CodesJava

Easy learning with example program codes

spring security overview


Dictionary meaning of Security:
The state of being free from danger or threat.

Spring security

Spring security is a flexible and powerful authentication and authorization framework to create secure J2EE-based Enterprise Applications.

Authentication: It is a process or action of verifying the identity of a user or process i.e. who are you?

Authorization: It is a process of checking the authority of a user to perform actions in the application i.e. what are you allowed to do?

Spring security supports following authentication modules either provided by third parties or framework itself:

  • HTTP BASIC authentication headers (an IEFT RFC-based standard)
  • HTTP Digest authentication headers (an IEFT RFC-based standard)
  • HTTP X.509 client certificate exchange (an IEFT RFC-based standard)
  • LDAP (a very common approach to cross-platform authentication needs, especially in large environments)
  • Form-based authentication (for simple user interface needs)
  • OpenID authentication
  • Authentication based on pre-established request headers (such as Computer Associates Siteminder)
  • JA-SIG Central Authentication Service (otherwise known as CAS, which is a popular open source single sign on system)
  • Transparent authentication context propagation for Remote Method Invocation (RMI) and HttpInvoker (a Spring remoting protocol)
  • Automatic “remember-me” authentication (so you can tick a box to avoid re-authentication for a predetermined period of time)
  • Anonymous authentication (allowing every call to automatically assume a particular security identity)
  • Run-as authentication (which is useful if one call should proceed with a different security identity)
  • Java Authentication and Authorization Service (JAAS)
  • JEE container authentication (so you can still use Container Managed Authentication if desired)
  • Kerberos
  • Java Open Source Single Sign On (JOSSO)
  • OpenNMS Network Management Platform
  • AppFuse
  • AndroMDA
  • Mule ESB
  • Direct Web Request (DWR)
  • Grails
  • Tapestry
  • JTrac
  • Jasypt
  • Roller
  • Elastic Path
  • Atlassian Crowd


Copyright © 2018 CodesJava DMCA.com Protection Status SiteMap