|
spring-security-core | ||||||||
| PREV NEXT | FRAMES NO FRAMES | ||||||||
Authentication.
AccessDecisionManager.AuthenticationManager.Authentication objects.MethodSecurityMetadataSource that supports both Spring AOP and AspectJ and
performs attribute resolution from: 1.AuthenticationProvider that allows subclasses to override and work with UserDetails objects.Authentication object does not hold a
required authority.AccessDeniedException with the specified
message.
AccessDeniedException with the specified
message and root cause.
AccountExpiredException with the specified
message.
AccountExpiredException with the specified
message and root cause.
UserDetails
for a given authentication request.
AccessDecisionManager that grants access if any
AccessDecisionVoter returns an affirmative response.Object returned from a secure object invocation,
being able to modify the Object or throw an AccessDeniedException.AfterInvocationProviderManager decision.AfterInvocationManager.Token.
AuthenticationProvider implementation that validates AnonymousAuthenticationTokens.Authentication.AspectJSecurityInterceptor when it wishes for the
AspectJ processing to continue.JoinPoint security interceptor which wraps the JoinPoint in a MethodInvocation
adapter to make it compatible with security infrastructure classes which only support MethodInvocations.authenticate method that calls the abstract method
doAuthenticatation to do its work.
Authentication object, returning a fully populated
Authentication object (including granted authorities) if successful.
AuthenticationManager.authenticate(Authentication).
ConfigAttribute.getAttribute() of IS_AUTHENTICATED_FULLY or
IS_AUTHENTICATED_REMEMBERED or IS_AUTHENTICATED_ANONYMOUSLY is present.AuthenticationManager.authenticate(Authentication) method.Authentication could not be obtained from
the SecurityContextHolder.Authentication object in the SecurityContext.AuthenticationCredentialsNotFoundException
with the specified message.
AuthenticationCredentialsNotFoundException
with the specified message and root cause.
Authentication.getDetails() object for
a given web request.AuthenticationDetailsSource.Authentication object being invalid for whatever
reason.AuthenticationException with the specified message and root cause.
AuthenticationException with the specified message and no root cause.
AuthenticationProvider that can process the request.AuthenticationManager.Authentication request.Authentication implementation.AuthenticationServiceException with the
specified message.
AuthenticationServiceException with the
specified message and root cause.
SimpleHttpInvokerRequestExecutor.Authentication tokensAuthenticationTrustResolver.AuthorizationServiceException with the
specified message.
AuthorizationServiceException with the
specified message and root cause.
BadCredentialsException with the specified
message.
BadCredentialsException with the specified
message and root cause.
Authentication object for the current secure object invocation, or
null if replacement not required.
Subject (phase two) by adding the Spring Security
Authentication to the Subject's principals.
AccessDecisionManager that uses a
consensus-based approach.RemoteInvocation that is passed from the client to the server.org.springframework.remoting.rmi.RmiProxyFactoryBean when it
wishes to create a remote invocation.MethodInvocation for specified methodName on the passed object,
using the args to locate the method.
MethodSecurityEvaluationContext as the EvaluationContext implementation and
configures it with a MethodSecurityExpressionRoot instance as the expression root object.
MethodInvocation for the specified methodName on the passed class.
MethodInvocation for specified methodName on the passed class,
using the args to locate the method.
Authentication object.
eraseCredentials method.CredentialsExpiredException with the specified
message.
CredentialsExpiredException with the specified
message and root cause.
AuthenticationProvider implementation that retrieves user details
from an UserDetailsService.Object, make an
access control decision or optionally modify the returned Object.
AccessDecisionVoters and grants access
if any AccessDecisionVoter voted affirmatively.
AccessDecisionVoters and upon
completion determines the consensus of granted against denied responses.
AccessDecisionVoters for each ConfigAttribute and grants access if only grant (or abstain) votes were received.
Token.String created using
BasePasswordEncoder.mergePasswordAndSalt(String,Object,boolean).
DisabledException with the specified message.
DisabledException with the specified message
and root cause.
Authentication object.
User objects using a Spring IoC defined EHCACHE.true if the supplied object is a User instance with the
same username value.
credentials, principal and details objects, invoking the
eraseCredentials method on any which implement CredentialsContainer.
PrePostInvocationAttributeFactory which interprets the annotation value as
an expression to be evaluated at runtime.ConfigAttributes defined by the implementing class.
SessionRegistry.
ConfigAttribute can be represented as a String and that
String is sufficient in precision to be relied upon as a configuration parameter by a RunAsManager, AccessDecisionManager or AccessDecisionManager delegate, this method should
return such a String.
ConfigAttributes that apply to a given secure object.
Authentication request that caused the event.
null)
AuthenticationManager to indicate the authorities that the principal has been
granted.
GrantedAuthority can be represented as a String and that
String is sufficient in precision to be relied upon for an access control decision by an AccessDecisionManager (or delegate), this method should return such a String.
SecurityContext.
String
String
Class that generated this event.
SecurityContextHolderStrategy.
User to obtain the salt.
sessionId.
UserDetails from the cache.
Authentication object.GrantedAuthority.username.
LoginModule.
Resource interface.InsufficientAuthenticationException with the
specified message.
InsufficientAuthenticationException with the
specified message and root cause.
AbstractSecurityInterceptor subclasses.MethodInvocation.
JoinPoint.
JoinPoint.
Authentication token represents an anonymous user.
AbstractSecurityInterceptor whether it should present the
authentication token to the AuthenticationManager.
Authentication token represents user that has been remembered
(i.e.
JaasAuthenticationProvider.AuthenticationProvider implementation that retrieves user details from a JAAS login configuration.JaasAuthenticationProvider
after successfully logging the user into the LoginContext, handling all callbacks, and calling all
AuthorityGranters.TokenService that is compatible with clusters and across machine restarts,
without requiring database persistence.ShaPasswordEncoder which supports Ldap SHA and SSHA (salted-SHA) encodings.LockedException with the specified message.
LockedException with the specified message and
root cause.
Subject (phase one) by extracting the Spring Security
Authentication from the current SecurityContext.
Subject.
String.
MethodInvocation instances.MethodInvocations usable within Spring Security.SecurityMetadataSource implementations
that are designed to perform lookups keyed on Methods.MethodSecurityMetadataSource, used to exclude a MethodSecurityInterceptor from
public (non-secure) methods.PlaintextPasswordEncoder.encodePassword(String, Object)String.
AccessDecisionManager interface.@Secured annotations.@PreAuthorize, @PreFilter,
@PostAuthorize and @PostFilter annotations.MethodInvocations, such as via Spring AOP.JointPoints, delegating secure object callbacks to the calling aspect.SecurityMetadataSource implementations for securing Java method invocations via different
AOP libraries.@PreAuthorize, @PreFilter, @PostAuthorize
and @PostFilter annotations.AuthenticationProvider which relies upon a data access object.Authentication object.GrantedAuthority interface.GrantedAuthoritys.org.springframework.security.core.session.SessionInformation
SessionInformation class.UserCache.org.springframework.security.core.userdetails.UserDetailsService UserDetailsService.HttpInvoker extension points to
present the principal and credentials located
in the ContextHolder via BASIC authentication.SecurityContextHolder (which
should contain an Authentication request token) from one JVM to the remote JVM.PostInvocationAuthorizationAdvice instance
passing it the PostInvocationAttribute created from @PostAuthorize and @PostFilter annotations.Authentication request through a list of AuthenticationProviders.ProviderManager if no AuthenticationProvider could be found that supports the
presented Authentication object.ProviderNotFoundException with the specified
message.
ProviderNotFoundException with the specified
message and root cause.
JaasAuthenticationFailedEvent.
JaasAuthenticationSuccessEvent.
UserDetails in the cache.
User object.sessionId so its last request time is equal to the present date and time.
AuthenticationProvider implementation that validates RememberMeAuthenticationTokens.Authentication.RemoteAuthenticationManager cannot validate the presented authentication request.RemoteAuthenticationException with the
specified message and no root cause.
RemoteAuthenticationManager to validate an authentication request.sessionId.
UserDetails from an implementation-specific
location, with the option of throwing an AuthenticationException immediately if the presented
credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in
order to obtain or generate a UserDetails).
RoleHierarchy definition to determine the
roles allocated to the current user before voting.ConfigAttribute.getAttribute() starts with a prefix
indicating that it is a role.AuthenticationProvider implementation that can authenticate a RunAsUserToken.Authentication object for the current secure
object invocation only.RunAsManager.Authentication implementation that supports RunAsManagerImpl.Secured annotation.SecureRandom instance.ConfigAttribute as a String.SecurityContext with the current execution thread.SecurityContext.LoginModule that uses a Spring Security SecurityContext to provide authentication.ConfigAttributes that applies to a given secure object
invocation.Authentication.getDetails()
implementations that are capable of returning a session ID.SessionInformation instances.SessionRegistry
which listens for SessionDestroyedEvents
published in the Spring application context.AbstractSecurityInterceptor should
ignore the Authentication.isAuthenticated() property.
Authentication.isAuthenticated() for a full description.
extraInformation property is deprecated
SecurityContext with the current thread of execution.
Authentication which implements the CredentialsContainer interface
will have its eraseCredentials method called before it is returned
from the authenticate() method.
AbstractUserDetailsAuthenticationProvider throws a
BadCredentialsException if a username is not found or the password is incorrect.
AbstractAuthenticationManager.setClearExtraInformation(boolean)
AuthenticationProvider objects to be used for authentication.
Configuration#refresh() will be made by #configureJaas(Resource)
method.
AbstractSecurityInterceptor has a configuration
attribute defined.
ROLE_ to be overridden.
ROLE_ to be overridden.
SecureRandom
instance.
true (the default), indicates the JdbcDaoImpl.getUsersByUsernameQuery() returns a username
in response to a query.
UserMap to reflect the Properties instance passed.
UserMap.
byte[].
byte[].
ShaPasswordEncoder encoder = new ShaPasswordEncoder(256); initializes with SHA-256
MethodInvocation.MessageSource used by Spring Security.AccessDecisionManager is able to process authorization requests
presented with the passed ConfigAttribute.
AccessDecisionManager implementation is able to provide access
control decisions for the indicated secured object type.
AccessDecisionVoter is able to vote on the passed
ConfigAttribute.
AccessDecisionVoter implementation is able to provide access control
votes for the indicated secured object type.
AfterInvocationProvider is able to participate in a decision
involving the passed ConfigAttribute.
AfterInvocationProvider is able to provide "after invocation"
processing for the indicated secured object type.
Jsr250SecurityConfig.
AfterInvocationManager is able to process "after invocation"
requests presented with the passed ConfigAttribute.
AfterInvocationManager implementation is able to provide access
control decisions for the indicated secured object type.
AfterInvocationProviders and ensures each can support the presented
class.
RunAsManager is able to process the passed
ConfigAttribute.
RunAsManager implementation is able to provide run-as replacement for
the indicated secure object type.
SecurityMetadataSource implementation is able to provide
ConfigAttributes for the indicated secure object type.
AccessDecisionVoters and ensures each can support the presented class.
MethodSecurityInterceptor, because it queries the
presented MethodInvocation.
true if this AuthenticationProvider supports the indicated
Authentication object.
String as the salt.AuthenticationProvider implementation for the TestingAuthenticationToken.Authentication implementation that is designed for use whilst unit testing.TokenService.AccessDecisionManager that requires all
voters to abstain or grant access.UserDetailsService.User with the details required by
DaoAuthenticationProvider.
InMemoryDaoImpl to temporarily store the attributes associated with a user.UserAttribute from a comma separated list of values.UserDetails objects.UserDetailsService
as the service to delegate to.
UserDetailsService to check the status of the loaded
UserDetails object.UserDetailsService which provides the ability
to create new users and update existing ones.RoleHierarchyVoter instead of populating the user Authentication object
with the additional authorities.RoleHierarchyVoter instead.UserMap.UserDetailsService implementation cannot locate a User by its username.UsernameNotFoundException with the specified
message.
UsernameNotFoundException with the specified message and root cause.
Authentication implementation that is designed for simple presentation
of a username and password.UsernamePasswordAuthenticationToken, as the AbstractAuthenticationToken.isAuthenticated() will return false.
AuthenticationManager or AuthenticationProvider
implementations that are satisfied with producing a trusted (i.e.
Token.getKey() was issued by this TokenService and
reconstructs the corresponding Token.
|
spring-security-core | ||||||||
| PREV NEXT | FRAMES NO FRAMES | ||||||||