Spring Security is a framework which provides comprehensive security functionality in relation to the two most important application security concerns--authentication and authorization:
- Authentication is related to ensuring that a principal is who it claims to be. A principal is an entity which can perform one or more actions in the application. Thus, the principal can be a user, a device, or an external system/client which interacts with the system.
- Once a principal is authenticated, it needs to be determined whether the principal can perform the desired action or not. This process is called authorization.
Spring Security supports different authentication models, including some of the most common ones such as Http basic authentication, simple form-based authentication, OpenID authentication, OAuth2 based authentication/authorization and...