Copy disabled (too large)
Download .txt
Showing preview only (38,247K chars total). Download the full file to get everything.
Repository: spring-projects/spring-security
Branch: main
Commit: e9f331c30c05
Files: 6671
Total size: 34.7 MB
Directory structure:
gitextract_5rb_dcug/
├── .editorconfig
├── .gitattributes
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug.md
│ │ ├── config.yml
│ │ └── enhancement.md
│ ├── ISSUE_TEMPLATE.md
│ ├── PULL_REQUEST_TEMPLATE.md
│ ├── dco.yml
│ ├── dependabot.yml
│ └── workflows/
│ ├── auto-merge-dependabot.yml
│ ├── check-snapshots.yml
│ ├── clean_build_artifacts.yml
│ ├── codeql.yml
│ ├── continuous-integration-workflow.yml
│ ├── defer-issues.yml
│ ├── deploy-docs.yml
│ ├── finalize-release.yml
│ ├── gradle-wrapper-upgrade-execution.yml
│ ├── milestone-spring-releasetrain.yml
│ ├── pr-build-workflow.yml
│ ├── release-scheduler.yml
│ ├── update-antora-ui-spring.yml
│ └── update-scheduled-release-version.yml
├── .gitignore
├── .idea/
│ ├── checkstyle-idea.xml
│ └── externalDependencies.xml
├── .sdkmanrc
├── .vscode/
│ └── settings.json
├── CONTRIBUTING.adoc
├── LICENSE.txt
├── README.adoc
├── RELEASE.adoc
├── access/
│ ├── spring-security-access.gradle
│ └── src/
│ ├── main/
│ │ └── java/
│ │ └── org/
│ │ └── springframework/
│ │ └── security/
│ │ ├── access/
│ │ │ ├── AccessDecisionManager.java
│ │ │ ├── AccessDecisionVoter.java
│ │ │ ├── AfterInvocationProvider.java
│ │ │ ├── ConfigAttribute.java
│ │ │ ├── SecurityConfig.java
│ │ │ ├── SecurityMetadataSource.java
│ │ │ ├── annotation/
│ │ │ │ ├── AnnotationMetadataExtractor.java
│ │ │ │ ├── Jsr250MethodSecurityMetadataSource.java
│ │ │ │ ├── Jsr250SecurityConfig.java
│ │ │ │ ├── Jsr250Voter.java
│ │ │ │ └── SecuredAnnotationSecurityMetadataSource.java
│ │ │ ├── event/
│ │ │ │ ├── AbstractAuthorizationEvent.java
│ │ │ │ ├── AuthenticationCredentialsNotFoundEvent.java
│ │ │ │ ├── AuthorizationFailureEvent.java
│ │ │ │ ├── AuthorizedEvent.java
│ │ │ │ ├── LoggerListener.java
│ │ │ │ ├── PublicInvocationEvent.java
│ │ │ │ └── package-info.java
│ │ │ ├── expression/
│ │ │ │ └── method/
│ │ │ │ ├── AbstractExpressionBasedMethodConfigAttribute.java
│ │ │ │ ├── ExpressionBasedAnnotationAttributeFactory.java
│ │ │ │ ├── ExpressionBasedPostInvocationAdvice.java
│ │ │ │ ├── ExpressionBasedPreInvocationAdvice.java
│ │ │ │ ├── PostInvocationExpressionAttribute.java
│ │ │ │ └── PreInvocationExpressionAttribute.java
│ │ │ ├── intercept/
│ │ │ │ ├── AbstractSecurityInterceptor.java
│ │ │ │ ├── AfterInvocationManager.java
│ │ │ │ ├── AfterInvocationProviderManager.java
│ │ │ │ ├── InterceptorStatusToken.java
│ │ │ │ ├── MethodInvocationPrivilegeEvaluator.java
│ │ │ │ ├── NullRunAsManager.java
│ │ │ │ ├── RunAsImplAuthenticationProvider.java
│ │ │ │ ├── RunAsManager.java
│ │ │ │ ├── RunAsManagerImpl.java
│ │ │ │ ├── RunAsUserToken.java
│ │ │ │ ├── aopalliance/
│ │ │ │ │ ├── MethodSecurityInterceptor.java
│ │ │ │ │ ├── MethodSecurityMetadataSourceAdvisor.java
│ │ │ │ │ └── package-info.java
│ │ │ │ ├── aspectj/
│ │ │ │ │ ├── AspectJCallback.java
│ │ │ │ │ ├── AspectJMethodSecurityInterceptor.java
│ │ │ │ │ ├── MethodInvocationAdapter.java
│ │ │ │ │ └── package-info.java
│ │ │ │ └── package-info.java
│ │ │ ├── method/
│ │ │ │ ├── AbstractFallbackMethodSecurityMetadataSource.java
│ │ │ │ ├── AbstractMethodSecurityMetadataSource.java
│ │ │ │ ├── DelegatingMethodSecurityMetadataSource.java
│ │ │ │ ├── MapBasedMethodSecurityMetadataSource.java
│ │ │ │ ├── MethodSecurityMetadataSource.java
│ │ │ │ ├── P.java
│ │ │ │ └── package-info.java
│ │ │ ├── prepost/
│ │ │ │ ├── PostInvocationAdviceProvider.java
│ │ │ │ ├── PostInvocationAttribute.java
│ │ │ │ ├── PostInvocationAuthorizationAdvice.java
│ │ │ │ ├── PreInvocationAttribute.java
│ │ │ │ ├── PreInvocationAuthorizationAdvice.java
│ │ │ │ ├── PreInvocationAuthorizationAdviceVoter.java
│ │ │ │ ├── PrePostAdviceReactiveMethodInterceptor.java
│ │ │ │ ├── PrePostAnnotationSecurityMetadataSource.java
│ │ │ │ └── PrePostInvocationAttributeFactory.java
│ │ │ └── vote/
│ │ │ ├── AbstractAccessDecisionManager.java
│ │ │ ├── AbstractAclVoter.java
│ │ │ ├── AffirmativeBased.java
│ │ │ ├── AuthenticatedVoter.java
│ │ │ ├── ConsensusBased.java
│ │ │ ├── RoleHierarchyVoter.java
│ │ │ ├── RoleVoter.java
│ │ │ ├── UnanimousBased.java
│ │ │ └── package-info.java
│ │ ├── acls/
│ │ │ ├── AclEntryVoter.java
│ │ │ └── afterinvocation/
│ │ │ ├── AbstractAclProvider.java
│ │ │ ├── AclEntryAfterInvocationCollectionFilteringProvider.java
│ │ │ ├── AclEntryAfterInvocationProvider.java
│ │ │ ├── ArrayFilterer.java
│ │ │ ├── CollectionFilterer.java
│ │ │ ├── Filterer.java
│ │ │ └── package-info.java
│ │ ├── messaging/
│ │ │ └── access/
│ │ │ ├── expression/
│ │ │ │ ├── EvaluationContextPostProcessor.java
│ │ │ │ ├── ExpressionBasedMessageSecurityMetadataSourceFactory.java
│ │ │ │ ├── MessageExpressionConfigAttribute.java
│ │ │ │ └── MessageExpressionVoter.java
│ │ │ └── intercept/
│ │ │ ├── ChannelSecurityInterceptor.java
│ │ │ ├── DefaultMessageSecurityMetadataSource.java
│ │ │ └── MessageSecurityMetadataSource.java
│ │ └── web/
│ │ └── access/
│ │ ├── DefaultWebInvocationPrivilegeEvaluator.java
│ │ ├── channel/
│ │ │ ├── AbstractRetryEntryPoint.java
│ │ │ ├── ChannelDecisionManager.java
│ │ │ ├── ChannelDecisionManagerImpl.java
│ │ │ ├── ChannelEntryPoint.java
│ │ │ ├── ChannelProcessingFilter.java
│ │ │ ├── ChannelProcessor.java
│ │ │ ├── InsecureChannelProcessor.java
│ │ │ ├── RetryWithHttpEntryPoint.java
│ │ │ ├── RetryWithHttpsEntryPoint.java
│ │ │ ├── SecureChannelProcessor.java
│ │ │ └── package-info.java
│ │ ├── expression/
│ │ │ ├── DefaultWebSecurityExpressionHandler.java
│ │ │ ├── ExpressionBasedFilterInvocationSecurityMetadataSource.java
│ │ │ ├── WebExpressionConfigAttribute.java
│ │ │ └── WebExpressionVoter.java
│ │ └── intercept/
│ │ ├── DefaultFilterInvocationSecurityMetadataSource.java
│ │ ├── FilterInvocationSecurityMetadataSource.java
│ │ └── FilterSecurityInterceptor.java
│ └── test/
│ └── java/
│ └── org/
│ └── springframework/
│ └── security/
│ ├── access/
│ │ ├── AuthenticationCredentialsNotFoundEventTests.java
│ │ ├── AuthorizationFailureEventTests.java
│ │ ├── AuthorizedEventTests.java
│ │ ├── ITargetObject.java
│ │ ├── OtherTargetObject.java
│ │ ├── SecurityConfigTests.java
│ │ ├── TargetObject.java
│ │ ├── annotation/
│ │ │ ├── BusinessService.java
│ │ │ ├── BusinessServiceImpl.java
│ │ │ ├── Entity.java
│ │ │ ├── ExpressionProtectedBusinessServiceImpl.java
│ │ │ ├── Jsr250BusinessServiceImpl.java
│ │ │ ├── Jsr250MethodSecurityMetadataSourceTests.java
│ │ │ ├── Jsr250VoterTests.java
│ │ │ ├── RequireAdminRole.java
│ │ │ ├── RequireUserRole.java
│ │ │ ├── SecuredAnnotationSecurityMetadataSourceTests.java
│ │ │ └── sec2150/
│ │ │ ├── CrudRepository.java
│ │ │ ├── MethodInvocationFactory.java
│ │ │ └── PersonRepository.java
│ │ ├── expression/
│ │ │ └── method/
│ │ │ ├── DefaultMethodSecurityExpressionHandlerTests.java
│ │ │ ├── ExpressionBasedPreInvocationAdviceTests.java
│ │ │ ├── MethodExpressionVoterTests.java
│ │ │ ├── MethodSecurityEvaluationContextTests.java
│ │ │ ├── MethodSecurityExpressionRootTests.java
│ │ │ ├── PrePostAnnotationSecurityMetadataSourceTests.java
│ │ │ └── SecurityRules.java
│ │ ├── intercept/
│ │ │ ├── AbstractSecurityInterceptorTests.java
│ │ │ ├── AfterInvocationProviderManagerTests.java
│ │ │ ├── InterceptorStatusTokenTests.java
│ │ │ ├── NullRunAsManagerTests.java
│ │ │ ├── RunAsImplAuthenticationProviderTests.java
│ │ │ ├── RunAsManagerImplTests.java
│ │ │ ├── RunAsUserTokenTests.java
│ │ │ ├── aopalliance/
│ │ │ │ ├── MethodSecurityInterceptorTests.java
│ │ │ │ └── MethodSecurityMetadataSourceAdvisorTests.java
│ │ │ ├── aspectj/
│ │ │ │ └── AspectJMethodSecurityInterceptorTests.java
│ │ │ └── method/
│ │ │ ├── MapBasedMethodSecurityMetadataSourceTests.java
│ │ │ ├── MethodInvocationPrivilegeEvaluatorTests.java
│ │ │ └── MockMethodInvocation.java
│ │ ├── method/
│ │ │ └── DelegatingMethodSecurityMetadataSourceTests.java
│ │ ├── prepost/
│ │ │ ├── PostInvocationAdviceProviderTests.java
│ │ │ └── PreInvocationAuthorizationAdviceVoterTests.java
│ │ └── vote/
│ │ ├── AbstractAccessDecisionManagerTests.java
│ │ ├── AbstractAclVoterTests.java
│ │ ├── AffirmativeBasedTests.java
│ │ ├── AuthenticatedVoterTests.java
│ │ ├── ConsensusBasedTests.java
│ │ ├── DenyAgainVoter.java
│ │ ├── DenyVoter.java
│ │ ├── RoleHierarchyVoterTests.java
│ │ ├── RoleVoterTests.java
│ │ └── UnanimousBasedTests.java
│ ├── acls/
│ │ └── afterinvocation/
│ │ ├── AclEntryAfterInvocationCollectionFilteringProviderTests.java
│ │ └── AclEntryAfterInvocationProviderTests.java
│ ├── messaging/
│ │ └── access/
│ │ ├── expression/
│ │ │ ├── ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
│ │ │ ├── MessageExpressionConfigAttributeTests.java
│ │ │ └── MessageExpressionVoterTests.java
│ │ └── intercept/
│ │ ├── ChannelSecurityInterceptorTests.java
│ │ └── DefaultMessageSecurityMetadataSourceTests.java
│ └── web/
│ └── access/
│ ├── DefaultWebInvocationPrivilegeEvaluatorTests.java
│ ├── channel/
│ │ ├── ChannelDecisionManagerImplTests.java
│ │ ├── ChannelProcessingFilterTests.java
│ │ ├── InsecureChannelProcessorTests.java
│ │ ├── RetryWithHttpEntryPointTests.java
│ │ ├── RetryWithHttpsEntryPointTests.java
│ │ └── SecureChannelProcessorTests.java
│ ├── expression/
│ │ ├── DefaultWebSecurityExpressionHandlerTests.java
│ │ ├── ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
│ │ └── WebExpressionVoterTests.java
│ └── intercept/
│ ├── DefaultFilterInvocationSecurityMetadataSourceTests.java
│ └── FilterSecurityInterceptorTests.java
├── acl/
│ ├── spring-security-acl.gradle
│ └── src/
│ ├── main/
│ │ ├── java/
│ │ │ └── org/
│ │ │ └── springframework/
│ │ │ └── security/
│ │ │ └── acls/
│ │ │ ├── AclPermissionCacheOptimizer.java
│ │ │ ├── AclPermissionEvaluator.java
│ │ │ ├── aot/
│ │ │ │ └── hint/
│ │ │ │ ├── AclRuntimeHints.java
│ │ │ │ └── package-info.java
│ │ │ ├── domain/
│ │ │ │ ├── AbstractPermission.java
│ │ │ │ ├── AccessControlEntryImpl.java
│ │ │ │ ├── AclAuthorizationStrategy.java
│ │ │ │ ├── AclAuthorizationStrategyImpl.java
│ │ │ │ ├── AclFormattingUtils.java
│ │ │ │ ├── AclImpl.java
│ │ │ │ ├── AuditLogger.java
│ │ │ │ ├── BasePermission.java
│ │ │ │ ├── ConsoleAuditLogger.java
│ │ │ │ ├── CumulativePermission.java
│ │ │ │ ├── DefaultPermissionFactory.java
│ │ │ │ ├── DefaultPermissionGrantingStrategy.java
│ │ │ │ ├── GrantedAuthoritySid.java
│ │ │ │ ├── IdentityUnavailableException.java
│ │ │ │ ├── ObjectIdentityImpl.java
│ │ │ │ ├── ObjectIdentityRetrievalStrategyImpl.java
│ │ │ │ ├── PermissionFactory.java
│ │ │ │ ├── PrincipalSid.java
│ │ │ │ ├── SidRetrievalStrategyImpl.java
│ │ │ │ ├── SpringCacheBasedAclCache.java
│ │ │ │ └── package-info.java
│ │ │ ├── jdbc/
│ │ │ │ ├── AclClassIdUtils.java
│ │ │ │ ├── BasicLookupStrategy.java
│ │ │ │ ├── JdbcAclService.java
│ │ │ │ ├── JdbcMutableAclService.java
│ │ │ │ ├── LookupStrategy.java
│ │ │ │ └── package-info.java
│ │ │ ├── model/
│ │ │ │ ├── AccessControlEntry.java
│ │ │ │ ├── Acl.java
│ │ │ │ ├── AclCache.java
│ │ │ │ ├── AclDataAccessException.java
│ │ │ │ ├── AclService.java
│ │ │ │ ├── AlreadyExistsException.java
│ │ │ │ ├── AuditableAccessControlEntry.java
│ │ │ │ ├── AuditableAcl.java
│ │ │ │ ├── ChildrenExistException.java
│ │ │ │ ├── MutableAcl.java
│ │ │ │ ├── MutableAclService.java
│ │ │ │ ├── NotFoundException.java
│ │ │ │ ├── ObjectIdentity.java
│ │ │ │ ├── ObjectIdentityGenerator.java
│ │ │ │ ├── ObjectIdentityRetrievalStrategy.java
│ │ │ │ ├── OwnershipAcl.java
│ │ │ │ ├── Permission.java
│ │ │ │ ├── PermissionGrantingStrategy.java
│ │ │ │ ├── Sid.java
│ │ │ │ ├── SidRetrievalStrategy.java
│ │ │ │ ├── UnloadedSidException.java
│ │ │ │ └── package-info.java
│ │ │ └── package-info.java
│ │ └── resources/
│ │ ├── META-INF/
│ │ │ └── spring/
│ │ │ └── aot.factories
│ │ ├── createAclSchema.sql
│ │ ├── createAclSchemaMySQL.sql
│ │ ├── createAclSchemaOracle.sql
│ │ ├── createAclSchemaPostgres.sql
│ │ ├── createAclSchemaSqlServer.sql
│ │ ├── createAclSchemaWithAclClassIdType.sql
│ │ └── select.sql
│ └── test/
│ ├── java/
│ │ └── org/
│ │ └── springframework/
│ │ └── security/
│ │ └── acls/
│ │ ├── AclFormattingUtilsTests.java
│ │ ├── AclPermissionCacheOptimizerTests.java
│ │ ├── AclPermissionEvaluatorTests.java
│ │ ├── TargetObject.java
│ │ ├── TargetObjectWithUUID.java
│ │ ├── domain/
│ │ │ ├── AccessControlImplEntryTests.java
│ │ │ ├── AclAuthorizationStrategyImplTests.java
│ │ │ ├── AclImplTests.java
│ │ │ ├── AclImplementationSecurityCheckTests.java
│ │ │ ├── AuditLoggerTests.java
│ │ │ ├── ObjectIdentityImplTests.java
│ │ │ ├── ObjectIdentityRetrievalStrategyImplTests.java
│ │ │ ├── PermissionTests.java
│ │ │ └── SpecialPermission.java
│ │ ├── jdbc/
│ │ │ ├── AbstractBasicLookupStrategyTests.java
│ │ │ ├── AclClassIdUtilsTests.java
│ │ │ ├── BasicLookupStrategyTests.java
│ │ │ ├── BasicLookupStrategyTestsDbHelper.java
│ │ │ ├── BasicLookupStrategyWithAclClassTypeTests.java
│ │ │ ├── DatabaseSeeder.java
│ │ │ ├── JdbcAclServiceTests.java
│ │ │ ├── JdbcMutableAclServiceTests.java
│ │ │ ├── JdbcMutableAclServiceTestsWithAclClassId.java
│ │ │ └── SpringCacheBasedAclCacheTests.java
│ │ └── sid/
│ │ ├── CustomSid.java
│ │ ├── SidRetrievalStrategyTests.java
│ │ └── SidTests.java
│ └── resources/
│ ├── db/
│ │ └── sql/
│ │ └── test_data_hierarchy.sql
│ ├── jdbcMutableAclServiceTests-context.xml
│ ├── jdbcMutableAclServiceTestsWithAclClass-context.xml
│ └── logback-test.xml
├── aspects/
│ ├── spring-security-aspects.gradle
│ └── src/
│ ├── main/
│ │ └── java/
│ │ └── org/
│ │ └── springframework/
│ │ └── security/
│ │ ├── access/
│ │ │ └── intercept/
│ │ │ └── aspectj/
│ │ │ └── aspect/
│ │ │ └── AnnotationSecurityAspect.aj
│ │ └── authorization/
│ │ └── method/
│ │ └── aspectj/
│ │ ├── AbstractMethodInterceptorAspect.aj
│ │ ├── JoinPointMethodInvocation.aj
│ │ ├── PostAuthorizeAspect.aj
│ │ ├── PostFilterAspect.aj
│ │ ├── PreAuthorizeAspect.aj
│ │ ├── PreFilterAspect.aj
│ │ └── SecuredAspect.aj
│ └── test/
│ ├── java/
│ │ └── org/
│ │ └── springframework/
│ │ └── security/
│ │ ├── access/
│ │ │ └── intercept/
│ │ │ └── aspectj/
│ │ │ └── aspect/
│ │ │ └── AnnotationSecurityAspectTests.java
│ │ └── authorization/
│ │ └── method/
│ │ └── aspectj/
│ │ ├── PostAuthorizeAspectTests.java
│ │ ├── PostFilterAspectTests.java
│ │ ├── PreAuthorizeAspectTests.java
│ │ ├── PreFilterAspectTests.java
│ │ └── SecuredAspectTests.java
│ └── resources/
│ └── logback-test.xml
├── bom/
│ └── spring-security-bom.gradle
├── build.gradle
├── buildSrc/
│ ├── .idea/
│ │ ├── compiler.xml
│ │ ├── gradle.xml
│ │ ├── jarRepositories.xml
│ │ ├── misc.xml
│ │ ├── uiDesigner.xml
│ │ └── workspace.xml
│ ├── build.gradle
│ ├── settings.gradle
│ └── src/
│ ├── main/
│ │ ├── graphql/
│ │ │ └── org/
│ │ │ └── springframework/
│ │ │ └── security/
│ │ │ └── convention/
│ │ │ └── versions/
│ │ │ ├── CreateIssue.graphql
│ │ │ ├── FindCreateIssueInput.graphql
│ │ │ ├── RateLimit.graphql
│ │ │ └── schema.json
│ │ ├── groovy/
│ │ │ ├── compile-warnings-error.gradle
│ │ │ ├── io/
│ │ │ │ └── spring/
│ │ │ │ └── gradle/
│ │ │ │ ├── IncludeRepoTask.groovy
│ │ │ │ └── convention/
│ │ │ │ ├── AbstractSpringJavaPlugin.groovy
│ │ │ │ ├── ArtifactoryPlugin.groovy
│ │ │ │ ├── CheckstylePlugin.groovy
│ │ │ │ ├── DocsPlugin.groovy
│ │ │ │ ├── EclipsePlugin.groovy
│ │ │ │ ├── IntegrationTestPlugin.groovy
│ │ │ │ ├── JacocoPlugin.groovy
│ │ │ │ ├── JavadocApiPlugin.groovy
│ │ │ │ ├── JavadocOptionsPlugin.groovy
│ │ │ │ ├── ManagementConfigurationPlugin.java
│ │ │ │ ├── MavenBomPlugin.groovy
│ │ │ │ ├── RepositoryConventionPlugin.groovy
│ │ │ │ ├── RootProjectPlugin.groovy
│ │ │ │ ├── SchemaDeployPlugin.groovy
│ │ │ │ ├── SchemaPlugin.groovy
│ │ │ │ ├── SchemaZipPlugin.groovy
│ │ │ │ ├── SortedProperties.groovy
│ │ │ │ ├── SpringModulePlugin.groovy
│ │ │ │ ├── SpringTestPlugin.groovy
│ │ │ │ ├── TestsConfigurationPlugin.groovy
│ │ │ │ └── Utils.groovy
│ │ │ ├── java-toolchain.gradle
│ │ │ ├── javadoc-warnings-error.gradle
│ │ │ ├── security-kotlin.gradle
│ │ │ ├── security-nullability.gradle
│ │ │ └── test-compile-target-jdk25.gradle
│ │ ├── java/
│ │ │ ├── lock/
│ │ │ │ ├── GlobalLockPlugin.java
│ │ │ │ └── GlobalLockTask.java
│ │ │ ├── org/
│ │ │ │ └── springframework/
│ │ │ │ ├── gradle/
│ │ │ │ │ ├── CopyPropertiesPlugin.java
│ │ │ │ │ ├── classpath/
│ │ │ │ │ │ ├── CheckClasspathForProhibitedDependencies.java
│ │ │ │ │ │ ├── CheckClasspathForProhibitedDependenciesPlugin.java
│ │ │ │ │ │ └── CheckProhibitedDependenciesLifecyclePlugin.java
│ │ │ │ │ ├── maven/
│ │ │ │ │ │ ├── MavenPublishingConventionsPlugin.java
│ │ │ │ │ │ ├── PublishAllJavaComponentsPlugin.java
│ │ │ │ │ │ ├── PublishArtifactsPlugin.java
│ │ │ │ │ │ ├── PublishLocalPlugin.java
│ │ │ │ │ │ ├── SpringMavenPlugin.java
│ │ │ │ │ │ ├── SpringNexusPublishPlugin.java
│ │ │ │ │ │ └── SpringSigningPlugin.java
│ │ │ │ │ ├── propdeps/
│ │ │ │ │ │ ├── PropDepsEclipsePlugin.groovy
│ │ │ │ │ │ ├── PropDepsIdeaPlugin.groovy
│ │ │ │ │ │ └── PropDepsPlugin.groovy
│ │ │ │ │ └── xsd/
│ │ │ │ │ └── CreateVersionlessXsdTask.java
│ │ │ │ └── security/
│ │ │ │ ├── CheckExpectedBranchVersionPlugin.java
│ │ │ │ └── convention/
│ │ │ │ └── versions/
│ │ │ │ ├── FileUtils.java
│ │ │ │ ├── TransitiveDependencyLookupUtils.java
│ │ │ │ └── VerifyDependenciesVersionsPlugin.java
│ │ │ ├── s101/
│ │ │ │ ├── S101Configure.java
│ │ │ │ ├── S101Configurer.java
│ │ │ │ ├── S101Install.java
│ │ │ │ ├── S101Plugin.java
│ │ │ │ └── S101PluginExtension.java
│ │ │ └── trang/
│ │ │ ├── RncToXsd.java
│ │ │ └── TrangPlugin.java
│ │ └── resources/
│ │ ├── META-INF/
│ │ │ └── gradle-plugins/
│ │ │ ├── io.spring.convention.artifactory.properties
│ │ │ ├── io.spring.convention.bom.properties
│ │ │ ├── io.spring.convention.checkstyle.properties
│ │ │ ├── io.spring.convention.docs.properties
│ │ │ ├── io.spring.convention.eclipse.properties
│ │ │ ├── io.spring.convention.integration-test.properties
│ │ │ ├── io.spring.convention.jacoco.properties
│ │ │ ├── io.spring.convention.javadoc-api.properties
│ │ │ ├── io.spring.convention.javadoc-options.properties
│ │ │ ├── io.spring.convention.repository.properties
│ │ │ ├── io.spring.convention.root.properties
│ │ │ ├── io.spring.convention.spring-module.properties
│ │ │ ├── io.spring.convention.spring-test.properties
│ │ │ └── io.spring.convention.tests-configuration.properties
│ │ └── s101/
│ │ ├── config.xml
│ │ ├── project.java.hsp
│ │ └── repository.xml
│ └── test/
│ ├── java/
│ │ ├── io/
│ │ │ └── spring/
│ │ │ └── gradle/
│ │ │ ├── TestKit.java
│ │ │ └── convention/
│ │ │ ├── IntegrationPluginTest.java
│ │ │ ├── IntegrationTestPluginITest.java
│ │ │ ├── JacocoPluginITest.java
│ │ │ ├── JavadocApiPluginITest.java
│ │ │ ├── JavadocApiPluginTest.java
│ │ │ ├── RepositoryConventionPluginTests.java
│ │ │ ├── ShowcaseITest.java
│ │ │ ├── SpringMavenPluginITest.java
│ │ │ ├── TestsConfigurationPluginITest.java
│ │ │ └── UtilsTest.java
│ │ └── org/
│ │ └── springframework/
│ │ └── gradle/
│ │ └── xsd/
│ │ └── CreateVersionlessXsdTaskTests.java
│ └── resources/
│ ├── samples/
│ │ ├── integrationtest/
│ │ │ ├── withgroovy/
│ │ │ │ ├── build.gradle
│ │ │ │ └── src/
│ │ │ │ └── integration-test/
│ │ │ │ └── groovy/
│ │ │ │ └── sample/
│ │ │ │ └── TheTest.groovy
│ │ │ ├── withjava/
│ │ │ │ ├── build.gradle
│ │ │ │ └── src/
│ │ │ │ └── integration-test/
│ │ │ │ └── java/
│ │ │ │ └── sample/
│ │ │ │ └── TheTest.java
│ │ │ └── withpropdeps/
│ │ │ ├── build.gradle
│ │ │ └── src/
│ │ │ └── integration-test/
│ │ │ └── java/
│ │ │ └── sample/
│ │ │ └── TheTest.java
│ │ ├── jacoco/
│ │ │ └── java/
│ │ │ ├── build.gradle
│ │ │ └── src/
│ │ │ ├── main/
│ │ │ │ └── java/
│ │ │ │ └── sample/
│ │ │ │ └── TheClass.java
│ │ │ └── test/
│ │ │ └── java/
│ │ │ └── sample/
│ │ │ └── TheClassTest.java
│ │ ├── javadocapi/
│ │ │ └── multimodule/
│ │ │ ├── api/
│ │ │ │ ├── build.gradle
│ │ │ │ └── src/
│ │ │ │ └── main/
│ │ │ │ └── java/
│ │ │ │ └── sample/
│ │ │ │ └── Api.java
│ │ │ ├── build.gradle
│ │ │ ├── impl/
│ │ │ │ ├── build.gradle
│ │ │ │ └── src/
│ │ │ │ └── main/
│ │ │ │ └── java/
│ │ │ │ └── sample/
│ │ │ │ └── Impl.java
│ │ │ ├── sample/
│ │ │ │ ├── build.gradle
│ │ │ │ └── src/
│ │ │ │ └── main/
│ │ │ │ └── java/
│ │ │ │ └── sample/
│ │ │ │ └── Sample.java
│ │ │ └── settings.gradle
│ │ ├── maven/
│ │ │ ├── install/
│ │ │ │ └── build.gradle
│ │ │ ├── install-with-springio/
│ │ │ │ ├── build.gradle
│ │ │ │ └── gradle/
│ │ │ │ └── dependency-management.gradle
│ │ │ ├── signing/
│ │ │ │ ├── build.gradle
│ │ │ │ └── settings.gradle
│ │ │ └── upload/
│ │ │ └── build.gradle
│ │ ├── showcase/
│ │ │ ├── Jenkinsfile
│ │ │ ├── bom/
│ │ │ │ └── bom.gradle
│ │ │ ├── build.gradle
│ │ │ ├── etc/
│ │ │ │ └── checkstyle/
│ │ │ │ └── checkstyle.xml
│ │ │ ├── settings.gradle
│ │ │ ├── sgbcs-api/
│ │ │ │ ├── sgbcs-api.gradle
│ │ │ │ └── src/
│ │ │ │ ├── main/
│ │ │ │ │ └── java/
│ │ │ │ │ └── api/
│ │ │ │ │ └── Api.java
│ │ │ │ └── test/
│ │ │ │ └── java/
│ │ │ │ └── api/
│ │ │ │ └── ApiTest.java
│ │ │ ├── sgbcs-core/
│ │ │ │ ├── sgbcs-core.gradle
│ │ │ │ └── src/
│ │ │ │ ├── main/
│ │ │ │ │ ├── java/
│ │ │ │ │ │ └── core/
│ │ │ │ │ │ ├── CoreClass.java
│ │ │ │ │ │ └── HasOptional.java
│ │ │ │ │ └── resources/
│ │ │ │ │ ├── META-INF/
│ │ │ │ │ │ ├── spring.handlers
│ │ │ │ │ │ └── spring.schemas
│ │ │ │ │ └── org/
│ │ │ │ │ └── springframework/
│ │ │ │ │ └── springgradlebuildsample/
│ │ │ │ │ └── config/
│ │ │ │ │ ├── spring-springgradlebuildsample-2.0.xsd
│ │ │ │ │ ├── spring-springgradlebuildsample-2.1.xsd
│ │ │ │ │ └── spring-springgradlebuildsample-2.2.xsd
│ │ │ │ └── test/
│ │ │ │ └── java/
│ │ │ │ └── core/
│ │ │ │ ├── CoreClassTest.java
│ │ │ │ └── HasOptionalTest.java
│ │ │ └── sgbcs-docs/
│ │ │ ├── sgbcs-docs.gradle
│ │ │ └── src/
│ │ │ ├── docs/
│ │ │ │ └── asciidoc/
│ │ │ │ ├── docinfo.html
│ │ │ │ ├── index.adoc
│ │ │ │ └── subdir/
│ │ │ │ ├── _b.adoc
│ │ │ │ └── _c.adoc
│ │ │ └── main/
│ │ │ └── java/
│ │ │ └── example/
│ │ │ └── StringUtils.java
│ │ └── testsconfiguration/
│ │ ├── build.gradle
│ │ ├── core/
│ │ │ ├── build.gradle
│ │ │ └── src/
│ │ │ └── test/
│ │ │ └── java/
│ │ │ └── sample/
│ │ │ └── Dependency.java
│ │ ├── settings.gradle
│ │ └── web/
│ │ ├── build.gradle
│ │ └── src/
│ │ └── test/
│ │ └── java/
│ │ └── sample/
│ │ └── DependencyTest.java
│ └── test-private.pgp
├── cas/
│ ├── spring-security-cas.gradle
│ └── src/
│ ├── main/
│ │ └── java/
│ │ └── org/
│ │ └── springframework/
│ │ └── security/
│ │ └── cas/
│ │ ├── SamlServiceProperties.java
│ │ ├── ServiceProperties.java
│ │ ├── authentication/
│ │ │ ├── CasAssertionAuthenticationToken.java
│ │ │ ├── CasAuthenticationProvider.java
│ │ │ ├── CasAuthenticationToken.java
│ │ │ ├── CasServiceTicketAuthenticationToken.java
│ │ │ ├── NullStatelessTicketCache.java
│ │ │ ├── ServiceAuthenticationDetails.java
│ │ │ ├── SpringCacheBasedTicketCache.java
│ │ │ ├── StatelessTicketCache.java
│ │ │ └── package-info.java
│ │ ├── jackson/
│ │ │ ├── AssertionImplMixin.java
│ │ │ ├── AttributePrincipalImplMixin.java
│ │ │ ├── CasAuthenticationTokenMixin.java
│ │ │ ├── CasJacksonModule.java
│ │ │ └── package-info.java
│ │ ├── jackson2/
│ │ │ ├── AssertionImplMixin.java
│ │ │ ├── AttributePrincipalImplMixin.java
│ │ │ ├── CasAuthenticationTokenMixin.java
│ │ │ ├── CasJackson2Module.java
│ │ │ └── package-info.java
│ │ ├── package-info.java
│ │ ├── userdetails/
│ │ │ ├── AbstractCasAssertionUserDetailsService.java
│ │ │ ├── GrantedAuthorityFromAssertionAttributesUserDetailsService.java
│ │ │ └── package-info.java
│ │ └── web/
│ │ ├── CasAuthenticationEntryPoint.java
│ │ ├── CasAuthenticationFilter.java
│ │ ├── CasGatewayAuthenticationRedirectFilter.java
│ │ ├── CasGatewayResolverRequestMatcher.java
│ │ ├── authentication/
│ │ │ ├── DefaultServiceAuthenticationDetails.java
│ │ │ ├── ServiceAuthenticationDetailsSource.java
│ │ │ └── package-info.java
│ │ └── package-info.java
│ └── test/
│ ├── java/
│ │ └── org/
│ │ └── springframework/
│ │ └── security/
│ │ └── cas/
│ │ ├── authentication/
│ │ │ ├── AbstractStatelessTicketCacheTests.java
│ │ │ ├── CasAuthenticationProviderTests.java
│ │ │ ├── CasAuthenticationTokenTests.java
│ │ │ ├── NullStatelessTicketCacheTests.java
│ │ │ └── SpringCacheBasedTicketCacheTests.java
│ │ ├── jackson/
│ │ │ └── CasAuthenticationTokenMixinTests.java
│ │ ├── jackson2/
│ │ │ └── CasAuthenticationTokenMixinTests.java
│ │ ├── userdetails/
│ │ │ └── GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java
│ │ └── web/
│ │ ├── CasAuthenticationEntryPointTests.java
│ │ ├── CasAuthenticationFilterTests.java
│ │ ├── CasGatewayAuthenticationRedirectFilterTests.java
│ │ ├── CasGatewayResolverRequestMatcherTests.java
│ │ ├── ServicePropertiesTests.java
│ │ └── authentication/
│ │ └── DefaultServiceAuthenticationDetailsTests.java
│ └── resources/
│ ├── logback-test.xml
│ └── org/
│ └── springframework/
│ └── security/
│ └── cas/
│ └── web/
│ └── authentication/
│ ├── defaultserviceauthenticationdetails-explicit.xml
│ └── defaultserviceauthenticationdetails-passivity.xml
├── class_mapping_from_2.0.x.txt
├── config/
│ ├── spring-security-config.gradle
│ └── src/
│ ├── integration-test/
│ │ ├── java/
│ │ │ └── org/
│ │ │ └── springframework/
│ │ │ └── security/
│ │ │ └── config/
│ │ │ ├── annotation/
│ │ │ │ ├── authentication/
│ │ │ │ │ └── ldap/
│ │ │ │ │ ├── LdapAuthenticationProviderBuilderSecurityBuilderTests.java
│ │ │ │ │ ├── LdapAuthenticationProviderConfigurerTests.java
│ │ │ │ │ ├── NamespaceLdapAuthenticationProviderTests.java
│ │ │ │ │ └── NamespaceLdapAuthenticationProviderTestsConfigs.java
│ │ │ │ ├── configurers/
│ │ │ │ │ └── WebAuthnWebDriverTests.java
│ │ │ │ └── rsocket/
│ │ │ │ ├── AnonymousAuthenticationITests.java
│ │ │ │ ├── HelloHandler.java
│ │ │ │ ├── HelloRSocketITests.java
│ │ │ │ ├── HelloRSocketObservationITests.java
│ │ │ │ ├── HelloRSocketWithWebFluxITests.java
│ │ │ │ ├── JwtITests.java
│ │ │ │ ├── RSocketMessageHandlerConnectionITests.java
│ │ │ │ ├── RSocketMessageHandlerITests.java
│ │ │ │ └── SimpleAuthenticationITests.java
│ │ │ └── ldap/
│ │ │ ├── EmbeddedLdapServerContextSourceFactoryBeanITests.java
│ │ │ ├── Ldap247ITests.java
│ │ │ ├── LdapBindAuthenticationManagerFactoryITests.java
│ │ │ ├── LdapPasswordComparisonAuthenticationManagerFactoryITests.java
│ │ │ ├── LdapProviderBeanDefinitionParserTests.java
│ │ │ ├── LdapServerBeanDefinitionParserTests.java
│ │ │ └── LdapUserServiceBeanDefinitionParserTests.java
│ │ └── resources/
│ │ ├── logback-test.xml
│ │ ├── test-server.ldif
│ │ ├── test-server2.xldif
│ │ └── users.xldif
│ ├── main/
│ │ ├── java/
│ │ │ └── org/
│ │ │ └── springframework/
│ │ │ └── security/
│ │ │ └── config/
│ │ │ ├── BeanIds.java
│ │ │ ├── Customizer.java
│ │ │ ├── DebugBeanDefinitionParser.java
│ │ │ ├── Elements.java
│ │ │ ├── ObjectPostProcessor.java
│ │ │ ├── SecurityNamespaceHandler.java
│ │ │ ├── ThrowingCustomizer.java
│ │ │ ├── annotation/
│ │ │ │ ├── AbstractConfiguredSecurityBuilder.java
│ │ │ │ ├── AbstractSecurityBuilder.java
│ │ │ │ ├── AlreadyBuiltException.java
│ │ │ │ ├── SecurityBuilder.java
│ │ │ │ ├── SecurityConfigurer.java
│ │ │ │ ├── SecurityConfigurerAdapter.java
│ │ │ │ ├── authentication/
│ │ │ │ │ ├── ProviderManagerBuilder.java
│ │ │ │ │ ├── builders/
│ │ │ │ │ │ └── AuthenticationManagerBuilder.java
│ │ │ │ │ ├── configuration/
│ │ │ │ │ │ ├── AuthenticationConfiguration.java
│ │ │ │ │ │ ├── AuthenticationManagerBeanRegistrationAotProcessor.java
│ │ │ │ │ │ ├── EnableGlobalAuthentication.java
│ │ │ │ │ │ ├── GlobalAuthenticationConfigurerAdapter.java
│ │ │ │ │ │ ├── InitializeAuthenticationProviderBeanManagerConfigurer.java
│ │ │ │ │ │ └── InitializeUserDetailsBeanManagerConfigurer.java
│ │ │ │ │ └── configurers/
│ │ │ │ │ ├── ldap/
│ │ │ │ │ │ └── LdapAuthenticationProviderConfigurer.java
│ │ │ │ │ ├── provisioning/
│ │ │ │ │ │ ├── InMemoryUserDetailsManagerConfigurer.java
│ │ │ │ │ │ ├── JdbcUserDetailsManagerConfigurer.java
│ │ │ │ │ │ └── UserDetailsManagerConfigurer.java
│ │ │ │ │ └── userdetails/
│ │ │ │ │ ├── AbstractDaoAuthenticationConfigurer.java
│ │ │ │ │ ├── DaoAuthenticationConfigurer.java
│ │ │ │ │ ├── UserDetailsAwareConfigurer.java
│ │ │ │ │ └── UserDetailsServiceConfigurer.java
│ │ │ │ ├── authorization/
│ │ │ │ │ ├── AuthorizationManagerFactoryConfiguration.java
│ │ │ │ │ ├── EnableMfaFiltersConfiguration.java
│ │ │ │ │ ├── EnableMultiFactorAuthentication.java
│ │ │ │ │ ├── MultiFactorAuthenticationSelector.java
│ │ │ │ │ ├── MultiFactorCondition.java
│ │ │ │ │ └── WhenWebAuthnRegisteredMfaConfiguration.java
│ │ │ │ ├── configuration/
│ │ │ │ │ ├── AutowireBeanFactoryObjectPostProcessor.java
│ │ │ │ │ └── ObjectPostProcessorConfiguration.java
│ │ │ │ ├── method/
│ │ │ │ │ └── configuration/
│ │ │ │ │ ├── AuthorizationProxyConfiguration.java
│ │ │ │ │ ├── AuthorizationProxyDataConfiguration.java
│ │ │ │ │ ├── AuthorizationProxyWebConfiguration.java
│ │ │ │ │ ├── DeferringMethodInterceptor.java
│ │ │ │ │ ├── EnableGlobalMethodSecurity.java
│ │ │ │ │ ├── EnableMethodSecurity.java
│ │ │ │ │ ├── EnableReactiveMethodSecurity.java
│ │ │ │ │ ├── GlobalMethodSecurityAspectJAutoProxyRegistrar.java
│ │ │ │ │ ├── GlobalMethodSecurityConfiguration.java
│ │ │ │ │ ├── GlobalMethodSecuritySelector.java
│ │ │ │ │ ├── Jsr250MetadataSourceConfiguration.java
│ │ │ │ │ ├── Jsr250MethodSecurityConfiguration.java
│ │ │ │ │ ├── MethodObservationConfiguration.java
│ │ │ │ │ ├── MethodSecurityAdvisorRegistrar.java
│ │ │ │ │ ├── MethodSecurityAspectJAutoProxyRegistrar.java
│ │ │ │ │ ├── MethodSecurityMetadataSourceAdvisorRegistrar.java
│ │ │ │ │ ├── MethodSecuritySelector.java
│ │ │ │ │ ├── PrePostMethodSecurityConfiguration.java
│ │ │ │ │ ├── ReactiveAuthorizationManagerMethodSecurityConfiguration.java
│ │ │ │ │ ├── ReactiveMethodObservationConfiguration.java
│ │ │ │ │ ├── ReactiveMethodSecurityConfiguration.java
│ │ │ │ │ ├── ReactiveMethodSecuritySelector.java
│ │ │ │ │ └── SecuredMethodSecurityConfiguration.java
│ │ │ │ ├── rsocket/
│ │ │ │ │ ├── EnableRSocketSecurity.java
│ │ │ │ │ ├── PayloadInterceptorOrder.java
│ │ │ │ │ ├── RSocketSecurity.java
│ │ │ │ │ ├── RSocketSecurityConfiguration.java
│ │ │ │ │ ├── ReactiveObservationConfiguration.java
│ │ │ │ │ ├── ReactiveObservationImportSelector.java
│ │ │ │ │ └── SecuritySocketAcceptorInterceptorConfiguration.java
│ │ │ │ └── web/
│ │ │ │ ├── AbstractRequestMatcherRegistry.java
│ │ │ │ ├── HttpSecurityBuilder.java
│ │ │ │ ├── ServletRegistrationsSupport.java
│ │ │ │ ├── WebSecurityConfigurer.java
│ │ │ │ ├── builders/
│ │ │ │ │ ├── FilterOrderRegistration.java
│ │ │ │ │ ├── HttpSecurity.java
│ │ │ │ │ ├── WebSecurity.java
│ │ │ │ │ └── WebSecurityFilterChainValidator.java
│ │ │ │ ├── configuration/
│ │ │ │ │ ├── AutowiredWebSecurityConfigurersIgnoreParents.java
│ │ │ │ │ ├── EnableWebSecurity.java
│ │ │ │ │ ├── HttpSecurityConfiguration.java
│ │ │ │ │ ├── OAuth2AuthorizationServerConfiguration.java
│ │ │ │ │ ├── OAuth2ClientConfiguration.java
│ │ │ │ │ ├── OAuth2ImportSelector.java
│ │ │ │ │ ├── ObservationConfiguration.java
│ │ │ │ │ ├── ObservationImportSelector.java
│ │ │ │ │ ├── RegisterMissingBeanPostProcessor.java
│ │ │ │ │ ├── SecurityReactorContextConfiguration.java
│ │ │ │ │ ├── SpringWebMvcImportSelector.java
│ │ │ │ │ ├── WebMvcSecurityConfiguration.java
│ │ │ │ │ ├── WebSecurityConfiguration.java
│ │ │ │ │ └── WebSecurityCustomizer.java
│ │ │ │ ├── configurers/
│ │ │ │ │ ├── AbstractAuthenticationFilterConfigurer.java
│ │ │ │ │ ├── AbstractConfigAttributeRequestMatcherRegistry.java
│ │ │ │ │ ├── AbstractHttpConfigurer.java
│ │ │ │ │ ├── AnonymousConfigurer.java
│ │ │ │ │ ├── AuthorizeHttpRequestsConfigurer.java
│ │ │ │ │ ├── ChannelSecurityConfigurer.java
│ │ │ │ │ ├── CorsConfigurer.java
│ │ │ │ │ ├── CsrfConfigurer.java
│ │ │ │ │ ├── DefaultLoginPageConfigurer.java
│ │ │ │ │ ├── ExceptionHandlingConfigurer.java
│ │ │ │ │ ├── FormLoginConfigurer.java
│ │ │ │ │ ├── HeadersConfigurer.java
│ │ │ │ │ ├── HttpBasicConfigurer.java
│ │ │ │ │ ├── HttpsRedirectConfigurer.java
│ │ │ │ │ ├── JeeConfigurer.java
│ │ │ │ │ ├── LogoutConfigurer.java
│ │ │ │ │ ├── PasswordManagementConfigurer.java
│ │ │ │ │ ├── PermitAllSupport.java
│ │ │ │ │ ├── PortMapperConfigurer.java
│ │ │ │ │ ├── RememberMeConfigurer.java
│ │ │ │ │ ├── RequestCacheConfigurer.java
│ │ │ │ │ ├── SecurityContextConfigurer.java
│ │ │ │ │ ├── ServletApiConfigurer.java
│ │ │ │ │ ├── SessionManagementConfigurer.java
│ │ │ │ │ ├── WebAuthnConfigurer.java
│ │ │ │ │ ├── X509Configurer.java
│ │ │ │ │ ├── oauth2/
│ │ │ │ │ │ ├── client/
│ │ │ │ │ │ │ ├── OAuth2ClientConfigurer.java
│ │ │ │ │ │ │ ├── OAuth2ClientConfigurerUtils.java
│ │ │ │ │ │ │ ├── OAuth2LoginConfigurer.java
│ │ │ │ │ │ │ ├── OidcBackChannelLogoutAuthentication.java
│ │ │ │ │ │ │ ├── OidcBackChannelLogoutAuthenticationProvider.java
│ │ │ │ │ │ │ ├── OidcBackChannelLogoutFilter.java
│ │ │ │ │ │ │ ├── OidcBackChannelLogoutHandler.java
│ │ │ │ │ │ │ ├── OidcBackChannelLogoutTokenValidator.java
│ │ │ │ │ │ │ ├── OidcLogoutAuthenticationConverter.java
│ │ │ │ │ │ │ ├── OidcLogoutAuthenticationToken.java
│ │ │ │ │ │ │ ├── OidcLogoutConfigurer.java
│ │ │ │ │ │ │ └── OidcUserRefreshedEventListener.java
│ │ │ │ │ │ └── server/
│ │ │ │ │ │ ├── authorization/
│ │ │ │ │ │ │ ├── AbstractOAuth2Configurer.java
│ │ │ │ │ │ │ ├── AuthorizationServerContextFilter.java
│ │ │ │ │ │ │ ├── DefaultOAuth2TokenCustomizers.java
│ │ │ │ │ │ │ ├── OAuth2AuthorizationEndpointConfigurer.java
│ │ │ │ │ │ │ ├── OAuth2AuthorizationServerConfigurer.java
│ │ │ │ │ │ │ ├── OAuth2AuthorizationServerMetadataEndpointConfigurer.java
│ │ │ │ │ │ │ ├── OAuth2ClientAuthenticationConfigurer.java
│ │ │ │ │ │ │ ├── OAuth2ClientRegistrationEndpointConfigurer.java
│ │ │ │ │ │ │ ├── OAuth2ConfigurerUtils.java
│ │ │ │ │ │ │ ├── OAuth2DeviceAuthorizationEndpointConfigurer.java
│ │ │ │ │ │ │ ├── OAuth2DeviceVerificationEndpointConfigurer.java
│ │ │ │ │ │ │ ├── OAuth2PushedAuthorizationRequestEndpointConfigurer.java
│ │ │ │ │ │ │ ├── OAuth2TokenEndpointConfigurer.java
│ │ │ │ │ │ │ ├── OAuth2TokenIntrospectionEndpointConfigurer.java
│ │ │ │ │ │ │ ├── OAuth2TokenRevocationEndpointConfigurer.java
│ │ │ │ │ │ │ ├── OidcClientRegistrationEndpointConfigurer.java
│ │ │ │ │ │ │ ├── OidcConfigurer.java
│ │ │ │ │ │ │ ├── OidcLogoutEndpointConfigurer.java
│ │ │ │ │ │ │ ├── OidcProviderConfigurationEndpointConfigurer.java
│ │ │ │ │ │ │ └── OidcUserInfoEndpointConfigurer.java
│ │ │ │ │ │ └── resource/
│ │ │ │ │ │ ├── DPoPAuthenticationConfigurer.java
│ │ │ │ │ │ └── OAuth2ResourceServerConfigurer.java
│ │ │ │ │ ├── ott/
│ │ │ │ │ │ └── OneTimeTokenLoginConfigurer.java
│ │ │ │ │ └── saml2/
│ │ │ │ │ ├── Saml2LoginConfigurer.java
│ │ │ │ │ ├── Saml2LogoutConfigurer.java
│ │ │ │ │ └── Saml2MetadataConfigurer.java
│ │ │ │ ├── reactive/
│ │ │ │ │ ├── EnableWebFluxSecurity.java
│ │ │ │ │ ├── ReactiveOAuth2ClientConfiguration.java
│ │ │ │ │ ├── ReactiveOAuth2ClientImportSelector.java
│ │ │ │ │ ├── ReactiveObservationConfiguration.java
│ │ │ │ │ ├── ReactiveObservationImportSelector.java
│ │ │ │ │ ├── ServerHttpSecurityConfiguration.java
│ │ │ │ │ └── WebFluxSecurityConfiguration.java
│ │ │ │ ├── servlet/
│ │ │ │ │ └── configuration/
│ │ │ │ │ └── WebMvcSecurityConfiguration.java
│ │ │ │ └── socket/
│ │ │ │ ├── EnableWebSocketSecurity.java
│ │ │ │ ├── MessageMatcherAuthorizationManagerConfiguration.java
│ │ │ │ ├── WebSocketMessageBrokerSecurityConfiguration.java
│ │ │ │ ├── WebSocketObservationConfiguration.java
│ │ │ │ └── WebSocketObservationImportSelector.java
│ │ │ ├── aot/
│ │ │ │ └── hint/
│ │ │ │ ├── OAuth2LoginRuntimeHints.java
│ │ │ │ ├── WebMvcSecurityConfigurationRuntimeHints.java
│ │ │ │ └── WebSecurityConfigurationRuntimeHints.java
│ │ │ ├── authentication/
│ │ │ │ ├── AbstractUserDetailsServiceBeanDefinitionParser.java
│ │ │ │ ├── AuthenticationManagerBeanDefinitionParser.java
│ │ │ │ ├── AuthenticationManagerFactoryBean.java
│ │ │ │ ├── AuthenticationProviderBeanDefinitionParser.java
│ │ │ │ ├── JdbcUserServiceBeanDefinitionParser.java
│ │ │ │ ├── PasswordEncoderParser.java
│ │ │ │ ├── UserServiceBeanDefinitionParser.java
│ │ │ │ └── package-info.java
│ │ │ ├── core/
│ │ │ │ ├── GrantedAuthorityDefaults.java
│ │ │ │ └── userdetails/
│ │ │ │ ├── ReactiveUserDetailsServiceResourceFactoryBean.java
│ │ │ │ ├── UserDetailsMapFactoryBean.java
│ │ │ │ └── UserDetailsResourceFactoryBean.java
│ │ │ ├── crypto/
│ │ │ │ └── RsaKeyConversionServicePostProcessor.java
│ │ │ ├── debug/
│ │ │ │ └── SecurityDebugBeanFactoryPostProcessor.java
│ │ │ ├── http/
│ │ │ │ ├── AuthenticationConfigBuilder.java
│ │ │ │ ├── AuthorizationFilterParser.java
│ │ │ │ ├── ChannelAttributeFactory.java
│ │ │ │ ├── CorsBeanDefinitionParser.java
│ │ │ │ ├── CorsConfigurationSourceFactoryBean.java
│ │ │ │ ├── CsrfBeanDefinitionParser.java
│ │ │ │ ├── DefaultFilterChainValidator.java
│ │ │ │ ├── FilterChainBeanDefinitionParser.java
│ │ │ │ ├── FilterChainMapBeanDefinitionDecorator.java
│ │ │ │ ├── FilterInvocationSecurityMetadataSourceParser.java
│ │ │ │ ├── FormLoginBeanDefinitionParser.java
│ │ │ │ ├── GrantedAuthorityDefaultsParserUtils.java
│ │ │ │ ├── HeadersBeanDefinitionParser.java
│ │ │ │ ├── HttpConfigurationBuilder.java
│ │ │ │ ├── HttpFirewallBeanDefinitionParser.java
│ │ │ │ ├── HttpSecurityBeanDefinitionParser.java
│ │ │ │ ├── LogoutBeanDefinitionParser.java
│ │ │ │ ├── MatcherType.java
│ │ │ │ ├── MessageMatcherFactoryBean.java
│ │ │ │ ├── OAuth2AuthorizedClientManagerRegistrar.java
│ │ │ │ ├── OAuth2ClientBeanDefinitionParser.java
│ │ │ │ ├── OAuth2ClientBeanDefinitionParserUtils.java
│ │ │ │ ├── OAuth2ClientWebMvcSecurityPostProcessor.java
│ │ │ │ ├── OAuth2LoginBeanDefinitionParser.java
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParser.java
│ │ │ │ ├── OrderDecorator.java
│ │ │ │ ├── PathPatternRequestMatcherFactoryBean.java
│ │ │ │ ├── PortMappingsBeanDefinitionParser.java
│ │ │ │ ├── RememberMeBeanDefinitionParser.java
│ │ │ │ ├── RequestMatcherFactoryBean.java
│ │ │ │ ├── Saml2LoginBeanDefinitionParser.java
│ │ │ │ ├── Saml2LoginBeanDefinitionParserUtils.java
│ │ │ │ ├── Saml2LogoutBeanDefinitionParser.java
│ │ │ │ ├── Saml2LogoutBeanDefinitionParserUtils.java
│ │ │ │ ├── SecurityFilters.java
│ │ │ │ ├── SessionCreationPolicy.java
│ │ │ │ ├── UserDetailsServiceFactoryBean.java
│ │ │ │ ├── WebConfigUtils.java
│ │ │ │ ├── WellKnownChangePasswordBeanDefinitionParser.java
│ │ │ │ └── package-info.java
│ │ │ ├── ldap/
│ │ │ │ ├── AbstractLdapAuthenticationManagerFactory.java
│ │ │ │ ├── ContextSourceSettingPostProcessor.java
│ │ │ │ ├── EmbeddedLdapServerContextSourceFactoryBean.java
│ │ │ │ ├── LdapBindAuthenticationManagerFactory.java
│ │ │ │ ├── LdapPasswordComparisonAuthenticationManagerFactory.java
│ │ │ │ ├── LdapProviderBeanDefinitionParser.java
│ │ │ │ ├── LdapServerBeanDefinitionParser.java
│ │ │ │ ├── LdapUserServiceBeanDefinitionParser.java
│ │ │ │ └── package-info.java
│ │ │ ├── method/
│ │ │ │ ├── AspectJMethodMatcher.java
│ │ │ │ ├── GlobalMethodSecurityBeanDefinitionParser.java
│ │ │ │ ├── InterceptMethodsBeanDefinitionDecorator.java
│ │ │ │ ├── MethodConfigUtils.java
│ │ │ │ ├── MethodSecurityBeanDefinitionParser.java
│ │ │ │ ├── MethodSecurityMetadataSourceBeanDefinitionParser.java
│ │ │ │ ├── PointcutDelegatingAuthorizationManager.java
│ │ │ │ ├── PrefixBasedMethodMatcher.java
│ │ │ │ ├── ProtectPointcutPostProcessor.java
│ │ │ │ └── package-info.java
│ │ │ ├── oauth2/
│ │ │ │ └── client/
│ │ │ │ ├── ClientRegistrationsBeanDefinitionParser.java
│ │ │ │ └── CommonOAuth2Provider.java
│ │ │ ├── observation/
│ │ │ │ └── SecurityObservationSettings.java
│ │ │ ├── package-info.java
│ │ │ ├── provisioning/
│ │ │ │ └── UserDetailsManagerResourceFactoryBean.java
│ │ │ ├── saml2/
│ │ │ │ └── RelyingPartyRegistrationsBeanDefinitionParser.java
│ │ │ ├── web/
│ │ │ │ ├── PathPatternRequestMatcherBuilderFactoryBean.java
│ │ │ │ ├── messaging/
│ │ │ │ │ └── PathPatternMessageMatcherBuilderFactoryBean.java
│ │ │ │ └── server/
│ │ │ │ ├── AbstractServerWebExchangeMatcherRegistry.java
│ │ │ │ ├── GenericHttpMessageConverterAdapter.java
│ │ │ │ ├── HttpMessageConverters.java
│ │ │ │ ├── OAuth2ErrorEncoder.java
│ │ │ │ ├── OidcBackChannelLogoutAuthentication.java
│ │ │ │ ├── OidcBackChannelLogoutReactiveAuthenticationManager.java
│ │ │ │ ├── OidcBackChannelLogoutTokenValidator.java
│ │ │ │ ├── OidcBackChannelLogoutWebFilter.java
│ │ │ │ ├── OidcBackChannelServerLogoutHandler.java
│ │ │ │ ├── OidcLogoutAuthenticationToken.java
│ │ │ │ ├── OidcLogoutServerAuthenticationConverter.java
│ │ │ │ ├── SecurityWebFiltersOrder.java
│ │ │ │ └── ServerHttpSecurity.java
│ │ │ └── websocket/
│ │ │ └── WebSocketMessageBrokerSecurityBeanDefinitionParser.java
│ │ ├── kotlin/
│ │ │ └── org/
│ │ │ └── springframework/
│ │ │ └── security/
│ │ │ └── config/
│ │ │ ├── annotation/
│ │ │ │ └── web/
│ │ │ │ ├── AbstractRequestMatcherDsl.kt
│ │ │ │ ├── AnonymousDsl.kt
│ │ │ │ ├── AuthorizeHttpRequestsDsl.kt
│ │ │ │ ├── CorsDsl.kt
│ │ │ │ ├── CsrfDsl.kt
│ │ │ │ ├── ExceptionHandlingDsl.kt
│ │ │ │ ├── FormLoginDsl.kt
│ │ │ │ ├── HeadersDsl.kt
│ │ │ │ ├── HttpBasicDsl.kt
│ │ │ │ ├── HttpSecurityDsl.kt
│ │ │ │ ├── HttpsRedirectDsl.kt
│ │ │ │ ├── LogoutDsl.kt
│ │ │ │ ├── OAuth2ClientDsl.kt
│ │ │ │ ├── OAuth2LoginDsl.kt
│ │ │ │ ├── OAuth2ResourceServerDsl.kt
│ │ │ │ ├── OidcLogoutDsl.kt
│ │ │ │ ├── OneTimeTokenLoginDsl.kt
│ │ │ │ ├── PasswordManagementDsl.kt
│ │ │ │ ├── PortMapperDsl.kt
│ │ │ │ ├── RememberMeDsl.kt
│ │ │ │ ├── RequestCacheDsl.kt
│ │ │ │ ├── RequiresChannelDsl.kt
│ │ │ │ ├── Saml2Dsl.kt
│ │ │ │ ├── Saml2LogoutDsl.kt
│ │ │ │ ├── Saml2MetadataDsl.kt
│ │ │ │ ├── SecurityContextDsl.kt
│ │ │ │ ├── SecurityMarker.kt
│ │ │ │ ├── SessionManagementDsl.kt
│ │ │ │ ├── WebAuthnDsl.kt
│ │ │ │ ├── X509Dsl.kt
│ │ │ │ ├── headers/
│ │ │ │ │ ├── CacheControlDsl.kt
│ │ │ │ │ ├── ContentSecurityPolicyDsl.kt
│ │ │ │ │ ├── ContentTypeOptionsDsl.kt
│ │ │ │ │ ├── CrossOriginEmbedderPolicyDsl.kt
│ │ │ │ │ ├── CrossOriginOpenerPolicyDsl.kt
│ │ │ │ │ ├── CrossOriginResourcePolicyDsl.kt
│ │ │ │ │ ├── FrameOptionsDsl.kt
│ │ │ │ │ ├── HeadersSecurityMarker.kt
│ │ │ │ │ ├── HttpPublicKeyPinningDsl.kt
│ │ │ │ │ ├── HttpStrictTransportSecurityDsl.kt
│ │ │ │ │ ├── PermissionsPolicyDsl.kt
│ │ │ │ │ ├── ReferrerPolicyDsl.kt
│ │ │ │ │ └── XssProtectionConfigDsl.kt
│ │ │ │ ├── oauth2/
│ │ │ │ │ ├── client/
│ │ │ │ │ │ ├── AuthorizationCodeGrantDsl.kt
│ │ │ │ │ │ └── OAuth2ClientSecurityMarker.kt
│ │ │ │ │ ├── login/
│ │ │ │ │ │ ├── AuthorizationEndpointDsl.kt
│ │ │ │ │ │ ├── OAuth2LoginSecurityMarker.kt
│ │ │ │ │ │ ├── OidcBackChannelLogoutDsl.kt
│ │ │ │ │ │ ├── RedirectionEndpointDsl.kt
│ │ │ │ │ │ ├── TokenEndpointDsl.kt
│ │ │ │ │ │ └── UserInfoEndpointDsl.kt
│ │ │ │ │ └── resourceserver/
│ │ │ │ │ ├── JwtDsl.kt
│ │ │ │ │ ├── OAuth2ResourceServerSecurityMarker.kt
│ │ │ │ │ └── OpaqueTokenDsl.kt
│ │ │ │ ├── saml2/
│ │ │ │ │ ├── LogoutRequestDsl.kt
│ │ │ │ │ ├── LogoutResponseDsl.kt
│ │ │ │ │ └── Saml2SecurityMarker.kt
│ │ │ │ └── session/
│ │ │ │ ├── SessionConcurrencyDsl.kt
│ │ │ │ ├── SessionFixationDsl.kt
│ │ │ │ └── SessionSecurityMarker.kt
│ │ │ └── web/
│ │ │ └── server/
│ │ │ ├── AuthorizeExchangeDsl.kt
│ │ │ ├── ServerAnonymousDsl.kt
│ │ │ ├── ServerCacheControlDsl.kt
│ │ │ ├── ServerContentSecurityPolicyDsl.kt
│ │ │ ├── ServerContentTypeOptionsDsl.kt
│ │ │ ├── ServerCorsDsl.kt
│ │ │ ├── ServerCrossOriginEmbedderPolicyDsl.kt
│ │ │ ├── ServerCrossOriginOpenerPolicyDsl.kt
│ │ │ ├── ServerCrossOriginResourcePolicyDsl.kt
│ │ │ ├── ServerCsrfDsl.kt
│ │ │ ├── ServerExceptionHandlingDsl.kt
│ │ │ ├── ServerFormLoginDsl.kt
│ │ │ ├── ServerFrameOptionsDsl.kt
│ │ │ ├── ServerHeadersDsl.kt
│ │ │ ├── ServerHttpBasicDsl.kt
│ │ │ ├── ServerHttpSecurityDsl.kt
│ │ │ ├── ServerHttpStrictTransportSecurityDsl.kt
│ │ │ ├── ServerHttpsRedirectDsl.kt
│ │ │ ├── ServerJwtDsl.kt
│ │ │ ├── ServerLogoutDsl.kt
│ │ │ ├── ServerOAuth2ClientDsl.kt
│ │ │ ├── ServerOAuth2LoginDsl.kt
│ │ │ ├── ServerOAuth2ResourceServerDsl.kt
│ │ │ ├── ServerOidcBackChannelLogoutDsl.kt
│ │ │ ├── ServerOidcLogoutDsl.kt
│ │ │ ├── ServerOneTimeTokenLoginDsl.kt
│ │ │ ├── ServerOpaqueTokenDsl.kt
│ │ │ ├── ServerPasswordManagementDsl.kt
│ │ │ ├── ServerPermissionsPolicyDsl.kt
│ │ │ ├── ServerReferrerPolicyDsl.kt
│ │ │ ├── ServerRequestCacheDsl.kt
│ │ │ ├── ServerSecurityMarker.kt
│ │ │ ├── ServerSessionConcurrencyDsl.kt
│ │ │ ├── ServerSessionManagementDsl.kt
│ │ │ ├── ServerX509Dsl.kt
│ │ │ └── ServerXssProtectionDsl.kt
│ │ └── resources/
│ │ ├── META-INF/
│ │ │ ├── spring/
│ │ │ │ └── aot.factories
│ │ │ ├── spring.handlers
│ │ │ └── spring.schemas
│ │ └── org/
│ │ └── springframework/
│ │ └── security/
│ │ └── config/
│ │ ├── catalog.xml
│ │ ├── spring-security-2.0.1.xsd
│ │ ├── spring-security-2.0.2.xsd
│ │ ├── spring-security-2.0.4.xsd
│ │ ├── spring-security-2.0.xsd
│ │ ├── spring-security-3.0.3.xsd
│ │ ├── spring-security-3.0.xsd
│ │ ├── spring-security-3.1.rnc
│ │ ├── spring-security-3.1.xsd
│ │ ├── spring-security-3.2.rnc
│ │ ├── spring-security-3.2.xsd
│ │ ├── spring-security-4.0.rnc
│ │ ├── spring-security-4.0.xsd
│ │ ├── spring-security-4.1.rnc
│ │ ├── spring-security-4.1.xsd
│ │ ├── spring-security-4.2.rnc
│ │ ├── spring-security-4.2.xsd
│ │ ├── spring-security-5.0.rnc
│ │ ├── spring-security-5.0.xsd
│ │ ├── spring-security-5.1.rnc
│ │ ├── spring-security-5.1.xsd
│ │ ├── spring-security-5.2.rnc
│ │ ├── spring-security-5.2.xsd
│ │ ├── spring-security-5.3.rnc
│ │ ├── spring-security-5.3.xsd
│ │ ├── spring-security-5.4.rnc
│ │ ├── spring-security-5.4.xsd
│ │ ├── spring-security-5.5.rnc
│ │ ├── spring-security-5.5.xsd
│ │ ├── spring-security-5.6.rnc
│ │ ├── spring-security-5.6.xsd
│ │ ├── spring-security-5.7.rnc
│ │ ├── spring-security-5.7.xsd
│ │ ├── spring-security-5.8.rnc
│ │ ├── spring-security-5.8.xsd
│ │ ├── spring-security-6.0.rnc
│ │ ├── spring-security-6.0.xsd
│ │ ├── spring-security-6.1.rnc
│ │ ├── spring-security-6.1.xsd
│ │ ├── spring-security-6.2.rnc
│ │ ├── spring-security-6.2.xsd
│ │ ├── spring-security-6.3.rnc
│ │ ├── spring-security-6.3.xsd
│ │ ├── spring-security-6.4.rnc
│ │ ├── spring-security-6.4.xsd
│ │ ├── spring-security-6.5.rnc
│ │ ├── spring-security-6.5.xsd
│ │ ├── spring-security-7.0.rnc
│ │ ├── spring-security-7.0.xsd
│ │ ├── spring-security-7.1.rnc
│ │ ├── spring-security-7.1.xsd
│ │ └── spring-security.xsl
│ └── test/
│ ├── java/
│ │ └── org/
│ │ └── springframework/
│ │ └── security/
│ │ ├── BeanNameCollectingPostProcessor.java
│ │ ├── CollectingAppListener.java
│ │ ├── SerializationSamples.java
│ │ ├── SpringSecurityCoreVersionSerializableTests.java
│ │ ├── config/
│ │ │ ├── ConfigTestUtils.java
│ │ │ ├── DataSourcePopulator.java
│ │ │ ├── FilterChainProxyConfigTests.java
│ │ │ ├── InvalidConfigurationTests.java
│ │ │ ├── MockAfterInvocationProvider.java
│ │ │ ├── MockEventListener.java
│ │ │ ├── MockSecurityContextHolderStrategy.java
│ │ │ ├── MockTransactionManager.java
│ │ │ ├── MockUserServiceBeanPostProcessor.java
│ │ │ ├── PostProcessedMockUserDetailsService.java
│ │ │ ├── SecurityNamespaceHandlerTests.java
│ │ │ ├── TestBusinessBean.java
│ │ │ ├── TestBusinessBeanImpl.java
│ │ │ ├── TestDeferredSecurityContext.java
│ │ │ ├── TransactionalTestBusinessBean.java
│ │ │ ├── annotation/
│ │ │ │ ├── ConcereteSecurityConfigurerAdapter.java
│ │ │ │ ├── ObjectPostProcessorTests.java
│ │ │ │ ├── SecurityConfigurerAdapterClosureTests.java
│ │ │ │ ├── SecurityConfigurerAdapterTests.java
│ │ │ │ ├── SecurityContextChangedListenerArgumentMatchers.java
│ │ │ │ ├── SecurityContextChangedListenerConfig.java
│ │ │ │ ├── authentication/
│ │ │ │ │ ├── AuthenticationManagerBuilderTests.java
│ │ │ │ │ ├── BaseAuthenticationConfig.java
│ │ │ │ │ ├── NamespaceAuthenticationManagerTests.java
│ │ │ │ │ ├── NamespaceAuthenticationProviderTests.java
│ │ │ │ │ ├── NamespaceJdbcUserServiceTests.java
│ │ │ │ │ ├── NamespacePasswordEncoderTests.java
│ │ │ │ │ ├── PasswordEncoderConfigurerTests.java
│ │ │ │ │ ├── configuration/
│ │ │ │ │ │ ├── AuthenticationConfigurationPublishTests.java
│ │ │ │ │ │ ├── AuthenticationConfigurationTests.java
│ │ │ │ │ │ ├── AuthenticationManagerBeanRegistrationAotProcessorTests.java
│ │ │ │ │ │ └── EnableGlobalAuthenticationTests.java
│ │ │ │ │ └── configurers/
│ │ │ │ │ ├── ldap/
│ │ │ │ │ │ └── LdapAuthenticationProviderConfigurerTests.java
│ │ │ │ │ └── provisioning/
│ │ │ │ │ └── UserDetailsManagerConfigurerTests.java
│ │ │ │ ├── authorization/
│ │ │ │ │ ├── EnableMultiFactorAuthenticationCustomizerTests.java
│ │ │ │ │ ├── EnableMultiFactorAuthenticationFiltersSetTests.java
│ │ │ │ │ ├── EnableMultiFactorAuthenticationMultipleCustomizersTests.java
│ │ │ │ │ ├── EnableMultiFactorAuthenticationTests.java
│ │ │ │ │ └── MultiFactorAuthenticationSelectorTests.java
│ │ │ │ ├── configuration/
│ │ │ │ │ ├── AroundMethodInterceptor.java
│ │ │ │ │ ├── AutowireBeanFactoryObjectPostProcessorTests.java
│ │ │ │ │ └── MyAdvisedBean.java
│ │ │ │ ├── issue50/
│ │ │ │ │ ├── ApplicationConfig.java
│ │ │ │ │ ├── Issue50Tests.java
│ │ │ │ │ ├── SecurityConfig.java
│ │ │ │ │ ├── domain/
│ │ │ │ │ │ └── User.java
│ │ │ │ │ └── repo/
│ │ │ │ │ └── UserRepository.java
│ │ │ │ ├── method/
│ │ │ │ │ └── configuration/
│ │ │ │ │ ├── AuthorizationProxyConfigurationTests.java
│ │ │ │ │ ├── Authz.java
│ │ │ │ │ ├── DelegatingReactiveMessageService.java
│ │ │ │ │ ├── EnableAuthorizationManagerReactiveMethodSecurityTests.java
│ │ │ │ │ ├── EnableCustomMethodSecurity.java
│ │ │ │ │ ├── EnableReactiveMethodSecurityTests.java
│ │ │ │ │ ├── GlobalMethodSecurityConfigurationTests.java
│ │ │ │ │ ├── MethodSecurityService.java
│ │ │ │ │ ├── MethodSecurityServiceConfig.java
│ │ │ │ │ ├── MethodSecurityServiceImpl.java
│ │ │ │ │ ├── MyMasker.java
│ │ │ │ │ ├── NamespaceGlobalMethodSecurityExpressionHandlerTests.java
│ │ │ │ │ ├── NamespaceGlobalMethodSecurityTests.java
│ │ │ │ │ ├── PrePostMethodSecurityConfigurationTests.java
│ │ │ │ │ ├── PrePostReactiveMethodSecurityConfigurationTests.java
│ │ │ │ │ ├── ReactiveMessageService.java
│ │ │ │ │ ├── ReactiveMethodSecurityConfigurationTests.java
│ │ │ │ │ ├── ReactiveMethodSecurityService.java
│ │ │ │ │ ├── ReactiveMethodSecurityServiceImpl.java
│ │ │ │ │ ├── RequireAdminRole.java
│ │ │ │ │ ├── RequireUserRole.java
│ │ │ │ │ ├── SampleEnableGlobalMethodSecurityTests.java
│ │ │ │ │ ├── UserRecordWithEmailProtected.java
│ │ │ │ │ ├── aot/
│ │ │ │ │ │ ├── EnableMethodSecurityAotTests.java
│ │ │ │ │ │ ├── Message.java
│ │ │ │ │ │ ├── MessageRepository.java
│ │ │ │ │ │ ├── User.java
│ │ │ │ │ │ └── UserProjection.java
│ │ │ │ │ └── issue14637/
│ │ │ │ │ ├── ApplicationConfig.java
│ │ │ │ │ ├── Issue14637Tests.java
│ │ │ │ │ ├── SecurityConfig.java
│ │ │ │ │ ├── domain/
│ │ │ │ │ │ └── Entry.java
│ │ │ │ │ └── repo/
│ │ │ │ │ └── EntryRepository.java
│ │ │ │ ├── sec2758/
│ │ │ │ │ └── Sec2758Tests.java
│ │ │ │ └── web/
│ │ │ │ ├── AbstractConfiguredSecurityBuilderTests.java
│ │ │ │ ├── AbstractRequestMatcherRegistryAnyMatcherTests.java
│ │ │ │ ├── AbstractRequestMatcherRegistryNoMvcTests.java
│ │ │ │ ├── AbstractRequestMatcherRegistryTests.java
│ │ │ │ ├── HttpSecurityHeadersTests.java
│ │ │ │ ├── builders/
│ │ │ │ │ ├── FilterOrderRegistrationTests.java
│ │ │ │ │ ├── HttpConfigurationTests.java
│ │ │ │ │ ├── HttpSecurityAuthenticationManagerTests.java
│ │ │ │ │ ├── HttpSecurityDeferAddFilterTests.java
│ │ │ │ │ ├── NamespaceHttpTests.java
│ │ │ │ │ ├── TestHttpSecurities.java
│ │ │ │ │ ├── WebSecurityFilterChainValidatorTests.java
│ │ │ │ │ └── WebSecurityTests.java
│ │ │ │ ├── configuration/
│ │ │ │ │ ├── AuthenticationPrincipalArgumentResolverTests.java
│ │ │ │ │ ├── AuthorizationManagerWebInvocationPrivilegeEvaluatorConfigTests.java
│ │ │ │ │ ├── DeferHttpSessionJavaConfigTests.java
│ │ │ │ │ ├── EnableWebSecurityTests.java
│ │ │ │ │ ├── HttpSecurityConfigurationTests.java
│ │ │ │ │ ├── OAuth2AuthorizationServerConfigurationTests.java
│ │ │ │ │ ├── OAuth2AuthorizedClientManagerConfigurationTests.java
│ │ │ │ │ ├── OAuth2ClientConfigurationTests.java
│ │ │ │ │ ├── RegisterMissingBeanPostProcessorTests.java
│ │ │ │ │ ├── SecurityReactorContextConfigurationResourceServerTests.java
│ │ │ │ │ ├── SecurityReactorContextConfigurationTests.java
│ │ │ │ │ ├── WebMvcSecurityConfigurationTests.java
│ │ │ │ │ ├── WebSecurityConfigurationTests.java
│ │ │ │ │ └── sec2377/
│ │ │ │ │ ├── Sec2377Tests.java
│ │ │ │ │ ├── a/
│ │ │ │ │ │ └── Sec2377AConfig.java
│ │ │ │ │ └── b/
│ │ │ │ │ └── Sec2377BConfig.java
│ │ │ │ ├── configurers/
│ │ │ │ │ ├── AbstractConfigAttributeRequestMatcherRegistryTests.java
│ │ │ │ │ ├── AnonymousConfigurerTests.java
│ │ │ │ │ ├── AuthorizeHttpRequestsConfigurerTests.java
│ │ │ │ │ ├── ChannelSecurityConfigurerTests.java
│ │ │ │ │ ├── CorsConfigurerTests.java
│ │ │ │ │ ├── CsrfConfigurerIgnoringRequestMatchersTests.java
│ │ │ │ │ ├── CsrfConfigurerNoWebMvcTests.java
│ │ │ │ │ ├── CsrfConfigurerTests.java
│ │ │ │ │ ├── DefaultFiltersTests.java
│ │ │ │ │ ├── DefaultLoginPageConfigurerTests.java
│ │ │ │ │ ├── ExceptionHandlingConfigurerAccessDeniedHandlerTests.java
│ │ │ │ │ ├── ExceptionHandlingConfigurerTests.java
│ │ │ │ │ ├── FormLoginConfigurerTests.java
│ │ │ │ │ ├── HeadersConfigurerEagerHeadersTests.java
│ │ │ │ │ ├── HeadersConfigurerTests.java
│ │ │ │ │ ├── HttpBasicConfigurerTests.java
│ │ │ │ │ ├── HttpSecurityLogoutTests.java
│ │ │ │ │ ├── HttpSecurityObservationTests.java
│ │ │ │ │ ├── HttpSecurityRequestMatchersTests.java
│ │ │ │ │ ├── HttpSecuritySecurityMatchersNoMvcTests.java
│ │ │ │ │ ├── HttpSecuritySecurityMatchersTests.java
│ │ │ │ │ ├── HttpsRedirectConfigurerTests.java
│ │ │ │ │ ├── JeeConfigurerTests.java
│ │ │ │ │ ├── LogoutConfigurerClearSiteDataTests.java
│ │ │ │ │ ├── LogoutConfigurerTests.java
│ │ │ │ │ ├── NamespaceDebugTests.java
│ │ │ │ │ ├── NamespaceHttpAnonymousTests.java
│ │ │ │ │ ├── NamespaceHttpBasicTests.java
│ │ │ │ │ ├── NamespaceHttpCustomFilterTests.java
│ │ │ │ │ ├── NamespaceHttpExpressionHandlerTests.java
│ │ │ │ │ ├── NamespaceHttpFirewallTests.java
│ │ │ │ │ ├── NamespaceHttpFormLoginTests.java
│ │ │ │ │ ├── NamespaceHttpHeadersTests.java
│ │ │ │ │ ├── NamespaceHttpInterceptUrlTests.java
│ │ │ │ │ ├── NamespaceHttpJeeTests.java
│ │ │ │ │ ├── NamespaceHttpLogoutTests.java
│ │ │ │ │ ├── NamespaceHttpPortMappingsTests.java
│ │ │ │ │ ├── NamespaceHttpRequestCacheTests.java
│ │ │ │ │ ├── NamespaceHttpServerAccessDeniedHandlerTests.java
│ │ │ │ │ ├── NamespaceHttpX509Tests.java
│ │ │ │ │ ├── NamespaceRememberMeTests.java
│ │ │ │ │ ├── NamespaceSessionManagementTests.java
│ │ │ │ │ ├── PasswordManagementConfigurerTests.java
│ │ │ │ │ ├── PermitAllSupportTests.java
│ │ │ │ │ ├── PortMapperConfigurerTests.java
│ │ │ │ │ ├── RememberMeConfigurerTests.java
│ │ │ │ │ ├── RequestCacheConfigurerTests.java
│ │ │ │ │ ├── RequestMatcherConfigurerTests.java
│ │ │ │ │ ├── SecurityContextConfigurerTests.java
│ │ │ │ │ ├── ServletApiConfigurerTests.java
│ │ │ │ │ ├── SessionManagementConfigurerServlet31Tests.java
│ │ │ │ │ ├── SessionManagementConfigurerSessionAuthenticationStrategyTests.java
│ │ │ │ │ ├── SessionManagementConfigurerSessionCreationPolicyTests.java
│ │ │ │ │ ├── SessionManagementConfigurerTests.java
│ │ │ │ │ ├── SessionManagementConfigurerTransientAuthenticationTests.java
│ │ │ │ │ ├── UrlAuthorizationsTests.java
│ │ │ │ │ ├── WebAuthnConfigurerTests.java
│ │ │ │ │ ├── X509ConfigurerTests.java
│ │ │ │ │ ├── oauth2/
│ │ │ │ │ │ ├── client/
│ │ │ │ │ │ │ ├── OAuth2ClientConfigurerTests.java
│ │ │ │ │ │ │ ├── OAuth2LoginConfigurerTests.java
│ │ │ │ │ │ │ ├── OidcBackChannelLogoutHandlerTests.java
│ │ │ │ │ │ │ ├── OidcLogoutConfigurerTests.java
│ │ │ │ │ │ │ ├── OidcUserRefreshedEventListenerConfigurationTests.java
│ │ │ │ │ │ │ └── OidcUserRefreshedEventListenerTests.java
│ │ │ │ │ │ └── server/
│ │ │ │ │ │ ├── authorization/
│ │ │ │ │ │ │ ├── AuthorizationServerContextFilterTests.java
│ │ │ │ │ │ │ ├── DefaultOAuth2TokenCustomizersTests.java
│ │ │ │ │ │ │ ├── JwkSetTests.java
│ │ │ │ │ │ │ ├── OAuth2AuthorizationCodeGrantTests.java
│ │ │ │ │ │ │ ├── OAuth2AuthorizationServerMetadataTests.java
│ │ │ │ │ │ │ ├── OAuth2ClientCredentialsGrantTests.java
│ │ │ │ │ │ │ ├── OAuth2ClientRegistrationTests.java
│ │ │ │ │ │ │ ├── OAuth2DeviceCodeGrantTests.java
│ │ │ │ │ │ │ ├── OAuth2RefreshTokenGrantTests.java
│ │ │ │ │ │ │ ├── OAuth2TokenExchangeGrantTests.java
│ │ │ │ │ │ │ ├── OAuth2TokenIntrospectionTests.java
│ │ │ │ │ │ │ ├── OAuth2TokenRevocationTests.java
│ │ │ │ │ │ │ ├── OidcClientRegistrationTests.java
│ │ │ │ │ │ │ ├── OidcProviderConfigurationTests.java
│ │ │ │ │ │ │ ├── OidcTests.java
│ │ │ │ │ │ │ └── OidcUserInfoTests.java
│ │ │ │ │ │ └── resource/
│ │ │ │ │ │ ├── DPoPAuthenticationConfigurerTests.java
│ │ │ │ │ │ ├── OAuth2ProtectedResourceMetadataTests.java
│ │ │ │ │ │ └── OAuth2ResourceServerConfigurerTests.java
│ │ │ │ │ ├── ott/
│ │ │ │ │ │ └── OneTimeTokenLoginConfigurerTests.java
│ │ │ │ │ └── saml2/
│ │ │ │ │ ├── Saml2LoginConfigurerTests.java
│ │ │ │ │ ├── Saml2LogoutConfigurerTests.java
│ │ │ │ │ ├── Saml2MetadataConfigurerTests.java
│ │ │ │ │ └── TestSaml2Credentials.java
│ │ │ │ ├── reactive/
│ │ │ │ │ ├── EnableWebFluxSecurityTests.java
│ │ │ │ │ ├── ReactiveOAuth2AuthorizedClientManagerConfigurationTests.java
│ │ │ │ │ ├── ReactiveOAuth2ClientImportSelectorTests.java
│ │ │ │ │ ├── ServerHttpSecurityConfigurationBuilder.java
│ │ │ │ │ ├── ServerHttpSecurityConfigurationTests.java
│ │ │ │ │ └── WebFluxSecurityConfigurationTests.java
│ │ │ │ └── socket/
│ │ │ │ ├── SyncExecutorSubscribableChannelPostProcessor.java
│ │ │ │ ├── TestDeferredCsrfToken.java
│ │ │ │ ├── WebSocketMessageBrokerSecurityConfigurationDocTests.java
│ │ │ │ └── WebSocketMessageBrokerSecurityConfigurationTests.java
│ │ │ ├── aot/
│ │ │ │ └── hint/
│ │ │ │ ├── OAuth2LoginRuntimeHintsTests.java
│ │ │ │ ├── WebMvcSecurityConfigurationRuntimeHintsTests.java
│ │ │ │ └── WebSecurityConfigurationRuntimeHintsTests.java
│ │ │ ├── authentication/
│ │ │ │ ├── AuthenticationConfigurationGh3935Tests.java
│ │ │ │ ├── AuthenticationManagerBeanDefinitionParserTests.java
│ │ │ │ ├── AuthenticationProviderBeanDefinitionParserTests.java
│ │ │ │ ├── JdbcUserServiceBeanDefinitionParserTests.java
│ │ │ │ ├── PasswordEncoderParserTests.java
│ │ │ │ └── UserServiceBeanDefinitionParserTests.java
│ │ │ ├── core/
│ │ │ │ ├── GrantedAuthorityDefaultsJcTests.java
│ │ │ │ ├── GrantedAuthorityDefaultsXmlTests.java
│ │ │ │ ├── HelloWorldMessageService.java
│ │ │ │ ├── MessageService.java
│ │ │ │ └── userdetails/
│ │ │ │ ├── ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java
│ │ │ │ ├── ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java
│ │ │ │ ├── ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java
│ │ │ │ └── UserDetailsResourceFactoryBeanTests.java
│ │ │ ├── crypto/
│ │ │ │ └── RsaKeyConversionServicePostProcessorTests.java
│ │ │ ├── debug/
│ │ │ │ ├── AuthProviderDependency.java
│ │ │ │ ├── SecurityDebugBeanFactoryPostProcessorTests.java
│ │ │ │ └── TestAuthenticationProvider.java
│ │ │ ├── doc/
│ │ │ │ ├── Attribute.java
│ │ │ │ ├── Element.java
│ │ │ │ ├── SpringSecurityXsdParser.java
│ │ │ │ ├── XmlNode.java
│ │ │ │ ├── XmlParser.java
│ │ │ │ ├── XmlSupport.java
│ │ │ │ └── XsdDocumentedTests.java
│ │ │ ├── http/
│ │ │ │ ├── AccessDeniedConfigTests.java
│ │ │ │ ├── CsrfBeanDefinitionParserTests.java
│ │ │ │ ├── CsrfConfigTests.java
│ │ │ │ ├── DefaultFilterChainValidatorTests.java
│ │ │ │ ├── DeferHttpSessionXmlConfigTests.java
│ │ │ │ ├── FilterSecurityMetadataSourceBeanDefinitionParserTests.java
│ │ │ │ ├── FormLoginBeanDefinitionParserTests.java
│ │ │ │ ├── FormLoginConfigTests.java
│ │ │ │ ├── HttpConfigTests.java
│ │ │ │ ├── HttpCorsConfigTests.java
│ │ │ │ ├── HttpHeadersConfigTests.java
│ │ │ │ ├── HttpInterceptUrlTests.java
│ │ │ │ ├── InterceptUrlConfigTests.java
│ │ │ │ ├── MiscHttpConfigTests.java
│ │ │ │ ├── MultiHttpBlockConfigTests.java
│ │ │ │ ├── NamespaceHttpBasicTests.java
│ │ │ │ ├── OAuth2AuthorizedClientManagerRegistrarTests.java
│ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests.java
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests.java
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests.java
│ │ │ │ ├── PlaceHolderAndELConfigTests.java
│ │ │ │ ├── RememberMeConfigTests.java
│ │ │ │ ├── Saml2LoginBeanDefinitionParserTests.java
│ │ │ │ ├── Saml2LogoutBeanDefinitionParserTests.java
│ │ │ │ ├── SecurityContextHolderAwareRequestConfigTests.java
│ │ │ │ ├── SecurityFiltersAssertions.java
│ │ │ │ ├── SessionManagementConfigServlet31Tests.java
│ │ │ │ ├── SessionManagementConfigTests.java
│ │ │ │ ├── SessionManagementConfigTransientAuthenticationTests.java
│ │ │ │ ├── WebConfigUtilsTests.java
│ │ │ │ ├── WellKnownChangePasswordBeanDefinitionParserTests.java
│ │ │ │ └── customconfigurer/
│ │ │ │ ├── CustomConfigurer.java
│ │ │ │ └── CustomHttpSecurityConfigurerTests.java
│ │ │ ├── method/
│ │ │ │ ├── Contact.java
│ │ │ │ ├── ContactPermission.java
│ │ │ │ ├── GlobalMethodSecurityBeanDefinitionParserTests.java
│ │ │ │ ├── InterceptMethodsBeanDefinitionDecoratorTests.java
│ │ │ │ ├── Jsr250AnnotationDrivenBeanDefinitionParserTests.java
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests.java
│ │ │ │ ├── PreAuthorizeAdminRole.java
│ │ │ │ ├── PreAuthorizeServiceImpl.java
│ │ │ │ ├── PreAuthorizeTests.java
│ │ │ │ ├── Sec2196Tests.java
│ │ │ │ ├── SecuredAdminRole.java
│ │ │ │ ├── SecuredAnnotationDrivenBeanDefinitionParserTests.java
│ │ │ │ ├── SecuredServiceImpl.java
│ │ │ │ ├── SecuredTests.java
│ │ │ │ ├── TestPermissionEvaluator.java
│ │ │ │ ├── configuration/
│ │ │ │ │ └── Gh4020GlobalMethodSecurityConfigurationTests.java
│ │ │ │ ├── sec2136/
│ │ │ │ │ ├── JpaPermissionEvaluator.java
│ │ │ │ │ └── Sec2136Tests.java
│ │ │ │ └── sec2499/
│ │ │ │ └── Sec2499Tests.java
│ │ │ ├── oauth2/
│ │ │ │ └── client/
│ │ │ │ ├── ClientRegistrationsBeanDefinitionParserTests.java
│ │ │ │ └── CommonOAuth2ProviderTests.java
│ │ │ ├── observation/
│ │ │ │ └── SecurityObservationSettingsTests.java
│ │ │ ├── provisioning/
│ │ │ │ ├── UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java
│ │ │ │ ├── UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java
│ │ │ │ └── UserDetailsManagerResourceFactoryBeanStringITests.java
│ │ │ ├── saml2/
│ │ │ │ └── RelyingPartyRegistrationsBeanDefinitionParserTests.java
│ │ │ ├── test/
│ │ │ │ ├── SpringTestContext.java
│ │ │ │ ├── SpringTestContextExtension.java
│ │ │ │ └── SpringTestParentApplicationContextExecutionListener.java
│ │ │ ├── users/
│ │ │ │ ├── AuthenticationTestConfiguration.java
│ │ │ │ └── ReactiveAuthenticationTestConfiguration.java
│ │ │ ├── util/
│ │ │ │ ├── InMemoryXmlApplicationContext.java
│ │ │ │ ├── InMemoryXmlWebApplicationContext.java
│ │ │ │ └── SpringSecurityVersions.java
│ │ │ ├── web/
│ │ │ │ ├── PathPatternRequestMatcherBuilderFactoryBeanTests.java
│ │ │ │ └── server/
│ │ │ │ ├── AuthorizeExchangeSpecTests.java
│ │ │ │ ├── CorsSpecTests.java
│ │ │ │ ├── ExceptionHandlingSpecTests.java
│ │ │ │ ├── FormLoginTests.java
│ │ │ │ ├── HeaderSpecTests.java
│ │ │ │ ├── HttpsRedirectSpecTests.java
│ │ │ │ ├── LogoutSpecTests.java
│ │ │ │ ├── OAuth2ClientSpecTests.java
│ │ │ │ ├── OAuth2LoginTests.java
│ │ │ │ ├── OAuth2ResourceServerSpecTests.java
│ │ │ │ ├── OidcBackChannelServerLogoutHandlerTests.java
│ │ │ │ ├── OidcLogoutSpecTests.java
│ │ │ │ ├── OneTimeTokenLoginSpecTests.java
│ │ │ │ ├── PasswordManagementSpecTests.java
│ │ │ │ ├── RequestCacheTests.java
│ │ │ │ ├── ServerHttpSecurityTests.java
│ │ │ │ ├── SessionManagementSpecTests.java
│ │ │ │ └── TestingServerHttpSecurity.java
│ │ │ └── websocket/
│ │ │ ├── MessageSecurityPostProcessorTests.java
│ │ │ └── WebSocketMessageBrokerConfigTests.java
│ │ ├── htmlunit/
│ │ │ └── server/
│ │ │ ├── HtmlUnitWebTestClient.java
│ │ │ ├── MockWebResponseBuilder.java
│ │ │ ├── WebTestClientHtmlUnitDriverBuilder.java
│ │ │ ├── WebTestClientHtmlUnitDriverBuilderTests.java
│ │ │ └── WebTestClientWebConnection.java
│ │ ├── intercept/
│ │ │ └── method/
│ │ │ └── aopalliance/
│ │ │ └── MethodSecurityInterceptorWithAopConfigTests.java
│ │ └── test/
│ │ ├── support/
│ │ │ ├── ClassPathExclusions.java
│ │ │ ├── ClassPathOverrides.java
│ │ │ ├── ForkedClassPath.java
│ │ │ ├── ModifiedClassPathClassLoader.java
│ │ │ └── ModifiedClassPathExtension.java
│ │ └── web/
│ │ └── servlet/
│ │ └── RequestCacheResultMatcher.java
│ ├── kotlin/
│ │ └── org/
│ │ └── springframework/
│ │ └── security/
│ │ └── config/
│ │ ├── annotation/
│ │ │ ├── method/
│ │ │ │ └── configuration/
│ │ │ │ ├── KotlinEnableReactiveMethodSecurityTests.kt
│ │ │ │ ├── KotlinReactiveMessageService.kt
│ │ │ │ └── KotlinReactiveMessageServiceImpl.kt
│ │ │ └── web/
│ │ │ ├── AnonymousDslTests.kt
│ │ │ ├── AuthorizeHttpRequestsDslTests.kt
│ │ │ ├── CorsDslTests.kt
│ │ │ ├── CsrfDslTests.kt
│ │ │ ├── ExceptionHandlingDslTests.kt
│ │ │ ├── FormLoginDslTests.kt
│ │ │ ├── HeadersDslTests.kt
│ │ │ ├── HttpBasicDslTests.kt
│ │ │ ├── HttpSecurityDslTests.kt
│ │ │ ├── HttpsRedirectDslTests.kt
│ │ │ ├── LogoutDslTests.kt
│ │ │ ├── OAuth2ClientDslTests.kt
│ │ │ ├── OAuth2LoginDslTests.kt
│ │ │ ├── OAuth2ResourceServerDslTests.kt
│ │ │ ├── OidcLogoutDslTests.kt
│ │ │ ├── OneTimeTokenLoginDslTests.kt
│ │ │ ├── PasswordManagementDslTests.kt
│ │ │ ├── PortMapperDslTests.kt
│ │ │ ├── RememberMeDslTests.kt
│ │ │ ├── RequestCacheDslTests.kt
│ │ │ ├── RequiresChannelDslTests.kt
│ │ │ ├── Saml2DslTests.kt
│ │ │ ├── Saml2LogoutDslTests.kt
│ │ │ ├── Saml2MetadataDslTests.kt
│ │ │ ├── SecurityContextDslTests.kt
│ │ │ ├── SessionManagementDslTests.kt
│ │ │ ├── WebAuthnDslTests.kt
│ │ │ ├── X509DslTests.kt
│ │ │ ├── headers/
│ │ │ │ ├── CacheControlDslTests.kt
│ │ │ │ ├── ContentSecurityPolicyDslTests.kt
│ │ │ │ ├── ContentTypeOptionsDslTests.kt
│ │ │ │ ├── FrameOptionsDslTests.kt
│ │ │ │ ├── HttpPublicKeyPinningDslTests.kt
│ │ │ │ ├── HttpStrictTransportSecurityDslTests.kt
│ │ │ │ ├── ReferrerPolicyDslTests.kt
│ │ │ │ └── XssProtectionConfigDslTests.kt
│ │ │ ├── oauth2/
│ │ │ │ ├── client/
│ │ │ │ │ └── AuthorizationCodeGrantDslTests.kt
│ │ │ │ ├── login/
│ │ │ │ │ ├── AuthorizationEndpointDslTests.kt
│ │ │ │ │ ├── RedirectionEndpointDslTests.kt
│ │ │ │ │ ├── TokenEndpointDslTests.kt
│ │ │ │ │ └── UserInfoEndpointDslTests.kt
│ │ │ │ └── resourceserver/
│ │ │ │ ├── JwtDslTests.kt
│ │ │ │ └── OpaqueTokenDslTests.kt
│ │ │ └── session/
│ │ │ ├── SessionConcurrencyDslTests.kt
│ │ │ └── SessionFixationDslTests.kt
│ │ └── web/
│ │ └── server/
│ │ ├── AuthorizeExchangeDslTests.kt
│ │ ├── ServerAnonymousDslTests.kt
│ │ ├── ServerCacheControlDslTests.kt
│ │ ├── ServerContentSecurityPolicyDslTests.kt
│ │ ├── ServerContentTypeOptionsDslTests.kt
│ │ ├── ServerCorsDslTests.kt
│ │ ├── ServerCsrfDslTests.kt
│ │ ├── ServerExceptionHandlingDslTests.kt
│ │ ├── ServerFormLoginDslTests.kt
│ │ ├── ServerFrameOptionsDslTests.kt
│ │ ├── ServerHeadersDslTests.kt
│ │ ├── ServerHttpBasicDslTests.kt
│ │ ├── ServerHttpSecurityDslTests.kt
│ │ ├── ServerHttpStrictTransportSecurityDslTests.kt
│ │ ├── ServerHttpsRedirectDslTests.kt
│ │ ├── ServerJwtDslTests.kt
│ │ ├── ServerLogoutDslTests.kt
│ │ ├── ServerOAuth2ClientDslTests.kt
│ │ ├── ServerOAuth2LoginDslTests.kt
│ │ ├── ServerOAuth2ResourceServerDslTests.kt
│ │ ├── ServerOidcLogoutDslTests.kt
│ │ ├── ServerOneTimeTokenLoginDslTests.kt
│ │ ├── ServerOpaqueTokenDslTests.kt
│ │ ├── ServerPasswordManagementDslTests.kt
│ │ ├── ServerPermissionsPolicyDslTests.kt
│ │ ├── ServerReferrerPolicyDslTests.kt
│ │ ├── ServerRequestCacheDslTests.kt
│ │ ├── ServerSessionManagementDslTests.kt
│ │ ├── ServerX509DslTests.kt
│ │ └── ServerXssProtectionDslTests.kt
│ └── resources/
│ ├── CustomJdbcUserServiceSampleConfig.sql
│ ├── logback-test.xml
│ ├── org/
│ │ └── springframework/
│ │ └── security/
│ │ ├── config/
│ │ │ ├── annotation/
│ │ │ │ ├── configuration/
│ │ │ │ │ └── AutowireBeanFactoryObjectPostProcessorTests-aopconfig.xml
│ │ │ │ └── web/
│ │ │ │ ├── configuration/
│ │ │ │ │ ├── simple.priv
│ │ │ │ │ └── simple.pub
│ │ │ │ └── configurers/
│ │ │ │ └── oauth2/
│ │ │ │ └── server/
│ │ │ │ └── resource/
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Active.json
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-ActiveNoScopes.json
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Default.jwks
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Empty.jwks
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Expired.token
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-ExpiresAt4687177990.token
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Inactive.json
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Kid.token
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-MalformedPayload.token
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-TooEarly.token
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-TwoKeys.jwks
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Unsigned.token
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-ValidMessageReadScope.token
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-ValidMessageReadScp.token
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-ValidMessageWriteScp.token
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-ValidNoScopes.token
│ │ │ │ ├── OAuth2ResourceServerConfigurerTests-WrongAlgorithm.token
│ │ │ │ └── OAuth2ResourceServerConfigurerTests-WrongSignature.token
│ │ │ ├── authentication/
│ │ │ │ ├── PasswordEncoderParserTests-bean.xml
│ │ │ │ └── PasswordEncoderParserTests-default.xml
│ │ │ ├── core/
│ │ │ │ └── GrantedAuthorityDefaultsXmlTests-context.xml
│ │ │ ├── debug/
│ │ │ │ └── SecurityDebugBeanFactoryPostProcessorTests-context.xml
│ │ │ ├── http/
│ │ │ │ ├── AccessDeniedConfigTests-AccessDeniedHandler.xml
│ │ │ │ ├── AccessDeniedConfigTests-NoLeadingSlash.xml
│ │ │ │ ├── AccessDeniedConfigTests-UsesPathAndRef.xml
│ │ │ │ ├── CsrfBeanDefinitionParserTests-RegisterDataValueProcessorOnyIfNotRegistered.xml
│ │ │ │ ├── CsrfConfigTests-AutoConfig.xml
│ │ │ │ ├── CsrfConfigTests-CsrfDisabled.xml
│ │ │ │ ├── CsrfConfigTests-CsrfEnabled.xml
│ │ │ │ ├── CsrfConfigTests-WithAccessDeniedHandler.xml
│ │ │ │ ├── CsrfConfigTests-WithRequestAttrName.xml
│ │ │ │ ├── CsrfConfigTests-WithRequestMatcher.xml
│ │ │ │ ├── CsrfConfigTests-WithSessionManagement.xml
│ │ │ │ ├── CsrfConfigTests-WithXorCsrfTokenRequestAttributeHandler.xml
│ │ │ │ ├── CsrfConfigTests-mock-csrf-token-repository.xml
│ │ │ │ ├── CsrfConfigTests-mock-request-matcher.xml
│ │ │ │ ├── CsrfConfigTests-shared-access-denied-handler.xml
│ │ │ │ ├── CsrfConfigTests-shared-controllers.xml
│ │ │ │ ├── CsrfConfigTests-shared-csrf-token-repository.xml
│ │ │ │ ├── CsrfConfigTests-shared-userservice.xml
│ │ │ │ ├── DeferHttpSessionTests-Explicit.xml
│ │ │ │ ├── FormLoginBeanDefinitionParserTests-AutoConfig.xml
│ │ │ │ ├── FormLoginBeanDefinitionParserTests-Simple.xml
│ │ │ │ ├── FormLoginBeanDefinitionParserTests-WithAuthenticationFailureForwardUrl.xml
│ │ │ │ ├── FormLoginBeanDefinitionParserTests-WithAuthenticationSuccessForwardUrl.xml
│ │ │ │ ├── FormLoginBeanDefinitionParserTests-WithCustomAttributes.xml
│ │ │ │ ├── FormLoginConfigTests-ForSec2919.xml
│ │ │ │ ├── FormLoginConfigTests-ForSec3147.xml
│ │ │ │ ├── FormLoginConfigTests-NoLeadingSlashDefaultTargetUrl.xml
│ │ │ │ ├── FormLoginConfigTests-NoLeadingSlashLoginPage.xml
│ │ │ │ ├── FormLoginConfigTests-UsingSpel.xml
│ │ │ │ ├── FormLoginConfigTests-WithCsrfDisabled.xml
│ │ │ │ ├── FormLoginConfigTests-WithCsrfEnabled.xml
│ │ │ │ ├── FormLoginConfigTests-WithCustomSecurityContextHolderStrategy.xml
│ │ │ │ ├── FormLoginConfigTests-WithDefaultTargetUrl.xml
│ │ │ │ ├── FormLoginConfigTests-WithRequestMatcher.xml
│ │ │ │ ├── FormLoginConfigTests-WithSuccessAndFailureHandlers.xml
│ │ │ │ ├── FormLoginConfigTests-WithUsernameAndPasswordParameters.xml
│ │ │ │ ├── HttpConfigTests-AuthorizationManager.xml
│ │ │ │ ├── HttpConfigTests-Minimal.xml
│ │ │ │ ├── HttpConfigTests-MinimalAuthorizationManager.xml
│ │ │ │ ├── HttpConfigTests-WithObservationRegistry.xml
│ │ │ │ ├── HttpCorsConfigTests-RequiresMvc.xml
│ │ │ │ ├── HttpCorsConfigTests-WithCors.xml
│ │ │ │ ├── HttpCorsConfigTests-WithCorsConfigurationSource.xml
│ │ │ │ ├── HttpCorsConfigTests-WithCorsFilter.xml
│ │ │ │ ├── HttpHeadersConfigTests-CacheControlDisabled.xml
│ │ │ │ ├── HttpHeadersConfigTests-ContentSecurityPolicyWithEmptyDirectives.xml
│ │ │ │ ├── HttpHeadersConfigTests-ContentSecurityPolicyWithPolicyDirectives.xml
│ │ │ │ ├── HttpHeadersConfigTests-ContentSecurityPolicyWithReportOnly.xml
│ │ │ │ ├── HttpHeadersConfigTests-ContentTypeOptionsDisabled.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultConfig.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCacheControl.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithContentSecurityPolicy.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithContentTypeOptions.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCrossOriginEmbedderPolicy.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCrossOriginOpenerPolicy.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCrossOriginPolicies.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCrossOriginResourcePolicy.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCustomHeader.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCustomHeaderWriter.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCustomHstsRequestMatcher.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithEmptyHpkp.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithEmptyPins.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptions.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptionsAllowFrom.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptionsAllowFromBlankOrigin.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptionsAllowFromNoOrigin.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptionsAllowFromWhitelist.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptionsDeny.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptionsSameOrigin.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHpkp.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHpkpDefaults.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHpkpIncludeSubdomains.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHpkpMaxAge.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHpkpReport.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHpkpReportUri.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHsts.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithNoOverride.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithOnlyHeaderName.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithOnlyHeaderValue.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithPermissionsPolicy.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithPlaceholder.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithReferrerPolicy.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithReferrerPolicySameOrigin.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithXssProtection.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithXssProtectionHeaderValueOne.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithXssProtectionHeaderValueOneModeBlock.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithXssProtectionHeaderValueZero.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsSessionManagementConcurrencyControlMaxSessions.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsSessionManagementConcurrencyControlMaxSessionsRef.xml
│ │ │ │ ├── HttpHeadersConfigTests-DefaultsSessionManagementConcurrencyControlWithInvalidMaxSessionsConfig.xml
│ │ │ │ ├── HttpHeadersConfigTests-DisabledWithPlaceholder.xml
│ │ │ │ ├── HttpHeadersConfigTests-FrameOptionsDisabled.xml
│ │ │ │ ├── HttpHeadersConfigTests-FrameOptionsDisabledSpecifyingPolicy.xml
│ │ │ │ ├── HttpHeadersConfigTests-HeadersDisabled.xml
│ │ │ │ ├── HttpHeadersConfigTests-HeadersDisabledHavingChildElement.xml
│ │ │ │ ├── HttpHeadersConfigTests-HeadersDisabledWithContentSecurityPolicy.xml
│ │ │ │ ├── HttpHeadersConfigTests-HeadersEnabled.xml
│ │ │ │ ├── HttpHeadersConfigTests-HpkpDisabled.xml
│ │ │ │ ├── HttpHeadersConfigTests-HstsDisabled.xml
│ │ │ │ ├── HttpHeadersConfigTests-HstsDisabledSpecifyingIncludeSubdomains.xml
│ │ │ │ ├── HttpHeadersConfigTests-HstsDisabledSpecifyingMaxAge.xml
│ │ │ │ ├── HttpHeadersConfigTests-HstsDisabledSpecifyingRequestMatcher.xml
│ │ │ │ ├── HttpHeadersConfigTests-WithFrameOptions.xml
│ │ │ │ ├── HttpHeadersConfigTests-XssProtectionDisabled.xml
│ │ │ │ ├── HttpHeadersConfigTests-XssProtectionDisabledSpecifyingHeaderValue.xml
│ │ │ │ ├── HttpInterceptUrlTests-interceptUrlWhenRequestMatcherRefThenWorks.xml
│ │ │ │ ├── InterceptUrlConfigTests-AntMatcherServletPath.xml
│ │ │ │ ├── InterceptUrlConfigTests-AntMatcherServletPathAuthorizationManager.xml
│ │ │ │ ├── InterceptUrlConfigTests-AuthorizationManagerFilterAllDispatcherTypes.xml
│ │ │ │ ├── InterceptUrlConfigTests-CamelCasePathVariables.xml
│ │ │ │ ├── InterceptUrlConfigTests-CamelCasePathVariablesAuthorizationManager.xml
│ │ │ │ ├── InterceptUrlConfigTests-CiRegexMatcherServletPath.xml
│ │ │ │ ├── InterceptUrlConfigTests-CiRegexMatcherServletPathAuthorizationManager.xml
│ │ │ │ ├── InterceptUrlConfigTests-DefaultMatcherNoIntrospectorBean.xml
│ │ │ │ ├── InterceptUrlConfigTests-DefaultMatcherServletPath.xml
│ │ │ │ ├── InterceptUrlConfigTests-DefaultMatcherServletPathAuthorizationManager.xml
│ │ │ │ ├── InterceptUrlConfigTests-EmptyAccess.xml
│ │ │ │ ├── InterceptUrlConfigTests-EmptyAccessLegacy.xml
│ │ │ │ ├── InterceptUrlConfigTests-HasAnyRole.xml
│ │ │ │ ├── InterceptUrlConfigTests-HasAnyRoleAuthorizationManager.xml
│ │ │ │ ├── InterceptUrlConfigTests-MissingAccess.xml
│ │ │ │ ├── InterceptUrlConfigTests-MissingAccessLegacy.xml
│ │ │ │ ├── InterceptUrlConfigTests-MvcMatchers.xml
│ │ │ │ ├── InterceptUrlConfigTests-MvcMatchersAuthorizationManager.xml
│ │ │ │ ├── InterceptUrlConfigTests-MvcMatchersPathVariables.xml
│ │ │ │ ├── InterceptUrlConfigTests-MvcMatchersPathVariablesAuthorizationManager.xml
│ │ │ │ ├── InterceptUrlConfigTests-MvcMatchersServletPath.xml
│ │ │ │ ├── InterceptUrlConfigTests-MvcMatchersServletPathAuthorizationManager.xml
│ │ │ │ ├── InterceptUrlConfigTests-PatchMethod.xml
│ │ │ │ ├── InterceptUrlConfigTests-PatchMethodAuthorizationManager.xml
│ │ │ │ ├── InterceptUrlConfigTests-PathVariables.xml
│ │ │ │ ├── InterceptUrlConfigTests-PathVariablesAuthorizationManager.xml
│ │ │ │ ├── InterceptUrlConfigTests-RegexMatcherServletPath.xml
│ │ │ │ ├── InterceptUrlConfigTests-RegexMatcherServletPathAuthorizationManager.xml
│ │ │ │ ├── InterceptUrlConfigTests-Sec2256.xml
│ │ │ │ ├── InterceptUrlConfigTests-Sec2256AuthorizationManager.xml
│ │ │ │ ├── InterceptUrlConfigTests-TypeConversionPathVariables.xml
│ │ │ │ ├── InterceptUrlConfigTests-TypeConversionPathVariablesAuthorizationManager.xml
│ │ │ │ ├── InterceptUrlConfigTests-ValidAccess.xml
│ │ │ │ ├── MiscHttpConfigTests-AnonymousCustomAttributes.xml
│ │ │ │ ├── MiscHttpConfigTests-AnonymousDisabled.xml
│ │ │ │ ├── MiscHttpConfigTests-AnonymousEndpoints.xml
│ │ │ │ ├── MiscHttpConfigTests-AnonymousMultipleAuthorities.xml
│ │ │ │ ├── MiscHttpConfigTests-AuthenticationManagerEraseCredentials.xml
│ │ │ │ ├── MiscHttpConfigTests-AuthenticationManagerRefKeepCredentials.xml
│ │ │ │ ├── MiscHttpConfigTests-AuthenticationManagerRefNotProviderManager.xml
│ │ │ │ ├── MiscHttpConfigTests-AutoConfig.xml
│ │ │ │ ├── MiscHttpConfigTests-CiRegexSecurityPattern.xml
│ │ │ │ ├── MiscHttpConfigTests-CollidingFilters.xml
│ │ │ │ ├── MiscHttpConfigTests-CustomAccessDecisionManager.xml
│ │ │ │ ├── MiscHttpConfigTests-CustomAuthenticationDetailsSourceRef.xml
│ │ │ │ ├── MiscHttpConfigTests-CustomFilters.xml
│ │ │ │ ├── MiscHttpConfigTests-CustomHttpBasicEntryPointRef.xml
│ │ │ │ ├── MiscHttpConfigTests-CustomRequestMatcher.xml
│ │ │ │ ├── MiscHttpConfigTests-DeleteCookies.xml
│ │ │ │ ├── MiscHttpConfigTests-DisableUrlRewriting-NullSecurityContextRepository.xml
│ │ │ │ ├── MiscHttpConfigTests-DisableUrlRewriting.xml
│ │ │ │ ├── MiscHttpConfigTests-EntryPoint.xml
│ │ │ │ ├── MiscHttpConfigTests-ExplicitSave.xml
│ │ │ │ ├── MiscHttpConfigTests-ExplicitSaveAndExplicitRepository.xml
│ │ │ │ ├── MiscHttpConfigTests-ExpressionHandler.xml
│ │ │ │ ├── MiscHttpConfigTests-HttpBasic.xml
│ │ │ │ ├── MiscHttpConfigTests-HttpFirewall.xml
│ │ │ │ ├── MiscHttpConfigTests-InterceptUrlExpressions.xml
│ │ │ │ ├── MiscHttpConfigTests-InterceptUrlMethod.xml
│ │ │ │ ├── MiscHttpConfigTests-InterceptUrlMethodRequiresHttps.xml
│ │ │ │ ├── MiscHttpConfigTests-InterceptUrlMethodRequiresHttpsAny.xml
│ │ │ │ ├── MiscHttpConfigTests-InvalidLogoutSuccessUrl.xml
│ │ │ │ ├── MiscHttpConfigTests-Jaas.xml
│ │ │ │ ├── MiscHttpConfigTests-JeeFilter.xml
│ │ │ │ ├── MiscHttpConfigTests-JeeFilterWithSecurityContextHolderStrategy.xml
│ │ │ │ ├── MiscHttpConfigTests-LogoutSuccessHandlerRef.xml
│ │ │ │ ├── MiscHttpConfigTests-MinimalConfiguration.xml
│ │ │ │ ├── MiscHttpConfigTests-MissingUserDetailsService.xml
│ │ │ │ ├── MiscHttpConfigTests-NoAuthProviders.xml
│ │ │ │ ├── MiscHttpConfigTests-NoInternalAuthenticationProviders.xml
│ │ │ │ ├── MiscHttpConfigTests-NoSecurityForPattern.xml
│ │ │ │ ├── MiscHttpConfigTests-OncePerRequest.xml
│ │ │ │ ├── MiscHttpConfigTests-OncePerRequestTrue.xml
│ │ │ │ ├── MiscHttpConfigTests-PortsMappedInterceptUrlMethodRequiresAny.xml
│ │ │ │ ├── MiscHttpConfigTests-PortsMappedRequiresHttps.xml
│ │ │ │ ├── MiscHttpConfigTests-ProtectedLoginPage.xml
│ │ │ │ ├── MiscHttpConfigTests-ProtectedLoginPageAuthorizationManager.xml
│ │ │ │ ├── MiscHttpConfigTests-RedirectToHttpsRequiresHttpsAny.xml
│ │ │ │ ├── MiscHttpConfigTests-RegexSecurityPattern.xml
│ │ │ │ ├── MiscHttpConfigTests-RequestCache.xml
│ │ │ │ ├── MiscHttpConfigTests-RequestRejectedHandler.xml
│ │ │ │ ├── MiscHttpConfigTests-Sec750.xml
│ │ │ │ ├── MiscHttpConfigTests-Sec934.xml
│ │ │ │ ├── MiscHttpConfigTests-SecurityContextRepository.xml
│ │ │ │ ├── MiscHttpConfigTests-WithSecurityContextHolderStrategy.xml
│ │ │ │ ├── MiscHttpConfigTests-X509.xml
│ │ │ │ ├── MiscHttpConfigTests-X509PrincipalExtractorRef.xml
│ │ │ │ ├── MiscHttpConfigTests-X509PrincipalExtractorRefAndSubjectPrincipalRegex.xml
│ │ │ │ ├── MiscHttpConfigTests-X509WithSecurityContextHolderStrategy.xml
│ │ │ │ ├── MiscHttpConfigTests-certificate.pem
│ │ │ │ ├── MiscHttpConfigTests-controllers.xml
│ │ │ │ ├── MultiHttpBlockConfigTests-DistinctHttpElements.xml
│ │ │ │ ├── MultiHttpBlockConfigTests-IdenticalHttpElements.xml
│ │ │ │ ├── MultiHttpBlockConfigTests-IdenticallyPatternedHttpElements.xml
│ │ │ │ ├── MultiHttpBlockConfigTests-Sec1937.xml
│ │ │ │ ├── OAuth2AuthorizedClientManagerRegistrarTests-clients.xml
│ │ │ │ ├── OAuth2AuthorizedClientManagerRegistrarTests-minimal.xml
│ │ │ │ ├── OAuth2AuthorizedClientManagerRegistrarTests-providers.xml
│ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests-AuthorizedClientArgumentResolver.xml
│ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests-CustomAuthorizationRedirectStrategy.xml
│ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests-CustomAuthorizedClientService.xml
│ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests-CustomClientRegistrationRepository.xml
│ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests-CustomConfiguration.xml
│ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests-Minimal.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-AuthorizedClientArgumentResolver.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-MultiClientRegistration-WithCustomConfiguration.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-MultiClientRegistration-WithCustomGrantedAuthorities.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-MultiClientRegistration-WithCustomLoginProcessingUrl.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-MultiClientRegistration.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithCustomAuthenticationFailureHandler.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithCustomAuthorizationRedirectStrategy.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithCustomAuthorizationRequestResolver.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithCustomLoginPage.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithFormLogin.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithJwtDecoderFactory.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithJwtDecoderFactoryAndDefaultSuccessHandler.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-WithCustomAuthorizedClientRepository.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-WithCustomAuthorizedClientService.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-WithCustomClientRegistrationRepository.xml
│ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-WithCustomSecurityContextHolderStrategy.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AccessDeniedHandler.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Active.json
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-ActiveNoScopes.json
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AllowBearerTokenInBody.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AllowBearerTokenInQuery.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AlwaysSessionCreation.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AuthenticationConverter.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AuthenticationConverterAndBearerTokenResolver.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AuthenticationEntryPoint.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AuthenticationManagerResolver.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AuthenticationManagerResolverPlusOtherConfig.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-BasicAndResourceServer.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-BearerTokenResolver.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Default.jwks
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Empty.jwks
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Expired.token
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-ExpiredJwtClockSkew.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-ExpiresAt4687177990.token
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-FormAndResourceServer.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Inactive.json
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-IntrospectionUri.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-JwkSetUri.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Jwt.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-JwtAuthenticationConverter.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-JwtCustomSecurityContextHolderStrategy.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-JwtDecoderAndJwkSetUri.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-JwtHalfConfigured.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-JwtRestOperations.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Jwtless.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Kid.token
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MalformedPayload.token
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockAuthenticationConverter.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockBearerTokenResolver.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockJwkSetUri.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockJwtAuthenticationConverter.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockJwtDecoder.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockJwtValidator.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockOpaqueTokenIntrospector.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MultipleIssuers.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-OpaqueToken.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-OpaqueTokenAndAuthenticationConverter.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-OpaqueTokenAndIntrospectionUri.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-OpaqueTokenHalfConfigured.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-OpaqueTokenRestOperations.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-SingleKey.pub
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-SingleKey.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-TooEarly.token
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-TwoKeys.jwks
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-UnexpiredJwtClockSkew.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Unsigned.token
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-ValidMessageReadScope.token
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-ValidMessageWriteScp.token
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-ValidNoScopes.token
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-WebServer.xml
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-WrongAlgorithm.token
│ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-WrongSignature.token
│ │ │ │ ├── PlaceHolderAndELConfigTests-AccessDeniedPage.xml
│ │ │ │ ├── PlaceHolderAndELConfigTests-AccessDeniedPageWithSpEL.xml
│ │ │ │ ├── PlaceHolderAndELConfigTests-InterceptUrlAndFormLogin.xml
│ │ │ │ ├── PlaceHolderAndELConfigTests-InterceptUrlAndFormLoginWithSpEL.xml
│ │ │ │ ├── PlaceHolderAndELConfigTests-PortMapping.xml
│ │ │ │ ├── PlaceHolderAndELConfigTests-RequiresChannel.xml
│ │ │ │ ├── PlaceHolderAndELConfigTests-UnsecuredPattern.xml
│ │ │ │ ├── RememberMeConfigTests-DefaultConfig.xml
│ │ │ │ ├── RememberMeConfigTests-NegativeTokenValidity.xml
│ │ │ │ ├── RememberMeConfigTests-NegativeTokenValidityWithDataSource.xml
│ │ │ │ ├── RememberMeConfigTests-NegativeTokenValidityWithPersistentRepository.xml
│ │ │ │ ├── RememberMeConfigTests-Sec1827.xml
│ │ │ │ ├── RememberMeConfigTests-Sec2165.xml
│ │ │ │ ├── RememberMeConfigTests-Sec742.xml
│ │ │ │ ├── RememberMeConfigTests-SecureCookie.xml
│ │ │ │ ├── RememberMeConfigTests-TokenValidity.xml
│ │ │ │ ├── RememberMeConfigTests-WithAuthenticationSuccessHandler.xml
│ │ │ │ ├── RememberMeConfigTests-WithDataSource.xml
│ │ │ │ ├── RememberMeConfigTests-WithRememberMeCookie.xml
│ │ │ │ ├── RememberMeConfigTests-WithRememberMeCookieAndServicesRef.xml
│ │ │ │ ├── RememberMeConfigTests-WithRememberMeParameter.xml
│ │ │ │ ├── RememberMeConfigTests-WithRememberMeParameterAndServicesRef.xml
│ │ │ │ ├── RememberMeConfigTests-WithSecurityContextHolderStrategy.xml
│ │ │ │ ├── RememberMeConfigTests-WithServicesRef.xml
│ │ │ │ ├── RememberMeConfigTests-WithTokenRepository.xml
│ │ │ │ ├── RememberMeConfigTests-WithUserDetailsService.xml
│ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-MultiRelyingPartyRegistration.xml
│ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-SingleRelyingPartyRegistration-WithCustomAuthenticationFailureHandler.xml
│ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-SingleRelyingPartyRegistration.xml
│ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomLoginProcessingUrl-WithCustomAuthenticationConverter.xml
│ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomLoginProcessingUrl.xml
│ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomRelyingPartyRepository-WithCustomAuthenticationConverter.xml
│ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomRelyingPartyRepository-WithCustomAuthenticationManager.xml
│ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomRelyingPartyRepository-WithCustomAuthenticationRequestResolver.xml
│ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomRelyingPartyRepository-WithCustomAuthnRequestRepository.xml
│ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomRelyingPartyRepository.xml
│ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomSecurityContextHolderStrategy.xml
│ │ │ │ ├── Saml2LogoutBeanDefinitionParserTests-CsrfDisabled-MockLogoutSuccessHandler.xml
│ │ │ │ ├── Saml2LogoutBeanDefinitionParserTests-CustomComponents.xml
│ │ │ │ ├── Saml2LogoutBeanDefinitionParserTests-Default.xml
│ │ │ │ ├── Saml2LogoutBeanDefinitionParserTests-LogoutSuccessHandler.xml
│ │ │ │ ├── Saml2LogoutBeanDefinitionParserTests-WithSecurityContextHolderStrategy.xml
│ │ │ │ ├── SecurityContextHolderAwareRequestConfigTests-FormLogin.xml
│ │ │ │ ├── SecurityContextHolderAwareRequestConfigTests-HttpBasic.xml
│ │ │ │ ├── SecurityContextHolderAwareRequestConfigTests-Logout.xml
│ │ │ │ ├── SecurityContextHolderAwareRequestConfigTests-MultiHttp.xml
│ │ │ │ ├── SecurityContextHolderAwareRequestConfigTests-Simple.xml
│ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlCustomLogoutHandler.xml
│ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlExpiredUrl.xml
│ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlLogoutAndRememberMeHandlers.xml
│ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlMaxSessions.xml
│ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlMaxSessionsPlaceHolder.xml
│ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlRememberMeHandler.xml
│ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlSessionRegistryAlias.xml
│ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlSessionRegistryRef.xml
│ │ │ │ ├── SessionManagementConfigTests-CreateSessionAlways.xml
│ │ │ │ ├── SessionManagementConfigTests-CreateSessionIfRequired.xml
│ │ │ │ ├── SessionManagementConfigTests-CreateSessionNever.xml
│ │ │ │ ├── SessionManagementConfigTests-CreateSessionStateless.xml
│ │ │ │ ├── SessionManagementConfigTests-NoSessionManagementFilter.xml
│ │ │ │ ├── SessionManagementConfigTests-Sec1208.xml
│ │ │ │ ├── SessionManagementConfigTests-Sec2137.xml
│ │ │ │ ├── SessionManagementConfigTests-SessionAuthenticationStrategyRef.xml
│ │ │ │ ├── SessionManagementConfigTests-SessionFixationProtectionMigrateSession.xml
│ │ │ │ ├── SessionManagementConfigTests-SessionFixationProtectionNone.xml
│ │ │ │ ├── SessionManagementConfigTests-SessionFixationProtectionNoneWithInvalidSessionUrl.xml
│ │ │ │ ├── SessionManagementConfigTransientAuthenticationTests-CreateSessionAlwaysWithTransientAuthentication.xml
│ │ │ │ ├── SessionManagementConfigTransientAuthenticationTests-WithTransientAuthentication.xml
│ │ │ │ ├── WellKnownChangePasswordBeanDefinitionParserTests-CustomChangePasswordPage.xml
│ │ │ │ ├── WellKnownChangePasswordBeanDefinitionParserTests-DefaultChangePasswordPage.xml
│ │ │ │ ├── jaas-login.conf
│ │ │ │ ├── key.pem
│ │ │ │ └── userservice.xml
│ │ │ ├── method/
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-AspectJMethodSecurityServiceEnabled.xml
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-BusinessService.xml
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-CustomAuthorizationManagerAfterAdvice.xml
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-CustomAuthorizationManagerBeforeAdvice.xml
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-CustomGrantedAuthorityDefaults.xml
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-CustomPermissionEvaluator.xml
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-Jsr250.xml
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-MethodSecurityService.xml
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-MethodSecurityServiceEnabled.xml
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-MethodSecurityServiceEnabledCustomSecurityContextHolderStrategy.xml
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-ProtectPointcut.xml
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-ProtectPointcutBoolean.xml
│ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-Secured.xml
│ │ │ │ ├── PreAuthorizeTests-context.xml
│ │ │ │ ├── SecuredTests-context.xml
│ │ │ │ ├── sec2136/
│ │ │ │ │ └── sec2136.xml
│ │ │ │ └── sec2499/
│ │ │ │ ├── child.xml
│ │ │ │ └── parent.xml
│ │ │ ├── method-security.xml
│ │ │ ├── oauth2/
│ │ │ │ └── client/
│ │ │ │ ├── ClientRegistrationsBeanDefinitionParserTests-ClientPlaceholders.xml
│ │ │ │ ├── ClientRegistrationsBeanDefinitionParserTests-MultiClientRegistration.xml
│ │ │ │ ├── google-github-registration.xml
│ │ │ │ └── google-registration.xml
│ │ │ ├── saml2/
│ │ │ │ ├── RelyingPartyRegistrationsBeanDefinitionParserTests-MultiRegistration.xml
│ │ │ │ ├── RelyingPartyRegistrationsBeanDefinitionParserTests-PlaceholderRegistration.xml
│ │ │ │ ├── RelyingPartyRegistrationsBeanDefinitionParserTests-RelayStateResolver.xml
│ │ │ │ ├── RelyingPartyRegistrationsBeanDefinitionParserTests-SingleRegistration.xml
│ │ │ │ ├── google-custom-registration.xml
│ │ │ │ ├── google-registration.xml
│ │ │ │ ├── idp-certificate.crt
│ │ │ │ ├── logout-registrations.xml
│ │ │ │ ├── rp-certificate.crt
│ │ │ │ └── rp-private.key
│ │ │ ├── users.properties
│ │ │ ├── web/
│ │ │ │ └── server/
│ │ │ │ └── OAuth2ResourceServerSpecTests-simple.pub
│ │ │ └── websocket/
│ │ │ ├── WebSocketMessageBrokerConfigTests-ConnectAckInterceptTypeConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-ConnectInterceptTypeConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-CustomAuthorizationManagerConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-CustomCsrfInterceptor.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-CustomExpressionHandlerAuthorizationManager.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-CustomExpressionHandlerConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-CustomInterceptorConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-CustomPathMatcherAuthorizationManager.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-CustomPathMatcherConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-DisconnectAckInterceptTypeConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-DisconnectInterceptTypeConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-HeartbeatInterceptTypeConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-IdConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-IdIntegratedConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-MessageInterceptTypeAuthorizationManager.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-MessageInterceptTypeConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-NoIdAuthorizationManager.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-NoIdConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-OtherInterceptTypeConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-SubscribeInterceptTypeAuthorizationManager.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-SubscribeInterceptTypeConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-SubscribeInterceptTypePathPattern.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-SubscribeInterceptTypePathPatternParser.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-SyncConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-SyncCustomArgumentResolverConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-SyncSameOriginDisabledConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-SyncSockJsConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-UnsubscribeInterceptTypeConfig.xml
│ │ │ ├── WebSocketMessageBrokerConfigTests-WithSecurityContextHolderStrategy.xml
│ │ │ ├── controllers.xml
│ │ │ ├── sync.xml
│ │ │ ├── websocket-sockjs.xml
│ │ │ └── websocket.xml
│ │ └── util/
│ │ └── filtertest-valid.xml
│ ├── resources/
│ │ └── file.js
│ ├── rod.cer
│ ├── rodatexampledotcom.cer
│ ├── serialized/
│ │ ├── 6.2.x/
│ │ │ ├── org.springframework.security.access.intercept.RunAsUserToken.serialized
│ │ │ ├── org.springframework.security.authentication.RememberMeAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.UsernamePasswordAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.jaas.JaasAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.jaas.JaasGrantedAuthority.serialized
│ │ │ ├── org.springframework.security.cas.authentication.CasAssertionAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.cas.authentication.CasAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.core.authority.SimpleGrantedAuthority.serialized
│ │ │ ├── org.springframework.security.core.context.SecurityContextImpl.serialized
│ │ │ ├── org.springframework.security.core.session.SessionInformation.serialized
│ │ │ ├── org.springframework.security.core.userdetails.User$AuthorityComparator.serialized
│ │ │ ├── org.springframework.security.core.userdetails.User.serialized
│ │ │ ├── org.springframework.security.ldap.userdetails.InetOrgPerson.serialized
│ │ │ ├── org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.serialized
│ │ │ ├── org.springframework.security.ldap.userdetails.Person.serialized
│ │ │ ├── org.springframework.security.oauth2.client.OAuth2AuthorizedClient.serialized
│ │ │ ├── org.springframework.security.oauth2.client.OAuth2AuthorizedClientId.serialized
│ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.client.registration.ClientRegistration$Builder.serialized
│ │ │ ├── org.springframework.security.oauth2.client.registration.ClientRegistration.serialized
│ │ │ ├── org.springframework.security.oauth2.core.AuthenticationMethod.serialized
│ │ │ ├── org.springframework.security.oauth2.core.AuthorizationGrantType.serialized
│ │ │ ├── org.springframework.security.oauth2.core.ClientAuthenticationMethod.serialized
│ │ │ ├── org.springframework.security.oauth2.core.OAuth2AccessToken$TokenType.serialized
│ │ │ ├── org.springframework.security.oauth2.core.OAuth2Error.serialized
│ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange.serialized
│ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.serialized
│ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.serialized
│ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType.serialized
│ │ │ ├── org.springframework.security.oauth2.core.oidc.OidcUserInfo.serialized
│ │ │ ├── org.springframework.security.oauth2.core.user.DefaultOAuth2User.serialized
│ │ │ ├── org.springframework.security.oauth2.core.user.OAuth2UserAuthority.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.provisioning.MutableUser.serialized
│ │ │ ├── org.springframework.security.saml2.core.Saml2Error.serialized
│ │ │ ├── org.springframework.security.web.authentication.WebAuthenticationDetails.serialized
│ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.serialized
│ │ │ ├── org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority.serialized
│ │ │ ├── org.springframework.security.web.savedrequest.DefaultSavedRequest.serialized
│ │ │ └── org.springframework.security.web.savedrequest.SavedCookie.serialized
│ │ ├── 6.3.x/
│ │ │ ├── org.springframework.security.access.intercept.RunAsUserToken.serialized
│ │ │ ├── org.springframework.security.authentication.RememberMeAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.UsernamePasswordAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.jaas.JaasAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.jaas.JaasGrantedAuthority.serialized
│ │ │ ├── org.springframework.security.cas.authentication.CasAssertionAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.cas.authentication.CasAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.core.authority.SimpleGrantedAuthority.serialized
│ │ │ ├── org.springframework.security.core.context.SecurityContextImpl.serialized
│ │ │ ├── org.springframework.security.core.session.ReactiveSessionInformation.serialized
│ │ │ ├── org.springframework.security.core.session.SessionInformation.serialized
│ │ │ ├── org.springframework.security.core.userdetails.User$AuthorityComparator.serialized
│ │ │ ├── org.springframework.security.core.userdetails.User.serialized
│ │ │ ├── org.springframework.security.ldap.userdetails.InetOrgPerson.serialized
│ │ │ ├── org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.serialized
│ │ │ ├── org.springframework.security.ldap.userdetails.Person.serialized
│ │ │ ├── org.springframework.security.oauth2.client.OAuth2AuthorizedClient.serialized
│ │ │ ├── org.springframework.security.oauth2.client.OAuth2AuthorizedClientId.serialized
│ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.client.registration.ClientRegistration$Builder.serialized
│ │ │ ├── org.springframework.security.oauth2.client.registration.ClientRegistration.serialized
│ │ │ ├── org.springframework.security.oauth2.core.AuthenticationMethod.serialized
│ │ │ ├── org.springframework.security.oauth2.core.AuthorizationGrantType.serialized
│ │ │ ├── org.springframework.security.oauth2.core.ClientAuthenticationMethod.serialized
│ │ │ ├── org.springframework.security.oauth2.core.OAuth2AccessToken$TokenType.serialized
│ │ │ ├── org.springframework.security.oauth2.core.OAuth2Error.serialized
│ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange.serialized
│ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.serialized
│ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.serialized
│ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType.serialized
│ │ │ ├── org.springframework.security.oauth2.core.oidc.OidcUserInfo.serialized
│ │ │ ├── org.springframework.security.oauth2.core.user.DefaultOAuth2User.serialized
│ │ │ ├── org.springframework.security.oauth2.core.user.OAuth2UserAuthority.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.provisioning.MutableUser.serialized
│ │ │ ├── org.springframework.security.saml2.core.Saml2Error.serialized
│ │ │ ├── org.springframework.security.web.authentication.WebAuthenticationDetails.serialized
│ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.serialized
│ │ │ ├── org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority.serialized
│ │ │ ├── org.springframework.security.web.savedrequest.DefaultSavedRequest.serialized
│ │ │ └── org.springframework.security.web.savedrequest.SavedCookie.serialized
│ │ ├── 6.4.x/
│ │ │ ├── org.springframework.security.access.AccessDeniedException.serialized
│ │ │ ├── org.springframework.security.access.AuthorizationServiceException.serialized
│ │ │ ├── org.springframework.security.access.SecurityConfig.serialized
│ │ │ ├── org.springframework.security.access.hierarchicalroles.CycleInRoleHierarchyException.serialized
│ │ │ ├── org.springframework.security.access.intercept.RunAsUserToken.serialized
│ │ │ ├── org.springframework.security.authentication.AccountExpiredException.serialized
│ │ │ ├── org.springframework.security.authentication.AnonymousAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.AuthenticationCredentialsNotFoundException.serialized
│ │ │ ├── org.springframework.security.authentication.AuthenticationServiceException.serialized
│ │ │ ├── org.springframework.security.authentication.BadCredentialsException.serialized
│ │ │ ├── org.springframework.security.authentication.CredentialsExpiredException.serialized
│ │ │ ├── org.springframework.security.authentication.DisabledException.serialized
│ │ │ ├── org.springframework.security.authentication.InsufficientAuthenticationException.serialized
│ │ │ ├── org.springframework.security.authentication.InternalAuthenticationServiceException.serialized
│ │ │ ├── org.springframework.security.authentication.LockedException.serialized
│ │ │ ├── org.springframework.security.authentication.ProviderNotFoundException.serialized
│ │ │ ├── org.springframework.security.authentication.RememberMeAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.TestingAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.UsernamePasswordAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureCredentialsExpiredEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureExpiredEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureLockedEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureServiceExceptionEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationSuccessEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.LogoutSuccessEvent.serialized
│ │ │ ├── org.springframework.security.authentication.jaas.JaasAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.jaas.JaasGrantedAuthority.serialized
│ │ │ ├── org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent.serialized
│ │ │ ├── org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent.serialized
│ │ │ ├── org.springframework.security.authentication.ott.InvalidOneTimeTokenException.serialized
│ │ │ ├── org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.password.CompromisedPasswordException.serialized
│ │ │ ├── org.springframework.security.authorization.AuthorityAuthorizationDecision.serialized
│ │ │ ├── org.springframework.security.authorization.AuthorizationDecision.serialized
│ │ │ ├── org.springframework.security.authorization.AuthorizationDeniedException.serialized
│ │ │ ├── org.springframework.security.authorization.event.AuthorizationEvent.serialized
│ │ │ ├── org.springframework.security.authorization.event.AuthorizationGrantedEvent.serialized
│ │ │ ├── org.springframework.security.cas.authentication.CasAssertionAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.cas.authentication.CasAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.config.annotation.AlreadyBuiltException.serialized
│ │ │ ├── org.springframework.security.core.authority.SimpleGrantedAuthority.serialized
│ │ │ ├── org.springframework.security.core.context.SecurityContextImpl.serialized
│ │ │ ├── org.springframework.security.core.context.TransientSecurityContext.serialized
│ │ │ ├── org.springframework.security.core.session.AbstractSessionEvent.serialized
│ │ │ ├── org.springframework.security.core.session.ReactiveSessionInformation.serialized
│ │ │ ├── org.springframework.security.core.session.SessionInformation.serialized
│ │ │ ├── org.springframework.security.core.userdetails.User$AuthorityComparator.serialized
│ │ │ ├── org.springframework.security.core.userdetails.User.serialized
│ │ │ ├── org.springframework.security.core.userdetails.UsernameNotFoundException.serialized
│ │ │ ├── org.springframework.security.ldap.ppolicy.PasswordPolicyControl.serialized
│ │ │ ├── org.springframework.security.ldap.ppolicy.PasswordPolicyException.serialized
│ │ │ ├── org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl.serialized
│ │ │ ├── org.springframework.security.ldap.userdetails.InetOrgPerson.serialized
│ │ │ ├── org.springframework.security.ldap.userdetails.LdapAuthority.serialized
│ │ │ ├── org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.serialized
│ │ │ ├── org.springframework.security.ldap.userdetails.Person.serialized
│ │ │ ├── org.springframework.security.oauth2.client.ClientAuthorizationException.serialized
│ │ │ ├── org.springframework.security.oauth2.client.ClientAuthorizationRequiredException.serialized
│ │ │ ├── org.springframework.security.oauth2.client.OAuth2AuthorizedClient.serialized
│ │ │ ├── org.springframework.security.oauth2.client.OAuth2AuthorizedClientId.serialized
│ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.serialized
│ │ │ ├── org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation.serialized
│ │ │ ├── org.springframework.security.oauth2.client.registration.ClientRegistration$Builder.serialized
│ │ │ ├── org.springframework.security.oauth2.client.registration.ClientRegistration.serialized
│ │ │ ├── org.springframework.security.oauth2.core.AuthenticationMethod.serialized
│ │ │ ├── org.springframework.security.oauth2.core.AuthorizationGrantType.serialized
│ │ │ ├── org.springframework.security.oauth2.core.ClientAuthenticationMethod.serialized
│ │ │ ├── org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal.serialized
│ │ │ ├── org.springframework.security.oauth2.core.OAuth2AccessToken$TokenType.serialized
│ │ │ ├── org.springframework.security.oauth2.core.OAuth2AccessToken.serialized
│ │ │ ├── org.springframework.security.oauth2.core.OAuth2AuthenticationException.serialized
│ │ │ ├── org.springframework.security.oauth2.core.OAuth2AuthorizationException.serialized
│ │ │ ├── org.springframework.security.oauth2.core.OAuth2DeviceCode.serialized
│ │ │ ├── org.springframework.security.oauth2.core.OAuth2Error.serialized
│ │ │ ├── org.springframework.security.oauth2.core.OAuth2RefreshToken.serialized
│ │ │ ├── org.springframework.security.oauth2.core.OAuth2UserCode.serialized
│ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange.serialized
│ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.serialized
│ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.serialized
│ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType.serialized
│ │ │ ├── org.springframework.security.oauth2.core.oidc.OidcIdToken.serialized
│ │ │ ├── org.springframework.security.oauth2.core.oidc.OidcUserInfo.serialized
│ │ │ ├── org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser.serialized
│ │ │ ├── org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority.serialized
│ │ │ ├── org.springframework.security.oauth2.core.user.DefaultOAuth2User.serialized
│ │ │ ├── org.springframework.security.oauth2.core.user.OAuth2UserAuthority.serialized
│ │ │ ├── org.springframework.security.oauth2.jwt.BadJwtException.serialized
│ │ │ ├── org.springframework.security.oauth2.jwt.Jwt.serialized
│ │ │ ├── org.springframework.security.oauth2.jwt.JwtDecoderInitializationException.serialized
│ │ │ ├── org.springframework.security.oauth2.jwt.JwtEncodingException.serialized
│ │ │ ├── org.springframework.security.oauth2.jwt.JwtException.serialized
│ │ │ ├── org.springframework.security.oauth2.jwt.JwtValidationException.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.BearerTokenError.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.InvalidBearerTokenException.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal.serialized
│ │ │ ├── org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException.serialized
│ │ │ ├── org.springframework.security.provisioning.MutableUser.serialized
│ │ │ ├── org.springframework.security.saml2.Saml2Exception.serialized
│ │ │ ├── org.springframework.security.saml2.core.Saml2Error.serialized
│ │ │ ├── org.springframework.security.saml2.core.Saml2X509Credential.serialized
│ │ │ ├── org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal.serialized
│ │ │ ├── org.springframework.security.saml2.provider.service.authentication.Saml2Authentication.serialized
│ │ │ ├── org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException.serialized
│ │ │ ├── org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.serialized
│ │ │ ├── org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest.serialized
│ │ │ ├── org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.serialized
│ │ │ ├── org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.serialized
│ │ │ ├── org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.serialized
│ │ │ ├── org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails.serialized
│ │ │ ├── org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.serialized
│ │ │ ├── org.springframework.security.web.authentication.WebAuthenticationDetails.serialized
│ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException.serialized
│ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.serialized
│ │ │ ├── org.springframework.security.web.authentication.rememberme.CookieTheftException.serialized
│ │ │ ├── org.springframework.security.web.authentication.rememberme.InvalidCookieException.serialized
│ │ │ ├── org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException.serialized
│ │ │ ├── org.springframework.security.web.authentication.session.SessionAuthenticationException.serialized
│ │ │ ├── org.springframework.security.web.authentication.session.SessionFixationProtectionEvent.serialized
│ │ │ ├── org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent.serialized
│ │ │ ├── org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority.serialized
│ │ │ ├── org.springframework.security.web.authentication.www.NonceExpiredException.serialized
│ │ │ ├── org.springframework.security.web.csrf.CsrfException.serialized
│ │ │ ├── org.springframework.security.web.csrf.DefaultCsrfToken.serialized
│ │ │ ├── org.springframework.security.web.csrf.InvalidCsrfTokenException.serialized
│ │ │ ├── org.springframework.security.web.csrf.MissingCsrfTokenException.serialized
│ │ │ ├── org.springframework.security.web.firewall.RequestRejectedException.serialized
│ │ │ ├── org.springframework.security.web.savedrequest.DefaultSavedRequest.serialized
│ │ │ ├── org.springframework.security.web.savedrequest.SavedCookie.serialized
│ │ │ ├── org.springframework.security.web.savedrequest.SimpleSavedRequest.serialized
│ │ │ ├── org.springframework.security.web.server.csrf.CsrfException.serialized
│ │ │ ├── org.springframework.security.web.server.csrf.DefaultCsrfToken.serialized
│ │ │ ├── org.springframework.security.web.server.firewall.ServerExchangeRejectedException.serialized
│ │ │ ├── org.springframework.security.web.session.HttpSessionCreatedEvent.serialized
│ │ │ ├── org.springframework.security.web.session.HttpSessionIdChangedEvent.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.AuthenticatorAttachment.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.AuthenticatorTransport.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.Bytes.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput$CredProtect.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.CredentialPropertiesOutput$ExtensionOutput.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.CredentialPropertiesOutput.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInputs.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientOutputs.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.PublicKeyCredential.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.PublicKeyCredentialType.serialized
│ │ │ ├── org.springframework.security.web.webauthn.api.UserVerificationRequirement.serialized
│ │ │ ├── org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication.serialized
│ │ │ ├── org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken.serialized
│ │ │ └── org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest.serialized
│ │ ├── 6.5.x/
│ │ │ ├── org.springframework.security.access.AccessDeniedException.serialized
│ │ │ ├── org.springframework.security.access.AuthorizationServiceException.serialized
│ │ │ ├── org.springframework.security.access.SecurityConfig.serialized
│ │ │ ├── org.springframework.security.access.hierarchicalroles.CycleInRoleHierarchyException.serialized
│ │ │ ├── org.springframework.security.access.intercept.RunAsUserToken.serialized
│ │ │ ├── org.springframework.security.authentication.AccountExpiredException.serialized
│ │ │ ├── org.springframework.security.authentication.AnonymousAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.AuthenticationCredentialsNotFoundException.serialized
│ │ │ ├── org.springframework.security.authentication.AuthenticationServiceException.serialized
│ │ │ ├── org.springframework.security.authentication.BadCredentialsException.serialized
│ │ │ ├── org.springframework.security.authentication.CredentialsExpiredException.serialized
│ │ │ ├── org.springframework.security.authentication.DisabledException.serialized
│ │ │ ├── org.springframework.security.authentication.InsufficientAuthenticationException.serialized
│ │ │ ├── org.springframework.security.authentication.InternalAuthenticationServiceException.serialized
│ │ │ ├── org.springframework.security.authentication.LockedException.serialized
│ │ │ ├── org.springframework.security.authentication.ProviderNotFoundException.serialized
│ │ │ ├── org.springframework.security.authentication.RememberMeAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.TestingAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.UsernamePasswordAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureCredentialsExpiredEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureExpiredEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureLockedEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureServiceExceptionEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.AuthenticationSuccessEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent.serialized
│ │ │ ├── org.springframework.security.authentication.event.LogoutSuccessEvent.serialized
│ │ │ ├── org.springframework.security.authentication.jaas.JaasAuthenticationToken.serialized
│ │ │ ├── org.springframework.security.authentication.jaas.JaasGrantedAuthority.serialized
│ │ │ ├── org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent.serialized
│ │ │ ├── org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent.serialized
│ │ │ ├── org.springframework.security.authentication.ott.DefaultOneTimeToken.serialized
│ │ │ ├── org.springframework.security.authentication.ott.InvalidOneTimeTokenException.serialized
│ │ │ ├── org.springframework.security.authentication.ott.One
================================================
FILE CONTENTS
================================================
================================================
FILE: .editorconfig
================================================
# EditorConfig for Spring Security
# see https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.adoc#mind-the-whitespace
root = true
[*]
end_of_line = lf
trim_trailing_whitespace = true
insert_final_newline = true
max_line_length = 120
[*.{java,xml}]
indent_style = tab
indent_size = 4
charset = utf-8
continuation_indent_size = 8
ij_smart_tabs = false
ij_java_align_multiline_parameters = false
[*.gradle]
indent_style = tab
================================================
FILE: .gitattributes
================================================
# Normalize line endings to auto.
* text auto
# Ensure that line endings for DOS batch files are not modified.
*.bat -text
# Ensure the following are treated as binary.
*.cer binary
*.graffle binary
*.jar binary
*.jpeg binary
*.jpg binary
*.keystore binary
*.odg binary
*.otg binary
*.png binary
*.hsx binary
*.serialized binary
================================================
FILE: .github/ISSUE_TEMPLATE/bug.md
================================================
---
name: Bug
about: Create a bug report to help us improve
title: ''
labels: 'status: waiting-for-triage, type: bug'
assignees: ''
---
<!--
Do NOT report Security Vulnerabilities here. Please use https://github.com/spring-projects/spring-security/security/policy
-->
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior.
**Expected behavior**
A clear and concise description of what you expected to happen.
**Sample**
A link to a GitHub repository with a [minimal, reproducible sample](https://stackoverflow.com/help/minimal-reproducible-example).
Reports that include a sample will take priority over reports that do not.
At times, we may require a sample, so it is good to try and include a sample up front.
================================================
FILE: .github/ISSUE_TEMPLATE/config.yml
================================================
blank_issues_enabled: false
contact_links:
- name: Community Support
url: https://stackoverflow.com/questions/tagged/spring-security
about: Please ask and answer questions on StackOverflow with the tag `spring-security`.
================================================
FILE: .github/ISSUE_TEMPLATE/enhancement.md
================================================
---
name: Enhancement
about: Suggest an enhancement for this project
title: ''
labels: 'status: waiting-for-triage, type: enhancement'
assignees: ''
---
**Expected Behavior**
<!--- Tell us how it should work -->
**Current Behavior**
<!--- Explain the difference from current behavior -->
**Context**
<!---
How has this issue affected you?
What are you trying to accomplish?
What other alternatives have you considered?
Are you aware of any workarounds?
-->
================================================
FILE: .github/ISSUE_TEMPLATE.md
================================================
<!--
For Security Vulnerabilities, please use https://spring.io/security-policy
-->
### Summary
<!--
Please provide a high level summary of the issue you are having
-->
### Actual Behavior
<!--
Please describe step by step the behavior you are observing
-->
### Expected Behavior
<!--
Please describe step by step the behavior you expect
-->
### Configuration
<!--
Please provide any configuration you have.
-->
### Version
<!--
Please describe what version you are using. Does the problem occur in other versions?
-->
### Sample
<!--
Providing a complete sample (i.e. link to a github repository) will give this issue higher
priority than issues that do not have a complete sample
-->
================================================
FILE: .github/PULL_REQUEST_TEMPLATE.md
================================================
<!--
For Security Vulnerabilities, please use https://pivotal.io/security#reporting
-->
<!--
Before creating new features, we recommend creating an issue to discuss the feature. This ensures that everyone is on the same page before extensive work is done.
Thanks for contributing to Spring Security. Please provide a brief description of your pull-request and reference any related issue numbers (prefix references with gh-).
-->
================================================
FILE: .github/dco.yml
================================================
require:
members: false
================================================
FILE: .github/dependabot.yml
================================================
version: 2
registries:
shibboleth:
type: maven-repository
url: https://build.shibboleth.net/maven/releases
updates:
# 6.5.x
- package-ecosystem: gradle
target-branch: 6.5.x
directory: /
schedule:
interval: daily
time: '03:00'
timezone: Etc/UTC
labels:
- 'type: dependency-upgrade'
registries:
- shibboleth
ignore:
- dependency-name: com.nimbusds:nimbus-jose-jwt
- dependency-name: org.python:jython
- dependency-name: org.apache.directory.server:*
- dependency-name: org.apache.directory.shared:*
- dependency-name: org.junit:junit-bom
update-types:
- version-update:semver-major
- dependency-name: org.mockito:mockito-bom
update-types:
- version-update:semver-major
- dependency-name: '*'
update-types:
- version-update:semver-major
- version-update:semver-minor
- package-ecosystem: npm
target-branch: 6.5.x
directory: /docs
schedule:
interval: weekly
labels:
- 'type: task'
- 'type: dependency-upgrade'
- 'in: build'
- package-ecosystem: github-actions
target-branch: 6.5.x
directory: /
schedule:
interval: weekly
labels:
- 'type: task'
- 'type: dependency-upgrade'
- 'in: build'
# 7.0.x
- package-ecosystem: gradle
target-branch: 7.0.x
directory: /
schedule:
interval: daily
time: '03:00'
timezone: Etc/UTC
labels:
- 'type: dependency-upgrade'
registries:
- shibboleth
ignore:
- dependency-name: com.nimbusds:nimbus-jose-jwt
- dependency-name: io.spring.nullability:*
- dependency-name: org.python:jython
- dependency-name: org.apache.directory.server:*
- dependency-name: org.apache.directory.shared:*
- dependency-name: org.junit:junit-bom
update-types:
- version-update:semver-major
- dependency-name: org.mockito:mockito-bom
update-types:
- version-update:semver-major
- dependency-name: com.gradle.enterprise
update-types:
- version-update:semver-major
- version-update:semver-minor
- dependency-name: '*'
update-types:
- version-update:semver-major
- version-update:semver-minor
- package-ecosystem: npm
target-branch: 7.0.x
directory: /docs
schedule:
interval: weekly
labels:
- 'type: task'
- 'type: dependency-upgrade'
- 'in: build'
- package-ecosystem: github-actions
target-branch: 7.0.x
directory: /
schedule:
interval: weekly
labels:
- 'type: task'
- 'type: dependency-upgrade'
- 'in: build'
# main
- package-ecosystem: gradle
target-branch: main
directory: /
schedule:
interval: daily
time: '03:00'
timezone: Etc/UTC
labels:
- 'type: dependency-upgrade'
registries:
- shibboleth
ignore:
- dependency-name: com.nimbusds:nimbus-jose-jwt
- dependency-name: org.python:jython
- dependency-name: org.apache.directory.server:*
- dependency-name: org.apache.directory.shared:*
- dependency-name: org.junit:junit-bom
update-types:
- version-update:semver-major
- dependency-name: org.mockito:mockito-bom
update-types:
- version-update:semver-major
- dependency-name: com.gradle.enterprise
update-types:
- version-update:semver-major
- version-update:semver-minor
- dependency-name: '*'
update-types:
- version-update:semver-major
- package-ecosystem: npm
target-branch: main
directory: /docs
schedule:
interval: weekly
labels:
- 'type: task'
- 'type: dependency-upgrade'
- 'in: build'
- package-ecosystem: github-actions
target-branch: main
directory: /
schedule:
interval: weekly
labels:
- 'type: task'
- 'type: dependency-upgrade'
- 'in: build'
# docs-build
- package-ecosystem: gradle
target-branch: docs-build
directory: /
schedule:
interval: daily
time: '03:00'
timezone: Etc/UTC
labels:
- 'type: dependency-upgrade'
registries:
- shibboleth
ignore:
- dependency-name: com.nimbusds:nimbus-jose-jwt
- dependency-name: org.python:jython
- dependency-name: org.apache.directory.server:*
- dependency-name: org.apache.directory.shared:*
- dependency-name: org.junit:junit-bom
update-types:
- version-update:semver-major
- dependency-name: org.mockito:mockito-bom
update-types:
- version-update:semver-major
- dependency-name: com.gradle.enterprise
update-types:
- version-update:semver-major
- version-update:semver-minor
- dependency-name: '*'
update-types:
- version-update:semver-major
- package-ecosystem: npm
target-branch: docs-build
directory: /
schedule:
interval: weekly
labels:
- 'type: task'
- 'type: dependency-upgrade'
- 'in: build'
- package-ecosystem: github-actions
target-branch: docs-build
directory: /
schedule:
interval: weekly
labels:
- 'type: task'
- 'type: dependency-upgrade'
- 'in: build'
================================================
FILE: .github/workflows/auto-merge-dependabot.yml
================================================
name: Merge Dependabot PR
on:
pull_request:
branches:
- main
- '*.x'
run-name: Merge Dependabot PR ${{ github.ref_name }}
jobs:
merge-dependabot-pr:
permissions: write-all
uses: spring-io/spring-github-workflows/.github/workflows/spring-merge-dependabot-pr.yml@v7
with:
mergeArguments: --auto --rebase
================================================
FILE: .github/workflows/check-snapshots.yml
================================================
name: CI
on:
schedule:
- cron: '0 10 * * *' # Once per day at 10am UTC
workflow_dispatch: # Manual trigger
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
permissions:
contents: read
jobs:
snapshot-test:
name: Test Against Snapshots
uses: spring-io/spring-security-release-tools/.github/workflows/test.yml@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15
strategy:
matrix:
include:
- java-version: 25
toolchain: 25
with:
java-version: ${{ matrix.java-version }}
test-args: --refresh-dependencies -PforceMavenRepositories=snapshot,https://oss.sonatype.org/content/repositories/snapshots -PisOverrideVersionCatalog -PtestToolchain=${{ matrix.toolchain }} -PspringFrameworkVersion=7.+ -PreactorVersion=2025.+ -PspringDataVersion=2025.+ --stacktrace
secrets: inherit
send-notification:
name: Send Notification
needs: [ snapshot-test ]
if: ${{ !success() }}
runs-on: ubuntu-latest
steps:
- name: Send Notification
uses: spring-io/spring-security-release-tools/.github/actions/send-notification@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15
with:
webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
================================================
FILE: .github/workflows/clean_build_artifacts.yml
================================================
name: Clean build artifacts
on:
schedule:
- cron: '0 10 * * *' # Once per day at 10am UTC
permissions:
contents: read
jobs:
main:
runs-on: ubuntu-latest
if: ${{ github.repository == 'spring-projects/spring-security' }}
permissions:
contents: none
steps:
- name: Delete artifacts in cron job
env:
GH_ACTIONS_REPO_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
run: |
echo "Running clean build artifacts logic"
output=$(curl -X GET -H "Authorization: token $GH_ACTIONS_REPO_TOKEN" https://api.github.com/repos/spring-projects/spring-security/actions/artifacts | grep '"id"' | cut -d : -f2 | sed 's/,*$//g')
echo Output is $output
for id in $output; do curl -X DELETE -H "Authorization: token $GH_ACTIONS_REPO_TOKEN" https://api.github.com/repos/spring-projects/spring-security/actions/artifacts/$id; done;
================================================
FILE: .github/workflows/codeql.yml
================================================
name: "CodeQL Advanced"
on:
push:
pull_request:
workflow_dispatch:
schedule:
# https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#schedule
- cron: '0 5 * * *'
permissions: read-all
jobs:
codeql-analysis-call:
permissions:
actions: read
contents: read
security-events: write
uses: spring-io/github-actions/.github/workflows/codeql-analysis.yml@1
================================================
FILE: .github/workflows/continuous-integration-workflow.yml
================================================
name: CI
on:
push:
branches-ignore:
- "dependabot/**"
schedule:
- cron: '0 10 * * *' # Once per day at 10am UTC
workflow_dispatch: # Manual trigger
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
permissions:
contents: read
jobs:
build:
name: Build
uses: spring-io/spring-security-release-tools/.github/workflows/build.yml@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15
strategy:
matrix:
os: [ ubuntu-latest, windows-latest ]
jdk: [ 25 ]
with:
runs-on: ${{ matrix.os }}
java-version: ${{ matrix.jdk }}
distribution: temurin
secrets: inherit
deploy-artifacts:
name: Deploy Artifacts
needs: [ build]
uses: spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15
with:
should-deploy-artifacts: ${{ needs.build.outputs.should-deploy-artifacts }}
default-publish-milestones-central: true
java-version: 25
secrets: inherit
deploy-schema:
name: Deploy Schema
needs: [ build ]
uses: spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15
with:
should-deploy-schema: ${{ needs.build.outputs.should-deploy-artifacts }}
java-version: 25
secrets: inherit
perform-release:
name: Perform Release
needs: [ deploy-artifacts, deploy-schema ]
uses: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15
with:
should-perform-release: ${{ needs.deploy-artifacts.outputs.artifacts-deployed }}
project-version: ${{ needs.deploy-artifacts.outputs.project-version }}
milestone-repo-url: https://repo1.maven.org/maven2
release-repo-url: https://repo1.maven.org/maven2
artifact-path: org/springframework/security/spring-security-core
slack-announcing-id: spring-security-announcing
java-version: 25
secrets: inherit
send-notification:
name: Send Notification
needs: [ perform-release ]
if: ${{ !success() }}
runs-on: ubuntu-latest
steps:
- name: Send Notification
uses: spring-io/spring-security-release-tools/.github/actions/send-notification@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15
with:
webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
================================================
FILE: .github/workflows/defer-issues.yml
================================================
name: Defer Issues
on:
workflow_dispatch:
permissions:
contents: read
jobs:
defer-issues:
name: Defer Issues
runs-on: ubuntu-latest
if: github.repository_owner == 'spring-projects'
permissions:
issues: write
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Compute Version
id: compute-version
uses: spring-io/spring-release-actions/compute-version@0.0.3
- name: Get Today's Release Version
id: todays-release
uses: spring-io/spring-release-actions/get-todays-release-version@0.0.3
with:
snapshot-version: ${{ steps.compute-version.outputs.version }}
milestone-repository: ${{ github.repository }}
milestone-token: ${{ secrets.GITHUB_TOKEN }}
- name: Compute Next Version
id: next-version
uses: spring-io/spring-release-actions/compute-next-version@0.0.3
with:
version: ${{ steps.todays-release.outputs.release-version }}
- name: Schedule Next Milestone
uses: spring-io/spring-release-actions/schedule-milestone@0.0.3
with:
version: ${{ steps.next-version.outputs.version }}
version-date: ${{ steps.next-version.outputs.version-date }}
repository: ${{ github.repository }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: Move Open Issues to Next Milestone
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CURRENT_MILESTONE: ${{ steps.todays-release.outputs.release-version }}
NEXT_MILESTONE: ${{ steps.next-version.outputs.version }}
run: |
current_milestone_number=$(gh api repos/${{ github.repository }}/milestones \
--jq ".[] | select(.title == \"$CURRENT_MILESTONE\") | .number")
if [ -z "$current_milestone_number" ]; then
echo "No milestone found for $CURRENT_MILESTONE"
exit 0
fi
next_milestone_number=$(gh api repos/${{ github.repository }}/milestones \
--jq ".[] | select(.title == \"$NEXT_MILESTONE\") | .number")
if [ -z "$next_milestone_number" ]; then
echo "No milestone found for $NEXT_MILESTONE"
exit 1
fi
echo "Moving open issues from milestone '$CURRENT_MILESTONE' (#$current_milestone_number) to '$NEXT_MILESTONE' (#$next_milestone_number)"
page=1
while true; do
issues=$(gh api "repos/${{ github.repository }}/issues?milestone=$current_milestone_number&state=open&per_page=100&page=$page" \
--jq '.[].number')
if [ -z "$issues" ]; then
break
fi
for issue in $issues; do
echo "Moving issue/PR #$issue to milestone $NEXT_MILESTONE"
gh api repos/${{ github.repository }}/issues/$issue \
--method PATCH \
--field milestone=$next_milestone_number \
--silent
done
page=$((page + 1))
done
echo "Done."
================================================
FILE: .github/workflows/deploy-docs.yml
================================================
name: Deploy Docs
on:
push:
branches-ignore:
- "gh-pages"
- "dependabot/**"
tags: '**'
repository_dispatch:
types: request-build-reference # legacy
#schedule:
#- cron: '0 10 * * *' # Once per day at 10am UTC
workflow_dispatch:
permissions: read-all
jobs:
build:
runs-on: ubuntu-latest
if: github.repository_owner == 'spring-projects'
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: docs-build
fetch-depth: 1
- name: Dispatch (partial build)
if: github.ref_type == 'branch'
env:
GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
run: gh workflow run deploy-docs.yml -r $(git rev-parse --abbrev-ref HEAD) -f build-refname=${{ github.ref_name }}
- name: Dispatch (full build)
if: github.ref_type == 'tag'
env:
GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
run: gh workflow run deploy-docs.yml -r $(git rev-parse --abbrev-ref HEAD)
================================================
FILE: .github/workflows/finalize-release.yml
================================================
name: Finalize Release
on:
workflow_dispatch: # Manual trigger
inputs:
version:
description: The Spring Security release to finalize (e.g. 7.0.0-RC2)
required: true
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
permissions:
contents: read
jobs:
perform-release:
name: Perform Release
uses: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15
with:
should-perform-release: true
project-version: ${{ inputs.version }}
milestone-repo-url: https://repo1.maven.org/maven2
release-repo-url: https://repo1.maven.org/maven2
artifact-path: org/springframework/security/spring-security-core
slack-announcing-id: spring-security-announcing
secrets: inherit
================================================
FILE: .github/workflows/gradle-wrapper-upgrade-execution.yml
================================================
name: Execute Gradle Wrapper Upgrade
on:
schedule:
- cron: '0 2 * * *' # 2am UTC
workflow_dispatch:
permissions:
pull-requests: write
jobs:
upgrade_wrapper:
name: Execution
if: ${{ github.repository == 'spring-projects/spring-security' }}
runs-on: ubuntu-latest
steps:
- name: Set up Git configuration
env:
TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git config --global url."https://unused-username:${TOKEN}@github.com/".insteadOf "https://github.com/"
git config --global user.name 'github-actions[bot]'
git config --global user.email 'github-actions[bot]@users.noreply.github.com'
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up JDK 25
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
java-version: '25'
distribution: 'temurin'
- name: Set up Gradle
uses: gradle/setup-gradle@f29f5a9d7b09a7c6b29859002d29d24e1674c884 # v5.0.1
- name: Upgrade Wrappers
run: ./gradlew clean upgradeGradleWrapperAll --continue -Porg.gradle.java.installations.auto-download=false
env:
WRAPPER_UPGRADE_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .github/workflows/milestone-spring-releasetrain.yml
================================================
name: Check Milestone
on:
milestone:
types: [created, opened, edited]
env:
DUE_ON: ${{ github.event.milestone.due_on }}
TITLE: ${{ github.event.milestone.title }}
permissions:
contents: read
jobs:
spring-releasetrain-checks:
name: Check DueOn is on a Release Date
runs-on: ubuntu-latest
if: ${{ github.repository == 'spring-projects/spring-security' }}
permissions:
contents: none
steps:
- name: Print Milestone Being Checked
run: echo "Validating DueOn '$DUE_ON' for milestone '$TITLE'"
- name: Validate DueOn
if: env.DUE_ON != ''
run: |
export TOOL_VERSION=0.1.1
wget "https://repo.maven.apache.org/maven2/io/spring/releasetrain/spring-release-train-tools/$TOOL_VERSION/spring-release-train-tools-$TOOL_VERSION.jar"
java -cp "spring-release-train-tools-$TOOL_VERSION.jar" io.spring.releasetrain.CheckMilestoneDueOnMain --dueOn "$DUE_ON" --expectedDayOfWeek MONDAY --expectedMondayCount 3
send-notification:
name: Send Notification
needs: [ spring-releasetrain-checks ]
if: ${{ failure() || cancelled() }}
runs-on: ubuntu-latest
steps:
- name: Send Notification
uses: spring-io/spring-security-release-tools/.github/actions/send-notification@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15
with:
webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
================================================
FILE: .github/workflows/pr-build-workflow.yml
================================================
name: PR Build
on: pull_request
permissions:
contents: read
jobs:
build:
name: Build
runs-on: ubuntu-latest
if: ${{ github.repository == 'spring-projects/spring-security' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up gradle
uses: spring-io/spring-gradle-build-action@efc55f07f4dfa22f2afd97f9ea1be4212eeed737 # v2.0.5
with:
java-version: '25'
distribution: 'temurin'
- name: Build with Gradle
run: ./gradlew clean build -PskipCheckExpectedBranchVersion --continue --scan
generate-docs:
name: Generate Docs
runs-on: ubuntu-latest
if: ${{ github.repository == 'spring-projects/spring-security' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up gradle
uses: spring-io/spring-gradle-build-action@efc55f07f4dfa22f2afd97f9ea1be4212eeed737 # v2.0.5
with:
java-version: '25'
distribution: 'temurin'
- name: Run Antora
run: ./gradlew -PbuildSrc.skipTests=true :spring-security-docs:antora
- name: Upload Docs
id: upload
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: docs
path: docs/build/site
overwrite: true
send-notification:
name: Send Notification
needs: [ build, generate-docs ]
if: ${{ failure() && github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }}
runs-on: ubuntu-latest
steps:
- name: Send Notification
uses: spring-io/spring-security-release-tools/.github/actions/send-notification@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15
with:
webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
================================================
FILE: .github/workflows/release-scheduler.yml
================================================
name: Release Scheduler
on:
schedule:
- cron: '15 15 * * MON' # Every Monday at 3:15pm UTC
workflow_dispatch:
permissions: read-all
jobs:
dispatch_scheduled_releases:
name: Dispatch scheduled releases
if: github.repository_owner == 'spring-projects'
strategy:
matrix:
# List of active maintenance branches.
branch: [ main, 7.0.x, 6.5.x, 6.4.x, 6.3.x ]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 1
- name: Dispatch
env:
GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
run: gh workflow run update-scheduled-release-version.yml -r ${{ matrix.branch }}
================================================
FILE: .github/workflows/update-antora-ui-spring.yml
================================================
name: Update Antora UI Spring
on:
schedule:
- cron: '0 10 * * *' # Once per day at 10am UTC
workflow_dispatch:
permissions:
pull-requests: write
issues: write
contents: write
jobs:
update-antora-ui-spring:
name: Update on Supported Branches
if: ${{ github.repository == 'spring-projects/spring-security' }}
runs-on: ubuntu-latest
strategy:
matrix:
branch: [ '6.5.x', '7.0.x', 'main' ]
steps:
- uses: spring-io/spring-doc-actions/update-antora-spring-ui@415e2b11a766ba64799fffb5c97a4f7e17f677cf
name: Update
with:
docs-branch: ${{ matrix.branch }}
token: ${{ secrets.GITHUB_TOKEN }}
antora-file-path: 'docs/antora-playbook.yml'
update-antora-ui-spring-docs-build:
name: Update on docs-build
if: ${{ github.repository == 'spring-projects/spring-security' }}
runs-on: ubuntu-latest
steps:
- uses: spring-io/spring-doc-actions/update-antora-spring-ui@415e2b11a766ba64799fffb5c97a4f7e17f677cf
name: Update
with:
docs-branch: 'docs-build'
token: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .github/workflows/update-scheduled-release-version.yml
================================================
name: Update Scheduled Release Version
on:
workflow_dispatch: # Manual trigger only. Triggered by release-scheduler.yml on main.
permissions:
contents: read
jobs:
update-scheduled-release-version:
name: Update Scheduled Release Version
uses: spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15
secrets: inherit
send-notification:
name: Send Notification
needs: [ update-scheduled-release-version ]
if: ${{ failure() || cancelled() }}
runs-on: ubuntu-latest
steps:
- name: Send Notification
uses: spring-io/spring-security-release-tools/.github/actions/send-notification@b92832ecbc7cbe969201e6beafbde0ee400cf095 # v1.0.15
with:
webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
================================================
FILE: .gitignore
================================================
classes/
target/
*/src/*/java/META-INF
*/src/META-INF/
*/src/*/java/META-INF/
.classpath
.springBeans
.project
.DS_Store
.settings/
.idea/*
out/
bin/
intellij/
build/
*.log
*.log.*
*.iml
*.ipr
*.iws
.gradle/
atlassian-ide-plugin.xml
!etc/eclipse/.checkstyle
.checkstyle
s101plugin.state
.attach_pid*
.~lock.*#
.kotlin/
!.idea/checkstyle-idea.xml
!.idea/externalDependencies.xml
node_modules
================================================
FILE: .idea/checkstyle-idea.xml
================================================
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="CheckStyle-IDEA">
<option name="configuration">
<map>
<entry key="checkstyle-version" value="8.14" />
<entry key="copy-libs" value="false" />
<entry key="location-0" value="BUNDLED:(bundled):Sun Checks" />
<entry key="location-1" value="BUNDLED:(bundled):Google Checks" />
<entry key="scan-before-checkin" value="false" />
<entry key="scanscope" value="JavaOnlyWithTests" />
<entry key="suppress-errors" value="false" />
</map>
</option>
</component>
</project>
================================================
FILE: .idea/externalDependencies.xml
================================================
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ExternalDependencies">
<plugin id="CheckStyle-IDEA" />
<plugin id="org.jetbrains.plugins.gradle" />
</component>
</project>
================================================
FILE: .sdkmanrc
================================================
# Use sdkman to run "sdk env" to initialize with correct JDK version
# Enable auto-env through the sdkman_auto_env config
# See https://sdkman.io/usage#config
# A summary is to add the following to ~/.sdkman/etc/config
# sdkman_auto_env=true
java=25-librca
================================================
FILE: .vscode/settings.json
================================================
{
"java.gradle.buildServer.enabled": "off"
}
================================================
FILE: CONTRIBUTING.adoc
================================================
= Contributing to Spring Security
First off, thank you for taking the time to contribute! :+1: :tada:
== Table of Contents
* <<code-of-conduct>>
* <<how-to-contribute>>
* <<ask-questions>>
* <<find-an-issue>>
* <<create-an-issue>>
* <<issue-lifecycle>>
* <<submit-a-pull-request>>
* <<build-from-source>>
* <<code-style>>
[[code-of-conduct]]
== Code of Conduct
This project is governed by the https://github.com/spring-projects/.github/blob/main/CODE_OF_CONDUCT.md[Spring code of conduct].
By participating you are expected to uphold this code.
Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.
[[how-to-contribute]]
== How to Contribute
[[ask-questions]]
=== Ask Questions
If you have a question, check Stack Overflow using
https://stackoverflow.com/questions/tagged/spring-security+or+spring-ldap+or+spring-authorization-server+or+spring-session?tab=Newest[this list of tags].
Find an existing discussion, or start a new one if necessary.
If you believe there is an issue, search through https://github.com/spring-projects/spring-security/issues[existing issues] trying a few different ways to find discussions, past or current, that are related to the issue.
Reading those discussions helps you to learn about the issue, and helps us to make a decision.
[[find-an-issue]]
=== Find an Existing Issue
There are many issues in Spring Security with the labels https://github.com/spring-projects/spring-security/issues?q=is%3Aissue+is%3Aopen+label%3A%22status%3A+ideal-for-contribution%22[`ideal-for-contribution`] or https://github.com/spring-projects/spring-security/issues?q=is%3Aissue+is%3Aopen+label%3A%22status%3A+first-timers-only%22[`first-timers-only`] that are a great way to contribute to a discussion or <<submit-a-pull-request,to a PR>>.
You can volunteer by commenting on these tickets, and we will assign them to you.
[[create-an-issue]]
=== Create an Issue
Reporting an issue or making a feature request is a great way to contribute.
Your feedback and the conversations that result from it provide a continuous flow of ideas.
However, before creating a ticket, please take the time to <<ask-questions,ask and research>> first.
If you create an issue after a discussion on Stack Overflow, please provide a description in the issue instead of simply referring to Stack Overflow.
The issue tracker is an important place of record for design discussions and should be self-sufficient.
Once you're ready, create an issue on https://github.com/spring-projects/spring-security/issues[GitHub].
Many issues are caused by subtle behavior, typos, and unintended configuration.
Creating a https://stackoverflow.com/help/minimal-reproducible-example[Minimal Reproducible Example] (starting with https://start.spring.io for example) of the problem helps the team quickly triage your issue and get to the core of the problem.
We love contributors, and we may ask you to <<submit-a-pull-request,submit a PR with a fix>>.
[[issue-lifecycle]]
=== Issue Lifecycle
When an issue is first created, it is flagged `waiting-for-triage` waiting for a team member to triage it.
Once the issue has been reviewed, the team may ask for further information if needed, and based on the findings, the issue is either assigned a target branch (or no branch if a feature) or is closed with a specific status.
The target branch is https://spring.io/projects/spring-security#support[the earliest supported branch] where <<choose-a-branch,the change will be applied>>.
When a fix is ready, the issue is closed and may still be re-opened until the fix is released.
After that the issue will typically no longer be reopened.
In rare cases if the issue was not at all fixed, the issue may be re-opened.
In most cases however any follow-up reports will need to be created as new issues with a fresh description.
[[build-from-source]]
=== Build from Source
See https://github.com/spring-projects/spring-security/tree/main#building-from-source[Build from Source] for instructions on how to check out, build, and import the Spring Security source code into your IDE.
[[code-style]]
=== Source Code Style
The wiki pages https://github.com/spring-projects/spring-framework/wiki/Code-Style[Code Style] and https://github.com/spring-projects/spring-framework/wiki/IntelliJ-IDEA-Editor-Settings[IntelliJ IDEA Editor Settings] define the source file coding standards we use along with some IDEA editor settings we customize.
Additionally, since Streams are https://github.com/spring-projects/spring-security/issues/7154[much slower] than `for` loops, please use them judiciously.
The team may ask you to change to a `for` loop if the given code is along a hot path.
To format the code as well as check the style, run `./gradlew format && ./gradlew check`.
[[submit-a-pull-request]]
=== Submit a Pull Request
We are excited for your pull request! :heart:
Please do your best to follow these steps.
Don't worry if you don't get them all correct the first time, we will help you.
1. [[sign-cla]] All commits must include a __Signed-off-by__ trailer at the end of each commit message to indicate that the contributor agrees to the Developer Certificate of Origin.
For additional details, please refer to the blog post https://spring.io/blog/2025/01/06/hello-dco-goodbye-cla-simplifying-contributions-to-spring[Hello DCO, Goodbye CLA: Simplifying Contributions to Spring].
2. [[create-an-issue-list]] Must you https://github.com/spring-projects/spring-security/issues/new/choose[create an issue] first? No, but it is recommended for features and larger bug fixes. It's easier to discuss with the team first to determine the right fix or enhancement.
For typos and straightforward bug fixes, starting with a pull request is encouraged.
Please include a description for context and motivation.
Note that the team may close your pull request if it's not a fit for the project.
3. [[choose-a-branch]] Always check out the branch indicated in the milestone and submit pull requests against it (for example, for milestone `5.8.3` use the `5.8.x` branch).
If there is no milestone, choose `main`.
Once merged, the fix will be forwarded-ported to applicable branches including `main`.
4. [[create-a-local-branch]] Create a local branch
If this is for an issue, consider a branch name with the issue number, like `gh-22276`.
5. [[write-tests]] Add documentation and JUnit Tests for your changes.
6. [[update-copyright]] In all files you edited, if the copyright header is of the form 2002-20xx, update the final copyright year to the current year.
7. [[add-since]] If on `main`, add `@since` JavaDoc attributes to new public APIs that your PR adds
8. [[change-rnc]] If you are updating the XSD, please instead update the RNC file and then run `./gradlew :spring-security-config:rncToXsd`.
9. [[format-code]] For each commit, build the code using `./gradlew format && ./gradlew check`.
This command ensures the code meets most of <<code-style,the style guide>>; a notable exception is import order.
10. [[commit-atomically]] Choose the granularity of your commits consciously and squash commits that represent
multiple edits or corrections of the same logical change.
See https://git-scm.com/book/en/Git-Tools-Rewriting-History[Rewriting History section of Pro Git] for an overview of streamlining the commit history.
11. [[format-commit-messages]] Format commit messages using 55 characters for the subject line, 72 characters per line
for the description, followed by the issue fixed, for example, `Closes gh-22276`.
See the https://git-scm.com/book/en/Distributed-Git-Contributing-to-a-Project#Commit-Guidelines[Commit Guidelines section of Pro Git] for best practices around commit messages, and use `git log` to see some examples.
Favor imperative tense over present tense (use "Fix" instead of "Fixes"); avoid past tense (use "Fix" instead of "Fixed").
+
[indent=0]
----
Address NullPointerException
Closes gh-22276
----
[[reference-issue]]
1. If there is a prior issue, reference the GitHub issue number in the description of the pull request.
+
[indent=0]
----
Closes gh-22276
----
If accepted, your contribution may be heavily modified as needed prior to merging.
You will likely retain author attribution for your Git commits granted that the bulk of your changes remain intact.
You may also be asked to rework the submission.
If asked to make corrections, simply push the changes against the same branch, and your pull request will be updated.
In other words, you do not need to create a new pull request when asked to make changes.
When it is time to merge, you'll be asked to squash your commits.
==== Participate in Reviews
Helping to review pull requests is another great way to contribute.
Your feedback can help to shape the implementation of new features.
When reviewing pull requests, however, please refrain from approving or rejecting a PR unless you are a core committer for Spring Security.
================================================
FILE: LICENSE.txt
================================================
Apache License
Version 2.0, January 2004
https://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: README.adoc
================================================
image::https://badges.gitter.im/Join%20Chat.svg[Gitter,link=https://gitter.im/spring-projects/spring-security?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge]
image:https://github.com/spring-projects/spring-security/actions/workflows/continuous-integration-workflow.yml/badge.svg?branch=main["Build Status", link="https://github.com/spring-projects/spring-security/actions/workflows/continuous-integration-workflow.yml"]
image:https://img.shields.io/badge/Revved%20up%20by-Develocity-06A0CE?logo=Gradle&labelColor=02303A["Revved up by Develocity", link="https://ge.spring.io/scans?search.rootProjectNames=spring-security"]
= Spring Security
Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 6.0 requires Spring 6.0 as
a minimum and also requires Java 17.
For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects].
== Code of Conduct
Please see our https://github.com/spring-projects/.github/blob/main/CODE_OF_CONDUCT.md[code of conduct]
== Downloading Artifacts
See https://docs.spring.io/spring-security/reference/getting-spring-security.html[Getting Spring Security] for how to obtain Spring Security.
== Documentation
Be sure to read the https://docs.spring.io/spring-security/reference/[Spring Security Reference].
Extensive JavaDoc for the Spring Security code is also available in the https://docs.spring.io/spring-security/site/docs/current/api/[Spring Security API Documentation].
You may also want to check out https://docs.spring.io/spring-security/reference/whats-new.html[what's new in the latest release].
== Quick Start
See https://docs.spring.io/spring-security/reference/servlet/getting-started.html[Hello Spring Security] to get started with a "Hello, World" application.
== Building from Source
Spring Security uses a https://gradle.org[Gradle]-based build system.
In the instructions below, https://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as
a cross-platform, self-contained bootstrap mechanism for the build.
=== Prerequisites
https://docs.github.com/en/get-started/quickstart/set-up-git[Git] and the https://www.oracle.com/java/technologies/downloads/#java17[JDK17 build].
Be sure that your `JAVA_HOME` environment variable points to the `jdk-17` folder extracted from the JDK download.
=== Check out sources
[indent=0]
----
git clone git@github.com:spring-projects/spring-security.git
----
=== Install all `spring-*.jar` into your local Maven repository.
[indent=0]
----
./gradlew publishToMavenLocal
----
=== Compile and test; build all JARs, distribution zips, and docs
[indent=0]
----
./gradlew build
----
The reference docs are not currently included in the distribution zip.
You can build the reference docs for this branch by running the following command:
----
./gradlew :spring-security-docs:antora
----
That command publishes the docs site to the `_docs/build/site_` directory.
The https://github.com/spring-projects/spring-security/tree/docs-build[playbook branch] describes how to build the reference docs in detail.
Discover more commands with `./gradlew tasks`.
=== IDE setup (IntelliJ)
No special steps are needed to open Spring Security in IntelliJ.
=== IDE setup (Eclipse and VS Code)
To work in Eclipse or VS Code, first generate Eclipse metadata so you can import the project into Eclipse or VS Code:
[indent=0]
----
./gradlew cleanEclipse eclipse
----
If you have not built the project yet, run `./gradlew publishToMavenLocal` first so dependencies are resolved.
*VS Code:* Open the repository root as a folder. The repository includes `.vscode/settings.json` which disables automatic Gradle import so that the generated Eclipse metadata (`.classpath`, `.project`) is used. Do not use the Gradle for Java extension to import the project.
*Eclipse:* File → Import → General → Existing Projects into Workspace, then select the repository root.
The build uses a custom Eclipse plugin to work around Gradle dependency cycles that confuse IDE metadata generation. You may see Eclipse warnings about `xml-apis` from some test dependencies; those are excluded in the build and can be ignored.
== Getting Support
Check out the https://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow].
https://spring.io/support[Commercial support] is available too.
== Contributing
https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/main/CONTRIBUTING.adoc[contributor guidelines] for details.
== License
Spring Security is Open Source software released under the
https://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].
================================================
FILE: RELEASE.adoc
================================================
= Release Process
The release process for Spring Security is entirely automated via the https://github.com/spring-io/spring-security-release-tools/blob/main/release-plugin/README.adoc[Spring Security Release Plugin] and https://github.com/spring-io/spring-security-release-tools/tree/main/.github/workflows[reusable workflows].
The following table outlines the steps that are taken by the automation.
WARNING: The `5.8.x` branch does not have all of the improvements from the `6.x.x` branches. See "Status (5.8.x)" for which steps are still manual.
In case of a failure, you can follow the links below to read about each step, which includes instructions for performing the step manually if applicable.
See <<frequently-asked-questions,FAQ>> for troubleshooting tips.
[cols="1,1,1"]
|===
| Step | Status (5.8.x) | Status (6.0.x+)
| <<update-dependencies>>
| :white_check_mark: automated
| :white_check_mark: automated
| <<check-all-issues-are-closed>>
| :white_check_mark: automated
| :white_check_mark: automated
| <<update-release-version>>
| :white_check_mark: automated
| :white_check_mark: automated
| <<tag-release>>
| :white_check_mark: automated
| :white_check_mark: automated
| <<push-release-commit>>
| :white_check_mark: automated
| :white_check_mark: automated
| <<build-locally>>
| :white_check_mark: automated
| :white_check_mark: automated
| <<update-release-notes-on-github>>
| :white_check_mark: automated
| :white_check_mark: automated
| <<update-version-on-project-page>>
| :x: manual
| :white_check_mark: automated
| <<close-create-milestone,Close milestone>>
| :x: manual
| :white_check_mark: automated
| <<announce-release-on-slack>>
| :white_check_mark: automated
| :white_check_mark: automated
| <<update-to-next-development-version>>
| :white_check_mark: automated
| :white_check_mark: automated
| <<close-create-milestone,Create milestone>>
| :white_check_mark: automated
| :white_check_mark: automated
| <<announce-release-on-other-channels>>
| :x: manual
| :x: manual
|===
[#update-dependencies]
== Update dependencies
Dependency versions are managed in the file xref:./gradle/libs.versions.toml[libs.versions.toml] and are automatically updated by xref:./.github/dependabot.yml[dependabot].
[#check-all-issues-are-closed]
== Check all issues are closed
The first step of a release is to check if there are any open issues remaining in a milestone.
NOTE: A scheduled release will not proceed if there are any open issues.
TIP: If you need to prevent a release from occurring automatically, the easiest way to block a release is to add an unresolved issue to the milestone.
The https://github.com/spring-io/spring-security-release-tools/blob/main/release-plugin/README.adoc#checkMilestoneHasNoOpenIssues[`checkMilestoneHasOpenIssues`] command will check if there are any open issues for the release.
Before running the command manually, replace the following values:
* `<next-version>` - Replace with the title of the milestone you are releasing now (i.e. 5.5.0-RC1)
* `<github-personal-access-token>` - Replace with a https://github.com/settings/tokens[GitHub personal access token] that has a scope of `public_repo`. This is optional since you are unlikely to reach the rate limit for such a simple check.
[source,bash]
----
./gradlew checkMilestoneHasOpenIssues -PnextVersion=<next-version> -PgitHubAccessToken=<github-personal-access-token>
----
Alternatively, you can manually check using the https://github.com/spring-projects/spring-security/milestones[milestones] page.
[#update-release-version]
== Update release version
If all issues for the release are <<check-all-issues-are-closed,closed>>, the version number is automatically updated using the milestone title.
When performing this step manually, update the version number in `gradle.properties` for the release (for example `5.5.0`) and commit the change using the message "Release x.y.z".
[#tag-release]
== Tag release
The release will automatically be tagged using the milestone title.
It is not required to tag manually.
However, you can perform this step manually by running the following command:
[source,bash]
----
git tag 5.5.0
----
[#push-release-commit]
== Push release commit
During a scheduled release, the release commit will automatically be pushed to trigger a build.
If performing this step manually, you can push the commit and tag and GitHub actions will build and deploy the artifacts with the following command:
[source,bash]
----
git push --atomic origin main 5.5.0
----
The build will automatically wait for artifacts to be released to Maven Central.
You can get notified manually when uploading is complete by running the following:
[source,bash]
----
./scripts/release/wait-for-done.sh 5.5.0
----
[#build-locally]
== Build
All checks will automatically be performed by the build prior to uploading the artifacts to Maven Central.
If something goes wrong, you can run the build locally using:
[source,bash]
----
./gradlew check
----
[#update-release-notes-on-github]
== Update release notes on GitHub
Once the release has been uploaded to Maven Central, release notes will automatically be generated and a GitHub release will be created.
To do this manually, you can use the https://github.com/spring-io/spring-security-release-tools/blob/main/release-plugin/README.adoc#generateChangelog[`generateChangelog`] command to generate the release notes by replacing:
* `<next-version>` - Replace with the milestone you are releasing now (i.e. 5.5.0)
[source,bash]
----
./gradlew generateChangelog -PnextVersion=<next-version>
----
Then copy the release notes to your clipboard (your mileage may vary with the following command):
[source,bash]
----
cat build/changelog/release-notes.md | xclip -selection clipboard
----
Finally, create the
https://github.com/spring-projects/spring-security/releases[release on
GitHub], associate it with the tag, and paste the generated notes.
Alternatively, you can run the https://github.com/spring-io/spring-security-release-tools/blob/main/release-plugin/README.adoc#createGitHubRelease[`createGitHubRelease`] command to perform these steps automatically, replacing:
* `<next-version>` - Replace with the milestone you are releasing now (i.e. 5.5.0)
* `<branch>` - The name of the branch to be tagged (if the release commit has not already been tagged)
* `<github-personal-access-token>` - Replace with a https://github.com/settings/tokens[GitHub personal access token] that has a scope of `write:org`
[source,bash]
----
./gradlew createGitHubRelease -PnextVersion=<next-version> -Pbranch=<branch> -PcreateRelease=true -PgitHubAccessToken=<github-personal-access-token>
----
[#update-version-on-project-page]
== Update version on project page
The build will automatically update the project versions on https://spring.io/projects/spring-security#learn.
To do this manually, you can use the https://github.com/spring-io/spring-security-release-tools/blob/main/release-plugin/README.adoc#createSaganRelease[`createSaganRelease`] and https://github.com/spring-io/spring-security-release-tools/blob/main/release-plugin/README.adoc#deleteSaganRelease[`deleteSaganRelease`] commands using the following parameters:
* `<next-version>` - Replace with the milestone you are releasing now (i.e. 5.5.0)
* `<previous-version>` - Replace with the previous release which will be removed from the listed versions (i.e. 5.5.0-RC1)
* `<github-personal-access-token>` - Replace with a https://github.com/settings/tokens[GitHub personal access token] that has a scope of `read:org` as https://spring.io/restdocs/index.html#authentication[documented for spring.io api]
[source,bash]
----
./gradlew createSaganRelease deleteSaganRelease -PnextVersion=<next-version> -PpreviousVersion=<previous-version> -PgitHubAccessToken=<github-personal-access-token>
----
Alternatively, you can log into Contentful and update the versions manually on the Spring Security project page.
[#close-create-milestone]
== Close / Create milestone
The release milestone will be automatically closed once the release is complete.
To proceed manually, perform the following steps:
1. Visit https://github.com/spring-projects/spring-security/milestones[GitHub
Milestones] and create a new milestone for the next release version
2. Move any open issues from the existing milestone you just released to the new milestone
3. Close the milestone for the release
NOTE: Remember that scheduled releases <<check-all-issues-are-closed,will not proceed>> if there are still open issues in the milestone.
[#announce-release-on-slack]
== Announce release on Slack
The release will automatically be announced on Slack.
If proceeding manually, announce the release on Slack in the channel https://pivotal.slack.com/messages/spring-release[#spring-release], including the keyword `+spring-security-announcing+` in the message.
Something like:
....
spring-security-announcing `5.5.0` is available now
....
[#update-to-next-development-version]
== Update to next development version
After the release is complete and artifacts have been uploaded to Maven Central, the build will automatically update to the next development version, commit and push.
If proceeding manually, update the version in `gradle.properties` to the next `+SNAPSHOT+` version with the commit message "Next development version" and then push.
[#announce-release-on-other-channels]
== Announce release on other channels
* Create a blog post on Contentful
* Tweet from https://twitter.com/springsecurity[@SpringSecurity]
[[frequently-asked-questions]]
== Frequently Asked Questions
*When should I update dependencies manually?* Dependencies should be updated at the latest the end of the week prior to the release. This is usually the Friday following the 2nd Monday of the month (counting from the first week with a Monday). When in doubt, check the https://github.com/spring-projects/spring-security/milestones[milestones] page for release due dates.
*When do scheduled releases occur?* Automated releases are scheduled to occur at *3:15 PM UTC* on the *3rd Monday of the month* (counting from the first week with a Monday).
[NOTE]
The scheduled release process currently runs every Monday but only releases when a release is due. See the performed checks below for more information.
The automated release process occurs on the following branches:
* `main`
* `6.2.x`
* `6.1.x`
* `6.0.x` (commercial only)
* `5.8.x`
For each of the above branches, the automated process performs the following checks before proceeding with the release:
1. _Check if the milestone is due today._ This check compares the current (SNAPSHOT) version of the branch with available milestones and chooses the first match (sorted alphabetically). If the due date on the matched milestone is *not* today, the process stops.
2. _Check if all issues are closed._ This check uses the milestone from the previous step and looks for open issues. If any open issues are found, the process stops.
[IMPORTANT]
You should ensure all issues are closed or moved to another milestone prior to a scheduled release.
If the above checks pass, the version number is updated (in `gradle.properties`) and a commit is pushed to trigger the CI process.
*How do I trigger a release manually?* You can trigger a release manually in two ways:
1. Trigger a release for a particular branch via https://github.com/spring-projects/spring-security/actions/workflows/update-scheduled-release-version.yml[`update-scheduled-release-version.yml`] on the desired branch. The above checks are performed for that branch, and the release will proceed if all checks pass. _This is the recommended way to trigger a release that did not pass the above checks during a regularly scheduled release._
2. Trigger releases for all branches via https://github.com/spring-projects/spring-security/actions/workflows/release-scheduler.yml[`release-scheduler.yml`] on the `main` branch. The above checks are performed for each branch, and only releases that pass all checks will proceed.
*When should additional manual steps be performed?* All other automated steps listed above occur during the normal CI process. Additional manual steps can be performed at any time once the builds pass and releases are finished.
*What if something goes wrong?* If the normal CI process fails, you can retry by re-running the failed jobs with the "Re-run failed jobs" option in GitHub Actions. If changes are required, you should revert the "Release x.y.z" commit, delete the tag, and proceed manually.
================================================
FILE: access/spring-security-access.gradle
================================================
plugins {
id 'compile-warnings-error'
id 'javadoc-warnings-error'
}
apply plugin: 'io.spring.convention.spring-module'
dependencies {
management platform(project(":spring-security-dependencies"))
api project(':spring-security-crypto')
api project(':spring-security-core')
api 'org.springframework:spring-aop'
api 'org.springframework:spring-beans'
api 'org.springframework:spring-context'
api 'org.springframework:spring-core'
api 'org.springframework:spring-expression'
api 'io.micrometer:micrometer-observation'
optional project(':spring-security-acl')
optional project(':spring-security-messaging')
optional project(':spring-security-web')
optional 'org.springframework:spring-websocket'
optional 'com.fasterxml.jackson.core:jackson-databind'
optional 'io.micrometer:context-propagation'
optional 'io.projectreactor:reactor-core'
optional 'jakarta.annotation:jakarta.annotation-api'
optional 'org.aspectj:aspectjrt'
optional 'org.springframework:spring-jdbc'
optional 'org.springframework:spring-tx'
optional 'org.jetbrains.kotlinx:kotlinx-coroutines-reactor'
provided 'jakarta.servlet:jakarta.servlet-api'
testImplementation project(path : ':spring-security-web', configuration : 'tests')
testImplementation 'commons-collections:commons-collections'
testImplementation 'io.projectreactor:reactor-test'
testImplementation "org.assertj:assertj-core"
testImplementation "org.junit.jupiter:junit-jupiter-api"
testImplementation "org.junit.jupiter:junit-jupiter-params"
testImplementation "org.junit.jupiter:junit-jupiter-engine"
testImplementation "org.mockito:mockito-core"
testImplementation "org.mockito:mockito-junit-jupiter"
testImplementation "org.springframework:spring-core-test"
testImplementation "org.springframework:spring-test"
testImplementation 'org.skyscreamer:jsonassert'
testImplementation 'org.springframework:spring-test'
testImplementation 'org.jetbrains.kotlin:kotlin-reflect'
testImplementation 'org.jetbrains.kotlin:kotlin-stdlib-jdk8'
testImplementation 'io.mockk:mockk'
testRuntimeOnly 'org.hsqldb:hsqldb'
testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
}
================================================
FILE: access/src/main/java/org/springframework/security/access/AccessDecisionManager.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access;
import java.util.Collection;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
/**
* Makes a final access control (authorization) decision.
*
* @author Ben Alex
* @deprecated Use {@link AuthorizationManager} instead
*/
@Deprecated
public interface AccessDecisionManager {
/**
* Resolves an access control decision for the passed parameters.
* @param authentication the caller invoking the method (not null)
* @param object the secured object being called
* @param configAttributes the configuration attributes associated with the secured
* object being invoked
* @throws AccessDeniedException if access is denied as the authentication does not
* hold a required authority or ACL privilege
* @throws InsufficientAuthenticationException if access is denied as the
* authentication does not provide a sufficient level of trust
*/
void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
throws AccessDeniedException, InsufficientAuthenticationException;
/**
* Indicates whether this <code>AccessDecisionManager</code> is able to process
* authorization requests presented with the passed <code>ConfigAttribute</code>.
* <p>
* This allows the <code>AbstractSecurityInterceptor</code> to check every
* configuration attribute can be consumed by the configured
* <code>AccessDecisionManager</code> and/or <code>RunAsManager</code> and/or
* <code>AfterInvocationManager</code>.
* </p>
* @param attribute a configuration attribute that has been configured against the
* <code>AbstractSecurityInterceptor</code>
* @return true if this <code>AccessDecisionManager</code> can support the passed
* configuration attribute
*/
boolean supports(ConfigAttribute attribute);
/**
* Indicates whether the <code>AccessDecisionManager</code> implementation is able to
* provide access control decisions for the indicated secured object type.
* @param clazz the class that is being queried
* @return <code>true</code> if the implementation can process the indicated class
*/
boolean supports(Class<?> clazz);
}
================================================
FILE: access/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access;
import java.util.Collection;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
/**
* Indicates a class is responsible for voting on authorization decisions.
* <p>
* The coordination of voting (ie polling {@code AccessDecisionVoter}s, tallying their
* responses, and making the final authorization decision) is performed by an
* {@link org.springframework.security.access.AccessDecisionManager}.
*
* @author Ben Alex
* @deprecated Use {@link AuthorizationManager} instead
*/
@Deprecated
public interface AccessDecisionVoter<S> {
int ACCESS_GRANTED = 1;
int ACCESS_ABSTAIN = 0;
int ACCESS_DENIED = -1;
/**
* Indicates whether this {@code AccessDecisionVoter} is able to vote on the passed
* {@code ConfigAttribute}.
* <p>
* This allows the {@code AbstractSecurityInterceptor} to check every configuration
* attribute can be consumed by the configured {@code AccessDecisionManager} and/or
* {@code RunAsManager} and/or {@code AfterInvocationManager}.
* @param attribute a configuration attribute that has been configured against the
* {@code AbstractSecurityInterceptor}
* @return true if this {@code AccessDecisionVoter} can support the passed
* configuration attribute
*/
boolean supports(ConfigAttribute attribute);
/**
* Indicates whether the {@code AccessDecisionVoter} implementation is able to provide
* access control votes for the indicated secured object type.
* @param clazz the class that is being queried
* @return true if the implementation can process the indicated class
*/
boolean supports(Class<?> clazz);
/**
* Indicates whether or not access is granted.
* <p>
* The decision must be affirmative ({@code ACCESS_GRANTED}), negative (
* {@code ACCESS_DENIED}) or the {@code AccessDecisionVoter} can abstain (
* {@code ACCESS_ABSTAIN}) from voting. Under no circumstances should implementing
* classes return any other value. If a weighting of results is desired, this should
* be handled in a custom
* {@link org.springframework.security.access.AccessDecisionManager} instead.
* <p>
* Unless an {@code AccessDecisionVoter} is specifically intended to vote on an access
* control decision due to a passed method invocation or configuration attribute
* parameter, it must return {@code ACCESS_ABSTAIN}. This prevents the coordinating
* {@code AccessDecisionManager} from counting votes from those
* {@code AccessDecisionVoter}s without a legitimate interest in the access control
* decision.
* <p>
* Whilst the secured object (such as a {@code MethodInvocation}) is passed as a
* parameter to maximise flexibility in making access control decisions, implementing
* classes should not modify it or cause the represented invocation to take place (for
* example, by calling {@code MethodInvocation.proceed()}).
* @param authentication the caller making the invocation
* @param object the secured object being invoked
* @param attributes the configuration attributes associated with the secured object
* @return either {@link #ACCESS_GRANTED}, {@link #ACCESS_ABSTAIN} or
* {@link #ACCESS_DENIED}
*/
int vote(Authentication authentication, S object, Collection<ConfigAttribute> attributes);
}
================================================
FILE: access/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access;
import java.util.Collection;
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
/**
* Indicates a class is responsible for participating in an
* {@link AfterInvocationProviderManager} decision.
*
* @author Ben Alex
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
* @deprecated Use delegation with {@link AuthorizationManager}
*/
@Deprecated
public interface AfterInvocationProvider {
Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
Object returnedObject) throws AccessDeniedException;
/**
* Indicates whether this <code>AfterInvocationProvider</code> is able to participate
* in a decision involving the passed <code>ConfigAttribute</code>.
* <p>
* This allows the <code>AbstractSecurityInterceptor</code> to check every
* configuration attribute can be consumed by the configured
* <code>AccessDecisionManager</code> and/or <code>RunAsManager</code> and/or
* <code>AccessDecisionManager</code>.
* </p>
* @param attribute a configuration attribute that has been configured against the
* <code>AbstractSecurityInterceptor</code>
* @return true if this <code>AfterInvocationProvider</code> can support the passed
* configuration attribute
*/
boolean supports(ConfigAttribute attribute);
/**
* Indicates whether the <code>AfterInvocationProvider</code> is able to provide
* "after invocation" processing for the indicated secured object type.
* @param clazz the class of secure object that is being queried
* @return true if the implementation can process the indicated class
*/
boolean supports(Class<?> clazz);
}
================================================
FILE: access/src/main/java/org/springframework/security/access/ConfigAttribute.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access;
import java.io.Serializable;
import org.jspecify.annotations.NullUnmarked;
import org.springframework.security.access.intercept.RunAsManager;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.annotation.SecurityAnnotationScanner;
/**
* Stores a security system related configuration attribute.
*
* <p>
* When an
* {@link org.springframework.security.access.intercept.AbstractSecurityInterceptor} is
* set up, a list of configuration attributes is defined for secure object patterns. These
* configuration attributes have special meaning to a {@link RunAsManager},
* {@link AccessDecisionManager} or <code>AccessDecisionManager</code> delegate.
*
* <p>
* Stored at runtime with other <code>ConfigAttribute</code>s for the same secure object
* target.
*
* @author Ben Alex
* @deprecated In modern Spring Security APIs, each API manages its own configuration
* context. As such there is no direct replacement for this interface. In the case of
* method security, please see {@link SecurityAnnotationScanner} and
* {@link AuthorizationManager}. In the case of channel security, please see
* {@code HttpsRedirectFilter}. In the case of web security, please see
* {@link AuthorizationManager}.
*/
@Deprecated
@NullUnmarked
public interface ConfigAttribute extends Serializable {
/**
* If the <code>ConfigAttribute</code> can be represented as a <code>String</code> and
* that <code>String</code> is sufficient in precision to be relied upon as a
* configuration parameter by a {@link RunAsManager}, {@link AccessDecisionManager} or
* <code>AccessDecisionManager</code> delegate, this method should return such a
* <code>String</code>.
* <p>
* If the <code>ConfigAttribute</code> cannot be expressed with sufficient precision
* as a <code>String</code>, <code>null</code> should be returned. Returning
* <code>null</code> will require any relying classes to specifically support the
* <code>ConfigAttribute</code> implementation, so returning <code>null</code> should
* be avoided unless actually required.
* @return a representation of the configuration attribute (or <code>null</code> if
* the configuration attribute cannot be expressed as a <code>String</code> with
* sufficient precision).
*/
String getAttribute();
}
================================================
FILE: access/src/main/java/org/springframework/security/access/SecurityConfig.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access;
import java.io.Serial;
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.annotation.SecurityAnnotationScanner;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
/**
* Stores a {@link ConfigAttribute} as a <code>String</code>.
*
* @author Ben Alex
* @deprecated In modern Spring Security APIs, each API manages its own configuration
* context. As such there is no direct replacement for this interface. In the case of
* method security, please see {@link SecurityAnnotationScanner} and
* {@link AuthorizationManager}. In the case of channel security, please see
* {@code HttpsRedirectFilter}. In the case of web security, please see
* {@link AuthorizationManager}.
*/
@Deprecated
public class SecurityConfig implements ConfigAttribute {
@Serial
private static final long serialVersionUID = -7138084564199804304L;
private final String attrib;
public SecurityConfig(String config) {
Assert.hasText(config, "You must provide a configuration attribute");
this.attrib = config;
}
@Override
public boolean equals(Object obj) {
if (obj instanceof ConfigAttribute attr) {
return this.attrib.equals(attr.getAttribute());
}
return false;
}
@Override
public String getAttribute() {
return this.attrib;
}
@Override
public int hashCode() {
return this.attrib.hashCode();
}
@Override
public String toString() {
return this.attrib;
}
public static List<ConfigAttribute> createListFromCommaDelimitedString(String access) {
return createList(StringUtils.commaDelimitedListToStringArray(access));
}
public static List<ConfigAttribute> createList(String... attributeNames) {
Assert.notNull(attributeNames, "You must supply an array of attribute names");
List<ConfigAttribute> attributes = new ArrayList<>(attributeNames.length);
for (String attribute : attributeNames) {
attributes.add(new SecurityConfig(attribute.trim()));
}
return attributes;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access;
import java.util.Collection;
import org.springframework.aop.framework.AopInfrastructureBean;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.annotation.SecurityAnnotationScanner;
/**
* Implemented by classes that store and can identify the {@link ConfigAttribute}s that
* applies to a given secure object invocation.
*
* @author Ben Alex
* @deprecated In modern Spring Security APIs, each API manages its own configuration
* context. As such there is no direct replacement for this interface. In the case of
* method security, please see {@link SecurityAnnotationScanner} and
* {@link AuthorizationManager}. In the case of channel security, please see
* {@code HttpsRedirectFilter}. In the case of web security, please see
* {@link AuthorizationManager}.
*/
@Deprecated
public interface SecurityMetadataSource extends AopInfrastructureBean {
/**
* Accesses the {@code ConfigAttribute}s that apply to a given secure object.
* @param object the object being secured
* @return the attributes that apply to the passed in secured object. Should return an
* empty collection if there are no applicable attributes.
* @throws IllegalArgumentException if the passed object is not of a type supported by
* the <code>SecurityMetadataSource</code> implementation
*/
Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException;
/**
* If available, returns all of the {@code ConfigAttribute}s defined by the
* implementing class.
* <p>
* This is used by the {@link AbstractSecurityInterceptor} to perform startup time
* validation of each {@code ConfigAttribute} configured against it.
* @return the {@code ConfigAttribute}s or {@code null} if unsupported
*/
Collection<ConfigAttribute> getAllConfigAttributes();
/**
* Indicates whether the {@code SecurityMetadataSource} implementation is able to
* provide {@code ConfigAttribute}s for the indicated secure object type.
* @param clazz the class that is being queried
* @return true if the implementation can process the indicated class
*/
boolean supports(Class<?> clazz);
}
================================================
FILE: access/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
================================================
/*
* Copyright 2004-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.annotation;
import java.lang.annotation.Annotation;
import java.util.Collection;
import org.springframework.security.access.ConfigAttribute;
/**
* Strategy to process a custom security annotation to extract the relevant
* {@code ConfigAttribute}s for securing a method.
* <p>
* Used by {@code SecuredAnnotationSecurityMetadataSource}.
*
* @author Luke Taylor
* @deprecated Used only by now-deprecated classes. Consider
* {@link org.springframework.security.authorization.method.SecuredAuthorizationManager}
* for `@Secured` methods.
*/
@Deprecated
public interface AnnotationMetadataExtractor<A extends Annotation> {
Collection<? extends ConfigAttribute> extractAttributes(A securityAnnotation);
}
================================================
FILE: access/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.annotation;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import jakarta.annotation.security.DenyAll;
import jakarta.annotation.security.PermitAll;
import jakarta.annotation.security.RolesAllowed;
import org.jspecify.annotations.NullUnmarked;
import org.jspecify.annotations.Nullable;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource;
import org.springframework.util.StringUtils;
/**
* Sources method security metadata from major JSR 250 security annotations.
*
* @author Ben Alex
* @since 2.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.Jsr250AuthorizationManager}
* instead
*/
@NullUnmarked
@Deprecated
public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
private String defaultRolePrefix = "ROLE_";
/**
* <p>
* Sets the default prefix to be added to {@link RolesAllowed}. For example, if
* {@code @RolesAllowed("ADMIN")} or {@code @RolesAllowed("ADMIN")} is used, then the
* role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).
* </p>
*
* <p>
* If null or empty, then no default role prefix is used.
* </p>
* @param defaultRolePrefix the default prefix to add to roles. Default "ROLE_".
*/
public void setDefaultRolePrefix(String defaultRolePrefix) {
this.defaultRolePrefix = defaultRolePrefix;
}
@Override
protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
return processAnnotations(clazz.getAnnotations());
}
@Override
protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
return processAnnotations(AnnotationUtils.getAnnotations(method));
}
@Override
public @Nullable Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}
private @Nullable List<ConfigAttribute> processAnnotations(Annotation @Nullable [] annotations) {
if (annotations == null || annotations.length == 0) {
return null;
}
List<ConfigAttribute> attributes = new ArrayList<>();
for (Annotation annotation : annotations) {
if (annotation instanceof DenyAll) {
attributes.add(Jsr250SecurityConfig.DENY_ALL_ATTRIBUTE);
return attributes;
}
if (annotation instanceof PermitAll) {
attributes.add(Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE);
return attributes;
}
if (annotation instanceof RolesAllowed ra) {
for (String allowed : ra.value()) {
String defaultedAllowed = getRoleWithDefaultPrefix(allowed);
attributes.add(new Jsr250SecurityConfig(defaultedAllowed));
}
return attributes;
}
}
return null;
}
private String getRoleWithDefaultPrefix(String role) {
if (role == null) {
return role;
}
if (!StringUtils.hasLength(this.defaultRolePrefix)) {
return role;
}
if (role.startsWith(this.defaultRolePrefix)) {
return role;
}
return this.defaultRolePrefix + role;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
================================================
/*
* Copyright 2004-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.annotation;
import jakarta.annotation.security.DenyAll;
import jakarta.annotation.security.PermitAll;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor;
/**
* Security config applicable as a JSR 250 annotation attribute.
*
* @author Ryan Heaton
* @since 2.0
* @deprecated Use {@link AuthorizationManagerBeforeMethodInterceptor#jsr250()} instead
*/
@Deprecated
@SuppressWarnings("serial")
public class Jsr250SecurityConfig extends SecurityConfig {
public static final Jsr250SecurityConfig PERMIT_ALL_ATTRIBUTE = new Jsr250SecurityConfig(PermitAll.class.getName());
public static final Jsr250SecurityConfig DENY_ALL_ATTRIBUTE = new Jsr250SecurityConfig(DenyAll.class.getName());
public Jsr250SecurityConfig(String role) {
super(role);
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
================================================
/*
* Copyright 2004-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.annotation;
import java.util.Collection;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
/**
* Voter on JSR-250 configuration attributes.
*
* @author Ryan Heaton
* @since 2.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.Jsr250AuthorizationManager}
* instead
*/
@Deprecated
public class Jsr250Voter implements AccessDecisionVoter<Object> {
/**
* The specified config attribute is supported if its an instance of a
* {@link Jsr250SecurityConfig}.
* @param configAttribute The config attribute.
* @return whether the config attribute is supported.
*/
@Override
public boolean supports(ConfigAttribute configAttribute) {
return configAttribute instanceof Jsr250SecurityConfig;
}
/**
* All classes are supported.
* @param clazz the class.
* @return true
*/
@Override
public boolean supports(Class<?> clazz) {
return true;
}
/**
* Votes according to JSR 250.
* <p>
* If no JSR-250 attributes are found, it will abstain, otherwise it will grant or
* deny access based on the attributes that are found.
* @param authentication The authentication object.
* @param object The access object.
* @param definition The configuration definition.
* @return The vote.
*/
@Override
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> definition) {
boolean jsr250AttributeFound = false;
for (ConfigAttribute attribute : definition) {
if (Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE.equals(attribute)) {
return ACCESS_GRANTED;
}
if (Jsr250SecurityConfig.DENY_ALL_ATTRIBUTE.equals(attribute)) {
return ACCESS_DENIED;
}
if (supports(attribute)) {
jsr250AttributeFound = true;
// Attempt to find a matching granted authority
for (GrantedAuthority authority : authentication.getAuthorities()) {
if (attribute.getAttribute().equals(authority.getAuthority())) {
return ACCESS_GRANTED;
}
}
}
}
return jsr250AttributeFound ? ACCESS_DENIED : ACCESS_ABSTAIN;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.annotation;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.jspecify.annotations.NullUnmarked;
import org.jspecify.annotations.Nullable;
import org.springframework.core.GenericTypeResolver;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource;
import org.springframework.util.Assert;
/**
* Sources method security metadata from Spring Security's {@link Secured} annotation.
* <p>
* Can also be used with custom security annotations by injecting an
* {@link AnnotationMetadataExtractor}. The annotation type will then be obtained from the
* generic parameter type supplied to this interface
*
* @author Ben Alex
* @author Luke Taylor
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor#secured}
*/
@NullUnmarked
@Deprecated
@SuppressWarnings({ "unchecked" })
public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
private AnnotationMetadataExtractor annotationExtractor;
private @Nullable Class<? extends Annotation> annotationType;
public SecuredAnnotationSecurityMetadataSource() {
this(new SecuredAnnotationMetadataExtractor());
}
public SecuredAnnotationSecurityMetadataSource(AnnotationMetadataExtractor annotationMetadataExtractor) {
Assert.notNull(annotationMetadataExtractor, "annotationMetadataExtractor cannot be null");
this.annotationExtractor = annotationMetadataExtractor;
this.annotationType = (Class<? extends Annotation>) GenericTypeResolver
.resolveTypeArgument(this.annotationExtractor.getClass(), AnnotationMetadataExtractor.class);
Assert.notNull(this.annotationType, () -> this.annotationExtractor.getClass().getName()
+ " must supply a generic parameter for AnnotationMetadataExtractor");
}
@Override
protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
return processAnnotation(AnnotationUtils.findAnnotation(clazz, this.annotationType));
}
@Override
protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
return processAnnotation(AnnotationUtils.findAnnotation(method, this.annotationType));
}
@Override
public @Nullable Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}
private @Nullable Collection<ConfigAttribute> processAnnotation(@Nullable Annotation annotation) {
return (annotation != null) ? this.annotationExtractor.extractAttributes(annotation) : null;
}
static class SecuredAnnotationMetadataExtractor implements AnnotationMetadataExtractor<Secured> {
@Override
public Collection<ConfigAttribute> extractAttributes(Secured secured) {
String[] attributeTokens = secured.value();
List<ConfigAttribute> attributes = new ArrayList<>(attributeTokens.length);
for (String token : attributeTokens) {
attributes.add(new SecurityConfig(token));
}
return attributes;
}
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.event;
import org.springframework.context.ApplicationEvent;
/**
* Abstract superclass for all security interception related events.
*
* @author Ben Alex
* @deprecated Authorization events have moved. Consider
* {@link org.springframework.security.authorization.event.AuthorizationGrantedEvent} and
* {@link org.springframework.security.authorization.event.AuthorizationDeniedEvent}
*/
@Deprecated
public abstract class AbstractAuthorizationEvent extends ApplicationEvent {
/**
* Construct the event, passing in the secure object being intercepted.
* @param secureObject the secure object
*/
public AbstractAuthorizationEvent(Object secureObject) {
super(secureObject);
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.event;
import java.util.Collection;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.util.Assert;
/**
* Indicates a secure object invocation failed because the <code>Authentication</code>
* could not be obtained from the <code>SecurityContextHolder</code>.
*
* @author Ben Alex
* @deprecated Authentication is now separated from authorization. Consider
* {@link org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent}
* instead.
*/
@Deprecated
@SuppressWarnings("serial")
public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizationEvent {
private final AuthenticationCredentialsNotFoundException credentialsNotFoundException;
private final Collection<ConfigAttribute> configAttribs;
/**
* Construct the event.
* @param secureObject the secure object
* @param attributes that apply to the secure object
* @param credentialsNotFoundException exception returned to the caller (contains
* reason)
*
*/
public AuthenticationCredentialsNotFoundEvent(Object secureObject, Collection<ConfigAttribute> attributes,
AuthenticationCredentialsNotFoundException credentialsNotFoundException) {
super(secureObject);
Assert.isTrue(attributes != null && credentialsNotFoundException != null,
"All parameters are required and cannot be null");
this.configAttribs = attributes;
this.credentialsNotFoundException = credentialsNotFoundException;
}
public Collection<ConfigAttribute> getConfigAttributes() {
return this.configAttribs;
}
public AuthenticationCredentialsNotFoundException getCredentialsNotFoundException() {
return this.credentialsNotFoundException;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.event;
import java.util.Collection;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.util.Assert;
/**
* Indicates a secure object invocation failed because the principal could not be
* authorized for the request.
*
* <p>
* This event might be thrown as a result of either an
* {@link org.springframework.security.access.AccessDecisionManager AccessDecisionManager}
* or an {@link org.springframework.security.access.intercept.AfterInvocationManager
* AfterInvocationManager}.
*
* @author Ben Alex
* @deprecated Use
* {@link org.springframework.security.authorization.event.AuthorizationDeniedEvent}
* instead
*/
@Deprecated
@SuppressWarnings("serial")
public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
private final AccessDeniedException accessDeniedException;
private final Authentication authentication;
private final Collection<ConfigAttribute> configAttributes;
/**
* Construct the event.
* @param secureObject the secure object
* @param attributes that apply to the secure object
* @param authentication that was found in the <code>SecurityContextHolder</code>
* @param accessDeniedException that was returned by the
* <code>AccessDecisionManager</code>
* @throws IllegalArgumentException if any null arguments are presented.
*/
public AuthorizationFailureEvent(Object secureObject, Collection<ConfigAttribute> attributes,
Authentication authentication, AccessDeniedException accessDeniedException) {
super(secureObject);
Assert.isTrue(attributes != null && authentication != null && accessDeniedException != null,
"All parameters are required and cannot be null");
this.configAttributes = attributes;
this.authentication = authentication;
this.accessDeniedException = accessDeniedException;
}
public AccessDeniedException getAccessDeniedException() {
return this.accessDeniedException;
}
public Authentication getAuthentication() {
return this.authentication;
}
public Collection<ConfigAttribute> getConfigAttributes() {
return this.configAttributes;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.event;
import java.util.Collection;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.util.Assert;
/**
* Event indicating a secure object was invoked successfully.
* <P>
* Published just before the secure object attempts to proceed.
* </p>
*
* @author Ben Alex
* @deprecated Use
* {@link org.springframework.security.authorization.event.AuthorizationGrantedEvent}
* instead
*/
@Deprecated
@SuppressWarnings("serial")
public class AuthorizedEvent extends AbstractAuthorizationEvent {
private final Authentication authentication;
private final Collection<ConfigAttribute> configAttributes;
/**
* Construct the event.
* @param secureObject the secure object
* @param attributes that apply to the secure object
* @param authentication that successfully called the secure object
*
*/
public AuthorizedEvent(Object secureObject, Collection<ConfigAttribute> attributes, Authentication authentication) {
super(secureObject);
Assert.isTrue(attributes != null && authentication != null, "All parameters are required and cannot be null");
this.configAttributes = attributes;
this.authentication = authentication;
}
public Authentication getAuthentication() {
return this.authentication;
}
public Collection<ConfigAttribute> getConfigAttributes() {
return this.configAttributes;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/event/LoggerListener.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.event;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationListener;
import org.springframework.core.log.LogMessage;
/**
* Outputs interceptor-related application events to Commons Logging.
* <p>
* All failures are logged at the warning level, with success events logged at the
* information level, and public invocation events logged at the debug level.
* </p>
*
* @author Ben Alex
* @deprecated Logging is now embedded in Spring Security components. If you need further
* logging, please consider using your own {@link ApplicationListener}
*/
@Deprecated
public class LoggerListener implements ApplicationListener<AbstractAuthorizationEvent> {
private static final Log logger = LogFactory.getLog(LoggerListener.class);
@Override
public void onApplicationEvent(AbstractAuthorizationEvent event) {
if (event instanceof AuthenticationCredentialsNotFoundEvent) {
onAuthenticationCredentialsNotFoundEvent((AuthenticationCredentialsNotFoundEvent) event);
}
if (event instanceof AuthorizationFailureEvent) {
onAuthorizationFailureEvent((AuthorizationFailureEvent) event);
}
if (event instanceof AuthorizedEvent) {
onAuthorizedEvent((AuthorizedEvent) event);
}
if (event instanceof PublicInvocationEvent) {
onPublicInvocationEvent((PublicInvocationEvent) event);
}
}
private void onAuthenticationCredentialsNotFoundEvent(AuthenticationCredentialsNotFoundEvent authEvent) {
logger.warn(LogMessage.format(
"Security interception failed due to: %s; secure object: %s; configuration attributes: %s",
authEvent.getCredentialsNotFoundException(), authEvent.getSource(), authEvent.getConfigAttributes()));
}
private void onPublicInvocationEvent(PublicInvocationEvent event) {
logger.info(LogMessage.format("Security interception not required for public secure object: %s",
event.getSource()));
}
private void onAuthorizedEvent(AuthorizedEvent authEvent) {
logger.info(LogMessage.format(
"Security authorized for authenticated principal: %s; secure object: %s; configuration attributes: %s",
authEvent.getAuthentication(), authEvent.getSource(), authEvent.getConfigAttributes()));
}
private void onAuthorizationFailureEvent(AuthorizationFailureEvent authEvent) {
logger.warn(LogMessage.format(
"Security authorization failed due to: %s; authenticated principal: %s; secure object: %s; configuration attributes: %s",
authEvent.getAccessDeniedException(), authEvent.getAuthentication(), authEvent.getSource(),
authEvent.getConfigAttributes()));
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.event;
import org.springframework.security.authorization.event.AuthorizationGrantedEvent;
/**
* Event that is generated whenever a public secure object is invoked.
* <p>
* A public secure object is a secure object that has no <code>ConfigAttribute</code>s
* defined. A public secure object will not cause the <code>SecurityContextHolder</code>
* to be inspected or authenticated, and no authorization will take place.
* </p>
* <p>
* Published just before the secure object attempts to proceed.
* </p>
*
* @author Ben Alex
* @deprecated Only used by now-deprecated classes. Consider
* {@link AuthorizationGrantedEvent#getSource()} to deduce public invocations.
*/
@Deprecated
@SuppressWarnings("serial")
public class PublicInvocationEvent extends AbstractAuthorizationEvent {
/**
* Construct the event, passing in the public secure object.
* @param secureObject the public secure object
*/
public PublicInvocationEvent(Object secureObject) {
super(secureObject);
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/event/package-info.java
================================================
/*
* Copyright 2004-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Authorization event and listener classes.
*/
@NullMarked
package org.springframework.security.access.event;
import org.jspecify.annotations.NullMarked;
================================================
FILE: access/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
================================================
/*
* Copyright 2004-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.expression.method;
import org.jspecify.annotations.NullUnmarked;
import org.jspecify.annotations.Nullable;
import org.springframework.expression.Expression;
import org.springframework.expression.ParseException;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.util.Assert;
/**
* Contains both filtering and authorization expression meta-data for Spring-EL based
* access control.
* <p>
* Base class for pre or post-invocation phases of a method invocation.
* <p>
* Either filter or authorization expressions may be null, but not both.
*
* @author Luke Taylor
* @since 3.0
* @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager}
* interceptors instead
*/
@NullUnmarked
@Deprecated
abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAttribute {
private final @Nullable Expression filterExpression;
private final @Nullable Expression authorizeExpression;
/**
* Parses the supplied expressions as Spring-EL.
*/
AbstractExpressionBasedMethodConfigAttribute(String filterExpression, String authorizeExpression)
throws ParseException {
Assert.isTrue(filterExpression != null || authorizeExpression != null,
"Filter and authorization Expressions cannot both be null");
SpelExpressionParser parser = new SpelExpressionParser();
this.filterExpression = (filterExpression != null) ? parser.parseExpression(filterExpression) : null;
this.authorizeExpression = (authorizeExpression != null) ? parser.parseExpression(authorizeExpression) : null;
}
AbstractExpressionBasedMethodConfigAttribute(Expression filterExpression, Expression authorizeExpression)
throws ParseException {
Assert.isTrue(filterExpression != null || authorizeExpression != null,
"Filter and authorization Expressions cannot both be null");
this.filterExpression = (filterExpression != null) ? filterExpression : null;
this.authorizeExpression = (authorizeExpression != null) ? authorizeExpression : null;
}
Expression getFilterExpression() {
return this.filterExpression;
}
Expression getAuthorizeExpression() {
return this.authorizeExpression;
}
@Override
public @Nullable String getAttribute() {
return null;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
================================================
/*
* Copyright 2004-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.expression.method;
import org.jspecify.annotations.NullUnmarked;
import org.jspecify.annotations.Nullable;
import org.springframework.expression.Expression;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.ParseException;
import org.springframework.security.access.prepost.PostInvocationAttribute;
import org.springframework.security.access.prepost.PreInvocationAttribute;
import org.springframework.security.access.prepost.PrePostInvocationAttributeFactory;
import org.springframework.util.Assert;
/**
* {@link PrePostInvocationAttributeFactory} which interprets the annotation value as an
* expression to be evaluated at runtime.
*
* @author Luke Taylor
* @author Rob Winch
* @since 3.0
* @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager}
* interceptors instead
*/
@NullUnmarked
@Deprecated
public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocationAttributeFactory {
private final Object parserLock = new Object();
private @Nullable ExpressionParser parser;
private MethodSecurityExpressionHandler handler;
public ExpressionBasedAnnotationAttributeFactory(MethodSecurityExpressionHandler handler) {
Assert.notNull(handler, "handler cannot be null");
this.handler = handler;
}
@Override
public PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute, String filterObject,
String preAuthorizeAttribute) {
try {
// TODO: Optimization of permitAll
ExpressionParser parser = getParser();
Expression preAuthorizeExpression = (preAuthorizeAttribute != null)
? parser.parseExpression(preAuthorizeAttribute) : parser.parseExpression("permitAll");
Expression preFilterExpression = (preFilterAttribute != null) ? parser.parseExpression(preFilterAttribute)
: null;
return new PreInvocationExpressionAttribute(preFilterExpression, filterObject, preAuthorizeExpression);
}
catch (ParseException ex) {
throw new IllegalArgumentException("Failed to parse expression '" + ex.getExpressionString() + "'", ex);
}
}
@Override
public @Nullable PostInvocationAttribute createPostInvocationAttribute(String postFilterAttribute,
String postAuthorizeAttribute) {
try {
ExpressionParser parser = getParser();
Expression postAuthorizeExpression = (postAuthorizeAttribute != null)
? parser.parseExpression(postAuthorizeAttribute) : null;
Expression postFilterExpression = (postFilterAttribute != null)
? parser.parseExpression(postFilterAttribute) : null;
if (postFilterExpression != null || postAuthorizeExpression != null) {
return new PostInvocationExpressionAttribute(postFilterExpression, postAuthorizeExpression);
}
}
catch (ParseException ex) {
throw new IllegalArgumentException("Failed to parse expression '" + ex.getExpressionString() + "'", ex);
}
return null;
}
/**
* Delay the lookup of the {@link ExpressionParser} to prevent SEC-2136
* @return
*/
private ExpressionParser getParser() {
if (this.parser != null) {
return this.parser;
}
synchronized (this.parserLock) {
this.parser = this.handler.getExpressionParser();
this.handler = null;
}
return this.parser;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
================================================
/*
* Copyright 2004-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.expression.method;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.log.LogMessage;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.Expression;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.expression.ExpressionUtils;
import org.springframework.security.access.prepost.PostInvocationAttribute;
import org.springframework.security.access.prepost.PostInvocationAuthorizationAdvice;
import org.springframework.security.core.Authentication;
/**
* @author Luke Taylor
* @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
* instead
*/
@Deprecated
public class ExpressionBasedPostInvocationAdvice implements PostInvocationAuthorizationAdvice {
protected final Log logger = LogFactory.getLog(getClass());
private final MethodSecurityExpressionHandler expressionHandler;
public ExpressionBasedPostInvocationAdvice(MethodSecurityExpressionHandler expressionHandler) {
this.expressionHandler = expressionHandler;
}
@Override
public Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute postAttr,
Object returnedObject) throws AccessDeniedException {
PostInvocationExpressionAttribute pia = (PostInvocationExpressionAttribute) postAttr;
EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, mi);
Expression postFilter = pia.getFilterExpression();
Expression postAuthorize = pia.getAuthorizeExpression();
if (postFilter != null) {
this.logger.debug(LogMessage.format("Applying PostFilter expression %s", postFilter));
if (returnedObject != null) {
returnedObject = this.expressionHandler.filter(returnedObject, postFilter, ctx);
}
else {
this.logger.debug("Return object is null, filtering will be skipped");
}
}
this.expressionHandler.setReturnObject(returnedObject, ctx);
if (postAuthorize != null && !ExpressionUtils.evaluateAsBoolean(postAuthorize, ctx)) {
this.logger.debug("PostAuthorize expression rejected access");
throw new AccessDeniedException("Access is denied");
}
return returnedObject;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
================================================
/*
* Copyright 2004-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.expression.method;
import java.util.Collection;
import org.aopalliance.intercept.MethodInvocation;
import org.jspecify.annotations.NullUnmarked;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.Expression;
import org.springframework.security.access.expression.ExpressionUtils;
import org.springframework.security.access.prepost.PreInvocationAttribute;
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice;
import org.springframework.security.core.Authentication;
import org.springframework.util.Assert;
/**
* Method pre-invocation handling based on expressions.
*
* @author Luke Taylor
* @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
* instead
*/
@NullUnmarked
@Deprecated
public class ExpressionBasedPreInvocationAdvice implements PreInvocationAuthorizationAdvice {
private MethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
@Override
public boolean before(Authentication authentication, MethodInvocation mi, PreInvocationAttribute attr) {
PreInvocationExpressionAttribute preAttr = (PreInvocationExpressionAttribute) attr;
EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, mi);
Expression preFilter = preAttr.getFilterExpression();
Expression preAuthorize = preAttr.getAuthorizeExpression();
if (preFilter != null) {
Object filterTarget = findFilterTarget(preAttr.getFilterTarget(), ctx, mi);
this.expressionHandler.filter(filterTarget, preFilter, ctx);
}
return (preAuthorize != null) ? ExpressionUtils.evaluateAsBoolean(preAuthorize, ctx) : true;
}
private Object findFilterTarget(String filterTargetName, EvaluationContext ctx, MethodInvocation invocation) {
Object filterTarget = null;
if (filterTargetName.length() > 0) {
filterTarget = ctx.lookupVariable(filterTargetName);
Assert.notNull(filterTarget,
() -> "Filter target was null, or no argument with name " + filterTargetName + " found in method");
}
else if (invocation.getArguments().length == 1) {
Object arg = invocation.getArguments()[0];
if (arg.getClass().isArray() || arg instanceof Collection<?>) {
filterTarget = arg;
}
Assert.notNull(filterTarget, () -> "A PreFilter expression was set but the method argument type"
+ arg.getClass() + " is not filterable");
}
else if (invocation.getArguments().length > 1) {
throw new IllegalArgumentException(
"Unable to determine the method argument for filtering. Specify the filter target.");
}
Assert.isTrue(!filterTarget.getClass().isArray(),
"Pre-filtering on array types is not supported. Using a Collection will solve this problem");
return filterTarget;
}
public void setExpressionHandler(MethodSecurityExpressionHandler expressionHandler) {
this.expressionHandler = expressionHandler;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
================================================
/*
* Copyright 2004-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.expression.method;
import org.jspecify.annotations.Nullable;
import org.springframework.expression.Expression;
import org.springframework.expression.ParseException;
import org.springframework.security.access.prepost.PostInvocationAttribute;
/**
* @author Luke Taylor
* @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
* instead
*/
@Deprecated
@SuppressWarnings("serial")
class PostInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
implements PostInvocationAttribute {
PostInvocationExpressionAttribute(String filterExpression, String authorizeExpression) throws ParseException {
super(filterExpression, authorizeExpression);
}
PostInvocationExpressionAttribute(@Nullable Expression filterExpression, @Nullable Expression authorizeExpression)
throws ParseException {
super(filterExpression, authorizeExpression);
}
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
Expression authorize = getAuthorizeExpression();
Expression filter = getFilterExpression();
sb.append("[authorize: '").append((authorize != null) ? authorize.getExpressionString() : "null");
sb.append("', filter: '").append((filter != null) ? filter.getExpressionString() : "null").append("']");
return sb.toString();
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
================================================
/*
* Copyright 2004-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.expression.method;
import org.jspecify.annotations.Nullable;
import org.springframework.expression.Expression;
import org.springframework.expression.ParseException;
import org.springframework.security.access.prepost.PreInvocationAttribute;
/**
* @author Luke Taylor
* @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
* instead
*/
@Deprecated
@SuppressWarnings("serial")
class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
implements PreInvocationAttribute {
private final String filterTarget;
PreInvocationExpressionAttribute(String filterExpression, String filterTarget, String authorizeExpression)
throws ParseException {
super(filterExpression, authorizeExpression);
this.filterTarget = filterTarget;
}
PreInvocationExpressionAttribute(@Nullable Expression filterExpression, String filterTarget,
Expression authorizeExpression) throws ParseException {
super(filterExpression, authorizeExpression);
this.filterTarget = filterTarget;
}
/**
* The parameter name of the target argument (must be a Collection) to which filtering
* will be applied.
* @return the method parameter name
*/
String getFilterTarget() {
return this.filterTarget;
}
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
Expression authorize = getAuthorizeExpression();
Expression filter = getFilterExpression();
sb.append("[authorize: '").append((authorize != null) ? authorize.getExpressionString() : "null");
sb.append("', filter: '").append((filter != null) ? filter.getExpressionString() : "null");
sb.append("', filterTarget: '").append(this.filterTarget).append("']");
return sb.toString();
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.intercept;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jspecify.annotations.NullUnmarked;
import org.jspecify.annotations.Nullable;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.core.log.LogMessage;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent;
import org.springframework.security.access.event.AuthorizationFailureEvent;
import org.springframework.security.access.event.AuthorizedEvent;
import org.springframework.security.access.event.PublicInvocationEvent;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
/**
* Abstract class that implements security interception for secure objects.
* <p>
* The <code>AbstractSecurityInterceptor</code> will ensure the proper startup
* configuration of the security interceptor. It will also implement the proper handling
* of secure object invocations, namely:
* <ol>
* <li>Obtain the {@link Authentication} object from the
* {@link SecurityContextHolder}.</li>
* <li>Determine if the request relates to a secured or public invocation by looking up
* the secure object request against the {@link SecurityMetadataSource}.</li>
* <li>For an invocation that is secured (there is a list of <code>ConfigAttribute</code>s
* for the secure object invocation):
* <ol type="a">
* <li>If either the
* {@link org.springframework.security.core.Authentication#isAuthenticated()} returns
* <code>false</code>, or the {@link #alwaysReauthenticate} is <code>true</code>,
* authenticate the request against the configured {@link AuthenticationManager}. When
* authenticated, replace the <code>Authentication</code> object on the
* <code>SecurityContextHolder</code> with the returned value.</li>
* <li>Authorize the request against the configured {@link AccessDecisionManager}.</li>
* <li>Perform any run-as replacement via the configured {@link RunAsManager}.</li>
* <li>Pass control back to the concrete subclass, which will actually proceed with
* executing the object. A {@link InterceptorStatusToken} is returned so that after the
* subclass has finished proceeding with execution of the object, its finally clause can
* ensure the <code>AbstractSecurityInterceptor</code> is re-called and tidies up
* correctly using {@link #finallyInvocation(InterceptorStatusToken)}.</li>
* <li>The concrete subclass will re-call the <code>AbstractSecurityInterceptor</code> via
* the {@link #afterInvocation(InterceptorStatusToken, Object)} method.</li>
* <li>If the <code>RunAsManager</code> replaced the <code>Authentication</code> object,
* return the <code>SecurityContextHolder</code> to the object that existed after the call
* to <code>AuthenticationManager</code>.</li>
* <li>If an <code>AfterInvocationManager</code> is defined, invoke the invocation manager
* and allow it to replace the object due to be returned to the caller.</li>
* </ol>
* </li>
* <li>For an invocation that is public (there are no <code>ConfigAttribute</code>s for
* the secure object invocation):
* <ol type="a">
* <li>As described above, the concrete subclass will be returned an
* <code>InterceptorStatusToken</code> which is subsequently re-presented to the
* <code>AbstractSecurityInterceptor</code> after the secure object has been executed. The
* <code>AbstractSecurityInterceptor</code> will take no further action when its
* {@link #afterInvocation(InterceptorStatusToken, Object)} is called.</li>
* </ol>
* </li>
* <li>Control again returns to the concrete subclass, along with the <code>Object</code>
* that should be returned to the caller. The subclass will then return that result or
* exception to the original caller.</li>
* </ol>
*
* @author Ben Alex
* @author Rob Winch
* @deprecated Use
* {@link org.springframework.security.web.access.intercept.AuthorizationFilter} instead
* for filter security,
* {@link org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor}
* for messaging security, or
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
* and
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
* for method security.
*/
@NullUnmarked
@Deprecated
public abstract class AbstractSecurityInterceptor
implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware {
protected final Log logger = LogFactory.getLog(getClass());
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
.getContextHolderStrategy();
private @Nullable ApplicationEventPublisher eventPublisher;
private @Nullable AccessDecisionManager accessDecisionManager;
private @Nullable AfterInvocationManager afterInvocationManager;
private AuthenticationManager authenticationManager = new NoOpAuthenticationManager();
private RunAsManager runAsManager = new NullRunAsManager();
private boolean alwaysReauthenticate = false;
private boolean rejectPublicInvocations = false;
private boolean validateConfigAttributes = true;
private boolean publishAuthorizationSuccess = false;
@Override
public void afterPropertiesSet() {
Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
Assert.notNull(this.messages, "A message source must be set");
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
Assert.notNull(this.accessDecisionManager, "An AccessDecisionManager is required");
Assert.notNull(this.runAsManager, "A RunAsManager is required");
Assert.notNull(this.obtainSecurityMetadataSource(), "An SecurityMetadataSource is required");
Assert.isTrue(this.obtainSecurityMetadataSource().supports(getSecureObjectClass()),
() -> "SecurityMetadataSource does not support secure object class: " + getSecureObjectClass());
Assert.isTrue(this.runAsManager.supports(getSecureObjectClass()),
() -> "RunAsManager does not support secure object class: " + getSecureObjectClass());
Assert.isTrue(this.accessDecisionManager.supports(getSecureObjectClass()),
() -> "AccessDecisionManager does not support secure object class: " + getSecureObjectClass());
if (this.afterInvocationManager != null) {
Assert.isTrue(this.afterInvocationManager.supports(getSecureObjectClass()),
() -> "AfterInvocationManager does not support secure object class: " + getSecureObjectClass());
}
if (this.validateConfigAttributes) {
Collection<ConfigAttribute> attributeDefs = this.obtainSecurityMetadataSource().getAllConfigAttributes();
if (attributeDefs == null) {
this.logger.warn("Could not validate configuration attributes as the "
+ "SecurityMetadataSource did not return any attributes from getAllConfigAttributes()");
return;
}
validateAttributeDefs(attributeDefs);
}
}
private void validateAttributeDefs(Collection<ConfigAttribute> attributeDefs) {
Set<ConfigAttribute> unsupportedAttrs = new HashSet<>();
for (ConfigAttribute attr : attributeDefs) {
if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr)
&& ((this.afterInvocationManager == null) || !this.afterInvocationManager.supports(attr))) {
unsupportedAttrs.add(attr);
}
}
if (unsupportedAttrs.size() != 0) {
this.logger
.trace("Did not validate configuration attributes since validateConfigurationAttributes is false");
throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttrs);
}
else {
this.logger.trace("Validated configuration attributes");
}
}
protected @Nullable InterceptorStatusToken beforeInvocation(Object object) {
Assert.notNull(object, "Object was null");
if (!getSecureObjectClass().isAssignableFrom(object.getClass())) {
throw new IllegalArgumentException("Security invocation attempted for object " + object.getClass().getName()
+ " but AbstractSecurityInterceptor only configured to support secure objects of type: "
+ getSecureObjectClass());
}
Collection<ConfigAttribute> attributes = this.obtainSecurityMetadataSource().getAttributes(object);
if (CollectionUtils.isEmpty(attributes)) {
Assert.isTrue(!this.rejectPublicInvocations,
() -> "Secure object invocation " + object
+ " was denied as public invocations are not allowed via this interceptor. "
+ "This indicates a configuration error because the "
+ "rejectPublicInvocations property is set to 'true'");
if (this.logger.isDebugEnabled()) {
this.logger.debug(LogMessage.format("Authorized public object %s", object));
}
publishEvent(new PublicInvocationEvent(object));
return null; // no further work post-invocation
}
if (this.securityContextHolderStrategy.getContext().getAuthentication() == null) {
credentialsNotFound(this.messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
"An Authentication object was not found in the SecurityContext"), object, attributes);
}
Authentication authenticated = authenticateIfRequired();
if (this.logger.isTraceEnabled()) {
this.logger.trace(LogMessage.format("Authorizing %s with attributes %s", object, attributes));
}
// Attempt authorization
attemptAuthorization(object, attributes, authenticated);
if (this.logger.isDebugEnabled()) {
this.logger.debug(LogMessage.format("Authorized %s with attributes %s", object, attributes));
}
if (this.publishAuthorizationSuccess) {
publishEvent(new AuthorizedEvent(object, attributes, authenticated));
}
// Attempt to run as a different user
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attributes);
if (runAs != null) {
SecurityContext origCtx = this.securityContextHolderStrategy.getContext();
SecurityContext newCtx = this.securityContextHolderStrategy.createEmptyContext();
newCtx.setAuthentication(runAs);
this.securityContextHolderStrategy.setContext(newCtx);
if (this.logger.isDebugEnabled()) {
this.logger.debug(LogMessage.format("Switched to RunAs authentication %s", runAs));
}
// need to revert to token.Authenticated post-invocation
return new InterceptorStatusToken(origCtx, true, attributes, object);
}
this.logger.trace("Did not switch RunAs authentication since RunAsManager returned null");
// no further work post-invocation
return new InterceptorStatusToken(this.securityContextHolderStrategy.getContext(), false, attributes, object);
}
private void attemptAuthorization(Object object, Collection<ConfigAttribute> attributes,
Authentication authenticated) {
try {
this.accessDecisionManager.decide(authenticated, object, attributes);
}
catch (AccessDeniedException ex) {
if (this.logger.isTraceEnabled()) {
this.logger.trace(LogMessage.format("Failed to authorize %s with attributes %s using %s", object,
attributes, this.accessDecisionManager));
}
else if (this.logger.isDebugEnabled()) {
this.logger.debug(LogMessage.format("Failed to authorize %s with attributes %s", object, attributes));
}
publishEvent(new AuthorizationFailureEvent(object, attributes, authenticated, ex));
throw ex;
}
}
/**
* Cleans up the work of the <tt>AbstractSecurityInterceptor</tt> after the secure
* object invocation has been completed. This method should be invoked after the
* secure object invocation and before afterInvocation regardless of the secure object
* invocation returning successfully (i.e. it should be done in a finally block).
* @param token as returned by the {@link #beforeInvocation(Object)} method
*/
protected void finallyInvocation(InterceptorStatusToken token) {
if (token != null && token.isContextHolderRefreshRequired()) {
this.securityContextHolderStrategy.setContext(token.getSecurityContext());
if (this.logger.isDebugEnabled()) {
this.logger.debug(LogMessage
.of(() -> "Reverted to original authentication " + token.getSecurityContext().getAuthentication()));
}
}
}
/**
* Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure
* object invocation has been completed.
* @param token as returned by the {@link #beforeInvocation(Object)} method
* @param returnedObject any object returned from the secure object invocation (may be
* <tt>null</tt>)
* @return the object the secure object invocation should ultimately return to its
* caller (may be <tt>null</tt>)
*/
protected Object afterInvocation(InterceptorStatusToken token, @Nullable Object returnedObject) {
if (token == null) {
// public object
return returnedObject;
}
finallyInvocation(token); // continue to clean in this method for passivity
if (this.afterInvocationManager != null) {
// Attempt after invocation handling
try {
returnedObject = this.afterInvocationManager.decide(token.getSecurityContext().getAuthentication(),
token.getSecureObject(), token.getAttributes(), returnedObject);
}
catch (AccessDeniedException ex) {
publishEvent(new AuthorizationFailureEvent(token.getSecureObject(), token.getAttributes(),
token.getSecurityContext().getAuthentication(), ex));
throw ex;
}
}
return returnedObject;
}
/**
* Checks the current authentication token and passes it to the AuthenticationManager
* if {@link org.springframework.security.core.Authentication#isAuthenticated()}
* returns false or the property <tt>alwaysReauthenticate</tt> has been set to true.
* @return an authenticated <tt>Authentication</tt> object.
*/
private Authentication authenticateIfRequired() {
Authentication authentication = this.securityContextHolderStrategy.getContext().getAuthentication();
if (authentication.isAuthenticated() && !this.alwaysReauthenticate) {
if (this.logger.isTraceEnabled()) {
this.logger.trace(LogMessage.format("Did not re-authenticate %s before authorizing", authentication));
}
return authentication;
}
authentication = this.authenticationManager.authenticate(authentication);
// Don't authenticated.setAuthentication(true) because each provider does that
if (this.logger.isDebugEnabled()) {
this.logger.debug(LogMessage.format("Re-authenticated %s before authorizing", authentication));
}
SecurityContext context = this.securityContextHolderStrategy.createEmptyContext();
context.setAuthentication(authentication);
this.securityContextHolderStrategy.setContext(context);
return authentication;
}
/**
* Helper method which generates an exception containing the passed reason, and
* publishes an event to the application context.
* <p>
* Always throws an exception.
* @param reason to be provided in the exception detail
* @param secureObject that was being called
* @param configAttribs that were defined for the secureObject
*/
private void credentialsNotFound(String reason, Object secureObject, Collection<ConfigAttribute> configAttribs) {
AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(reason);
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject,
configAttribs, exception);
publishEvent(event);
throw exception;
}
public AccessDecisionManager getAccessDecisionManager() {
return this.accessDecisionManager;
}
public AfterInvocationManager getAfterInvocationManager() {
return this.afterInvocationManager;
}
public AuthenticationManager getAuthenticationManager() {
return this.authenticationManager;
}
public RunAsManager getRunAsManager() {
return this.runAsManager;
}
/**
* Indicates the type of secure objects the subclass will be presenting to the
* abstract parent for processing. This is used to ensure collaborators wired to the
* {@code AbstractSecurityInterceptor} all support the indicated secure object class.
* @return the type of secure object the subclass provides services for
*/
public abstract Class<?> getSecureObjectClass();
public boolean isAlwaysReauthenticate() {
return this.alwaysReauthenticate;
}
public boolean isRejectPublicInvocations() {
return this.rejectPublicInvocations;
}
public boolean isValidateConfigAttributes() {
return this.validateConfigAttributes;
}
public abstract SecurityMetadataSource obtainSecurityMetadataSource();
/**
* Sets the {@link SecurityContextHolderStrategy} to use. The default action is to use
* the {@link SecurityContextHolderStrategy} stored in {@link SecurityContextHolder}.
*
* @since 5.8
*/
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
Assert.notNull(securityContextHolderStrategy, "securityContextHolderStrategy cannot be null");
this.securityContextHolderStrategy = securityContextHolderStrategy;
}
public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
this.accessDecisionManager = accessDecisionManager;
}
public void setAfterInvocationManager(AfterInvocationManager afterInvocationManager) {
this.afterInvocationManager = afterInvocationManager;
}
/**
* Indicates whether the <code>AbstractSecurityInterceptor</code> should ignore the
* {@link Authentication#isAuthenticated()} property. Defaults to <code>false</code>,
* meaning by default the <code>Authentication.isAuthenticated()</code> property is
* trusted and re-authentication will not occur if the principal has already been
* authenticated.
* @param alwaysReauthenticate <code>true</code> to force
* <code>AbstractSecurityInterceptor</code> to disregard the value of
* <code>Authentication.isAuthenticated()</code> and always re-authenticate the
* request (defaults to <code>false</code>).
*/
public void setAlwaysReauthenticate(boolean alwaysReauthenticate) {
this.alwaysReauthenticate = alwaysReauthenticate;
}
@Override
public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
this.eventPublisher = applicationEventPublisher;
}
public void setAuthenticationManager(AuthenticationManager newManager) {
this.authenticationManager = newManager;
}
@Override
public void setMessageSource(MessageSource messageSource) {
this.messages = new MessageSourceAccessor(messageSource);
}
/**
* Only {@code AuthorizationFailureEvent} will be published. If you set this property
* to {@code true}, {@code AuthorizedEvent}s will also be published.
* @param publishAuthorizationSuccess default value is {@code false}
*/
public void setPublishAuthorizationSuccess(boolean publishAuthorizationSuccess) {
this.publishAuthorizationSuccess = publishAuthorizationSuccess;
}
/**
* By rejecting public invocations (and setting this property to <tt>true</tt>),
* essentially you are ensuring that every secure object invocation advised by
* <code>AbstractSecurityInterceptor</code> has a configuration attribute defined.
* This is useful to ensure a "fail safe" mode where undeclared secure objects will be
* rejected and configuration omissions detected early. An
* <tt>IllegalArgumentException</tt> will be thrown by the
* <tt>AbstractSecurityInterceptor</tt> if you set this property to <tt>true</tt> and
* an attempt is made to invoke a secure object that has no configuration attributes.
* @param rejectPublicInvocations set to <code>true</code> to reject invocations of
* secure objects that have no configuration attributes (by default it is
* <code>false</code> which treats undeclared secure objects as "public" or
* unauthorized).
*/
public void setRejectPublicInvocations(boolean rejectPublicInvocations) {
this.rejectPublicInvocations = rejectPublicInvocations;
}
public void setRunAsManager(RunAsManager runAsManager) {
this.runAsManager = runAsManager;
}
public void setValidateConfigAttributes(boolean validateConfigAttributes) {
this.validateConfigAttributes = validateConfigAttributes;
}
private void publishEvent(ApplicationEvent event) {
if (this.eventPublisher != null) {
this.eventPublisher.publishEvent(event);
}
}
private static class NoOpAuthenticationManager implements AuthenticationManager {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
throw new AuthenticationServiceException("Cannot authenticate " + authentication);
}
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.intercept;
import java.util.Collection;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
/**
* Reviews the <code>Object</code> returned from a secure object invocation, being able to
* modify the <code>Object</code> or throw an {@link AccessDeniedException}.
* <p>
* Typically used to ensure the principal is permitted to access the domain object
* instance returned by a service layer bean. Can also be used to mutate the domain object
* instance so the principal is only able to access authorised bean properties or
* <code>Collection</code> elements.
* <p>
* Special consideration should be given to using an <code>AfterInvocationManager</code>
* on bean methods that modify a database. Typically an
* <code>AfterInvocationManager</code> is used with read-only methods, such as
* <code>public DomainObject getById(id)</code>. If used with methods that modify a
* database, a transaction manager should be used to ensure any
* <code>AccessDeniedException</code> will cause a rollback of the changes made by the
* transaction.
* </p>
*
* @author Ben Alex
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
* @deprecated Use delegation with {@link AuthorizationManager}
*/
@Deprecated
public interface AfterInvocationManager {
/**
* Given the details of a secure object invocation including its returned
* <code>Object</code>, make an access control decision or optionally modify the
* returned <code>Object</code>.
* @param authentication the caller that invoked the method
* @param object the secured object that was called
* @param attributes the configuration attributes associated with the secured object
* that was invoked
* @param returnedObject the <code>Object</code> that was returned from the secure
* object invocation
* @return the <code>Object</code> that will ultimately be returned to the caller (if
* an implementation does not wish to modify the object to be returned to the caller,
* the implementation should simply return the same object it was passed by the
* <code>returnedObject</code> method argument)
* @throws AccessDeniedException if access is denied
*/
Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
Object returnedObject) throws AccessDeniedException;
/**
* Indicates whether this <code>AfterInvocationManager</code> is able to process
* "after invocation" requests presented with the passed <code>ConfigAttribute</code>.
* <p>
* This allows the <code>AbstractSecurityInterceptor</code> to check every
* configuration attribute can be consumed by the configured
* <code>AccessDecisionManager</code> and/or <code>RunAsManager</code> and/or
* <code>AfterInvocationManager</code>.
* </p>
* @param attribute a configuration attribute that has been configured against the
* <code>AbstractSecurityInterceptor</code>
* @return true if this <code>AfterInvocationManager</code> can support the passed
* configuration attribute
*/
boolean supports(ConfigAttribute attribute);
/**
* Indicates whether the <code>AfterInvocationManager</code> implementation is able to
* provide access control decisions for the indicated secured object type.
* @param clazz the class that is being queried
* @return <code>true</code> if the implementation can process the indicated class
*/
boolean supports(Class<?> clazz);
}
================================================
FILE: access/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.intercept;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jspecify.annotations.NullUnmarked;
import org.jspecify.annotations.Nullable;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.log.LogMessage;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.AfterInvocationProvider;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
/**
* Provider-based implementation of {@link AfterInvocationManager}.
* <p>
* Handles configuration of a bean context defined list of {@link AfterInvocationProvider}
* s.
* <p>
* Every <code>AfterInvocationProvider</code> will be polled when the
* {@link #decide(Authentication, Object, Collection, Object)} method is called. The
* <code>Object</code> returned from each provider will be presented to the successive
* provider for processing. This means each provider <b>must</b> ensure they return the
* <code>Object</code>, even if they are not interested in the "after invocation" decision
* (perhaps as the secure object invocation did not include a configuration attribute a
* given provider is configured to respond to).
*
* @author Ben Alex
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
* @deprecated Use delegation with {@link AuthorizationManager}
*/
@NullUnmarked
@Deprecated
public class AfterInvocationProviderManager implements AfterInvocationManager, InitializingBean {
protected static final Log logger = LogFactory.getLog(AfterInvocationProviderManager.class);
@SuppressWarnings("NullAway.Init")
private @Nullable List<AfterInvocationProvider> providers;
@Override
public void afterPropertiesSet() {
checkIfValidList(this.providers);
}
@Override
public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
Object returnedObject) throws AccessDeniedException {
Object result = returnedObject;
for (AfterInvocationProvider provider : this.providers) {
result = provider.decide(authentication, object, config, result);
}
return result;
}
public List<AfterInvocationProvider> getProviders() {
return this.providers;
}
public void setProviders(List<?> newList) {
checkIfValidList(newList);
this.providers = new ArrayList<>(newList.size());
for (Object currentObject : newList) {
Assert.isInstanceOf(AfterInvocationProvider.class, currentObject, () -> "AfterInvocationProvider "
+ currentObject.getClass().getName() + " must implement AfterInvocationProvider");
this.providers.add((AfterInvocationProvider) currentObject);
}
}
private void checkIfValidList(List<?> listToCheck) {
Assert.isTrue(!CollectionUtils.isEmpty(listToCheck), "A list of AfterInvocationProviders is required");
}
@Override
public boolean supports(ConfigAttribute attribute) {
for (AfterInvocationProvider provider : this.providers) {
logger.debug(LogMessage.format("Evaluating %s against %s", attribute, provider));
if (provider.supports(attribute)) {
return true;
}
}
return false;
}
/**
* Iterates through all <code>AfterInvocationProvider</code>s and ensures each can
* support the presented class.
* <p>
* If one or more providers cannot support the presented class, <code>false</code> is
* returned.
* @param clazz the secure object class being queries
* @return if the <code>AfterInvocationProviderManager</code> can support the secure
* object class, which requires every one of its <code>AfterInvocationProvider</code>s
* to support the secure object class
*/
@Override
public boolean supports(Class<?> clazz) {
for (AfterInvocationProvider provider : this.providers) {
if (!provider.supports(clazz)) {
return false;
}
}
return true;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.intercept;
import java.util.Collection;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.context.SecurityContext;
/**
* A return object received by {@link AbstractSecurityInterceptor} subclasses.
* <p>
* This class reflects the status of the security interception, so that the final call to
* {@link org.springframework.security.access.intercept.AbstractSecurityInterceptor#afterInvocation(InterceptorStatusToken, Object)}
* can tidy up correctly.
*
* @author Ben Alex
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
* @deprecated Use delegation with {@link AuthorizationManager}
*/
@Deprecated
public class InterceptorStatusToken {
private SecurityContext securityContext;
private Collection<ConfigAttribute> attr;
private Object secureObject;
private boolean contextHolderRefreshRequired;
public InterceptorStatusToken(SecurityContext securityContext, boolean contextHolderRefreshRequired,
Collection<ConfigAttribute> attributes, Object secureObject) {
this.securityContext = securityContext;
this.contextHolderRefreshRequired = contextHolderRefreshRequired;
this.attr = attributes;
this.secureObject = secureObject;
}
public Collection<ConfigAttribute> getAttributes() {
return this.attr;
}
public SecurityContext getSecurityContext() {
return this.securityContext;
}
public Object getSecureObject() {
return this.secureObject;
}
public boolean isContextHolderRefreshRequired() {
return this.contextHolderRefreshRequired;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.intercept;
import java.util.Collection;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jspecify.annotations.NullUnmarked;
import org.jspecify.annotations.Nullable;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.log.LogMessage;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.util.Assert;
/**
* Allows users to determine whether they have "before invocation" privileges for a given
* method invocation.
* <p>
* Of course, if an
* {@link org.springframework.security.access.intercept.AfterInvocationManager} is used to
* authorize the <em>result</em> of a method invocation, this class cannot assist
* determine whether or not the <code>AfterInvocationManager</code> will enable access.
* Instead this class aims to allow applications to determine whether or not the current
* principal would be allowed to at least attempt to invoke the method, irrespective of
* the "after" invocation handling.
* </p>
*
* @author Ben Alex
* @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager}
* instead
*/
@NullUnmarked
@Deprecated
public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
protected static final Log logger = LogFactory.getLog(MethodInvocationPrivilegeEvaluator.class);
@SuppressWarnings("NullAway.Init")
private @Nullable AbstractSecurityInterceptor securityInterceptor;
@Override
public void afterPropertiesSet() {
Assert.notNull(this.securityInterceptor, "SecurityInterceptor required");
}
public boolean isAllowed(MethodInvocation invocation, Authentication authentication) {
Assert.notNull(invocation, "MethodInvocation required");
Assert.notNull(invocation.getMethod(), "MethodInvocation must provide a non-null getMethod()");
Collection<ConfigAttribute> attrs = this.securityInterceptor.obtainSecurityMetadataSource()
.getAttributes(invocation);
if (attrs == null) {
return !this.securityInterceptor.isRejectPublicInvocations();
}
if (authentication == null || authentication.getAuthorities().isEmpty()) {
return false;
}
try {
this.securityInterceptor.getAccessDecisionManager().decide(authentication, invocation, attrs);
return true;
}
catch (AccessDeniedException unauthorized) {
logger.debug(LogMessage.format("%s denied for %s", invocation, authentication), unauthorized);
return false;
}
}
public void setSecurityInterceptor(AbstractSecurityInterceptor securityInterceptor) {
Assert.notNull(securityInterceptor, "AbstractSecurityInterceptor cannot be null");
Assert.isTrue(MethodInvocation.class.equals(securityInterceptor.getSecureObjectClass()),
"AbstractSecurityInterceptor does not support MethodInvocations");
Assert.notNull(securityInterceptor.getAccessDecisionManager(),
"AbstractSecurityInterceptor must provide a non-null AccessDecisionManager");
this.securityInterceptor = securityInterceptor;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.intercept;
import java.util.Collection;
import org.jspecify.annotations.NullUnmarked;
import org.jspecify.annotations.Nullable;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
/**
* Implementation of a {@link RunAsManager} that does nothing.
* <p>
* This class should be used if you do not require run-as authentication replacement
* functionality.
*
* @author Ben Alex
* @deprecated please see {@link RunAsManager} deprecation notice
*/
@NullUnmarked
@Deprecated
final class NullRunAsManager implements RunAsManager {
@Override
public @Nullable Authentication buildRunAs(Authentication authentication, Object object,
Collection<ConfigAttribute> config) {
return null;
}
@Override
public boolean supports(ConfigAttribute attribute) {
return false;
}
@Override
public boolean supports(Class<?> clazz) {
return true;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.intercept;
import org.jspecify.annotations.NullUnmarked;
import org.jspecify.annotations.Nullable;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.util.Assert;
/**
* An {@link AuthenticationProvider} implementation that can authenticate a
* {@link RunAsUserToken}.
* <P>
* Configured in the bean context with a key that should match the key used by adapters to
* generate the <code>RunAsUserToken</code>. It treats as valid any
* <code>RunAsUserToken</code> instance presenting a hash code that matches the
* <code>RunAsImplAuthenticationProvider</code>-configured key.
* </p>
* <P>
* If the key does not match, a <code>BadCredentialsException</code> is thrown.
* </p>
*
* @deprecated Authentication is now separated from authorization in Spring Security. This
* class is only used by now-deprecated components. There is not yet an equivalent
* replacement in Spring Security.
*/
@NullUnmarked
@Deprecated
public class RunAsImplAuthenticationProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware {
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
@SuppressWarnings("NullAway.Init")
private @Nullable String key;
@Override
public void afterPropertiesSet() {
Assert.notNull(this.key, "A Key is required and should match that configured for the RunAsManagerImpl");
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
RunAsUserToken token = (RunAsUserToken) authentication;
if (token.getKeyHash() != this.key.hashCode()) {
throw new BadCredentialsException(this.messages.getMessage("RunAsImplAuthenticationProvider.incorrectKey",
"The presented RunAsUserToken does not contain the expected key"));
}
return authentication;
}
public String getKey() {
return this.key;
}
public void setKey(String key) {
this.key = key;
}
@Override
public void setMessageSource(MessageSource messageSource) {
this.messages = new MessageSourceAccessor(messageSource);
}
@Override
public boolean supports(Class<?> authentication) {
return RunAsUserToken.class.isAssignableFrom(authentication);
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.intercept;
import java.util.Collection;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
/**
* Creates a new temporary {@link Authentication} object for the current secure object
* invocation only.
*
* <p>
* This interface permits implementations to replace the <code>Authentication</code>
* object that applies to the current secure object invocation only. The
* {@link org.springframework.security.access.intercept.AbstractSecurityInterceptor} will
* replace the <code>Authentication</code> object held in the
* {@link org.springframework.security.core.context.SecurityContext SecurityContext} for
* the duration of the secure object callback only, returning it to the original
* <code>Authentication</code> object when the callback ends.
* </p>
*
* <p>
* This is provided so that systems with two layers of objects can be established. One
* layer is public facing and has normal secure methods with the granted authorities
* expected to be held by external callers. The other layer is private, and is only
* expected to be called by objects within the public facing layer. The objects in this
* private layer still need security (otherwise they would be public methods) and they
* also need security in such a manner that prevents them being called directly by
* external callers. The objects in the private layer would be configured to require
* granted authorities never granted to external callers. The <code>RunAsManager</code>
* interface provides a mechanism to elevate security in this manner.
* </p>
*
* <p>
* It is expected implementations will provide a corresponding concrete
* <code>Authentication</code> and <code>AuthenticationProvider</code> so that the
* replacement <code>Authentication</code> object can be authenticated. Some form of
* security will need to be implemented to ensure the <code>AuthenticationProvider</code>
* only accepts <code>Authentication</code> objects created by an authorized concrete
* implementation of <code>RunAsManager</code>.
* </p>
*
* @author Ben Alex
* @deprecated Authentication is now separated from authorization in Spring Security. This
* class is only used by now-deprecated components. There is not yet an equivalent
* replacement in Spring Security.
*/
@Deprecated
public interface RunAsManager {
/**
* Returns a replacement <code>Authentication</code> object for the current secure
* object invocation, or <code>null</code> if replacement not required.
* @param authentication the caller invoking the secure object
* @param object the secured object being called
* @param attributes the configuration attributes associated with the secure object
* being invoked
* @return a replacement object to be used for duration of the secure object
* invocation, or <code>null</code> if the <code>Authentication</code> should be left
* as is
*/
Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes);
/**
* Indicates whether this <code>RunAsManager</code> is able to process the passed
* <code>ConfigAttribute</code>.
* <p>
* This allows the <code>AbstractSecurityInterceptor</code> to check every
* configuration attribute can be consumed by the configured
* <code>AccessDecisionManager</code> and/or <code>RunAsManager</code> and/or
* <code>AfterInvocationManager</code>.
* </p>
* @param attribute a configuration attribute that has been configured against the
* <code>AbstractSecurityInterceptor</code>
* @return <code>true</code> if this <code>RunAsManager</code> can support the passed
* configuration attribute
*/
boolean supports(ConfigAttribute attribute);
/**
* Indicates whether the <code>RunAsManager</code> implementation is able to provide
* run-as replacement for the indicated secure object type.
* @param clazz the class that is being queried
* @return true if the implementation can process the indicated class
*/
boolean supports(Class<?> clazz);
}
================================================
FILE: access/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.intercept;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.jspecify.annotations.NullUnmarked;
import org.jspecify.annotations.Nullable;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.util.Assert;
/**
* Basic concrete implementation of a {@link RunAsManager}.
* <p>
* Is activated if any {@link ConfigAttribute#getAttribute()} is prefixed with
* <Code>RUN_AS_</code>. If found, it generates a new {@link RunAsUserToken} containing
* the same principal, credentials and granted authorities as the original
* {@link Authentication} object, along with {@link SimpleGrantedAuthority}s for each
* <code>RUN_AS_</code> indicated. The created <code>SimpleGrantedAuthority</code>s will
* be prefixed with a special prefix indicating that it is a role (default prefix value is
* <code>ROLE_</code>), and then the remainder of the <code>RUN_AS_</code> keyword. For
* example, <code>RUN_AS_FOO</code> will result in the creation of a granted authority of
* <code>ROLE_RUN_AS_FOO</code>.
* <p>
* The role prefix may be overridden from the default, to match that used elsewhere, for
* example when using an existing role database with another prefix. An empty role prefix
* may also be specified. Note however that there are potential issues with using an empty
* role prefix since different categories of {@link ConfigAttribute} can not be properly
* discerned based on the prefix, with possible consequences when performing voting and
* other actions. However, this option may be of some use when using pre-existing role
* names without a prefix, and no ability exists to prefix them with a role prefix on
* reading them in, such as provided for example in
* {@link org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl}.
*
* @author Ben Alex
* @author colin sampaleanu
* @deprecated Authentication is now separated from authorization in Spring Security. This
* class is only used by now-deprecated components. There is not yet an equivalent
* replacement in Spring Security.
*/
@NullUnmarked
@Deprecated
public class RunAsManagerImpl implements RunAsManager, InitializingBean {
@SuppressWarnings("NullAway.Init")
private @Nullable String key;
private String rolePrefix = "ROLE_";
@Override
public void afterPropertiesSet() {
Assert.notNull(this.key,
"A Key is required and should match that configured for the RunAsImplAuthenticationProvider");
}
@Override
public @Nullable Authentication buildRunAs(Authentication authentication, Object object,
Collection<ConfigAttribute> attributes) {
List<GrantedAuthority> newAuthorities = new ArrayList<>();
for (ConfigAttribute attribute : attributes) {
if (this.supports(attribute)) {
GrantedAuthority extraAuthority = new SimpleGrantedAuthority(
getRolePrefix() + attribute.getAttribute());
newAuthorities.add(extraAuthority);
}
}
if (newAuthorities.isEmpty()) {
return null;
}
// Add existing authorities
newAuthorities.addAll(authentication.getAuthorities());
return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(),
newAuthorities, authentication.getClass());
}
public String getKey() {
return this.key;
}
public String getRolePrefix() {
return this.rolePrefix;
}
public void setKey(String key) {
this.key = key;
}
/**
* Allows the default role prefix of <code>ROLE_</code> to be overridden. May be set
* to an empty value, although this is usually not desirable.
* @param rolePrefix the new prefix
*/
public void setRolePrefix(String rolePrefix) {
this.rolePrefix = rolePrefix;
}
@Override
public boolean supports(ConfigAttribute attribute) {
return attribute.getAttribute() != null && attribute.getAttribute().startsWith("RUN_AS_");
}
/**
* This implementation supports any type of class, because it does not query the
* presented secure object.
* @param clazz the secure object
* @return always <code>true</code>
*/
@Override
public boolean supports(Class<?> clazz) {
return true;
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.access.intercept;
import java.util.Collection;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
/**
* An immutable {@link org.springframework.security.core.Authentication} implementation
* that supports {@link RunAsManagerImpl}.
*
* @author Ben Alex
* @deprecated Authentication is now separated from authorization in Spring Security. This
* class is only used by now-deprecated components. There is not yet an equivalent
* replacement in Spring Security.
*/
@Deprecated
public class RunAsUserToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = 620L;
private final Class<? extends Authentication> originalAuthentication;
private final Object credentials;
private final Object principal;
private final int keyHash;
public RunAsUserToken(String key, Object principal, Object credentials,
Collection<? extends GrantedAuthority> authorities,
Class<? extends Authentication> originalAuthentication) {
super(authorities);
this.keyHash = key.hashCode();
this.principal = principal;
this.credentials = credentials;
this.originalAuthentication = originalAuthentication;
setAuthenticated(true);
}
@Override
public Object getCredentials() {
return this.credentials;
}
public int getKeyHash() {
return this.keyHash;
}
public Class<? extends Authentication> getOriginalAuthentication() {
return this.originalAuthentication;
}
@Override
public Object getPrincipal() {
return this.principal;
}
@Override
public String toString() {
StringBuilder sb = new StringBuilder(super.toString());
String className = (this.originalAuthentication != null) ? this.originalAuthentication.getName() : null;
sb.append("; Original Class: ").append(className);
return sb.toString();
}
}
================================================
FILE: access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
================================================
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pac
Showing preview only (634K chars total). Download the full file or copy to clipboard to get everything.
gitextract_5rb_dcug/ ├── .editorconfig ├── .gitattributes ├── .github/ │ ├── ISSUE_TEMPLATE/ │ │ ├── bug.md │ │ ├── config.yml │ │ └── enhancement.md │ ├── ISSUE_TEMPLATE.md │ ├── PULL_REQUEST_TEMPLATE.md │ ├── dco.yml │ ├── dependabot.yml │ └── workflows/ │ ├── auto-merge-dependabot.yml │ ├── check-snapshots.yml │ ├── clean_build_artifacts.yml │ ├── codeql.yml │ ├── continuous-integration-workflow.yml │ ├── defer-issues.yml │ ├── deploy-docs.yml │ ├── finalize-release.yml │ ├── gradle-wrapper-upgrade-execution.yml │ ├── milestone-spring-releasetrain.yml │ ├── pr-build-workflow.yml │ ├── release-scheduler.yml │ ├── update-antora-ui-spring.yml │ └── update-scheduled-release-version.yml ├── .gitignore ├── .idea/ │ ├── checkstyle-idea.xml │ └── externalDependencies.xml ├── .sdkmanrc ├── .vscode/ │ └── settings.json ├── CONTRIBUTING.adoc ├── LICENSE.txt ├── README.adoc ├── RELEASE.adoc ├── access/ │ ├── spring-security-access.gradle │ └── src/ │ ├── main/ │ │ └── java/ │ │ └── org/ │ │ └── springframework/ │ │ └── security/ │ │ ├── access/ │ │ │ ├── AccessDecisionManager.java │ │ │ ├── AccessDecisionVoter.java │ │ │ ├── AfterInvocationProvider.java │ │ │ ├── ConfigAttribute.java │ │ │ ├── SecurityConfig.java │ │ │ ├── SecurityMetadataSource.java │ │ │ ├── annotation/ │ │ │ │ ├── AnnotationMetadataExtractor.java │ │ │ │ ├── Jsr250MethodSecurityMetadataSource.java │ │ │ │ ├── Jsr250SecurityConfig.java │ │ │ │ ├── Jsr250Voter.java │ │ │ │ └── SecuredAnnotationSecurityMetadataSource.java │ │ │ ├── event/ │ │ │ │ ├── AbstractAuthorizationEvent.java │ │ │ │ ├── AuthenticationCredentialsNotFoundEvent.java │ │ │ │ ├── AuthorizationFailureEvent.java │ │ │ │ ├── AuthorizedEvent.java │ │ │ │ ├── LoggerListener.java │ │ │ │ ├── PublicInvocationEvent.java │ │ │ │ └── package-info.java │ │ │ ├── expression/ │ │ │ │ └── method/ │ │ │ │ ├── AbstractExpressionBasedMethodConfigAttribute.java │ │ │ │ ├── ExpressionBasedAnnotationAttributeFactory.java │ │ │ │ ├── ExpressionBasedPostInvocationAdvice.java │ │ │ │ ├── ExpressionBasedPreInvocationAdvice.java │ │ │ │ ├── PostInvocationExpressionAttribute.java │ │ │ │ └── PreInvocationExpressionAttribute.java │ │ │ ├── intercept/ │ │ │ │ ├── AbstractSecurityInterceptor.java │ │ │ │ ├── AfterInvocationManager.java │ │ │ │ ├── AfterInvocationProviderManager.java │ │ │ │ ├── InterceptorStatusToken.java │ │ │ │ ├── MethodInvocationPrivilegeEvaluator.java │ │ │ │ ├── NullRunAsManager.java │ │ │ │ ├── RunAsImplAuthenticationProvider.java │ │ │ │ ├── RunAsManager.java │ │ │ │ ├── RunAsManagerImpl.java │ │ │ │ ├── RunAsUserToken.java │ │ │ │ ├── aopalliance/ │ │ │ │ │ ├── MethodSecurityInterceptor.java │ │ │ │ │ ├── MethodSecurityMetadataSourceAdvisor.java │ │ │ │ │ └── package-info.java │ │ │ │ ├── aspectj/ │ │ │ │ │ ├── AspectJCallback.java │ │ │ │ │ ├── AspectJMethodSecurityInterceptor.java │ │ │ │ │ ├── MethodInvocationAdapter.java │ │ │ │ │ └── package-info.java │ │ │ │ └── package-info.java │ │ │ ├── method/ │ │ │ │ ├── AbstractFallbackMethodSecurityMetadataSource.java │ │ │ │ ├── AbstractMethodSecurityMetadataSource.java │ │ │ │ ├── DelegatingMethodSecurityMetadataSource.java │ │ │ │ ├── MapBasedMethodSecurityMetadataSource.java │ │ │ │ ├── MethodSecurityMetadataSource.java │ │ │ │ ├── P.java │ │ │ │ └── package-info.java │ │ │ ├── prepost/ │ │ │ │ ├── PostInvocationAdviceProvider.java │ │ │ │ ├── PostInvocationAttribute.java │ │ │ │ ├── PostInvocationAuthorizationAdvice.java │ │ │ │ ├── PreInvocationAttribute.java │ │ │ │ ├── PreInvocationAuthorizationAdvice.java │ │ │ │ ├── PreInvocationAuthorizationAdviceVoter.java │ │ │ │ ├── PrePostAdviceReactiveMethodInterceptor.java │ │ │ │ ├── PrePostAnnotationSecurityMetadataSource.java │ │ │ │ └── PrePostInvocationAttributeFactory.java │ │ │ └── vote/ │ │ │ ├── AbstractAccessDecisionManager.java │ │ │ ├── AbstractAclVoter.java │ │ │ ├── AffirmativeBased.java │ │ │ ├── AuthenticatedVoter.java │ │ │ ├── ConsensusBased.java │ │ │ ├── RoleHierarchyVoter.java │ │ │ ├── RoleVoter.java │ │ │ ├── UnanimousBased.java │ │ │ └── package-info.java │ │ ├── acls/ │ │ │ ├── AclEntryVoter.java │ │ │ └── afterinvocation/ │ │ │ ├── AbstractAclProvider.java │ │ │ ├── AclEntryAfterInvocationCollectionFilteringProvider.java │ │ │ ├── AclEntryAfterInvocationProvider.java │ │ │ ├── ArrayFilterer.java │ │ │ ├── CollectionFilterer.java │ │ │ ├── Filterer.java │ │ │ └── package-info.java │ │ ├── messaging/ │ │ │ └── access/ │ │ │ ├── expression/ │ │ │ │ ├── EvaluationContextPostProcessor.java │ │ │ │ ├── ExpressionBasedMessageSecurityMetadataSourceFactory.java │ │ │ │ ├── MessageExpressionConfigAttribute.java │ │ │ │ └── MessageExpressionVoter.java │ │ │ └── intercept/ │ │ │ ├── ChannelSecurityInterceptor.java │ │ │ ├── DefaultMessageSecurityMetadataSource.java │ │ │ └── MessageSecurityMetadataSource.java │ │ └── web/ │ │ └── access/ │ │ ├── DefaultWebInvocationPrivilegeEvaluator.java │ │ ├── channel/ │ │ │ ├── AbstractRetryEntryPoint.java │ │ │ ├── ChannelDecisionManager.java │ │ │ ├── ChannelDecisionManagerImpl.java │ │ │ ├── ChannelEntryPoint.java │ │ │ ├── ChannelProcessingFilter.java │ │ │ ├── ChannelProcessor.java │ │ │ ├── InsecureChannelProcessor.java │ │ │ ├── RetryWithHttpEntryPoint.java │ │ │ ├── RetryWithHttpsEntryPoint.java │ │ │ ├── SecureChannelProcessor.java │ │ │ └── package-info.java │ │ ├── expression/ │ │ │ ├── DefaultWebSecurityExpressionHandler.java │ │ │ ├── ExpressionBasedFilterInvocationSecurityMetadataSource.java │ │ │ ├── WebExpressionConfigAttribute.java │ │ │ └── WebExpressionVoter.java │ │ └── intercept/ │ │ ├── DefaultFilterInvocationSecurityMetadataSource.java │ │ ├── FilterInvocationSecurityMetadataSource.java │ │ └── FilterSecurityInterceptor.java │ └── test/ │ └── java/ │ └── org/ │ └── springframework/ │ └── security/ │ ├── access/ │ │ ├── AuthenticationCredentialsNotFoundEventTests.java │ │ ├── AuthorizationFailureEventTests.java │ │ ├── AuthorizedEventTests.java │ │ ├── ITargetObject.java │ │ ├── OtherTargetObject.java │ │ ├── SecurityConfigTests.java │ │ ├── TargetObject.java │ │ ├── annotation/ │ │ │ ├── BusinessService.java │ │ │ ├── BusinessServiceImpl.java │ │ │ ├── Entity.java │ │ │ ├── ExpressionProtectedBusinessServiceImpl.java │ │ │ ├── Jsr250BusinessServiceImpl.java │ │ │ ├── Jsr250MethodSecurityMetadataSourceTests.java │ │ │ ├── Jsr250VoterTests.java │ │ │ ├── RequireAdminRole.java │ │ │ ├── RequireUserRole.java │ │ │ ├── SecuredAnnotationSecurityMetadataSourceTests.java │ │ │ └── sec2150/ │ │ │ ├── CrudRepository.java │ │ │ ├── MethodInvocationFactory.java │ │ │ └── PersonRepository.java │ │ ├── expression/ │ │ │ └── method/ │ │ │ ├── DefaultMethodSecurityExpressionHandlerTests.java │ │ │ ├── ExpressionBasedPreInvocationAdviceTests.java │ │ │ ├── MethodExpressionVoterTests.java │ │ │ ├── MethodSecurityEvaluationContextTests.java │ │ │ ├── MethodSecurityExpressionRootTests.java │ │ │ ├── PrePostAnnotationSecurityMetadataSourceTests.java │ │ │ └── SecurityRules.java │ │ ├── intercept/ │ │ │ ├── AbstractSecurityInterceptorTests.java │ │ │ ├── AfterInvocationProviderManagerTests.java │ │ │ ├── InterceptorStatusTokenTests.java │ │ │ ├── NullRunAsManagerTests.java │ │ │ ├── RunAsImplAuthenticationProviderTests.java │ │ │ ├── RunAsManagerImplTests.java │ │ │ ├── RunAsUserTokenTests.java │ │ │ ├── aopalliance/ │ │ │ │ ├── MethodSecurityInterceptorTests.java │ │ │ │ └── MethodSecurityMetadataSourceAdvisorTests.java │ │ │ ├── aspectj/ │ │ │ │ └── AspectJMethodSecurityInterceptorTests.java │ │ │ └── method/ │ │ │ ├── MapBasedMethodSecurityMetadataSourceTests.java │ │ │ ├── MethodInvocationPrivilegeEvaluatorTests.java │ │ │ └── MockMethodInvocation.java │ │ ├── method/ │ │ │ └── DelegatingMethodSecurityMetadataSourceTests.java │ │ ├── prepost/ │ │ │ ├── PostInvocationAdviceProviderTests.java │ │ │ └── PreInvocationAuthorizationAdviceVoterTests.java │ │ └── vote/ │ │ ├── AbstractAccessDecisionManagerTests.java │ │ ├── AbstractAclVoterTests.java │ │ ├── AffirmativeBasedTests.java │ │ ├── AuthenticatedVoterTests.java │ │ ├── ConsensusBasedTests.java │ │ ├── DenyAgainVoter.java │ │ ├── DenyVoter.java │ │ ├── RoleHierarchyVoterTests.java │ │ ├── RoleVoterTests.java │ │ └── UnanimousBasedTests.java │ ├── acls/ │ │ └── afterinvocation/ │ │ ├── AclEntryAfterInvocationCollectionFilteringProviderTests.java │ │ └── AclEntryAfterInvocationProviderTests.java │ ├── messaging/ │ │ └── access/ │ │ ├── expression/ │ │ │ ├── ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java │ │ │ ├── MessageExpressionConfigAttributeTests.java │ │ │ └── MessageExpressionVoterTests.java │ │ └── intercept/ │ │ ├── ChannelSecurityInterceptorTests.java │ │ └── DefaultMessageSecurityMetadataSourceTests.java │ └── web/ │ └── access/ │ ├── DefaultWebInvocationPrivilegeEvaluatorTests.java │ ├── channel/ │ │ ├── ChannelDecisionManagerImplTests.java │ │ ├── ChannelProcessingFilterTests.java │ │ ├── InsecureChannelProcessorTests.java │ │ ├── RetryWithHttpEntryPointTests.java │ │ ├── RetryWithHttpsEntryPointTests.java │ │ └── SecureChannelProcessorTests.java │ ├── expression/ │ │ ├── DefaultWebSecurityExpressionHandlerTests.java │ │ ├── ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java │ │ └── WebExpressionVoterTests.java │ └── intercept/ │ ├── DefaultFilterInvocationSecurityMetadataSourceTests.java │ └── FilterSecurityInterceptorTests.java ├── acl/ │ ├── spring-security-acl.gradle │ └── src/ │ ├── main/ │ │ ├── java/ │ │ │ └── org/ │ │ │ └── springframework/ │ │ │ └── security/ │ │ │ └── acls/ │ │ │ ├── AclPermissionCacheOptimizer.java │ │ │ ├── AclPermissionEvaluator.java │ │ │ ├── aot/ │ │ │ │ └── hint/ │ │ │ │ ├── AclRuntimeHints.java │ │ │ │ └── package-info.java │ │ │ ├── domain/ │ │ │ │ ├── AbstractPermission.java │ │ │ │ ├── AccessControlEntryImpl.java │ │ │ │ ├── AclAuthorizationStrategy.java │ │ │ │ ├── AclAuthorizationStrategyImpl.java │ │ │ │ ├── AclFormattingUtils.java │ │ │ │ ├── AclImpl.java │ │ │ │ ├── AuditLogger.java │ │ │ │ ├── BasePermission.java │ │ │ │ ├── ConsoleAuditLogger.java │ │ │ │ ├── CumulativePermission.java │ │ │ │ ├── DefaultPermissionFactory.java │ │ │ │ ├── DefaultPermissionGrantingStrategy.java │ │ │ │ ├── GrantedAuthoritySid.java │ │ │ │ ├── IdentityUnavailableException.java │ │ │ │ ├── ObjectIdentityImpl.java │ │ │ │ ├── ObjectIdentityRetrievalStrategyImpl.java │ │ │ │ ├── PermissionFactory.java │ │ │ │ ├── PrincipalSid.java │ │ │ │ ├── SidRetrievalStrategyImpl.java │ │ │ │ ├── SpringCacheBasedAclCache.java │ │ │ │ └── package-info.java │ │ │ ├── jdbc/ │ │ │ │ ├── AclClassIdUtils.java │ │ │ │ ├── BasicLookupStrategy.java │ │ │ │ ├── JdbcAclService.java │ │ │ │ ├── JdbcMutableAclService.java │ │ │ │ ├── LookupStrategy.java │ │ │ │ └── package-info.java │ │ │ ├── model/ │ │ │ │ ├── AccessControlEntry.java │ │ │ │ ├── Acl.java │ │ │ │ ├── AclCache.java │ │ │ │ ├── AclDataAccessException.java │ │ │ │ ├── AclService.java │ │ │ │ ├── AlreadyExistsException.java │ │ │ │ ├── AuditableAccessControlEntry.java │ │ │ │ ├── AuditableAcl.java │ │ │ │ ├── ChildrenExistException.java │ │ │ │ ├── MutableAcl.java │ │ │ │ ├── MutableAclService.java │ │ │ │ ├── NotFoundException.java │ │ │ │ ├── ObjectIdentity.java │ │ │ │ ├── ObjectIdentityGenerator.java │ │ │ │ ├── ObjectIdentityRetrievalStrategy.java │ │ │ │ ├── OwnershipAcl.java │ │ │ │ ├── Permission.java │ │ │ │ ├── PermissionGrantingStrategy.java │ │ │ │ ├── Sid.java │ │ │ │ ├── SidRetrievalStrategy.java │ │ │ │ ├── UnloadedSidException.java │ │ │ │ └── package-info.java │ │ │ └── package-info.java │ │ └── resources/ │ │ ├── META-INF/ │ │ │ └── spring/ │ │ │ └── aot.factories │ │ ├── createAclSchema.sql │ │ ├── createAclSchemaMySQL.sql │ │ ├── createAclSchemaOracle.sql │ │ ├── createAclSchemaPostgres.sql │ │ ├── createAclSchemaSqlServer.sql │ │ ├── createAclSchemaWithAclClassIdType.sql │ │ └── select.sql │ └── test/ │ ├── java/ │ │ └── org/ │ │ └── springframework/ │ │ └── security/ │ │ └── acls/ │ │ ├── AclFormattingUtilsTests.java │ │ ├── AclPermissionCacheOptimizerTests.java │ │ ├── AclPermissionEvaluatorTests.java │ │ ├── TargetObject.java │ │ ├── TargetObjectWithUUID.java │ │ ├── domain/ │ │ │ ├── AccessControlImplEntryTests.java │ │ │ ├── AclAuthorizationStrategyImplTests.java │ │ │ ├── AclImplTests.java │ │ │ ├── AclImplementationSecurityCheckTests.java │ │ │ ├── AuditLoggerTests.java │ │ │ ├── ObjectIdentityImplTests.java │ │ │ ├── ObjectIdentityRetrievalStrategyImplTests.java │ │ │ ├── PermissionTests.java │ │ │ └── SpecialPermission.java │ │ ├── jdbc/ │ │ │ ├── AbstractBasicLookupStrategyTests.java │ │ │ ├── AclClassIdUtilsTests.java │ │ │ ├── BasicLookupStrategyTests.java │ │ │ ├── BasicLookupStrategyTestsDbHelper.java │ │ │ ├── BasicLookupStrategyWithAclClassTypeTests.java │ │ │ ├── DatabaseSeeder.java │ │ │ ├── JdbcAclServiceTests.java │ │ │ ├── JdbcMutableAclServiceTests.java │ │ │ ├── JdbcMutableAclServiceTestsWithAclClassId.java │ │ │ └── SpringCacheBasedAclCacheTests.java │ │ └── sid/ │ │ ├── CustomSid.java │ │ ├── SidRetrievalStrategyTests.java │ │ └── SidTests.java │ └── resources/ │ ├── db/ │ │ └── sql/ │ │ └── test_data_hierarchy.sql │ ├── jdbcMutableAclServiceTests-context.xml │ ├── jdbcMutableAclServiceTestsWithAclClass-context.xml │ └── logback-test.xml ├── aspects/ │ ├── spring-security-aspects.gradle │ └── src/ │ ├── main/ │ │ └── java/ │ │ └── org/ │ │ └── springframework/ │ │ └── security/ │ │ ├── access/ │ │ │ └── intercept/ │ │ │ └── aspectj/ │ │ │ └── aspect/ │ │ │ └── AnnotationSecurityAspect.aj │ │ └── authorization/ │ │ └── method/ │ │ └── aspectj/ │ │ ├── AbstractMethodInterceptorAspect.aj │ │ ├── JoinPointMethodInvocation.aj │ │ ├── PostAuthorizeAspect.aj │ │ ├── PostFilterAspect.aj │ │ ├── PreAuthorizeAspect.aj │ │ ├── PreFilterAspect.aj │ │ └── SecuredAspect.aj │ └── test/ │ ├── java/ │ │ └── org/ │ │ └── springframework/ │ │ └── security/ │ │ ├── access/ │ │ │ └── intercept/ │ │ │ └── aspectj/ │ │ │ └── aspect/ │ │ │ └── AnnotationSecurityAspectTests.java │ │ └── authorization/ │ │ └── method/ │ │ └── aspectj/ │ │ ├── PostAuthorizeAspectTests.java │ │ ├── PostFilterAspectTests.java │ │ ├── PreAuthorizeAspectTests.java │ │ ├── PreFilterAspectTests.java │ │ └── SecuredAspectTests.java │ └── resources/ │ └── logback-test.xml ├── bom/ │ └── spring-security-bom.gradle ├── build.gradle ├── buildSrc/ │ ├── .idea/ │ │ ├── compiler.xml │ │ ├── gradle.xml │ │ ├── jarRepositories.xml │ │ ├── misc.xml │ │ ├── uiDesigner.xml │ │ └── workspace.xml │ ├── build.gradle │ ├── settings.gradle │ └── src/ │ ├── main/ │ │ ├── graphql/ │ │ │ └── org/ │ │ │ └── springframework/ │ │ │ └── security/ │ │ │ └── convention/ │ │ │ └── versions/ │ │ │ ├── CreateIssue.graphql │ │ │ ├── FindCreateIssueInput.graphql │ │ │ ├── RateLimit.graphql │ │ │ └── schema.json │ │ ├── groovy/ │ │ │ ├── compile-warnings-error.gradle │ │ │ ├── io/ │ │ │ │ └── spring/ │ │ │ │ └── gradle/ │ │ │ │ ├── IncludeRepoTask.groovy │ │ │ │ └── convention/ │ │ │ │ ├── AbstractSpringJavaPlugin.groovy │ │ │ │ ├── ArtifactoryPlugin.groovy │ │ │ │ ├── CheckstylePlugin.groovy │ │ │ │ ├── DocsPlugin.groovy │ │ │ │ ├── EclipsePlugin.groovy │ │ │ │ ├── IntegrationTestPlugin.groovy │ │ │ │ ├── JacocoPlugin.groovy │ │ │ │ ├── JavadocApiPlugin.groovy │ │ │ │ ├── JavadocOptionsPlugin.groovy │ │ │ │ ├── ManagementConfigurationPlugin.java │ │ │ │ ├── MavenBomPlugin.groovy │ │ │ │ ├── RepositoryConventionPlugin.groovy │ │ │ │ ├── RootProjectPlugin.groovy │ │ │ │ ├── SchemaDeployPlugin.groovy │ │ │ │ ├── SchemaPlugin.groovy │ │ │ │ ├── SchemaZipPlugin.groovy │ │ │ │ ├── SortedProperties.groovy │ │ │ │ ├── SpringModulePlugin.groovy │ │ │ │ ├── SpringTestPlugin.groovy │ │ │ │ ├── TestsConfigurationPlugin.groovy │ │ │ │ └── Utils.groovy │ │ │ ├── java-toolchain.gradle │ │ │ ├── javadoc-warnings-error.gradle │ │ │ ├── security-kotlin.gradle │ │ │ ├── security-nullability.gradle │ │ │ └── test-compile-target-jdk25.gradle │ │ ├── java/ │ │ │ ├── lock/ │ │ │ │ ├── GlobalLockPlugin.java │ │ │ │ └── GlobalLockTask.java │ │ │ ├── org/ │ │ │ │ └── springframework/ │ │ │ │ ├── gradle/ │ │ │ │ │ ├── CopyPropertiesPlugin.java │ │ │ │ │ ├── classpath/ │ │ │ │ │ │ ├── CheckClasspathForProhibitedDependencies.java │ │ │ │ │ │ ├── CheckClasspathForProhibitedDependenciesPlugin.java │ │ │ │ │ │ └── CheckProhibitedDependenciesLifecyclePlugin.java │ │ │ │ │ ├── maven/ │ │ │ │ │ │ ├── MavenPublishingConventionsPlugin.java │ │ │ │ │ │ ├── PublishAllJavaComponentsPlugin.java │ │ │ │ │ │ ├── PublishArtifactsPlugin.java │ │ │ │ │ │ ├── PublishLocalPlugin.java │ │ │ │ │ │ ├── SpringMavenPlugin.java │ │ │ │ │ │ ├── SpringNexusPublishPlugin.java │ │ │ │ │ │ └── SpringSigningPlugin.java │ │ │ │ │ ├── propdeps/ │ │ │ │ │ │ ├── PropDepsEclipsePlugin.groovy │ │ │ │ │ │ ├── PropDepsIdeaPlugin.groovy │ │ │ │ │ │ └── PropDepsPlugin.groovy │ │ │ │ │ └── xsd/ │ │ │ │ │ └── CreateVersionlessXsdTask.java │ │ │ │ └── security/ │ │ │ │ ├── CheckExpectedBranchVersionPlugin.java │ │ │ │ └── convention/ │ │ │ │ └── versions/ │ │ │ │ ├── FileUtils.java │ │ │ │ ├── TransitiveDependencyLookupUtils.java │ │ │ │ └── VerifyDependenciesVersionsPlugin.java │ │ │ ├── s101/ │ │ │ │ ├── S101Configure.java │ │ │ │ ├── S101Configurer.java │ │ │ │ ├── S101Install.java │ │ │ │ ├── S101Plugin.java │ │ │ │ └── S101PluginExtension.java │ │ │ └── trang/ │ │ │ ├── RncToXsd.java │ │ │ └── TrangPlugin.java │ │ └── resources/ │ │ ├── META-INF/ │ │ │ └── gradle-plugins/ │ │ │ ├── io.spring.convention.artifactory.properties │ │ │ ├── io.spring.convention.bom.properties │ │ │ ├── io.spring.convention.checkstyle.properties │ │ │ ├── io.spring.convention.docs.properties │ │ │ ├── io.spring.convention.eclipse.properties │ │ │ ├── io.spring.convention.integration-test.properties │ │ │ ├── io.spring.convention.jacoco.properties │ │ │ ├── io.spring.convention.javadoc-api.properties │ │ │ ├── io.spring.convention.javadoc-options.properties │ │ │ ├── io.spring.convention.repository.properties │ │ │ ├── io.spring.convention.root.properties │ │ │ ├── io.spring.convention.spring-module.properties │ │ │ ├── io.spring.convention.spring-test.properties │ │ │ └── io.spring.convention.tests-configuration.properties │ │ └── s101/ │ │ ├── config.xml │ │ ├── project.java.hsp │ │ └── repository.xml │ └── test/ │ ├── java/ │ │ ├── io/ │ │ │ └── spring/ │ │ │ └── gradle/ │ │ │ ├── TestKit.java │ │ │ └── convention/ │ │ │ ├── IntegrationPluginTest.java │ │ │ ├── IntegrationTestPluginITest.java │ │ │ ├── JacocoPluginITest.java │ │ │ ├── JavadocApiPluginITest.java │ │ │ ├── JavadocApiPluginTest.java │ │ │ ├── RepositoryConventionPluginTests.java │ │ │ ├── ShowcaseITest.java │ │ │ ├── SpringMavenPluginITest.java │ │ │ ├── TestsConfigurationPluginITest.java │ │ │ └── UtilsTest.java │ │ └── org/ │ │ └── springframework/ │ │ └── gradle/ │ │ └── xsd/ │ │ └── CreateVersionlessXsdTaskTests.java │ └── resources/ │ ├── samples/ │ │ ├── integrationtest/ │ │ │ ├── withgroovy/ │ │ │ │ ├── build.gradle │ │ │ │ └── src/ │ │ │ │ └── integration-test/ │ │ │ │ └── groovy/ │ │ │ │ └── sample/ │ │ │ │ └── TheTest.groovy │ │ │ ├── withjava/ │ │ │ │ ├── build.gradle │ │ │ │ └── src/ │ │ │ │ └── integration-test/ │ │ │ │ └── java/ │ │ │ │ └── sample/ │ │ │ │ └── TheTest.java │ │ │ └── withpropdeps/ │ │ │ ├── build.gradle │ │ │ └── src/ │ │ │ └── integration-test/ │ │ │ └── java/ │ │ │ └── sample/ │ │ │ └── TheTest.java │ │ ├── jacoco/ │ │ │ └── java/ │ │ │ ├── build.gradle │ │ │ └── src/ │ │ │ ├── main/ │ │ │ │ └── java/ │ │ │ │ └── sample/ │ │ │ │ └── TheClass.java │ │ │ └── test/ │ │ │ └── java/ │ │ │ └── sample/ │ │ │ └── TheClassTest.java │ │ ├── javadocapi/ │ │ │ └── multimodule/ │ │ │ ├── api/ │ │ │ │ ├── build.gradle │ │ │ │ └── src/ │ │ │ │ └── main/ │ │ │ │ └── java/ │ │ │ │ └── sample/ │ │ │ │ └── Api.java │ │ │ ├── build.gradle │ │ │ ├── impl/ │ │ │ │ ├── build.gradle │ │ │ │ └── src/ │ │ │ │ └── main/ │ │ │ │ └── java/ │ │ │ │ └── sample/ │ │ │ │ └── Impl.java │ │ │ ├── sample/ │ │ │ │ ├── build.gradle │ │ │ │ └── src/ │ │ │ │ └── main/ │ │ │ │ └── java/ │ │ │ │ └── sample/ │ │ │ │ └── Sample.java │ │ │ └── settings.gradle │ │ ├── maven/ │ │ │ ├── install/ │ │ │ │ └── build.gradle │ │ │ ├── install-with-springio/ │ │ │ │ ├── build.gradle │ │ │ │ └── gradle/ │ │ │ │ └── dependency-management.gradle │ │ │ ├── signing/ │ │ │ │ ├── build.gradle │ │ │ │ └── settings.gradle │ │ │ └── upload/ │ │ │ └── build.gradle │ │ ├── showcase/ │ │ │ ├── Jenkinsfile │ │ │ ├── bom/ │ │ │ │ └── bom.gradle │ │ │ ├── build.gradle │ │ │ ├── etc/ │ │ │ │ └── checkstyle/ │ │ │ │ └── checkstyle.xml │ │ │ ├── settings.gradle │ │ │ ├── sgbcs-api/ │ │ │ │ ├── sgbcs-api.gradle │ │ │ │ └── src/ │ │ │ │ ├── main/ │ │ │ │ │ └── java/ │ │ │ │ │ └── api/ │ │ │ │ │ └── Api.java │ │ │ │ └── test/ │ │ │ │ └── java/ │ │ │ │ └── api/ │ │ │ │ └── ApiTest.java │ │ │ ├── sgbcs-core/ │ │ │ │ ├── sgbcs-core.gradle │ │ │ │ └── src/ │ │ │ │ ├── main/ │ │ │ │ │ ├── java/ │ │ │ │ │ │ └── core/ │ │ │ │ │ │ ├── CoreClass.java │ │ │ │ │ │ └── HasOptional.java │ │ │ │ │ └── resources/ │ │ │ │ │ ├── META-INF/ │ │ │ │ │ │ ├── spring.handlers │ │ │ │ │ │ └── spring.schemas │ │ │ │ │ └── org/ │ │ │ │ │ └── springframework/ │ │ │ │ │ └── springgradlebuildsample/ │ │ │ │ │ └── config/ │ │ │ │ │ ├── spring-springgradlebuildsample-2.0.xsd │ │ │ │ │ ├── spring-springgradlebuildsample-2.1.xsd │ │ │ │ │ └── spring-springgradlebuildsample-2.2.xsd │ │ │ │ └── test/ │ │ │ │ └── java/ │ │ │ │ └── core/ │ │ │ │ ├── CoreClassTest.java │ │ │ │ └── HasOptionalTest.java │ │ │ └── sgbcs-docs/ │ │ │ ├── sgbcs-docs.gradle │ │ │ └── src/ │ │ │ ├── docs/ │ │ │ │ └── asciidoc/ │ │ │ │ ├── docinfo.html │ │ │ │ ├── index.adoc │ │ │ │ └── subdir/ │ │ │ │ ├── _b.adoc │ │ │ │ └── _c.adoc │ │ │ └── main/ │ │ │ └── java/ │ │ │ └── example/ │ │ │ └── StringUtils.java │ │ └── testsconfiguration/ │ │ ├── build.gradle │ │ ├── core/ │ │ │ ├── build.gradle │ │ │ └── src/ │ │ │ └── test/ │ │ │ └── java/ │ │ │ └── sample/ │ │ │ └── Dependency.java │ │ ├── settings.gradle │ │ └── web/ │ │ ├── build.gradle │ │ └── src/ │ │ └── test/ │ │ └── java/ │ │ └── sample/ │ │ └── DependencyTest.java │ └── test-private.pgp ├── cas/ │ ├── spring-security-cas.gradle │ └── src/ │ ├── main/ │ │ └── java/ │ │ └── org/ │ │ └── springframework/ │ │ └── security/ │ │ └── cas/ │ │ ├── SamlServiceProperties.java │ │ ├── ServiceProperties.java │ │ ├── authentication/ │ │ │ ├── CasAssertionAuthenticationToken.java │ │ │ ├── CasAuthenticationProvider.java │ │ │ ├── CasAuthenticationToken.java │ │ │ ├── CasServiceTicketAuthenticationToken.java │ │ │ ├── NullStatelessTicketCache.java │ │ │ ├── ServiceAuthenticationDetails.java │ │ │ ├── SpringCacheBasedTicketCache.java │ │ │ ├── StatelessTicketCache.java │ │ │ └── package-info.java │ │ ├── jackson/ │ │ │ ├── AssertionImplMixin.java │ │ │ ├── AttributePrincipalImplMixin.java │ │ │ ├── CasAuthenticationTokenMixin.java │ │ │ ├── CasJacksonModule.java │ │ │ └── package-info.java │ │ ├── jackson2/ │ │ │ ├── AssertionImplMixin.java │ │ │ ├── AttributePrincipalImplMixin.java │ │ │ ├── CasAuthenticationTokenMixin.java │ │ │ ├── CasJackson2Module.java │ │ │ └── package-info.java │ │ ├── package-info.java │ │ ├── userdetails/ │ │ │ ├── AbstractCasAssertionUserDetailsService.java │ │ │ ├── GrantedAuthorityFromAssertionAttributesUserDetailsService.java │ │ │ └── package-info.java │ │ └── web/ │ │ ├── CasAuthenticationEntryPoint.java │ │ ├── CasAuthenticationFilter.java │ │ ├── CasGatewayAuthenticationRedirectFilter.java │ │ ├── CasGatewayResolverRequestMatcher.java │ │ ├── authentication/ │ │ │ ├── DefaultServiceAuthenticationDetails.java │ │ │ ├── ServiceAuthenticationDetailsSource.java │ │ │ └── package-info.java │ │ └── package-info.java │ └── test/ │ ├── java/ │ │ └── org/ │ │ └── springframework/ │ │ └── security/ │ │ └── cas/ │ │ ├── authentication/ │ │ │ ├── AbstractStatelessTicketCacheTests.java │ │ │ ├── CasAuthenticationProviderTests.java │ │ │ ├── CasAuthenticationTokenTests.java │ │ │ ├── NullStatelessTicketCacheTests.java │ │ │ └── SpringCacheBasedTicketCacheTests.java │ │ ├── jackson/ │ │ │ └── CasAuthenticationTokenMixinTests.java │ │ ├── jackson2/ │ │ │ └── CasAuthenticationTokenMixinTests.java │ │ ├── userdetails/ │ │ │ └── GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests.java │ │ └── web/ │ │ ├── CasAuthenticationEntryPointTests.java │ │ ├── CasAuthenticationFilterTests.java │ │ ├── CasGatewayAuthenticationRedirectFilterTests.java │ │ ├── CasGatewayResolverRequestMatcherTests.java │ │ ├── ServicePropertiesTests.java │ │ └── authentication/ │ │ └── DefaultServiceAuthenticationDetailsTests.java │ └── resources/ │ ├── logback-test.xml │ └── org/ │ └── springframework/ │ └── security/ │ └── cas/ │ └── web/ │ └── authentication/ │ ├── defaultserviceauthenticationdetails-explicit.xml │ └── defaultserviceauthenticationdetails-passivity.xml ├── class_mapping_from_2.0.x.txt ├── config/ │ ├── spring-security-config.gradle │ └── src/ │ ├── integration-test/ │ │ ├── java/ │ │ │ └── org/ │ │ │ └── springframework/ │ │ │ └── security/ │ │ │ └── config/ │ │ │ ├── annotation/ │ │ │ │ ├── authentication/ │ │ │ │ │ └── ldap/ │ │ │ │ │ ├── LdapAuthenticationProviderBuilderSecurityBuilderTests.java │ │ │ │ │ ├── LdapAuthenticationProviderConfigurerTests.java │ │ │ │ │ ├── NamespaceLdapAuthenticationProviderTests.java │ │ │ │ │ └── NamespaceLdapAuthenticationProviderTestsConfigs.java │ │ │ │ ├── configurers/ │ │ │ │ │ └── WebAuthnWebDriverTests.java │ │ │ │ └── rsocket/ │ │ │ │ ├── AnonymousAuthenticationITests.java │ │ │ │ ├── HelloHandler.java │ │ │ │ ├── HelloRSocketITests.java │ │ │ │ ├── HelloRSocketObservationITests.java │ │ │ │ ├── HelloRSocketWithWebFluxITests.java │ │ │ │ ├── JwtITests.java │ │ │ │ ├── RSocketMessageHandlerConnectionITests.java │ │ │ │ ├── RSocketMessageHandlerITests.java │ │ │ │ └── SimpleAuthenticationITests.java │ │ │ └── ldap/ │ │ │ ├── EmbeddedLdapServerContextSourceFactoryBeanITests.java │ │ │ ├── Ldap247ITests.java │ │ │ ├── LdapBindAuthenticationManagerFactoryITests.java │ │ │ ├── LdapPasswordComparisonAuthenticationManagerFactoryITests.java │ │ │ ├── LdapProviderBeanDefinitionParserTests.java │ │ │ ├── LdapServerBeanDefinitionParserTests.java │ │ │ └── LdapUserServiceBeanDefinitionParserTests.java │ │ └── resources/ │ │ ├── logback-test.xml │ │ ├── test-server.ldif │ │ ├── test-server2.xldif │ │ └── users.xldif │ ├── main/ │ │ ├── java/ │ │ │ └── org/ │ │ │ └── springframework/ │ │ │ └── security/ │ │ │ └── config/ │ │ │ ├── BeanIds.java │ │ │ ├── Customizer.java │ │ │ ├── DebugBeanDefinitionParser.java │ │ │ ├── Elements.java │ │ │ ├── ObjectPostProcessor.java │ │ │ ├── SecurityNamespaceHandler.java │ │ │ ├── ThrowingCustomizer.java │ │ │ ├── annotation/ │ │ │ │ ├── AbstractConfiguredSecurityBuilder.java │ │ │ │ ├── AbstractSecurityBuilder.java │ │ │ │ ├── AlreadyBuiltException.java │ │ │ │ ├── SecurityBuilder.java │ │ │ │ ├── SecurityConfigurer.java │ │ │ │ ├── SecurityConfigurerAdapter.java │ │ │ │ ├── authentication/ │ │ │ │ │ ├── ProviderManagerBuilder.java │ │ │ │ │ ├── builders/ │ │ │ │ │ │ └── AuthenticationManagerBuilder.java │ │ │ │ │ ├── configuration/ │ │ │ │ │ │ ├── AuthenticationConfiguration.java │ │ │ │ │ │ ├── AuthenticationManagerBeanRegistrationAotProcessor.java │ │ │ │ │ │ ├── EnableGlobalAuthentication.java │ │ │ │ │ │ ├── GlobalAuthenticationConfigurerAdapter.java │ │ │ │ │ │ ├── InitializeAuthenticationProviderBeanManagerConfigurer.java │ │ │ │ │ │ └── InitializeUserDetailsBeanManagerConfigurer.java │ │ │ │ │ └── configurers/ │ │ │ │ │ ├── ldap/ │ │ │ │ │ │ └── LdapAuthenticationProviderConfigurer.java │ │ │ │ │ ├── provisioning/ │ │ │ │ │ │ ├── InMemoryUserDetailsManagerConfigurer.java │ │ │ │ │ │ ├── JdbcUserDetailsManagerConfigurer.java │ │ │ │ │ │ └── UserDetailsManagerConfigurer.java │ │ │ │ │ └── userdetails/ │ │ │ │ │ ├── AbstractDaoAuthenticationConfigurer.java │ │ │ │ │ ├── DaoAuthenticationConfigurer.java │ │ │ │ │ ├── UserDetailsAwareConfigurer.java │ │ │ │ │ └── UserDetailsServiceConfigurer.java │ │ │ │ ├── authorization/ │ │ │ │ │ ├── AuthorizationManagerFactoryConfiguration.java │ │ │ │ │ ├── EnableMfaFiltersConfiguration.java │ │ │ │ │ ├── EnableMultiFactorAuthentication.java │ │ │ │ │ ├── MultiFactorAuthenticationSelector.java │ │ │ │ │ ├── MultiFactorCondition.java │ │ │ │ │ └── WhenWebAuthnRegisteredMfaConfiguration.java │ │ │ │ ├── configuration/ │ │ │ │ │ ├── AutowireBeanFactoryObjectPostProcessor.java │ │ │ │ │ └── ObjectPostProcessorConfiguration.java │ │ │ │ ├── method/ │ │ │ │ │ └── configuration/ │ │ │ │ │ ├── AuthorizationProxyConfiguration.java │ │ │ │ │ ├── AuthorizationProxyDataConfiguration.java │ │ │ │ │ ├── AuthorizationProxyWebConfiguration.java │ │ │ │ │ ├── DeferringMethodInterceptor.java │ │ │ │ │ ├── EnableGlobalMethodSecurity.java │ │ │ │ │ ├── EnableMethodSecurity.java │ │ │ │ │ ├── EnableReactiveMethodSecurity.java │ │ │ │ │ ├── GlobalMethodSecurityAspectJAutoProxyRegistrar.java │ │ │ │ │ ├── GlobalMethodSecurityConfiguration.java │ │ │ │ │ ├── GlobalMethodSecuritySelector.java │ │ │ │ │ ├── Jsr250MetadataSourceConfiguration.java │ │ │ │ │ ├── Jsr250MethodSecurityConfiguration.java │ │ │ │ │ ├── MethodObservationConfiguration.java │ │ │ │ │ ├── MethodSecurityAdvisorRegistrar.java │ │ │ │ │ ├── MethodSecurityAspectJAutoProxyRegistrar.java │ │ │ │ │ ├── MethodSecurityMetadataSourceAdvisorRegistrar.java │ │ │ │ │ ├── MethodSecuritySelector.java │ │ │ │ │ ├── PrePostMethodSecurityConfiguration.java │ │ │ │ │ ├── ReactiveAuthorizationManagerMethodSecurityConfiguration.java │ │ │ │ │ ├── ReactiveMethodObservationConfiguration.java │ │ │ │ │ ├── ReactiveMethodSecurityConfiguration.java │ │ │ │ │ ├── ReactiveMethodSecuritySelector.java │ │ │ │ │ └── SecuredMethodSecurityConfiguration.java │ │ │ │ ├── rsocket/ │ │ │ │ │ ├── EnableRSocketSecurity.java │ │ │ │ │ ├── PayloadInterceptorOrder.java │ │ │ │ │ ├── RSocketSecurity.java │ │ │ │ │ ├── RSocketSecurityConfiguration.java │ │ │ │ │ ├── ReactiveObservationConfiguration.java │ │ │ │ │ ├── ReactiveObservationImportSelector.java │ │ │ │ │ └── SecuritySocketAcceptorInterceptorConfiguration.java │ │ │ │ └── web/ │ │ │ │ ├── AbstractRequestMatcherRegistry.java │ │ │ │ ├── HttpSecurityBuilder.java │ │ │ │ ├── ServletRegistrationsSupport.java │ │ │ │ ├── WebSecurityConfigurer.java │ │ │ │ ├── builders/ │ │ │ │ │ ├── FilterOrderRegistration.java │ │ │ │ │ ├── HttpSecurity.java │ │ │ │ │ ├── WebSecurity.java │ │ │ │ │ └── WebSecurityFilterChainValidator.java │ │ │ │ ├── configuration/ │ │ │ │ │ ├── AutowiredWebSecurityConfigurersIgnoreParents.java │ │ │ │ │ ├── EnableWebSecurity.java │ │ │ │ │ ├── HttpSecurityConfiguration.java │ │ │ │ │ ├── OAuth2AuthorizationServerConfiguration.java │ │ │ │ │ ├── OAuth2ClientConfiguration.java │ │ │ │ │ ├── OAuth2ImportSelector.java │ │ │ │ │ ├── ObservationConfiguration.java │ │ │ │ │ ├── ObservationImportSelector.java │ │ │ │ │ ├── RegisterMissingBeanPostProcessor.java │ │ │ │ │ ├── SecurityReactorContextConfiguration.java │ │ │ │ │ ├── SpringWebMvcImportSelector.java │ │ │ │ │ ├── WebMvcSecurityConfiguration.java │ │ │ │ │ ├── WebSecurityConfiguration.java │ │ │ │ │ └── WebSecurityCustomizer.java │ │ │ │ ├── configurers/ │ │ │ │ │ ├── AbstractAuthenticationFilterConfigurer.java │ │ │ │ │ ├── AbstractConfigAttributeRequestMatcherRegistry.java │ │ │ │ │ ├── AbstractHttpConfigurer.java │ │ │ │ │ ├── AnonymousConfigurer.java │ │ │ │ │ ├── AuthorizeHttpRequestsConfigurer.java │ │ │ │ │ ├── ChannelSecurityConfigurer.java │ │ │ │ │ ├── CorsConfigurer.java │ │ │ │ │ ├── CsrfConfigurer.java │ │ │ │ │ ├── DefaultLoginPageConfigurer.java │ │ │ │ │ ├── ExceptionHandlingConfigurer.java │ │ │ │ │ ├── FormLoginConfigurer.java │ │ │ │ │ ├── HeadersConfigurer.java │ │ │ │ │ ├── HttpBasicConfigurer.java │ │ │ │ │ ├── HttpsRedirectConfigurer.java │ │ │ │ │ ├── JeeConfigurer.java │ │ │ │ │ ├── LogoutConfigurer.java │ │ │ │ │ ├── PasswordManagementConfigurer.java │ │ │ │ │ ├── PermitAllSupport.java │ │ │ │ │ ├── PortMapperConfigurer.java │ │ │ │ │ ├── RememberMeConfigurer.java │ │ │ │ │ ├── RequestCacheConfigurer.java │ │ │ │ │ ├── SecurityContextConfigurer.java │ │ │ │ │ ├── ServletApiConfigurer.java │ │ │ │ │ ├── SessionManagementConfigurer.java │ │ │ │ │ ├── WebAuthnConfigurer.java │ │ │ │ │ ├── X509Configurer.java │ │ │ │ │ ├── oauth2/ │ │ │ │ │ │ ├── client/ │ │ │ │ │ │ │ ├── OAuth2ClientConfigurer.java │ │ │ │ │ │ │ ├── OAuth2ClientConfigurerUtils.java │ │ │ │ │ │ │ ├── OAuth2LoginConfigurer.java │ │ │ │ │ │ │ ├── OidcBackChannelLogoutAuthentication.java │ │ │ │ │ │ │ ├── OidcBackChannelLogoutAuthenticationProvider.java │ │ │ │ │ │ │ ├── OidcBackChannelLogoutFilter.java │ │ │ │ │ │ │ ├── OidcBackChannelLogoutHandler.java │ │ │ │ │ │ │ ├── OidcBackChannelLogoutTokenValidator.java │ │ │ │ │ │ │ ├── OidcLogoutAuthenticationConverter.java │ │ │ │ │ │ │ ├── OidcLogoutAuthenticationToken.java │ │ │ │ │ │ │ ├── OidcLogoutConfigurer.java │ │ │ │ │ │ │ └── OidcUserRefreshedEventListener.java │ │ │ │ │ │ └── server/ │ │ │ │ │ │ ├── authorization/ │ │ │ │ │ │ │ ├── AbstractOAuth2Configurer.java │ │ │ │ │ │ │ ├── AuthorizationServerContextFilter.java │ │ │ │ │ │ │ ├── DefaultOAuth2TokenCustomizers.java │ │ │ │ │ │ │ ├── OAuth2AuthorizationEndpointConfigurer.java │ │ │ │ │ │ │ ├── OAuth2AuthorizationServerConfigurer.java │ │ │ │ │ │ │ ├── OAuth2AuthorizationServerMetadataEndpointConfigurer.java │ │ │ │ │ │ │ ├── OAuth2ClientAuthenticationConfigurer.java │ │ │ │ │ │ │ ├── OAuth2ClientRegistrationEndpointConfigurer.java │ │ │ │ │ │ │ ├── OAuth2ConfigurerUtils.java │ │ │ │ │ │ │ ├── OAuth2DeviceAuthorizationEndpointConfigurer.java │ │ │ │ │ │ │ ├── OAuth2DeviceVerificationEndpointConfigurer.java │ │ │ │ │ │ │ ├── OAuth2PushedAuthorizationRequestEndpointConfigurer.java │ │ │ │ │ │ │ ├── OAuth2TokenEndpointConfigurer.java │ │ │ │ │ │ │ ├── OAuth2TokenIntrospectionEndpointConfigurer.java │ │ │ │ │ │ │ ├── OAuth2TokenRevocationEndpointConfigurer.java │ │ │ │ │ │ │ ├── OidcClientRegistrationEndpointConfigurer.java │ │ │ │ │ │ │ ├── OidcConfigurer.java │ │ │ │ │ │ │ ├── OidcLogoutEndpointConfigurer.java │ │ │ │ │ │ │ ├── OidcProviderConfigurationEndpointConfigurer.java │ │ │ │ │ │ │ └── OidcUserInfoEndpointConfigurer.java │ │ │ │ │ │ └── resource/ │ │ │ │ │ │ ├── DPoPAuthenticationConfigurer.java │ │ │ │ │ │ └── OAuth2ResourceServerConfigurer.java │ │ │ │ │ ├── ott/ │ │ │ │ │ │ └── OneTimeTokenLoginConfigurer.java │ │ │ │ │ └── saml2/ │ │ │ │ │ ├── Saml2LoginConfigurer.java │ │ │ │ │ ├── Saml2LogoutConfigurer.java │ │ │ │ │ └── Saml2MetadataConfigurer.java │ │ │ │ ├── reactive/ │ │ │ │ │ ├── EnableWebFluxSecurity.java │ │ │ │ │ ├── ReactiveOAuth2ClientConfiguration.java │ │ │ │ │ ├── ReactiveOAuth2ClientImportSelector.java │ │ │ │ │ ├── ReactiveObservationConfiguration.java │ │ │ │ │ ├── ReactiveObservationImportSelector.java │ │ │ │ │ ├── ServerHttpSecurityConfiguration.java │ │ │ │ │ └── WebFluxSecurityConfiguration.java │ │ │ │ ├── servlet/ │ │ │ │ │ └── configuration/ │ │ │ │ │ └── WebMvcSecurityConfiguration.java │ │ │ │ └── socket/ │ │ │ │ ├── EnableWebSocketSecurity.java │ │ │ │ ├── MessageMatcherAuthorizationManagerConfiguration.java │ │ │ │ ├── WebSocketMessageBrokerSecurityConfiguration.java │ │ │ │ ├── WebSocketObservationConfiguration.java │ │ │ │ └── WebSocketObservationImportSelector.java │ │ │ ├── aot/ │ │ │ │ └── hint/ │ │ │ │ ├── OAuth2LoginRuntimeHints.java │ │ │ │ ├── WebMvcSecurityConfigurationRuntimeHints.java │ │ │ │ └── WebSecurityConfigurationRuntimeHints.java │ │ │ ├── authentication/ │ │ │ │ ├── AbstractUserDetailsServiceBeanDefinitionParser.java │ │ │ │ ├── AuthenticationManagerBeanDefinitionParser.java │ │ │ │ ├── AuthenticationManagerFactoryBean.java │ │ │ │ ├── AuthenticationProviderBeanDefinitionParser.java │ │ │ │ ├── JdbcUserServiceBeanDefinitionParser.java │ │ │ │ ├── PasswordEncoderParser.java │ │ │ │ ├── UserServiceBeanDefinitionParser.java │ │ │ │ └── package-info.java │ │ │ ├── core/ │ │ │ │ ├── GrantedAuthorityDefaults.java │ │ │ │ └── userdetails/ │ │ │ │ ├── ReactiveUserDetailsServiceResourceFactoryBean.java │ │ │ │ ├── UserDetailsMapFactoryBean.java │ │ │ │ └── UserDetailsResourceFactoryBean.java │ │ │ ├── crypto/ │ │ │ │ └── RsaKeyConversionServicePostProcessor.java │ │ │ ├── debug/ │ │ │ │ └── SecurityDebugBeanFactoryPostProcessor.java │ │ │ ├── http/ │ │ │ │ ├── AuthenticationConfigBuilder.java │ │ │ │ ├── AuthorizationFilterParser.java │ │ │ │ ├── ChannelAttributeFactory.java │ │ │ │ ├── CorsBeanDefinitionParser.java │ │ │ │ ├── CorsConfigurationSourceFactoryBean.java │ │ │ │ ├── CsrfBeanDefinitionParser.java │ │ │ │ ├── DefaultFilterChainValidator.java │ │ │ │ ├── FilterChainBeanDefinitionParser.java │ │ │ │ ├── FilterChainMapBeanDefinitionDecorator.java │ │ │ │ ├── FilterInvocationSecurityMetadataSourceParser.java │ │ │ │ ├── FormLoginBeanDefinitionParser.java │ │ │ │ ├── GrantedAuthorityDefaultsParserUtils.java │ │ │ │ ├── HeadersBeanDefinitionParser.java │ │ │ │ ├── HttpConfigurationBuilder.java │ │ │ │ ├── HttpFirewallBeanDefinitionParser.java │ │ │ │ ├── HttpSecurityBeanDefinitionParser.java │ │ │ │ ├── LogoutBeanDefinitionParser.java │ │ │ │ ├── MatcherType.java │ │ │ │ ├── MessageMatcherFactoryBean.java │ │ │ │ ├── OAuth2AuthorizedClientManagerRegistrar.java │ │ │ │ ├── OAuth2ClientBeanDefinitionParser.java │ │ │ │ ├── OAuth2ClientBeanDefinitionParserUtils.java │ │ │ │ ├── OAuth2ClientWebMvcSecurityPostProcessor.java │ │ │ │ ├── OAuth2LoginBeanDefinitionParser.java │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParser.java │ │ │ │ ├── OrderDecorator.java │ │ │ │ ├── PathPatternRequestMatcherFactoryBean.java │ │ │ │ ├── PortMappingsBeanDefinitionParser.java │ │ │ │ ├── RememberMeBeanDefinitionParser.java │ │ │ │ ├── RequestMatcherFactoryBean.java │ │ │ │ ├── Saml2LoginBeanDefinitionParser.java │ │ │ │ ├── Saml2LoginBeanDefinitionParserUtils.java │ │ │ │ ├── Saml2LogoutBeanDefinitionParser.java │ │ │ │ ├── Saml2LogoutBeanDefinitionParserUtils.java │ │ │ │ ├── SecurityFilters.java │ │ │ │ ├── SessionCreationPolicy.java │ │ │ │ ├── UserDetailsServiceFactoryBean.java │ │ │ │ ├── WebConfigUtils.java │ │ │ │ ├── WellKnownChangePasswordBeanDefinitionParser.java │ │ │ │ └── package-info.java │ │ │ ├── ldap/ │ │ │ │ ├── AbstractLdapAuthenticationManagerFactory.java │ │ │ │ ├── ContextSourceSettingPostProcessor.java │ │ │ │ ├── EmbeddedLdapServerContextSourceFactoryBean.java │ │ │ │ ├── LdapBindAuthenticationManagerFactory.java │ │ │ │ ├── LdapPasswordComparisonAuthenticationManagerFactory.java │ │ │ │ ├── LdapProviderBeanDefinitionParser.java │ │ │ │ ├── LdapServerBeanDefinitionParser.java │ │ │ │ ├── LdapUserServiceBeanDefinitionParser.java │ │ │ │ └── package-info.java │ │ │ ├── method/ │ │ │ │ ├── AspectJMethodMatcher.java │ │ │ │ ├── GlobalMethodSecurityBeanDefinitionParser.java │ │ │ │ ├── InterceptMethodsBeanDefinitionDecorator.java │ │ │ │ ├── MethodConfigUtils.java │ │ │ │ ├── MethodSecurityBeanDefinitionParser.java │ │ │ │ ├── MethodSecurityMetadataSourceBeanDefinitionParser.java │ │ │ │ ├── PointcutDelegatingAuthorizationManager.java │ │ │ │ ├── PrefixBasedMethodMatcher.java │ │ │ │ ├── ProtectPointcutPostProcessor.java │ │ │ │ └── package-info.java │ │ │ ├── oauth2/ │ │ │ │ └── client/ │ │ │ │ ├── ClientRegistrationsBeanDefinitionParser.java │ │ │ │ └── CommonOAuth2Provider.java │ │ │ ├── observation/ │ │ │ │ └── SecurityObservationSettings.java │ │ │ ├── package-info.java │ │ │ ├── provisioning/ │ │ │ │ └── UserDetailsManagerResourceFactoryBean.java │ │ │ ├── saml2/ │ │ │ │ └── RelyingPartyRegistrationsBeanDefinitionParser.java │ │ │ ├── web/ │ │ │ │ ├── PathPatternRequestMatcherBuilderFactoryBean.java │ │ │ │ ├── messaging/ │ │ │ │ │ └── PathPatternMessageMatcherBuilderFactoryBean.java │ │ │ │ └── server/ │ │ │ │ ├── AbstractServerWebExchangeMatcherRegistry.java │ │ │ │ ├── GenericHttpMessageConverterAdapter.java │ │ │ │ ├── HttpMessageConverters.java │ │ │ │ ├── OAuth2ErrorEncoder.java │ │ │ │ ├── OidcBackChannelLogoutAuthentication.java │ │ │ │ ├── OidcBackChannelLogoutReactiveAuthenticationManager.java │ │ │ │ ├── OidcBackChannelLogoutTokenValidator.java │ │ │ │ ├── OidcBackChannelLogoutWebFilter.java │ │ │ │ ├── OidcBackChannelServerLogoutHandler.java │ │ │ │ ├── OidcLogoutAuthenticationToken.java │ │ │ │ ├── OidcLogoutServerAuthenticationConverter.java │ │ │ │ ├── SecurityWebFiltersOrder.java │ │ │ │ └── ServerHttpSecurity.java │ │ │ └── websocket/ │ │ │ └── WebSocketMessageBrokerSecurityBeanDefinitionParser.java │ │ ├── kotlin/ │ │ │ └── org/ │ │ │ └── springframework/ │ │ │ └── security/ │ │ │ └── config/ │ │ │ ├── annotation/ │ │ │ │ └── web/ │ │ │ │ ├── AbstractRequestMatcherDsl.kt │ │ │ │ ├── AnonymousDsl.kt │ │ │ │ ├── AuthorizeHttpRequestsDsl.kt │ │ │ │ ├── CorsDsl.kt │ │ │ │ ├── CsrfDsl.kt │ │ │ │ ├── ExceptionHandlingDsl.kt │ │ │ │ ├── FormLoginDsl.kt │ │ │ │ ├── HeadersDsl.kt │ │ │ │ ├── HttpBasicDsl.kt │ │ │ │ ├── HttpSecurityDsl.kt │ │ │ │ ├── HttpsRedirectDsl.kt │ │ │ │ ├── LogoutDsl.kt │ │ │ │ ├── OAuth2ClientDsl.kt │ │ │ │ ├── OAuth2LoginDsl.kt │ │ │ │ ├── OAuth2ResourceServerDsl.kt │ │ │ │ ├── OidcLogoutDsl.kt │ │ │ │ ├── OneTimeTokenLoginDsl.kt │ │ │ │ ├── PasswordManagementDsl.kt │ │ │ │ ├── PortMapperDsl.kt │ │ │ │ ├── RememberMeDsl.kt │ │ │ │ ├── RequestCacheDsl.kt │ │ │ │ ├── RequiresChannelDsl.kt │ │ │ │ ├── Saml2Dsl.kt │ │ │ │ ├── Saml2LogoutDsl.kt │ │ │ │ ├── Saml2MetadataDsl.kt │ │ │ │ ├── SecurityContextDsl.kt │ │ │ │ ├── SecurityMarker.kt │ │ │ │ ├── SessionManagementDsl.kt │ │ │ │ ├── WebAuthnDsl.kt │ │ │ │ ├── X509Dsl.kt │ │ │ │ ├── headers/ │ │ │ │ │ ├── CacheControlDsl.kt │ │ │ │ │ ├── ContentSecurityPolicyDsl.kt │ │ │ │ │ ├── ContentTypeOptionsDsl.kt │ │ │ │ │ ├── CrossOriginEmbedderPolicyDsl.kt │ │ │ │ │ ├── CrossOriginOpenerPolicyDsl.kt │ │ │ │ │ ├── CrossOriginResourcePolicyDsl.kt │ │ │ │ │ ├── FrameOptionsDsl.kt │ │ │ │ │ ├── HeadersSecurityMarker.kt │ │ │ │ │ ├── HttpPublicKeyPinningDsl.kt │ │ │ │ │ ├── HttpStrictTransportSecurityDsl.kt │ │ │ │ │ ├── PermissionsPolicyDsl.kt │ │ │ │ │ ├── ReferrerPolicyDsl.kt │ │ │ │ │ └── XssProtectionConfigDsl.kt │ │ │ │ ├── oauth2/ │ │ │ │ │ ├── client/ │ │ │ │ │ │ ├── AuthorizationCodeGrantDsl.kt │ │ │ │ │ │ └── OAuth2ClientSecurityMarker.kt │ │ │ │ │ ├── login/ │ │ │ │ │ │ ├── AuthorizationEndpointDsl.kt │ │ │ │ │ │ ├── OAuth2LoginSecurityMarker.kt │ │ │ │ │ │ ├── OidcBackChannelLogoutDsl.kt │ │ │ │ │ │ ├── RedirectionEndpointDsl.kt │ │ │ │ │ │ ├── TokenEndpointDsl.kt │ │ │ │ │ │ └── UserInfoEndpointDsl.kt │ │ │ │ │ └── resourceserver/ │ │ │ │ │ ├── JwtDsl.kt │ │ │ │ │ ├── OAuth2ResourceServerSecurityMarker.kt │ │ │ │ │ └── OpaqueTokenDsl.kt │ │ │ │ ├── saml2/ │ │ │ │ │ ├── LogoutRequestDsl.kt │ │ │ │ │ ├── LogoutResponseDsl.kt │ │ │ │ │ └── Saml2SecurityMarker.kt │ │ │ │ └── session/ │ │ │ │ ├── SessionConcurrencyDsl.kt │ │ │ │ ├── SessionFixationDsl.kt │ │ │ │ └── SessionSecurityMarker.kt │ │ │ └── web/ │ │ │ └── server/ │ │ │ ├── AuthorizeExchangeDsl.kt │ │ │ ├── ServerAnonymousDsl.kt │ │ │ ├── ServerCacheControlDsl.kt │ │ │ ├── ServerContentSecurityPolicyDsl.kt │ │ │ ├── ServerContentTypeOptionsDsl.kt │ │ │ ├── ServerCorsDsl.kt │ │ │ ├── ServerCrossOriginEmbedderPolicyDsl.kt │ │ │ ├── ServerCrossOriginOpenerPolicyDsl.kt │ │ │ ├── ServerCrossOriginResourcePolicyDsl.kt │ │ │ ├── ServerCsrfDsl.kt │ │ │ ├── ServerExceptionHandlingDsl.kt │ │ │ ├── ServerFormLoginDsl.kt │ │ │ ├── ServerFrameOptionsDsl.kt │ │ │ ├── ServerHeadersDsl.kt │ │ │ ├── ServerHttpBasicDsl.kt │ │ │ ├── ServerHttpSecurityDsl.kt │ │ │ ├── ServerHttpStrictTransportSecurityDsl.kt │ │ │ ├── ServerHttpsRedirectDsl.kt │ │ │ ├── ServerJwtDsl.kt │ │ │ ├── ServerLogoutDsl.kt │ │ │ ├── ServerOAuth2ClientDsl.kt │ │ │ ├── ServerOAuth2LoginDsl.kt │ │ │ ├── ServerOAuth2ResourceServerDsl.kt │ │ │ ├── ServerOidcBackChannelLogoutDsl.kt │ │ │ ├── ServerOidcLogoutDsl.kt │ │ │ ├── ServerOneTimeTokenLoginDsl.kt │ │ │ ├── ServerOpaqueTokenDsl.kt │ │ │ ├── ServerPasswordManagementDsl.kt │ │ │ ├── ServerPermissionsPolicyDsl.kt │ │ │ ├── ServerReferrerPolicyDsl.kt │ │ │ ├── ServerRequestCacheDsl.kt │ │ │ ├── ServerSecurityMarker.kt │ │ │ ├── ServerSessionConcurrencyDsl.kt │ │ │ ├── ServerSessionManagementDsl.kt │ │ │ ├── ServerX509Dsl.kt │ │ │ └── ServerXssProtectionDsl.kt │ │ └── resources/ │ │ ├── META-INF/ │ │ │ ├── spring/ │ │ │ │ └── aot.factories │ │ │ ├── spring.handlers │ │ │ └── spring.schemas │ │ └── org/ │ │ └── springframework/ │ │ └── security/ │ │ └── config/ │ │ ├── catalog.xml │ │ ├── spring-security-2.0.1.xsd │ │ ├── spring-security-2.0.2.xsd │ │ ├── spring-security-2.0.4.xsd │ │ ├── spring-security-2.0.xsd │ │ ├── spring-security-3.0.3.xsd │ │ ├── spring-security-3.0.xsd │ │ ├── spring-security-3.1.rnc │ │ ├── spring-security-3.1.xsd │ │ ├── spring-security-3.2.rnc │ │ ├── spring-security-3.2.xsd │ │ ├── spring-security-4.0.rnc │ │ ├── spring-security-4.0.xsd │ │ ├── spring-security-4.1.rnc │ │ ├── spring-security-4.1.xsd │ │ ├── spring-security-4.2.rnc │ │ ├── spring-security-4.2.xsd │ │ ├── spring-security-5.0.rnc │ │ ├── spring-security-5.0.xsd │ │ ├── spring-security-5.1.rnc │ │ ├── spring-security-5.1.xsd │ │ ├── spring-security-5.2.rnc │ │ ├── spring-security-5.2.xsd │ │ ├── spring-security-5.3.rnc │ │ ├── spring-security-5.3.xsd │ │ ├── spring-security-5.4.rnc │ │ ├── spring-security-5.4.xsd │ │ ├── spring-security-5.5.rnc │ │ ├── spring-security-5.5.xsd │ │ ├── spring-security-5.6.rnc │ │ ├── spring-security-5.6.xsd │ │ ├── spring-security-5.7.rnc │ │ ├── spring-security-5.7.xsd │ │ ├── spring-security-5.8.rnc │ │ ├── spring-security-5.8.xsd │ │ ├── spring-security-6.0.rnc │ │ ├── spring-security-6.0.xsd │ │ ├── spring-security-6.1.rnc │ │ ├── spring-security-6.1.xsd │ │ ├── spring-security-6.2.rnc │ │ ├── spring-security-6.2.xsd │ │ ├── spring-security-6.3.rnc │ │ ├── spring-security-6.3.xsd │ │ ├── spring-security-6.4.rnc │ │ ├── spring-security-6.4.xsd │ │ ├── spring-security-6.5.rnc │ │ ├── spring-security-6.5.xsd │ │ ├── spring-security-7.0.rnc │ │ ├── spring-security-7.0.xsd │ │ ├── spring-security-7.1.rnc │ │ ├── spring-security-7.1.xsd │ │ └── spring-security.xsl │ └── test/ │ ├── java/ │ │ └── org/ │ │ └── springframework/ │ │ └── security/ │ │ ├── BeanNameCollectingPostProcessor.java │ │ ├── CollectingAppListener.java │ │ ├── SerializationSamples.java │ │ ├── SpringSecurityCoreVersionSerializableTests.java │ │ ├── config/ │ │ │ ├── ConfigTestUtils.java │ │ │ ├── DataSourcePopulator.java │ │ │ ├── FilterChainProxyConfigTests.java │ │ │ ├── InvalidConfigurationTests.java │ │ │ ├── MockAfterInvocationProvider.java │ │ │ ├── MockEventListener.java │ │ │ ├── MockSecurityContextHolderStrategy.java │ │ │ ├── MockTransactionManager.java │ │ │ ├── MockUserServiceBeanPostProcessor.java │ │ │ ├── PostProcessedMockUserDetailsService.java │ │ │ ├── SecurityNamespaceHandlerTests.java │ │ │ ├── TestBusinessBean.java │ │ │ ├── TestBusinessBeanImpl.java │ │ │ ├── TestDeferredSecurityContext.java │ │ │ ├── TransactionalTestBusinessBean.java │ │ │ ├── annotation/ │ │ │ │ ├── ConcereteSecurityConfigurerAdapter.java │ │ │ │ ├── ObjectPostProcessorTests.java │ │ │ │ ├── SecurityConfigurerAdapterClosureTests.java │ │ │ │ ├── SecurityConfigurerAdapterTests.java │ │ │ │ ├── SecurityContextChangedListenerArgumentMatchers.java │ │ │ │ ├── SecurityContextChangedListenerConfig.java │ │ │ │ ├── authentication/ │ │ │ │ │ ├── AuthenticationManagerBuilderTests.java │ │ │ │ │ ├── BaseAuthenticationConfig.java │ │ │ │ │ ├── NamespaceAuthenticationManagerTests.java │ │ │ │ │ ├── NamespaceAuthenticationProviderTests.java │ │ │ │ │ ├── NamespaceJdbcUserServiceTests.java │ │ │ │ │ ├── NamespacePasswordEncoderTests.java │ │ │ │ │ ├── PasswordEncoderConfigurerTests.java │ │ │ │ │ ├── configuration/ │ │ │ │ │ │ ├── AuthenticationConfigurationPublishTests.java │ │ │ │ │ │ ├── AuthenticationConfigurationTests.java │ │ │ │ │ │ ├── AuthenticationManagerBeanRegistrationAotProcessorTests.java │ │ │ │ │ │ └── EnableGlobalAuthenticationTests.java │ │ │ │ │ └── configurers/ │ │ │ │ │ ├── ldap/ │ │ │ │ │ │ └── LdapAuthenticationProviderConfigurerTests.java │ │ │ │ │ └── provisioning/ │ │ │ │ │ └── UserDetailsManagerConfigurerTests.java │ │ │ │ ├── authorization/ │ │ │ │ │ ├── EnableMultiFactorAuthenticationCustomizerTests.java │ │ │ │ │ ├── EnableMultiFactorAuthenticationFiltersSetTests.java │ │ │ │ │ ├── EnableMultiFactorAuthenticationMultipleCustomizersTests.java │ │ │ │ │ ├── EnableMultiFactorAuthenticationTests.java │ │ │ │ │ └── MultiFactorAuthenticationSelectorTests.java │ │ │ │ ├── configuration/ │ │ │ │ │ ├── AroundMethodInterceptor.java │ │ │ │ │ ├── AutowireBeanFactoryObjectPostProcessorTests.java │ │ │ │ │ └── MyAdvisedBean.java │ │ │ │ ├── issue50/ │ │ │ │ │ ├── ApplicationConfig.java │ │ │ │ │ ├── Issue50Tests.java │ │ │ │ │ ├── SecurityConfig.java │ │ │ │ │ ├── domain/ │ │ │ │ │ │ └── User.java │ │ │ │ │ └── repo/ │ │ │ │ │ └── UserRepository.java │ │ │ │ ├── method/ │ │ │ │ │ └── configuration/ │ │ │ │ │ ├── AuthorizationProxyConfigurationTests.java │ │ │ │ │ ├── Authz.java │ │ │ │ │ ├── DelegatingReactiveMessageService.java │ │ │ │ │ ├── EnableAuthorizationManagerReactiveMethodSecurityTests.java │ │ │ │ │ ├── EnableCustomMethodSecurity.java │ │ │ │ │ ├── EnableReactiveMethodSecurityTests.java │ │ │ │ │ ├── GlobalMethodSecurityConfigurationTests.java │ │ │ │ │ ├── MethodSecurityService.java │ │ │ │ │ ├── MethodSecurityServiceConfig.java │ │ │ │ │ ├── MethodSecurityServiceImpl.java │ │ │ │ │ ├── MyMasker.java │ │ │ │ │ ├── NamespaceGlobalMethodSecurityExpressionHandlerTests.java │ │ │ │ │ ├── NamespaceGlobalMethodSecurityTests.java │ │ │ │ │ ├── PrePostMethodSecurityConfigurationTests.java │ │ │ │ │ ├── PrePostReactiveMethodSecurityConfigurationTests.java │ │ │ │ │ ├── ReactiveMessageService.java │ │ │ │ │ ├── ReactiveMethodSecurityConfigurationTests.java │ │ │ │ │ ├── ReactiveMethodSecurityService.java │ │ │ │ │ ├── ReactiveMethodSecurityServiceImpl.java │ │ │ │ │ ├── RequireAdminRole.java │ │ │ │ │ ├── RequireUserRole.java │ │ │ │ │ ├── SampleEnableGlobalMethodSecurityTests.java │ │ │ │ │ ├── UserRecordWithEmailProtected.java │ │ │ │ │ ├── aot/ │ │ │ │ │ │ ├── EnableMethodSecurityAotTests.java │ │ │ │ │ │ ├── Message.java │ │ │ │ │ │ ├── MessageRepository.java │ │ │ │ │ │ ├── User.java │ │ │ │ │ │ └── UserProjection.java │ │ │ │ │ └── issue14637/ │ │ │ │ │ ├── ApplicationConfig.java │ │ │ │ │ ├── Issue14637Tests.java │ │ │ │ │ ├── SecurityConfig.java │ │ │ │ │ ├── domain/ │ │ │ │ │ │ └── Entry.java │ │ │ │ │ └── repo/ │ │ │ │ │ └── EntryRepository.java │ │ │ │ ├── sec2758/ │ │ │ │ │ └── Sec2758Tests.java │ │ │ │ └── web/ │ │ │ │ ├── AbstractConfiguredSecurityBuilderTests.java │ │ │ │ ├── AbstractRequestMatcherRegistryAnyMatcherTests.java │ │ │ │ ├── AbstractRequestMatcherRegistryNoMvcTests.java │ │ │ │ ├── AbstractRequestMatcherRegistryTests.java │ │ │ │ ├── HttpSecurityHeadersTests.java │ │ │ │ ├── builders/ │ │ │ │ │ ├── FilterOrderRegistrationTests.java │ │ │ │ │ ├── HttpConfigurationTests.java │ │ │ │ │ ├── HttpSecurityAuthenticationManagerTests.java │ │ │ │ │ ├── HttpSecurityDeferAddFilterTests.java │ │ │ │ │ ├── NamespaceHttpTests.java │ │ │ │ │ ├── TestHttpSecurities.java │ │ │ │ │ ├── WebSecurityFilterChainValidatorTests.java │ │ │ │ │ └── WebSecurityTests.java │ │ │ │ ├── configuration/ │ │ │ │ │ ├── AuthenticationPrincipalArgumentResolverTests.java │ │ │ │ │ ├── AuthorizationManagerWebInvocationPrivilegeEvaluatorConfigTests.java │ │ │ │ │ ├── DeferHttpSessionJavaConfigTests.java │ │ │ │ │ ├── EnableWebSecurityTests.java │ │ │ │ │ ├── HttpSecurityConfigurationTests.java │ │ │ │ │ ├── OAuth2AuthorizationServerConfigurationTests.java │ │ │ │ │ ├── OAuth2AuthorizedClientManagerConfigurationTests.java │ │ │ │ │ ├── OAuth2ClientConfigurationTests.java │ │ │ │ │ ├── RegisterMissingBeanPostProcessorTests.java │ │ │ │ │ ├── SecurityReactorContextConfigurationResourceServerTests.java │ │ │ │ │ ├── SecurityReactorContextConfigurationTests.java │ │ │ │ │ ├── WebMvcSecurityConfigurationTests.java │ │ │ │ │ ├── WebSecurityConfigurationTests.java │ │ │ │ │ └── sec2377/ │ │ │ │ │ ├── Sec2377Tests.java │ │ │ │ │ ├── a/ │ │ │ │ │ │ └── Sec2377AConfig.java │ │ │ │ │ └── b/ │ │ │ │ │ └── Sec2377BConfig.java │ │ │ │ ├── configurers/ │ │ │ │ │ ├── AbstractConfigAttributeRequestMatcherRegistryTests.java │ │ │ │ │ ├── AnonymousConfigurerTests.java │ │ │ │ │ ├── AuthorizeHttpRequestsConfigurerTests.java │ │ │ │ │ ├── ChannelSecurityConfigurerTests.java │ │ │ │ │ ├── CorsConfigurerTests.java │ │ │ │ │ ├── CsrfConfigurerIgnoringRequestMatchersTests.java │ │ │ │ │ ├── CsrfConfigurerNoWebMvcTests.java │ │ │ │ │ ├── CsrfConfigurerTests.java │ │ │ │ │ ├── DefaultFiltersTests.java │ │ │ │ │ ├── DefaultLoginPageConfigurerTests.java │ │ │ │ │ ├── ExceptionHandlingConfigurerAccessDeniedHandlerTests.java │ │ │ │ │ ├── ExceptionHandlingConfigurerTests.java │ │ │ │ │ ├── FormLoginConfigurerTests.java │ │ │ │ │ ├── HeadersConfigurerEagerHeadersTests.java │ │ │ │ │ ├── HeadersConfigurerTests.java │ │ │ │ │ ├── HttpBasicConfigurerTests.java │ │ │ │ │ ├── HttpSecurityLogoutTests.java │ │ │ │ │ ├── HttpSecurityObservationTests.java │ │ │ │ │ ├── HttpSecurityRequestMatchersTests.java │ │ │ │ │ ├── HttpSecuritySecurityMatchersNoMvcTests.java │ │ │ │ │ ├── HttpSecuritySecurityMatchersTests.java │ │ │ │ │ ├── HttpsRedirectConfigurerTests.java │ │ │ │ │ ├── JeeConfigurerTests.java │ │ │ │ │ ├── LogoutConfigurerClearSiteDataTests.java │ │ │ │ │ ├── LogoutConfigurerTests.java │ │ │ │ │ ├── NamespaceDebugTests.java │ │ │ │ │ ├── NamespaceHttpAnonymousTests.java │ │ │ │ │ ├── NamespaceHttpBasicTests.java │ │ │ │ │ ├── NamespaceHttpCustomFilterTests.java │ │ │ │ │ ├── NamespaceHttpExpressionHandlerTests.java │ │ │ │ │ ├── NamespaceHttpFirewallTests.java │ │ │ │ │ ├── NamespaceHttpFormLoginTests.java │ │ │ │ │ ├── NamespaceHttpHeadersTests.java │ │ │ │ │ ├── NamespaceHttpInterceptUrlTests.java │ │ │ │ │ ├── NamespaceHttpJeeTests.java │ │ │ │ │ ├── NamespaceHttpLogoutTests.java │ │ │ │ │ ├── NamespaceHttpPortMappingsTests.java │ │ │ │ │ ├── NamespaceHttpRequestCacheTests.java │ │ │ │ │ ├── NamespaceHttpServerAccessDeniedHandlerTests.java │ │ │ │ │ ├── NamespaceHttpX509Tests.java │ │ │ │ │ ├── NamespaceRememberMeTests.java │ │ │ │ │ ├── NamespaceSessionManagementTests.java │ │ │ │ │ ├── PasswordManagementConfigurerTests.java │ │ │ │ │ ├── PermitAllSupportTests.java │ │ │ │ │ ├── PortMapperConfigurerTests.java │ │ │ │ │ ├── RememberMeConfigurerTests.java │ │ │ │ │ ├── RequestCacheConfigurerTests.java │ │ │ │ │ ├── RequestMatcherConfigurerTests.java │ │ │ │ │ ├── SecurityContextConfigurerTests.java │ │ │ │ │ ├── ServletApiConfigurerTests.java │ │ │ │ │ ├── SessionManagementConfigurerServlet31Tests.java │ │ │ │ │ ├── SessionManagementConfigurerSessionAuthenticationStrategyTests.java │ │ │ │ │ ├── SessionManagementConfigurerSessionCreationPolicyTests.java │ │ │ │ │ ├── SessionManagementConfigurerTests.java │ │ │ │ │ ├── SessionManagementConfigurerTransientAuthenticationTests.java │ │ │ │ │ ├── UrlAuthorizationsTests.java │ │ │ │ │ ├── WebAuthnConfigurerTests.java │ │ │ │ │ ├── X509ConfigurerTests.java │ │ │ │ │ ├── oauth2/ │ │ │ │ │ │ ├── client/ │ │ │ │ │ │ │ ├── OAuth2ClientConfigurerTests.java │ │ │ │ │ │ │ ├── OAuth2LoginConfigurerTests.java │ │ │ │ │ │ │ ├── OidcBackChannelLogoutHandlerTests.java │ │ │ │ │ │ │ ├── OidcLogoutConfigurerTests.java │ │ │ │ │ │ │ ├── OidcUserRefreshedEventListenerConfigurationTests.java │ │ │ │ │ │ │ └── OidcUserRefreshedEventListenerTests.java │ │ │ │ │ │ └── server/ │ │ │ │ │ │ ├── authorization/ │ │ │ │ │ │ │ ├── AuthorizationServerContextFilterTests.java │ │ │ │ │ │ │ ├── DefaultOAuth2TokenCustomizersTests.java │ │ │ │ │ │ │ ├── JwkSetTests.java │ │ │ │ │ │ │ ├── OAuth2AuthorizationCodeGrantTests.java │ │ │ │ │ │ │ ├── OAuth2AuthorizationServerMetadataTests.java │ │ │ │ │ │ │ ├── OAuth2ClientCredentialsGrantTests.java │ │ │ │ │ │ │ ├── OAuth2ClientRegistrationTests.java │ │ │ │ │ │ │ ├── OAuth2DeviceCodeGrantTests.java │ │ │ │ │ │ │ ├── OAuth2RefreshTokenGrantTests.java │ │ │ │ │ │ │ ├── OAuth2TokenExchangeGrantTests.java │ │ │ │ │ │ │ ├── OAuth2TokenIntrospectionTests.java │ │ │ │ │ │ │ ├── OAuth2TokenRevocationTests.java │ │ │ │ │ │ │ ├── OidcClientRegistrationTests.java │ │ │ │ │ │ │ ├── OidcProviderConfigurationTests.java │ │ │ │ │ │ │ ├── OidcTests.java │ │ │ │ │ │ │ └── OidcUserInfoTests.java │ │ │ │ │ │ └── resource/ │ │ │ │ │ │ ├── DPoPAuthenticationConfigurerTests.java │ │ │ │ │ │ ├── OAuth2ProtectedResourceMetadataTests.java │ │ │ │ │ │ └── OAuth2ResourceServerConfigurerTests.java │ │ │ │ │ ├── ott/ │ │ │ │ │ │ └── OneTimeTokenLoginConfigurerTests.java │ │ │ │ │ └── saml2/ │ │ │ │ │ ├── Saml2LoginConfigurerTests.java │ │ │ │ │ ├── Saml2LogoutConfigurerTests.java │ │ │ │ │ ├── Saml2MetadataConfigurerTests.java │ │ │ │ │ └── TestSaml2Credentials.java │ │ │ │ ├── reactive/ │ │ │ │ │ ├── EnableWebFluxSecurityTests.java │ │ │ │ │ ├── ReactiveOAuth2AuthorizedClientManagerConfigurationTests.java │ │ │ │ │ ├── ReactiveOAuth2ClientImportSelectorTests.java │ │ │ │ │ ├── ServerHttpSecurityConfigurationBuilder.java │ │ │ │ │ ├── ServerHttpSecurityConfigurationTests.java │ │ │ │ │ └── WebFluxSecurityConfigurationTests.java │ │ │ │ └── socket/ │ │ │ │ ├── SyncExecutorSubscribableChannelPostProcessor.java │ │ │ │ ├── TestDeferredCsrfToken.java │ │ │ │ ├── WebSocketMessageBrokerSecurityConfigurationDocTests.java │ │ │ │ └── WebSocketMessageBrokerSecurityConfigurationTests.java │ │ │ ├── aot/ │ │ │ │ └── hint/ │ │ │ │ ├── OAuth2LoginRuntimeHintsTests.java │ │ │ │ ├── WebMvcSecurityConfigurationRuntimeHintsTests.java │ │ │ │ └── WebSecurityConfigurationRuntimeHintsTests.java │ │ │ ├── authentication/ │ │ │ │ ├── AuthenticationConfigurationGh3935Tests.java │ │ │ │ ├── AuthenticationManagerBeanDefinitionParserTests.java │ │ │ │ ├── AuthenticationProviderBeanDefinitionParserTests.java │ │ │ │ ├── JdbcUserServiceBeanDefinitionParserTests.java │ │ │ │ ├── PasswordEncoderParserTests.java │ │ │ │ └── UserServiceBeanDefinitionParserTests.java │ │ │ ├── core/ │ │ │ │ ├── GrantedAuthorityDefaultsJcTests.java │ │ │ │ ├── GrantedAuthorityDefaultsXmlTests.java │ │ │ │ ├── HelloWorldMessageService.java │ │ │ │ ├── MessageService.java │ │ │ │ └── userdetails/ │ │ │ │ ├── ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceITests.java │ │ │ │ ├── ReactiveUserDetailsServiceResourceFactoryBeanPropertiesResourceLocationITests.java │ │ │ │ ├── ReactiveUserDetailsServiceResourceFactoryBeanStringITests.java │ │ │ │ └── UserDetailsResourceFactoryBeanTests.java │ │ │ ├── crypto/ │ │ │ │ └── RsaKeyConversionServicePostProcessorTests.java │ │ │ ├── debug/ │ │ │ │ ├── AuthProviderDependency.java │ │ │ │ ├── SecurityDebugBeanFactoryPostProcessorTests.java │ │ │ │ └── TestAuthenticationProvider.java │ │ │ ├── doc/ │ │ │ │ ├── Attribute.java │ │ │ │ ├── Element.java │ │ │ │ ├── SpringSecurityXsdParser.java │ │ │ │ ├── XmlNode.java │ │ │ │ ├── XmlParser.java │ │ │ │ ├── XmlSupport.java │ │ │ │ └── XsdDocumentedTests.java │ │ │ ├── http/ │ │ │ │ ├── AccessDeniedConfigTests.java │ │ │ │ ├── CsrfBeanDefinitionParserTests.java │ │ │ │ ├── CsrfConfigTests.java │ │ │ │ ├── DefaultFilterChainValidatorTests.java │ │ │ │ ├── DeferHttpSessionXmlConfigTests.java │ │ │ │ ├── FilterSecurityMetadataSourceBeanDefinitionParserTests.java │ │ │ │ ├── FormLoginBeanDefinitionParserTests.java │ │ │ │ ├── FormLoginConfigTests.java │ │ │ │ ├── HttpConfigTests.java │ │ │ │ ├── HttpCorsConfigTests.java │ │ │ │ ├── HttpHeadersConfigTests.java │ │ │ │ ├── HttpInterceptUrlTests.java │ │ │ │ ├── InterceptUrlConfigTests.java │ │ │ │ ├── MiscHttpConfigTests.java │ │ │ │ ├── MultiHttpBlockConfigTests.java │ │ │ │ ├── NamespaceHttpBasicTests.java │ │ │ │ ├── OAuth2AuthorizedClientManagerRegistrarTests.java │ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests.java │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests.java │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests.java │ │ │ │ ├── PlaceHolderAndELConfigTests.java │ │ │ │ ├── RememberMeConfigTests.java │ │ │ │ ├── Saml2LoginBeanDefinitionParserTests.java │ │ │ │ ├── Saml2LogoutBeanDefinitionParserTests.java │ │ │ │ ├── SecurityContextHolderAwareRequestConfigTests.java │ │ │ │ ├── SecurityFiltersAssertions.java │ │ │ │ ├── SessionManagementConfigServlet31Tests.java │ │ │ │ ├── SessionManagementConfigTests.java │ │ │ │ ├── SessionManagementConfigTransientAuthenticationTests.java │ │ │ │ ├── WebConfigUtilsTests.java │ │ │ │ ├── WellKnownChangePasswordBeanDefinitionParserTests.java │ │ │ │ └── customconfigurer/ │ │ │ │ ├── CustomConfigurer.java │ │ │ │ └── CustomHttpSecurityConfigurerTests.java │ │ │ ├── method/ │ │ │ │ ├── Contact.java │ │ │ │ ├── ContactPermission.java │ │ │ │ ├── GlobalMethodSecurityBeanDefinitionParserTests.java │ │ │ │ ├── InterceptMethodsBeanDefinitionDecoratorTests.java │ │ │ │ ├── Jsr250AnnotationDrivenBeanDefinitionParserTests.java │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests.java │ │ │ │ ├── PreAuthorizeAdminRole.java │ │ │ │ ├── PreAuthorizeServiceImpl.java │ │ │ │ ├── PreAuthorizeTests.java │ │ │ │ ├── Sec2196Tests.java │ │ │ │ ├── SecuredAdminRole.java │ │ │ │ ├── SecuredAnnotationDrivenBeanDefinitionParserTests.java │ │ │ │ ├── SecuredServiceImpl.java │ │ │ │ ├── SecuredTests.java │ │ │ │ ├── TestPermissionEvaluator.java │ │ │ │ ├── configuration/ │ │ │ │ │ └── Gh4020GlobalMethodSecurityConfigurationTests.java │ │ │ │ ├── sec2136/ │ │ │ │ │ ├── JpaPermissionEvaluator.java │ │ │ │ │ └── Sec2136Tests.java │ │ │ │ └── sec2499/ │ │ │ │ └── Sec2499Tests.java │ │ │ ├── oauth2/ │ │ │ │ └── client/ │ │ │ │ ├── ClientRegistrationsBeanDefinitionParserTests.java │ │ │ │ └── CommonOAuth2ProviderTests.java │ │ │ ├── observation/ │ │ │ │ └── SecurityObservationSettingsTests.java │ │ │ ├── provisioning/ │ │ │ │ ├── UserDetailsManagerResourceFactoryBeanPropertiesResourceITests.java │ │ │ │ ├── UserDetailsManagerResourceFactoryBeanPropertiesResourceLocationITests.java │ │ │ │ └── UserDetailsManagerResourceFactoryBeanStringITests.java │ │ │ ├── saml2/ │ │ │ │ └── RelyingPartyRegistrationsBeanDefinitionParserTests.java │ │ │ ├── test/ │ │ │ │ ├── SpringTestContext.java │ │ │ │ ├── SpringTestContextExtension.java │ │ │ │ └── SpringTestParentApplicationContextExecutionListener.java │ │ │ ├── users/ │ │ │ │ ├── AuthenticationTestConfiguration.java │ │ │ │ └── ReactiveAuthenticationTestConfiguration.java │ │ │ ├── util/ │ │ │ │ ├── InMemoryXmlApplicationContext.java │ │ │ │ ├── InMemoryXmlWebApplicationContext.java │ │ │ │ └── SpringSecurityVersions.java │ │ │ ├── web/ │ │ │ │ ├── PathPatternRequestMatcherBuilderFactoryBeanTests.java │ │ │ │ └── server/ │ │ │ │ ├── AuthorizeExchangeSpecTests.java │ │ │ │ ├── CorsSpecTests.java │ │ │ │ ├── ExceptionHandlingSpecTests.java │ │ │ │ ├── FormLoginTests.java │ │ │ │ ├── HeaderSpecTests.java │ │ │ │ ├── HttpsRedirectSpecTests.java │ │ │ │ ├── LogoutSpecTests.java │ │ │ │ ├── OAuth2ClientSpecTests.java │ │ │ │ ├── OAuth2LoginTests.java │ │ │ │ ├── OAuth2ResourceServerSpecTests.java │ │ │ │ ├── OidcBackChannelServerLogoutHandlerTests.java │ │ │ │ ├── OidcLogoutSpecTests.java │ │ │ │ ├── OneTimeTokenLoginSpecTests.java │ │ │ │ ├── PasswordManagementSpecTests.java │ │ │ │ ├── RequestCacheTests.java │ │ │ │ ├── ServerHttpSecurityTests.java │ │ │ │ ├── SessionManagementSpecTests.java │ │ │ │ └── TestingServerHttpSecurity.java │ │ │ └── websocket/ │ │ │ ├── MessageSecurityPostProcessorTests.java │ │ │ └── WebSocketMessageBrokerConfigTests.java │ │ ├── htmlunit/ │ │ │ └── server/ │ │ │ ├── HtmlUnitWebTestClient.java │ │ │ ├── MockWebResponseBuilder.java │ │ │ ├── WebTestClientHtmlUnitDriverBuilder.java │ │ │ ├── WebTestClientHtmlUnitDriverBuilderTests.java │ │ │ └── WebTestClientWebConnection.java │ │ ├── intercept/ │ │ │ └── method/ │ │ │ └── aopalliance/ │ │ │ └── MethodSecurityInterceptorWithAopConfigTests.java │ │ └── test/ │ │ ├── support/ │ │ │ ├── ClassPathExclusions.java │ │ │ ├── ClassPathOverrides.java │ │ │ ├── ForkedClassPath.java │ │ │ ├── ModifiedClassPathClassLoader.java │ │ │ └── ModifiedClassPathExtension.java │ │ └── web/ │ │ └── servlet/ │ │ └── RequestCacheResultMatcher.java │ ├── kotlin/ │ │ └── org/ │ │ └── springframework/ │ │ └── security/ │ │ └── config/ │ │ ├── annotation/ │ │ │ ├── method/ │ │ │ │ └── configuration/ │ │ │ │ ├── KotlinEnableReactiveMethodSecurityTests.kt │ │ │ │ ├── KotlinReactiveMessageService.kt │ │ │ │ └── KotlinReactiveMessageServiceImpl.kt │ │ │ └── web/ │ │ │ ├── AnonymousDslTests.kt │ │ │ ├── AuthorizeHttpRequestsDslTests.kt │ │ │ ├── CorsDslTests.kt │ │ │ ├── CsrfDslTests.kt │ │ │ ├── ExceptionHandlingDslTests.kt │ │ │ ├── FormLoginDslTests.kt │ │ │ ├── HeadersDslTests.kt │ │ │ ├── HttpBasicDslTests.kt │ │ │ ├── HttpSecurityDslTests.kt │ │ │ ├── HttpsRedirectDslTests.kt │ │ │ ├── LogoutDslTests.kt │ │ │ ├── OAuth2ClientDslTests.kt │ │ │ ├── OAuth2LoginDslTests.kt │ │ │ ├── OAuth2ResourceServerDslTests.kt │ │ │ ├── OidcLogoutDslTests.kt │ │ │ ├── OneTimeTokenLoginDslTests.kt │ │ │ ├── PasswordManagementDslTests.kt │ │ │ ├── PortMapperDslTests.kt │ │ │ ├── RememberMeDslTests.kt │ │ │ ├── RequestCacheDslTests.kt │ │ │ ├── RequiresChannelDslTests.kt │ │ │ ├── Saml2DslTests.kt │ │ │ ├── Saml2LogoutDslTests.kt │ │ │ ├── Saml2MetadataDslTests.kt │ │ │ ├── SecurityContextDslTests.kt │ │ │ ├── SessionManagementDslTests.kt │ │ │ ├── WebAuthnDslTests.kt │ │ │ ├── X509DslTests.kt │ │ │ ├── headers/ │ │ │ │ ├── CacheControlDslTests.kt │ │ │ │ ├── ContentSecurityPolicyDslTests.kt │ │ │ │ ├── ContentTypeOptionsDslTests.kt │ │ │ │ ├── FrameOptionsDslTests.kt │ │ │ │ ├── HttpPublicKeyPinningDslTests.kt │ │ │ │ ├── HttpStrictTransportSecurityDslTests.kt │ │ │ │ ├── ReferrerPolicyDslTests.kt │ │ │ │ └── XssProtectionConfigDslTests.kt │ │ │ ├── oauth2/ │ │ │ │ ├── client/ │ │ │ │ │ └── AuthorizationCodeGrantDslTests.kt │ │ │ │ ├── login/ │ │ │ │ │ ├── AuthorizationEndpointDslTests.kt │ │ │ │ │ ├── RedirectionEndpointDslTests.kt │ │ │ │ │ ├── TokenEndpointDslTests.kt │ │ │ │ │ └── UserInfoEndpointDslTests.kt │ │ │ │ └── resourceserver/ │ │ │ │ ├── JwtDslTests.kt │ │ │ │ └── OpaqueTokenDslTests.kt │ │ │ └── session/ │ │ │ ├── SessionConcurrencyDslTests.kt │ │ │ └── SessionFixationDslTests.kt │ │ └── web/ │ │ └── server/ │ │ ├── AuthorizeExchangeDslTests.kt │ │ ├── ServerAnonymousDslTests.kt │ │ ├── ServerCacheControlDslTests.kt │ │ ├── ServerContentSecurityPolicyDslTests.kt │ │ ├── ServerContentTypeOptionsDslTests.kt │ │ ├── ServerCorsDslTests.kt │ │ ├── ServerCsrfDslTests.kt │ │ ├── ServerExceptionHandlingDslTests.kt │ │ ├── ServerFormLoginDslTests.kt │ │ ├── ServerFrameOptionsDslTests.kt │ │ ├── ServerHeadersDslTests.kt │ │ ├── ServerHttpBasicDslTests.kt │ │ ├── ServerHttpSecurityDslTests.kt │ │ ├── ServerHttpStrictTransportSecurityDslTests.kt │ │ ├── ServerHttpsRedirectDslTests.kt │ │ ├── ServerJwtDslTests.kt │ │ ├── ServerLogoutDslTests.kt │ │ ├── ServerOAuth2ClientDslTests.kt │ │ ├── ServerOAuth2LoginDslTests.kt │ │ ├── ServerOAuth2ResourceServerDslTests.kt │ │ ├── ServerOidcLogoutDslTests.kt │ │ ├── ServerOneTimeTokenLoginDslTests.kt │ │ ├── ServerOpaqueTokenDslTests.kt │ │ ├── ServerPasswordManagementDslTests.kt │ │ ├── ServerPermissionsPolicyDslTests.kt │ │ ├── ServerReferrerPolicyDslTests.kt │ │ ├── ServerRequestCacheDslTests.kt │ │ ├── ServerSessionManagementDslTests.kt │ │ ├── ServerX509DslTests.kt │ │ └── ServerXssProtectionDslTests.kt │ └── resources/ │ ├── CustomJdbcUserServiceSampleConfig.sql │ ├── logback-test.xml │ ├── org/ │ │ └── springframework/ │ │ └── security/ │ │ ├── config/ │ │ │ ├── annotation/ │ │ │ │ ├── configuration/ │ │ │ │ │ └── AutowireBeanFactoryObjectPostProcessorTests-aopconfig.xml │ │ │ │ └── web/ │ │ │ │ ├── configuration/ │ │ │ │ │ ├── simple.priv │ │ │ │ │ └── simple.pub │ │ │ │ └── configurers/ │ │ │ │ └── oauth2/ │ │ │ │ └── server/ │ │ │ │ └── resource/ │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Active.json │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-ActiveNoScopes.json │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Default.jwks │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Empty.jwks │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Expired.token │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-ExpiresAt4687177990.token │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Inactive.json │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Kid.token │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-MalformedPayload.token │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-TooEarly.token │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-TwoKeys.jwks │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-Unsigned.token │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-ValidMessageReadScope.token │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-ValidMessageReadScp.token │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-ValidMessageWriteScp.token │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-ValidNoScopes.token │ │ │ │ ├── OAuth2ResourceServerConfigurerTests-WrongAlgorithm.token │ │ │ │ └── OAuth2ResourceServerConfigurerTests-WrongSignature.token │ │ │ ├── authentication/ │ │ │ │ ├── PasswordEncoderParserTests-bean.xml │ │ │ │ └── PasswordEncoderParserTests-default.xml │ │ │ ├── core/ │ │ │ │ └── GrantedAuthorityDefaultsXmlTests-context.xml │ │ │ ├── debug/ │ │ │ │ └── SecurityDebugBeanFactoryPostProcessorTests-context.xml │ │ │ ├── http/ │ │ │ │ ├── AccessDeniedConfigTests-AccessDeniedHandler.xml │ │ │ │ ├── AccessDeniedConfigTests-NoLeadingSlash.xml │ │ │ │ ├── AccessDeniedConfigTests-UsesPathAndRef.xml │ │ │ │ ├── CsrfBeanDefinitionParserTests-RegisterDataValueProcessorOnyIfNotRegistered.xml │ │ │ │ ├── CsrfConfigTests-AutoConfig.xml │ │ │ │ ├── CsrfConfigTests-CsrfDisabled.xml │ │ │ │ ├── CsrfConfigTests-CsrfEnabled.xml │ │ │ │ ├── CsrfConfigTests-WithAccessDeniedHandler.xml │ │ │ │ ├── CsrfConfigTests-WithRequestAttrName.xml │ │ │ │ ├── CsrfConfigTests-WithRequestMatcher.xml │ │ │ │ ├── CsrfConfigTests-WithSessionManagement.xml │ │ │ │ ├── CsrfConfigTests-WithXorCsrfTokenRequestAttributeHandler.xml │ │ │ │ ├── CsrfConfigTests-mock-csrf-token-repository.xml │ │ │ │ ├── CsrfConfigTests-mock-request-matcher.xml │ │ │ │ ├── CsrfConfigTests-shared-access-denied-handler.xml │ │ │ │ ├── CsrfConfigTests-shared-controllers.xml │ │ │ │ ├── CsrfConfigTests-shared-csrf-token-repository.xml │ │ │ │ ├── CsrfConfigTests-shared-userservice.xml │ │ │ │ ├── DeferHttpSessionTests-Explicit.xml │ │ │ │ ├── FormLoginBeanDefinitionParserTests-AutoConfig.xml │ │ │ │ ├── FormLoginBeanDefinitionParserTests-Simple.xml │ │ │ │ ├── FormLoginBeanDefinitionParserTests-WithAuthenticationFailureForwardUrl.xml │ │ │ │ ├── FormLoginBeanDefinitionParserTests-WithAuthenticationSuccessForwardUrl.xml │ │ │ │ ├── FormLoginBeanDefinitionParserTests-WithCustomAttributes.xml │ │ │ │ ├── FormLoginConfigTests-ForSec2919.xml │ │ │ │ ├── FormLoginConfigTests-ForSec3147.xml │ │ │ │ ├── FormLoginConfigTests-NoLeadingSlashDefaultTargetUrl.xml │ │ │ │ ├── FormLoginConfigTests-NoLeadingSlashLoginPage.xml │ │ │ │ ├── FormLoginConfigTests-UsingSpel.xml │ │ │ │ ├── FormLoginConfigTests-WithCsrfDisabled.xml │ │ │ │ ├── FormLoginConfigTests-WithCsrfEnabled.xml │ │ │ │ ├── FormLoginConfigTests-WithCustomSecurityContextHolderStrategy.xml │ │ │ │ ├── FormLoginConfigTests-WithDefaultTargetUrl.xml │ │ │ │ ├── FormLoginConfigTests-WithRequestMatcher.xml │ │ │ │ ├── FormLoginConfigTests-WithSuccessAndFailureHandlers.xml │ │ │ │ ├── FormLoginConfigTests-WithUsernameAndPasswordParameters.xml │ │ │ │ ├── HttpConfigTests-AuthorizationManager.xml │ │ │ │ ├── HttpConfigTests-Minimal.xml │ │ │ │ ├── HttpConfigTests-MinimalAuthorizationManager.xml │ │ │ │ ├── HttpConfigTests-WithObservationRegistry.xml │ │ │ │ ├── HttpCorsConfigTests-RequiresMvc.xml │ │ │ │ ├── HttpCorsConfigTests-WithCors.xml │ │ │ │ ├── HttpCorsConfigTests-WithCorsConfigurationSource.xml │ │ │ │ ├── HttpCorsConfigTests-WithCorsFilter.xml │ │ │ │ ├── HttpHeadersConfigTests-CacheControlDisabled.xml │ │ │ │ ├── HttpHeadersConfigTests-ContentSecurityPolicyWithEmptyDirectives.xml │ │ │ │ ├── HttpHeadersConfigTests-ContentSecurityPolicyWithPolicyDirectives.xml │ │ │ │ ├── HttpHeadersConfigTests-ContentSecurityPolicyWithReportOnly.xml │ │ │ │ ├── HttpHeadersConfigTests-ContentTypeOptionsDisabled.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultConfig.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCacheControl.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithContentSecurityPolicy.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithContentTypeOptions.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCrossOriginEmbedderPolicy.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCrossOriginOpenerPolicy.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCrossOriginPolicies.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCrossOriginResourcePolicy.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCustomHeader.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCustomHeaderWriter.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithCustomHstsRequestMatcher.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithEmptyHpkp.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithEmptyPins.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptions.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptionsAllowFrom.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptionsAllowFromBlankOrigin.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptionsAllowFromNoOrigin.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptionsAllowFromWhitelist.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptionsDeny.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithFrameOptionsSameOrigin.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHpkp.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHpkpDefaults.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHpkpIncludeSubdomains.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHpkpMaxAge.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHpkpReport.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHpkpReportUri.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithHsts.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithNoOverride.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithOnlyHeaderName.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithOnlyHeaderValue.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithPermissionsPolicy.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithPlaceholder.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithReferrerPolicy.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithReferrerPolicySameOrigin.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithXssProtection.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithXssProtectionHeaderValueOne.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithXssProtectionHeaderValueOneModeBlock.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsDisabledWithXssProtectionHeaderValueZero.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsSessionManagementConcurrencyControlMaxSessions.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsSessionManagementConcurrencyControlMaxSessionsRef.xml │ │ │ │ ├── HttpHeadersConfigTests-DefaultsSessionManagementConcurrencyControlWithInvalidMaxSessionsConfig.xml │ │ │ │ ├── HttpHeadersConfigTests-DisabledWithPlaceholder.xml │ │ │ │ ├── HttpHeadersConfigTests-FrameOptionsDisabled.xml │ │ │ │ ├── HttpHeadersConfigTests-FrameOptionsDisabledSpecifyingPolicy.xml │ │ │ │ ├── HttpHeadersConfigTests-HeadersDisabled.xml │ │ │ │ ├── HttpHeadersConfigTests-HeadersDisabledHavingChildElement.xml │ │ │ │ ├── HttpHeadersConfigTests-HeadersDisabledWithContentSecurityPolicy.xml │ │ │ │ ├── HttpHeadersConfigTests-HeadersEnabled.xml │ │ │ │ ├── HttpHeadersConfigTests-HpkpDisabled.xml │ │ │ │ ├── HttpHeadersConfigTests-HstsDisabled.xml │ │ │ │ ├── HttpHeadersConfigTests-HstsDisabledSpecifyingIncludeSubdomains.xml │ │ │ │ ├── HttpHeadersConfigTests-HstsDisabledSpecifyingMaxAge.xml │ │ │ │ ├── HttpHeadersConfigTests-HstsDisabledSpecifyingRequestMatcher.xml │ │ │ │ ├── HttpHeadersConfigTests-WithFrameOptions.xml │ │ │ │ ├── HttpHeadersConfigTests-XssProtectionDisabled.xml │ │ │ │ ├── HttpHeadersConfigTests-XssProtectionDisabledSpecifyingHeaderValue.xml │ │ │ │ ├── HttpInterceptUrlTests-interceptUrlWhenRequestMatcherRefThenWorks.xml │ │ │ │ ├── InterceptUrlConfigTests-AntMatcherServletPath.xml │ │ │ │ ├── InterceptUrlConfigTests-AntMatcherServletPathAuthorizationManager.xml │ │ │ │ ├── InterceptUrlConfigTests-AuthorizationManagerFilterAllDispatcherTypes.xml │ │ │ │ ├── InterceptUrlConfigTests-CamelCasePathVariables.xml │ │ │ │ ├── InterceptUrlConfigTests-CamelCasePathVariablesAuthorizationManager.xml │ │ │ │ ├── InterceptUrlConfigTests-CiRegexMatcherServletPath.xml │ │ │ │ ├── InterceptUrlConfigTests-CiRegexMatcherServletPathAuthorizationManager.xml │ │ │ │ ├── InterceptUrlConfigTests-DefaultMatcherNoIntrospectorBean.xml │ │ │ │ ├── InterceptUrlConfigTests-DefaultMatcherServletPath.xml │ │ │ │ ├── InterceptUrlConfigTests-DefaultMatcherServletPathAuthorizationManager.xml │ │ │ │ ├── InterceptUrlConfigTests-EmptyAccess.xml │ │ │ │ ├── InterceptUrlConfigTests-EmptyAccessLegacy.xml │ │ │ │ ├── InterceptUrlConfigTests-HasAnyRole.xml │ │ │ │ ├── InterceptUrlConfigTests-HasAnyRoleAuthorizationManager.xml │ │ │ │ ├── InterceptUrlConfigTests-MissingAccess.xml │ │ │ │ ├── InterceptUrlConfigTests-MissingAccessLegacy.xml │ │ │ │ ├── InterceptUrlConfigTests-MvcMatchers.xml │ │ │ │ ├── InterceptUrlConfigTests-MvcMatchersAuthorizationManager.xml │ │ │ │ ├── InterceptUrlConfigTests-MvcMatchersPathVariables.xml │ │ │ │ ├── InterceptUrlConfigTests-MvcMatchersPathVariablesAuthorizationManager.xml │ │ │ │ ├── InterceptUrlConfigTests-MvcMatchersServletPath.xml │ │ │ │ ├── InterceptUrlConfigTests-MvcMatchersServletPathAuthorizationManager.xml │ │ │ │ ├── InterceptUrlConfigTests-PatchMethod.xml │ │ │ │ ├── InterceptUrlConfigTests-PatchMethodAuthorizationManager.xml │ │ │ │ ├── InterceptUrlConfigTests-PathVariables.xml │ │ │ │ ├── InterceptUrlConfigTests-PathVariablesAuthorizationManager.xml │ │ │ │ ├── InterceptUrlConfigTests-RegexMatcherServletPath.xml │ │ │ │ ├── InterceptUrlConfigTests-RegexMatcherServletPathAuthorizationManager.xml │ │ │ │ ├── InterceptUrlConfigTests-Sec2256.xml │ │ │ │ ├── InterceptUrlConfigTests-Sec2256AuthorizationManager.xml │ │ │ │ ├── InterceptUrlConfigTests-TypeConversionPathVariables.xml │ │ │ │ ├── InterceptUrlConfigTests-TypeConversionPathVariablesAuthorizationManager.xml │ │ │ │ ├── InterceptUrlConfigTests-ValidAccess.xml │ │ │ │ ├── MiscHttpConfigTests-AnonymousCustomAttributes.xml │ │ │ │ ├── MiscHttpConfigTests-AnonymousDisabled.xml │ │ │ │ ├── MiscHttpConfigTests-AnonymousEndpoints.xml │ │ │ │ ├── MiscHttpConfigTests-AnonymousMultipleAuthorities.xml │ │ │ │ ├── MiscHttpConfigTests-AuthenticationManagerEraseCredentials.xml │ │ │ │ ├── MiscHttpConfigTests-AuthenticationManagerRefKeepCredentials.xml │ │ │ │ ├── MiscHttpConfigTests-AuthenticationManagerRefNotProviderManager.xml │ │ │ │ ├── MiscHttpConfigTests-AutoConfig.xml │ │ │ │ ├── MiscHttpConfigTests-CiRegexSecurityPattern.xml │ │ │ │ ├── MiscHttpConfigTests-CollidingFilters.xml │ │ │ │ ├── MiscHttpConfigTests-CustomAccessDecisionManager.xml │ │ │ │ ├── MiscHttpConfigTests-CustomAuthenticationDetailsSourceRef.xml │ │ │ │ ├── MiscHttpConfigTests-CustomFilters.xml │ │ │ │ ├── MiscHttpConfigTests-CustomHttpBasicEntryPointRef.xml │ │ │ │ ├── MiscHttpConfigTests-CustomRequestMatcher.xml │ │ │ │ ├── MiscHttpConfigTests-DeleteCookies.xml │ │ │ │ ├── MiscHttpConfigTests-DisableUrlRewriting-NullSecurityContextRepository.xml │ │ │ │ ├── MiscHttpConfigTests-DisableUrlRewriting.xml │ │ │ │ ├── MiscHttpConfigTests-EntryPoint.xml │ │ │ │ ├── MiscHttpConfigTests-ExplicitSave.xml │ │ │ │ ├── MiscHttpConfigTests-ExplicitSaveAndExplicitRepository.xml │ │ │ │ ├── MiscHttpConfigTests-ExpressionHandler.xml │ │ │ │ ├── MiscHttpConfigTests-HttpBasic.xml │ │ │ │ ├── MiscHttpConfigTests-HttpFirewall.xml │ │ │ │ ├── MiscHttpConfigTests-InterceptUrlExpressions.xml │ │ │ │ ├── MiscHttpConfigTests-InterceptUrlMethod.xml │ │ │ │ ├── MiscHttpConfigTests-InterceptUrlMethodRequiresHttps.xml │ │ │ │ ├── MiscHttpConfigTests-InterceptUrlMethodRequiresHttpsAny.xml │ │ │ │ ├── MiscHttpConfigTests-InvalidLogoutSuccessUrl.xml │ │ │ │ ├── MiscHttpConfigTests-Jaas.xml │ │ │ │ ├── MiscHttpConfigTests-JeeFilter.xml │ │ │ │ ├── MiscHttpConfigTests-JeeFilterWithSecurityContextHolderStrategy.xml │ │ │ │ ├── MiscHttpConfigTests-LogoutSuccessHandlerRef.xml │ │ │ │ ├── MiscHttpConfigTests-MinimalConfiguration.xml │ │ │ │ ├── MiscHttpConfigTests-MissingUserDetailsService.xml │ │ │ │ ├── MiscHttpConfigTests-NoAuthProviders.xml │ │ │ │ ├── MiscHttpConfigTests-NoInternalAuthenticationProviders.xml │ │ │ │ ├── MiscHttpConfigTests-NoSecurityForPattern.xml │ │ │ │ ├── MiscHttpConfigTests-OncePerRequest.xml │ │ │ │ ├── MiscHttpConfigTests-OncePerRequestTrue.xml │ │ │ │ ├── MiscHttpConfigTests-PortsMappedInterceptUrlMethodRequiresAny.xml │ │ │ │ ├── MiscHttpConfigTests-PortsMappedRequiresHttps.xml │ │ │ │ ├── MiscHttpConfigTests-ProtectedLoginPage.xml │ │ │ │ ├── MiscHttpConfigTests-ProtectedLoginPageAuthorizationManager.xml │ │ │ │ ├── MiscHttpConfigTests-RedirectToHttpsRequiresHttpsAny.xml │ │ │ │ ├── MiscHttpConfigTests-RegexSecurityPattern.xml │ │ │ │ ├── MiscHttpConfigTests-RequestCache.xml │ │ │ │ ├── MiscHttpConfigTests-RequestRejectedHandler.xml │ │ │ │ ├── MiscHttpConfigTests-Sec750.xml │ │ │ │ ├── MiscHttpConfigTests-Sec934.xml │ │ │ │ ├── MiscHttpConfigTests-SecurityContextRepository.xml │ │ │ │ ├── MiscHttpConfigTests-WithSecurityContextHolderStrategy.xml │ │ │ │ ├── MiscHttpConfigTests-X509.xml │ │ │ │ ├── MiscHttpConfigTests-X509PrincipalExtractorRef.xml │ │ │ │ ├── MiscHttpConfigTests-X509PrincipalExtractorRefAndSubjectPrincipalRegex.xml │ │ │ │ ├── MiscHttpConfigTests-X509WithSecurityContextHolderStrategy.xml │ │ │ │ ├── MiscHttpConfigTests-certificate.pem │ │ │ │ ├── MiscHttpConfigTests-controllers.xml │ │ │ │ ├── MultiHttpBlockConfigTests-DistinctHttpElements.xml │ │ │ │ ├── MultiHttpBlockConfigTests-IdenticalHttpElements.xml │ │ │ │ ├── MultiHttpBlockConfigTests-IdenticallyPatternedHttpElements.xml │ │ │ │ ├── MultiHttpBlockConfigTests-Sec1937.xml │ │ │ │ ├── OAuth2AuthorizedClientManagerRegistrarTests-clients.xml │ │ │ │ ├── OAuth2AuthorizedClientManagerRegistrarTests-minimal.xml │ │ │ │ ├── OAuth2AuthorizedClientManagerRegistrarTests-providers.xml │ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests-AuthorizedClientArgumentResolver.xml │ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests-CustomAuthorizationRedirectStrategy.xml │ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests-CustomAuthorizedClientService.xml │ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests-CustomClientRegistrationRepository.xml │ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests-CustomConfiguration.xml │ │ │ │ ├── OAuth2ClientBeanDefinitionParserTests-Minimal.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-AuthorizedClientArgumentResolver.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-MultiClientRegistration-WithCustomConfiguration.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-MultiClientRegistration-WithCustomGrantedAuthorities.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-MultiClientRegistration-WithCustomLoginProcessingUrl.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-MultiClientRegistration.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithCustomAuthenticationFailureHandler.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithCustomAuthorizationRedirectStrategy.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithCustomAuthorizationRequestResolver.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithCustomLoginPage.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithFormLogin.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithJwtDecoderFactory.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration-WithJwtDecoderFactoryAndDefaultSuccessHandler.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-SingleClientRegistration.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-WithCustomAuthorizedClientRepository.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-WithCustomAuthorizedClientService.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-WithCustomClientRegistrationRepository.xml │ │ │ │ ├── OAuth2LoginBeanDefinitionParserTests-WithCustomSecurityContextHolderStrategy.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AccessDeniedHandler.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Active.json │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-ActiveNoScopes.json │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AllowBearerTokenInBody.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AllowBearerTokenInQuery.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AlwaysSessionCreation.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AuthenticationConverter.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AuthenticationConverterAndBearerTokenResolver.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AuthenticationEntryPoint.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AuthenticationManagerResolver.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-AuthenticationManagerResolverPlusOtherConfig.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-BasicAndResourceServer.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-BearerTokenResolver.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Default.jwks │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Empty.jwks │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Expired.token │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-ExpiredJwtClockSkew.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-ExpiresAt4687177990.token │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-FormAndResourceServer.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Inactive.json │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-IntrospectionUri.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-JwkSetUri.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Jwt.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-JwtAuthenticationConverter.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-JwtCustomSecurityContextHolderStrategy.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-JwtDecoderAndJwkSetUri.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-JwtHalfConfigured.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-JwtRestOperations.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Jwtless.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Kid.token │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MalformedPayload.token │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockAuthenticationConverter.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockBearerTokenResolver.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockJwkSetUri.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockJwtAuthenticationConverter.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockJwtDecoder.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockJwtValidator.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MockOpaqueTokenIntrospector.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-MultipleIssuers.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-OpaqueToken.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-OpaqueTokenAndAuthenticationConverter.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-OpaqueTokenAndIntrospectionUri.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-OpaqueTokenHalfConfigured.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-OpaqueTokenRestOperations.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-SingleKey.pub │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-SingleKey.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-TooEarly.token │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-TwoKeys.jwks │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-UnexpiredJwtClockSkew.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-Unsigned.token │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-ValidMessageReadScope.token │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-ValidMessageWriteScp.token │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-ValidNoScopes.token │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-WebServer.xml │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-WrongAlgorithm.token │ │ │ │ ├── OAuth2ResourceServerBeanDefinitionParserTests-WrongSignature.token │ │ │ │ ├── PlaceHolderAndELConfigTests-AccessDeniedPage.xml │ │ │ │ ├── PlaceHolderAndELConfigTests-AccessDeniedPageWithSpEL.xml │ │ │ │ ├── PlaceHolderAndELConfigTests-InterceptUrlAndFormLogin.xml │ │ │ │ ├── PlaceHolderAndELConfigTests-InterceptUrlAndFormLoginWithSpEL.xml │ │ │ │ ├── PlaceHolderAndELConfigTests-PortMapping.xml │ │ │ │ ├── PlaceHolderAndELConfigTests-RequiresChannel.xml │ │ │ │ ├── PlaceHolderAndELConfigTests-UnsecuredPattern.xml │ │ │ │ ├── RememberMeConfigTests-DefaultConfig.xml │ │ │ │ ├── RememberMeConfigTests-NegativeTokenValidity.xml │ │ │ │ ├── RememberMeConfigTests-NegativeTokenValidityWithDataSource.xml │ │ │ │ ├── RememberMeConfigTests-NegativeTokenValidityWithPersistentRepository.xml │ │ │ │ ├── RememberMeConfigTests-Sec1827.xml │ │ │ │ ├── RememberMeConfigTests-Sec2165.xml │ │ │ │ ├── RememberMeConfigTests-Sec742.xml │ │ │ │ ├── RememberMeConfigTests-SecureCookie.xml │ │ │ │ ├── RememberMeConfigTests-TokenValidity.xml │ │ │ │ ├── RememberMeConfigTests-WithAuthenticationSuccessHandler.xml │ │ │ │ ├── RememberMeConfigTests-WithDataSource.xml │ │ │ │ ├── RememberMeConfigTests-WithRememberMeCookie.xml │ │ │ │ ├── RememberMeConfigTests-WithRememberMeCookieAndServicesRef.xml │ │ │ │ ├── RememberMeConfigTests-WithRememberMeParameter.xml │ │ │ │ ├── RememberMeConfigTests-WithRememberMeParameterAndServicesRef.xml │ │ │ │ ├── RememberMeConfigTests-WithSecurityContextHolderStrategy.xml │ │ │ │ ├── RememberMeConfigTests-WithServicesRef.xml │ │ │ │ ├── RememberMeConfigTests-WithTokenRepository.xml │ │ │ │ ├── RememberMeConfigTests-WithUserDetailsService.xml │ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-MultiRelyingPartyRegistration.xml │ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-SingleRelyingPartyRegistration-WithCustomAuthenticationFailureHandler.xml │ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-SingleRelyingPartyRegistration.xml │ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomLoginProcessingUrl-WithCustomAuthenticationConverter.xml │ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomLoginProcessingUrl.xml │ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomRelyingPartyRepository-WithCustomAuthenticationConverter.xml │ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomRelyingPartyRepository-WithCustomAuthenticationManager.xml │ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomRelyingPartyRepository-WithCustomAuthenticationRequestResolver.xml │ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomRelyingPartyRepository-WithCustomAuthnRequestRepository.xml │ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomRelyingPartyRepository.xml │ │ │ │ ├── Saml2LoginBeanDefinitionParserTests-WithCustomSecurityContextHolderStrategy.xml │ │ │ │ ├── Saml2LogoutBeanDefinitionParserTests-CsrfDisabled-MockLogoutSuccessHandler.xml │ │ │ │ ├── Saml2LogoutBeanDefinitionParserTests-CustomComponents.xml │ │ │ │ ├── Saml2LogoutBeanDefinitionParserTests-Default.xml │ │ │ │ ├── Saml2LogoutBeanDefinitionParserTests-LogoutSuccessHandler.xml │ │ │ │ ├── Saml2LogoutBeanDefinitionParserTests-WithSecurityContextHolderStrategy.xml │ │ │ │ ├── SecurityContextHolderAwareRequestConfigTests-FormLogin.xml │ │ │ │ ├── SecurityContextHolderAwareRequestConfigTests-HttpBasic.xml │ │ │ │ ├── SecurityContextHolderAwareRequestConfigTests-Logout.xml │ │ │ │ ├── SecurityContextHolderAwareRequestConfigTests-MultiHttp.xml │ │ │ │ ├── SecurityContextHolderAwareRequestConfigTests-Simple.xml │ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlCustomLogoutHandler.xml │ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlExpiredUrl.xml │ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlLogoutAndRememberMeHandlers.xml │ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlMaxSessions.xml │ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlMaxSessionsPlaceHolder.xml │ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlRememberMeHandler.xml │ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlSessionRegistryAlias.xml │ │ │ │ ├── SessionManagementConfigTests-ConcurrencyControlSessionRegistryRef.xml │ │ │ │ ├── SessionManagementConfigTests-CreateSessionAlways.xml │ │ │ │ ├── SessionManagementConfigTests-CreateSessionIfRequired.xml │ │ │ │ ├── SessionManagementConfigTests-CreateSessionNever.xml │ │ │ │ ├── SessionManagementConfigTests-CreateSessionStateless.xml │ │ │ │ ├── SessionManagementConfigTests-NoSessionManagementFilter.xml │ │ │ │ ├── SessionManagementConfigTests-Sec1208.xml │ │ │ │ ├── SessionManagementConfigTests-Sec2137.xml │ │ │ │ ├── SessionManagementConfigTests-SessionAuthenticationStrategyRef.xml │ │ │ │ ├── SessionManagementConfigTests-SessionFixationProtectionMigrateSession.xml │ │ │ │ ├── SessionManagementConfigTests-SessionFixationProtectionNone.xml │ │ │ │ ├── SessionManagementConfigTests-SessionFixationProtectionNoneWithInvalidSessionUrl.xml │ │ │ │ ├── SessionManagementConfigTransientAuthenticationTests-CreateSessionAlwaysWithTransientAuthentication.xml │ │ │ │ ├── SessionManagementConfigTransientAuthenticationTests-WithTransientAuthentication.xml │ │ │ │ ├── WellKnownChangePasswordBeanDefinitionParserTests-CustomChangePasswordPage.xml │ │ │ │ ├── WellKnownChangePasswordBeanDefinitionParserTests-DefaultChangePasswordPage.xml │ │ │ │ ├── jaas-login.conf │ │ │ │ ├── key.pem │ │ │ │ └── userservice.xml │ │ │ ├── method/ │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-AspectJMethodSecurityServiceEnabled.xml │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-BusinessService.xml │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-CustomAuthorizationManagerAfterAdvice.xml │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-CustomAuthorizationManagerBeforeAdvice.xml │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-CustomGrantedAuthorityDefaults.xml │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-CustomPermissionEvaluator.xml │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-Jsr250.xml │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-MethodSecurityService.xml │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-MethodSecurityServiceEnabled.xml │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-MethodSecurityServiceEnabledCustomSecurityContextHolderStrategy.xml │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-ProtectPointcut.xml │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-ProtectPointcutBoolean.xml │ │ │ │ ├── MethodSecurityBeanDefinitionParserTests-Secured.xml │ │ │ │ ├── PreAuthorizeTests-context.xml │ │ │ │ ├── SecuredTests-context.xml │ │ │ │ ├── sec2136/ │ │ │ │ │ └── sec2136.xml │ │ │ │ └── sec2499/ │ │ │ │ ├── child.xml │ │ │ │ └── parent.xml │ │ │ ├── method-security.xml │ │ │ ├── oauth2/ │ │ │ │ └── client/ │ │ │ │ ├── ClientRegistrationsBeanDefinitionParserTests-ClientPlaceholders.xml │ │ │ │ ├── ClientRegistrationsBeanDefinitionParserTests-MultiClientRegistration.xml │ │ │ │ ├── google-github-registration.xml │ │ │ │ └── google-registration.xml │ │ │ ├── saml2/ │ │ │ │ ├── RelyingPartyRegistrationsBeanDefinitionParserTests-MultiRegistration.xml │ │ │ │ ├── RelyingPartyRegistrationsBeanDefinitionParserTests-PlaceholderRegistration.xml │ │ │ │ ├── RelyingPartyRegistrationsBeanDefinitionParserTests-RelayStateResolver.xml │ │ │ │ ├── RelyingPartyRegistrationsBeanDefinitionParserTests-SingleRegistration.xml │ │ │ │ ├── google-custom-registration.xml │ │ │ │ ├── google-registration.xml │ │ │ │ ├── idp-certificate.crt │ │ │ │ ├── logout-registrations.xml │ │ │ │ ├── rp-certificate.crt │ │ │ │ └── rp-private.key │ │ │ ├── users.properties │ │ │ ├── web/ │ │ │ │ └── server/ │ │ │ │ └── OAuth2ResourceServerSpecTests-simple.pub │ │ │ └── websocket/ │ │ │ ├── WebSocketMessageBrokerConfigTests-ConnectAckInterceptTypeConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-ConnectInterceptTypeConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-CustomAuthorizationManagerConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-CustomCsrfInterceptor.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-CustomExpressionHandlerAuthorizationManager.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-CustomExpressionHandlerConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-CustomInterceptorConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-CustomPathMatcherAuthorizationManager.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-CustomPathMatcherConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-DisconnectAckInterceptTypeConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-DisconnectInterceptTypeConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-HeartbeatInterceptTypeConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-IdConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-IdIntegratedConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-MessageInterceptTypeAuthorizationManager.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-MessageInterceptTypeConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-NoIdAuthorizationManager.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-NoIdConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-OtherInterceptTypeConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-SubscribeInterceptTypeAuthorizationManager.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-SubscribeInterceptTypeConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-SubscribeInterceptTypePathPattern.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-SubscribeInterceptTypePathPatternParser.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-SyncConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-SyncCustomArgumentResolverConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-SyncSameOriginDisabledConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-SyncSockJsConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-UnsubscribeInterceptTypeConfig.xml │ │ │ ├── WebSocketMessageBrokerConfigTests-WithSecurityContextHolderStrategy.xml │ │ │ ├── controllers.xml │ │ │ ├── sync.xml │ │ │ ├── websocket-sockjs.xml │ │ │ └── websocket.xml │ │ └── util/ │ │ └── filtertest-valid.xml │ ├── resources/ │ │ └── file.js │ ├── rod.cer │ ├── rodatexampledotcom.cer │ ├── serialized/ │ │ ├── 6.2.x/ │ │ │ ├── org.springframework.security.access.intercept.RunAsUserToken.serialized │ │ │ ├── org.springframework.security.authentication.RememberMeAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.UsernamePasswordAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.jaas.JaasAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.jaas.JaasGrantedAuthority.serialized │ │ │ ├── org.springframework.security.cas.authentication.CasAssertionAuthenticationToken.serialized │ │ │ ├── org.springframework.security.cas.authentication.CasAuthenticationToken.serialized │ │ │ ├── org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken.serialized │ │ │ ├── org.springframework.security.core.authority.SimpleGrantedAuthority.serialized │ │ │ ├── org.springframework.security.core.context.SecurityContextImpl.serialized │ │ │ ├── org.springframework.security.core.session.SessionInformation.serialized │ │ │ ├── org.springframework.security.core.userdetails.User$AuthorityComparator.serialized │ │ │ ├── org.springframework.security.core.userdetails.User.serialized │ │ │ ├── org.springframework.security.ldap.userdetails.InetOrgPerson.serialized │ │ │ ├── org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.serialized │ │ │ ├── org.springframework.security.ldap.userdetails.Person.serialized │ │ │ ├── org.springframework.security.oauth2.client.OAuth2AuthorizedClient.serialized │ │ │ ├── org.springframework.security.oauth2.client.OAuth2AuthorizedClientId.serialized │ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.client.registration.ClientRegistration$Builder.serialized │ │ │ ├── org.springframework.security.oauth2.client.registration.ClientRegistration.serialized │ │ │ ├── org.springframework.security.oauth2.core.AuthenticationMethod.serialized │ │ │ ├── org.springframework.security.oauth2.core.AuthorizationGrantType.serialized │ │ │ ├── org.springframework.security.oauth2.core.ClientAuthenticationMethod.serialized │ │ │ ├── org.springframework.security.oauth2.core.OAuth2AccessToken$TokenType.serialized │ │ │ ├── org.springframework.security.oauth2.core.OAuth2Error.serialized │ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange.serialized │ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.serialized │ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.serialized │ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType.serialized │ │ │ ├── org.springframework.security.oauth2.core.oidc.OidcUserInfo.serialized │ │ │ ├── org.springframework.security.oauth2.core.user.DefaultOAuth2User.serialized │ │ │ ├── org.springframework.security.oauth2.core.user.OAuth2UserAuthority.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken.serialized │ │ │ ├── org.springframework.security.provisioning.MutableUser.serialized │ │ │ ├── org.springframework.security.saml2.core.Saml2Error.serialized │ │ │ ├── org.springframework.security.web.authentication.WebAuthenticationDetails.serialized │ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken.serialized │ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.serialized │ │ │ ├── org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority.serialized │ │ │ ├── org.springframework.security.web.savedrequest.DefaultSavedRequest.serialized │ │ │ └── org.springframework.security.web.savedrequest.SavedCookie.serialized │ │ ├── 6.3.x/ │ │ │ ├── org.springframework.security.access.intercept.RunAsUserToken.serialized │ │ │ ├── org.springframework.security.authentication.RememberMeAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.UsernamePasswordAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.jaas.JaasAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.jaas.JaasGrantedAuthority.serialized │ │ │ ├── org.springframework.security.cas.authentication.CasAssertionAuthenticationToken.serialized │ │ │ ├── org.springframework.security.cas.authentication.CasAuthenticationToken.serialized │ │ │ ├── org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken.serialized │ │ │ ├── org.springframework.security.core.authority.SimpleGrantedAuthority.serialized │ │ │ ├── org.springframework.security.core.context.SecurityContextImpl.serialized │ │ │ ├── org.springframework.security.core.session.ReactiveSessionInformation.serialized │ │ │ ├── org.springframework.security.core.session.SessionInformation.serialized │ │ │ ├── org.springframework.security.core.userdetails.User$AuthorityComparator.serialized │ │ │ ├── org.springframework.security.core.userdetails.User.serialized │ │ │ ├── org.springframework.security.ldap.userdetails.InetOrgPerson.serialized │ │ │ ├── org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.serialized │ │ │ ├── org.springframework.security.ldap.userdetails.Person.serialized │ │ │ ├── org.springframework.security.oauth2.client.OAuth2AuthorizedClient.serialized │ │ │ ├── org.springframework.security.oauth2.client.OAuth2AuthorizedClientId.serialized │ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.client.registration.ClientRegistration$Builder.serialized │ │ │ ├── org.springframework.security.oauth2.client.registration.ClientRegistration.serialized │ │ │ ├── org.springframework.security.oauth2.core.AuthenticationMethod.serialized │ │ │ ├── org.springframework.security.oauth2.core.AuthorizationGrantType.serialized │ │ │ ├── org.springframework.security.oauth2.core.ClientAuthenticationMethod.serialized │ │ │ ├── org.springframework.security.oauth2.core.OAuth2AccessToken$TokenType.serialized │ │ │ ├── org.springframework.security.oauth2.core.OAuth2Error.serialized │ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange.serialized │ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.serialized │ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.serialized │ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType.serialized │ │ │ ├── org.springframework.security.oauth2.core.oidc.OidcUserInfo.serialized │ │ │ ├── org.springframework.security.oauth2.core.user.DefaultOAuth2User.serialized │ │ │ ├── org.springframework.security.oauth2.core.user.OAuth2UserAuthority.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken.serialized │ │ │ ├── org.springframework.security.provisioning.MutableUser.serialized │ │ │ ├── org.springframework.security.saml2.core.Saml2Error.serialized │ │ │ ├── org.springframework.security.web.authentication.WebAuthenticationDetails.serialized │ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken.serialized │ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.serialized │ │ │ ├── org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority.serialized │ │ │ ├── org.springframework.security.web.savedrequest.DefaultSavedRequest.serialized │ │ │ └── org.springframework.security.web.savedrequest.SavedCookie.serialized │ │ ├── 6.4.x/ │ │ │ ├── org.springframework.security.access.AccessDeniedException.serialized │ │ │ ├── org.springframework.security.access.AuthorizationServiceException.serialized │ │ │ ├── org.springframework.security.access.SecurityConfig.serialized │ │ │ ├── org.springframework.security.access.hierarchicalroles.CycleInRoleHierarchyException.serialized │ │ │ ├── org.springframework.security.access.intercept.RunAsUserToken.serialized │ │ │ ├── org.springframework.security.authentication.AccountExpiredException.serialized │ │ │ ├── org.springframework.security.authentication.AnonymousAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.AuthenticationCredentialsNotFoundException.serialized │ │ │ ├── org.springframework.security.authentication.AuthenticationServiceException.serialized │ │ │ ├── org.springframework.security.authentication.BadCredentialsException.serialized │ │ │ ├── org.springframework.security.authentication.CredentialsExpiredException.serialized │ │ │ ├── org.springframework.security.authentication.DisabledException.serialized │ │ │ ├── org.springframework.security.authentication.InsufficientAuthenticationException.serialized │ │ │ ├── org.springframework.security.authentication.InternalAuthenticationServiceException.serialized │ │ │ ├── org.springframework.security.authentication.LockedException.serialized │ │ │ ├── org.springframework.security.authentication.ProviderNotFoundException.serialized │ │ │ ├── org.springframework.security.authentication.RememberMeAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.TestingAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.UsernamePasswordAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureCredentialsExpiredEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureExpiredEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureLockedEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureServiceExceptionEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationSuccessEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.LogoutSuccessEvent.serialized │ │ │ ├── org.springframework.security.authentication.jaas.JaasAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.jaas.JaasGrantedAuthority.serialized │ │ │ ├── org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent.serialized │ │ │ ├── org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent.serialized │ │ │ ├── org.springframework.security.authentication.ott.InvalidOneTimeTokenException.serialized │ │ │ ├── org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.password.CompromisedPasswordException.serialized │ │ │ ├── org.springframework.security.authorization.AuthorityAuthorizationDecision.serialized │ │ │ ├── org.springframework.security.authorization.AuthorizationDecision.serialized │ │ │ ├── org.springframework.security.authorization.AuthorizationDeniedException.serialized │ │ │ ├── org.springframework.security.authorization.event.AuthorizationEvent.serialized │ │ │ ├── org.springframework.security.authorization.event.AuthorizationGrantedEvent.serialized │ │ │ ├── org.springframework.security.cas.authentication.CasAssertionAuthenticationToken.serialized │ │ │ ├── org.springframework.security.cas.authentication.CasAuthenticationToken.serialized │ │ │ ├── org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken.serialized │ │ │ ├── org.springframework.security.config.annotation.AlreadyBuiltException.serialized │ │ │ ├── org.springframework.security.core.authority.SimpleGrantedAuthority.serialized │ │ │ ├── org.springframework.security.core.context.SecurityContextImpl.serialized │ │ │ ├── org.springframework.security.core.context.TransientSecurityContext.serialized │ │ │ ├── org.springframework.security.core.session.AbstractSessionEvent.serialized │ │ │ ├── org.springframework.security.core.session.ReactiveSessionInformation.serialized │ │ │ ├── org.springframework.security.core.session.SessionInformation.serialized │ │ │ ├── org.springframework.security.core.userdetails.User$AuthorityComparator.serialized │ │ │ ├── org.springframework.security.core.userdetails.User.serialized │ │ │ ├── org.springframework.security.core.userdetails.UsernameNotFoundException.serialized │ │ │ ├── org.springframework.security.ldap.ppolicy.PasswordPolicyControl.serialized │ │ │ ├── org.springframework.security.ldap.ppolicy.PasswordPolicyException.serialized │ │ │ ├── org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl.serialized │ │ │ ├── org.springframework.security.ldap.userdetails.InetOrgPerson.serialized │ │ │ ├── org.springframework.security.ldap.userdetails.LdapAuthority.serialized │ │ │ ├── org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.serialized │ │ │ ├── org.springframework.security.ldap.userdetails.Person.serialized │ │ │ ├── org.springframework.security.oauth2.client.ClientAuthorizationException.serialized │ │ │ ├── org.springframework.security.oauth2.client.ClientAuthorizationRequiredException.serialized │ │ │ ├── org.springframework.security.oauth2.client.OAuth2AuthorizedClient.serialized │ │ │ ├── org.springframework.security.oauth2.client.OAuth2AuthorizedClientId.serialized │ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.serialized │ │ │ ├── org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation.serialized │ │ │ ├── org.springframework.security.oauth2.client.registration.ClientRegistration$Builder.serialized │ │ │ ├── org.springframework.security.oauth2.client.registration.ClientRegistration.serialized │ │ │ ├── org.springframework.security.oauth2.core.AuthenticationMethod.serialized │ │ │ ├── org.springframework.security.oauth2.core.AuthorizationGrantType.serialized │ │ │ ├── org.springframework.security.oauth2.core.ClientAuthenticationMethod.serialized │ │ │ ├── org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal.serialized │ │ │ ├── org.springframework.security.oauth2.core.OAuth2AccessToken$TokenType.serialized │ │ │ ├── org.springframework.security.oauth2.core.OAuth2AccessToken.serialized │ │ │ ├── org.springframework.security.oauth2.core.OAuth2AuthenticationException.serialized │ │ │ ├── org.springframework.security.oauth2.core.OAuth2AuthorizationException.serialized │ │ │ ├── org.springframework.security.oauth2.core.OAuth2DeviceCode.serialized │ │ │ ├── org.springframework.security.oauth2.core.OAuth2Error.serialized │ │ │ ├── org.springframework.security.oauth2.core.OAuth2RefreshToken.serialized │ │ │ ├── org.springframework.security.oauth2.core.OAuth2UserCode.serialized │ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange.serialized │ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.serialized │ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.serialized │ │ │ ├── org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType.serialized │ │ │ ├── org.springframework.security.oauth2.core.oidc.OidcIdToken.serialized │ │ │ ├── org.springframework.security.oauth2.core.oidc.OidcUserInfo.serialized │ │ │ ├── org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser.serialized │ │ │ ├── org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority.serialized │ │ │ ├── org.springframework.security.oauth2.core.user.DefaultOAuth2User.serialized │ │ │ ├── org.springframework.security.oauth2.core.user.OAuth2UserAuthority.serialized │ │ │ ├── org.springframework.security.oauth2.jwt.BadJwtException.serialized │ │ │ ├── org.springframework.security.oauth2.jwt.Jwt.serialized │ │ │ ├── org.springframework.security.oauth2.jwt.JwtDecoderInitializationException.serialized │ │ │ ├── org.springframework.security.oauth2.jwt.JwtEncodingException.serialized │ │ │ ├── org.springframework.security.oauth2.jwt.JwtException.serialized │ │ │ ├── org.springframework.security.oauth2.jwt.JwtValidationException.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.BearerTokenError.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.InvalidBearerTokenException.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal.serialized │ │ │ ├── org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException.serialized │ │ │ ├── org.springframework.security.provisioning.MutableUser.serialized │ │ │ ├── org.springframework.security.saml2.Saml2Exception.serialized │ │ │ ├── org.springframework.security.saml2.core.Saml2Error.serialized │ │ │ ├── org.springframework.security.saml2.core.Saml2X509Credential.serialized │ │ │ ├── org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal.serialized │ │ │ ├── org.springframework.security.saml2.provider.service.authentication.Saml2Authentication.serialized │ │ │ ├── org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException.serialized │ │ │ ├── org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.serialized │ │ │ ├── org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest.serialized │ │ │ ├── org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.serialized │ │ │ ├── org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.serialized │ │ │ ├── org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.serialized │ │ │ ├── org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails.serialized │ │ │ ├── org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.serialized │ │ │ ├── org.springframework.security.web.authentication.WebAuthenticationDetails.serialized │ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken.serialized │ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException.serialized │ │ │ ├── org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.serialized │ │ │ ├── org.springframework.security.web.authentication.rememberme.CookieTheftException.serialized │ │ │ ├── org.springframework.security.web.authentication.rememberme.InvalidCookieException.serialized │ │ │ ├── org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException.serialized │ │ │ ├── org.springframework.security.web.authentication.session.SessionAuthenticationException.serialized │ │ │ ├── org.springframework.security.web.authentication.session.SessionFixationProtectionEvent.serialized │ │ │ ├── org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent.serialized │ │ │ ├── org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority.serialized │ │ │ ├── org.springframework.security.web.authentication.www.NonceExpiredException.serialized │ │ │ ├── org.springframework.security.web.csrf.CsrfException.serialized │ │ │ ├── org.springframework.security.web.csrf.DefaultCsrfToken.serialized │ │ │ ├── org.springframework.security.web.csrf.InvalidCsrfTokenException.serialized │ │ │ ├── org.springframework.security.web.csrf.MissingCsrfTokenException.serialized │ │ │ ├── org.springframework.security.web.firewall.RequestRejectedException.serialized │ │ │ ├── org.springframework.security.web.savedrequest.DefaultSavedRequest.serialized │ │ │ ├── org.springframework.security.web.savedrequest.SavedCookie.serialized │ │ │ ├── org.springframework.security.web.savedrequest.SimpleSavedRequest.serialized │ │ │ ├── org.springframework.security.web.server.csrf.CsrfException.serialized │ │ │ ├── org.springframework.security.web.server.csrf.DefaultCsrfToken.serialized │ │ │ ├── org.springframework.security.web.server.firewall.ServerExchangeRejectedException.serialized │ │ │ ├── org.springframework.security.web.session.HttpSessionCreatedEvent.serialized │ │ │ ├── org.springframework.security.web.session.HttpSessionIdChangedEvent.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.AuthenticatorAttachment.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.AuthenticatorTransport.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.Bytes.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput$CredProtect.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.CredentialPropertiesOutput$ExtensionOutput.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.CredentialPropertiesOutput.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInputs.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientOutputs.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.PublicKeyCredential.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.PublicKeyCredentialType.serialized │ │ │ ├── org.springframework.security.web.webauthn.api.UserVerificationRequirement.serialized │ │ │ ├── org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication.serialized │ │ │ ├── org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken.serialized │ │ │ └── org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest.serialized │ │ ├── 6.5.x/ │ │ │ ├── org.springframework.security.access.AccessDeniedException.serialized │ │ │ ├── org.springframework.security.access.AuthorizationServiceException.serialized │ │ │ ├── org.springframework.security.access.SecurityConfig.serialized │ │ │ ├── org.springframework.security.access.hierarchicalroles.CycleInRoleHierarchyException.serialized │ │ │ ├── org.springframework.security.access.intercept.RunAsUserToken.serialized │ │ │ ├── org.springframework.security.authentication.AccountExpiredException.serialized │ │ │ ├── org.springframework.security.authentication.AnonymousAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.AuthenticationCredentialsNotFoundException.serialized │ │ │ ├── org.springframework.security.authentication.AuthenticationServiceException.serialized │ │ │ ├── org.springframework.security.authentication.BadCredentialsException.serialized │ │ │ ├── org.springframework.security.authentication.CredentialsExpiredException.serialized │ │ │ ├── org.springframework.security.authentication.DisabledException.serialized │ │ │ ├── org.springframework.security.authentication.InsufficientAuthenticationException.serialized │ │ │ ├── org.springframework.security.authentication.InternalAuthenticationServiceException.serialized │ │ │ ├── org.springframework.security.authentication.LockedException.serialized │ │ │ ├── org.springframework.security.authentication.ProviderNotFoundException.serialized │ │ │ ├── org.springframework.security.authentication.RememberMeAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.TestingAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.UsernamePasswordAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureCredentialsExpiredEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureExpiredEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureLockedEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationFailureServiceExceptionEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.AuthenticationSuccessEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent.serialized │ │ │ ├── org.springframework.security.authentication.event.LogoutSuccessEvent.serialized │ │ │ ├── org.springframework.security.authentication.jaas.JaasAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.jaas.JaasGrantedAuthority.serialized │ │ │ ├── org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent.serialized │ │ │ ├── org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent.serialized │ │ │ ├── org.springframework.security.authentication.ott.DefaultOneTimeToken.serialized │ │ │ ├── org.springframework.security.authentication.ott.InvalidOneTimeTokenException.serialized │ │ │ ├── org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.serialized │ │ │ ├── org.springframework.security.authentication.password.Compromised
Showing preview only (4,010K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (41546 symbols across 4085 files)
FILE: access/src/main/java/org/springframework/security/access/AccessDecisionManager.java
type AccessDecisionManager (line 31) | @Deprecated
method decide (line 45) | void decide(Authentication authentication, Object object, Collection<C...
method supports (line 62) | boolean supports(ConfigAttribute attribute);
method supports (line 70) | boolean supports(Class<?> clazz);
FILE: access/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
type AccessDecisionVoter (line 34) | @Deprecated
method supports (line 55) | boolean supports(ConfigAttribute attribute);
method supports (line 63) | boolean supports(Class<?> clazz);
method vote (line 92) | int vote(Authentication authentication, S object, Collection<ConfigAtt...
FILE: access/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
type AfterInvocationProvider (line 34) | @Deprecated
method decide (line 37) | Object decide(Authentication authentication, Object object, Collection...
method supports (line 54) | boolean supports(ConfigAttribute attribute);
method supports (line 62) | boolean supports(Class<?> clazz);
FILE: access/src/main/java/org/springframework/security/access/ConfigAttribute.java
type ConfigAttribute (line 49) | @Deprecated
method getAttribute (line 69) | String getAttribute();
FILE: access/src/main/java/org/springframework/security/access/SecurityConfig.java
class SecurityConfig (line 39) | @Deprecated
method SecurityConfig (line 47) | public SecurityConfig(String config) {
method equals (line 52) | @Override
method getAttribute (line 60) | @Override
method hashCode (line 65) | @Override
method toString (line 70) | @Override
method createListFromCommaDelimitedString (line 75) | public static List<ConfigAttribute> createListFromCommaDelimitedString...
method createList (line 79) | public static List<ConfigAttribute> createList(String... attributeName...
FILE: access/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
type SecurityMetadataSource (line 38) | @Deprecated
method getAttributes (line 49) | Collection<ConfigAttribute> getAttributes(Object object) throws Illega...
method getAllConfigAttributes (line 59) | Collection<ConfigAttribute> getAllConfigAttributes();
method supports (line 67) | boolean supports(Class<?> clazz);
FILE: access/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
type AnnotationMetadataExtractor (line 35) | @Deprecated
method extractAttributes (line 38) | Collection<? extends ConfigAttribute> extractAttributes(A securityAnno...
FILE: access/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
class Jsr250MethodSecurityMetadataSource (line 45) | @NullUnmarked
method setDefaultRolePrefix (line 63) | public void setDefaultRolePrefix(String defaultRolePrefix) {
method findAttributes (line 67) | @Override
method findAttributes (line 72) | @Override
method getAllConfigAttributes (line 77) | @Override
method processAnnotations (line 82) | private @Nullable List<ConfigAttribute> processAnnotations(Annotation ...
method getRoleWithDefaultPrefix (line 108) | private String getRoleWithDefaultPrefix(String role) {
FILE: access/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
class Jsr250SecurityConfig (line 32) | @Deprecated
method Jsr250SecurityConfig (line 40) | public Jsr250SecurityConfig(String role) {
FILE: access/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
class Jsr250Voter (line 35) | @Deprecated
method supports (line 44) | @Override
method supports (line 54) | @Override
method vote (line 69) | @Override
FILE: access/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
class SecuredAnnotationSecurityMetadataSource (line 47) | @NullUnmarked
method SecuredAnnotationSecurityMetadataSource (line 56) | public SecuredAnnotationSecurityMetadataSource() {
method SecuredAnnotationSecurityMetadataSource (line 60) | public SecuredAnnotationSecurityMetadataSource(AnnotationMetadataExtra...
method findAttributes (line 69) | @Override
method findAttributes (line 74) | @Override
method getAllConfigAttributes (line 79) | @Override
method processAnnotation (line 84) | private @Nullable Collection<ConfigAttribute> processAnnotation(@Nulla...
class SecuredAnnotationMetadataExtractor (line 88) | static class SecuredAnnotationMetadataExtractor implements AnnotationM...
method extractAttributes (line 90) | @Override
FILE: access/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
class AbstractAuthorizationEvent (line 29) | @Deprecated
method AbstractAuthorizationEvent (line 36) | public AbstractAuthorizationEvent(Object secureObject) {
FILE: access/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
class AuthenticationCredentialsNotFoundEvent (line 34) | @Deprecated
method AuthenticationCredentialsNotFoundEvent (line 50) | public AuthenticationCredentialsNotFoundEvent(Object secureObject, Col...
method getConfigAttributes (line 59) | public Collection<ConfigAttribute> getConfigAttributes() {
method getCredentialsNotFoundException (line 63) | public AuthenticationCredentialsNotFoundException getCredentialsNotFou...
FILE: access/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
class AuthorizationFailureEvent (line 41) | @Deprecated
method AuthorizationFailureEvent (line 60) | public AuthorizationFailureEvent(Object secureObject, Collection<Confi...
method getAccessDeniedException (line 70) | public AccessDeniedException getAccessDeniedException() {
method getAuthentication (line 74) | public Authentication getAuthentication() {
method getConfigAttributes (line 78) | public Collection<ConfigAttribute> getConfigAttributes() {
FILE: access/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
class AuthorizedEvent (line 36) | @Deprecated
method AuthorizedEvent (line 51) | public AuthorizedEvent(Object secureObject, Collection<ConfigAttribute...
method getAuthentication (line 58) | public Authentication getAuthentication() {
method getConfigAttributes (line 62) | public Collection<ConfigAttribute> getConfigAttributes() {
FILE: access/src/main/java/org/springframework/security/access/event/LoggerListener.java
class LoggerListener (line 36) | @Deprecated
method onApplicationEvent (line 41) | @Override
method onAuthenticationCredentialsNotFoundEvent (line 57) | private void onAuthenticationCredentialsNotFoundEvent(AuthenticationCr...
method onPublicInvocationEvent (line 63) | private void onPublicInvocationEvent(PublicInvocationEvent event) {
method onAuthorizedEvent (line 68) | private void onAuthorizedEvent(AuthorizedEvent authEvent) {
method onAuthorizationFailureEvent (line 74) | private void onAuthorizationFailureEvent(AuthorizationFailureEvent aut...
FILE: access/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
class PublicInvocationEvent (line 36) | @Deprecated
method PublicInvocationEvent (line 44) | public PublicInvocationEvent(Object secureObject) {
FILE: access/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
class AbstractExpressionBasedMethodConfigAttribute (line 41) | @NullUnmarked
method AbstractExpressionBasedMethodConfigAttribute (line 52) | AbstractExpressionBasedMethodConfigAttribute(String filterExpression, ...
method AbstractExpressionBasedMethodConfigAttribute (line 61) | AbstractExpressionBasedMethodConfigAttribute(Expression filterExpressi...
method getFilterExpression (line 69) | Expression getFilterExpression() {
method getAuthorizeExpression (line 73) | Expression getAuthorizeExpression() {
method getAttribute (line 77) | @Override
FILE: access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
class ExpressionBasedAnnotationAttributeFactory (line 40) | @NullUnmarked
method ExpressionBasedAnnotationAttributeFactory (line 50) | public ExpressionBasedAnnotationAttributeFactory(MethodSecurityExpress...
method createPreInvocationAttribute (line 55) | @Override
method createPostInvocationAttribute (line 72) | @Override
method getParser (line 96) | private ExpressionParser getParser() {
FILE: access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
class ExpressionBasedPostInvocationAdvice (line 39) | @Deprecated
method ExpressionBasedPostInvocationAdvice (line 46) | public ExpressionBasedPostInvocationAdvice(MethodSecurityExpressionHan...
method after (line 50) | @Override
FILE: access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
class ExpressionBasedPreInvocationAdvice (line 41) | @NullUnmarked
method before (line 47) | @Override
method findFilterTarget (line 60) | private Object findFilterTarget(String filterTargetName, EvaluationCon...
method setExpressionHandler (line 84) | public void setExpressionHandler(MethodSecurityExpressionHandler expre...
FILE: access/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
class PostInvocationExpressionAttribute (line 32) | @Deprecated
method PostInvocationExpressionAttribute (line 37) | PostInvocationExpressionAttribute(String filterExpression, String auth...
method PostInvocationExpressionAttribute (line 41) | PostInvocationExpressionAttribute(@Nullable Expression filterExpressio...
method toString (line 46) | @Override
FILE: access/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
class PreInvocationExpressionAttribute (line 32) | @Deprecated
method PreInvocationExpressionAttribute (line 39) | PreInvocationExpressionAttribute(String filterExpression, String filte...
method PreInvocationExpressionAttribute (line 45) | PreInvocationExpressionAttribute(@Nullable Expression filterExpression...
method getFilterTarget (line 56) | String getFilterTarget() {
method toString (line 60) | @Override
FILE: access/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
class AbstractSecurityInterceptor (line 119) | @NullUnmarked
method afterPropertiesSet (line 149) | @Override
method validateAttributeDefs (line 178) | private void validateAttributeDefs(Collection<ConfigAttribute> attribu...
method beforeInvocation (line 196) | protected @Nullable InterceptorStatusToken beforeInvocation(Object obj...
method attemptAuthorization (line 253) | private void attemptAuthorization(Object object, Collection<ConfigAttr...
method finallyInvocation (line 278) | protected void finallyInvocation(InterceptorStatusToken token) {
method afterInvocation (line 297) | protected Object afterInvocation(InterceptorStatusToken token, @Nullab...
method authenticateIfRequired (line 324) | private Authentication authenticateIfRequired() {
method credentialsNotFound (line 352) | private void credentialsNotFound(String reason, Object secureObject, C...
method getAccessDecisionManager (line 360) | public AccessDecisionManager getAccessDecisionManager() {
method getAfterInvocationManager (line 364) | public AfterInvocationManager getAfterInvocationManager() {
method getAuthenticationManager (line 368) | public AuthenticationManager getAuthenticationManager() {
method getRunAsManager (line 372) | public RunAsManager getRunAsManager() {
method getSecureObjectClass (line 382) | public abstract Class<?> getSecureObjectClass();
method isAlwaysReauthenticate (line 384) | public boolean isAlwaysReauthenticate() {
method isRejectPublicInvocations (line 388) | public boolean isRejectPublicInvocations() {
method isValidateConfigAttributes (line 392) | public boolean isValidateConfigAttributes() {
method obtainSecurityMetadataSource (line 396) | public abstract SecurityMetadataSource obtainSecurityMetadataSource();
method setSecurityContextHolderStrategy (line 404) | public void setSecurityContextHolderStrategy(SecurityContextHolderStra...
method setAccessDecisionManager (line 409) | public void setAccessDecisionManager(AccessDecisionManager accessDecis...
method setAfterInvocationManager (line 413) | public void setAfterInvocationManager(AfterInvocationManager afterInvo...
method setAlwaysReauthenticate (line 428) | public void setAlwaysReauthenticate(boolean alwaysReauthenticate) {
method setApplicationEventPublisher (line 432) | @Override
method setAuthenticationManager (line 437) | public void setAuthenticationManager(AuthenticationManager newManager) {
method setMessageSource (line 441) | @Override
method setPublishAuthorizationSuccess (line 451) | public void setPublishAuthorizationSuccess(boolean publishAuthorizatio...
method setRejectPublicInvocations (line 469) | public void setRejectPublicInvocations(boolean rejectPublicInvocations) {
method setRunAsManager (line 473) | public void setRunAsManager(RunAsManager runAsManager) {
method setValidateConfigAttributes (line 477) | public void setValidateConfigAttributes(boolean validateConfigAttribut...
method publishEvent (line 481) | private void publishEvent(ApplicationEvent event) {
class NoOpAuthenticationManager (line 487) | private static class NoOpAuthenticationManager implements Authenticati...
method authenticate (line 489) | @Override
FILE: access/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
type AfterInvocationManager (line 49) | @Deprecated
method decide (line 68) | Object decide(Authentication authentication, Object object, Collection...
method supports (line 85) | boolean supports(ConfigAttribute attribute);
method supports (line 93) | boolean supports(Class<?> clazz);
FILE: access/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
class AfterInvocationProviderManager (line 57) | @NullUnmarked
method afterPropertiesSet (line 66) | @Override
method decide (line 71) | @Override
method getProviders (line 81) | public List<AfterInvocationProvider> getProviders() {
method setProviders (line 85) | public void setProviders(List<?> newList) {
method checkIfValidList (line 95) | private void checkIfValidList(List<?> listToCheck) {
method supports (line 99) | @Override
method supports (line 121) | @Override
FILE: access/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
class InterceptorStatusToken (line 37) | @Deprecated
method InterceptorStatusToken (line 48) | public InterceptorStatusToken(SecurityContext securityContext, boolean...
method getAttributes (line 56) | public Collection<ConfigAttribute> getAttributes() {
method getSecurityContext (line 60) | public SecurityContext getSecurityContext() {
method getSecureObject (line 64) | public Object getSecureObject() {
method isContextHolderRefreshRequired (line 68) | public boolean isContextHolderRefreshRequired() {
FILE: access/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
class MethodInvocationPrivilegeEvaluator (line 51) | @NullUnmarked
method afterPropertiesSet (line 60) | @Override
method isAllowed (line 65) | public boolean isAllowed(MethodInvocation invocation, Authentication a...
method setSecurityInterceptor (line 86) | public void setSecurityInterceptor(AbstractSecurityInterceptor securit...
FILE: access/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
class NullRunAsManager (line 36) | @NullUnmarked
method buildRunAs (line 40) | @Override
method supports (line 46) | @Override
method supports (line 51) | @Override
FILE: access/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
class RunAsImplAuthenticationProvider (line 50) | @NullUnmarked
method afterPropertiesSet (line 59) | @Override
method authenticate (line 64) | @Override
method getKey (line 74) | public String getKey() {
method setKey (line 78) | public void setKey(String key) {
method setMessageSource (line 82) | @Override
method supports (line 87) | @Override
FILE: access/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
type RunAsManager (line 64) | @Deprecated
method buildRunAs (line 78) | Authentication buildRunAs(Authentication authentication, Object object...
method supports (line 94) | boolean supports(ConfigAttribute attribute);
method supports (line 102) | boolean supports(Class<?> clazz);
FILE: access/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
class RunAsManagerImpl (line 62) | @NullUnmarked
method afterPropertiesSet (line 71) | @Override
method buildRunAs (line 77) | @Override
method getKey (line 97) | public String getKey() {
method getRolePrefix (line 101) | public String getRolePrefix() {
method setKey (line 105) | public void setKey(String key) {
method setRolePrefix (line 114) | public void setRolePrefix(String rolePrefix) {
method supports (line 118) | @Override
method supports (line 129) | @Override
FILE: access/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
class RunAsUserToken (line 34) | @Deprecated
method RunAsUserToken (line 47) | public RunAsUserToken(String key, Object principal, Object credentials,
method getCredentials (line 58) | @Override
method getKeyHash (line 63) | public int getKeyHash() {
method getOriginalAuthentication (line 67) | public Class<? extends Authentication> getOriginalAuthentication() {
method getPrincipal (line 71) | @Override
method toString (line 76) | @Override
FILE: access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
class MethodSecurityInterceptor (line 47) | @NullUnmarked
method getSecureObjectClass (line 53) | @Override
method invoke (line 65) | @Override
method getSecurityMetadataSource (line 78) | public MethodSecurityMetadataSource getSecurityMetadataSource() {
method obtainSecurityMetadataSource (line 82) | @Override
method setSecurityMetadataSource (line 87) | public void setSecurityMetadataSource(MethodSecurityMetadataSource new...
FILE: access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
class MethodSecurityMetadataSourceAdvisor (line 60) | @NullUnmarked
method MethodSecurityMetadataSourceAdvisor (line 91) | public MethodSecurityMetadataSourceAdvisor(String adviceBeanName, Meth...
method getPointcut (line 101) | @Override
method getAdvice (line 106) | @Override
method setBeanFactory (line 118) | @Override
method readObject (line 123) | private void readObject(ObjectInputStream ois) throws IOException, Cla...
class MethodSecurityMetadataSourcePointcut (line 130) | class MethodSecurityMetadataSourcePointcut extends StaticMethodMatcher...
method matches (line 132) | @Override
FILE: access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java
type AspectJCallback (line 29) | @Deprecated
method proceedWithObject (line 32) | Object proceedWithObject();
FILE: access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
class AspectJMethodSecurityInterceptor (line 40) | @Deprecated
method invoke (line 49) | public Object invoke(JoinPoint jp) throws Throwable {
method invoke (line 60) | public Object invoke(JoinPoint jp, AspectJCallback advisorProceed) {
FILE: access/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
class MethodInvocationAdapter (line 39) | @NullUnmarked
method MethodInvocationAdapter (line 49) | MethodInvocationAdapter(JoinPoint jp) {
method findMethod (line 65) | private Method findMethod(String name, Class<?> declaringType, Class<?...
method getMethod (line 82) | @Override
method getArguments (line 87) | @Override
method getStaticPart (line 92) | @Override
method getThis (line 97) | @Override
method proceed (line 102) | @Override
FILE: access/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
class AbstractFallbackMethodSecurityMetadataSource (line 53) | @Deprecated
method getAttributes (line 56) | @Override
method findAttributes (line 97) | protected abstract Collection<ConfigAttribute> findAttributes(Method m...
method findAttributes (line 110) | protected abstract Collection<ConfigAttribute> findAttributes(Class<?>...
FILE: access/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
class AbstractMethodSecurityMetadataSource (line 40) | @NullUnmarked
method getAttributes (line 46) | @Override
method supports (line 67) | @Override
FILE: access/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
class DelegatingMethodSecurityMetadataSource (line 47) | @Deprecated
method DelegatingMethodSecurityMetadataSource (line 56) | public DelegatingMethodSecurityMetadataSource(List<MethodSecurityMetad...
method getAttributes (line 61) | @Override
method getAllConfigAttributes (line 89) | @Override
method getMethodSecurityMetadataSources (line 101) | public List<MethodSecurityMetadataSource> getMethodSecurityMetadataSou...
class DefaultCacheKey (line 105) | private static class DefaultCacheKey {
method DefaultCacheKey (line 111) | DefaultCacheKey(Method method, @Nullable Class<?> targetClass) {
method equals (line 116) | @Override
method hashCode (line 123) | @Override
method toString (line 128) | @Override
FILE: access/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
class MapBasedMethodSecurityMetadataSource (line 53) | @NullUnmarked
method MapBasedMethodSecurityMetadataSource (line 71) | public MapBasedMethodSecurityMetadataSource() {
method MapBasedMethodSecurityMetadataSource (line 78) | public MapBasedMethodSecurityMetadataSource(Map<String, List<ConfigAtt...
method findAttributes (line 87) | @Override
method findAttributes (line 96) | @Override
method findAttributesSpecifiedAgainst (line 104) | private @Nullable List<ConfigAttribute> findAttributesSpecifiedAgainst...
method addSecureMethod (line 122) | private void addSecureMethod(String name, List<ConfigAttribute> attr) {
method addSecureMethod (line 140) | public void addSecureMethod(Class<?> javaType, String mappedName, List...
method registerAllMatchingMethods (line 154) | private void registerAllMatchingMethods(Class<?> javaType, List<Config...
method addSecureMethod (line 187) | public void addSecureMethod(Class<?> javaType, Method method, List<Con...
method addSecureMethod (line 202) | private void addSecureMethod(RegisteredMethod method, List<ConfigAttri...
method getAllConfigAttributes (line 213) | @Override
method isMatch (line 227) | private boolean isMatch(String methodName, String mappedName) {
method setBeanClassLoader (line 232) | @Override
method getMethodMapSize (line 241) | public int getMethodMapSize() {
class RegisteredMethod (line 254) | private static class RegisteredMethod {
method RegisteredMethod (line 260) | RegisteredMethod(Method method, Class<?> registeredJavaType) {
method equals (line 267) | @Override
method hashCode (line 278) | @Override
method toString (line 283) | @Override
FILE: access/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java
type MethodSecurityMetadataSource (line 39) | @Deprecated
method getAttributes (line 42) | Collection<ConfigAttribute> getAttributes(Method method, @Nullable Cla...
FILE: access/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
class PostInvocationAdviceProvider (line 45) | @NullUnmarked
method PostInvocationAdviceProvider (line 53) | public PostInvocationAdviceProvider(PostInvocationAuthorizationAdvice ...
method decide (line 57) | @Override
method findPostInvocationAttribute (line 68) | private @Nullable PostInvocationAttribute findPostInvocationAttribute(...
method supports (line 77) | @Override
method supports (line 82) | @Override
FILE: access/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java
type PostInvocationAttribute (line 33) | @Deprecated
FILE: access/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
type PostInvocationAuthorizationAdvice (line 34) | @Deprecated
method after (line 37) | Object after(Authentication authentication, MethodInvocation mi, PostI...
FILE: access/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java
type PreInvocationAttribute (line 33) | @Deprecated
FILE: access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
type PreInvocationAuthorizationAdvice (line 33) | @Deprecated
method before (line 46) | boolean before(Authentication authentication, MethodInvocation mi, Pre...
FILE: access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
class PreInvocationAuthorizationAdviceVoter (line 47) | @NullUnmarked
method PreInvocationAuthorizationAdviceVoter (line 55) | public PreInvocationAuthorizationAdviceVoter(PreInvocationAuthorizatio...
method supports (line 59) | @Override
method supports (line 64) | @Override
method vote (line 69) | @Override
method findPreInvocationAttribute (line 81) | private @Nullable PreInvocationAttribute findPreInvocationAttribute(Co...
FILE: access/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
class PrePostAdviceReactiveMethodInterceptor (line 59) | @NullUnmarked
method PrePostAdviceReactiveMethodInterceptor (line 82) | public PrePostAdviceReactiveMethodInterceptor(MethodSecurityMetadataSo...
method invoke (line 93) | @Override
method proceed (line 148) | @SuppressWarnings("unchecked")
method flowProceed (line 158) | private static @Nullable Object flowProceed(final MethodInvocation inv...
method findPostInvocationAttribute (line 167) | private static @Nullable PostInvocationAttribute findPostInvocationAtt...
method findPreInvocationAttribute (line 176) | private static @Nullable PreInvocationAttribute findPreInvocationAttri...
class KotlinDelegate (line 188) | private static class KotlinDelegate {
method asFlow (line 190) | private static Object asFlow(Publisher<?> publisher) {
FILE: access/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
class PrePostAnnotationSecurityMetadataSource (line 60) | @NullUnmarked
method PrePostAnnotationSecurityMetadataSource (line 66) | public PrePostAnnotationSecurityMetadataSource(PrePostInvocationAttrib...
method getAttributes (line 70) | @Override
method getAllConfigAttributes (line 104) | @Override
method findAnnotation (line 115) | private <A extends Annotation> @Nullable A findAnnotation(Method metho...
FILE: access/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java
type PrePostInvocationAttributeFactory (line 31) | @Deprecated
method createPreInvocationAttribute (line 34) | PreInvocationAttribute createPreInvocationAttribute(@Nullable String p...
method createPostInvocationAttribute (line 37) | PostInvocationAttribute createPostInvocationAttribute(@Nullable String...
FILE: access/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
class AbstractAccessDecisionManager (line 46) | @Deprecated
method AbstractAccessDecisionManager (line 58) | protected AbstractAccessDecisionManager(List<AccessDecisionVoter<?>> d...
method afterPropertiesSet (line 63) | @Override
method checkAllowIfAllAbstainDecisions (line 69) | protected final void checkAllowIfAllAbstainDecisions() {
method getDecisionVoters (line 76) | public List<AccessDecisionVoter<?>> getDecisionVoters() {
method isAllowIfAllAbstainDecisions (line 80) | public boolean isAllowIfAllAbstainDecisions() {
method setAllowIfAllAbstainDecisions (line 84) | public void setAllowIfAllAbstainDecisions(boolean allowIfAllAbstainDec...
method setMessageSource (line 88) | @Override
method supports (line 93) | @Override
method supports (line 112) | @Override
method toString (line 122) | @Override
FILE: access/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
class AbstractAclVoter (line 35) | @NullUnmarked
method getDomainObjectInstance (line 42) | protected Object getDomainObjectInstance(MethodInvocation invocation) {
method getProcessDomainObjectClass (line 54) | public Class<?> getProcessDomainObjectClass() {
method setProcessDomainObjectClass (line 58) | public void setProcessDomainObjectClass(Class<?> processDomainObjectCl...
method supports (line 70) | @Override
FILE: access/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
class AffirmativeBased (line 35) | @Deprecated
method AffirmativeBased (line 38) | public AffirmativeBased(List<AccessDecisionVoter<?>> decisionVoters) {
method decide (line 58) | @Override
FILE: access/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
class AuthenticatedVoter (line 52) | @Deprecated
method isFullyAuthenticated (line 63) | private boolean isFullyAuthenticated(Authentication authentication) {
method setAuthenticationTrustResolver (line 67) | public void setAuthenticationTrustResolver(AuthenticationTrustResolver...
method supports (line 72) | @Override
method supports (line 85) | @Override
method vote (line 90) | @Override
FILE: access/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
class ConsensusBased (line 39) | @Deprecated
method ConsensusBased (line 44) | public ConsensusBased(List<AccessDecisionVoter<?>> decisionVoters) {
method decide (line 65) | @Override
method isAllowIfEqualGrantedDeniedDecisions (line 98) | public boolean isAllowIfEqualGrantedDeniedDecisions() {
method setAllowIfEqualGrantedDeniedDecisions (line 102) | public void setAllowIfEqualGrantedDeniedDecisions(boolean allowIfEqual...
FILE: access/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
class RoleHierarchyVoter (line 39) | @NullUnmarked
method RoleHierarchyVoter (line 46) | public RoleHierarchyVoter(RoleHierarchy roleHierarchy) {
method extractAuthorities (line 54) | @Override
FILE: access/src/main/java/org/springframework/security/access/vote/RoleVoter.java
class RoleVoter (line 57) | @Deprecated
method getRolePrefix (line 63) | public String getRolePrefix() {
method setRolePrefix (line 72) | public void setRolePrefix(String rolePrefix) {
method supports (line 76) | @Override
method supports (line 87) | @Override
method vote (line 92) | @Override
method extractAuthorities (line 113) | Collection<? extends GrantedAuthority> extractAuthorities(Authenticati...
FILE: access/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
class UnanimousBased (line 36) | @Deprecated
method UnanimousBased (line 39) | public UnanimousBased(List<AccessDecisionVoter<?>> decisionVoters) {
method decide (line 62) | @Override
FILE: access/src/main/java/org/springframework/security/acls/AclEntryVoter.java
class AclEntryVoter (line 103) | @Deprecated
method AclEntryVoter (line 120) | public AclEntryVoter(AclService aclService, String processConfigAttrib...
method getInternalMethod (line 139) | protected String getInternalMethod() {
method setInternalMethod (line 143) | public void setInternalMethod(String internalMethod) {
method getProcessConfigAttribute (line 147) | protected String getProcessConfigAttribute() {
method setObjectIdentityRetrievalStrategy (line 151) | public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrieval...
method setSidRetrievalStrategy (line 156) | public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalS...
method supports (line 161) | @Override
method vote (line 166) | @Override
method invokeInternalMethod (line 223) | private Object invokeInternalMethod(Object domainObject) {
FILE: access/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java
class AbstractAclProvider (line 47) | @Deprecated
method AbstractAclProvider (line 62) | public AbstractAclProvider(AclService aclService, String processConfig...
method getProcessDomainObjectClass (line 72) | protected Class<?> getProcessDomainObjectClass() {
method hasPermission (line 76) | protected boolean hasPermission(Authentication authentication, Object ...
method setObjectIdentityRetrievalStrategy (line 93) | public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrieval...
method setProcessConfigAttribute (line 98) | protected void setProcessConfigAttribute(String processConfigAttribute) {
method setProcessDomainObjectClass (line 103) | public void setProcessDomainObjectClass(Class<?> processDomainObjectCl...
method setSidRetrievalStrategy (line 108) | public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalS...
method supports (line 113) | @Override
method supports (line 124) | @Override
FILE: access/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
class AclEntryAfterInvocationCollectionFilteringProvider (line 70) | @Deprecated
method AclEntryAfterInvocationCollectionFilteringProvider (line 75) | public AclEntryAfterInvocationCollectionFilteringProvider(AclService a...
method decide (line 80) | @Override
method getFilterer (line 114) | @SuppressWarnings({ "unchecked", "rawtypes" })
FILE: access/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
class AclEntryAfterInvocationProvider (line 68) | @Deprecated
method AclEntryAfterInvocationProvider (line 75) | public AclEntryAfterInvocationProvider(AclService aclService, List<Per...
method AclEntryAfterInvocationProvider (line 79) | public AclEntryAfterInvocationProvider(AclService aclService, String p...
method decide (line 84) | @Override
method setMessageSource (line 119) | @Override
FILE: access/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java
class ArrayFilterer (line 37) | @Deprecated
method ArrayFilterer (line 46) | ArrayFilterer(T[] list) {
method getFilteredObject (line 54) | @Override
method iterator (line 73) | @Override
method remove (line 78) | @Override
class ArrayFiltererIterator (line 86) | private class ArrayFiltererIterator implements Iterator<T> {
method hasNext (line 90) | @Override
method next (line 95) | @Override
FILE: access/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java
class CollectionFilterer (line 36) | @Deprecated
method CollectionFilterer (line 45) | CollectionFilterer(Collection<T> collection) {
method getFilteredObject (line 57) | @Override
method iterator (line 70) | @Override
method remove (line 75) | @Override
FILE: access/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java
type Filterer (line 28) | @Deprecated
method getFilteredObject (line 35) | Object getFilteredObject();
method iterator (line 41) | @Override
method remove (line 48) | void remove(T object);
FILE: access/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java
type EvaluationContextPostProcessor (line 33) | @Deprecated
method postProcess (line 44) | EvaluationContext postProcess(EvaluationContext context, I invocation);
FILE: access/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java
class ExpressionBasedMessageSecurityMetadataSourceFactory (line 42) | @Deprecated
method ExpressionBasedMessageSecurityMetadataSourceFactory (line 45) | private ExpressionBasedMessageSecurityMetadataSourceFactory() {
method createExpressionMessageMetadataSource (line 77) | public static MessageSecurityMetadataSource createExpressionMessageMet...
method createExpressionMessageMetadataSource (line 115) | public static MessageSecurityMetadataSource createExpressionMessageMet...
FILE: access/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java
class MessageExpressionConfigAttribute (line 40) | @Deprecated
method MessageExpressionConfigAttribute (line 53) | @SuppressWarnings("unchecked")
method getAuthorizeExpression (line 61) | Expression getAuthorizeExpression() {
method getAttribute (line 65) | @Override
method toString (line 70) | @Override
method postProcess (line 75) | @Override
FILE: access/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java
class MessageExpressionVoter (line 46) | @Deprecated
method vote (line 51) | @Override
method findConfigAttribute (line 65) | private @Nullable MessageExpressionConfigAttribute findConfigAttribute...
method supports (line 74) | @Override
method supports (line 79) | @Override
method setExpressionHandler (line 84) | public void setExpressionHandler(SecurityExpressionHandler<Message<T>>...
FILE: access/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java
class ChannelSecurityInterceptor (line 43) | @Deprecated
method ChannelSecurityInterceptor (line 57) | public ChannelSecurityInterceptor(MessageSecurityMetadataSource metada...
method getSecureObjectClass (line 62) | @Override
method obtainSecurityMetadataSource (line 67) | @Override
method preSend (line 72) | @Override
method postSend (line 81) | @Override
method afterSendCompletion (line 87) | @Override
method preReceive (line 93) | @Override
method postReceive (line 98) | @Override
method afterReceiveCompletion (line 103) | @Override
method clearToken (line 107) | private InterceptorStatusToken clearToken() {
FILE: access/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java
class DefaultMessageSecurityMetadataSource (line 46) | @Deprecated
method DefaultMessageSecurityMetadataSource (line 51) | public DefaultMessageSecurityMetadataSource(
method getAttributes (line 56) | @Override
method getAllConfigAttributes (line 68) | @Override
method supports (line 77) | @Override
FILE: access/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java
type MessageSecurityMetadataSource (line 31) | @Deprecated
FILE: access/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
class DefaultWebInvocationPrivilegeEvaluator (line 43) | @Deprecated
method DefaultWebInvocationPrivilegeEvaluator (line 52) | public DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityIntercep...
method isAllowed (line 67) | @Override
method isAllowed (line 89) | @Override
method setServletContext (line 112) | @Override
FILE: access/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
class AbstractRetryEntryPoint (line 40) | @Deprecated
method AbstractRetryEntryPoint (line 59) | public AbstractRetryEntryPoint(String scheme, int standardPort) {
method commence (line 64) | @Override
method getMappedPort (line 79) | protected abstract @Nullable Integer getMappedPort(Integer mapFromPort);
method getPortMapper (line 81) | protected final PortMapper getPortMapper() {
method setPortMapper (line 85) | public void setPortMapper(PortMapper portMapper) {
method setRedirectStrategy (line 95) | public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
method getRedirectStrategy (line 100) | protected final RedirectStrategy getRedirectStrategy() {
FILE: access/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
type ChannelDecisionManager (line 35) | @Deprecated
method decide (line 43) | void decide(FilterInvocation invocation, Collection<ConfigAttribute> c...
method supports (line 57) | boolean supports(ConfigAttribute attribute);
FILE: access/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
class ChannelDecisionManagerImpl (line 53) | @Deprecated
method afterPropertiesSet (line 61) | @Override
method decide (line 66) | @Override
method getChannelProcessors (line 82) | protected @Nullable List<ChannelProcessor> getChannelProcessors() {
method setChannelProcessors (line 86) | @SuppressWarnings("cast")
method supports (line 97) | @Override
FILE: access/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
type ChannelEntryPoint (line 40) | @Deprecated
method commence (line 53) | void commence(HttpServletRequest request, HttpServletResponse response...
FILE: access/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
class ChannelProcessingFilter (line 89) | @Deprecated
method afterPropertiesSet (line 98) | @Override
method getUnsupportedAttributes (line 114) | private Set<ConfigAttribute> getUnsupportedAttributes(Collection<Confi...
method doFilter (line 124) | @Override
method getChannelDecisionManager (line 143) | protected @Nullable ChannelDecisionManager getChannelDecisionManager() {
method getSecurityMetadataSource (line 147) | protected FilterInvocationSecurityMetadataSource getSecurityMetadataSo...
method setChannelDecisionManager (line 151) | public void setChannelDecisionManager(ChannelDecisionManager channelDe...
method setSecurityMetadataSource (line 155) | public void setSecurityMetadataSource(
FILE: access/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
type ChannelProcessor (line 41) | @Deprecated
method decide (line 48) | void decide(FilterInvocation invocation, Collection<ConfigAttribute> c...
method supports (line 61) | boolean supports(ConfigAttribute attribute);
FILE: access/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
class InsecureChannelProcessor (line 48) | @Deprecated
method afterPropertiesSet (line 55) | @Override
method decide (line 61) | @Override
method getEntryPoint (line 76) | public ChannelEntryPoint getEntryPoint() {
method getInsecureKeyword (line 80) | public String getInsecureKeyword() {
method setEntryPoint (line 84) | public void setEntryPoint(ChannelEntryPoint entryPoint) {
method setInsecureKeyword (line 88) | public void setInsecureKeyword(String secureKeyword) {
method supports (line 92) | @Override
FILE: access/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java
class RetryWithHttpEntryPoint (line 35) | @Deprecated(since = "6.5")
method RetryWithHttpEntryPoint (line 38) | public RetryWithHttpEntryPoint() {
method getMappedPort (line 42) | @Override
FILE: access/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java
class RetryWithHttpsEntryPoint (line 36) | @Deprecated(since = "6.5")
method RetryWithHttpsEntryPoint (line 39) | public RetryWithHttpsEntryPoint() {
method getMappedPort (line 43) | @Override
FILE: access/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
class SecureChannelProcessor (line 47) | @Deprecated
method afterPropertiesSet (line 54) | @Override
method decide (line 60) | @Override
method getEntryPoint (line 75) | public ChannelEntryPoint getEntryPoint() {
method getSecureKeyword (line 79) | public String getSecureKeyword() {
method setEntryPoint (line 83) | public void setEntryPoint(ChannelEntryPoint entryPoint) {
method setSecureKeyword (line 87) | public void setSecureKeyword(String secureKeyword) {
method supports (line 91) | @Override
FILE: access/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java
class DefaultWebSecurityExpressionHandler (line 36) | public class DefaultWebSecurityExpressionHandler extends AbstractSecurit...
method createSecurityExpressionRoot (line 43) | @Override
method setTrustResolver (line 65) | @Deprecated(since = "7.0")
method setDefaultRolePrefix (line 87) | @Deprecated(since = "7.0")
FILE: access/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
class ExpressionBasedFilterInvocationSecurityMetadataSource (line 54) | @Deprecated
method ExpressionBasedFilterInvocationSecurityMetadataSource (line 60) | public ExpressionBasedFilterInvocationSecurityMetadataSource(
method processMap (line 67) | private static LinkedHashMap<RequestMatcher, Collection<ConfigAttribut...
method process (line 75) | private static void process(ExpressionParser parser, RequestMatcher re...
method getExpression (line 92) | private static String getExpression(RequestMatcher request, Collection...
method createPostProcessor (line 97) | private static AbstractVariableEvaluationContextPostProcessor createPo...
class RequestVariablesExtractorEvaluationContextPostProcessor (line 101) | static class RequestVariablesExtractorEvaluationContextPostProcessor
method RequestVariablesExtractorEvaluationContextPostProcessor (line 106) | RequestVariablesExtractorEvaluationContextPostProcessor(RequestMatch...
method extractVariables (line 110) | @Override
FILE: access/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
class WebExpressionConfigAttribute (line 36) | @Deprecated
method WebExpressionConfigAttribute (line 44) | WebExpressionConfigAttribute(Expression authorizeExpression,
method getAuthorizeExpression (line 50) | Expression getAuthorizeExpression() {
method postProcess (line 54) | @Override
method getAttribute (line 59) | @Override
method toString (line 64) | @Override
FILE: access/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
class WebExpressionVoter (line 41) | @Deprecated
method vote (line 48) | @Override
method findConfigAttribute (line 70) | private @Nullable WebExpressionConfigAttribute findConfigAttribute(Col...
method supports (line 79) | @Override
method supports (line 84) | @Override
method setExpressionHandler (line 89) | public void setExpressionHandler(SecurityExpressionHandler<FilterInvoc...
FILE: access/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
class DefaultFilterInvocationSecurityMetadataSource (line 63) | @Deprecated
method DefaultFilterInvocationSecurityMetadataSource (line 76) | public DefaultFilterInvocationSecurityMetadataSource(
method getAllConfigAttributes (line 81) | @Override
method getAttributes (line 88) | @Override
method supports (line 106) | @Override
method getHttpServletRequest (line 111) | private HttpServletRequest getHttpServletRequest(Object object) {
FILE: access/src/main/java/org/springframework/security/web/access/intercept/FilterInvocationSecurityMetadataSource.java
type FilterInvocationSecurityMetadataSource (line 36) | @Deprecated
FILE: access/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
class FilterSecurityInterceptor (line 47) | @Deprecated
method init (line 61) | @Override
method destroy (line 68) | @Override
method doFilter (line 81) | @Override
method getSecurityMetadataSource (line 87) | public @Nullable FilterInvocationSecurityMetadataSource getSecurityMet...
method obtainSecurityMetadataSource (line 91) | @Override
method setSecurityMetadataSource (line 96) | public void setSecurityMetadataSource(FilterInvocationSecurityMetadata...
method getSecureObjectClass (line 100) | @Override
method invoke (line 105) | public void invoke(FilterInvocation filterInvocation) throws IOExcepti...
method isApplied (line 126) | private boolean isApplied(FilterInvocation filterInvocation) {
method isObserveOncePerRequest (line 141) | public boolean isObserveOncePerRequest() {
method setObserveOncePerRequest (line 145) | public void setObserveOncePerRequest(boolean observeOncePerRequest) {
FILE: access/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
class AuthenticationCredentialsNotFoundEventTests (line 32) | @SuppressWarnings("deprecation")
method testRejectsNulls (line 35) | @Test
method testRejectsNulls2 (line 41) | @Test
method testRejectsNulls3 (line 48) | @Test
FILE: access/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
class AuthorizationFailureEventTests (line 35) | @SuppressWarnings("deprecation")
method rejectsNullSecureObject (line 45) | @Test
method rejectsNullAttributesList (line 51) | @Test
method rejectsNullAuthentication (line 57) | @Test
method rejectsNullException (line 64) | @Test
method gettersReturnCtorSuppliedData (line 70) | @Test
FILE: access/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
class AuthorizedEventTests (line 32) | @SuppressWarnings("deprecation")
method testRejectsNulls (line 35) | @Test
method testRejectsNulls2 (line 41) | @Test
method testRejectsNulls3 (line 47) | @Test
FILE: access/src/test/java/org/springframework/security/access/ITargetObject.java
type ITargetObject (line 24) | public interface ITargetObject {
method computeHashCode (line 26) | Integer computeHashCode(String input);
method countLength (line 28) | int countLength(String input);
method makeLowerCase (line 30) | String makeLowerCase(String input);
method makeUpperCase (line 32) | String makeUpperCase(String input);
method publicMakeLowerCase (line 34) | String publicMakeLowerCase(String input);
FILE: access/src/test/java/org/springframework/security/access/OtherTargetObject.java
class OtherTargetObject (line 36) | public class OtherTargetObject extends TargetObject implements ITargetOb...
method makeLowerCase (line 38) | @Override
method makeUpperCase (line 43) | @Override
method publicMakeLowerCase (line 48) | @Override
FILE: access/src/test/java/org/springframework/security/access/SecurityConfigTests.java
class SecurityConfigTests (line 30) | @SuppressWarnings("deprecation")
method testHashCode (line 33) | @Test
method testCannotConstructWithNullAttribute (line 39) | @Test
method testCannotConstructWithEmptyAttribute (line 44) | @Test
method testNoArgConstructorDoesntExist (line 49) | @Test
method testObjectEquals (line 55) | @Test
method testToString (line 75) | @Test
class MockConfigAttribute (line 81) | private class MockConfigAttribute implements ConfigAttribute {
method MockConfigAttribute (line 85) | MockConfigAttribute(String configuration) {
method getAttribute (line 89) | @Override
FILE: access/src/test/java/org/springframework/security/access/TargetObject.java
class TargetObject (line 27) | public class TargetObject implements ITargetObject {
method computeHashCode (line 29) | @Override
method countLength (line 34) | @Override
method makeLowerCase (line 47) | @Override
method makeUpperCase (line 66) | @Override
method publicMakeLowerCase (line 76) | @Override
FILE: access/src/test/java/org/springframework/security/access/annotation/BusinessService.java
type BusinessService (line 29) | @Secured({ "ROLE_USER" })
method someAdminMethod (line 33) | @Secured({ "ROLE_ADMIN" })
method someUserAndAdminMethod (line 38) | @Secured({ "ROLE_USER", "ROLE_ADMIN" })
method someUserMethod1 (line 42) | @Secured({ "ROLE_USER" })
method someUserMethod2 (line 46) | @Secured({ "ROLE_USER" })
method rolesAllowedUser (line 50) | @RolesAllowed({ "USER" })
method someOther (line 53) | int someOther(String s);
method someOther (line 55) | int someOther(int input);
method methodReturningAList (line 57) | List<?> methodReturningAList(List<?> someList);
method methodReturningAnArray (line 59) | Object[] methodReturningAnArray(Object[] someArray);
method methodReturningAList (line 61) | List<?> methodReturningAList(String userName, String extraParam);
method repeatedAnnotations (line 63) | @RequireAdminRole
FILE: access/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
class BusinessServiceImpl (line 25) | @SuppressWarnings("serial")
method someUserMethod1 (line 28) | @Override
method someUserMethod2 (line 33) | @Override
method someUserAndAdminMethod (line 38) | @Override
method someAdminMethod (line 43) | @Override
method someUserMethod3 (line 48) | public E someUserMethod3(final E entity) {
method someOther (line 52) | @Override
method someOther (line 57) | @Override
method methodReturningAList (line 62) | @Override
method methodReturningAList (line 67) | @Override
method methodReturningAnArray (line 72) | @Override
method rolesAllowedUser (line 77) | @Override
FILE: access/src/test/java/org/springframework/security/access/annotation/Entity.java
class Entity (line 25) | public class Entity {
method Entity (line 27) | public Entity(String someParameter) {
FILE: access/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
class ExpressionProtectedBusinessServiceImpl (line 26) | @SuppressWarnings("serial")
method someAdminMethod (line 29) | @Override
method someOther (line 33) | @Override
method someOther (line 38) | @Override
method someUserAndAdminMethod (line 43) | @Override
method someUserMethod1 (line 47) | @Override
method someUserMethod2 (line 51) | @Override
method methodReturningAList (line 55) | @Override
method methodReturningAList (line 62) | @Override
method methodReturningAnArray (line 67) | @Override
method methodWithBeanNamePropertyAccessExpression (line 73) | @PreAuthorize("#x == 'x' and @number.intValue() == 1294 ")
method rolesAllowedUser (line 77) | @Override
FILE: access/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
class Jsr250BusinessServiceImpl (line 28) | @PermitAll
method someUserMethod1 (line 32) | @Override
method someUserMethod2 (line 37) | @Override
method someUserAndAdminMethod (line 42) | @Override
method someAdminMethod (line 47) | @Override
method someOther (line 52) | @Override
method someOther (line 57) | @Override
method methodReturningAList (line 62) | @Override
method methodReturningAList (line 67) | @Override
method methodReturningAnArray (line 72) | @Override
method rolesAllowedUser (line 77) | @Override
FILE: access/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
class Jsr250MethodSecurityMetadataSourceTests (line 35) | @SuppressWarnings("deprecation")
method setup (line 44) | @BeforeEach
method findAttributes (line 51) | private ConfigAttribute[] findAttributes(String methodName) throws Exc...
method methodWithRolesAllowedHasCorrectAttribute (line 55) | @Test
method permitAllMethodHasPermitAllAttribute (line 62) | @Test
method noRoleMethodHasNoAttributes (line 69) | @Test
method classRoleIsAppliedToNoRoleMethod (line 76) | @Test
method methodRoleOverridesClassRole (line 83) | @Test
method customDefaultRolePrefix (line 91) | @Test
method emptyDefaultRolePrefix (line 99) | @Test
method nullDefaultRolePrefix (line 107) | @Test
method alreadyHasDefaultPrefix (line 115) | @Test
method classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembers (line 129) | @Test
method classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembersOverriden (line 137) | @Test
method classLevelAnnotationsImpactMemberLevel (line 146) | @Test
method classLevelAnnotationsIgnoredByExplicitMemberAnnotation (line 155) | @Test
method interfacesNeverContributeAnnotationsMethodLevel (line 169) | @Test
method interfacesNeverContributeAnnotationsClassLevel (line 177) | @Test
method annotationsOnOverriddenMemberIgnored (line 185) | @Test
class A (line 194) | public static class A {
method noRoleMethod (line 196) | public void noRoleMethod() {
method adminMethod (line 199) | @RolesAllowed("ADMIN")
method roleAdminMethod (line 203) | @RolesAllowed("ROLE_ADMIN")
method permitAllMethod (line 207) | @PermitAll
class UserAllowedClass (line 213) | @RolesAllowed("USER")
method noRoleMethod (line 216) | public void noRoleMethod() {
method adminMethod (line 219) | @RolesAllowed("ADMIN")
type IParent (line 226) | @RolesAllowed("IPARENT")
method interfaceMethod (line 229) | @RolesAllowed("INTERFACEMETHOD")
class Parent (line 234) | static class Parent implements IParent {
method interfaceMethod (line 236) | @Override
method notOverriden (line 240) | public void notOverriden() {
method overriden (line 243) | public void overriden() {
method overridenIgnored (line 246) | @RolesAllowed("OVERRIDENIGNORED")
class Child (line 252) | @RolesAllowed("DERIVED")
method overriden (line 255) | @Override
method overridenIgnored (line 259) | @Override
method defaults (line 263) | public void defaults() {
method explicitMethod (line 266) | @RolesAllowed("EXPLICIT")
FILE: access/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
class Jsr250VoterTests (line 34) | @SuppressWarnings("deprecation")
method supportsMultipleRolesCorrectly (line 38) | @Test
FILE: access/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
class SecuredAnnotationSecurityMetadataSourceTests (line 49) | @SuppressWarnings("deprecation")
method genericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride (line 54) | @Test
method classLevelAttributesAreFound (line 89) | @Test
method methodLevelAttributesAreFound (line 100) | @Test
method customAnnotationAttributesAreFound (line 129) | @Test
method annotatedAnnotationAtClassLevelIsDetected (line 137) | @Test
method annotatedAnnotationAtInterfaceLevelIsDetected (line 146) | @Test
method annotatedAnnotationAtMethodLevelIsDetected (line 155) | @Test
method proxyFactoryInterfaceAttributesFound (line 164) | @Test
class Department (line 173) | class Department extends Entity {
method Department (line 175) | Department(String name) {
type DepartmentService (line 181) | interface DepartmentService extends BusinessService {
method someUserMethod3 (line 183) | @Secured({ "ROLE_USER" })
class DepartmentServiceImpl (line 188) | @SuppressWarnings("serial")
method someUserMethod3 (line 191) | @Override
type CustomAnnotatedService (line 200) | @CustomSecurityAnnotation(SecurityEnum.ADMIN)
class CustomAnnotatedServiceImpl (line 205) | class CustomAnnotatedServiceImpl implements CustomAnnotatedService {
type SecurityEnum (line 209) | enum SecurityEnum implements ConfigAttribute, GrantedAuthority {
method getAttribute (line 213) | @Override
method getAuthority (line 218) | @Override
class CustomSecurityAnnotationMetadataExtractor (line 233) | class CustomSecurityAnnotationMetadataExtractor implements AnnotationM...
method extractAttributes (line 235) | @Override
type ReturnVoid (line 251) | public interface ReturnVoid {
method doSomething (line 253) | void doSomething(List<?> param);
type ReturnVoid2 (line 257) | @AnnotatedAnnotation
method doSomething (line 260) | void doSomething(List<?> param);
class AnnotatedAnnotationAtClassLevel (line 264) | @AnnotatedAnnotation
method doSomething (line 267) | @Override
class AnnotatedAnnotationAtInterfaceLevel (line 273) | public static class AnnotatedAnnotationAtInterfaceLevel implements Ret...
method doSomething (line 275) | @Override
class AnnotatedAnnotationAtMethodLevel (line 281) | public static class AnnotatedAnnotationAtMethodLevel implements Return...
method doSomething (line 283) | @Override
FILE: access/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
type CrudRepository (line 19) | public interface CrudRepository {
method findAll (line 21) | Iterable<Object> findAll();
FILE: access/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
class MethodInvocationFactory (line 22) | public final class MethodInvocationFactory {
method MethodInvocationFactory (line 24) | private MethodInvocationFactory() {
method createSec2150MethodInvocation (line 33) | public static MockMethodInvocation createSec2150MethodInvocation() thr...
FILE: access/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
type PersonRepository (line 29) | @Secured("ROLE_PERSON")
FILE: access/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
class DefaultMethodSecurityExpressionHandlerTests (line 52) | @ExtendWith(MockitoExtension.class)
method setup (line 66) | @BeforeEach
method setupMocks (line 71) | private void setupMocks() {
method cleanup (line 76) | @AfterEach
method setTrustResolverNull (line 81) | @Test
method createEvaluationContextCustomTrustResolver (line 87) | @Test
method filterByKeyWhenUsingMapThenFiltersMap (line 98) | @Test
method filterByValueWhenUsingMapThenFiltersMap (line 116) | @Test
method filterByKeyAndValueWhenUsingMapThenFiltersMap (line 134) | @Test
method filterWhenUsingStreamThenFiltersStream (line 153) | @Test
method filterStreamWhenClosedThenUpstreamGetsClosed (line 166) | @Test
method createEvaluationContextSupplierAuthentication (line 177) | @Test
class Foo (line 192) | static class Foo {
method bar (line 194) | void bar() {
FILE: access/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
class ExpressionBasedPreInvocationAdviceTests (line 41) | @ExtendWith(MockitoExtension.class)
method setUp (line 50) | @BeforeEach
method findFilterTargetNameProvidedButNotMatch (line 55) | @Test
method findFilterTargetNameProvidedArrayUnsupported (line 65) | @Test
method findFilterTargetNameProvided (line 74) | @Test
method findFilterTargetNameNotProvidedArrayUnsupported (line 84) | @Test
method findFilterTargetNameNotProvided (line 93) | @Test
method findFilterTargetNameNotProvidedTypeNotSupported (line 103) | @Test
method findFilterTargetNameNotProvidedMethodAcceptMoreThenOneArgument (line 112) | @Test
class TestClass (line 122) | private class TestClass {
method doSomethingCollection (line 124) | public Boolean doSomethingCollection(List<?> param) {
method doSomethingArray (line 128) | public Boolean doSomethingArray(String[] param) {
method doSomethingString (line 132) | public Boolean doSomethingString(String param) {
method doSomethingTwoArgs (line 136) | public Boolean doSomethingTwoArgs(String param, List<?> list) {
FILE: access/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
class MethodExpressionVoterTests (line 37) | @SuppressWarnings({ "unchecked", "deprecation" })
method hasRoleExpressionAllowsUserWithRole (line 45) | @Test
method hasRoleExpressionDeniesUserWithoutRole (line 53) | @Test
method matchingArgAgainstAuthenticationNameIsSuccessful (line 61) | @Test
method accessIsGrantedIfNoPreAuthorizeAttributeIsUsed (line 70) | @Test
method collectionPreFilteringIsSuccessful (line 81) | @Test
method arraysCannotBePrefiltered (line 90) | @Test
method incorrectFilterTargetNameIsRejected (line 98) | @Test
method nullNamedFilterTargetIsRejected (line 106) | @Test
method ruleDefinedInAClassMethodIsApplied (line 114) | @Test
method createAttributes (line 123) | private List<ConfigAttribute> createAttributes(ConfigAttribute... attr...
method createCollectionArg (line 127) | private List createCollectionArg(Object... elts) {
method createArrayArg (line 133) | private Object createArrayArg(Object... elts) {
method methodTakingAnArray (line 139) | private Method methodTakingAnArray() throws Exception {
method methodTakingAString (line 143) | private Method methodTakingAString() throws Exception {
method methodTakingACollection (line 147) | private Method methodTakingACollection() throws Exception {
type Target (line 151) | private interface Target {
method methodTakingAnArray (line 153) | void methodTakingAnArray(Object[] args);
method methodTakingAString (line 155) | void methodTakingAString(String argument);
method methodTakingACollection (line 157) | Collection methodTakingACollection(Collection collection);
class TargetImpl (line 161) | private static class TargetImpl implements Target {
method methodTakingAnArray (line 163) | @Override
method methodTakingAString (line 167) | @Override
method methodTakingACollection (line 171) | @Override
FILE: access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
class MethodSecurityEvaluationContextTests (line 38) | @ExtendWith(MockitoExtension.class)
method lookupVariableWhenParameterNameNullThenNotSet (line 50) | @Test
class NotNullVariableMethodSecurityEvaluationContext (line 63) | private static class NotNullVariableMethodSecurityEvaluationContext ex...
method NotNullVariableMethodSecurityEvaluationContext (line 65) | NotNullVariableMethodSecurityEvaluationContext(Authentication auth, ...
method setVariable (line 70) | @Override
FILE: access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
class MethodSecurityExpressionRootTests (line 43) | public class MethodSecurityExpressionRootTests {
method createContext (line 55) | @BeforeEach
method canCallMethodsOnVariables (line 67) | @Test
method isAnonymousReturnsTrueIfTrustResolverReportsAnonymous (line 74) | @Test
method isAnonymousReturnsFalseIfTrustResolverReportsNonAnonymous (line 80) | @Test
method hasPermissionOnDomainObjectReturnsFalseIfPermissionEvaluatorDoes (line 86) | @Test
method hasPermissionOnDomainObjectReturnsTrueIfPermissionEvaluatorDoes (line 96) | @Test
method hasPermissionOnDomainObjectWorksWithIntegerExpressions (line 106) | @Test
method hasPermissionWorksWithThisObject (line 124) | @Test
FILE: access/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
class PrePostAnnotationSecurityMetadataSourceTests (line 47) | @SuppressWarnings("deprecation")
method setUpData (line 71) | @BeforeEach
method classLevelPreAnnotationIsPickedUpWhenNoMethodLevelExists (line 89) | @Test
method mixedClassAndMethodPreAnnotationsAreBothIncluded (line 100) | @Test
method methodWithPreFilterOnlyIsAllowed (line 111) | @Test
method methodWithPostFilterOnlyIsAllowed (line 122) | @Test
method interfaceAttributesAreIncluded (line 135) | @Test
method classAttributesTakesPrecedeceOverInterfaceAttributes (line 147) | @Test
method customAnnotationAtClassLevelIsDetected (line 159) | @Test
method customAnnotationAtInterfaceLevelIsDetected (line 165) | @Test
method customAnnotationAtMethodLevelIsDetected (line 172) | @Test
method proxyFactoryInterfaceAttributesFound (line 178) | @Test
type ReturnVoid (line 188) | public interface ReturnVoid {
method doSomething (line 190) | void doSomething(List<?> param);
type ReturnAList (line 194) | public interface ReturnAList {
method doSomething (line 196) | List<?> doSomething(List<?> param);
type ReturnAnotherList (line 200) | @PreAuthorize("interfaceAuthzExpression")
method doSomething (line 203) | @PreAuthorize("interfaceMethodAuthzExpression")
class ReturnVoidImpl1 (line 209) | @PreAuthorize("someExpression")
method doSomething (line 212) | @Override
class ReturnVoidImpl2 (line 218) | @PreAuthorize("someExpression")
method doSomething (line 221) | @Override
class ReturnVoidImpl3 (line 228) | public static class ReturnVoidImpl3 implements ReturnVoid {
method doSomething (line 230) | @Override
class ReturnAListImpl1 (line 237) | public static class ReturnAListImpl1 implements ReturnAList {
method doSomething (line 239) | @Override
class ReturnAListImpl2 (line 247) | public static class ReturnAListImpl2 implements ReturnAList {
method doSomething (line 249) | @Override
class ReturnAnotherListImpl1 (line 260) | public static class ReturnAnotherListImpl1 implements ReturnAnotherList {
method doSomething (line 262) | @Override
class ReturnAnotherListImpl2 (line 269) | public static class ReturnAnotherListImpl2 implements ReturnAnotherList {
method doSomething (line 271) | @Override
type ReturnVoid2 (line 287) | @CustomAnnotation
method doSomething (line 290) | void doSomething(List<?> param);
class CustomAnnotationAtClassLevel (line 294) | @CustomAnnotation
method doSomething (line 297) | @Override
class CustomAnnotationAtInterfaceLevel (line 303) | public static class CustomAnnotationAtInterfaceLevel implements Return...
method doSomething (line 305) | @Override
class CustomAnnotationAtMethodLevel (line 311) | public static class CustomAnnotationAtMethodLevel implements ReturnVoid {
method doSomething (line 313) | @Override
FILE: access/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
class SecurityRules (line 19) | public final class SecurityRules {
method SecurityRules (line 21) | private SecurityRules() {
method disallow (line 24) | public static boolean disallow() {
method allow (line 28) | public static boolean allow() {
method isJoe (line 32) | public static boolean isJoe(String s) {
FILE: access/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
class AbstractSecurityInterceptorTests (line 35) | @SuppressWarnings("deprecation")
method detectsIfInvocationPassedIncompatibleSecureObject (line 38) | @Test
method detectsViolationOfGetSecureObjectClassMethod (line 49) | @Test
class MockSecurityInterceptorReturnsNull (line 60) | private class MockSecurityInterceptorReturnsNull extends AbstractSecur...
method getSecureObjectClass (line 64) | @Override
method obtainSecurityMetadataSource (line 69) | @Override
method setSecurityMetadataSource (line 74) | void setSecurityMetadataSource(SecurityMetadataSource securityMetada...
class MockSecurityInterceptorWhichOnlySupportsStrings (line 80) | private class MockSecurityInterceptorWhichOnlySupportsStrings extends ...
method getSecureObjectClass (line 84) | @Override
method obtainSecurityMetadataSource (line 89) | @Override
method setSecurityMetadataSource (line 94) | void setSecurityMetadataSource(SecurityMetadataSource securityMetada...
FILE: access/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java
class AfterInvocationProviderManagerTests (line 41) | @SuppressWarnings({ "unchecked", "deprecation" })
method testCorrectOperation (line 44) | @Test
method testRejectsEmptyProvidersList (line 71) | @Test
method testRejectsNonAfterInvocationProviders (line 78) | @Test
method testRejectsNullProvidersList (line 88) | @Test
method testSupportsConfigAttributeIteration (line 94) | @Test
method testSupportsSecureObjectIteration (line 107) | @Test
class MockAfterInvocationProvider (line 125) | private class MockAfterInvocationProvider implements AfterInvocationPr...
method MockAfterInvocationProvider (line 133) | MockAfterInvocationProvider(Object forceReturnObject, Class secureOb...
method decide (line 139) | @Override
method supports (line 148) | @Override
method supports (line 153) | @Override
FILE: access/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java
class InterceptorStatusTokenTests (line 37) | @SuppressWarnings("deprecation")
method testOperation (line 40) | @Test
FILE: access/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java
class NullRunAsManagerTests (line 30) | @SuppressWarnings("deprecation")
method testAlwaysReturnsNull (line 33) | @Test
method testAlwaysSupportsClass (line 39) | @Test
method testNeverSupportsAttribute (line 45) | @Test
FILE: access/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java
class RunAsImplAuthenticationProviderTests (line 34) | @SuppressWarnings("deprecation")
method testAuthenticationFailDueToWrongKey (line 37) | @Test
method testAuthenticationSuccess (line 46) | @Test
method testStartupFailsIfNoKey (line 58) | @Test
method testStartupSuccess (line 64) | @Test
method testSupports (line 72) | @Test
FILE: access/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java
class RunAsManagerImplTests (line 37) | @SuppressWarnings("deprecation")
method testAlwaysSupportsClass (line 40) | @Test
method testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting (line 46) | @Test
method testRespectsRolePrefix (line 57) | @Test
method testReturnsAdditionalGrantedAuthorities (line 77) | @Test
method testStartupDetectsMissingKey (line 98) | @Test
method testStartupSuccessfulWithKey (line 104) | @Test
method testSupports (line 112) | @Test
FILE: access/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java
class RunAsUserTokenTests (line 32) | @SuppressWarnings("deprecation")
method testAuthenticationSetting (line 35) | @Test
method testGetters (line 44) | @Test
method testNoArgConstructorDoesntExist (line 54) | @Test
method testToString (line 60) | @Test
method testToStringNullOriginalAuthentication (line 70) | @Test
FILE: access/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java
class MethodSecurityInterceptorTests (line 68) | @SuppressWarnings({ "unchecked", "deprecation" })
method setUp (line 87) | @BeforeEach
method tearDown (line 103) | @AfterEach
method createTarget (line 108) | private void createTarget(boolean useMock) {
method gettersReturnExpectedData (line 115) | @Test
method missingAccessDecisionManagerIsDetected (line 128) | @Test
method missingAuthenticationManagerIsDetected (line 134) | @Test
method missingMethodSecurityMetadataSourceIsRejected (line 140) | @Test
method missingRunAsManagerIsRejected (line 146) | @Test
method initializationRejectsSecurityMetadataSourceThatDoesNotSupportMethodInvocation (line 152) | @Test
method initializationRejectsAccessDecisionManagerThatDoesNotSupportMethodInvocation (line 158) | @Test
method intitalizationRejectsRunAsManagerThatDoesNotSupportMethodInvocation (line 165) | @Test
method intitalizationRejectsAfterInvocationManagerThatDoesNotSupportMethodInvocation (line 173) | @Test
method initializationFailsIfAccessDecisionManagerRejectsConfigAttributes (line 181) | @Test
method validationNotAttemptedIfIsValidateConfigAttributesSetToFalse (line 187) | @Test
method validationNotAttemptedIfMethodSecurityMetadataSourceReturnsNullForAttributes (line 197) | @Test
method callingAPublicMethodFacadeWillNotRepeatSecurityChecksWhenPassedToTheSecuredMethodItFronts (line 207) | @Test
method callingAPublicMethodWhenPresentingAnAuthenticationObjectDoesntChangeItsAuthenticatedProperty (line 214) | @Test
method callIsntMadeWhenAuthenticationManagerRejectsAuthentication (line 223) | @Test
method callSucceedsIfAccessDecisionManagerGrantsAccess (line 233) | @Test
method callIsntMadeWhenAccessDecisionManagerRejectsAccess (line 246) | @Test
method rejectsNullSecuredObjects (line 261) | @Test
method runAsReplacementIsCorrectlySet (line 266) | @Test
method runAsReplacementCleansAfterException (line 285) | @Test
method emptySecurityContextIsRejected (line 304) | @Test
method afterInvocationManagerIsNotInvokedIfExceptionIsRaised (line 311) | @Test
method mdsReturnsNull (line 324) | void mdsReturnsNull() {
method mdsReturnsUserRole (line 328) | void mdsReturnsUserRole() {
FILE: access/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java
class MethodSecurityMetadataSourceAdvisorTests (line 36) | @SuppressWarnings("deprecation")
method testAdvisorReturnsFalseWhenMethodInvocationNotDefined (line 39) | @Test
method testAdvisorReturnsTrueWhenMethodInvocationIsDefined (line 49) | @Test
FILE: access/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java
class AspectJMethodSecurityInterceptorTests (line 65) | @SuppressWarnings("deprecation")
method setUp (line 86) | @BeforeEach
method clearContext (line 112) | @AfterEach
method callbackIsInvokedWhenPermissionGranted (line 117) | @Test
method callbackIsNotInvokedWhenPermissionDenied (line 126) | @SuppressWarnings("unchecked")
method adapterHoldsCorrectData (line 136) | @Test
method afterInvocationManagerIsNotInvokedIfExceptionIsRaised (line 149) | @Test
method invokeWithAspectJCallbackRunAsReplacementCleansAfterException (line 162) | @Test
method invokeRunAsReplacementCleansAfterException (line 182) | @Test
FILE: access/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java
class MapBasedMethodSecurityMetadataSourceTests (line 37) | @SuppressWarnings("deprecation")
method initialize (line 50) | @BeforeEach
method wildcardedMatchIsOverwrittenByMoreSpecificMatch (line 57) | @Test
method methodsWithDifferentArgumentsAreMatchedCorrectly (line 64) | @Test
class MockService (line 72) | @SuppressWarnings("unused")
method someMethod (line 75) | public void someMethod(String s) {
method someMethod (line 78) | public void someMethod(Integer i) {
FILE: access/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
class MethodInvocationPrivilegeEvaluatorTests (line 52) | @SuppressWarnings("deprecation")
method setUp (line 65) | @BeforeEach
method allowsAccessUsingCreate (line 78) | @Test
method allowsAccessUsingCreateFromClass (line 89) | @Test
method declinesAccessUsingCreate (line 99) | @Test
method declinesAccessUsingCreateFromClass (line 110) | @Test
FILE: access/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java
class MockMethodInvocation (line 24) | @SuppressWarnings("unchecked")
method MockMethodInvocation (line 33) | public MockMethodInvocation(Object targetObject, Class clazz, String m...
method MockMethodInvocation (line 39) | public MockMethodInvocation(Object targetObject, Class clazz, String m...
method MockMethodInvocation (line 45) | public MockMethodInvocation(Object targetObject, Method method) {
method getArguments (line 50) | @Override
method getMethod (line 55) | @Override
method getStaticPart (line 60) | @Override
method getThis (line 65) | @Override
method proceed (line 70) | @Override
FILE: access/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java
class DelegatingMethodSecurityMetadataSourceTests (line 39) | @SuppressWarnings({ "unchecked", "deprecation" })
method returnsEmptyListIfDelegateReturnsNull (line 44) | @Test
method returnsDelegateAttributes (line 60) | @Test
FILE: access/src/test/java/org/springframework/security/access/prepost/PostInvocationAdviceProviderTests.java
class PostInvocationAdviceProviderTests (line 31) | @ExtendWith(MockitoExtension.class)
method setUp (line 40) | @BeforeEach
method supportsMethodInvocation (line 45) | @Test
method supportsProxyMethodInvocation (line 50) | @Test
method supportsMethodInvocationAdapter (line 55) | @Test
FILE: access/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java
class PreInvocationAuthorizationAdviceVoterTests (line 31) | @ExtendWith(MockitoExtension.class)
method setUp (line 40) | @BeforeEach
method supportsMethodInvocation (line 45) | @Test
method supportsProxyMethodInvocation (line 51) | @Test
method supportsMethodInvocationAdapter (line 56) | @Test
FILE: access/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java
class AbstractAccessDecisionManagerTests (line 39) | @SuppressWarnings({ "unchecked", "deprecation" })
method testAllowIfAccessDecisionManagerDefaults (line 42) | @Test
method testDelegatesSupportsClassRequests (line 53) | @Test
method testDelegatesSupportsRequests (line 63) | @Test
method testProperlyStoresListOfVoters (line 77) | @Test
method testRejectsEmptyList (line 88) | @Test
method testRejectsNullVotersList (line 93) | @Test
method testRoleVoterAlwaysReturnsTrueToSupports (line 98) | @Test
method testWillNotStartIfDecisionVotersNotSet (line 104) | @Test
class MockDecisionManagerImpl (line 109) | private class MockDecisionManagerImpl extends AbstractAccessDecisionMa...
method MockDecisionManagerImpl (line 111) | protected MockDecisionManagerImpl(List<AccessDecisionVoter<? extends...
method decide (line 115) | @Override
class MockStringOnlyVoter (line 121) | private class MockStringOnlyVoter implements AccessDecisionVoter<Objec...
method supports (line 123) | @Override
method supports (line 128) | @Override
method vote (line 133) | @Override
FILE: access/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java
class AbstractAclVoterTests (line 34) | @SuppressWarnings("deprecation")
method supports (line 38) | @Override
method vote (line 43) | @Override
method supportsMethodInvocations (line 50) | @Test
method expectedDomainObjectArgumentIsReturnedFromMethodInvocation (line 56) | @Test
method correctArgumentIsSelectedFromMultipleArgs (line 63) | @Test
class TestClass (line 71) | @SuppressWarnings("unused")
method methodTakingAString (line 74) | public void methodTakingAString(String arg) {
method methodTaking2Strings (line 77) | public void methodTaking2Strings(String arg1, String arg2) {
method methodTakingAListAndAString (line 80) | public void methodTakingAListAndAString(ArrayList<Object> arg1, Stri...
FILE: access/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java
class AffirmativeBasedTests (line 43) | @SuppressWarnings("deprecation")
method setup (line 58) | @BeforeEach
method oneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess (line 72) | @Test
method oneDenyVoteOneAbstainVoteOneAffirmativeVoteGrantsAccess (line 80) | @Test
method oneAffirmativeVoteTwoAbstainVotesGrantsAccess (line 87) | @Test
method oneDenyVoteTwoAbstainVotesDeniesAccess (line 94) | @Test
method onlyAbstainVotesDeniesAccessWithDefault (line 102) | @Test
method testThreeAbstainVotesGrantsAccessIfAllowIfAllAbstainDecisionsIsSet (line 111) | @Test
FILE: access/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java
class AuthenticatedVoterTests (line 40) | @SuppressWarnings("deprecation")
method createAnonymous (line 43) | private Authentication createAnonymous() {
method createFullyAuthenticated (line 47) | private Authentication createFullyAuthenticated() {
method createRememberMe (line 52) | private Authentication createRememberMe() {
method testAnonymousWorks (line 56) | @Test
method testFullyWorks (line 66) | @Test
method testRememberMeWorks (line 76) | @Test
method testSetterRejectsNull (line 86) | @Test
method testSupports (line 92) | @Test
FILE: access/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java
class ConsensusBasedTests (line 38) | @SuppressWarnings("deprecation")
method testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccessWithoutDefault (line 41) | @Test
method testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccessWithDefault (line 51) | @Test
method testOneAffirmativeVoteTwoAbstainVotesGrantsAccess (line 60) | @Test
method testOneDenyVoteTwoAbstainVotesDeniesAccess (line 67) | @Test
method testThreeAbstainVotesDeniesAccessWithDefault (line 75) | @Test
method testThreeAbstainVotesGrantsAccessWithoutDefault (line 84) | @Test
method testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess (line 93) | @Test
method makeDecisionManager (line 100) | private ConsensusBased makeDecisionManager() {
method makeTestToken (line 111) | private TestingAuthenticationToken makeTestToken() {
FILE: access/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java
class DenyAgainVoter (line 35) | @SuppressWarnings("deprecation")
method supports (line 38) | @Override
method supports (line 43) | @Override
method vote (line 48) | @Override
FILE: access/src/test/java/org/springframework/security/access/vote/DenyVoter.java
class DenyVoter (line 37) | @SuppressWarnings("deprecation")
method supports (line 40) | @Override
method supports (line 45) | @Override
method vote (line 50) | @Override
FILE: access/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java
class RoleHierarchyVoterTests (line 28) | @SuppressWarnings("deprecation")
method hierarchicalRoleIsIncludedInDecision (line 31) | @Test
FILE: access/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java
class RoleVoterTests (line 31) | @SuppressWarnings("deprecation")
method oneMatchingAttributeGrantsAccess (line 34) | @Test
method nullAuthenticationDenies (line 45) | @Test
FILE: access/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java
class UnanimousBasedTests (line 38) | @SuppressWarnings("deprecation")
method makeDecisionManager (line 41) | private UnanimousBased makeDecisionManager() {
method makeDecisionManagerWithFooBarPrefix (line 52) | private UnanimousBased makeDecisionManagerWithFooBarPrefix() {
method makeTestToken (line 64) | private TestingAuthenticationToken makeTestToken() {
method makeTestTokenWithFooBarPrefix (line 68) | private TestingAuthenticationToken makeTestTokenWithFooBarPrefix() {
method testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccess (line 72) | @Test
method testOneAffirmativeVoteTwoAbstainVotesGrantsAccess (line 80) | @Test
method testOneDenyVoteTwoAbstainVotesDeniesAccess (line 88) | @Test
method testRoleVoterPrefixObserved (line 96) | @Test
method testThreeAbstainVotesDeniesAccessWithDefault (line 104) | @Test
method testThreeAbstainVotesGrantsAccessWithoutDefault (line 113) | @Test
method testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess (line 123) | @Test
FILE: access/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java
class AclEntryAfterInvocationCollectionFilteringProviderTests (line 47) | @SuppressWarnings({ "unchecked", "deprecation" })
method objectsAreRemovedIfPermissionDenied (line 50) | @Test
method accessIsGrantedIfNoAttributesDefined (line 73) | @Test
method nullReturnObjectIsIgnored (line 82) | @Test
FILE: access/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java
class AclEntryAfterInvocationProviderTests (line 51) | @SuppressWarnings({ "unchecked", "deprecation" })
method rejectsMissingPermissions (line 54) | @Test
method accessIsAllowedIfPermissionIsGranted (line 62) | @Test
method accessIsGrantedIfNoAttributesDefined (line 79) | @Test
method accessIsGrantedIfObjectTypeNotSupported (line 88) | @Test
method accessIsDeniedIfPermissionIsNotGranted (line 99) | @Test
method nullReturnObjectIsIgnored (line 123) | @Test
FILE: access/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java
class ExpressionBasedMessageSecurityMetadataSourceFactoryTests (line 37) | @ExtendWith(MockitoExtension.class)
method setup (line 63) | @BeforeEach
method createExpressionMessageMetadataSourceNoMatch (line 75) | @Test
method createExpressionMessageMetadataSourceMatchFirst (line 81) | @Test
method createExpressionMessageMetadataSourceMatchSecond (line 92) | @Test
FILE: access/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java
class MessageExpressionConfigAttributeTests (line 39) | @ExtendWith(MockitoExtension.class)
method setup (line 51) | @BeforeEach
method constructorNullExpression (line 56) | @Test
method constructorNullMatcher (line 61) | @Test
method getAuthorizeExpression (line 67) | @Test
method getAttribute (line 72) | @Test
method toStringUsesExpressionString (line 77) | @Test
method postProcessContext (line 83) | @Test
FILE: access/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java
class MessageExpressionVoterTests (line 46) | @ExtendWith(MockitoExtension.class)
method setup (line 72) | @BeforeEach
method voteGranted (line 79) | @Test
method voteDenied (line 88) | @Test
method voteAbstain (line 97) | @Test
method supportsObjectClassFalse (line 105) | @Test
method supportsMessageClassTrue (line 111) | @Test
method supportsSecurityConfigFalse (line 117) | @Test
method supportsMessageExpressionConfigAttributeTrue (line 122) | @Test
method setExpressionHandlerNull (line 127) | @Test
method customExpressionHandler (line 133) | @Test
method postProcessEvaluationContext (line 146) | @Test
FILE: access/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java
class ChannelSecurityInterceptorTests (line 49) | @ExtendWith(MockitoExtension.class)
method setup (line 77) | @BeforeEach
method cleanup (line 87) | @AfterEach
method constructorMessageSecurityMetadataSourceNull (line 92) | @Test
method getSecureObjectClass (line 97) | @Test
method obtainSecurityMetadataSource (line 102) | @Test
method preSendNullAttributes (line 107) | @Test
method preSendGrant (line 112) | @Test
method preSendDeny (line 119) | @Test
method preSendPostSendRunAs (line 128) | @SuppressWarnings("unchecked")
method afterSendCompletionNotTokenMessageNoExceptionThrown (line 140) | @Test
method preSendFinallySendRunAs (line 145) | @SuppressWarnings("unchecked")
method preReceive (line 157) | @Test
method postReceive (line 162) | @Test
method afterReceiveCompletionNullExceptionNoExceptionThrown (line 167) | @Test
FILE: access/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java
class DefaultMessageSecurityMetadataSourceTests (line 38) | @ExtendWith(MockitoExtension.class)
method setup (line 62) | @BeforeEach
method getAttributesEmpty (line 70) | @Test
method getAttributesFirst (line 75) | @Test
method getAttributesSecond (line 81) | @Test
method getAllConfigAttributes (line 87) | @Test
method supportsFalse (line 92) | @Test
method supportsTrue (line 97) | @Test
FILE: access/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java
class DefaultWebInvocationPrivilegeEvaluatorTests (line 46) | @SuppressWarnings("deprecation")
method setUp (line 57) | @BeforeEach
method permitsAccessIfNoMatchingAttributesAndPublicInvocationsAllowed (line 71) | @Test
method deniesAccessIfNoMatchingAttributesAndPublicInvocationsNotAllowed (line 79) | @Test
method deniesAccessIfAuthenticationIsNull (line 88) | @Test
method allowsAccessIfAccessDecisionManagerDoes (line 94) | @Test
method deniesAccessIfAccessDecisionManagerDoes (line 101) | @SuppressWarnings("unchecked")
method isAllowedWhenServletContextIsSetThenPassedFilterInvocationHasServletContext (line 112) | @Test
FILE: access/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java
class ChannelDecisionManagerImplTests (line 45) | @SuppressWarnings({ "unchecked", "deprecation" })
method testCannotSetEmptyChannelProcessorsList (line 48) | @Test
method testCannotSetIncorrectObjectTypesIntoChannelProcessorsList (line 57) | @Test
method testCannotSetNullChannelProcessorsList (line 65) | @Test
method testDecideIsOperational (line 74) | @Test
method testAnyChannelAttributeCausesProcessorsToBeSkipped (line 92) | @Test
method testDecideIteratesAllProcessorsIfNoneCommitAResponse (line 107) | @Test
method testDelegatesSupports (line 124) | @Test
method testGettersSetters (line 139) | @Test
method testStartupFailsWithEmptyChannelProcessorsList (line 152) | @Test
class MockChannelProcessor (line 159) | private class MockChannelProcessor implements ChannelProcessor {
method MockChannelProcessor (line 165) | MockChannelProcessor(String configAttribute, boolean failIfCalled) {
method decide (line 170) | @Override
method supports (line 185) | @Override
FILE: access/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
class ChannelProcessingFilterTests (line 42) | @SuppressWarnings("deprecation")
method testDetectsMissingChannelDecisionManager (line 45) | @Test
method testDetectsMissingFilterInvocationSecurityMetadataSource (line 53) | @Test
method testDetectsSupportedConfigAttribute (line 60) | @Test
method testDetectsUnsupportedConfigAttribute (line 70) | @Test
method testDoFilterWhenManagerDoesCommitResponse (line 80) | @Test
method testDoFilterWhenManagerDoesNotCommitResponse (line 92) | @Test
method testDoFilterWhenNullConfigAttributeReturned (line 104) | @Test
method testGetterSetters (line 116) | @Test
class MockChannelDecisionManager (line 127) | private class MockChannelDecisionManager implements ChannelDecisionMan...
method MockChannelDecisionManager (line 133) | MockChannelDecisionManager(boolean commitAResponse, String supportAt...
method decide (line 138) | @Override
method supports (line 145) | @Override
class MockFilterInvocationDefinitionMap (line 152) | private class MockFilterInvocationDefinitionMap implements FilterInvoc...
method MockFilterInvocationDefinitionMap (line 160) | MockFilterInvocationDefinitionMap(String servletPath, boolean provid...
method getAttributes (line 166) | @Override
method getAllConfigAttributes (line 177) | @Override
method supports (line 185) | @Override
FILE: access/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java
class InsecureChannelProcessorTests (line 38) | @SuppressWarnings("deprecation")
method testDecideDetectsAcceptableChannel (line 41) | @Test
method testDecideDetectsUnacceptableChannel (line 54) | @Test
method testDecideRejectsNulls (line 68) | @Test
method testGettersSetters (line 75) | @Test
method testMissingEntryPoint (line 86) | @Test
method testMissingSecureChannelKeyword (line 94) | @Test
method testSupports (line 105) | @Test
FILE: access/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java
class RetryWithHttpEntryPointTests (line 39) | @SuppressWarnings("deprecation")
method testDetectsMissingPortMapper (line 42) | @Test
method testGettersSetters (line 48) | @Test
method testNormalOperation (line 59) | @Test
method testNormalOperationWithNullQueryString (line 73) | @Test
method testOperationWhenTargetPortIsUnknown (line 86) | @Test
method testOperationWithNonStandardPort (line 100) | @Test
FILE: access/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java
class RetryWithHttpsEntryPointTests (line 36) | @SuppressWarnings("deprecation")
method testDetectsMissingPortMapper (line 39) | @Test
method testGettersSetters (line 45) | @Test
method testNormalOperation (line 52) | @Test
method testNormalOperationWithNullQueryString (line 67) | @Test
method testOperationWhenTargetPortIsUnknown (line 80) | @Test
method testOperationWithNonStandardPort (line 94) | @Test
FILE: access/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java
class SecureChannelProcessorTests (line 38) | @SuppressWarnings("deprecation")
method testDecideDetectsAcceptableChannel (line 41) | @Test
method testDecideDetectsUnacceptableChannel (line 54) | @Test
method testDecideRejectsNulls (line 68) | @Test
method testGettersSetters (line 75) | @Test
method testMissingEntryPoint (line 86) | @Test
method testMissingSecureChannelKeyword (line 94) | @Test
method testSupports (line 105) | @Test
FILE: access/src/test/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandlerTests.java
class DefaultWebSecurityExpressionHandlerTests (line 42) | @ExtendWith(MockitoExtension.class)
method setup (line 56) | @BeforeEach
method cleanup (line 61) | @AfterEach
method expressionPropertiesAreResolvedAgainstAppContextBeans (line 66) | @Test
method setTrustResolverNull (line 81) | @Test
method createEvaluationContextCustomTrustResolver (line 87) | @Test
FILE: access/src/test/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSourceTests.java
class ExpressionBasedFilterInvocationSecurityMetadataSourceTests (line 36) | @SuppressWarnings("deprecation")
method expectedAttributeIsReturned (line 39) | @Test
method invalidExpressionIsRejected (line 55) | @Test
FILE: access/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
class WebExpressionVoterTests (line 44) | @SuppressWarnings({ "unchecked", "deprecation" })
method supportsWebConfigAttributeAndFilterInvocation (line 49) | @Test
method abstainsIfNoAttributeFound (line 59) | @Test
method grantsAccessIfExpressionIsTrueDeniesIfFalse (line 67) | @Test
method supportFilterInvocationSubClass (line 90) | @Test
method supportFilterInvocation (line 96) | @Test
method supportsObjectIsFalse (line 102) | @Test
class FilterInvocationChild (line 108) | private static class FilterInvocationChild extends FilterInvocation {
method FilterInvocationChild (line 110) | FilterInvocationChild(ServletRequest request, ServletResponse respon...
FILE: access/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
class DefaultFilterInvocationSecurityMetadataSourceTests (line 43) | @SuppressWarnings("deprecation")
method createFids (line 50) | private void createFids(String pattern, HttpMethod method) {
method lookupNotRequiringExactMatchSucceedsIfNotMatching (line 56) | @Test
method lookupNotRequiringExactMatchSucceedsIfSecureUrlPathContainsUpperCase (line 67) | @Test
method lookupRequiringExactMatchIsSuccessful (line 75) | @Test
method lookupRequiringExactMatchWithAdditionalSlashesIsSuccessful (line 83) | @Test
method httpMethodLookupSucceeds (line 92) | @Test
method generalMatchIsUsedIfNoMethodSpecificMatchExists (line 100) | @Test
method requestWithDifferentHttpMethodDoesntMatch (line 108) | @Test
method mixingPatternsWithAndWithoutHttpMethodsIsSupported (line 117) | @Test
method extraQuestionMarkStillMatches (line 133) | @Test
method createFilterInvocation (line 144) | private FilterInvocation createFilterInvocation(String servletPath, St...
FILE: access/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java
class FilterSecurityInterceptorTests (line 65) | @SuppressWarnings("deprecation")
method setUp (line 80) | @BeforeEach
method tearDown (line 96) | @AfterEach
method testEnsuresAccessDecisionManagerSupportsFilterInvocationClass (line 101) | @Test
method testEnsuresRunAsManagerSupportsFilterInvocationClass (line 107) | @Test
method testSuccessfulInvocation (line 118) | @Test
method afterInvocationIsNotInvokedIfExceptionThrown (line 130) | @Test
method finallyInvocationIsInvokedIfExceptionThrown (line 146) | @Test
method doFilterWhenObserveOncePerRequestThenAttributeNotSet (line 170) | @Test
method doFilterWhenObserveOncePerRequestFalseAndInvokedTwiceThenObserveTwice (line 180) | @Test
method createinvocation (line 191) | private FilterInvocation createinvocation() {
FILE: acl/src/main/java/org/springframework/security/acls/AclPermissionCacheOptimizer.java
class AclPermissionCacheOptimizer (line 43) | public class AclPermissionCacheOptimizer implements PermissionCacheOptim...
method AclPermissionCacheOptimizer (line 53) | public AclPermissionCacheOptimizer(AclService aclService) {
method cachePermissionsFor (line 57) | @Override
method setObjectIdentityRetrievalStrategy (line 74) | public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrieval...
method setSidRetrievalStrategy (line 78) | public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalS...
FILE: acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
class AclPermissionEvaluator (line 53) | public class AclPermissionEvaluator implements PermissionEvaluator {
method AclPermissionEvaluator (line 67) | public AclPermissionEvaluator(AclService aclService) {
method hasPermission (line 76) | @Override
method hasPermission (line 85) | @Override
method checkPermission (line 92) | private boolean checkPermission(Authentication authentication, ObjectI...
method resolvePermission (line 112) | List<Permission> resolvePermission(Object permission) {
method buildPermission (line 131) | private Permission buildPermission(String permString) {
method setObjectIdentityRetrievalStrategy (line 140) | public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrieval...
method setObjectIdentityGenerator (line 144) | public void setObjectIdentityGenerator(ObjectIdentityGenerator objectI...
method setSidRetrievalStrategy (line 148) | public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalS...
method setPermissionFactory (line 152) | public void setPermissionFactory(PermissionFactory permissionFactory) {
FILE: acl/src/main/java/org/springframework/security/acls/aot/hint/AclRuntimeHints.java
class AclRuntimeHints (line 46) | class AclRuntimeHints implements RuntimeHintsRegistrar {
method registerHints (line 48) | @Override
method registerAclDomainHints (line 54) | private void registerAclDomainHints(RuntimeHints hints) {
method registerJdbcSchemaHints (line 67) | private void registerJdbcSchemaHints(RuntimeHints hints) {
FILE: acl/src/main/java/org/springframework/security/acls/domain/AbstractPermission.java
class AbstractPermission (line 27) | public abstract class AbstractPermission implements Permission {
method AbstractPermission (line 38) | protected AbstractPermission(int mask) {
method AbstractPermission (line 49) | protected AbstractPermission(int mask, char code) {
method equals (line 54) | @Override
method hashCode (line 65) | @Override
method toString (line 70) | @Override
method getMask (line 75) | @Override
method getPattern (line 80) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java
class AccessControlEntryImpl (line 35) | public class AccessControlEntryImpl implements AccessControlEntry, Audit...
method AccessControlEntryImpl (line 51) | public AccessControlEntryImpl(@Nullable Serializable id, Acl acl, Sid ...
method equals (line 65) | @Override
method hashCode (line 121) | @Override
method getAcl (line 132) | @Override
method getId (line 137) | @Override
method getPermission (line 142) | @Override
method getSid (line 147) | @Override
method isAuditFailure (line 152) | @Override
method isAuditSuccess (line 157) | @Override
method isGranting (line 162) | @Override
method setAuditFailure (line 167) | void setAuditFailure(boolean auditFailure) {
method setAuditSuccess (line 171) | void setAuditSuccess(boolean auditSuccess) {
method setPermission (line 175) | void setPermission(Permission permission) {
method toString (line 180) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java
type AclAuthorizationStrategy (line 27) | public interface AclAuthorizationStrategy {
method securityCheck (line 35) | void securityCheck(Acl acl, int changeType);
FILE: acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java
class AclAuthorizationStrategyImpl (line 52) | public class AclAuthorizationStrategyImpl implements AclAuthorizationStr...
method AclAuthorizationStrategyImpl (line 77) | public AclAuthorizationStrategyImpl(GrantedAuthority... auths) {
method securityCheck (line 92) | @Override
method getRequiredAuthority (line 134) | private GrantedAuthority getRequiredAuthority(int changeType) {
method createCurrentUser (line 153) | protected Sid createCurrentUser(Authentication authentication) {
method setSidRetrievalStrategy (line 157) | public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalS...
method setSecurityContextHolderStrategy (line 168) | public void setSecurityContextHolderStrategy(SecurityContextHolderStra...
method setRoleHierarchy (line 178) | public void setRoleHierarchy(RoleHierarchy roleHierarchy) {
FILE: acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java
class AclFormattingUtils (line 27) | public abstract class AclFormattingUtils {
method demergePatterns (line 29) | public static String demergePatterns(String original, String removeBit...
method mergePatterns (line 46) | public static String mergePatterns(String original, String extraBits) {
method printBinary (line 71) | public static String printBinary(int i) {
method printBinary (line 84) | public static String printBinary(int mask, char code) {
method printBinary (line 92) | private static String printBinary(int i, char on, char off) {
FILE: acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java
class AclImpl (line 44) | public class AclImpl implements Acl, MutableAcl, AuditableAcl, Ownership...
method AclImpl (line 75) | public AclImpl(ObjectIdentity objectIdentity, Serializable id, AclAuth...
method AclImpl (line 101) | public AclImpl(ObjectIdentity objectIdentity, Serializable id, AclAuth...
method AclImpl (line 122) | @SuppressWarnings({ "unused", "NullAway.Init" })
method deleteAce (line 126) | @Override
method verifyAceIndexExists (line 135) | private void verifyAceIndexExists(int aceIndex) {
method insertAce (line 145) | @Override
method getEntries (line 164) | @Override
method getId (line 171) | @Override
method getObjectIdentity (line 176) | @Override
method isEntriesInheriting (line 181) | @Override
method isGranted (line 192) | @Override
method isSidLoaded (line 203) | @Override
method setEntriesInheriting (line 229) | @Override
method setOwner (line 235) | @Override
method getOwner (line 242) | @Override
method setParent (line 247) | @Override
method getParentAcl (line 254) | @Override
method updateAce (line 259) | @Override
method updateAuditing (line 269) | @Override
method equals (line 280) | @Override
method hashCode (line 300) | @Override
method toString (line 315) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java
type AuditLogger (line 26) | public interface AuditLogger {
method logIfNeeded (line 28) | void logIfNeeded(boolean granted, AccessControlEntry ace);
FILE: acl/src/main/java/org/springframework/security/acls/domain/BasePermission.java
class BasePermission (line 31) | public class BasePermission extends AbstractPermission {
method BasePermission (line 43) | protected BasePermission(int mask) {
method BasePermission (line 47) | protected BasePermission(int mask, char code) {
FILE: acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java
class ConsoleAuditLogger (line 28) | public class ConsoleAuditLogger implements AuditLogger {
method logIfNeeded (line 30) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java
class CumulativePermission (line 31) | public class CumulativePermission extends AbstractPermission {
method CumulativePermission (line 35) | public CumulativePermission() {
method clear (line 39) | public CumulativePermission clear(Permission permission) {
method clear (line 45) | public CumulativePermission clear() {
method set (line 51) | public CumulativePermission set(Permission permission) {
method getPattern (line 57) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
class DefaultPermissionFactory (line 41) | public class DefaultPermissionFactory implements PermissionFactory {
method DefaultPermissionFactory (line 50) | public DefaultPermissionFactory() {
method DefaultPermissionFactory (line 57) | public DefaultPermissionFactory(Class<? extends Permission> permission...
method DefaultPermissionFactory (line 65) | public DefaultPermissionFactory(Map<String, ? extends Permission> name...
method registerPublicPermissions (line 78) | protected void registerPublicPermissions(Class<? extends Permission> c...
method registerPermission (line 96) | protected void registerPermission(Permission perm, String permissionNa...
method buildFromMask (line 112) | @Override
method buildFromName (line 134) | @Override
method buildFromNames (line 141) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionGrantingStrategy.java
class DefaultPermissionGrantingStrategy (line 29) | public class DefaultPermissionGrantingStrategy implements PermissionGran...
method DefaultPermissionGrantingStrategy (line 37) | public DefaultPermissionGrantingStrategy(AuditLogger auditLogger) {
method isGranted (line 74) | @Override
method isGranted (line 147) | protected boolean isGranted(AccessControlEntry ace, Permission p) {
FILE: acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java
class GrantedAuthoritySid (line 33) | public class GrantedAuthoritySid implements Sid {
method GrantedAuthoritySid (line 37) | public GrantedAuthoritySid(String grantedAuthority) {
method GrantedAuthoritySid (line 42) | public GrantedAuthoritySid(GrantedAuthority grantedAuthority) {
method equals (line 49) | @Override
method hashCode (line 59) | @Override
method getGrantedAuthority (line 64) | public String getGrantedAuthority() {
method toString (line 68) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java
class IdentityUnavailableException (line 24) | public class IdentityUnavailableException extends RuntimeException {
method IdentityUnavailableException (line 30) | public IdentityUnavailableException(String msg) {
method IdentityUnavailableException (line 40) | public IdentityUnavailableException(String msg, Throwable cause) {
FILE: acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java
class ObjectIdentityImpl (line 34) | public class ObjectIdentityImpl implements ObjectIdentity {
method ObjectIdentityImpl (line 40) | public ObjectIdentityImpl(String type, Serializable identifier) {
method ObjectIdentityImpl (line 51) | public ObjectIdentityImpl(Class<?> javaType, Serializable identifier) {
method ObjectIdentityImpl (line 68) | public ObjectIdentityImpl(Object object) throws IdentityUnavailableExc...
method invokeGetIdMethod (line 78) | private Object invokeGetIdMethod(Object object, Class<?> typeClass) {
method equals (line 99) | @Override
method getIdentifier (line 120) | @Override
method getType (line 125) | @Override
method hashCode (line 134) | @Override
method toString (line 141) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java
class ObjectIdentityRetrievalStrategyImpl (line 32) | public class ObjectIdentityRetrievalStrategyImpl implements ObjectIdenti...
method getObjectIdentity (line 34) | @Override
method createObjectIdentity (line 39) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/domain/PermissionFactory.java
type PermissionFactory (line 30) | public interface PermissionFactory {
method buildFromMask (line 38) | Permission buildFromMask(int mask);
method buildFromName (line 40) | Permission buildFromName(String name);
method buildFromNames (line 42) | List<Permission> buildFromNames(List<String> names);
FILE: acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java
class PrincipalSid (line 33) | public class PrincipalSid implements Sid {
method PrincipalSid (line 37) | public PrincipalSid(String principal) {
method PrincipalSid (line 42) | public PrincipalSid(Authentication authentication) {
method equals (line 48) | @Override
method hashCode (line 58) | @Override
method getPrincipal (line 63) | public String getPrincipal() {
method toString (line 67) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
class SidRetrievalStrategyImpl (line 42) | public class SidRetrievalStrategyImpl implements SidRetrievalStrategy {
method SidRetrievalStrategyImpl (line 46) | public SidRetrievalStrategyImpl() {
method SidRetrievalStrategyImpl (line 49) | public SidRetrievalStrategyImpl(RoleHierarchy roleHierarchy) {
method getSids (line 54) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/domain/SpringCacheBasedAclCache.java
class SpringCacheBasedAclCache (line 44) | public class SpringCacheBasedAclCache implements AclCache {
method SpringCacheBasedAclCache (line 52) | public SpringCacheBasedAclCache(Cache cache, PermissionGrantingStrateg...
method evictFromCache (line 62) | @Override
method evictFromCache (line 72) | @Override
method getFromCache (line 82) | @Override
method getFromCache (line 88) | @Override
method putInCache (line 94) | @Override
method getFromCache (line 106) | private @Nullable MutableAcl getFromCache(Object key) {
method initializeTransientFields (line 118) | private MutableAcl initializeTransientFields(MutableAcl value) {
method clearCache (line 129) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/jdbc/AclClassIdUtils.java
class AclClassIdUtils (line 43) | class AclClassIdUtils {
method AclClassIdUtils (line 51) | AclClassIdUtils() {
method AclClassIdUtils (line 58) | AclClassIdUtils(ConversionService conversionService) {
method identifierFrom (line 71) | @Nullable Serializable identifierFrom(Serializable identifier, ResultS...
method hasValidClassIdType (line 80) | private boolean hasValidClassIdType(ResultSet resultSet) {
method classIdTypeFrom (line 90) | private @Nullable Class<? extends Serializable> classIdTypeFrom(Result...
method classIdTypeFrom (line 100) | private @Nullable Class<? extends Serializable> classIdTypeFrom(String...
method canConvertFromStringTo (line 117) | private <T> boolean canConvertFromStringTo(Class<T> targetType) {
method convertFromStringTo (line 121) | private <T extends Serializable> @Nullable T convertFromStringTo(Strin...
method convertToLong (line 135) | private @Nullable Long convertToLong(Serializable identifier) {
method isString (line 142) | private boolean isString(Serializable object) {
method setConversionService (line 146) | void setConversionService(ConversionService conversionService) {
class StringToLongConverter (line 151) | private static class StringToLongConverter implements Converter<String...
method convert (line 153) | @Override
class StringToUUIDConverter (line 165) | private static class StringToUUIDConverter implements Converter<String...
method convert (line 167) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
class BasicLookupStrategy (line 85) | public class BasicLookupStrategy implements LookupStrategy {
method BasicLookupStrategy (line 149) | public BasicLookupStrategy(DataSource dataSource, AclCache aclCache,
method BasicLookupStrategy (line 161) | public BasicLookupStrategy(DataSource dataSource, AclCache aclCache,
method computeRepeatingSql (line 177) | private String computeRepeatingSql(String repeatingSql, int requiredRe...
method readAces (line 194) | @SuppressWarnings("unchecked")
method setAclOnAce (line 204) | private void setAclOnAce(AccessControlEntryImpl ace, AclImpl acl) {
method setAces (line 213) | private void setAces(AclImpl acl, List<AccessControlEntryImpl> aces) {
method lookupPrimaryKeys (line 229) | private void lookupPrimaryKeys(final Map<Serializable, Acl> acls, fina...
method setKeys (line 243) | private void setKeys(PreparedStatement ps, Set<Long> findNow) throws S...
method readAclsById (line 269) | @Override
method lookupObjectIdentities (line 328) | private Map<ObjectIdentity, Acl> lookupObjectIdentities(final Collecti...
method setupLookupObjectIdentitiesStatement (line 360) | private void setupLookupObjectIdentitiesStatement(PreparedStatement ps...
method convert (line 386) | private AclImpl convert(Map<Serializable, Acl> inputMap, Long currentI...
method createSid (line 440) | protected Sid createSid(boolean isPrincipal, String sid) {
method setPermissionFactory (line 453) | public final void setPermissionFactory(PermissionFactory permissionFac...
method setBatchSize (line 457) | public final void setBatchSize(int batchSize) {
method setSelectClause (line 467) | public final void setSelectClause(String selectClause) {
method setLookupPrimaryKeysWhereClause (line 474) | public final void setLookupPrimaryKeysWhereClause(String lookupPrimary...
method setLookupObjectIdentitiesWhereClause (line 481) | public final void setLookupObjectIdentitiesWhereClause(String lookupOb...
method setOrderByClause (line 488) | public final void setOrderByClause(String orderByClause) {
method setAclClassIdSupported (line 492) | public final void setAclClassIdSupported(boolean aclClassIdSupported) {
method setObjectIdentityGenerator (line 501) | public final void setObjectIdentityGenerator(ObjectIdentityGenerator o...
method setConversionService (line 506) | public final void setConversionService(ConversionService conversionSer...
class ProcessResultSet (line 510) | private class ProcessResultSet implements ResultSetExtractor<Set<Long>> {
method ProcessResultSet (line 516) | ProcessResultSet(Map<Serializable, Acl> acls, @Nullable List<Sid> si...
method extractData (line 532) | @Override
method convertCurrentResultIntoObject (line 574) | private void convertCurrentResultIntoObject(Map<Serializable, Acl> a...
class StubAclParent (line 637) | private static class StubAclParent implements Acl {
method StubAclParent (line 641) | StubAclParent(Long id) {
method getId (line 645) | Long getId() {
method getEntries (line 649) | @Override
method getObjectIdentity (line 654) | @Override
method getOwner (line 659) | @Override
method getParentAcl (line 664) | @Override
method isEntriesInheriting (line 669) | @Override
method isGranted (line 674) | @Override
method isSidLoaded (line 680) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java
class JdbcAclService (line 53) | public class JdbcAclService implements AclService {
method JdbcAclService (line 88) | public JdbcAclService(DataSource dataSource, LookupStrategy lookupStra...
method JdbcAclService (line 92) | public JdbcAclService(JdbcOperations jdbcOperations, LookupStrategy lo...
method findChildren (line 101) | @Override
method mapObjectIdentityRow (line 109) | private ObjectIdentity mapObjectIdentityRow(ResultSet rs) throws SQLEx...
method readAclById (line 119) | @Override
method readAclById (line 127) | @Override
method readAclsById (line 132) | @Override
method readAclsById (line 137) | @Override
method setFindChildrenQuery (line 155) | public void setFindChildrenQuery(String findChildrenSql) {
method setAclClassIdSupported (line 159) | public void setAclClassIdSupported(boolean aclClassIdSupported) {
method setConversionService (line 172) | public void setConversionService(ConversionService conversionService) {
method setObjectIdentityGenerator (line 176) | public void setObjectIdentityGenerator(ObjectIdentityGenerator objectI...
method isAclClassIdSupported (line 181) | protected boolean isAclClassIdSupported() {
FILE: acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java
class JdbcMutableAclService (line 64) | public class JdbcMutableAclService extends JdbcAclService implements Mut...
method JdbcMutableAclService (line 107) | public JdbcMutableAclService(DataSource dataSource, LookupStrategy loo...
method createAcl (line 113) | @Override
method createEntries (line 144) | protected void createEntries(final MutableAcl acl) {
method createObjectIdentity (line 184) | protected void createObjectIdentity(ObjectIdentity object, Sid owner) {
method createOrRetrieveClassPrimaryKey (line 198) | protected @Nullable Long createOrRetrieveClassPrimaryKey(String type, ...
method createOrRetrieveSidPrimaryKey (line 233) | protected @Nullable Long createOrRetrieveSidPrimaryKey(Sid sid, boolea...
method createOrRetrieveSidPrimaryKey (line 254) | protected @Nullable Long createOrRetrieveSidPrimaryKey(String sidName,...
method deleteAcl (line 274) | @Override
method deleteEntries (line 318) | protected void deleteEntries(Long oidPrimaryKey) {
method deleteObjectIdentity (line 330) | protected void deleteObjectIdentity(Long oidPrimaryKey) {
method retrieveObjectIdentityPrimaryKey (line 342) | protected @Nullable Long retrieveObjectIdentityPrimaryKey(ObjectIdenti...
method updateAcl (line 359) | @Override
method clearCacheIncludingChildren (line 384) | private void clearCacheIncludingChildren(ObjectIdentity objectIdentity) {
method updateObjectIdentity (line 402) | protected void updateObjectIdentity(MutableAcl acl) {
method setClassIdentityQuery (line 425) | public void setClassIdentityQuery(String classIdentityQuery) {
method setSidIdentityQuery (line 436) | public void setSidIdentityQuery(String sidIdentityQuery) {
method setDeleteEntryByObjectIdentityForeignKeySql (line 441) | public void setDeleteEntryByObjectIdentityForeignKeySql(String deleteE...
method setDeleteObjectIdentityByPrimaryKeySql (line 445) | public void setDeleteObjectIdentityByPrimaryKeySql(String deleteObject...
method setInsertClassSql (line 449) | public void setInsertClassSql(String insertClass) {
method setInsertEntrySql (line 453) | public void setInsertEntrySql(String insertEntry) {
method setInsertObjectIdentitySql (line 457) | public void setInsertObjectIdentitySql(String insertObjectIdentity) {
method setInsertSidSql (line 461) | public void setInsertSidSql(String insertSid) {
method setClassPrimaryKeyQuery (line 465) | public void setClassPrimaryKeyQuery(String selectClassPrimaryKey) {
method setObjectIdentityPrimaryKeyQuery (line 469) | public void setObjectIdentityPrimaryKeyQuery(String selectObjectIdenti...
method setSidPrimaryKeyQuery (line 473) | public void setSidPrimaryKeyQuery(String selectSidPrimaryKey) {
method setUpdateObjectIdentity (line 477) | public void setUpdateObjectIdentity(String updateObjectIdentity) {
method setForeignKeysInDatabase (line 486) | public void setForeignKeysInDatabase(boolean foreignKeysInDatabase) {
method setAclClassIdSupported (line 490) | @Override
method setSecurityContextHolderStrategy (line 510) | public void setSecurityContextHolderStrategy(SecurityContextHolderStra...
FILE: acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java
type LookupStrategy (line 34) | public interface LookupStrategy {
method readAclsById (line 47) | Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, @N...
FILE: acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java
type AccessControlEntry (line 33) | public interface AccessControlEntry extends Serializable {
method getAcl (line 35) | Acl getAcl();
method getId (line 41) | @Nullable Serializable getId();
method getPermission (line 43) | Permission getPermission();
method getSid (line 45) | Sid getSid();
method isGranting (line 52) | boolean isGranting();
FILE: acl/src/main/java/org/springframework/security/acls/model/Acl.java
type Acl (line 43) | public interface Acl extends Serializable {
method getEntries (line 72) | List<AccessControlEntry> getEntries();
method getObjectIdentity (line 79) | ObjectIdentity getObjectIdentity();
method getOwner (line 87) | @Nullable Sid getOwner();
method getParentAcl (line 108) | @Nullable Acl getParentAcl();
method isEntriesInheriting (line 122) | boolean isEntriesInheriting();
method isGranted (line 173) | boolean isGranted(List<Permission> permission, List<Sid> sids, boolean...
method isSidLoaded (line 194) | boolean isSidLoaded(@Nullable List<Sid> sids);
FILE: acl/src/main/java/org/springframework/security/acls/model/AclCache.java
type AclCache (line 30) | public interface AclCache {
method evictFromCache (line 32) | void evictFromCache(Serializable pk);
method evictFromCache (line 34) | void evictFromCache(ObjectIdentity objectIdentity);
method getFromCache (line 36) | @Nullable MutableAcl getFromCache(ObjectIdentity objectIdentity);
method getFromCache (line 38) | @Nullable MutableAcl getFromCache(Serializable pk);
method putInCache (line 40) | void putInCache(MutableAcl acl);
method clearCache (line 42) | void clearCache();
FILE: acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java
class AclDataAccessException (line 25) | public abstract class AclDataAccessException extends RuntimeException {
method AclDataAccessException (line 33) | public AclDataAccessException(String msg, Throwable cause) {
method AclDataAccessException (line 42) | public AclDataAccessException(String msg) {
FILE: acl/src/main/java/org/springframework/security/acls/model/AclService.java
type AclService (line 29) | public interface AclService {
method findChildren (line 37) | @Nullable List<ObjectIdentity> findChildren(ObjectIdentity parentIdent...
method readAclById (line 52) | Acl readAclById(ObjectIdentity object) throws NotFoundException;
method readAclById (line 64) | Acl readAclById(ObjectIdentity object, @Nullable List<Sid> sids) throw...
method readAclsById (line 78) | Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects) th...
method readAclsById (line 103) | Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, @N...
FILE: acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java
class AlreadyExistsException (line 24) | public class AlreadyExistsException extends AclDataAccessException {
method AlreadyExistsException (line 30) | public AlreadyExistsException(String msg) {
method AlreadyExistsException (line 40) | public AlreadyExistsException(String msg, Throwable cause) {
FILE: acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java
type AuditableAccessControlEntry (line 24) | public interface AuditableAccessControlEntry extends AccessControlEntry {
method isAuditFailure (line 26) | boolean isAuditFailure();
method isAuditSuccess (line 28) | boolean isAuditSuccess();
FILE: acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java
type AuditableAcl (line 24) | public interface AuditableAcl extends MutableAcl {
method updateAuditing (line 26) | void updateAuditing(int aceIndex, boolean auditSuccess, boolean auditF...
FILE: acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java
class ChildrenExistException (line 24) | public class ChildrenExistException extends AclDataAccessException {
method ChildrenExistException (line 30) | public ChildrenExistException(String msg) {
method ChildrenExistException (line 40) | public ChildrenExistException(String msg, Throwable cause) {
FILE: acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java
type MutableAcl (line 29) | public interface MutableAcl extends Acl {
method deleteAce (line 31) | void deleteAce(int aceIndex) throws NotFoundException;
method getId (line 37) | Serializable getId();
method insertAce (line 39) | void insertAce(int atIndexLocation, Permission permission, Sid sid, bo...
method setOwner (line 45) | void setOwner(Sid newOwner);
method setEntriesInheriting (line 51) | void setEntriesInheriting(boolean entriesInheriting);
method setParent (line 57) | void setParent(Acl newParent);
method updateAce (line 59) | void updateAce(int aceIndex, Permission permission) throws NotFoundExc...
FILE: acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java
type MutableAclService (line 24) | public interface MutableAclService extends AclService {
method createAcl (line 33) | MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExis...
method deleteAcl (line 42) | void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren) ...
method updateAcl (line 51) | MutableAcl updateAcl(MutableAcl acl) throws NotFoundException;
FILE: acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java
class NotFoundException (line 24) | public class NotFoundException extends AclDataAccessException {
method NotFoundException (line 30) | public NotFoundException(String msg) {
method NotFoundException (line 40) | public NotFoundException(String msg, Throwable cause) {
FILE: acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java
type ObjectIdentity (line 35) | public interface ObjectIdentity extends Serializable {
method equals (line 42) | @Override
method getIdentifier (line 57) | Serializable getIdentifier();
method getType (line 65) | String getType();
method hashCode (line 71) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityGenerator.java
type ObjectIdentityGenerator (line 31) | public interface ObjectIdentityGenerator {
method createObjectIdentity (line 39) | ObjectIdentity createObjectIdentity(Serializable id, String type);
FILE: acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java
type ObjectIdentityRetrievalStrategy (line 25) | public interface ObjectIdentityRetrievalStrategy {
method getObjectIdentity (line 27) | ObjectIdentity getObjectIdentity(Object domainObject);
FILE: acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java
type OwnershipAcl (line 28) | public interface OwnershipAcl extends MutableAcl {
method setOwner (line 30) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/model/Permission.java
type Permission (line 26) | public interface Permission extends Serializable {
method getMask (line 38) | int getMask();
method getPattern (line 58) | String getPattern();
FILE: acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java
type PermissionGrantingStrategy (line 28) | public interface PermissionGrantingStrategy {
method isGranted (line 34) | boolean isGranted(Acl acl, List<Permission> permission, List<Sid> sids...
FILE: acl/src/main/java/org/springframework/security/acls/model/Sid.java
type Sid (line 34) | public interface Sid extends Serializable {
method equals (line 42) | @Override
method hashCode (line 50) | @Override
FILE: acl/src/main/java/org/springframework/security/acls/model/SidRetrievalStrategy.java
type SidRetrievalStrategy (line 29) | public interface SidRetrievalStrategy {
method getSids (line 31) | List<Sid> getSids(Authentication authentication);
FILE: acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java
class UnloadedSidException (line 26) | public class UnloadedSidException extends AclDataAccessException {
method UnloadedSidException (line 32) | public UnloadedSidException(String msg) {
method UnloadedSidException (line 42) | public UnloadedSidException(String msg, Throwable cause) {
FILE: acl/src/main/resources/createAclSchema.sql
type acl_sid (line 8) | create table acl_sid(
type acl_class (line 15) | create table acl_class(
type acl_object_identity (line 21) | create table acl_object_identity(
type acl_entry (line 34) | create table acl_entry(
FILE: acl/src/main/resources/createAclSchemaMySQL.sql
type acl_sid (line 8) | CREATE TABLE acl_sid (
type acl_class (line 15) | CREATE TABLE acl_class (
type acl_object_identity (line 21) | CREATE TABLE acl_object_identity (
type acl_entry (line 34) | CREATE TABLE acl_entry (
FILE: acl/src/main/resources/createAclSchemaOracle.sql
type acl_sid (line 16) | CREATE TABLE acl_sid (
FILE: acl/src/main/resources/createAclSchemaPostgres.sql
type acl_sid (line 8) | create table acl_sid(
type acl_class (line 15) | create table acl_class(
type acl_object_identity (line 22) | create table acl_object_identity(
type acl_entry (line 35) | create table acl_entry(
FILE: acl/src/main/resources/createAclSchemaSqlServer.sql
type acl_sid (line 8) | CREATE TABLE acl_sid (
type acl_class (line 15) | CREATE TABLE acl_class (
type acl_object_identity (line 21) | CREATE TABLE acl_object_identity (
type acl_entry (line 34) | CREATE TABLE acl_entry (
FILE: acl/src/main/resources/createAclSchemaWithAclClassIdType.sql
type acl_sid (line 8) | create table acl_sid(
type acl_class (line 15) | create table acl_class(
type acl_object_identity (line 22) | create table acl_object_identity(
type acl_entry (line 35) | create table acl_entry(
FILE: acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java
class AclFormattingUtilsTests (line 33) | public class AclFormattingUtilsTests {
method testDemergePatternsParametersConstraints (line 35) | @Test
method testDemergePatterns (line 44) | @Test
method testMergePatternsParametersConstraints (line 54) | @Test
method testMergePatterns (line 63) | @Test
method testBinaryPrints (line 72) | @Test
method testPrintBinaryNegative (line 82) | @Test
method testPrintBinaryMinusOne (line 87) | @Test
FILE: acl/src/test/java/org/springframework/security/acls/AclPermissionCacheOptimizerTests.java
class AclPermissionCacheOptimizerTests (line 42) | @SuppressWarnings({ "unchecked" })
method eagerlyLoadsRequiredAcls (line 45) | @Test
method ignoresEmptyCollection (line 62) | @Test
FILE: acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
class AclPermissionEvaluatorTests (line 41) | public class AclPermissionEvaluatorTests {
method hasPermissionReturnsTrueIfAclGrantsPermission (line 43) | @Test
method resolvePermissionNonEnglishLocale (line 58) | @Test
FILE: acl/src/test/java/org/springframework/security/acls/TargetObject.java
class TargetObject (line 24) | public final class TargetObject {
FILE: acl/src/test/java/org/springframework/security/acls/TargetObjectWithUUID.java
class TargetObjectWithUUID (line 26) | public final class TargetObjectWithUUID {
method getId (line 30) | public UUID getId() {
method setId (line 34) | public void setId(UUID id) {
FILE: acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java
class AccessControlImplEntryTests (line 37) | public class AccessControlImplEntryTests {
method testConstructorRequiredFields (line 39) | @Test
method testAccessControlEntryImplGetters (line 52) | @Test
method testEquals (line 69) | @Test
FILE: acl/src/test/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImplTests.java
class AclAuthorizationStrategyImplTests (line 46) | @ExtendWith(MockitoExtension.class)
method setup (line 61) | @BeforeEach
method cleanup (line 71) | @AfterEach
method securityCheckWhenCustomAuthorityThenNameIsUsed (line 77) | @Test
method securityCheckWhenAclOwnedByGrantedAuthority (line 84) | @Test
method securityCheckWhenRoleReachableByHierarchyThenAuthorized (line 91) | @Test
method securityCheckWhenCustomSecurityContextHolderStrategyThenUses (line 100) | @Test
class CustomAuthority (line 110) | @SuppressWarnings("serial")
method getAuthority (line 113) | @Override
FILE: acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java
class AclImplTests (line 58) | public class AclImplTests {
method setUp (line 86) | @BeforeEach
method tearDown (line 96) | @AfterEach
method constructorsRejectNullObjectIdentity (line 101) | @Test
method constructorsRejectNullId (line 109) | @Test
method constructorsRejectNullAclAuthzStrategy (line 117) | @Test
method insertAceRejectsNullParameters (line 126) | @Test
method insertAceAddsElementAtCorrectIndex (line 135) | @Test
method insertAceFailsForNonExistentElement (line 169) | @Test
method deleteAceKeepsInitialOrdering (line 181) | @Test
method deleteAceFailsForNonExistentElement (line 210) | @Test
method isGrantingRejectsEmptyParameters (line 220) | @Test
method isGrantingGrantsAccessForAclWithNoParent (line 230) | @Test
method isGrantingGrantsAccessForInheritableAcls (line 262) | @Test
method updatedAceValuesAreCorrectlyReflectedInAcl (line 317) | @Test
method auditableEntryFlagsAreUpdatedCorrectly (line 342) | @Test
method gettersAndSettersAreConsistent (line 365) | @Test
method isSidLoadedBehavesAsExpected (line 394) | @Test
method insertAceRaisesNotFoundExceptionForIndexLessThanZero (line 417) | @Test
method deleteAceRaisesNotFoundExceptionForIndexLessThanZero (line 425) | @Test
method insertAceRaisesNotFoundExceptionForIndexGreaterThanSize (line 432) | @Test
method deleteAceRaisesNotFoundExceptionForIndexEqualToSize (line 444) | @Test
method changingParentIsSuccessful (line 454) | @Test
method maskPermissionGrantingStrategy (line 464) | @Test
method hashCodeWithoutStackOverFlow (line 480) | @Test
class MaskPermissionGrantingStrategy (line 496) | private static class MaskPermissionGrantingStrategy extends DefaultPer...
method MaskPermissionGrantingStrategy (line 498) | MaskPermissionGrantingStrategy(AuditLogger auditLogger) {
method isGranted (line 502) | @Override
class MockAclService (line 512) | private class MockAclService implements MutableAclService {
method createAcl (line 514) | @Override
method deleteAcl (line 519) | @Override
method updateAcl (line 530) | @Override
method findChildren (line 555) | @Override
method readAclById (line 560) | @Override
method readAclById (line 565) | @Override
method readAclsById (line 570) | @Override
method readAclsById (line 575) | @Override
FILE: acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java
class AclImplementationSecurityCheckTests (line 42) | public class AclImplementationSecurityCheckTests {
method setUp (line 46) | @BeforeEach
method tearDown (line 51) | @AfterEach
method testSecurityCheckNoACEs (line 56) | @Test
method testSecurityCheckWithMultipleACEs (line 84) | @Test
method testSecurityCheckWithInheritableACEs (line 134) | @Test
method testSecurityCheckPrincipalOwner (line 171) | @Test
FILE: acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java
class AuditLoggerTests (line 38) | public class AuditLoggerTests {
method setUp (line 48) | @BeforeEach
method tearDown (line 56) | @AfterEach
method nonAuditableAceIsIgnored (line 62) | @Test
method successIsNotLoggedIfAceDoesntRequireSuccessAudit (line 69) | @Test
method successIsLoggedIfAceRequiresSuccessAudit (line 76) | @Test
method failureIsntLoggedIfAceDoesntRequireFailureAudit (line 83) | @Test
method failureIsLoggedIfAceRequiresFailureAudit (line 90) | @Test
FILE: acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java
class ObjectIdentityImplTests (line 33) | @SuppressWarnings("unused")
method constructorsRespectRequiredFields (line 38) | @Test
method gettersReturnExpectedValues (line 52) | @Test
method testGetIdMethodConstraints (line 59) | @Test
method constructorRejectsInvalidTypeParameter (line 75) | @Test
method testEquals (line 80) | @Test
method hashcodeIsDifferentForDifferentJavaTypes (line 96) | @Test
method longAndIntegerIdsWithSameValueAreEqualAndHaveSameHashcode (line 103) | @Test
method equalStringIdsAreEqualAndHaveSameHashcode (line 111) | @Test
method stringAndNumericIdsAreNotEqual (line 119) | @Test
class MockIdDomainObject (line 126) | private class MockIdDomainObject {
method getId (line 130) | public Object getId() {
method setId (line 134) | public void setId(Object id) {
class MockOtherIdDomainObject (line 140) | private class MockOtherIdDomainObject {
method getId (line 144) | public Object getId() {
method setId (line 148) | public void setId(Object id) {
FILE: acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java
class ObjectIdentityRetrievalStrategyImplTests (line 31) | public class ObjectIdentityRetrievalStrategyImplTests {
method testObjectIdentityCreation (line 33) | @Test
class MockIdDomainObject (line 43) | @SuppressWarnings("unused")
method getId (line 48) | public Object getId() {
method setId (line 52) | public void setId(Object id) {
FILE: acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java
class PermissionTests (line 31) | public class PermissionTests {
method createPermissionfactory (line 35) | @BeforeEach
method basePermissionTest (line 40) | @Test
method expectedIntegerValues (line 46) | @Test
method fromInteger (line 58) | @Test
method stringConversion (line 64) | @Test
FILE: acl/src/test/java/org/springframework/security/acls/domain/SpecialPermission.java
class SpecialPermission (line 26) | public class SpecialPermission extends BasePermission {
method SpecialPermission (line 32) | protected SpecialPermission(int mask, char code) {
FILE: acl/src/test/java/org/springframework/security/acls/jdbc/AbstractBasicLookupStrategyTests.java
class AbstractBasicLookupStrategyTests (line 67) | public abstract class AbstractBasicLookupStrategyTests {
method getJdbcTemplate (line 83) | public abstract JdbcTemplate getJdbcTemplate();
method getDataSource (line 85) | public abstract DataSource getDataSource();
method initCacheManaer (line 87) | @BeforeAll
method shutdownCacheManager (line 93) | @AfterAll
method populateDatabase (line 98) | @BeforeEach
method initializeBeans (line 112) | @BeforeEach
method aclAuthStrategy (line 119) | protected AclAuthorizationStrategy aclAuthStrategy() {
method aclCache (line 123) | protected SpringCacheBasedAclCache aclCache() {
method getCache (line 128) | protected Cache getCache() {
method emptyDatabase (line 134) | @AfterEach
method testAclsRetrievalWithDefaultBatchSize (line 145) | @Test
method testAclsRetrievalFromCacheOnly (line 156) | @Test
method testAclsRetrievalWithCustomBatchSize (line 170) | @Test
method checkEntries (line 183) | private void checkEntries(ObjectIdentity topParentOid, ObjectIdentity ...
method testAllParentsAreRetrievedWhenChildIsLoaded (line 241) | @Test
method testReadAllObjectIdentitiesWhenLastElementIsAlreadyCached (line 265) | @Test
method nullOwnerIsNotSupported (line 300) | @Test
method testCreatePrincipalSid (line 309) | @Test
method testCreateGrantedAuthority (line 316) | @Test
method setObjectIdentityGeneratorWhenNullThenThrowsIllegalArgumentException (line 323) | @Test
class CacheManagerMock (line 332) | private static final class CacheManagerMock {
method CacheManagerMock (line 338) | private CacheManagerMock() {
method getCacheManager (line 344) | private CacheManager getCacheManager() {
method addCache (line 348) | private void addCache(String name) {
method clear (line 354) | private void clear() {
FILE: acl/src/test/java/org/springframework/security/acls/jdbc/AclClassIdUtilsTests.java
class AclClassIdUtilsTests (line 42) | @ExtendWith(MockitoExtension.class)
method setUp (line 59) | @BeforeEach
method shouldReturnLongIfIdentifierIsLong (line 64) | @Test
method shouldReturnLongIfIdentifierIsBigInteger (line 70) | @Test
method shouldReturnLongIfClassIdTypeIsNull (line 76) | @Test
method shouldReturnLongIfNoClassIdTypeColumn (line 83) | @Test
method shouldReturnLongIfTypeClassNotFound (line 90) | @Test
method shouldReturnLongEvenIfCustomConversionServiceDoesNotSupportLongConversion (line 97) | @Test
method shouldReturnLongWhenLongClassIdType (line 106) | @Test
method shouldReturnUUIDWhenUUIDClassIdType (line 113) | @Test
method shouldReturnStringWhenStringClassIdType (line 121) | @Test
method shouldNotAcceptNullConversionServiceInConstruction (line 129) | @Test
method shouldNotAcceptNullConversionServiceInSetter (line 134) | @Test
FILE: acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java
class BasicLookupStrategyTests (line 32) | public class BasicLookupStrategyTests extends AbstractBasicLookupStrateg...
method createDatabase (line 36) | @BeforeAll
method dropDatabase (line 41) | @AfterAll
method getJdbcTemplate (line 46) | @Override
method getDataSource (line 51) | @Override
FILE: acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTestsDbHelper.java
class BasicLookupStrategyTestsDbHelper (line 31) | public class BasicLookupStrategyTestsDbHelper {
method BasicLookupStrategyTestsDbHelper (line 43) | public BasicLookupStrategyTestsDbHelper() {
method BasicLookupStrategyTestsDbHelper (line 46) | public BasicLookupStrategyTestsDbHelper(boolean withAclClassIdType) {
method createDatabase (line 50) | public void createDatabase() throws Exception {
method getJdbcTemplate (line 70) | public JdbcTemplate getJdbcTemplate() {
method getDataSource (line 74) | public SingleConnectionDataSource getDataSource() {
FILE: acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyWithAclClassTypeTests.java
class BasicLookupStrategyWithAclClassTypeTests (line 47) | public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBa...
method getJdbcTemplate (line 53) | @Override
method getDataSource (line 58) | @Override
method createDatabase (line 63) | @BeforeAll
method dropDatabase (line 68) | @AfterAll
method initializeBeans (line 73) | @Override
method populateDatabaseForAclClassTypeTests (line 84) | @BeforeEach
method testReadObjectIdentityUsingUuidType (line 97) | @Test
method testReadObjectIdentityUsingLongTypeWithConversionServiceEnabled (line 106) | @Test
method testReadObjectIdentityUsingNonUuidInDatabase (line 115) | @Test
FILE: acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java
class DatabaseSeeder (line 33) | public class DatabaseSeeder {
method DatabaseSeeder (line 35) | public DatabaseSeeder(DataSource dataSource, Resource resource) throws...
FILE: acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java
class JdbcAclServiceTests (line 60) | @ExtendWith(MockitoExtension.class)
method setUp (line 78) | @BeforeEach
method tearDownEmbeddedDatabase (line 91) | @AfterEach
method readAclByIdMissingAcl (line 97) | @Test
method findOneChildren (line 107) | @Test
method findNoChildren (line 120) | @Test
method findChildrenWithoutIdType (line 127) | @Test
method findChildrenForUnknownObject (line 136) | @Test
method findChildrenOfIdTypeLong (line 143) | @Test
method findChildrenOfIdTypeString (line 154) | @Test
method findChildrenOfIdTypeUUID (line 164) | @Test
method setObjectIdentityGeneratorWhenNullThenThrowsIllegalArgumentException (line 175) | @Test
method findChildrenWhenObjectIdentityGeneratorSetThenUsed (line 182) | @Test
class MockLongIdDomainObject (line 195) | class MockLongIdDomainObject {
method getId (line 199) | Object getId() {
method setId (line 203) | void setId(Object id) {
class MockUntypedIdDomainObject (line 209) | class MockUntypedIdDomainObject {
method getId (line 213) | Object getId() {
method setId (line 217) | void setId(Object id) {
FILE: acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java
class JdbcMutableAclServiceTests (line 75) | @Transactional
method getSqlClassPathResource (line 107) | protected String getSqlClassPathResource() {
method getTopParentOid (line 111) | protected ObjectIdentity getTopParentOid() {
method getMiddleParentOid (line 115) | protected ObjectIdentity getMiddleParentOid() {
method getChildOid (line 119) | protected ObjectIdentity getChildOid() {
method getTargetClass (line 123) | protected String getTargetClass() {
method createTables (line 127) | @BeforeTransaction
method clearContextAndData (line 140) | @AfterTransaction
method testLifecycle (line 150) | @Test
method deleteAclAlsoDeletesChildren (line 253) | @Test
method constructorRejectsNullParameters (line 277) | @Test
method createAclRejectsNullParameter (line 287) | @Test
method createAclForADuplicateDomainObject (line 292) | @Test
method deleteAclRejectsNullParameters (line 303) | @Test
method deleteAclWithChildrenThrowsException (line 309) | @Test
method deleteAclRemovesRowsFromDatabase (line 331) | @Test
method identityWithIntegerIdIsSupportedByCreateAcl (line 349) | @Test
method createAclWhenCustomSecurityContextHolderStrategyThenUses (line 358) | @Test
method childrenAreClearedFromCacheWhenParentIsUpdated (line 374) | @Test
method childrenAreClearedFromCacheWhenParentisUpdated2 (line 405) | @Test
method cumulativePermissions (line 428) | @Test
method testProcessingCustomSid (line 450) | @Test
method getAuth (line 460) | protected Authentication getAuth() {
method getJdbcMutableAclService (line 464) | protected JdbcMutableAclService getJdbcMutableAclService() {
class CustomJdbcMutableAclService (line 472) | private class CustomJdbcMutableAclService extends JdbcMutableAclService {
method CustomJdbcMutableAclService (line 474) | CustomJdbcMutableAclService(DataSource dataSource, LookupStrategy lo...
method createOrRetrieveSidPrimaryKey (line 478) | @Override
FILE: acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTestsWithAclClassId.java
class JdbcMutableAclServiceTestsWithAclClassId (line 38) | @ContextConfiguration(locations = { "/jdbcMutableAclServiceTestsWithAclC...
method getSqlClassPathResource (line 49) | @Override
method getTopParentOid (line 54) | @Override
method getMiddleParentOid (line 59) | @Override
method getChildOid (line 64) | @Override
method getTargetClass (line 69) | @Override
method identityWithUuidIdIsSupportedByCreateAcl (line 74) | @Test
FILE: acl/src/test/java/org/springframework/security/acls/jdbc/SpringCacheBasedAclCacheTests.java
class SpringCacheBasedAclCacheTests (line 53) | public class SpringCacheBasedAclCacheTests {
method initCacheManaer (line 59) | @BeforeAll
method clearContext (line 67) | @AfterEach
method getCache (line 72) | private Cache getCache() {
method constructorRejectsNullParameters (line 78) | @Test
method cacheOperationsAclWithoutParent (line 83) | @Test
method cacheOperationsAclWithParent (line 118) | @Test
FILE: acl/src/test/java/org/springframework/security/acls/sid/CustomSid.java
class CustomSid (line 26) | public class CustomSid implements Sid {
method CustomSid (line 30) | public CustomSid(String sid) {
method getSid (line 34) | public String getSid() {
method setSid (line 38) | public void setSid(String sid) {
FILE: acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
class SidRetrievalStrategyTests (line 44) | @SuppressWarnings("unchecked")
method correctSidsAreRetrieved (line 49) | @Test
method roleHierarchyIsUsedWhenSet (line 66) | @Test
FILE: acl/src/test/java/org/springframework/security/acls/sid/SidTests.java
class SidTests (line 38) | public class SidTests {
method testPrincipalSidConstructorsRequiredFields (line 40) | @Test
method testGrantedAuthoritySidConstructorsRequiredFields (line 54) | @Test
method testPrincipalSidEquals (line 67) | @Test
method testGrantedAuthoritySidEquals (line 81) | @Test
method testPrincipalSidHashCode (line 95) | @Test
method testGrantedAuthoritySidHashCode (line 106) | @Test
method testGetters (line 117) | @Test
method getPrincipalWhenPrincipalInstanceOfUserDetailsThenReturnsUsername (line 129) | @Test
method getPrincipalWhenPrincipalNotInstanceOfUserDetailsThenReturnsPrincipalName (line 137) | @Test
method getPrincipalWhenCustomAuthenticationPrincipalThenReturnsPrincipalName (line 144) | @Test
class CustomAuthenticationToken (line 151) | static class CustomAuthenticationToken extends AbstractAuthenticationT...
method CustomAuthenticationToken (line 155) | CustomAuthenticationToken(CustomToken principal, Collection<GrantedA...
method getCredentials (line 160) | @Override
method getPrincipal (line 165) | @Override
method getName (line 170) | @Override
class CustomToken (line 177) | static class CustomToken {
method CustomToken (line 181) | CustomToken(String name) {
method getName (line 185) | String getName() {
FILE: aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java
class AnnotationSecurityAspectTests (line 58) | public class AnnotationSecurityAspectTests {
method setUp (line 77) | @BeforeEach
method clearContext (line 91) | @AfterEach
method securedInterfaceMethodAllowsAllAccess (line 96) | @Test
method securedClassMethodDeniesUnauthenticatedAccess (line 101) | @Test
method securedClassMethodAllowsAccessToRoleA (line 107) | @Test
method internalPrivateCallIsIntercepted (line 113) | @Test
method protectedMethodIsIntercepted (line 120) | @Test
method overriddenProtectedMethodIsNotIntercepted (line 126) | @Test
method denyAllPreAuthorizeDeniesAccess (line 133) | @Test
method postFilterIsApplied (line 140) | @Test
method configureForElAnnotations (line 150) | private void configureForElAnnotations() {
type SecuredInterface (line 160) | interface SecuredInterface {
method securedMethod (line 162) | @Secured("ROLE_X")
class SecuredImpl (line 167) | static class SecuredImpl implements SecuredInterface {
method securedMethod (line 170) | @Override
method securedClassMethod (line 174) | @Secured("ROLE_A")
method privateMethod (line 178) | @Secured("ROLE_X")
method protectedMethod (line 182) | @Secured("ROLE_X")
method publicCallsPrivate (line 186) | @Secured("ROLE_X")
class SecuredImplSubclass (line 193) | static class SecuredImplSubclass extends SecuredImpl {
method protectedMethod (line 195) | @Override
method publicCallsPrivate (line 199) | @Override
class PrePostSecured (line 206) | static class PrePostSecured {
method denyAllMethod (line 208) | @PreAuthorize("denyAll")
method postFilterMethod (line 212) | @PostFilter("filterObject.startsWith('a')")
FILE: aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PostAuthorizeAspectTests.java
class PostAuthorizeAspectTests (line 38) | public class PostAuthorizeAspectTests {
method setUp (line 50) | @BeforeEach
method clearContext (line 58) | @AfterEach
method securedInterfaceMethodAllowsAllAccess (line 63) | @Test
method securedClassMethodDeniesUnauthenticatedAccess (line 68) | @Test
method securedClassMethodAllowsAccessToRoleA (line 74) | @Test
method internalPrivateCallIsIntercepted (line 80) | @Test
method protectedMethodIsIntercepted (line 87) | @Test
method overriddenProtectedMethodIsNotIntercepted (line 93) | @Test
method denyAllPreAuthorizeDeniesAccess (line 100) | @Test
method nestedDenyAllPostAuthorizeDeniesAccess (line 106) | @Test
type SecuredInterface (line 113) | interface SecuredInterface {
method securedMethod (line 115) | @PostAuthorize("hasRole('X')")
class SecuredImpl (line 120) | static class SecuredImpl implements SecuredInterface {
method securedMethod (line 123) | @Override
method securedClassMethod (line 127) | @PostAuthorize("hasRole('A')")
method privateMethod (line 131) | @PostAuthorize("hasRole('X')")
method protectedMethod (line 135) | @PostAuthorize("hasRole('X')")
method publicCallsPrivate (line 139) | @PostAuthorize("hasRole('X')")
method myObject (line 144) | NestedObject myObject() {
class SecuredImplSubclass (line 150) | static class SecuredImplSubclass extends SecuredImpl {
method protectedMethod (line 152) | @Override
method publicCallsPrivate (line 156) | @Override
class PrePostSecured (line 163) | static class PrePostSecured {
method denyAllMethod (line 165) | @PostAuthorize("denyAll")
class NestedObject (line 171) | static class NestedObject {
method denyAllMethod (line 173) | @PostAuthorize("denyAll")
FILE: aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PostFilterAspectTests.java
class PostFilterAspectTests (line 37) | public class PostFilterAspectTests {
method setUp (line 43) | @BeforeEach
method preFilterMethodWhenListThenFilters (line 51) | @Test
method nestedDenyAllPostFilterDeniesAccess (line 57) | @Test
class PrePostSecured (line 62) | static class PrePostSecured {
method postFilterMethod (line 64) | @PostFilter("filterObject.startsWith('a')")
method myObject (line 69) | NestedObject myObject() {
class NestedObject (line 75) | static class NestedObject {
method denyAllMethod (line 77) | @PostFilter("filterObject == null")
FILE: aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PreAuthorizeAspectTests.java
class PreAuthorizeAspectTests (line 38) | public class PreAuthorizeAspectTests {
method setUp (line 52) | @BeforeEach
method clearContext (line 60) | @AfterEach
method securedInterfaceMethodAllowsAllAccess (line 65) | @Test
method securedClassMethodDeniesUnauthenticatedAccess (line 70) | @Test
method securedClassMethodAllowsAccessToRoleA (line 76) | @Test
method internalPrivateCallIsIntercepted (line 82) | @Test
method protectedMethodIsIntercepted (line 89) | @Test
method overriddenProtectedMethodIsNotIntercepted (line 95) | @Test
method denyAllPreAuthorizeDeniesAccess (line 102) | @Test
method nestedDenyAllPreAuthorizeDeniesAccess (line 108) | @Test
method multipleInterfacesPreAuthorizeAllows (line 115) | @Test
type SecuredInterface (line 121) | interface SecuredInterface {
method securedMethod (line 123) | @PreAuthorize("hasRole('X')")
class SecuredImpl (line 128) | static class SecuredImpl implements SecuredInterface {
method securedMethod (line 131) | @Override
method securedClassMethod (line 135) | @PreAuthorize("hasRole('A')")
method privateMethod (line 139) | @PreAuthorize("hasRole('X')")
method protectedMethod (line 143) | @PreAuthorize("hasRole('X')")
method publicCallsPrivate (line 147) | @PreAuthorize("hasRole('A')")
method myObject (line 152) | NestedObject myObject() {
class SecuredImplSubclass (line 158) | static class SecuredImplSubclass extends SecuredImpl {
method protectedMethod (line 160) | @Override
method publicCallsPrivate (line 164) | @Override
class PrePostSecured (line 171) | static class PrePostSecured {
method denyAllMethod (line 173) | @PreAuthorize("denyAll")
class NestedObject (line 179) | static class NestedObject {
method denyAllMethod (line 181) | @PreAuthorize("denyAll")
type AnotherSecuredInterface (line 188) | interface AnotherSecuredInterface {
method securedMethod (line 190) | @PreAuthorize("hasRole('Y')")
class MultipleInterfaces (line 195) | static class MultipleInterfaces implements SecuredInterface, AnotherSe...
method securedMethod (line 197) | @Override
FILE: aspects/src/test/java/org/springframework/security/authorization/method/aspectj/PreFilterAspectTests.java
class PreFilterAspectTests (line 37) | public class PreFilterAspectTests {
method setUp (line 43) | @BeforeEach
method preFilterMethodWhenListThenFilters (line 51) | @Test
method nestedDenyAllPreFilterDeniesAccess (line 57) | @Test
class PrePostSecured (line 62) | static class PrePostSecured {
method preFilterMethod (line 64) | @PreFilter("filterObject.startsWith('a')")
method myObject (line 69) | NestedObject myObject() {
class NestedObject (line 75) | static class NestedObject {
method denyAllMethod (line 77) | @PreFilter("filterObject == null")
FILE: aspects/src/test/java/org/springframework/security/authorization/method/aspectj/SecuredAspectTests.java
class SecuredAspectTests (line 38) | public class SecuredAspectTests {
method setUp (line 48) | @BeforeEach
method clearContext (line 56) | @AfterEach
method securedInterfaceMethodAllowsAllAccess (line 61) | @Test
method securedClassMethodDeniesUnauthenticatedAccess (line 66) | @Test
method securedClassMethodAllowsAccessToRoleA (line 72) | @Test
method internalPrivateCallIsIntercepted (line 78) | @Test
method protectedMethodIsIntercepted (line 85) | @Test
method overriddenProtectedMethodIsNotIntercepted (line 91) | @Test
type SecuredInterface (line 97) | interface SecuredInterface {
method securedMethod (line 99) | @Secured("ROLE_X")
class SecuredImpl (line 104) | static class SecuredImpl implements SecuredInterface {
method securedMethod (line 107) | @Override
method securedClassMethod (line 111) | @Secured("ROLE_A")
method privateMethod (line 115) | @Secured("ROLE_X")
method protectedMethod (line 119) | @Secured("ROLE_X")
method publicCallsPrivate (line 123) | @Secured("ROLE_X")
class SecuredImplSubclass (line 130) | static class SecuredImplSubclass extends SecuredImpl {
method protectedMethod (line 132) | @Override
method publicCallsPrivate (line 136) | @Override
FILE: buildSrc/src/main/groovy/io/spring/gradle/convention/ManagementConfigurationPlugin.java
class ManagementConfigurationPlugin (line 37) | public class ManagementConfigurationPlugin implements Plugin<Project> {
method apply (line 41) | @Override
FILE: buildSrc/src/main/java/lock/GlobalLockPlugin.java
class GlobalLockPlugin (line 9) | public class GlobalLockPlugin implements Plugin<Project> {
method apply (line 10) | @Override
FILE: buildSrc/src/main/java/lock/GlobalLockTask.java
class GlobalLockTask (line 14) | public class GlobalLockTask extends DefaultTask {
method lock (line 15) | @TaskAction
method writeLocksFor (line 30) | private void writeLocksFor(Project project) {
FILE: buildSrc/src/main/java/org/springframework/gradle/CopyPropertiesPlugin.java
class CopyPropertiesPlugin (line 6) | public class CopyPropertiesPlugin implements Plugin<Project> {
method apply (line 7) | @Override
method copyPropertyFromRootProjectTo (line 15) | private void copyPropertyFromRootProjectTo(String propertyName, Projec...
FILE: buildSrc/src/main/java/org/springframework/gradle/classpath/CheckClasspathForProhibitedDependencies.java
class CheckClasspathForProhibitedDependencies (line 38) | public class CheckClasspathForProhibitedDependencies extends DefaultTask {
method CheckClasspathForProhibitedDependencies (line 42) | public CheckClasspathForProhibitedDependencies() {
method setClasspath (line 46) | public void setClasspath(Configuration classpath) {
method getClasspath (line 50) | @Classpath
method checkForProhibitedDependencies (line 55) | @TaskAction
method prohibited (line 70) | private boolean prohibited(ModuleVersionIdentifier id) {
FILE: buildSrc/src/main/java/org/springframework/gradle/classpath/CheckClasspathForProhibitedDependenciesPlugin.java
class CheckClasspathForProhibitedDependenciesPlugin (line 33) | public class CheckClasspathForProhibitedDependenciesPlugin implements Pl...
method apply (line 35) | @Override
method configureProhibitedDependencyChecks (line 41) | private void configureProhibitedDependencyChecks(Project project) {
method createProhibitedDependenciesChecks (line 47) | private void createProhibitedDependenciesChecks(Project project, Strin...
method createProhibitedDependenciesCheck (line 55) | private void createProhibitedDependenciesCheck(Configuration classpath...
FILE: buildSrc/src/main/java/org/springframework/gradle/classpath/CheckProhibitedDependenciesLifecyclePlugin.java
class CheckProhibitedDependenciesLifecyclePlugin (line 28) | public class CheckProhibitedDependenciesLifecyclePlugin implements Plugi...
method apply (line 31) | @Override
FILE: buildSrc/src/main/java/org/springframework/gradle/maven/MavenPublishingConventionsPlugin.java
class MavenPublishingConventionsPlugin (line 18) | public class MavenPublishingConventionsPlugin implements Plugin<Project> {
method apply (line 19) | @Override
method customizePom (line 32) | private void customizePom(MavenPom pom, Project project) {
method customizeOrganization (line 43) | private void customizeOrganization(MavenPomOrganization organization) {
method customizeLicences (line 48) | private void customizeLicences(MavenPomLicenseSpec licences) {
method customizeDevelopers (line 55) | private void customizeDevelopers(MavenPomDeveloperSpec developers) {
method customizeScm (line 64) | private void customizeScm(MavenPomScm scm) {
method customizeIssueManagement (line 70) | private void customizeIssueManagement(MavenPomIssueManagement issueMan...
method customizeJavaPlugin (line 75) | private void customizeJavaPlugin(Project project) {
FILE: buildSrc/src/main/java/org/springframework/gradle/maven/PublishAllJavaComponentsPlugin.java
class PublishAllJavaComponentsPlugin (line 13) | public class PublishAllJavaComponentsPlugin implements Plugin<Project> {
method apply (line 14) | @Override
FILE: buildSrc/src/main/java/org/springframework/gradle/maven/PublishArtifactsPlugin.java
class PublishArtifactsPlugin (line 9) | public class PublishArtifactsPlugin implements Plugin<Project> {
method apply (line 10) | @Override
FILE: buildSrc/src/main/java/org/springframework/gradle/maven/PublishLocalPlugin.java
class PublishLocalPlugin (line 12) | public class PublishLocalPlugin implements Plugin<Project> {
method apply (line 13) | @Override
FILE: buildSrc/src/main/java/org/springframework/gradle/maven/SpringMavenPlugin.java
class SpringMavenPlugin (line 9) | public class SpringMavenPlugin implements Plugin<Project> {
method apply (line 10) | @Override
FILE: buildSrc/src/main/java/org/springframework/gradle/maven/SpringNexusPublishPlugin.java
class SpringNexusPublishPlugin (line 13) | public class SpringNexusPublishPlugin implements Plugin<Project> {
method apply (line 14) | @Override
FILE: buildSrc/src/main/java/org/springframework/gradle/maven/SpringSigningPlugin.java
class SpringSigningPlugin (line 29) | public class SpringSigningPlugin implements Plugin<Project> {
method apply (line 30) | @Override
method sign (line 44) | private void sign(Project project) {
FILE: buildSrc/src/main/java/org/springframework/gradle/xsd/CreateVersionlessXsdTask.java
class CreateVersionlessXsdTask (line 38) | @DisableCachingByDefault(because = "not worth it")
method getInputFiles (line 41) | @InputFiles
method getVersionlessXsdFile (line 44) | @OutputFile
method createVersionlessXsd (line 47) | @TaskAction
class XsdFileMajorMinorVersion (line 74) | static class XsdFileMajorMinorVersion {
method XsdFileMajorMinorVersion (line 79) | private XsdFileMajorMinorVersion(File file, MajorMinorVersion versio...
method create (line 91) | static XsdFileMajorMinorVersion create(File file) {
method getFile (line 103) | public File getFile() {
method getVersion (line 107) | public MajorMinorVersion getVersion() {
class MajorMinorVersion (line 112) | static class MajorMinorVersion {
method MajorMinorVersion (line 117) | MajorMinorVersion(int major, int minor) {
method getMajor (line 122) | public int getMajor() {
method getMinor (line 126) | public int getMinor() {
method isGreaterThan (line 130) | public boolean isGreaterThan(MajorMinorVersion version) {
FILE: buildSrc/src/main/java/org/springframework/security/CheckExpectedBranchVersionPlugin.java
class CheckExpectedBranchVersionPlugin (line 40) | public class CheckExpectedBranchVersionPlugin implements Plugin<Project> {
method apply (line 42) | @Override
method skipPropertyFalseOrNotPresent (line 55) | private static boolean skipPropertyFalseOrNotPresent(Task task) {
class CheckExpectedBranchVersionTask (line 64) | @CacheableTask
method getVersion (line 67) | @Input
method getBranchName (line 70) | @Input
method getOutputFile (line 73) | @OutputFile
method run (line 76) | @TaskAction
method writeExpectedVersionOutput (line 96) | private void writeExpectedVersionOutput(String fileContent) {
method versionsMatch (line 104) | private boolean versionsMatch(String projectVersion, String branchVe...
FILE: buildSrc/src/main/java/org/springframework/security/convention/versions/FileUtils.java
class FileUtils (line 24) | class FileUtils {
method replaceFileText (line 25) | static void replaceFileText(File file, Function<String, String> replac...
method readString (line 31) | static String readString(File file) {
method writeString (line 41) | private static void writeString(File file, String text) {
FILE: buildSrc/src/main/java/org/springframework/security/convention/versions/TransitiveDependencyLookupUtils.java
class TransitiveDependencyLookupUtils (line 35) | class TransitiveDependencyLookupUtils {
method lookupJwtVersion (line 41) | static String lookupJwtVersion(String oauthSdcVersion) {
method getVersion (line 58) | private static String getVersion(InputStream inputStream) throws Parse...
FILE: buildSrc/src/main/java/org/springframework/security/convention/versions/VerifyDependenciesVersionsPlugin.java
class VerifyDependenciesVersionsPlugin (line 42) | public class VerifyDependenciesVersionsPlugin implements Plugin<Project> {
method apply (line 44) | @Override
class VerifyDependenciesVersionsTask (line 68) | @CacheableTask
method getOauth2OidcSdkVersion (line 71) | @Input
method getExpectedNimbusJoseJwtVersion (line 74) | @Input
method getOutputFile (line 77) | @OutputFile
method verify (line 80) | @TaskAction
FILE: buildSrc/src/main/java/s101/S101Configure.java
class S101Configure (line 24) | public class S101Configure extends DefaultTask {
method configure (line 25) | @TaskAction
FILE: buildSrc/src/main/java/s101/S101Configurer.java
class S101Configurer (line 53) | public class S101Configurer {
method S101Configurer (line 73) | public S101Configurer(Project project) {
method license (line 94) | public void license(String licenseId) {
method needsLicense (line 101) | private boolean needsLicense(Path licenseFile, String licenseId) {
method writeLicense (line 113) | private void writeLicense(Path licenseFile, String licenseId) {
method install (line 124) | public void install(File installationDirectory, File configurationDire...
method configure (line 129) | public void configure(File installationDirectory, File configurationDi...
method deleteDirectory (line 134) | private boolean deleteDirectory(File directoryToBeDeleted) {
method installBuildTool (line 144) | private String installBuildTool(File installationDirectory, File confi...
method copyZipToFilesystem (line 149) | private void copyZipToFilesystem(String source, File destination, Stri...
method validateFilename (line 204) | private String validateFilename(String filename, String intendedDir)
method configureProject (line 219) | private void configureProject(String version, File configurationDirect...
method copyToProject (line 232) | private void copyToProject(String location, File destination) {
method copyToProject (line 242) | private void copyToProject(Mustache view, Map<String, Object> model, F...
method hspTemplateValues (line 250) | private Map<String, Object> hspTemplateValues(String version, File con...
FILE: buildSrc/src/main/java/s101/S101Install.java
class S101Install (line 24) | public class S101Install extends DefaultTask {
method install (line 25) | @TaskAction
FILE: buildSrc/src/main/java/s101/S101Plugin.java
class S101Plugin (line 34) | public class S101Plugin implements Plugin<Project> {
method apply (line 35) | @Override
method configure (line 43) | private void configure(S101Install install) {
method configure (line 47) | private void configure(S101Configure configure) {
method configure (line 51) | private void configure(JavaExec exec) {
method computeLabel (line 70) | private Property<String> computeLabel(S101PluginExtension extension) {
method installAndConfigureIfNeeded (line 79) | private void installAndConfigureIfNeeded(Project project) {
method copyConfigurationToBuildDirectory (line 96) | private void copyConfigurationToBuildDirectory(S101PluginExtension ext...
method copyResultsBackToConfigurationDirectory (line 102) | private void copyResultsBackToConfigurationDirectory(S101PluginExtensi...
method copyDirectory (line 113) | private void copyDirectory(Project project, Path source, Path destinat...
method replace (line 144) | private InputStream replace(Path file, String search, String replace) {
method input (line 154) | private InputStream input(Path file) {
FILE: buildSrc/src/main/java/s101/S101PluginExtension.java
class S101PluginExtension (line 31) | public class S101PluginExtension {
method getLicenseId (line 42) | @Input
method setLicenseId (line 47) | public void setLicenseId(String licenseId) {
method getInstallationDirectory (line 51) | @InputDirectory
method setInstallationDirectory (line 56) | public void setInstallationDirectory(String installationDirectory) {
method getConfigurationDirectory (line 60) | @InputDirectory
method setConfigurationDirectory (line 65) | public void setConfigurationDirectory(String configurationDirectory) {
method getLabel (line 69) | @Input
method setLabel (line 74) | public void setLabel(String label) {
method getRepository (line 78) | @Input
method setRepository (line 83) | public void setRepository(String repository) {
method getVersion (line 87) | @Input
method setVersion (line 92) | public void setVersion(String version) {
method S101PluginExtension (line 96) | public S101PluginExtension(Project project) {
FILE: buildSrc/src/main/java/trang/RncToXsd.java
class RncToXsd (line 24) | public class RncToXsd extends DefaultTask {
method getRncDir (line 32) | @InputDirectory
method setRncDir (line 37) | public void setRncDir(File rncDir) {
method getXslFile (line 41) | @InputFile
method setXslFile (line 46) | public void setXslFile(File xslFile) {
method getXsdDir (line 50) | @OutputDirectory
method setXsdDir (line 55) | public void setXsdDir(File xsdDir) {
method transform (line 59) | @TaskAction
FILE: buildSrc/src/main/java/trang/TrangPlugin.java
class TrangPlugin (line 10) | public class TrangPlugin implements Plugin<Project> {
method apply (line 11) | @Override
FILE: buildSrc/src/test/java/io/spring/gradle/TestKit.java
class TestKit (line 28) | public class TestKit {
method TestKit (line 31) | public TestKit(File buildDir) {
method getRootDir (line 35) | public File getRootDir() {
method withProjectDir (line 39) | public GradleRunner withProjectDir(File projectDir) throws IOException {
method withProjectResource (line 46) | public GradleRunner withProjectResource(String projectResourceName) th...
FILE: buildSrc/src/test/java/io/spring/gradle/convention/IntegrationPluginTest.java
class IntegrationPluginTest (line 31) | public class IntegrationPluginTest {
method cleanup (line 34) | @AfterEach
method applyWhenNoSourceThenIntegrationTestTaskNull (line 41) | @Test
FILE: buildSrc/src/test/java/io/spring/gradle/convention/IntegrationTestPluginITest.java
class IntegrationTestPluginITest (line 15) | public class IntegrationTestPluginITest {
method setup (line 18) | @BeforeEach
method checkWithJavaPlugin (line 23) | @Test
method checkWithPropdeps (line 33) | @Test
method checkWithGroovy (line 43) | @Test
FILE: buildSrc/src/test/java/io/spring/gradle/convention/JacocoPluginITest.java
class JacocoPluginITest (line 14) | public class JacocoPluginITest{
method setup (line 17) | @BeforeEach
method checkWithJavaPlugin (line 22) | @Test
FILE: buildSrc/src/test/java/io/spring/gradle/convention/JavadocApiPluginITest.java
class JavadocApiPluginITest (line 16) | public class JavadocApiPluginITest {
method setup (line 19) | @BeforeEach
method multiModuleApi (line 24) | @Test
FILE: buildSrc/src/test/java/io/spring/gradle/convention/JavadocApiPluginTest.java
class JavadocApiPluginTest (line 32) | public class JavadocApiPluginTest {
method cleanup (line 35) | @AfterEach
method applyWhenNotOverrideThenPropertiesDefaulted (line 42) | @Test
FILE: buildSrc/src/test/java/io/spring/gradle/convention/RepositoryConventionPluginTests.java
class RepositoryConventionPluginTests (line 33) | public class RepositoryConventionPluginTests {
method setUp (line 37) | @BeforeEach
method applyWhenIsReleaseThenShouldIncludeReleaseRepo (line 42) | @Test
method applyWhenIsMilestoneThenShouldIncludeMilestoneRepo (line 51) | @Test
method applyWhenIsSnapshotThenShouldIncludeSnapshotRepo (line 60) | @Test
method applyWhenIsSnapshotWithForceReleaseThenShouldOnlyIncludeReleaseRepo (line 69) | @Test
method applyWhenIsReleaseWithForceMilestoneThenShouldIncludeMilestoneRepo (line 80) | @Test
method applyWhenIsReleaseWithForceSnapshotThenShouldIncludeSnapshotRepo (line 91) | @Test
method applyWhenIsReleaseWithForceLocalThenShouldIncludeReleaseAndLocalRepos (line 102) | @Test
method applyWhenIsReleaseWithForceMilestoneAndLocalThenShouldIncludeMilestoneAndLocalRepos (line 114) | @Test
method assertSnapshotRepository (line 126) | private void assertSnapshotRepository(RepositoryHandler repositories) {
method assertMilestoneRepository (line 136) | private void assertMilestoneRepository(RepositoryHandler repositories) {
method assertReleaseRepository (line 144) | private void assertReleaseRepository(RepositoryHandler repositories) {
FILE: buildSrc/src/test/java/io/spring/gradle/convention/ShowcaseITest.java
class ShowcaseITest (line 17) | public class ShowcaseITest {
method setup (line 20) | @BeforeEach
method build (line 25) | @Test
method install (line 34) | @Test
FILE: buildSrc/src/test/java/io/spring/gradle/convention/SpringMavenPluginITest.java
class SpringMavenPluginITest (line 18) | public class SpringMavenPluginITest {
method setup (line 22) | @BeforeEach
method install (line 27) | @Disabled
method signArchivesWhenInMemory (line 40) | @Disabled
method getSigningKey (line 58) | public String getSigningKey() throws Exception {
FILE: buildSrc/src/test/java/io/spring/gradle/convention/TestsConfigurationPluginITest.java
class TestsConfigurationPluginITest (line 14) | public class TestsConfigurationPluginITest {
method setup (line 18) | @BeforeEach
method canFindDepencency (line 23) | @Test
FILE: buildSrc/src/test/java/io/spring/gradle/convention/UtilsTest.java
class UtilsTest (line 13) | @ExtendWith(MockitoExtension.class)
method getProjectName (line 20) | @Test
method getProjectNameWhenEndsWithBuildThenStrippedOut (line 28) | @Test
method isSnapshotValidWithDot (line 36) | @Test
method isSnapshotValidWithNoBuild (line 43) | @Test
method isSnapshotValidWithDash (line 50) | @Test
method isSnapshotInvalid (line 57) | @Test
method isMilestoneValidWithDot (line 64) | @Test
method isMilestoneValidWithDash (line 71) | @Test
method isMilestoneValidWithNumberDash (line 78) | @Test
method isMilestoneInvalid (line 85) | @Test
method isReleaseCandidateValidWithDot (line 92) | @Test
method isReleaseCandidateValidWithNumberDash (line 99) | @Test
method isReleaseCandidateValidWithDash (line 106) | @Test
method isReleaseCandidateInvalid (line 113) | @Test
method isReleaseValidWithDot (line 120) | @Test
method isReleaseValidWithNoRelease (line 127) | @Test
method isReleaseValidWithDash (line 134) | @Test
method isServiceReleaseValid (line 141) | @Test
FILE: buildSrc/src/test/java/org/springframework/gradle/xsd/CreateVersionlessXsdTaskTests.java
class CreateVersionlessXsdTaskTests (line 30) | class CreateVersionlessXsdTaskTests {
method xsdCreateWhenValid (line 32) | @Test
method xsdCreateWhenPatchReleaseThenNull (line 42) | @Test
method xsdCreateWhenNotXsdFileThenNull (line 49) | @Test
method xsdCreateWhenNotStartWithSpringSecurityThenNull (line 56) | @Test
method isGreaterWhenMajorLarger (line 63) | @Test
method isGreaterWhenMinorLarger (line 71) | @Test
method isGreaterWhenMajorAndMinorLarger (line 79) | @Test
method isGreaterWhenSame (line 87) | @Test
FILE: buildSrc/src/test/resources/samples/integrationtest/withjava/src/integration-test/java/sample/TheTest.java
class TheTest (line 6) | public class TheTest {
method compilesAndRuns (line 7) | @Test
FILE: buildSrc/src/test/resources/samples/integrationtest/withpropdeps/src/integration-test/java/sample/TheTest.java
class TheTest (line 6) | public class TheTest {
method compilesAndRuns (line 7) | @Test
FILE: buildSrc/src/test/resources/samples/jacoco/java/src/main/java/sample/TheClass.java
class TheClass (line 3) | public class TheClass {
method doStuff (line 4) | public boolean doStuff(boolean b) {
FILE: buildSrc/src/test/resources/samples/jacoco/java/src/test/java/sample/TheClassTest.java
class TheClassTest (line 7) | public class TheClassTest {
method doStuffWhenTrueThenTrue (line 10) | @Test
method doStuffWhenTrueThenFalse (line 15) | @Test
FILE: buildSrc/src/test/resources/samples/javadocapi/multimodule/api/src/main/java/sample/Api.java
class Api (line 8) | public class Api {
method doStuff (line 13) | public void doStuff() {}
FILE: buildSrc/src/test/resources/samples/javadocapi/multimodule/impl/src/main/java/sample/Impl.java
class Impl (line 8) | public class Impl {
method otherThings (line 13) | public void otherThings() {}
FILE: buildSrc/src/test/resources/samples/javadocapi/multimodule/sample/src/main/java/sample/Sample.java
class Sample (line 8) | public class Sample {
method doSample (line 13) | public void doSample() {}
FILE: buildSrc/src/test/resources/samples/showcase/sgbcs-api/src/main/java/api/Api.java
class Api (line 8) | public class Api {
FILE: buildSrc/src/test/resources/samples/showcase/sgbcs-api/src/test/java/api/ApiTest.java
class ApiTest (line 5) | public class ApiTest {
method api (line 7) | @Test
FILE: buildSrc/src/test/resources/samples/showcase/sgbcs-core/src/main/java/core/CoreClass.java
class CoreClass (line 8) | public class CoreClass {
method run (line 10) | public void run() {
FILE: buildSrc/src/test/resources/samples/showcase/sgbcs-core/src/main/java/core/HasOptional.java
class HasOptional (line 8) | public class HasOptional {
method doStuffWithOptionalDependency (line 10) | public static void doStuffWithOptionalDependency() {
FILE: buildSrc/src/test/resources/samples/showcase/sgbcs-core/src/test/java/core/CoreClassTest.java
class CoreClassTest (line 5) | public class CoreClassTest {
method test (line 7) | @Test
FILE: buildSrc/src/test/resources/samples/showcase/sgbcs-core/src/test/java/core/HasOptionalTest.java
class HasOptionalTest (line 5) | public class HasOptionalTest {
method test (line 7) | @Test
FILE: buildSrc/src/test/resources/samples/showcase/sgbcs-docs/src/main/java/example/StringUtils.java
class StringUtils (line 3) | public class StringUtils {
method contains (line 5) | public boolean contains(String haystack, String needle) {
FILE: buildSrc/src/test/resources/samples/testsconfiguration/core/src/test/java/sample/Dependency.java
class Dependency (line 3) | public class Dependency {}
FILE: buildSrc/src/test/resources/samples/testsconfiguration/web/src/test/java/sample/DependencyTest.java
class DependencyTest (line 5) | public class DependencyTest {
method findsDependencyOnClasspath (line 6) | @Test
FILE: cas/src/main/java/org/springframework/security/cas/SamlServiceProperties.java
class SamlServiceProperties (line 26) | public final class SamlServiceProperties extends ServiceProperties {
method SamlServiceProperties (line 32) | public SamlServiceProperties() {
FILE: cas/src/main/java/org/springframework/security/cas/ServiceProperties.java
class ServiceProperties (line 33) | public class ServiceProperties implements InitializingBean {
method afterPropertiesSet (line 49) | @Override
method getService (line 67) | public final @Nullable String getService() {
method isSendRenew (line 82) | public final boolean isSendRenew() {
method setSendRenew (line 86) | public final void setSendRenew(final boolean sendRenew) {
method setService (line 90) | public final void setService(final String service) {
method getArtifactParameter (line 94) | public final String getArtifactParameter() {
method setArtifactParameter (line 103) | public final void setArtifactParameter(final String artifactParameter) {
method getServiceParameter (line 112) | public final String getServiceParameter() {
method setServiceParameter (line 116) | public final void setServiceParameter(final String serviceParameter) {
method isAuthenticateAllArtifacts (line 120) | public final boolean isAuthenticateAllArtifacts() {
method setAuthenticateAllArtifacts (line 130) | public final void setAuthenticateAllArtifacts(final boolean authentica...
FILE: cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
class CasAssertionAuthenticationToken (line 31) | public final class CasAssertionAuthenticationToken extends AbstractAuthe...
method CasAssertionAuthenticationToken (line 39) | public CasAssertionAuthenticationToken(final Assertion assertion, fina...
method getPrincipal (line 45) | @Override
method getCredentials (line 50) | @Override
method getAssertion (line 55) | public Assertion getAssertion() {
FILE: cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
class CasAuthenticationProvider (line 67) | public class CasAuthenticationProvider implements AuthenticationProvider...
method afterPropertiesSet (line 92) | @Override
method authenticate (line 102) | @Override
method authenticateNow (line 141) | private CasAuthenticationToken authenticateNow(final Authentication au...
method getServiceUrl (line 168) | private @Nullable String getServiceUrl(Authentication authentication) {
method loadUserByAssertion (line 189) | protected UserDetails loadUserByAssertion(final Assertion assertion) {
method setUserDetailsService (line 194) | @SuppressWarnings("unchecked")
method setAuthenticationUserDetailsService (line 202) | public void setAuthenticationUserDetailsService(
method setUserDetailsChecker (line 213) | public void setUserDetailsChecker(final UserDetailsChecker userDetails...
method setServiceProperties (line 218) | public void setServiceProperties(final ServiceProperties serviceProper...
method getKey (line 222) | protected String getKey() {
method setKey (line 226) | public void setKey(String key) {
method getStatelessTicketCache (line 230) | public StatelessTicketCache getStatelessTicketCache() {
method getTicketValidator (line 234) | protected @Nullable TicketValidator getTicketValidator() {
method setMessageSource (line 238) | @Override
method setStatelessTicketCache (line 243) | public void setStatelessTicketCache(final StatelessTicketCache statele...
method setTicketValidator (line 247) | public void setTicketValidator(final TicketValidator ticketValidator) {
method setAuthoritiesMapper (line 251) | public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesM...
method supports (line 255) | @Override
FILE: cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
class CasAuthenticationToken (line 37) | public class CasAuthenticationToken extends AbstractAuthenticationToken ...
method CasAuthenticationToken (line 68) | public CasAuthenticationToken(final String key, final Object principal...
method CasAuthenticationToken (line 92) | private CasAuthenticationToken(final Integer keyHash, final Object pri...
method CasAuthenticationToken (line 108) | protected CasAuthenticationToken(Builder<?> builder) {
method extractKeyHash (line 121) | private static Integer extractKeyHash(String key) {
method equals (line 126) | @Override
method hashCode (line 137) | @Override
method getCredentials (line 148) | @Override
method getKeyHash (line 153) | public int getKeyHash() {
method getPrincipal (line 157) | @Override
method getAssertion (line 162) | public Assertion getAssertion() {
method getUserDetails (line 166) | public UserDetails getUserDetails() {
method toBuilder (line 170) | @Override
method toString (line 175) | @Override
class Builder (line 189) | public static class Builder<B extends Builder<B>> extends AbstractAuth...
method Builder (line 201) | protected Builder(CasAuthenticationToken token) {
method key (line 215) | public B key(String key) {
method principal (line 220) | @Override
method credentials (line 227) | @Override
method userDetails (line 239) | public B userDetails(UserDetails userDetails) {
method assertion (line 249) | public B assertion(Assertion assertion) {
method build (line 254) | @Override
FILE: cas/src/main/java/org/springframework/security/cas/authentication/CasServiceTicketAuthenticationToken.java
class CasServiceTicketAuthenticationToken (line 35) | public class CasServiceTicketAuthenticationToken extends AbstractAuthent...
method CasServiceTicketAuthenticationToken (line 54) | public CasServiceTicketAuthenticationToken(String identifier, Object c...
method CasServiceTicketAuthenticationToken (line 70) | public CasServiceTicketAuthenticationToken(String identifier, Object c...
method CasServiceTicketAuthenticationToken (line 78) | protected CasServiceTicketAuthenticationToken(Builder<?> builder) {
method stateful (line 84) | public static CasServiceTicketAuthenticationToken stateful(Object cred...
method stateless (line 88) | public static CasServiceTicketAuthenticationToken stateless(Object cre...
method isStateless (line 92) | public boolean isStateless() {
method getCredentials (line 96) | @Override
method getPrincipal (line 101) | @Override
method setAuthenticated (line 106) | @Override
method eraseCredentials (line 113) | @Override
method toBuilder (line 119) | public Builder<?> toBuilder() {
class Builder (line 128) | public static class Builder<B extends Builder<B>> extends AbstractAuth...
method Builder (line 134) | protected Builder(CasServiceTicketAuthenticationToken token) {
method principal (line 140) | @Override
method credentials (line 147) | @Override
method build (line 154) | @Override
FILE: cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java
class NullStatelessTicketCache (line 32) | public final class NullStatelessTicketCache implements StatelessTicketCa...
method getByTicketId (line 37) | @Override
method putTicketInCache (line 45) | @Override
method removeTicketFromCache (line 53) | @Override
method removeTicketFromCache (line 61) | @Override
FILE: cas/src/main/java/org/springframework/security/cas/authentication/ServiceAuthenticationDetails.java
type ServiceAuthenticationDetails (line 33) | public interface ServiceAuthenticationDetails extends Serializable {
method getServiceUrl (line 39) | String getServiceUrl();
FILE: cas/src/main/java/org/springframework/security/cas/authentication/SpringCacheBasedTicketCache.java
class SpringCacheBasedTicketCache (line 34) | public class SpringCacheBasedTicketCache implements StatelessTicketCache {
method SpringCacheBasedTicketCache (line 40) | public SpringCacheBasedTicketCache(Cache cache) {
method getByTicketId (line 45) | @Override
method putTicketInCache (line 52) | @Override
method removeTicketFromCache (line 59) | @Override
method removeTicketFromCache (line 65) | @Override
FILE: cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java
type StatelessTicketCache (line 63) | public interface StatelessTicketCache {
method getByTicketId (line 74) | @Nullable CasAuthenticationToken getByTicketId(String serviceTicket);
method putTicketInCache (line 85) | void putTicketInCache(CasAuthenticationToken token);
method removeTicketFromCache (line 98) | void removeTicketFromCache(CasAuthenticationToken token);
method removeTicketFromCache (line 110) | void removeTicketFromCache(String serviceTicket);
FILE: cas/src/main/java/org/springframework/security/cas/jackson/AssertionImplMixin.java
class AssertionImplMixin (line 39) | @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
method AssertionImplMixin (line 53) | @JsonCreator
FILE: cas/src/main/java/org/springframework/security/cas/jackson/AttributePrincipalImplMixin.java
class AttributePrincipalImplMixin (line 38) | @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
method AttributePrincipalImplMixin (line 52) | @JsonCreator
FILE: cas/src/main/java/org/springframework/security/cas/jackson/CasAuthenticationTokenMixin.java
class CasAuthenticationTokenMixin (line 41) | @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
method CasAuthenticationTokenMixin (line 62) | @JsonCreator
FILE: cas/src/main/java/org/springframework/security/cas/jackson/CasJacksonModule.java
class CasJacksonModule (line 51) | public class CasJacksonModule extends SecurityJacksonModule {
method CasJacksonModule (line 53) | public CasJacksonModule() {
method configurePolymorphicTypeValidator (line 57) | @Override
method setupModule (line 64) | @Override
FILE: cas/src/main/java/org/springframework/security/cas/jackson2/AssertionImplMixin.java
class AssertionImplMixin (line 50) | @SuppressWarnings("removal")
method AssertionImplMixin (line 67) | @JsonCreator
FILE: cas/src/main/java/org/springframework/security/cas/jackson2/AttributePrincipalImplMixin.java
class AttributePrincipalImplMixin (line 48) | @SuppressWarnings("removal")
method AttributePrincipalImplMixin (line 65) | @JsonCreator
FILE: cas/src/main/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixin.java
class CasAuthenticationTokenMixin (line 56) | @SuppressWarnings("removal")
method CasAuthenticationTokenMixin (line 80) | @JsonCreator
FILE: c
Copy disabled (too large)
Download .json
Condensed preview — 6671 files, each showing path, character count, and a content snippet. Download the .json file for the full structured content (39,318K chars).
[
{
"path": ".editorconfig",
"chars": 452,
"preview": "# EditorConfig for Spring Security\n# see https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.ado"
},
{
"path": ".gitattributes",
"chars": 371,
"preview": "# Normalize line endings to auto.\n* text auto\n\n# Ensure that line endings for DOS batch files are not modified.\n*.bat -t"
},
{
"path": ".github/ISSUE_TEMPLATE/bug.md",
"chars": 788,
"preview": "---\nname: Bug\nabout: Create a bug report to help us improve\ntitle: ''\nlabels: 'status: waiting-for-triage, type: bug'\nas"
},
{
"path": ".github/ISSUE_TEMPLATE/config.yml",
"chars": 231,
"preview": "blank_issues_enabled: false\ncontact_links:\n - name: Community Support\n url: https://stackoverflow.com/questions/tagg"
},
{
"path": ".github/ISSUE_TEMPLATE/enhancement.md",
"chars": 465,
"preview": "---\nname: Enhancement\nabout: Suggest an enhancement for this project\ntitle: ''\nlabels: 'status: waiting-for-triage, type"
},
{
"path": ".github/ISSUE_TEMPLATE.md",
"chars": 700,
"preview": "<!--\nFor Security Vulnerabilities, please use https://spring.io/security-policy\n-->\n\n### Summary\n\n<!-- \nPlease provide a"
},
{
"path": ".github/PULL_REQUEST_TEMPLATE.md",
"chars": 432,
"preview": "<!--\nFor Security Vulnerabilities, please use https://pivotal.io/security#reporting\n-->\n\n<!--\nBefore creating new featur"
},
{
"path": ".github/dco.yml",
"chars": 26,
"preview": "require:\n members: false\n"
},
{
"path": ".github/dependabot.yml",
"chars": 5417,
"preview": "version: 2\nregistries:\n shibboleth:\n type: maven-repository\n url: https://build.shibboleth.net/maven/releases\nupd"
},
{
"path": ".github/workflows/auto-merge-dependabot.yml",
"chars": 342,
"preview": "name: Merge Dependabot PR\n\non:\n pull_request:\n branches:\n - main\n - '*.x'\n\nrun-name: Merge Dependabot PR $"
},
{
"path": ".github/workflows/check-snapshots.yml",
"chars": 1270,
"preview": "name: CI\n\non:\n schedule:\n - cron: '0 10 * * *' # Once per day at 10am UTC\n workflow_dispatch: # Manual trigger\n\nenv"
},
{
"path": ".github/workflows/clean_build_artifacts.yml",
"chars": 907,
"preview": "name: Clean build artifacts\non:\n schedule:\n - cron: '0 10 * * *' # Once per day at 10am UTC\n\npermissions:\n contents"
},
{
"path": ".github/workflows/codeql.yml",
"chars": 455,
"preview": "name: \"CodeQL Advanced\"\n\non:\n push:\n pull_request:\n workflow_dispatch:\n schedule:\n # https://docs.github.com/en/a"
},
{
"path": ".github/workflows/continuous-integration-workflow.yml",
"chars": 2464,
"preview": "name: CI\n\non:\n push:\n branches-ignore:\n - \"dependabot/**\"\n schedule:\n - cron: '0 10 * * *' # Once per day a"
},
{
"path": ".github/workflows/defer-issues.yml",
"chars": 2981,
"preview": "name: Defer Issues\n\non:\n workflow_dispatch:\n\npermissions:\n contents: read\n\njobs:\n defer-issues:\n name: Defer Issue"
},
{
"path": ".github/workflows/deploy-docs.yml",
"chars": 1026,
"preview": "name: Deploy Docs\non:\n push:\n branches-ignore:\n - \"gh-pages\"\n - \"dependabot/**\"\n tags: '**'\n repositor"
},
{
"path": ".github/workflows/finalize-release.yml",
"chars": 832,
"preview": "name: Finalize Release\n\non:\n workflow_dispatch: # Manual trigger\n inputs:\n version:\n description: The Sp"
},
{
"path": ".github/workflows/gradle-wrapper-upgrade-execution.yml",
"chars": 1303,
"preview": "name: Execute Gradle Wrapper Upgrade\n\non:\n schedule:\n - cron: '0 2 * * *' # 2am UTC\n workflow_dispatch:\npermission"
},
{
"path": ".github/workflows/milestone-spring-releasetrain.yml",
"chars": 1413,
"preview": "name: Check Milestone\non:\n milestone:\n types: [created, opened, edited]\nenv:\n DUE_ON: ${{ github.event.milestone.du"
},
{
"path": ".github/workflows/pr-build-workflow.yml",
"chars": 1901,
"preview": "name: PR Build\n\non: pull_request\n\npermissions:\n contents: read\n\njobs:\n build:\n name: Build\n runs-on: ubuntu-late"
},
{
"path": ".github/workflows/release-scheduler.yml",
"chars": 742,
"preview": "name: Release Scheduler\non:\n schedule:\n - cron: '15 15 * * MON' # Every Monday at 3:15pm UTC\n workflow_dispatch:\nperm"
},
{
"path": ".github/workflows/update-antora-ui-spring.yml",
"chars": 1133,
"preview": "name: Update Antora UI Spring\n\non:\n schedule:\n - cron: '0 10 * * *' # Once per day at 10am UTC\n workflow_dispatch:\n"
},
{
"path": ".github/workflows/update-scheduled-release-version.yml",
"chars": 860,
"preview": "name: Update Scheduled Release Version\n\non:\n workflow_dispatch: # Manual trigger only. Triggered by release-scheduler.y"
},
{
"path": ".gitignore",
"chars": 393,
"preview": "classes/\ntarget/\n*/src/*/java/META-INF\n*/src/META-INF/\n*/src/*/java/META-INF/\n.classpath\n.springBeans\n.project\n.DS_Store"
},
{
"path": ".idea/checkstyle-idea.xml",
"chars": 619,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project version=\"4\">\n <component name=\"CheckStyle-IDEA\">\n <option name=\"conf"
},
{
"path": ".idea/externalDependencies.xml",
"chars": 213,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project version=\"4\">\n <component name=\"ExternalDependencies\">\n <plugin id=\"C"
},
{
"path": ".sdkmanrc",
"chars": 257,
"preview": "# Use sdkman to run \"sdk env\" to initialize with correct JDK version\n# Enable auto-env through the sdkman_auto_env confi"
},
{
"path": ".vscode/settings.json",
"chars": 47,
"preview": "{\n \"java.gradle.buildServer.enabled\": \"off\"\n}\n"
},
{
"path": "CONTRIBUTING.adoc",
"chars": 8922,
"preview": "= Contributing to Spring Security\n\nFirst off, thank you for taking the time to contribute! :+1: :tada:\n\n== Table of Cont"
},
{
"path": "LICENSE.txt",
"chars": 11359,
"preview": "\n Apache License\n Version 2.0, January 2004\n "
},
{
"path": "README.adoc",
"chars": 4913,
"preview": "image::https://badges.gitter.im/Join%20Chat.svg[Gitter,link=https://gitter.im/spring-projects/spring-security?utm_source"
},
{
"path": "RELEASE.adoc",
"chars": 12549,
"preview": "= Release Process\n\nThe release process for Spring Security is entirely automated via the https://github.com/spring-io/sp"
},
{
"path": "access/spring-security-access.gradle",
"chars": 2144,
"preview": "plugins {\n\tid 'compile-warnings-error'\n\tid 'javadoc-warnings-error'\n}\n\napply plugin: 'io.spring.convention.spring-module"
},
{
"path": "access/src/main/java/org/springframework/security/access/AccessDecisionManager.java",
"chars": 2952,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/AccessDecisionVoter.java",
"chars": 3963,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/AfterInvocationProvider.java",
"chars": 2611,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/ConfigAttribute.java",
"chars": 3010,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/SecurityConfig.java",
"chars": 2729,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/SecurityMetadataSource.java",
"chars": 2922,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java",
"chars": 1384,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java",
"chars": 3820,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java",
"chars": 1536,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java",
"chars": 2896,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java",
"chars": 3899,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java",
"chars": 1366,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java",
"chars": 2462,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java",
"chars": 2895,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java",
"chars": 2088,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/event/LoggerListener.java",
"chars": 3283,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java",
"chars": 1666,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/event/package-info.java",
"chars": 787,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java",
"chars": 2988,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java",
"chars": 3903,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java",
"chars": 3016,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java",
"chars": 3633,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java",
"chars": 2040,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java",
"chars": 2458,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java",
"chars": 22565,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java",
"chars": 4412,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java",
"chars": 4930,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java",
"chars": 2434,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java",
"chars": 3852,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java",
"chars": 1593,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java",
"chars": 3393,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/RunAsManager.java",
"chars": 4722,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java",
"chars": 5028,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java",
"chars": 2579,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java",
"chars": 3232,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java",
"chars": 5550,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java",
"chars": 855,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java",
"chars": 1248,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java",
"chars": 2828,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java",
"chars": 3033,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java",
"chars": 874,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/intercept/package-info.java",
"chars": 1932,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java",
"chars": 4937,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java",
"chars": 2531,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java",
"chars": 4782,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java",
"chars": 10999,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java",
"chars": 1745,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/method/P.java",
"chars": 1518,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/method/package-info.java",
"chars": 871,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java",
"chars": 2951,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java",
"chars": 1186,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java",
"chars": 1425,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java",
"chars": 1183,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java",
"chars": 1800,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java",
"chars": 3272,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java",
"chars": 8217,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java",
"chars": 6237,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java",
"chars": 1575,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java",
"chars": 4259,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java",
"chars": 2743,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java",
"chars": 3000,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java",
"chars": 4761,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/vote/ConsensusBased.java",
"chars": 3869,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java",
"chars": 1979,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/access/vote/RoleVoter.java",
"chars": 4289,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/vote/UnanimousBased.java",
"chars": 3463,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/access/vote/package-info.java",
"chars": 805,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/acls/AclEntryVoter.java",
"chars": 10353,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java",
"chars": 5123,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java",
"chars": 5242,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java",
"chars": 4983,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java",
"chars": 2789,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java",
"chars": 2513,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java",
"chars": 1330,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/acls/afterinvocation/package-info.java",
"chars": 824,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/messaging/access/expression/EvaluationContextPostProcessor.java",
"chars": 1573,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactory.java",
"chars": 6095,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttribute.java",
"chars": 2766,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/messaging/access/expression/MessageExpressionVoter.java",
"chars": 3493,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptor.java",
"chars": 3687,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSource.java",
"chars": 2835,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/messaging/access/intercept/MessageSecurityMetadataSource.java",
"chars": 1185,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java",
"chars": 4816,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java",
"chars": 3623,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java",
"chars": 2173,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java",
"chars": 3826,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java",
"chars": 1958,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java",
"chars": 6705,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java",
"chars": 2429,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java",
"chars": 3433,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java",
"chars": 1523,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java",
"chars": 1534,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java",
"chars": 3367,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/web/access/channel/package-info.java",
"chars": 919,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java",
"chars": 3860,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java",
"chars": 5099,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java",
"chars": 2297,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java",
"chars": 3518,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java",
"chars": 4818,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/web/access/intercept/FilterInvocationSecurityMetadataSource.java",
"chars": 1674,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java",
"chars": 5343,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java",
"chars": 1947,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java",
"chars": 2789,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/AuthorizedEventTests.java",
"chars": 1815,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/ITargetObject.java",
"chars": 983,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/OtherTargetObject.java",
"chars": 1703,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/SecurityConfigTests.java",
"chars": 3029,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/TargetObject.java",
"chars": 2692,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/annotation/BusinessService.java",
"chars": 1782,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java",
"chars": 1740,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/annotation/Entity.java",
"chars": 842,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java",
"chars": 2033,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java",
"chars": 1804,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java",
"chars": 8434,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java",
"chars": 2274,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java",
"chars": 1035,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java",
"chars": 1031,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java",
"chars": 9015,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java",
"chars": 758,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java",
"chars": 1542,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java",
"chars": 1119,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java",
"chars": 7644,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java",
"chars": 5943,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java",
"chars": 6949,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java",
"chars": 2742,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java",
"chars": 6082,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java",
"chars": 11514,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java",
"chars": 939,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java",
"chars": 3571,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java",
"chars": 6944,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java",
"chars": 1863,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java",
"chars": 1464,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java",
"chars": 3338,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java",
"chars": 4997,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java",
"chars": 2919,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java",
"chars": 14456,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java",
"chars": 2430,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java",
"chars": 8531,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java",
"chars": 2793,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java",
"chars": 5203,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java",
"chars": 1988,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java",
"chars": 3213,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/prepost/PostInvocationAdviceProviderTests.java",
"chars": 1991,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java",
"chars": 1915,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java",
"chars": 4505,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java",
"chars": 2605,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java",
"chars": 4546,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java",
"chars": 4655,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java",
"chars": 4463,
"preview": "/*\n * Copyright 2004 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n"
},
{
"path": "access/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java",
"chars": 1757,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/vote/DenyVoter.java",
"chars": 1757,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java",
"chars": 1631,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java",
"chars": 1853,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java",
"chars": 5097,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProviderTests.java",
"chars": 4076,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProviderTests.java",
"chars": 6133,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/messaging/access/expression/ExpressionBasedMessageSecurityMetadataSourceFactoryTests.java",
"chars": 3601,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionConfigAttributeTests.java",
"chars": 3360,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/messaging/access/expression/MessageExpressionVoterTests.java",
"chars": 5926,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/messaging/access/intercept/ChannelSecurityInterceptorTests.java",
"chars": 6062,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/messaging/access/intercept/DefaultMessageSecurityMetadataSourceTests.java",
"chars": 3004,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluatorTests.java",
"chars": 5668,
"preview": "/*\n * Copyright 2004-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \""
},
{
"path": "access/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java",
"chars": 7265,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java",
"chars": 7406,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java",
"chars": 4603,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java",
"chars": 4581,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
},
{
"path": "access/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java",
"chars": 4277,
"preview": "/*\n * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited\n *\n * Licensed under the Apache License, Version 2.0 (the "
}
]
// ... and 6471 more files (download for full content)
About this extraction
This page contains the full source code of the spring-projects/spring-security GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 6671 files (34.7 MB), approximately 9.5M tokens, and a symbol index with 41546 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.