Skip to main content

actix_security_core/http/security/
mod.rs

1//! Security module providing authentication and authorization.
2//!
3//! # Spring Equivalent
4//! `org.springframework.security` package
5//!
6//! # Module Structure
7//!
8//! - `authenticator` - User authentication implementations (MemoryAuthenticator)
9//! - `authorizer` - Request authorization implementations (RequestMatcherAuthorizer)
10//! - `config` - Core traits (Authenticator, Authorizer)
11//! - `crypto` - Password encoding (Argon2, BCrypt, NoOp, Delegating)
12//! - `extractor` - Actix Web extractors (AuthenticatedUser, OptionalUser)
13//! - `http_basic` - HTTP Basic Authentication support
14//! - `jwt` - JWT (JSON Web Token) Authentication
15//! - `session` - Session-based Authentication
16//! - `manager` - Factory methods (AuthenticationManager, AuthorizationManager)
17//! - `middleware` - Security middleware (SecurityTransform)
18//! - `user` - User model
19//! - `web` - Re-exports for backward compatibility
20//! - `expression` - Security Expression Language (SpEL-like)
21//! - `context` - Security context for accessing current user
22//! - `headers` - Security headers middleware (X-Frame-Options, CSP, HSTS, etc.)
23//! - `rate_limit` - Rate limiting middleware (brute-force protection)
24//! - `audit` - Security audit logging
25//! - `account` - Account locking on failed attempts
26//! - `ldap` - LDAP/Active Directory Authentication
27//! - `saml` - SAML 2.0 Single Sign-On
28//! - `ant_matcher` - Ant-style URL pattern matching
29//! - `channel` - Channel security (HTTPS enforcement)
30//!
31//! # Feature Flags
32//! - `argon2`: Enables `Argon2PasswordEncoder` and `DelegatingPasswordEncoder`
33//! - `bcrypt`: Enables `BCryptPasswordEncoder`
34//! - `http-basic`: Enables HTTP Basic Authentication
35//! - `jwt`: Enables JWT Authentication
36//! - `session`: Enables Session-based Authentication
37//! - `oauth2`: Enables OAuth2/OIDC Authentication
38//! - `rate-limit`: Enables Rate Limiting middleware
39//! - `audit`: Enables Security Audit Logging
40//! - `account-lock`: Enables Account Locking
41//! - `ldap`: Enables LDAP/Active Directory Authentication
42//! - `saml`: Enables SAML 2.0 Single Sign-On
43//! - `api-key`: Enables API Key Authentication
44//! - `websocket`: Enables WebSocket security (origin validation, auth during handshake)
45
46// Re-exports for convenience
47#[cfg(feature = "account-lock")]
48pub use account::{
49    check_login, AccountLockManager, AccountStats, LockConfig, LockStatus, LoginCheckResult,
50};
51pub use ant_matcher::{AntMatcher, AntMatcherBuilder, AntMatchers, IntoAntMatcher};
52#[cfg(feature = "api-key")]
53pub use api_key::{
54    ApiKey, ApiKeyAuthenticator, ApiKeyBuilder, ApiKeyConfig, ApiKeyError, ApiKeyLocation,
55    ApiKeyRepository, InMemoryApiKeyRepository,
56};
57#[cfg(feature = "audit")]
58pub use audit::{
59    audit_log, global_logger, init_global_logger, AuditLogger, InMemoryEventStore, SecurityEvent,
60    SecurityEventHandler, SecurityEventSeverity, SecurityEventType, StdoutHandler, TracingHandler,
61};
62pub use authenticator::MemoryAuthenticator;
63pub use authorizer::{Access, RequestMatcherAuthorizer};
64pub use channel::{ChannelRequirement, ChannelSecurity, ChannelSecurityConfig, PortMapper};
65pub use config::{Authenticator, Authorizer};
66pub use context::SecurityContext;
67#[cfg(feature = "bcrypt")]
68pub use crypto::BCryptPasswordEncoder;
69#[cfg(feature = "argon2")]
70pub use crypto::{Argon2PasswordEncoder, DefaultEncoder, DelegatingPasswordEncoder};
71pub use crypto::{NoOpPasswordEncoder, PasswordEncoder};
72#[cfg(feature = "csrf")]
73pub use csrf::{
74    CsrfConfig, CsrfError, CsrfProtection, CsrfToken, CsrfTokenRepository,
75    SessionCsrfTokenRepository,
76};
77pub use extractor::{AuthenticatedUser, OptionalUser, SecurityExt};
78#[cfg(feature = "form-login")]
79pub use form_login::{
80    FormLoginConfig, FormLoginError, FormLoginHandler, FormLoginService, LoginForm,
81};
82pub use headers::SecurityHeaders;
83#[cfg(feature = "http-basic")]
84pub use http_basic::HttpBasicConfig;
85#[cfg(feature = "jwt")]
86pub use jwt::{Claims as JwtClaims, JwtAuthenticator, JwtConfig, JwtTokenService};
87#[cfg(feature = "ldap")]
88pub use ldap::{
89    LdapAuthResult, LdapAuthenticator, LdapConfig, LdapContextMapper, LdapError, MockLdapClient,
90};
91pub use manager::{AuthenticationManager, AuthorizationManager};
92#[cfg(feature = "oauth2")]
93pub use oauth2::{
94    OAuth2Authenticator, OAuth2Client, OAuth2Config, OAuth2Provider, OAuth2User, OidcUser,
95};
96#[cfg(feature = "rate-limit")]
97pub use rate_limit::{
98    KeyExtractor, RateLimitAlgorithm, RateLimitConfig, RateLimitInfo, RateLimiter, RateLimiterState,
99};
100#[cfg(feature = "remember-me")]
101pub use remember_me::{RememberMeConfig, RememberMeError, RememberMeServices, RememberMeToken};
102#[cfg(feature = "saml")]
103pub use saml::{
104    AuthnContextClass, AuthnRequest, NameIdFormat, SamlAssertion, SamlAuthResult,
105    SamlAuthenticator, SamlBinding, SamlConfig, SamlError, SamlResponse, SamlStatusCode,
106};
107#[cfg(feature = "session")]
108pub use session::{
109    CredentialAuthenticator, SessionAuthenticator, SessionConfig, SessionError,
110    SessionFixationStrategy, SessionLoginService, SessionUser,
111};
112pub use user::User;
113#[cfg(feature = "user-details")]
114pub use user_details::{
115    CachingUserDetailsService, InMemoryUserDetailsService, UserDetailsAuthenticator,
116    UserDetailsError, UserDetailsManager, UserDetailsService,
117};
118#[cfg(feature = "websocket")]
119pub use websocket::{
120    OriginValidator, OriginValidatorBuilder, WebSocketSecurityConfig,
121    WebSocketSecurityConfigBuilder, WebSocketSecurityError, WebSocketUpgrade, WebSocketUser,
122};
123
124// Internal modules (private implementation details)
125mod config;
126mod extractor;
127mod user;
128
129// Public modules
130#[cfg(feature = "account-lock")]
131pub mod account;
132pub mod ant_matcher;
133#[cfg(feature = "api-key")]
134pub mod api_key;
135#[cfg(feature = "audit")]
136pub mod audit;
137pub mod authenticator;
138pub mod authorizer;
139pub mod channel;
140pub mod context;
141pub mod crypto;
142#[cfg(feature = "csrf")]
143pub mod csrf;
144pub mod expression;
145#[cfg(feature = "form-login")]
146pub mod form_login;
147pub mod headers;
148pub mod http_basic;
149#[cfg(feature = "jwt")]
150pub mod jwt;
151#[cfg(feature = "ldap")]
152pub mod ldap;
153pub mod manager;
154pub mod middleware;
155#[cfg(feature = "oauth2")]
156pub mod oauth2;
157#[cfg(feature = "rate-limit")]
158pub mod rate_limit;
159#[cfg(feature = "remember-me")]
160pub mod remember_me;
161#[cfg(feature = "saml")]
162pub mod saml;
163#[cfg(feature = "session")]
164pub mod session;
165#[cfg(feature = "user-details")]
166pub mod user_details;
167#[cfg(feature = "websocket")]
168pub mod websocket;
169
170// Backward compatibility module
171pub mod web;