Introduction

Spring Security is a framework which provides various security features like: authentication, authorization to create secure Java Enterprise Applications.

It is a sub-project of Spring framework which was started in 2003 by Ben Alex. Later on, in 2004, It was released under the Apache License as Spring Security 2.0.0.

It overcomes all the problems that come during creating non spring security applications and manage new server environment for the application.

This framework targets two major areas of application are authentication and authorization. Authentication is the process of knowing and identifying the user that wants to access.

Authorization is the process to allow authority to perform actions in the application.

We can apply authorization to authorize web request, methods and access to individual domain.

Technologies that support Spring Security Integration

Spring Security framework supports wide range of authentication models. These models either provided by third parties or framework itself. Spring Security supports integration with all of these technologies.

• HTTP BASIC authentication headers
• HTTP Digest authentication headers
• HTTP X.509 client certificate exchange
• LDAP (Lighweight Directory Access Protocol)
• Form-based authentication
• OpenID authentication
• Automatic remember-me authentication
• Kerberos
• JOSSO (Java Open Source Single Sign-On)
• AppFuse
• AndroMDA
• Mule ESB
• DWR(Direct Web Request)

The beauty of this framework is its flexible authentication nature to integrate with any software solution. Sometimes, developers want to integrate it with a legacy system that does not follow any security standard, there Spring Security works nicely.

Advantages

Spring Security has numerous advantages. Some of that are given below.

• Comprehensive support for authentication and authorization.
• Protection against common tasks
• Servlet API integration
• Integration with Spring MVC
• Portability
• CSRF protection
• Java Configuration support

Spring Security History

In late 2003, a project Acegi Security System for Spring started with the intention to develop a Spring-based security system. So, a simple security system was implemented but not released officially. Developers used that code internally for their solutions and by 2004 about 20 developers were using that.

Initially, authentication module was not part of the project, around a year after, module was added and complete project was reconfigure to support more technologies.

After some time this project became a subproject of Spring framework and released as 1.0.0 in 2006.

in 2007, project is renamed to Spring Security and widely accepted. Currently, it is recognized and supported by developers open community world wide.