Spring Security Introduction
Spring Security is one of the Spring projects that is designed and developed for securing Spring-based applications. It is a standard framework that can be used to secure the Spring applications. It helps to resolve all the security issues that come during creating non-security Spring applications. It was first released in 2008 as Spring Security 2.0.0.
It focuses on authentication and authorization to secure the application. Authentication is the process of knowing and identifying the user that wants to access and Authorization is the process to allow the authority to perform actions and access the resources in the Spring application. It contains several modules to deal with various domains such as remote, web, etc. See, the module list below.
Spring Security Modules
Spring Security is made of several independent modules such as core, auth, test, etc. We are listing some module names:
Core: It includes Spring Security's core classes and interfaces related to authentication and application access control.
Remoting: It is used for handling the Spring Remoting application and contains the necessary classes.
Aspect: It is used to include Aspect-Oriented Programming (AOP) support within Spring Security.
Config: It is used to configure the Spring Security application by using XML and Java.
Crypto: This module contains classes and interfaces for cryptography support.
Data: It is used to integrate Spring Security with Spring Data.
Messaging: It is helpful to implement messaging in the application.
OAuth2: It includes classes and interface for OAuth 2.x within Spring Security:
OpenID: It provides support to integrate OpenID web-authentication.
CAS: CAS (Central Authentication Service) client integration.
TagLib: It contains several tag libraries regarding Spring Security.
Test: It adds testing support in the Spring Security.
Web: It contains web security code, such as filters and Servlet API dependencies.
You can think of Spring Security as a tool that works as a bridge between user and application to protect the application from non-authentic and non-authorize users. See how spring security is layered in the application.
Advantages of Spring Security
- Authentication and Authorization Support
- Protection against malicious programs
- Integration with Spring MVC
- CSRF protection
- Java Configuration support
- Easily to maintain
- Proper documentation
We are working with Spring Security 5.4.2 that requires Java 8 or higher version and the knowledge of the following tools and library. We recommend you to have knowledge of the Spring framework before starting with it.
Maven Dependencies For Spring Security
The following are the dependencies that will be used throughout the tutorial in the examples. You can use these or pick the latest from the official maven in your web application.
<!-- spring-security-core --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>5.4.2</version> </dependency> <!-- spring-security-config --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>5.4.2</version> </dependency>
In our next topic, we will learn spring security with a simple basic example and later with other features as well.