Spring Security is a Java/Java EE framework that provides authentication, authorization and other security features for enterprise applications.Its publicly released under the Apache License in March 2004.
Spring security can be achived using XML configuration. Spring security provides an ability for declarative authentication and authorization. One way is by storing the list of users and their roles in the database. The database information can then be wired in the security beans. Although the default implementation expects a particular table structure, it is possible to specify another structure and then wire the authentication query in the spring xml.
Application Security Areas:
There are two main areas for application securities.
- Authentication: Process of checking the user, who they claim to be.
- Authorization: Process of deciding whether an user is allowed to perform an activity within the application.