentication request is rejected because the account has expired.
|
class |
AuthenticationCredentialsNotFoundException
Thrown if an authentication request is rejected because there is no
Authentication object in the SecurityContext . |
class |
AuthenticationServiceException
Thrown if an authentication request could not be processed due to a system problem.
|
class |
BadCredentialsException
Thrown if an authentication request is rejected because the credentials are invalid.
|
class |
CredentialsExpiredException
Thrown if an authentication request is rejected because the account's credentials have expired.
|
class |
DisabledException
Thrown if an authentication request is rejected because the account is disabled.
|
class |
InsufficientAuthenticationException
Thrown if an authentication request is rejected because the credentials are not sufficiently trusted.
|
class |
LockedException
Thrown if an authentication request is rejected because the account is locked.
|
Modifier and Type | Method and Description |
---|---|
Authentication |
AbstractAuthenticationManager.authenticate(Authentication authRequest)
An implementation of the
authenticate method that calls the abstract method
doAuthenticatation to do its work. |
Authentication |
AuthenticationManager.authenticate(Authentication authentication)
Attempts to authenticate the passed
Authentication object, returning a fully populated
Authentication object (including granted authorities) if successful. |
Authentication |
MockAuthenticationManager.doAuthentication(Authentication authentication) |
protected abstract Authentication |
AbstractAuthenticationManager.doAuthentication(Authentication authentication)
Concrete implementations of this class override this method to provide the authentication service.
|
Modifier and Type | Method and Description |
---|---|
Authentication |
AuthByAdapterProvider.authenticate(Authentication authentication) |
Modifier and Type | Class and Description |
---|---|
class |
ConcurrentLoginException
Thrown by
ConcurrentSessionControllerImpl if an attempt is made to login and the user has already
exceeded their maxmimum allowed sessions. |
class |
SessionAlreadyUsedException
Thrown by a
SessionRegistry implementation if an attempt is made to create new session information
for an existing sessionId. |
Modifier and Type | Method and Description |
---|---|
void |
ConcurrentSessionControllerImpl.checkAuthenticationAllowed(Authentication request) |
void |
ConcurrentSessionController.checkAuthenticationAllowed(Authentication request)
Called by any class that wishes to know whether the current authentication request should be permitted.
|
void |
NullConcurrentSessionController.checkAuthenticationAllowed(Authentication request) |
Modifier and Type | Method and Description |
---|---|
AuthenticationException |
AbstractAuthenticationFailureEvent.getException() |
Modifier and Type | Class and Description |
---|---|
class |
ProviderNotFoundException
Thrown by
ProviderManager if no AuthenticationProvider could be found that supports the
presented Authentication object. |
Modifier and Type | Method and Description |
---|---|
Authentication |
AuthenticationProvider.authenticate(Authentication authentication)
Performs authentication with the same contract as
AuthenticationManager.authenticate(Authentication) . |
Authentication |
TestingAuthenticationProvider.authenticate(Authentication authentication) |
Authentication |
ProviderManager.doAuthentication(Authentication authentication)
Attempts to authenticate the passed
Authentication object. |
Modifier and Type | Method and Description |
---|---|
Authentication |
AnonymousAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Class and Description |
---|---|
class |
ProxyUntrustedException
Thrown if a CAS proxy ticket is presented from an untrusted proxy.
|
Modifier and Type | Method and Description |
---|---|
Authentication |
CasAuthenticationProvider.authenticate(Authentication authentication) |
TicketResponse |
TicketValidator.confirmTicketValid(String serviceTicket)
Returns information about the ticket, if it is valid for this service.
|
UserDetails |
CasAuthoritiesPopulator.getUserDetails(String casUserId)
Obtains the granted authorities for the specified user.
|
Modifier and Type | Method and Description |
---|---|
UserDetails |
DaoCasAuthoritiesPopulator.getUserDetails(String casUserId) |
Modifier and Type | Method and Description |
---|---|
TicketResponse |
CasProxyTicketValidator.confirmTicketValid(String serviceTicket) |
Modifier and Type | Method and Description |
---|---|
protected abstract void |
AbstractUserDetailsAuthenticationProvider.additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication)
Allows subclasses to perform any additional checks of a returned (or cached)
UserDetails
for a given authentication request. |
protected void |
DaoAuthenticationProvider.additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication) |
Authentication |
AbstractUserDetailsAuthenticationProvider.authenticate(Authentication authentication) |
protected abstract UserDetails |
AbstractUserDetailsAuthenticationProvider.retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication)
Allows subclasses to actually retrieve the
UserDetails from an implementation-specific
location, with the option of throwing an AuthenticationException immediately if the presented
credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in
order to obtain or generate a UserDetails ). |
protected UserDetails |
DaoAuthenticationProvider.retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication) |
Modifier and Type | Method and Description |
---|---|
Authentication |
JaasAuthenticationProvider.authenticate(Authentication auth)
Attempts to login the user given the Authentication objects principal and credential
|
Modifier and Type | Method and Description |
---|---|
protected void |
LdapAuthenticationProvider.additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication) |
protected UserDetails |
LdapAuthenticationProvider.retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication) |
Modifier and Type | Method and Description |
---|---|
Authentication |
RemoteAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
Authentication |
RememberMeAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
protected void |
SiteminderAuthenticationProvider.additionalAuthenticationChecks(UserDetails user,
UsernamePasswordAuthenticationToken authentication) |
protected UserDetails |
SiteminderAuthenticationProvider.retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication) |
Modifier and Type | Method and Description |
---|---|
Authentication |
X509AuthenticationProvider.authenticate(Authentication authentication)
If the supplied authentication token contains a certificate then this will be passed to the configured
X509AuthoritiesPopulator to obtain the user details and authorities for the user identified by the
certificate. |
UserDetails |
X509AuthoritiesPopulator.getUserDetails(X509Certificate userCertificate)
Obtains the granted authorities for the specified user.
|
Modifier and Type | Method and Description |
---|---|
UserDetails |
DaoX509AuthoritiesPopulator.getUserDetails(X509Certificate clientCert) |
Modifier and Type | Method and Description |
---|---|
Authentication |
RunAsImplAuthenticationProvider.authenticate(Authentication authentication) |
Modifier and Type | Method and Description |
---|---|
void |
AuthenticationEntryPoint.commence(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
AuthenticationException authException)
Commences an authentication scheme.
|
protected String |
AbstractProcessingFilter.determineFailureUrl(javax.servlet.http.HttpServletRequest request,
AuthenticationException failed) |
protected void |
AbstractProcessingFilter.onUnsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed) |
protected void |
ExceptionTranslationFilter.sendStartAuthentication(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain,
AuthenticationException reason) |
protected void |
AbstractProcessingFilter.unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed) |
Modifier and Type | Method and Description |
---|---|
abstract Authentication |
AbstractProcessingFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest request)
Performs actual authentication.
|
protected void |
AbstractProcessingFilter.onPreAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
Modifier and Type | Method and Description |
---|---|
void |
BasicProcessingFilterEntryPoint.commence(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
AuthenticationException authException) |
Modifier and Type | Method and Description |
---|---|
void |
CasProcessingFilterEntryPoint.commence(javax.servlet.ServletRequest servletRequest,
javax.servlet.ServletResponse servletResponse,
AuthenticationException authenticationException) |
Modifier and Type | Method and Description |
---|---|
Authentication |
CasProcessingFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest request) |
Modifier and Type | Class and Description |
---|---|
class |
NonceExpiredException
Thrown if an authentication request is rejected because the digest nonce has expired.
|
Modifier and Type | Method and Description |
---|---|
void |
DigestProcessingFilterEntryPoint.commence(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
AuthenticationException authException) |
Modifier and Type | Method and Description |
---|---|
protected Authentication |
SwitchUserProcessingFilter.attemptSwitchUser(javax.servlet.http.HttpServletRequest request)
Attempt to switch to another user.
|
Modifier and Type | Method and Description |
---|---|
void |
AuthenticationProcessingFilterEntryPoint.commence(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
AuthenticationException authException) |
protected String |
AuthenticationProcessingFilterEntryPoint.determineUrlToUseForThisRequest(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException exception)
Allows subclasses to modify the login form URL that should be applicable
for a given request.
|
Modifier and Type | Method and Description |
---|---|
Authentication |
SiteminderAuthenticationProcessingFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest request) |
Authentication |
AuthenticationProcessingFilter.attemptAuthentication(javax.servlet.http.HttpServletRequest request) |
Modifier and Type | Method and Description |
---|---|
void |
X509ProcessingFilterEntryPoint.commence(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
AuthenticationException authException)
Returns a 403 error code to the client.
|
protected void |
X509ProcessingFilter.unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationException failed)
Ensures the authentication object in the secure context is set to null when authentication fails.
|
Modifier and Type | Class and Description |
---|---|
class |
UsernameNotFoundException
Thrown if an
UserDetailsService implementation cannot locate a User by its username. |
Copyright © 2016. All rights reserved.