Core access-control related code, including security metadata related classes, interception code, access control annotations, EL support and voter-based implementations of the central AccessDecisionManager interface.


AccessDecisionManager Makes a final access control (authorization) decision. 
AccessDecisionVoter<S> Indicates a class is responsible for voting on authorization decisions. 
AfterInvocationProvider Indicates a class is responsible for participating in an AfterInvocationProviderManager decision. 
ConfigAttribute Stores a security system related configuration attribute. 
PermissionCacheOptimizer Allows permissions to be pre-cached when using pre or post filtering with expressions 
PermissionEvaluator Strategy used in expression evaluation to determine whether a user has a permission or permissions for a given domain object. 
SecurityMetadataSource Implemented by classes that store and can identify the ConfigAttributes that applies to a given secure object invocation. 


ConfigAttributeEditor This class is deprecated. No replacement. 
SecurityConfig Stores a ConfigAttribute as a String


AccessDeniedException Thrown if an Authentication object does not hold a required authority. 
AuthorizationServiceException Thrown if an authorization request could not be processed due to a system problem.