Spring Security

Spring Security
Stable release 3.0.4 / October 27, 2010; 15 months ago (2010-10-27)
Written in Java
Operating system Cross-platform
Type web application framework security
License Apache License 2.0
Website http://static.springframework.org/spring-security/site/

Spring Security is a Java/Java EE framework that provides authentication, authorization and other security features for enterprise applications. The project was started in late 2003 as 'Acegi Security' (pronounced Ah-see-gee[1]) by Ben Alex, with it being publicly released under the Apache License in March 2004. Subsequently, Acegi was incorporated into the Spring portfolio as Spring Security, an official Spring sub-project. The first public release under the new name was Spring Security 2.0.0 in April 2008, with commercial support and training available from SpringSource.

Contents

Authentication flow

Diagram1 shows the basic flow of an authentication request using the Spring Security system. It shows the different filters and how they interact from the initial browser request, to either a successful authentication or an HTTP 403 error.

Key authentication features

Key authorization features

Instance-based security features

Other features

External links