- SecurityConfigurer
public interface SecurityConfigurer<O, B extends SecurityBuilder<O>> {
/**
Initialize the SecurityBuilder. Here only shared state should be
createdand modified, but not properties on the SecurityBuilder
used for buildingthe object. This ensures that the
configure(SecurityBuilder) method usesthe correct shared objects when building.
*/
void init(B builder) throws Exception;
/**
Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
*/
void configure(B builder) throws Exception;
}
Allows for configuring a SecurityBuilder. All SecurityConfigurer firsthave their init(SecurityBuilder) method invoked. After all init(SecurityBuilder) methods have been invoked, each configure(SecurityBuilder) method is invoked.
- SecurityBuilder
public interface SecurityBuilder<O> {
O build() throws Exception;//Builds the object and returns it or null.
}
Interface for building an Object.
- WebSecurityConfigurer
public interface WebSecurityConfigurer<T extends SecurityBuilder<Filter>> extends
SecurityConfigurer<Filter, T> {
}
Allows customization to the WebSecurity. In most instances users will use EnableWebSecurity and a create Configuration that extends WebSecurityConfigurerAdapter which will automatically be applied to the WebSecurity by the EnableWebSecurity annotation.
- ProviderManagerBuilder
public interface ProviderManagerBuilder<B extends ProviderManagerBuilder<B>> extends
SecurityBuilder<AuthenticationManager> {
/**Add authentication based upon the custom AuthenticationProvider that ispassed in.
Since the AuthenticationProvider implementation is unknown, allcustomizations must be
done externally and the ProviderManagerBuilder isreturned immediately.Note that an
Exception is thrown if an error occurs when adding the AuthenticationProvider.
*/
B authenticationProvider(AuthenticationProvider authenticationProvider);
}
Interface for operating on a SecurityBuilder that creates a ProviderManager.
- AuthenticationManager
public interface AuthenticationManager {
/**
Attempts to authenticate the passed Authentication object, returning afully populated
Authentication object (including granted authorities)if successful.
*/
Authentication authenticate(Authentication authentication)
throws AuthenticationException;
}
Processes an Authentication request.
- AuthenticationProvider
public interface AuthenticationProvider {
/**
Performs authentication with the same contract as
org.springframework.security.authentication.AuthenticationManager.authenticate(Authentication).
*/
Authentication authenticate(Authentication authentication)
throws AuthenticationException;
/**
Returns true if this AuthenticationProvider supports theindicated Authentication object.
Returning true does not guarantee an AuthenticationProvider will be able to
authenticate the presentedinstance of the Authentication class. It simply indicates it
cansupport closer evaluation of it. An AuthenticationProvider can stillreturn null from the
authenticate(Authentication) method toindicate another AuthenticationProvider should be tried.
Selection of an AuthenticationProvider capable of performingauthentication is
conducted at runtime the ProviderManager.
*/
boolean supports(Class<?> authentication);
}
Indicates a class can process a specific org.springframework.security.core.Authentication implementation.
- UserDetailsService
public interface UserDetailsService {
/**
Locates the user based on the username. In the actual implementation, the searchmay
possibly be case sensitive, or case insensitive depending on how theimplementation
instance is configured. In this case, the UserDetailsobject that comes back may have a
username that is of a different case than whatwas actually requested..
*/
UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
}
Core interface which loads user-specific data.
It is used throughout the framework as a user DAO and is the strategy used by the DaoAuthenticationProvider.
The interface requires only one read-only method, which simplifies support for newdata-access strategies.
网友评论