Dictionary meaning of Security:
The state of being free from danger or threat.
Spring security is a flexible and powerful authentication and authorization framework to create secure J2EE-based Enterprise Applications.
Authentication: It is a process or action of verifying the identity of a user or process i.e. who are you?
Authorization: It is a process of checking the authority of a user to perform actions in the application i.e. what are you allowed to do?
Spring security supports following authentication modules either provided by third parties or framework itself:
- HTTP BASIC authentication headers (an IEFT RFC-based standard)
- HTTP Digest authentication headers (an IEFT RFC-based standard)
- HTTP X.509 client certificate exchange (an IEFT RFC-based standard)
- LDAP (a very common approach to cross-platform authentication needs, especially in large environments)
- Form-based authentication (for simple user interface needs)
- OpenID authentication
- Authentication based on pre-established request headers (such as Computer Associates Siteminder)
- JA-SIG Central Authentication Service (otherwise known as CAS, which is a popular open source single sign on system)
- Transparent authentication context propagation for Remote Method Invocation (RMI) and HttpInvoker (a Spring remoting protocol)
- Automatic “remember-me” authentication (so you can tick a box to avoid re-authentication for a predetermined period of time)
- Anonymous authentication (allowing every call to automatically assume a particular security identity)
- Run-as authentication (which is useful if one call should proceed with a different security identity)
- Java Authentication and Authorization Service (JAAS)
- JEE container authentication (so you can still use Container Managed Authentication if desired)
- Java Open Source Single Sign On (JOSSO)
- OpenNMS Network Management Platform
- Mule ESB
- Direct Web Request (DWR)
- Elastic Path
- Atlassian Crowd