- Spring Security is a lightweight, customizable framework for Authentication and Authorization
- Spring Security uses javax.servlet.Filter to implement Authentication and Authorization
- Servlet API and Spring Web MVC can implement Spring Security Framework
Spring Security Framework (Cont’d)
Spring Security Features
- Implement user authentication and authorization
- Provide login logout feature
- Provides role-based authorization control
- Provides link for database-based authentication and authorization
- Encrypted password support
- Supports form authentication
- Provides page-based user authentication and authorization
Authentication Types
- Http Basic Authentication
- Form-based Authentication
Authorization Types
- Web authorization
- Method Authorization
Spring Security Modules
Cheng® 