Spring Security is a powerful and lightweight security framework that provides authentication and authorization support in order to Secure Spring-based applications. To achieve this it is possible to store the list of users and their roles in the database. The database information can then be wired in the security beans.
Authentication and Authorization are two main operations are included in Spring Security.
Authentication: It is something that asks the user to provide valid credentials to login to the application.
Authorization: It means validating what privilege(s) does the login user has for this application. Based on which the user will be allowed to access the different controls or functionality in the application.
Spring security supports wide variety of the authentication models to authenticate your application into user database.
Core: this module contains the APIs for basic authentication and access-control related mechanism. This is mandatory for ant spring security applications.
Remoting: this module provides integration to the Spring Remoting.
Web: this module contains APIs for servlet filters and any web based authentication like access restriction for URLs. Any web application would require this module.
Config: this module use if you are using the Spring Security XML namespace for configuration.
LDAP: this module use if you need to use LDAP authentication or manage LDAP user entries.
ACL: this module use when Specialized domain object ACL implementation.
CAS: this module use when Spring Security`s CAS client integration.
OpenID: this module use when OpenID web authentication support.
Following are the some of the important facilities that Spring Security Framework provides to it`s users:
- User authentication and authorization.
- Role based authorization control.
- Easy to configure with database based authentication and authorization.
- Encrypted password.
- Form authentication.
- File bases user authentication and authorization.