Spring Security Features
LDAP (Lightweight Directory Access Protocol)
It is an open application protocol for maintaining and accessing distributed directory information services over an Internet Protocol.
This feature allows a user to access multiple applications with the help of single account(user name and password).
JAAS (Java Authentication and Authorization Service) LoginModule
It is a Pluggable Authentication Module implemented in Java. Spring Security supports it for its authentication process.
Basic Access Authentication
Spring Security supports Basic Access Authentication that is used to provide user name and password while making request over the network.
Digest Access Authentication
This feature allows us to make authentication process more secure than Basic Access Authentication. It asks to the browser to confirm the identity of the user before sending sensitive data over the network.
Spring Security supports this feature with the help of HTTP Cookies. It remember to the user and avoid login again from the same machine until the user logout.
Web Form Authentication
In this process, web form collect and authenticate user credentials from the web browser. Spring Security supports it while we want to implement web form authentication.
Spring Security provides the this feature to authorize the user before accessing resources. It allows developers to define access policies against the resources.
This feature allows us to make application user interface in any language.
Spring provides this feature for HTTP authorization of web request URLs using Apache Ant paths or regular expressions.
Features added in Spring Security 5.0
OAuth 2.0 Login
This feature provides the facility to the user to login into the application by using their existing account at GitHub or Google. This feature is implemented by using the Authorization Code Grant that is specified in the OAuth 2.0 Authorization Framework.
From version Spring Security 5.0, it provides reactive programming and reactive web runtime support and even, we can integrate with Spring WebFlux.
Modernized Password Encoding
Spring Security 5.0 introduced new Password encoder DelegatingPasswordEncoder which is more modernize and solve all the problems of previous encoder NoOpPasswordEncoder.