Springs Security is a flexible and powerful authentication and access control framework to secure Spring-based Java web application.
Spring Security provides security services for J2EE-based enterprise software applications.
Application Security Areas:
There are two main areas for application securities.
- Authentication: Process of checking the user, who they claim to be.
- Authorization: Process of deciding whether an user is allowed to perform an activity within the application.
Spring Security Modules
Spring security code has been divided in different JARs(Can be considers as modules)
- Core (spring-security-core.jar) : Required. Contains core authentication and access-contol classes and interfaces, remoting support and basic provisioning APIs.
- Web (spring-security-web.jar): Required* if web authentication services and URL-based access-control is required.Contains filters and related web-security infrastructure code.
Types or Levels:
1) URL
2) Method
3) ACL object level security.
more coming soon.......