Expand description
Security module providing authentication and authorization.
§Spring Equivalent
org.springframework.security package
§Module Structure
authenticator- User authentication implementations (MemoryAuthenticator)authorizer- Request authorization implementations (RequestMatcherAuthorizer)config- Core traits (Authenticator, Authorizer)crypto- Password encoding (Argon2, BCrypt, NoOp, Delegating)extractor- Actix Web extractors (AuthenticatedUser, OptionalUser)http_basic- HTTP Basic Authentication supportjwt- JWT (JSON Web Token) Authenticationsession- Session-based Authenticationmanager- Factory methods (AuthenticationManager, AuthorizationManager)middleware- Security middleware (SecurityTransform)user- User modelweb- Re-exports for backward compatibilityexpression- Security Expression Language (SpEL-like)context- Security context for accessing current userheaders- Security headers middleware (X-Frame-Options, CSP, HSTS, etc.)rate_limit- Rate limiting middleware (brute-force protection)audit- Security audit loggingaccount- Account locking on failed attemptsldap- LDAP/Active Directory Authenticationsaml- SAML 2.0 Single Sign-Onant_matcher- Ant-style URL pattern matchingchannel- Channel security (HTTPS enforcement)
§Feature Flags
argon2: EnablesArgon2PasswordEncoderandDelegatingPasswordEncoderbcrypt: EnablesBCryptPasswordEncoderhttp-basic: Enables HTTP Basic Authenticationjwt: Enables JWT Authenticationsession: Enables Session-based Authenticationoauth2: Enables OAuth2/OIDC Authenticationrate-limit: Enables Rate Limiting middlewareaudit: Enables Security Audit Loggingaccount-lock: Enables Account Lockingldap: Enables LDAP/Active Directory Authenticationsaml: Enables SAML 2.0 Single Sign-On
Modules§
- account
- Account locking and login attempt tracking.
- ant_
matcher - Ant-style Path Matcher
- audit
- Security Audit Logging system.
- authenticator
- In-Memory User Details Manager.
- authorizer
- Request Matcher based Authorization.
- channel
- Channel Security Module
- context
- Security Context for accessing the current authenticated user.
- crypto
- Password encoding utilities.
- csrf
- CSRF (Cross-Site Request Forgery) Protection.
- expression
- Security Expression Language (SpEL-like) for authorization.
- form_
login - Form-based Login Authentication.
- headers
- Security headers middleware for HTTP security.
- http_
basic - HTTP Basic Authentication support.
- jwt
- JWT (JSON Web Token) Authentication.
- ldap
- LDAP Authentication module.
- manager
- middleware
- Security middleware for Actix Web.
- oauth2
- OAuth2 and OpenID Connect (OIDC) Authentication
- rate_
limit - Rate Limiting middleware for brute-force protection.
- remember_
me - Remember-Me Authentication.
- saml
- SAML 2.0 Authentication Module
- session
- Session-based Authentication.
- user_
details - User Details Service for loading users from any data source.
- web
- Re-exports for backward compatibility.
Structs§
- Access
- Access configuration for URL patterns.
- Account
Lock Manager - Account lock manager for tracking failed attempts and locking accounts.
- Account
Stats - Account statistics.
- AntMatcher
- Ant-style path matcher
- AntMatcher
Builder - Builder for creating multiple AntMatchers with common configuration
- AntMatchers
- Collection of AntMatchers for efficient path matching
- Argon2
Password Encoder - Argon2 password encoder - the recommended encoder for new applications.
- Audit
Logger - The main audit logger.
- Authenticated
User - Extractor for the authenticated user.
- Authentication
Manager - Authn
Request - SAML AuthnRequest
- Authorization
Manager - BCrypt
Password Encoder - BCrypt password encoder - widely compatible with other frameworks.
- Caching
User Details Service - Caching wrapper for UserDetailsService.
- Channel
Security - Channel security middleware
- Channel
Security Config - Configuration for channel security
- Csrf
Config - CSRF protection configuration.
- Csrf
Protection - CSRF protection middleware.
- Csrf
Token - CSRF Token.
- Delegating
Password Encoder - Delegating password encoder that supports multiple encoding formats.
- Form
Login Config - Form login configuration.
- Form
Login Handler - Form login handler for processing login/logout requests.
- Form
Login Service - Complete form login service combining authentication and session management.
- Http
Basic Config - HTTP Basic Authentication configuration.
- InMemory
Event Store - In-memory event store for testing and debugging.
- InMemory
User Details Service - In-memory implementation of UserDetailsService.
- JwtAuthenticator
- JWT-based authenticator.
- JwtClaims
- Standard JWT claims with security extensions.
- JwtConfig
- JWT configuration.
- JwtToken
Service - Service for generating and managing JWT tokens.
- Ldap
Auth Result - LDAP authentication result.
- Ldap
Authenticator - LDAP Authenticator for actix-security.
- Ldap
Config - LDAP connection configuration.
- Lock
Config - Account lock configuration.
- Login
Form - Login form data structure.
- Memory
Authenticator - In-memory user store for authentication.
- Mock
Ldap Client - Mock LDAP client for testing.
- NoOp
Password Encoder - No-op password encoder that stores passwords in plain text.
- OAuth2
Authenticator - OAuth2 authenticator that validates OAuth2 access tokens
- OAuth2
Client - OAuth2 client for handling authorization flows
- OAuth2
Config - OAuth2 configuration for a client registration
- OAuth2
User - User information retrieved from OAuth2 provider
- Oidc
User - OIDC user with ID token claims
- Optional
User - Optional extractor for the authenticated user.
- Port
Mapper - Port mapping for HTTP/HTTPS redirects
- Rate
Limit Config - Rate limit configuration.
- Rate
Limit Info - Rate limit information for headers.
- Rate
Limiter - Rate limiter middleware.
- Rate
Limiter State - Rate limiter state.
- Remember
MeConfig - Remember-Me configuration.
- Remember
MeServices - Remember-Me authentication services.
- Remember
MeToken - Remember-Me token structure.
- Request
Matcher Authorizer - URL pattern-based authorization.
- Saml
Assertion - SAML Assertion
- Saml
Auth Result - Result of successful SAML authentication
- Saml
Authenticator - SAML Authenticator for actix-web
- Saml
Config - SAML Service Provider configuration
- Saml
Response - SAML Response
- Security
Context - Holder for the current security context.
- Security
Event - A security audit event.
- Security
Headers - Security headers configuration.
- Session
Authenticator - Session-based authenticator.
- Session
Config - Session authentication configuration.
- Session
Csrf Token Repository - Session-based CSRF token repository.
- Session
Login Service - Service for handling login/logout with sessions.
- Session
User - Serializable user data stored in session.
- Stdout
Handler - Simple logging handler that prints to stdout.
- User
- Represents an authenticated user with roles and authorities.
- User
Details Authenticator - Authenticator that uses a UserDetailsService for credential validation.
Enums§
- Authn
Context Class - SAML 2.0 authentication context classes
- Channel
Requirement - Channel security requirement
- Csrf
Error - CSRF-related errors.
- Default
Encoder - Default encoding algorithm for DelegatingPasswordEncoder.
- Form
Login Error - Form login related errors.
- KeyExtractor
- Strategy for identifying clients for rate limiting.
- Ldap
Error - LDAP authentication error.
- Lock
Status - Account lock status.
- Login
Check Result - Result of a login check.
- Name
IdFormat - SAML 2.0 name ID formats
- OAuth2
Provider - Common OAuth2/OIDC providers with pre-configured endpoints
- Rate
Limit Algorithm - Rate limiting algorithm.
- Remember
MeError - Remember-Me related errors.
- Saml
Binding - SAML 2.0 binding types
- Saml
Error - SAML authentication error
- Saml
Status Code - SAML Status codes
- Security
Event Severity - Severity level of security events.
- Security
Event Type - Security event types for audit logging.
- Session
Error - Session-related errors.
- Session
Fixation Strategy - Strategy for session fixation protection.
- User
Details Error - Errors that can occur when loading or managing user details.
Traits§
- Authenticator
- Trait for extracting user identity from an HTTP request.
- Authorizer
- Trait for deciding whether an authenticated user can access a resource.
- Credential
Authenticator - Trait for authenticators that can validate username/password credentials.
- Csrf
Token Repository - Trait for storing and retrieving CSRF tokens.
- Into
AntMatcher - Extension trait for converting patterns to AntMatcher
- Ldap
Context Mapper - LDAP context mapper for custom user creation.
- Password
Encoder - Trait for encoding and verifying passwords.
- Security
Event Handler - Trait for handling security events.
- Security
Ext - Extension trait for HttpRequest to check authentication.
- User
Details Manager - Extended trait for managing users (CRUD operations).
- User
Details Service - Async trait for loading user details from any data source.
Functions§
- audit_
log - Log a security event using the global logger.
- check_
login - Helper function to check login and return detailed result.
- global_
logger - Get the global audit logger.
- init_
global_ logger - Initialize the global audit logger.