Spring Security Support lots of security modules as below:
1) HTTP BASIC authentication headers (an IETF RFC-based standard)
2) HTTP Digest authentication headers (an IETF RFC-based standard)
3) HTTP X.509 client certificate exchange (an IETF RFC-based standard)
4) LDAP (a very common approach to cross-platform authentication needs, especially in large environments)
5) Form-based authentication (for simple user interface needs)
6) OpenID authentication
7) Authentication based on pre-established request headers (such as Computer Associates Siteminder)
8) JA-SIG Central Authentication Service (otherwise known as CAS, which is a popular open source single sign-on system)
9) Transparent authentication context propagation for Remote Method Invocation (RMI) and HttpInvoker (a Spring remoting protocol)
10) Automatic "remember-me" authentication (so you can tick a box to avoid re-authentication for a predetermined period of time)
11) Anonymous authentication (allowing every unauthenticated call to automatically assume a particular security identity)
12) Run-as authentication (which is useful if one call should proceed with a different security identity)
13) Java Authentication and Authorization Service (JAAS)
14) JEE container autentication (so you can still use Container Managed Authentication if desired)
15) Kerberos
16) Java Open Source Single Sign On (JOSSO) *
17) OpenNMS Network Management Platform *
18) AppFuse *
19) AndroMDA *
20) Mule ESB *
21) Direct Web Request (DWR) *
22) Grails *
23) Tapestry *
24) JTrac *
25) Jasypt *
26) Roller *
27) Elastic Path *
28) Atlassian Crowd *
29) Your own authentication systems (see below)
(* Denotes provided by a third party)
Core Components
v SecurityContextHolder, to provide access to the SecurityContext.
v SecurityContext, to hold the Authentication and possibly request-specific security information.
v Authentication, to represent the principal in a Spring Security-specific manner.
v GrantedAuthority, to reflect the application-wide permissions granted to a principal.
v UserDetails, to provide the necessary information to build an Authentication object from your application's DAOs or other source of security data.
v UserDetailsService, to create a UserDetails when passed in a String-based username (or certificate ID or the like).