Class Index



AbstractAccessDecisionManager Abstract implementation of AccessDecisionManager
AbstractAclProvider Abstract AfterInvocationProvider which provides commonly-used ACL-related services. 
AbstractAclVoter Provides helper methods for writing domain object ACL voters. 
AbstractAuthenticationEvent Represents an application authentication event. 
AbstractAuthenticationFailureEvent Abstract application event which indicates authentication failure for some reason. 
AbstractAuthenticationProcessingFilter Abstract processor of browser-based HTTP-based authentication requests. 
AbstractAuthenticationTargetUrlRequestHandler Base class containing the logic used by strategies which handle redirection to a URL and are passed an Authentication object as part of the contract. 
AbstractAuthenticationToken Base class for Authentication objects. 
AbstractAuthorizationEvent Abstract superclass for all security interception related events. 
AbstractAuthorizeTag A base class for an <authorize> tag that is independent of the tag rendering technology (JSP, Facelets). 
AbstractCasAssertionUserDetailsService Abstract class for using the provided CAS assertion to construct a new User object. 
AbstractFallbackMethodSecurityMetadataSource Abstract implementation of MethodSecurityMetadataSource that supports both Spring AOP and AspectJ and performs attribute resolution from: 1. 
AbstractJaasAuthenticationProvider An AuthenticationProvider implementation that retrieves user details from a JAAS login configuration. 
AbstractLdapAuthenticationProvider Base class for the standard LdapAuthenticationProvider and the ActiveDirectoryLdapAuthenticationProvider
AbstractLdapAuthenticator Base class for the authenticator implementations. 
AbstractMethodSecurityMetadataSource Abstract implementation of MethodSecurityMetadataSource which resolves the secured object type to a MethodInvocation. 
AbstractPermission Provides an abstract superclass for Permission implementations. 
AbstractPreAuthenticatedProcessingFilter Base class for processing filters that handle pre-authenticated authentication requests, where it is assumed that the principal has already been authenticated by an external system. 
AbstractRememberMeServices Base class for RememberMeServices implementations. 
AbstractSecurityExpressionHandler<T> Base implementation of the facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects. 
AbstractSecurityInterceptor Abstract class that implements security interception for secure objects. 
AbstractUserDetailsAuthenticationProvider A base AuthenticationProvider that allows subclasses to override and work with UserDetails objects. 
AccessControlEntry Represents an individual permission assignment within an Acl
AccessControlEntryImpl An immutable default implementation of AccessControlEntry
AccessControlListTag An implementation of Tag that allows its body through if some authorizations are granted to the request's principal. 
AccessDecisionManager Makes a final access control (authorization) decision. 
AccessDecisionVoter<S> Indicates a class is responsible for voting on authorization decisions. 
AccessDeniedException Thrown if an Authentication object does not hold a required authority. 
AccessDeniedHandler Used by ExceptionTranslationFilter to handle an AccessDeniedException
AccessDeniedHandlerImpl Base implementation of AccessDeniedHandler
AccountExpiredException Thrown if an authentication request is rejected because the account has expired. 
AccountStatusException Base class for authentication exceptions which are caused by a particular user account status (locked, disabled etc). 
Acl Represents an access control list (ACL) for a domain object. 
AclAuthorizationStrategy Strategy used by AclImpl to determine whether a principal is permitted to call adminstrative methods on the AclImpl
AclAuthorizationStrategyImpl Default implementation of AclAuthorizationStrategy
AclCache A caching layer for JdbcAclService
AclDataAccessException Abstract base class for Acl data operations. 

Given a Collection of domain object instances returned from a secure object invocation, remove any Collection elements the principal does not have appropriate permission to access as defined by the AclService

AclEntryAfterInvocationProvider Given a domain object instance returned from a secure object invocation, ensures the principal has appropriate permission as defined by the AclService

Given a domain object instance passed as a method argument, ensures the principal has appropriate permission as indicated by the AclService

AclFormattingUtils Utility methods for displaying ACL information. 
AclImpl Base implementation of Acl
AclPermissionCacheOptimizer Batch loads ACLs for collections of objects to allow optimised filtering. 
AclPermissionEvaluator Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular object using the ACL module. 
AclService Provides retrieval of Acl instances. 
ActiveDirectoryLdapAuthenticationProvider Specialized LDAP authentication provider which uses Active Directory configuration conventions. 
AffirmativeBased Simple concrete implementation of AccessDecisionManager that grants access if any AccessDecisionVoter returns an affirmative response. 
AfterInvocationManager Reviews the Object returned from a secure object invocation, being able to modify the Object or throw an AccessDeniedException
AfterInvocationProvider Indicates a class is responsible for participating in an AfterInvocationProviderManager decision. 
AfterInvocationProviderManager Provider-based implementation of AfterInvocationManager
AlreadyExistsException Thrown if an Acl entry already exists for the object. 
AnnotationMetadataExtractor<A extends Annotation> Strategy to process a custom security annotation to extract the relevant ConfigAttributes for securing a method. 
AnonymousAuthenticationFilter Detects if there is no Authentication object in the SecurityContextHolder, and populates it with one if needed. 
AnonymousAuthenticationProvider An AuthenticationProvider implementation that validates AnonymousAuthenticationTokens. 
AnonymousAuthenticationToken Represents an anonymous Authentication
AntPathRequestMatcher Matcher which compares a pre-defined ant-style pattern against the URL (servletPath + pathInfo) of an HttpServletRequest
AnyRequestMatcher Matches any supplied request. 
ApacheDSContainer Provides lifecycle services for the embedded apacheDS server defined by the supplied configuration. 
AspectJCallback Called by the AspectJMethodSecurityInterceptor when it wishes for the AspectJ processing to continue. 
AspectJMethodSecurityInterceptor AspectJ JoinPoint security interceptor which wraps the JoinPoint in a MethodInvocation adapter to make it compatible with security infrastructure classes which only support MethodInvocations. 
Attributes2GrantedAuthoritiesMapper Interface to be implemented by classes that can map a list of security attributes (such as roles or group names) to a collection of Spring Security GrantedAuthoritys. 
AuditableAccessControlEntry Represents an ACE that provides auditing information. 
AuditableAcl A mutable ACL that provides audit capabilities. 
AuditLogger Used by AclImpl to log audit events. 
Authentication Represents the token for an authentication request or for an authenticated principal once the request has been processed by the authenticate(Authentication) method. 
AuthenticationCancelledException Indicates that OpenID authentication was cancelled 
AuthenticationCredentialsNotFoundEvent Indicates a secure object invocation failed because the Authentication could not be obtained from the SecurityContextHolder
AuthenticationCredentialsNotFoundException Thrown if an authentication request is rejected because there is no Authentication object in the SecurityContext
AuthenticationDetails A holder of the context as a string. 
AuthenticationDetailsSource<C, T> Provides a getDetails() object for a given web request. 
AuthenticationDetailsSourceImpl This class is deprecated. Write an implementation of AuthenticationDetailsSource which returns the desired type directly.  
AuthenticationEntryPoint Used by ExceptionTranslationFilter to commence an authentication scheme. 
AuthenticationException Abstract superclass for all exceptions related to an Authentication object being invalid for whatever reason. 
AuthenticationFailureBadCredentialsEvent Application event which indicates authentication failure due to invalid credentials being presented. 
AuthenticationFailureCredentialsExpiredEvent Application event which indicates authentication failure due to the user's credentials having expired. 
AuthenticationFailureDisabledEvent Application event which indicates authentication failure due to the user's account being disabled. 
AuthenticationFailureExpiredEvent Application event which indicates authentication failure due to the user's account having expired. 
AuthenticationFailureHandler Strategy used to handle a failed authentication attempt. 
AuthenticationFailureLockedEvent Application event which indicates authentication failure due to the user's account having been locked. 
AuthenticationFailureProviderNotFoundEvent Application event which indicates authentication failure due to there being no registered AuthenticationProvider that can process the request. 
AuthenticationFailureProxyUntrustedEvent Application event which indicates authentication failure due to the CAS user's ticket being generated by an untrusted proxy. 
AuthenticationFailureServiceExceptionEvent Application event which indicates authentication failure due to there being a problem internal to the AuthenticationManager
AuthenticationManager Processes an Authentication request. 
AuthenticationManagerBeanDefinitionParser Registers the central ProviderManager used by the namespace configuration, and allows the configuration of an alias, allowing users to reference it in their beans and clearly see where the name is coming from. 
AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider Provider which doesn't provide any service. 
AuthenticationManagerFactoryBean Factory bean for the namespace AuthenticationManager, which allows a more meaningful error message to be reported in the NoSuchBeanDefinitionException, if the user has forgotten to declare the <authentication-manager> element. 
AuthenticationProvider Indicates a class can process a specific Authentication implementation. 
AuthenticationProviderBeanDefinitionParser Wraps a UserDetailsService bean with a DaoAuthenticationProvider and registers the latter with the ProviderManager. 
AuthenticationServiceException Thrown if an authentication request could not be processed due to a system problem. 
AuthenticationSimpleHttpInvokerRequestExecutor Adds BASIC authentication support to SimpleHttpInvokerRequestExecutor
AuthenticationSuccessEvent Application event which indicates successful authentication. 
AuthenticationSuccessHandler Strategy used to handle a successful user authentication. 
AuthenticationSwitchUserEvent Application event which indicates that a user context switch. 
AuthenticationTag An javax.servlet.jsp.tagext.Tag implementation that allows convenient access to the current Authentication object. 
AuthenticationTrustResolver Evaluates Authentication tokens 
AuthenticationTrustResolverImpl Basic implementation of AuthenticationTrustResolver
AuthenticationUserDetailsService<T extends Authentication> Interface that allows for retrieving a UserDetails object based on an Authentication object. 
AuthorityGranter The AuthorityGranter interface is used to map a given principal to role names. 
AuthorityUtils Utility method for manipulating GrantedAuthority collections etc. 
AuthorizationFailureEvent Indicates a secure object invocation failed because the principal could not be authorized for the request. 
AuthorizationServiceException Thrown if an authorization request could not be processed due to a system problem. 
AuthorizedEvent Event indicating a secure object was invoked successfully. 
AuthzImpl I decided to wrap several JSP tag in one class, so I have to using inner class to wrap these JSP tag. 
AxFetchListFactory A strategy which can be used by an OpenID consumer implementation, to dynamically determine the attribute exchange information based on the OpenID identifier. 


BadCredentialsException Thrown if an authentication request is rejected because the credentials are invalid. 
Base64 Base64 encoder which is a reduced version of Robert Harder's public domain implementation (version 2.3.7). 

Convenience base for digest password encoders. 


Convenience base for all password encoders. 

BasePermission A set of standard permissions. 
BasicAuthenticationEntryPoint Used by the ExceptionTraslationFilter to commence authentication via the BasicAuthenticationFilter
BasicAuthenticationFilter Processes a HTTP request's BASIC authorization headers, putting the result into the SecurityContextHolder
BasicLookupStrategy Performs lookups in a manner that is compatible with ANSI SQL. 
BCrypt BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres. 
BCryptPasswordEncoder Implementation of PasswordEncoder that uses the BCrypt strong hashing function. 
BeanIds Contains globally used default Bean IDs for beans created by the namespace support in Spring Security 2. 
BindAuthenticator An authenticator which binds as a user. 
BytesEncryptor Service interface for symmetric data encryption. 
BytesKeyGenerator A generator for unique byte array-based keys. 


CasAssertionAuthenticationToken Temporary authentication object needed to load the user details service. 
CasAuthenticationEntryPoint Used by the ExceptionTranslationFilter to commence authentication via the JA-SIG Central Authentication Service (CAS). 
CasAuthenticationFilter Processes a CAS service ticket, obtains proxy granting tickets, and processes proxy tickets. 
CasAuthenticationProvider An AuthenticationProvider implementation that integrates with JA-SIG Central Authentication Service (CAS). 
CasAuthenticationToken Represents a successful CAS Authentication
ChannelAttributeFactory Used as a factory bean to create config attribute values for the requires-channel attribute. 
ChannelDecisionManager Decides whether a web channel provides sufficient security. 
ChannelDecisionManagerImpl Implementation of ChannelDecisionManager
ChannelEntryPoint May be used by a ChannelProcessor to launch a web channel. 
ChannelProcessingFilter Ensures a web request is delivered over the required channel. 
ChannelProcessor Decides whether a web channel meets a specific security condition. 
ChildrenExistException Thrown if an Acl cannot be deleted because children Acls exist. 
ConcurrentSessionControlStrategy Strategy which handles concurrent session-control, in addition to the functionality provided by the base class. 
ConcurrentSessionFilter Filter required by concurrent session handling package. 
ConfigAttribute Stores a security system related configuration attribute. 
ConfigAttributeEditor This class is deprecated. No replacement. 
ConsensusBased Simple concrete implementation of AccessDecisionManager that uses a consensus-based approach. 
ConsoleAuditLogger A basic implementation of AuditLogger
ContextPropagatingRemoteInvocation The actual RemoteInvocation that is passed from the client to the server. 
ContextPropagatingRemoteInvocationFactory Called by a client-side instance of org.springframework.remoting.rmi.RmiProxyFactoryBean when it wishes to create a remote invocation. 
CookieClearingLogoutHandler A logout handler which clears a defined list of cookies, using the context path as the cookie path. 
CredentialsContainer Indicates that the implementing object contains sensitive data, which can be erased using the eraseCredentials method. 
CredentialsExpiredException Thrown if an authentication request is rejected because the account's credentials have expired. 
CumulativePermission Represents a Permission that is constructed at runtime from other permissions. 
CycleInRoleHierarchyException Exception that is thrown because of a cycle in the role hierarchy definition 


DaoAuthenticationProvider An AuthenticationProvider implementation that retrieves user details from a UserDetailsService
DefaultAuthenticationEventPublisher The default strategy for publishing authentication events. 
DefaultFilterInvocationSecurityMetadataSource Default implementation of FilterInvocationDefinitionSource
DefaultHttpFirewall Default implementation which wraps requests in order to provide consistent values of the servletPath and pathInfo, which do not contain path parameters (as defined in RFC 2396). 

Creates a LoginContext using the Configuration provided to it. 

DefaultLdapAuthoritiesPopulator The default strategy for obtaining user role information from the directory. 
DefaultLdapUsernameToDnMapper This implementation appends a name component to the userDnBase context using the usernameAttributeName property. 
DefaultLoginExceptionResolver This LoginExceptionResolver simply wraps the LoginException with an AuthenticationServiceException. 
DefaultLoginPageGeneratingFilter For internal use with namespace configuration in the case where a user doesn't configure a login page. 
DefaultMethodSecurityExpressionHandler The standard implementation of MethodSecurityExpressionHandler
DefaultPermissionFactory Default implementation of PermissionFactory
DefaultRedirectStrategy Simple implementation of RedirectStrategy which is the default used throughout the framework. 
DefaultSavedRequest Represents central information from a HttpServletRequest
DefaultSecurityFilterChain Standard implementation of SecurityFilterChain
DefaultSpringSecurityContextSource ContextSource implementation which uses Spring LDAP's LdapContextSource as a base class. 
DefaultToken The default implementation of Token
DefaultWebInvocationPrivilegeEvaluator Allows users to determine whether they have privileges for a given web URI. 
DelegatingAuthenticationEntryPoint An AuthenticationEntryPoint which selects a concrete AuthenticationEntryPoint based on a RequestMatcher evaluation. 
DelegatingMethodSecurityMetadataSource Automatically tries a series of method definition sources, relying on the first source of metadata that provides a non-null/non-empty response. 
DenyAllPermissionEvaluator A null PermissionEvaluator which denies all access. 
DigestAuthenticationEntryPoint Used by the SecurityEnforcementFilter to commence authentication via the DigestAuthenticationFilter
DigestAuthenticationFilter Processes a HTTP request's Digest authorization headers, putting the result into the SecurityContextHolder
DisabledException Thrown if an authentication request is rejected because the account is disabled. 
DnsEntryNotFoundException This will be thrown if no entry matches the specified DNS query. 
DnsLookupException This will be thrown for unknown DNS errors. 
DnsResolver Helper class for DNS operations. 


EhCacheBasedAclCache Simple implementation of AclCache that delegates to EH-CACHE. 
EhCacheBasedTicketCache Caches tickets using a Spring IoC defined EHCACHE
EhCacheBasedUserCache Caches User objects using a Spring IoC defined EHCACHE
Elements Contains all the element names used by Spring Security 3 namespace support. 
ELRequestMatcher A RequestMatcher implementation which uses a SpEL expression

With the default EvaluationContext (ELRequestMatcherContext) you can use hasIpAdress() and hasHeader()

See DelegatingAuthenticationEntryPoint for an example configuration. 

EncodingUtils Static helper for encoding data. 
Encryptors Factory for commonly used encryptors. 

Adapter that wraps an Enumeration around a Java 2 collection Iterator

ExceptionMappingAuthenticationFailureHandler Uses the internal map of exceptions types to URLs to determine the destination on authentication failure. 
ExceptionTranslationFilter Handles any AccessDeniedException and AuthenticationException thrown within the filter chain. 
ExpressionBasedAnnotationAttributeFactory PrePostInvocationAttributeFactory which interprets the annotation value as an expression to be evaluated at runtime. 
ExpressionBasedFilterInvocationSecurityMetadataSource Expression-based FilterInvocationSecurityMetadataSource
ExpressionBasedPreInvocationAdvice Method pre-invocation handling based on expressions. 


FastHttpDateFormat Utility class to generate HTTP dates. 
FieldUtils Offers static methods for directly manipulating fields. 
FilterBasedLdapUserSearch LdapUserSearch implementation which uses an Ldap filter to locate the user. 
FilterChainMapBeanDefinitionDecorator Sets the filter chain Map for a FilterChainProxy bean declaration. 
FilterChainProxy Delegates Filter requests to a list of Spring-managed filter beans. 
FilterInvocation Holds objects associated with a HTTP filter. 
FilterInvocationSecurityMetadataSource Marker interface for SecurityMetadataSource implementations that are designed to perform lookups keyed on FilterInvocations. 
FilterInvocationSecurityMetadataSourceParser Allows for convenient creation of a FilterInvocationSecurityMetadataSource bean for use with a FilterSecurityInterceptor. 
FilterSecurityInterceptor Performs security handling of HTTP resources via a filter implementation. 
FirewalledRequest Request wrapper which is returned by the HttpFirewall interface. 


GlobalMethodSecurityBeanDefinitionParser Processes the top-level "global-method-security" element. 
GrantedAuthoritiesContainer Indicates that a object stores GrantedAuthority objects. 
GrantedAuthoritiesMapper Mapping interface which can be injected into the authentication layer to convert the authorities loaded from storage into those which will be used in the Authentication object. 
GrantedAuthority Represents an authority granted to an Authentication object. 
GrantedAuthorityFromAssertionAttributesUserDetailsService Populates the GrantedAuthoritys for a user by reading a list of attributes that were returned as part of the CAS response. 
GrantedAuthorityImpl This class is deprecated. Use the final class SimpleGrantedAuthority or implement your own.  
GrantedAuthoritySid Represents a GrantedAuthority as a Sid
GroupManager Allows management of groups of authorities and their members. 


Hex Hex data encoder. 

In the pre-authenticated authentication case (unlike CAS, for example) the user will already have been identified through some external mechanism and a secure context established by the time the security-enforcement filter is invoked. 

HttpFirewall Interface which can be used to reject potentially dangerous requests and/or wrap them to control their behaviour. 
HttpFirewallBeanDefinitionParser Injects the supplied HttpFirewall bean reference into the FilterChainProxy
HttpRequestResponseHolder Used to pass the incoming request to loadContext(HttpRequestResponseHolder), allowing the method to swap the request for a wrapped version, as well as returning the SecurityContext value. 
HttpSecurityBeanDefinitionParser Sets up HTTP security: filter stack and protected URLs. 
HttpSessionCreatedEvent Published by the HttpSessionEventPublisher when an HttpSession is created by the container 
HttpSessionDestroyedEvent Published by the HttpSessionEventPublisher when a HttpSession is created in the container 
HttpSessionEventPublisher Declared in web.xml as
Publishes HttpSessionApplicationEvents to the Spring Root WebApplicationContext. 
HttpSessionRequestCache RequestCache which stores the SavedRequest in the HttpSession. 
HttpSessionSecurityContextRepository A SecurityContextRepository implementation which stores the security context in the HttpSession between requests. 


IdentityUnavailableException Thrown if an ACL identity could not be extracted from an object. 
InetOrgPerson UserDetails implementation whose properties are based on a subset of the LDAP schema for inetOrgPerson
InitialContextFactory This is used in JndiDnsResolver to get an InitialDirContext for DNS queries. 

An in memory representation of a JAAS configuration. 

InMemoryDaoImpl This class is deprecated. Use InMemoryUserDetailsManager instead (or write your own implementation)  
InMemoryResource An in memory implementation of Spring's interface. 
InMemoryTokenRepositoryImpl Simple PersistentTokenRepository implementation backed by a Map. 
InMemoryUserDetailsManager Non-persistent implementation of UserDetailsManager which is backed by an in-memory map. 
InsecureChannelProcessor Ensures channel security is inactive by review of HttpServletRequest.isSecure() responses. 
InsufficientAuthenticationException Thrown if an authentication request is rejected because the credentials are not sufficiently trusted. 
InteractiveAuthenticationSuccessEvent Indicates an interactive authentication was successful. 
InterceptorStatusToken A return object received by AbstractSecurityInterceptor subclasses. 
InvalidCookieException Exception thrown by a RememberMeServices implementation to indicate that a submitted cookie is of an invalid format or has expired. 
InvalidSessionStrategy Determines the behaviour of the SessionManagementFilter when an invalid session Id is submitted and detected in the SessionManagementFilter
IpAddressMatcher Matches a request based on IP Address or subnet mask matching against the remote address. 


J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource Implementation of AuthenticationDetailsSource which converts the user's J2EE roles (as obtained by calling isUserInRole(String)) into GrantedAuthoritys and stores these in the authentication details object. 
J2eePreAuthenticatedProcessingFilter This AbstractPreAuthenticatedProcessingFilter implementation is based on the J2EE container-based authentication mechanism. 

A Filter which attempts to obtain a JAAS Subject and continue the FilterChain running as that Subject

JaasAuthenticationCallbackHandler The JaasAuthenticationCallbackHandler is similar to the interface in that it defines a handle method. 
JaasAuthenticationEvent Parent class for events fired by the JaasAuthenticationProvider
JaasAuthenticationFailedEvent Fired when LoginContext.login throws a LoginException, or if any other exception is thrown during that time. 
JaasAuthenticationProvider An AuthenticationProvider implementation that retrieves user details from a JAAS login configuration. 
JaasAuthenticationSuccessEvent Fired by the JaasAuthenticationProvider after successfully logging the user into the LoginContext, handling all callbacks, and calling all AuthorityGranters. 
JaasAuthenticationToken UsernamePasswordAuthenticationToken extension to carry the Jaas LoginContext that the user was logged into 
JaasGrantedAuthority GrantedAuthority which, in addition to the assigned role, holds the principal that an AuthorityGranter used as a reason to grant this authority. 
JaasNameCallbackHandler The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback. 
JaasPasswordCallbackHandler The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback. 
JdbcAclService Simple JDBC-based implementation of AclService
JdbcDaoImpl UserDetailsServiceRetrieves implementation which retrieves the user details (username, password, enabled flag, and authorities) from a database using JDBC queries. 
JdbcMutableAclService Provides a base JDBC implementation of MutableAclService
JdbcTokenRepositoryImpl JDBC based persistent login token repository implementation. 
JdbcUserDetailsManager Jdbc user management service, based on the same table structure as its parent class, JdbcDaoImpl
JndiDnsResolver Implementation of DnsResolver which uses JNDI for the DNS queries. 
JspAuthorizeTag A JSP Tag implementation of AbstractAuthorizeTag
Jsr250MethodSecurityMetadataSource Sources method security metadata from major JSR 250 security annotations. 
Jsr250SecurityConfig Security config applicable as a JSR 250 annotation attribute. 
Jsr250Voter Voter on JSR-250 configuration attributes. 


KeyBasedPersistenceTokenService Basic implementation of TokenService that is compatible with clusters and across machine restarts, without requiring database persistence. 
KeyGenerators Factory for commonly used key generators. 


LdapAuthenticationProvider An AuthenticationProvider implementation that authenticates against an LDAP server. 
LdapAuthenticator The strategy interface for locating and authenticating an Ldap user. 
LdapAuthoritiesPopulator Obtains a list of granted authorities for an Ldap user. 
LdapProviderBeanDefinitionParser Ldap authentication provider namespace configuration. 
LdapShaPasswordEncoder A version of ShaPasswordEncoder which supports Ldap SHA and SSHA (salted-SHA) encodings. 
LdapUserDetails Captures the information for a user's LDAP entry. 
LdapUserDetailsImpl A UserDetails implementation which is used internally by the Ldap services. 
LdapUserDetailsImpl.Essence Variation of essence pattern. 
LdapUserDetailsManager An Ldap implementation of UserDetailsManager. 
LdapUserDetailsMapper The context mapper used by the LDAP authentication provider to create an LDAP user object. 
LdapUserDetailsService LDAP implementation of UserDetailsService based around an LdapUserSearch and an LdapAuthoritiesPopulator
LdapUsernameToDnMapper Constructs an Ldap Distinguished Name from a username. 
LdapUserSearch Obtains a user's information from the LDAP directory given a login name. 
LdapUtils LDAP Utility methods. 
LockedException Thrown if an authentication request is rejected because the account is locked. 
LoggerListener Outputs interceptor-related application events to Commons Logging. 
LoggerListener Outputs authentication-related application events to Commons Logging. 
LoginExceptionResolver The JaasAuthenticationProvider takes an instance of LoginExceptionResolver to resolve LoginModule specific exceptions to Spring Security AuthenticationExceptions. 
LoginUrlAuthenticationEntryPoint Used by the ExceptionTranslationFilter to commence a form login authentication via the UsernamePasswordAuthenticationFilter
LogoutFilter Logs a principal out. 
LogoutHandler Indicates a class that is able to participate in logout handling. 
LogoutSuccessHandler Strategy that is called after a successful logout by the LogoutFilter, to handle redirection or forwarding to the appropriate destination. 
LookupStrategy Performs lookups for AclService


MapBasedAttributes2GrantedAuthoritiesMapper This class implements the Attributes2GrantedAuthoritiesMapper and MappableAttributesRetriever interfaces based on the supplied Map. 
MapBasedMethodSecurityMetadataSource Stores a list of ConfigAttributes for a method or class signature. 
MappableAttributesRetriever Interface to be implemented by classes that can retrieve a list of mappable security attribute strings (for example the list of all available J2EE roles in a web or EJB application). 
MatcherType Defines the RequestMatcher types supported by the namespace. 
Md4PasswordEncoder MD4 implementation of PasswordEncoder. 

MD5 implementation of PasswordEncoder. 

MessageDigestPasswordEncoder Base for digest password encoders. 
MethodInvocationAdapter Decorates a JoinPoint to allow it to be used with method-security infrastructure classes which support MethodInvocation instances. 
MethodInvocationPrivilegeEvaluator Allows users to determine whether they have "before invocation" privileges for a given method invocation. 
MethodInvocationUtils Static utility methods for creating MethodInvocations usable within Spring Security. 
MethodSecurityExpressionHandler Extended expression-handler facade which adds methods which are specific to securing method invocations. 
MethodSecurityInterceptor Provides security interception of AOP Alliance based method invocations. 
MethodSecurityMetadataSource Interface for SecurityMetadataSource implementations that are designed to perform lookups keyed on Methods. 
MethodSecurityMetadataSourceAdvisor Advisor driven by a MethodSecurityMetadataSource, used to exclude a MethodSecurityInterceptor from public (non-secure) methods. 
MutableAcl A mutable Acl
MutableAclService Provides support for creating and storing Acl instances. 
MutableGrantedAuthoritiesContainer Indicates that a object can be used to store and retrieve GrantedAuthority objects. 


NonceExpiredException Thrown if an authentication request is rejected because the digest nonce has expired. 
NoOpPasswordEncoder A password encoder that does nothing. 
NotFoundException Thrown if an ACL-related object cannot be found. 
NullRememberMeServices Implementation of NullRememberMeServices that does nothing. 
NullRequestCache Null implementation of RequestCache
NullStatelessTicketCache Implementation of @link StatelessTicketCache that has no backing cache. 
NullUserCache Does not perform any caching. 


ObjectIdentity Represents the identity of an individual domain object instance. 
ObjectIdentityGenerator Strategy which creates an ObjectIdentity from an object identifier (such as a primary key) and type information. 
ObjectIdentityImpl Simple implementation of ObjectIdentity
ObjectIdentityRetrievalStrategy Strategy interface that provides the ability to determine which ObjectIdentity will be returned for a particular domain object 
ObjectIdentityRetrievalStrategyImpl Basic implementation of ObjectIdentityRetrievalStrategy and ObjectIdentityGenerator that uses the constructors of ObjectIdentityImpl to create the ObjectIdentity
OpenIDAttribute Represents an OpenID subject identity attribute. 
OpenIDAuthenticationFilter Filter which processes OpenID authentication requests. 
OpenIDAuthenticationProvider Finalises the OpenID authentication by obtaining local authorities for the authenticated user. 
OpenIDAuthenticationStatus Authentication status codes, based on JanRain status codes 
OpenIDAuthenticationToken OpenID Authentication Token 
OpenIDConsumer An interface for OpenID library implementations 
OpenIDConsumerException Thrown by an OpenIDConsumer if it cannot process a request 
OwnershipAcl A mutable ACL that provides ownership capabilities. 


PasswordComparisonAuthenticator An LdapAuthenticator which compares the login password with the value stored in the directory using a remote LDAP "compare" operation. 
PasswordEncoder Interface for performing authentication operations on a password. 
PasswordEncoder Service interface for encoding passwords. 
PasswordEncoderParser Stateful parser for the element. 
PasswordPolicyAwareContextSource Extended version of the DefaultSpringSecurityContextSource which adds support for the use of PasswordPolicyControl to make use of user account data stored in the directory. 
PasswordPolicyControl A Password Policy request control. 
PasswordPolicyControlExtractor Obtains the PasswordPolicyControl from a context for use by other classes. 
PasswordPolicyControlFactory Transforms a control object to a PasswordPolicyResponseControl object, if appropriate. 
PasswordPolicyErrorStatus Defines status codes for use with PasswordPolicyException, with error codes (for message source lookup) and default messages. 
PasswordPolicyException Generic exception raised by the ppolicy package. 
PasswordPolicyResponseControl Represents the response control received when a PasswordPolicyControl is used when binding to a directory. 
Permission Represents a permission granted to a Sid for a given domain object. 
PermissionCacheOptimizer Allows permissions to be pre-cached when using pre or post filtering with expressions 
PermissionEvaluator Strategy used in expression evaluation to determine whether a user has a permission or permissions for a given domain object. 
PermissionFactory Provides a simple mechanism to retrieve Permission instances from integer masks. 
PermissionGrantingStrategy Allow customization of the logic for determining whether a permission or permissions are granted to a particular sid or sids by an Acl
PersistentTokenBasedRememberMeServices RememberMeServices implementation based on Barry Jaspan's Improved Persistent Login Cookie Best Practice
PersistentTokenRepository The abstraction used by PersistentTokenBasedRememberMeServices to store the persistent login tokens for a user. 
Person UserDetails implementation whose properties are based on the LDAP schema for Person

Plaintext implementation of PasswordEncoder. 

PortMapper PortMapper implementations provide callers with information about which HTTP ports are associated with which HTTPS ports on the system, and vice versa. 
PortMapperImpl Concrete implementation of PortMapper that obtains HTTP:HTTPS pairs from the application context. 
PortResolver A PortResolver determines the port a web request was received on. 
PortResolverImpl Concrete implementation of PortResolver that obtains the port from ServletRequest.getServerPort()
PostAuthorize Annotation for specifying a method access-control expression which will be evaluated after a method has been invoked. 
PostFilter Annotation for specifying a method filtering expression which will be evaluated after a method has been invoked. 
PostInvocationAdviceProvider AfterInvocationProvider which delegates to a PostInvocationAuthorizationAdvice instance passing it the PostInvocationAttribute created from @PostAuthorize and @PostFilter annotations. 
PostInvocationAttribute Marker interface for attributes which are created from combined @PostFilter and @PostAuthorize annotations. 
PostInvocationAuthorizationAdvice Performs filtering and authorization logic after a method is invoked. 

Processes a pre-authenticated authentication request. 

PreAuthenticatedAuthenticationToken Authentication implementation for pre-authenticated authentication. 
PreAuthenticatedGrantedAuthoritiesAuthenticationDetails This AuthenticationDetails implementation allows for storing a list of pre-authenticated Granted Authorities. 

This AuthenticationUserDetailsService implementation creates a UserDetails object based solely on the information contained in the given PreAuthenticatedAuthenticationToken. 

PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails This WebAuthenticationDetails implementation allows for storing a list of pre-authenticated Granted Authorities. 
PreAuthorize Annotation for specifying a method access-control expression which will be evaluated to decide whether a method invocation is allowed or not. 
PreFilter Annotation for specifying a method filtering expression which will be evaluated before a method has been invoked. 
PreInvocationAttribute Marker interface for attributes which are created from combined @PreFilter and @PreAuthorize annotations. 
PreInvocationAuthorizationAdvice Performs argument filtering and authorization logic before a method is invoked. 
PreInvocationAuthorizationAdviceVoter Voter which performs the actions using a PreInvocationAuthorizationAdvice implementation generated from @PreFilter and @PreAuthorize annotations. 
PrePostAnnotationSecurityMetadataSource MethodSecurityMetadataSource which extracts metadata from the @PreFilter and @PreAuthorize annotations placed on a method. 
PrincipalSid Represents an Authentication.getPrincipal() as a Sid
ProviderManager Iterates an Authentication request through a list of AuthenticationProviders. 
ProviderNotFoundException Thrown by ProviderManager if no AuthenticationProvider could be found that supports the presented Authentication object. 
PublicInvocationEvent Event that is generated whenever a public secure object is invoked. 


RedirectStrategy Encapsulates the redirection logic for all classes in the framework which perform redirects. 
RedirectUrlBuilder Internal class for building redirect URLs. 
ReflectionSaltSource Obtains a salt from a specified property of the User object. 
RegexRequestMatcher Uses a regular expression to decide whether a supplied the URL of a supplied HttpServletRequest
RememberMeAuthenticationFilter Detects if there is no Authentication object in the SecurityContext, and populates the context with a remember-me authentication token if a RememberMeServices implementation so requests. 
RememberMeAuthenticationProvider An AuthenticationProvider implementation that validates RememberMeAuthenticationTokens. 
RememberMeAuthenticationToken Represents a remembered Authentication
RememberMeServices Implement by a class that is capable of providing a remember-me service. 
RemoteAuthenticationException Thrown if a RemoteAuthenticationManager cannot validate the presented authentication request. 
RemoteAuthenticationManager Allows remote clients to attempt authentication. 
RemoteAuthenticationManagerImpl Server-side processor of a remote authentication request. 
RemoteAuthenticationProvider Client-side object which queries a RemoteAuthenticationManager to validate an authentication request. 
RequestCache Implements "saved request" logic, allowing a single request to be retrieved and restarted after redirecting to an authentication mechanism. 
RequestCacheAwareFilter Responsible for reconstituting the saved request if one is cached and it matches the current request. 
RequestHeaderAuthenticationFilter A simple pre-authenticated filter which obtains the username from a request header, for use with systems such as CA Siteminder. 
RequestMatcher Simple strategy to match an HttpServletRequest
RequestMatcherEditor PropertyEditor which creates ELRequestMatcher instances from Strings This allows to use a String in a BeanDefinition instead of an (inner) bean if a RequestMatcher is required, e.g. 
RetryWithHttpEntryPoint Commences an insecure channel by retrying the original request using HTTP. 
RetryWithHttpsEntryPoint Commences a secure channel by retrying the original request using HTTPS. 
RoleHierarchy The simple interface of a role hierarchy. 

This class defines a role hierarchy for use with the UserDetailsServiceWrapper. 

RoleHierarchyVoter Extended RoleVoter which uses a RoleHierarchy definition to determine the roles allocated to the current user before voting. 
RoleVoter Votes if any getAttribute() starts with a prefix indicating that it is a role. 
RunAsImplAuthenticationProvider An AuthenticationProvider implementation that can authenticate a RunAsUserToken
RunAsManager Creates a new temporary Authentication object for the current secure object invocation only. 
RunAsManagerImpl Basic concrete implementation of a RunAsManager
RunAsUserToken An immutable Authentication implementation that supports RunAsManagerImpl


SaltSource Provides alternative sources of the salt to use for encoding passwords. 
SamlServiceProperties Sets the appropriate parameters for CAS's implementation of SAML (which is not guaranteed to be actually SAML compliant). 
SaveContextOnUpdateOrErrorResponseWrapper Base class for response wrappers which encapsulate the logic for storing a security context and which store the with the SecurityContext when a sendError() or sendRedirect happens. 
SavedCookie Stores off the values of a cookie in a serializable holder 
SavedRequest Encapsulates the functionality required of a cached request for both an authentication mechanism (typically form-based login) to redirect to the original URL and for a RequestCache to build a wrapped request, reproducing the original request data. 
SavedRequestAwareAuthenticationSuccessHandler An authentication success strategy which can make use of the DefaultSavedRequest which may have been stored in the session by the ExceptionTranslationFilter
SecureChannelProcessor Ensures channel security is active by review of HttpServletRequest.isSecure() responses. 
Secured Java 5 annotation for describing service layer security attributes. 
SecuredAnnotationSecurityMetadataSource Sources method security metadata from Spring Security's Secured annotation. 
SecureRandomFactoryBean Creates a SecureRandom instance. 
SecurityConfig Stores a ConfigAttribute as a String
SecurityContext Interface defining the minimum security information associated with the current thread of execution. 
SecurityContextHolder Associates a given SecurityContext with the current execution thread. 
SecurityContextHolderAwareRequestFilter A Filter which populates the ServletRequest with a request wrapper which implements the servlet API security methods. 
SecurityContextHolderAwareRequestWrapper A Spring Security-aware HttpServletRequestWrapper, which uses the SecurityContext-defined Authentication object to implement the servlet API security methods isUserInRole(String) and getRemoteUser()
SecurityContextHolderStrategy A strategy for storing security context information against a thread. 
SecurityContextImpl Base implementation of SecurityContext
SecurityContextLoginModule An implementation of LoginModule that uses a Spring Security SecurityContext to provide authentication. 
SecurityContextLogoutHandler Performs a logout by modifying the SecurityContextHolder
SecurityContextPersistenceFilter Populates the SecurityContextHolder with information obtained from the configured SecurityContextRepository prior to the request and stores it back in the repository once the request has completed and clearing the context holder. 
SecurityContextRepository Strategy used for persisting a SecurityContext between requests. 
SecurityExpressionHandler<T> Facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects 
SecurityExpressionRoot Base root object for use in Spring Security expression evaluations. 
SecurityFilterChain Defines a filter chain which is capable of being matched against an HttpServletRequest
SecurityMetadataSource Implemented by classes that store and can identify the ConfigAttributes that applies to a given secure object invocation. 
SecurityNamespaceHandler Parses elements from the "security" namespace ( 
ServiceAuthenticationDetails In order for the CasAuthenticationProvider to provide the correct service url to authenticate the ticket, the returned value of getDetails() should implement this interface when tickets can be sent to any URL rather than only getService()
ServiceAuthenticationDetailsSource The AuthenticationDetailsSource that is set on the CasAuthenticationFilter should return a value that implements ServiceAuthenticationDetails if the application needs to authenticate dynamic service urls. 
ServiceProperties Stores properties related to this CAS service. 
SessionAuthenticationException Thrown by an SessionAuthenticationStrategy to indicate that an authentication object is not valid for the current session, typically because the same user has exceeded the number of sessions they are allowed to have concurrently. 
SessionAuthenticationStrategy Allows pluggable support for HttpSession-related behaviour when an authentication occurs. 
SessionCreationEvent Generic session creation event which indicates that a session (potentially represented by a security context) has begun. 
SessionDestroyedEvent Generic "session termination" event which indicates that a session (potentially represented by a security context) has ended. 
SessionFixationProtectionStrategy The default implementation of SessionAuthenticationStrategy
SessionIdentifierAware This interface is deprecated. Legacy of former concurrency control implementation. Will be removed in a future version.  
SessionInformation Represents a record of a session within the Spring Security framework. 
SessionManagementFilter Detects that a user has been authenticated since the start of the request and, if they have, calls the configured SessionAuthenticationStrategy to perform any session-related activity such as activating session-fixation protection mechanisms or checking for multiple concurrent logins. 
SessionRegistry Maintains a registry of SessionInformation instances. 
SessionRegistryImpl Default implementation of SessionRegistry which listens for SessionDestroyedEvents published in the Spring application context. 
Sha512DigestUtils Provides SHA512 digest methods. 

SHA implementation of PasswordEncoder. 

Sid A security identity recognised by the ACL system. 
SidRetrievalStrategy Strategy interface that provides an ability to determine the Sid instances applicable for an Authentication
SidRetrievalStrategyImpl Basic implementation of SidRetrievalStrategy that creates a Sid for the principal, as well as every granted authority the principal holds. 

This class implements the Attributes2GrantedAuthoritiesMapper interface by doing a one-to-one mapping from roles to Spring Security GrantedAuthorities. 

SimpleAuthorityMapper Simple one-to-one GrantedAuthoritiesMapper which allows for case conversion of the authority name and the addition of a string prefix (which defaults to ROLE_). 
SimpleGrantedAuthority Basic concrete implementation of a GrantedAuthority
SimpleMappableAttributesRetriever This class implements the MappableAttributesRetriever interface by just returning a list of mappable attributes as previously set using the corresponding setter method. 
SimpleMethodInvocation Represents the AOP Alliance MethodInvocation
SimpleRedirectInvalidSessionStrategy Performs a redirect to a fixed URL when an invalid requested session is detected by the SessionManagementFilter
SimpleUrlAuthenticationFailureHandler AuthenticationFailureHandler which performs a redirect to the value of the defaultFailureUrl property when the onAuthenticationFailure method is called. 
SimpleUrlAuthenticationSuccessHandler AuthenticationSuccessHandler which can be configured with a default URL which users should be sent to upon successful authentication. 
SimpleUrlLogoutSuccessHandler Handles the navigation on logout by delegating to the AbstractAuthenticationTargetUrlRequestHandler base class logic. 
SpringSecurityAuthenticationSource An AuthenticationSource to retrieve authentication information stored in Spring Security's SecurityContextHolder
SpringSecurityCoreVersion Internal class used for checking version compatibility in a deployed application. 
SpringSecurityLdapTemplate Extension of Spring LDAP's LdapTemplate class which adds extra functionality required by Spring Security. 
SpringSecurityMessageSource The default MessageSource used by Spring Security. 
StandardPasswordEncoder A standard PasswordEncoder implementation that uses SHA-256 hashing with 1024 iterations and a random 8-byte random salt value. 
StatelessTicketCache Caches CAS service tickets and CAS proxy tickets for stateless connections. 
StringKeyGenerator A generator for unique string keys. 
SubjectDnX509PrincipalExtractor Obtains the principal from a certificate using a regular expression match against the Subject (as returned by a call to getSubjectDN()). 
SwitchUserAuthorityChanger Allows subclasses to modify the GrantedAuthority list that will be assigned to the principal when they assume the identity of a different principal. 
SwitchUserFilter Switch User processing filter responsible for user context switching. 
SwitchUserGrantedAuthority Custom GrantedAuthority used by SwitchUserFilter

Stores the Authentication object of the original user to be used later when 'exiting' from a user switch. 

SystemWideSaltSource Uses a static system-wide String as the salt. 


TagLibConfig internal cconfiguration class for taglibs. 
TestingAuthenticationProvider An AuthenticationProvider implementation for the TestingAuthenticationToken
TestingAuthenticationToken An Authentication implementation that is designed for use whilst unit testing. 
TextEncryptor Service interface for symmetric encryption of text strings. 
TextEscapeUtils Internal utility for escaping characters in HTML strings
ThrowableAnalyzer Handler for analyzing Throwable instances. 
ThrowableCauseExtractor Interface for handlers extracting the cause out of a specific Throwable type. 
Token A token issued by TokenService
TokenBasedRememberMeServices Identifies previously remembered users by a Base-64 encoded cookie. 
TokenService Provides a mechanism to allocate and rebuild secure, randomised tokens. 


UnanimousBased Simple concrete implementation of AccessDecisionManager that requires all voters to abstain or grant access. 
UnloadedSidException Thrown if an Acl cannot perform an operation because it only loaded a subset of Sids and the caller has requested details for an unloaded Sid
UrlUtils Provides static methods for composing URLs. 
User Models core user information retrieved by a UserDetailsService
UserAttribute Used by InMemoryDaoImpl to temporarily store the attributes associated with a user. 
UserAttributeEditor Property editor that creates a UserAttribute from a comma separated list of values. 
UserCache Provides a cache of UserDetails objects. 
UserDetails Provides core user information. 
UserDetailsByNameServiceWrapper<T extends Authentication> This implementation for AuthenticationUserDetailsService wraps a regular Spring Security UserDetailsService implementation, to retrieve a UserDetails object based on the user name contained in an Authentication object. 
UserDetailsChecker Called by classes which make use of a UserDetailsService to check the status of the loaded UserDetails object. 
UserDetailsContextMapper Operations to map a UserDetails object to and from a Spring LDAP DirContextOperations implementation. 
UserDetailsManager An extension of the UserDetailsService which provides the ability to create new users and update existing ones. 
UserDetailsService Core interface which loads user-specific data. 
UserDetailsServiceFactoryBean Bean used to lookup a named UserDetailsService or AuthenticationUserDetailsService. 
UserDetailsServiceLdapAuthoritiesPopulator Simple LdapAuthoritiesPopulator which delegates to a UserDetailsService, using the name which was supplied at login as the username. 
UserDetailsServiceWrapper This class is deprecated. use a RoleHierarchyVoter or use a RoleHierarchyAuthoritiesMapper to populate the Authentication object with the additional authorities.  
UserDetailsWrapper This class is deprecated. use a RoleHierarchyVoter or RoleHierarchyAuthoritiesMapper instead.  
UserMap This class is deprecated. Use a plain map instead  
UserMapEditor Property editor to assist with the setup of a UserMap
UsernameNotFoundException Thrown if an UserDetailsService implementation cannot locate a User by its username. 
UsernamePasswordAuthenticationFilter Processes an authentication form submission. 
UsernamePasswordAuthenticationToken An Authentication implementation that is designed for simple presentation of a username and password. 
Utf8 UTF-8 Charset encoder/decoder. 


WebAttributes Well-known keys which are used to store Spring Security information in request or session scope. 
WebAuthenticationDetails A holder of selected HTTP details related to a web authentication request. 
WebAuthenticationDetailsSource Implementation of AuthenticationDetailsSource which builds the details object from an HttpServletRequest object, creating a WebAuthenticationDetails
WebExpressionVoter Voter which handles web authorisation decisions. 
WebInvocationPrivilegeEvaluator Allows users to determine whether they have privileges for a given web URI. 
WebSphere2SpringSecurityPropagationInterceptor This method interceptor can be used in front of arbitrary Spring beans to make a Spring SecurityContext available to the bean, based on the current WebSphere credentials. 
WebSpherePreAuthenticatedAuthenticationDetailsSource This AuthenticationDetailsSource implementation, when configured with a MutableGrantedAuthoritiesContainer, will set the pre-authenticated granted authorities based on the WebSphere groups for the current WebSphere user, mapped using the configured Attributes2GrantedAuthoritiesMapper. 
WebSpherePreAuthenticatedProcessingFilter This AbstractPreAuthenticatedProcessingFilter implementation is based on WebSphere authentication. 
WebSpherePreAuthenticatedWebAuthenticationDetailsSource This AuthenticationDetailsSource implementation will set the pre-authenticated granted authorities based on the WebSphere groups for the current WebSphere user, mapped using the configured Attributes2GrantedAuthoritiesMapper. 
WebXmlMappableAttributesRetriever This MappableAttributesRetriever implementation reads the list of defined J2EE roles from a web.xml file and returns these from {getMappableAttributes()


X509PrincipalExtractor Obtains the principal from an X509Certificate for use within the framework.