In Spring Framework, Spring Security is a top-level project. Within the Spring Security project (https://github.com/spring-projects/spring-security), there are a number of sub-modules:
- Core (spring-security-core): Spring security's core classes and interfaces on authentication and access control reside here.
- Remoting (spring-security-remoting): In case you need Spring Remoting, this is the module with the necessary classes.
- Aspect (spring-security-aspects): Aspect-Oriented Programming (AOP) support within Spring Security.
- Config (spring-security-config): Provides XML and Java configuration support.
- Crypto (spring-security-crypto): Contains cryptography support.
- Data (spring-security-data): Integration with Spring Data.
- Messaging (spring-security-messaging)
- OAuth2: Support for OAuth 2.x support within Spring Security:
- Core (spring-security-oauth2-core)
- Client (spring-security-oauth2-client)
- JOSE (spring-security-oauth2-jose)
- OpenID (spring-security-openid): OpenID web-authentication support.
- CAS (spring-security-cas): CAS (Central Authentication Service) client integration.
- TagLib (spring-security-taglibs): Various tag libraries regarding Spring Security.
- Test (spring-security-test): Testing support.
- Web (spring-security-web): Contains web security infrastructure code, such as various filters and other Servlet API dependencies.
These are the top-level projects within Spring Framework that are strongly linked to Spring Security:
- spring-ldap: Simplifying Lightweight Directory Access Protocol (LDAP) programming in Java.
- spring-security-oauth: Easy programming with OAuth 1.x and OAuth 2.x protocols.
- spring-security-saml: Bringing the SAML 2.0 service provider capabilities to Spring applications.
- spring-security-kerberos: Bringing easy integration of Spring application with Kerberos protocol.
Security Assertion Markup Language (SAML) is an XML-based framework for ensuring that transmitted communications are secure. SAML defines mechanisms to exchange authentication, authorization, and non-repudiation information, allowing single sign-on capabilities for Web services.
The Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. Its based on a client-server model and provides a mechanism used to connect to, search, and modify Internet directories.
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret key cryptography. A free implementation of this protocol is available from MIT and it is also available in many commercial products.