Spring Security, formerly known as Acegi Security, is the framework used in the Spring project team to provide secure authentication services.
Spring Security provides comprehensive security services for enterprise application software based on Java EE. In particular, enterprise software projects developed using the leading Java EE solution-spring Framework. There are a number of reasons people use spring security, but what is often attracting them is a solution that does not find a typical enterprise scenario in the Java EE servlet specification or EJB specification.
In particular, they cannot be ported at war or EAR level. This way, if you change the server environment, it is necessary to do a lot of work in the new target environment, to reconfigure your application system security. Using spring security solves these problems and provides you with many other security features that are useful and can be specified entirely.
As you may know, security consists of two main operations.
The first is known as the “ certification &rdquo, which is for the user to establish a principal that he declares. Topics generally refer to users, devices, or other systems that can perform actions on your system. “ Authorization ” refers to whether a user can perform an action in your app, and the subject of identity is established by the authentication process before the authorization decision is reached. These concepts are generic, not unique to spring security. At the authentication level, Spring security broadly supports a variety of authentication models, most of which are provided by third parties, or are being developed by standards bodies, such as the Internet Engineering Task Force. As a supplement, Spring Security also provides its own set of validation capabilities.
Spring Security currently supports certification integration with the following authentication technologies:
HTTP BASIC Authentication Headers (a standard based on the Ieft RFC)
HTTP Digest Authentication Headers (a standard based on Ieft RFC)
HTTP Certificate Client Exchange (a Ieft RFC-based standard)
LDAP (a very common cross-platform authentication requires a procedure, especially in a large environment)
form-based Authentication (requirements for simple user interface)
OpenID Authentication
Computer Associates Siteminder
Ja-sig Central authentication Service (CAS, this is a popular open source single sign-on system)
Transparent authentication context propagation for remote Method invocation and Httpinvoker (a spring Remote call protocol)
Spring Security Framework Spring