Spring Security website screenshot

Spring Security

Spring Security is a powerful and highly customizable authentication and access-control framework for Java applications. It is the de-facto standard for securing Spring-based applications, providing comprehensive security services including authentication, authorization, protection against common exploits (CSRF, session fixation, clickjacking), OAuth 2.0, OpenID Connect, SAML 2.0, LDAP, and WebFlux reactive security.

6 APIs 0 Features
AuthenticationAuthorizationJavaJWTOAuth2OpenID ConnectSAMLSecuritySpring Framework

APIs

Spring Security OAuth2 API

OAuth 2.0 and OpenID Connect support for Spring Security. Provides client registration, authorization code flow, token endpoint, token refresh, PKCE support, and resource server...

Spring Authorization Server API

Spring's implementation of an OAuth 2.1 and OpenID Connect 1.0 authorization server. Provides issuing access tokens, refresh tokens, and ID tokens with support for PKCE, token i...

Spring Security Core

Core security features for authentication and authorization. Provides UserDetailsService, password encoding, security context management, method security, and HTTP security conf...

Spring Security SAML2

SAML 2.0 Service Provider support for Spring Security. Enables SSO integration with SAML identity providers, handling authentication requests, assertions, and SLO (Single Logout).

Spring Security LDAP

LDAP authentication and authorization support for Spring Security. Supports LDAP bind authentication, password comparison, and user details loading from directory services.

Spring Security WebFlux

Reactive security for Spring WebFlux applications. Provides non-blocking authentication, authorization, OAuth2 reactive client support, and CSRF protection for reactive web stacks.

Collections

Pricing Plans

Rate Limits

Spring Security Rate Limits

1 limits

RATE LIMITS

FinOps

Semantic Vocabularies

Spring Security Context

5 classes · 23 properties

JSON-LD

API Governance Rules

Spring Security API Rules

7 rules · 3 errors 3 warnings 1 info

SPECTRAL

JSON Structure

Spring Security Token Structure

0 properties

JSON STRUCTURE

Example Payloads

Resources

📰
Blog
Blog
🔗
Community
Community
🔗
Twitter
Twitter
🔗
Issue Tracker
Issue Tracker
🔗
Contributing Guide
Contributing Guide
🔗
License
License
🔗
Maven Repository
Maven Repository
📄
ChangeLog
ChangeLog

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Spring Security OAuth2 API
  version: 6.3.0
items:
- info:
    name: Authorization
    type: folder
  items:
  - info:
      name: OAuth2 Authorization Endpoint
      type: http
    http:
      method: GET
      url: http://localhost:8080/oauth2/authorize
      params:
      - name: response_type
        value: ''
        type: query
        description: OAuth 2.0 response type
      - name: client_id
        value: ''
        type: query
        description: Registered client ID
      - name: redirect_uri
        value: ''
        type: query
        description: URI to redirect after authorization
      - name: scope
        value: ''
        type: query
        description: Space-separated list of requested scopes (e.g., openid profile email)
      - name: state
        value: ''
        type: query
        description: CSRF protection state parameter
      - name: code_challenge
        value: ''
        type: query
        description: PKCE code challenge (S256 method recommended)
      - name: code_challenge_method
        value: ''
        type: query
        description: PKCE code challenge method
    docs: Initiates the OAuth 2.0 authorization code or implicit grant flow. Redirects the user to the authorization server
      for consent.
- info:
    name: Token
    type: folder
  items:
  - info:
      name: OAuth2 Token Endpoint
      type: http
    http:
      method: POST
      url: http://localhost:8080/oauth2/token
      body:
        type: form-urlencoded
        data:
        - name: grant_type
          value: ''
        - name: code
          value: ''
        - name: redirect_uri
          value: ''
        - name: code_verifier
          value: ''
        - name: refresh_token
          value: ''
        - name: scope
          value: ''
        - name: client_id
          value: ''
        - name: client_secret
          value: ''
      auth:
        type: basic
        username: '{{username}}'
        password: '{{password}}'
    docs: Issues access tokens, refresh tokens, and ID tokens. Supports authorization_code, refresh_token, client_credentials,
      and urn:ietf:params:oauth:grant-type:jwt-bearer grant types.
  - info:
      name: OAuth2 Token Introspection
      type: http
    http:
      method: POST
      url: http://localhost:8080/oauth2/introspect
      body:
        type: form-urlencoded
        data:
        - name: token
          value: ''
        - name: token_type_hint
          value: ''
      auth:
        type: basic
        username: '{{username}}'
        password: '{{password}}'
    docs: Validates a token and returns its metadata per RFC 7662
  - info:
      name: OAuth2 Token Revocation
      type: http
    http:
      method: POST
      url: http://localhost:8080/oauth2/revoke
      body:
        type: form-urlencoded
        data:
        - name: token
          value: ''
        - name: token_type_hint
          value: ''
      auth:
        type: basic
        username: '{{username}}'
        password: '{{password}}'
    docs: Revokes an access or refresh token per RFC 7009
- info:
    name: OpenID Connect
    type: folder
  items:
  - info:
      name: OpenID Connect UserInfo Endpoint
      type: http
    http:
      method: GET
      url: http://localhost:8080/userinfo
      auth:
        type: bearer
        token: '{{bearerToken}}'
    docs: Returns claims about the authenticated end-user per OpenID Connect Core
  - info:
      name: OpenID Connect UserInfo Endpoint (POST)
      type: http
    http:
      method: POST
      url: http://localhost:8080/userinfo
      auth:
        type: bearer
        token: '{{bearerToken}}'
    docs: Returns claims about the authenticated end-user via POST method
- info:
    name: Keys
    type: folder
  items:
  - info:
      name: JSON Web Key Set Endpoint
      type: http
    http:
      method: GET
      url: http://localhost:8080/oauth2/jwks
    docs: Returns the public keys used to verify JWT signatures
- info:
    name: Discovery
    type: folder
  items:
  - info:
      name: OpenID Connect Discovery
      type: http
    http:
      method: GET
      url: http://localhost:8080/.well-known/openid-configuration
    docs: Returns the OpenID Connect Provider configuration metadata
  - info:
      name: OAuth2 Authorization Server Metadata
      type: http
    http:
      method: GET
      url: http://localhost:8080/.well-known/oauth-authorization-server
    docs: Returns OAuth 2.0 authorization server metadata per RFC 8414
- info:
    name: Session
    type: folder
  items:
  - info:
      name: Spring Security Logout
      type: http
    http:
      method: POST
      url: http://localhost:8080/logout
      params:
      - name: _csrf
        value: ''
        type: query
        description: CSRF token
    docs: Invalidates the current session and clears security context
  - info:
      name: Get Login Page
      type: http
    http:
      method: GET
      url: http://localhost:8080/login
    docs: Returns the default Spring Security login form
  - info:
      name: Process Login
      type: http
    http:
      method: POST
      url: http://localhost:8080/login
      body:
        type: form-urlencoded
        data:
        - name: username
          value: ''
        - name: password
          value: ''
        - name: _csrf
          value: ''
        - name: remember-me
          value: ''
    docs: Processes username/password login form submission
bundled: true