All Classes and Interfaces
Class
Description
Base for login, logout and access denied REST handlers.
Thrown when a user doesn't have enough privileges to access a resource.
Handles the request after access to a resource is denied for a user.
Default implementation of
AccessDeniedHandler, which forwards to the error page URL, so that the original
URL is preserved in the browser.Instances of this class are used as the root object for Spring EL
Expressions that are used to evaluate
access restrictions.RequestSecurityProcessor implementation that creates a wrapper so that
the ticket and profile last update cookies are added to the response, just before it is sent to the client.TenantsResolver that uses all the available tenants.Represents a successful authentication.
Cache for
Authentication objects.General exception thrown by the authentication service.
RequestSecurityProcessor that auto logins a user through the headers
provided by the Apache mod_auth_mellon SAML authentication module.Manages authentication.
Default implementation of
AuthenticationManager.Thrown if the user is required to authenticate to access a resource.
Handles the request when authentication is required.
Default implementation of
AuthenticationRequiredHandler:
Saves the current request so it can be reused after successful login.
Redirects to the login form URL.
Thrown when something in the authentication system fails.
Thrown when user authentication fails because of invalid username/password.
Utility methods related with connections with providers.
Thrown when a remember me cookie has been possibly stolen and is being used.
Obtains and sets the authentication for the current request.
Default implementation of
Authentication.TenantsResolver that uses default tenant values.Thrown if an authentication attempt is performed with a disabled user.
Implementation of
AuthenticationCache that uses a Guava Cache.Thrown when a remember me cookie provided has an invalid format.
Handles the request after a failed authentication.
Default implementation of
LoginFailureHandler, which redirects the
response to a target URL or 401 is sent if there's no target URL.Processes login requests.
Handles the response after a successful authentication.
Default implementation of
LoginSuccessHandler:
Deletes any authentication exception saved in the session.
Adds the ticket ID and profile last modified cookies to response.
Uses the Spring RequestCache to obtain the previous request before login and redirect to it.
Processes logout requests.
Handles the request after a successful logout.
Default implementation for
LogoutSuccessHandlerImpl, which
redirects to a target URL.Exception used when a OAuth2 provider returns an error on a login attempt.
TenantsResolver that resolves the tenants through a param.Helper class that allows for executing logins with a social service provider like Facebook, Twitter, LinkedIn, etc.
Default implementation of
ProviderLoginSupport.Utility class for redirection.
Aspect for
ProfileService that refreshes the current authentication
object when the profile associated to the authentication is updated.RequestSecurityProcessor that executes auto login when a valid remember
me cookie is found in the request and there's no authentication present yet.Root exception for remember me related errors.
Manages remember me functionality.
Default implementation of
RememberMeManager.Filter for running security.
Implementations should process a request to enforce a security aspect (authentication, authorization, etc.).
Represents a chain of
RequestSecurityProcessors.Default implementation of a handler chain, using an iterator.
Implementation of
AccessDeniedHandler for REST based applications,
which returns a 403 FORBIDDEN status with the access denied exception message.Implementation of
AuthenticationRequiredHandler for REST based
applications, which returns a 401 UNAUTHORIZED status with the authentication exception message.Implementation of
LoginFailureHandler for REST based applications,
which returns a 401 UNAUTHORIZED status with a the authentication exception message.Implementation of
LoginSuccessHandler for REST based applications,
which returns the Authentication object as the response body.Implementation of
LogoutSuccessHandler for REST based applications,
which just returns a 200 OK status with a simple success message.RequestSecurityProcessor that returns the current authentication to the
client.Annotation used to indicate that a certain method should be executed only if security is enabled.
Aspect that handles the
RunIfSecurityEnabled annotationUses
RequestCache to reconstitute a previously saved request (if there's one).Interface implemented by objects that need to be notified if security is enabled or not.
BeanPostProcessor implementation that passes the securityEnabled property to beans that
implement the SecurityEnabledAware interface.Handles certain security exceptions:
If it's an
AuthenticationRequiredException, the AuthenticationRequiredHandler is used.
If it's an AccessDeniedException, and the user is anonymous, the AuthenticationRequiredHandler
is used.Root class of security provider related exceptions
Contains security utility methods.
Utility interface that can be implemented to resolve the tenants usable by the application.
TenantsResolver that returns the first tenants resolved by any resolver.Tenant related utility methods.
Processor that checks if the current user has permission to access the current request URL.