Spring Security


What is Spring Security?

Spring Security provides comprehensive security services for J2EE-based enterprise software applications.
There is a particular emphasis on supporting projects built using The Spring Framework, which is the leading J2EE solution for enterprise software development.
As you probably know two major areas of application security are “authentication” and “authorization” (or “access-control”). These are the two main areas that Spring Security targets.
Authentication:  “Authentication” is the process of establishing a principal is who they claim to be (a “principal” generally means a user, device or some other system which can perform an action in your application).
Authorization:  “Authorization” refers to the process of deciding whether a principal is allowed to perform an action within your application.