Skip to main content

Module security

actix_security_core::http

Module security 

Source
Expand description

Security module providing authentication and authorization.

§Spring Equivalent

org.springframework.security package

§Module Structure

  • authenticator - User authentication implementations (MemoryAuthenticator)
  • authorizer - Request authorization implementations (RequestMatcherAuthorizer)
  • config - Core traits (Authenticator, Authorizer)
  • crypto - Password encoding (Argon2, BCrypt, NoOp, Delegating)
  • extractor - Actix Web extractors (AuthenticatedUser, OptionalUser)
  • http_basic - HTTP Basic Authentication support
  • jwt - JWT (JSON Web Token) Authentication
  • session - Session-based Authentication
  • manager - Factory methods (AuthenticationManager, AuthorizationManager)
  • middleware - Security middleware (SecurityTransform)
  • user - User model
  • web - Re-exports for backward compatibility
  • expression - Security Expression Language (SpEL-like)
  • context - Security context for accessing current user
  • headers - Security headers middleware (X-Frame-Options, CSP, HSTS, etc.)
  • rate_limit - Rate limiting middleware (brute-force protection)
  • audit - Security audit logging
  • account - Account locking on failed attempts
  • ldap - LDAP/Active Directory Authentication
  • saml - SAML 2.0 Single Sign-On
  • ant_matcher - Ant-style URL pattern matching
  • channel - Channel security (HTTPS enforcement)

§Feature Flags

  • argon2: Enables Argon2PasswordEncoder and DelegatingPasswordEncoder
  • bcrypt: Enables BCryptPasswordEncoder
  • http-basic: Enables HTTP Basic Authentication
  • jwt: Enables JWT Authentication
  • session: Enables Session-based Authentication
  • oauth2: Enables OAuth2/OIDC Authentication
  • rate-limit: Enables Rate Limiting middleware
  • audit: Enables Security Audit Logging
  • account-lock: Enables Account Locking
  • ldap: Enables LDAP/Active Directory Authentication
  • saml: Enables SAML 2.0 Single Sign-On

Re-exports§

pub use account::check_login;
pub use account::AccountLockManager;
pub use account::AccountStats;
pub use account::LockConfig;
pub use account::LockStatus;
pub use account::LoginCheckResult;
pub use ant_matcher::AntMatcher;
pub use ant_matcher::AntMatcherBuilder;
pub use ant_matcher::AntMatchers;
pub use ant_matcher::IntoAntMatcher;
pub use audit::audit_log;
pub use audit::global_logger;
pub use audit::init_global_logger;
pub use audit::AuditLogger;
pub use audit::InMemoryEventStore;
pub use audit::SecurityEvent;
pub use audit::SecurityEventHandler;
pub use audit::SecurityEventSeverity;
pub use audit::SecurityEventType;
pub use audit::StdoutHandler;
pub use authenticator::MemoryAuthenticator;
pub use authorizer::Access;
pub use authorizer::RequestMatcherAuthorizer;
pub use channel::ChannelRequirement;
pub use channel::ChannelSecurity;
pub use channel::ChannelSecurityConfig;
pub use channel::PortMapper;
pub use context::SecurityContext;
pub use crypto::BCryptPasswordEncoder;
pub use crypto::Argon2PasswordEncoder;
pub use crypto::DefaultEncoder;
pub use crypto::DelegatingPasswordEncoder;
pub use crypto::NoOpPasswordEncoder;
pub use crypto::PasswordEncoder;
pub use csrf::CsrfConfig;
pub use csrf::CsrfError;
pub use csrf::CsrfProtection;
pub use csrf::CsrfToken;
pub use csrf::CsrfTokenRepository;
pub use csrf::SessionCsrfTokenRepository;
pub use form_login::FormLoginConfig;
pub use form_login::FormLoginError;
pub use form_login::FormLoginHandler;
pub use form_login::FormLoginService;
pub use form_login::LoginForm;
pub use headers::SecurityHeaders;
pub use http_basic::HttpBasicConfig;
pub use jwt::Claims as JwtClaims;
pub use jwt::JwtAuthenticator;
pub use jwt::JwtConfig;
pub use jwt::JwtTokenService;
pub use ldap::LdapAuthResult;
pub use ldap::LdapAuthenticator;
pub use ldap::LdapConfig;
pub use ldap::LdapContextMapper;
pub use ldap::LdapError;
pub use ldap::MockLdapClient;
pub use manager::AuthenticationManager;
pub use manager::AuthorizationManager;
pub use oauth2::OAuth2Authenticator;
pub use oauth2::OAuth2Client;
pub use oauth2::OAuth2Config;
pub use oauth2::OAuth2Provider;
pub use oauth2::OAuth2User;
pub use oauth2::OidcUser;
pub use rate_limit::KeyExtractor;
pub use rate_limit::RateLimitAlgorithm;
pub use rate_limit::RateLimitConfig;
pub use rate_limit::RateLimitInfo;
pub use rate_limit::RateLimiter;
pub use rate_limit::RateLimiterState;
pub use remember_me::RememberMeConfig;
pub use remember_me::RememberMeError;
pub use remember_me::RememberMeServices;
pub use remember_me::RememberMeToken;
pub use saml::AuthnContextClass;
pub use saml::AuthnRequest;
pub use saml::NameIdFormat;
pub use saml::SamlAssertion;
pub use saml::SamlAuthResult;
pub use saml::SamlAuthenticator;
pub use saml::SamlBinding;
pub use saml::SamlConfig;
pub use saml::SamlError;
pub use saml::SamlResponse;
pub use saml::SamlStatusCode;
pub use session::CredentialAuthenticator;
pub use session::SessionAuthenticator;
pub use session::SessionConfig;
pub use session::SessionError;
pub use session::SessionFixationStrategy;
pub use session::SessionLoginService;
pub use session::SessionUser;
pub use user_details::CachingUserDetailsService;
pub use user_details::InMemoryUserDetailsService;
pub use user_details::UserDetailsAuthenticator;
pub use user_details::UserDetailsError;
pub use user_details::UserDetailsManager;
pub use user_details::UserDetailsService;

Modules§

account
Account locking and login attempt tracking.
ant_matcher
Ant-style Path Matcher
audit
Security Audit Logging system.
authenticator
In-Memory User Details Manager.
authorizer
Request Matcher based Authorization.
channel
Channel Security Module
context
Security Context for accessing the current authenticated user.
crypto
Password encoding utilities.
csrf
CSRF (Cross-Site Request Forgery) Protection.
expression
Security Expression Language (SpEL-like) for authorization.
form_login
Form-based Login Authentication.
headers
Security headers middleware for HTTP security.
http_basic
HTTP Basic Authentication support.
jwt
JWT (JSON Web Token) Authentication.
ldap
LDAP Authentication module.
manager
middleware
Security middleware for Actix Web.
oauth2
OAuth2 and OpenID Connect (OIDC) Authentication
rate_limit
Rate Limiting middleware for brute-force protection.
remember_me
Remember-Me Authentication.
saml
SAML 2.0 Authentication Module
session
Session-based Authentication.
user_details
User Details Service for loading users from any data source.
web
Re-exports for backward compatibility.

Structs§

AuthenticatedUser
Extractor for the authenticated user.
OptionalUser
Optional extractor for the authenticated user.
User
Represents an authenticated user with roles and authorities.

Traits§

Authenticator
Trait for extracting user identity from an HTTP request.
Authorizer
Trait for deciding whether an authenticated user can access a resource.
SecurityExt
Extension trait for HttpRequest to check authentication.