@startuml spring-security-httpsecurity skinparam Shadowing false skinparam class { BackgroundColor White } hide empty members class HttpSecurity { - RequestMatcherConfigurer requestMatcherConfigurer - List filters - RequestMatcher requestMatcher - FilterOrderRegistration filterOrders - AuthenticationManager authenticationManager - ApplicationContext getContext() + HeadersConfigurer headers() + CorsConfigurer cors() + SessionManagementConfigurer sessionManagement() + PortMapperConfigurer portMapper() + JeeConfigurer jee() + X509Configurer x509() + RememberMeConfigurer rememberMe() + ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests() + AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry authorizeHttpRequests() + RequestCacheConfigurer requestCache() + ExceptionHandlingConfigurer exceptionHandling() + SecurityContextConfigurer serurityContext() + ServletApiConfigurer servletApi() + CsrfConfigurer csrf() + LogoutConfigurer logout() + AnonymousConfigurer anonymous() + FormLoginConfigurer formLogin() + Saml2LoginConfigurer saml2Login() + OAuth2LoginConfigurer oauth2Login() + OAuth2ClientConfigurer oauth2Client() + OAuth2ResourceServerConfigurer oauth2ResouceServer() + ChannelSecurityConfigurer.ChannelRequestMatcherRegistry requiresChannel() + HttpBasicConfigurer httpBasic() + HttpSecurity passwordManagement(Customizer> customizer) + HttpSecurity authenticationManager(AuthenticationManager authenticationManager) + RequestMatcherConfigurer requestMatchers() + HttpSecurity antMatcher(String antPattern) + HttpSecurity mvcMatcher(String mvcPattern) + HttpSecurity regexMatcher(String pattern) } class MvcMatchersRequestMatcherConfigurer { + RequestMatcherConfigurer servletPath(String servletPath) } class RequestMatcherConfigurer { # List matchers + HttpSecurity and() } abstract AbstractRequestMatcherRegistry { -{static} RequestMatcher ANY_REQUEST - ApplicationContext context - boolean anyRequestConfigured + C anyRequest() + C antMathcers(HttpMethod method) + C antMatchers(HttpMethod method, String... antPatterns) + C antMatchers(String... antPattern) +{abstract} C mvcMatchers(String... mvcPatterns) +{abstract} C mvcMatchers(HttpMethod method, String... mvcPattern) + C regexMatchers(HttpMethod method, String... regexPatterns) + C regexMatchers(String... regexPatterns) + C dispatcherTypeMatchers(HttpMethod method, DispatcherType... dispatcherTypes) + C dispatcherTypeMatchers(DispatcherType... dispatcherTypes) + C requestMatchers(RequestMatcher... requestMatchers) #{abstract} C chainRequestMatchers(List requestMatchers) } abstract AbstractHttpConfigurer { + B disable() + T withObjectPostProcessor(ObjectPostProcessor processor) } abstract SecurityConfigurerAdpter> { - B securityBuilder + void configure(B builder) + B and() + void addObjectPostProcessor(ObjectPostProcessor processor) } interface SecurityConfigurer> { + void init(B builder) + void configure(B builder) } class HeadersConfigurer> { + HeadersConfigurer addHeaderWriter(HeaderWriter headerWriter) + ContentTypeOptionsConfig contentTypeOptions() + XXssConfig xssProtection() + CacheControlConfig cacheControl() + HstsConfig httpStrictTransportSecurity() + FrameOptionsConfig frameOptions() + HpkpConfig httpPublicKeyPinning() + ContentSecurityPolicyConfig contentSecurityPolicy() + HeadersConfigurer defaultDisabled() + ReferrerPolicyConfig referrerPolicy() + ReferrerPolicyConfig referrerPolicy(ReferrerPolicy policy) + PermissionPolicyConfig permissionPolicy() } class CorsConfigurer> { + CorsConfigurer configurationSource(CorsConfigurationSource source) } class CsrfConfigurer> { + CsrfConfigurer csrfTokenRepository(CsrfTokenRepository repo) + CsrfConfigurer requireCsrfProtectionMatcher(RequestMatcher matcher) + CsrfConfigurer ignoringAntMatcher(String... patterns) + CsrfConfigurer ignoringRequestMatchers(RequestMatcher... matchers) + CsrfConfigurer sessionAuthenticationStrategy(SessionAuthenticationStrategy strategy) } class AnonymousConfigurer> { + AnonymousConfigurer key(String key) + AnonymousConfigurer principal(Object principal) + AnonymousConfigurer authorities(List authorities) + AnonymousConfigurer authorities(String... authorities) + AnonymousConfigurer authenticationProvider(AuthenticationProvider provider) + AnonymousConfigurer authenticationFilter(AnonymousAuthenticationFilter filter) } class LogoutConfigurer> { + LogoutConfigurer addLogoutHandler(LogoutHandler handler) + LogoutConfigurer clearAuthentication(boolean clearAuthentication) + LogoutConfigurer invalidateHttpSession(boolean invalidate) + LogoutConfigurer logoutUrl(String url) + LogoutConfigurer logoutRequestMatcher(RequestMatcher matcher) + LogoutConfigurer logoutSuccessUrl(String url) + LogoutConfigurer permitAll() + LogoutConfigurer deleteCookies(String... names) + LogoutConfigurer logoutSuccessHandler(LogoutSuccessHandler handler) + LogoutConfigurer defaultLogoutSuccessHandlerFor(logoutSuccessHandler handler, RequestMatcher matcher) + LogoutConfigurer permitAll(boolean permitAll) } class RememberMeConfigurer> { + RememberMeConfigurer tokenValidatySeconds(int sec) + RememberMeConfigurer useSecureCookie(boolean secured) + RememberMeConfigurer useDetailsService(UserDetailsService service) + RememberMeConfigurer toeknRepository(PersistentToeknRepository repo) + RememberMeConfigurer key(String key) + RememberMeConfigurer rememberMeParameter(String param) + RememberMeConfigurer rememberMeCookieName(String name) + RememberMeConfigurer rememberMeCookieDomain(String domain) + RememberMeConfigurer authenticationSuccessHandler(AuthenticationSuccessHandler handler) + RememberMeConfigurer rememberMeServices(RememberMeServices service) + RememberMeConfigurer alwaysRemember(boolea always) } class FormLoginConfigurer> { + FormLoginConfigurer loginPage(String loginPage) + FormLoginConfigurer usernameParameter(String param) + FormLoginConfigurer passwordParameter(String param) + FormLoginConfigurer failureForwardUrl(String url) + FormLoginConfigurer successForwardUrl(String url) } class HttpBasicConfigurer> { + HttpBasicConfigurer realmName(String name) + HttpBasicConfigurer authenticationEntryPoint(AuthenticationEntryPoint entryPoint) + HttpBasicConfigurer authenticationDetailsSource(AuthenticationDetailsSource source) } class ExceptionHandlingConfigurer> { + ExceptionHandlingConfigurer accessDeniedPage(String url) + ExceptionHandlingConfigurer accessDeniedHandler(AccessDeniedHandler handler) + ExceptionHandlingConfigurer defaultAccessDeniedHandlerFor(AccessDeniedHandler handler, RequestMatcher matcher) + ExceptionHandlingConfigurer authenticationEntryPoint(AuthenticationEntryPoint entryPoint) + ExceptionHandlingConfigurer defaultAuthenticationEntryPointFor(AuthenticationEntryPoint entryPoint, RequestMatcher matcher) } MvcMatchersRequestMatcherConfigurer --|> RequestMatcherConfigurer MvcMatchersRequestMatcherConfigurer --+ HttpSecurity RequestMatcherConfigurer --+ HttpSecurity AbstractRequestMatcherRegistry <|. RequestMatcherConfigurer SecurityConfigurerAdpter --|> SecurityConfigurer AbstractHttpConfigurer ..|>SecurityConfigurerAdpter HeadersConfigurer -* HttpSecurity CorsConfigurer --* HttpSecurity HttpSecurity *-- CsrfConfigurer HttpSecurity *-- AnonymousConfigurer HttpSecurity *-- LogoutConfigurer HttpSecurity *-- RememberMeConfigurer HttpSecurity *-- FormLoginConfigurer HttpSecurity *- HttpBasicConfigurer HttpSecurity *- ExceptionHandlingConfigurer HeadersConfigurer --|> AbstractHttpConfigurer CorsConfigurer ----|> AbstractHttpConfigurer AbstractHttpConfigurer <|- CsrfConfigurer AnonymousConfigurer --|> AbstractHttpConfigurer LogoutConfigurer -|> AbstractHttpConfigurer RememberMeConfigurer --|> AbstractHttpConfigurer FormLoginConfigurer --|> AbstractHttpConfigurer HttpBasicConfigurer ----|> AbstractHttpConfigurer ExceptionHandlingConfigurer --|> AbstractHttpConfigurer @enduml