Spring Security

Authentication and authorization are the essential parts of enterprise applications, both web applications and web services. Spring Security is a powerful and highly customizable authentication and access control framework. Spring Security focuses on providing declarative authentication and authorization to Java applications.

Important features in Spring Security are as follows:

• Comprehensive support for both authentication and authorization
• Good support for integration with servlet APIs and Spring MVC
• Module support for integration with Security Assertion Markup Language (SAML) and Lightweight Directory Access Protocol (LDAP)
• Providing support for common security attacks such as Cross-Site Forgery Request (CSRF), session fixation, clickjacking, and so on

We will discuss how to secure web applications with Spring Security in Chapter 4, Spring MVC Optimization.