spring security 3.0.1

Home
Java Source Code / Java Documentation
1.6.0 JDK Core
2.6.0 JDK Modules
3.6.0 JDK Modules com.sun
4.6.0 JDK Modules com.sun.java
5.6.0 JDK Modules sun
6.6.0 JDK Platform
7.Ajax
8.Apache Harmony Java SE
9.Aspect oriented
10.Authentication Authorization
11.Blogger System
12.Build
13.Byte Code
14.Cache
15.Chart
16.Chat
17.Code Analyzer
18.Collaboration
19.Content Management System
20.Database Client
21.Database DBMS
22.Database JDBC Connection Pool
23.Database ORM
24.Development
25.EJB Server
26.ERP CRM Financial
27.ESB
28.Forum
29.Game
30.GIS
31.Graphic 3D
32.Graphic Library
33.Groupware
34.HTML Parser
35.IDE
36.IDE Eclipse
37.IDE Netbeans
38.Installer
39.Internationalization Localization
40.Inversion of Control
41.Issue Tracking
42.J2EE
43.J2ME
44.JBoss
45.JMS
46.JMX
47.Library
48.Mail Clients
49.Music
50.Natural Language Processing
51.Net
52.Parser
53.PDF
54.Portal
55.Profiler
56.Project Management
57.Report
58.RSS RDF
59.Rule Engine
60.Science
61.Scripting
62.Search Engine
63.Security
64.Sevlet Container
65.Source Control
66.Swing Library
67.Template Engine
68.Test Coverage
69.Testing
70.UML
71.Web Crawler
72.Web Framework
73.Web Mail
74.Web Server
75.Web Services
76.Web Services apache cxf 2.2.6
77.Web Services AXIS2
78.Wiki Engine
79.Workflow Engines
80.XML
81.XML UI
Java Source Code / Java Documentation  » Security » spring security 3.0.1 
Spring security
License:Apache License
URL:http://static.springsource.org/spring-security/site/index.html
Description:Spring Security is one of the most mature and widely used Spring projects.
Package NameComment
org.springframework.security.access Core access-control related code, including
  • security metadata related classes
  • interception code
  • Security access control annotations
  • Voter-based AccessDecisionManager implementations
org.springframework.security.access.annotation
org.springframework.security.access.event
org.springframework.security.access.expression

Expression handling code to support the use of Spring-EL based expressions in @PreAuthorize, @PreFilter, @PostAuthorizue and @PostFilter annotations. Mainly for internal framework use and liable to change.

org.springframework.security.access.expression.method
org.springframework.security.access.hierarchicalroles
org.springframework.security.access.intercept Actually enforces the security and ties the whole security system together.

A secure object is a term frequently used throughout the security system. It does not refer to a business object that is being secured, but instead refers to some infrastructure object that can have security facilities provided for it by Spring Security. For example, one secure object would be MethodInvocation, whilst another would be HTTP {@link org.springframework.security.web.FilterInvocation}. Note these are infrastructure objects and their design allows them to represent a large variety of actual resources that might need to be secured, such as business objects or HTTP request URLs.

Each secure object typically has its own interceptor package. Each package usually includes a concrete security interceptor (which subclasses {@link org.springframework.security.access.intercept.AbstractSecurityInterceptor}, an appropriate {@link org.springframework.security.access.SecurityMetadataSource} for the type of resources the secure object represents, and a property editor to populate the SecurityMetadataSource.

org.springframework.security.access.intercept.aopalliance Enforces security for AOP Alliance MethodInvocations, such as via Spring AOP.
org.springframework.security.access.intercept.aspectj Enforces security for AspectJ JointPoints, delegating secure object callbacks to the calling aspect.

Refer to the reference guide for information on usage.

org.springframework.security.access.method Provides support objects for securing Java method invocations via different AOP libraries.
org.springframework.security.access.prepost

Contains the infrastructure classes for handling the @PreAuthorize, @PreFilter, @PostAuthorize and @PostFilter annotations.

Other than the annotations themselves, the classes should be regarded as for internal framework use and are liable to change without notice.
org.springframework.security.access.vote Implements a vote-based approach to authorization decisions.

org.springframework.security.acls
org.springframework.security.acls.afterinvocation
org.springframework.security.acls.domain Basic implementation of access control lists (ACLs) interfaces.
org.springframework.security.acls.jdbc JDBC-based persistence of ACL information.
org.springframework.security.acls.model Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.
org.springframework.security.authentication Implements a provider-based approach to authentication decisions.

org.springframework.security.authentication.dao An authentication provider that relies upon a data access object.
org.springframework.security.authentication.encoding Password encoding implementations.
org.springframework.security.authentication.event Enables authentication events to be published to the Spring application context.

The ProviderManager automatically publishes events to the application context. These events are received by all registered Spring ApplicationListeners.

org.springframework.security.authentication.jaas An authentication provider for JAAS.
org.springframework.security.authentication.jaas.event Enables JAAS events to be published to the Spring application context.
org.springframework.security.authentication.rcp Allows remote clients to authenticate and obtain a populated Authentication object.
org.springframework.security.cas
org.springframework.security.cas.authentication An authentication provider that can process JA-SIG Central Authentication Service (CAS) service tickets and proxy tickets.
org.springframework.security.cas.userdetails
org.springframework.security.cas.web Authenticates standard web browser users via JA-SIG Central Authentication Service (CAS).
org.springframework.security.config
org.springframework.security.config.authentication
org.springframework.security.config.http
org.springframework.security.config.ldap
org.springframework.security.config.method
org.springframework.security.core
org.springframework.security.core.authority
org.springframework.security.core.authority.mapping
org.springframework.security.core.codec
org.springframework.security.core.context Classes related to the establishment of a security context for the duration of a request (such as an HTTP or RMI invocation).

A security context is associated with the current execution thread for the duration of the request, making the authentication information it contains available throughout all the layers of an application.

org.springframework.security.core.session Session registry and other related classes.
org.springframework.security.core.token
org.springframework.security.core.userdetails
org.springframework.security.core.userdetails.cache
org.springframework.security.core.userdetails.jdbc Exposes a JDBC-based authentication repository.
org.springframework.security.core.userdetails.memory Exposes an in-memory authentication repository.
org.springframework.security.extensions.kerberos
org.springframework.security.extensions.kerberos.sample
org.springframework.security.extensions.kerberos.web
org.springframework.security.ldap
org.springframework.security.ldap.authentication

The LDAP authentication provider package. Interfaces are provided for both authentication and retrieval of user roles from an LDAP server.

The main provider class is LdapAuthenticationProvider. This is configured with an LdapAuthenticator instance and an LdapAuthoritiesPopulator. The latter is used to obtain the list of roles for the user.

org.springframework.security.ldap.ppolicy
org.springframework.security.ldap.search LdapUserSearch implementations. These may be used to locate the user in the directory.
org.springframework.security.ldap.server
org.springframework.security.ldap.userdetails
org.springframework.security.openid Authenticates standard web browser users via OpenID.
org.springframework.security.provisioning

Contains simple user and authority group account provisioning interfaces together with a a JDBC-based implementation.

org.springframework.security.remoting.dns
org.springframework.security.remoting.httpinvoker Enables use of Spring's HttpInvoker extension points to present the principal and credentials located in the ContextHolder via BASIC authentication.

The beans are wired as follows:

<bean id="test" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
<property name="serviceUrl"><value>http://localhost/Test</value></property>
<property name="serviceInterface"><value>test.TargetInterface</value></property>
<property name="httpInvokerRequestExecutor"><ref bean="httpInvokerRequestExecutor"/></property>
</bean>

<bean id="httpInvokerRequestExecutor" class="org.springframework.security.core.context.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/>

org.springframework.security.remoting.rmi Enables use of Spring's RMI remoting extension points to propagate the ContextHolder (which should contain an Authentication request token) from one JVM to the remote JVM.

The beans are wired as follows:

<bean id="test" class="org.springframework.remoting.rmi.RmiProxyFactoryBean">
<property name="serviceUrl"><value>rmi://localhost/Test</value></property>
<property name="serviceInterface"><value>test.TargetInterface</value></property>
<property name="refreshStubOnConnectFailure"><value>true</value></property>
<property name="remoteInvocationFactory"><ref bean="remoteInvocationFactory"/></property>
</bean>

<bean id="remoteInvocationFactory" class="org.springframework.security.core.context.rmi.ContextPropagatingRemoteInvocationFactory"/>

org.springframework.security.taglibs.authz Java implementation of security taglib.
org.springframework.security.taglibs.velocity
org.springframework.security.util

General utility classes used throughout the Spring Security framework.

This package should essentially be standalone - it should not have dependencies on other parts of the framework, just on external libraries and the JDK.

org.springframework.security.web
org.springframework.security.web.access
org.springframework.security.web.access.channel Classes that ensure web requests are received over required transport channels.
org.springframework.security.web.access.expression
org.springframework.security.web.access.intercept Enforces security for HTTP requests, typically by the URL requested.
org.springframework.security.web.authentication Authentication processing mechanisms, which respond to the submission of authentication credentials using various protocols (eg BASIC, CAS, form login etc).
org.springframework.security.web.authentication.logout
org.springframework.security.web.authentication.preauth
org.springframework.security.web.authentication.preauth.j2ee
org.springframework.security.web.authentication.preauth.websphere
org.springframework.security.web.authentication.preauth.x509
org.springframework.security.web.authentication.rememberme Support for remembering a user between different web sessions.
org.springframework.security.web.authentication.session Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.
org.springframework.security.web.authentication.switchuser Provides HTTP-based "switch user" (su) capabilities.
org.springframework.security.web.authentication.ui Authentication user-interface rendering code. Used to conveniently create an appropriate login page when using namespace configuration without defining a login page URL.
org.springframework.security.web.authentication.www Contains WWW-Authenticate based authentication mechanism implementations: Basic and Digest authentication.
org.springframework.security.web.context

Classes which are responsible for maintaining the security context between HTTP requests.

org.springframework.security.web.savedrequest Classes related top the caching of an HttpServletRequest which requires authentication. While the user is logging in, the request is cached (using the RequestCache implementation) by the ExceptionTranslationFilter. Once the user has been authenticated, the original request is restored following a redirect to a matching URL, and the RequestCache is queried to obtain the original (matching) request.
org.springframework.security.web.servletapi Populates a Servlet request with a new Spring Security compliant HttpServletRequestWrapper.

To use, simply add the SecurityContextHolderAwareRequestFilter to the Spring Security filter chain.

org.springframework.security.web.session Session management filters, HttpSession events and publisher classes.
org.springframework.security.web.util
ww___w_._j_a___va2__s_.___c___o__m_ | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.