Spring Security is a framework which provides various security features like: authentication, authorization to create secure Java Enterprise Applications.
It is a sub-project of Spring framework which was started in 2003 by Ben Alex. Later on, in 2004, It was released under the Apache License as Spring Security 2.0.0.
It overcomes all the problems that come during creating non spring security applications and manage new server environment for the application.
This framework targets two major areas of application are authentication and authorization.
Authorization is the process to allow authority to perform actions in the application.
We can apply authorization to authorize web request, methods and access to individual domain.
Spring Security framework supports wide range of authentication models. These models either provided by third parties or framework itself. Spring Security supports integration with all of these technologies.
The beauty of this framework is its flexible authentication nature to integrate with any software solution. Sometimes, developers want to integrate it with a legacy system that does not follow any security standard, there Spring Security works nicely.
Spring Security has numerous advantages. Some of that are given below.
Spring Security History
In late 2003, a project Acegi Security System for Spring started with the intention to develop a Spring-based security system. So, a simple security system was implemented but not released officially. Developers used that code internally for their solutions and by 2004 about 20 developers were using that.
Initially, authentication module was not part of the project, around a year after, module was added and complete project was reconfigure to support more technologies.
After some time this project became a subproject of Spring framework and released as 1.0.0 in 2006.
in 2007, project is renamed to Spring Security and widely accepted. Currently, it is recognized and supported by developers open community world wide.