Spring Security

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Spring Security
Developer(s) 4
Stable release 4.0.1 / April 23, 2015 (2015-04-23) [1]
Written in Java
Operating system Cross-platform
Type web application framework security
License Apache License 2.0
Website projects.spring.io/spring-security/

Spring Security is a Java/Java EE framework that provides authentication, authorization and other security features for enterprise applications. The project was started in late 2003 as 'Acegi Security' (pronounced Ah-see-gee)[2] by Ben Alex, with it being publicly released under the Apache License in March 2004. Subsequently, Acegi was incorporated into the Spring portfolio as Spring Security, an official Spring sub-project. The first public release under the new name was Spring Security 2.0.0 in April 2008, with commercial support and training available from SpringSource.

Authentication flow[edit]

Diagram 1 shows the basic flow of an authentication request using the Spring Security system. It shows the different filters and how they interact from the initial browser request, to either a successful authentication or an HTTP 403 error.

ACEGI Authentication.JPG

Key authentication features[edit]

Key authorization features[edit]

Instance-based security features[edit]

Other features[edit]

  • Software localization so user interface messages can be in any language.
  • Channel security, to automatically switch between HTTP and HTTPS upon meeting particular rules.
  • Caching in all database-touching areas of the framework.
  • Publishing of messages to facilitate event-driven programming.
  • Support for performing integration testing via JUnit.
  • Spring Security itself has comprehensive JUnit isolation tests.
  • Several sample applications, detailed JavaDocs and a reference guide.
  • Web framework independence.


External links[edit]