Skip to main content

Spring Security (part -1 )

 


 Introduction

Spring Security is a framework for developing secure Java Enterprise Applications that includes capabilities such as authentication and authorisation.
It is a sub-project of the Spring framework, which was founded by Ben Alex in 2003. Spring Security 2.0.0 was later published in 2004 under the Apache License.
It solves all issues that arise while developing non-spring security apps and managing the application's new server environment.
Authentication and authorisation are the two key application areas targeted by this framework. The process of recognizing and identifying the user who requests access is known as authentication.

The process of granting authority to do activities in the application is known as authorization.
We may use permission to provide access to specific domains, methods, and web requests.

The Spring Security framework can handle a variety of authentication methods.
Third-party models or the framework itself supply these models.
All of these technologies are supported by Spring Security.

  • Authentication headers for HTTP BASIC
  • Authentication headers for HTTP Digest
  • Exchange of X.509 client certificates over HTTP
  • LDAP (Lighweight Directory Access Protocol)
  • Authentication using forms
  • Authentication with OpenID
  • Authentication that remembers me
  • JOSSO Kerberos (Java Open Source Single Sign-On)
  • AndroMDA Mule by AppFuse


The flexibility of this framework's authentication makes it easy to integrate with any software solution.
Spring Security is useful when developers wish to combine it with a legacy system that does not follow any security standards.  


Advantages

Spring Security provides a lot of benefits. Some of this is included below.

  • Authentication and authorization are fully supported.
  • Protection from everyday duties
  • Integration of Servlet API
  • Spring MVC Integration and Portability
  • CSRF security
  • Support for Java configuration

 

Spring Security Features


  • LDAP (Lightweight Directory Access Protocol)
  • JAAS single sign-on (Java Authentication and Authorization Service)
  • Basic Access Authentication Digest Access Authentication LoginModule
  • Remember-me
  • Authorization for Web Form Authentication
  • Localization of software
  • Authorization through HTTP  

 

LDAP (Lightweight Directory Access Protocol)

It's an open application protocol for accessing and managing distributed directory information services over the Internet Protocol.
One-time password
This feature allows a user to utilize a single account to access various apps.

 

LoginModule JAAS (Java Authentication and Authorization Service)

This is a Java-based Pluggable Authentication Module. It is supported by Spring Security's authentication procedure.

 

Authentication for Basic Access

Spring Security supports Basic Access Authentication, which requires a user name and password when performing network requests.

Authentication for Digest Access

This feature allows us to improve the security of the authentication process over Basic Access Authentication. Before transferring sensitive data over the network, it asks the browser to verify the user's identity. 

 

Remember-me

HTTP Cookies are used by Spring Security to support this capability. It remembers the user and prevents them from logging in again until the user logs out.


Authentication of Web Forms

Web forms capture and authenticate user credentials from the web browser during this procedure. While we wish to build web form authentication, Spring Security supports it.


Authorization

This functionality is provided by Spring Security to approve users before they may access resources. It enables developers to set access controls for resources.
Localization of software

This functionality enables us to create user interfaces for applications in any language.
Authorization through HTTP

This functionality allows you to use Apache Ant paths or regular expressions to HTTP authorize web request URLs.

Comments

Post a Comment

Popular posts from this blog

 Machine Learning           What is machine learning? Machine learning (ML) is a sort of artificial intelligence (AI) that allows software programs to improve their prediction accuracy without being expressly designed to do so. In order to forecast new output values, machine learning algorithms use past data as input. Machine learning is frequently used in recommendation engines. Fraud detection, spam filtering, malware threat detection, business process automation (BPA), and predictive maintenance are all common applications. Why is machine learning important? Machine learning is significant because it allows businesses to see trends in consumer behavior and operational patterns, as well as aid in the creation of new goods. Machine learning is a major aspect of the operations of many of today's leading organizations, like Facebook, Google, and Uber. For many businesses, machine learning has become a key differentiation. What are the different types of mach...
Post a Comment
Read more

Spring Boot Tutorial ( beginners to professionals) part -1

 Spring Boot Tutorial  This Spring boot tutorial provides you to complete lessons from beginning to professional. This spring boot tutorial is help full even you know nothing about Spring boot we going to cover all topics of Spring boot such as Advantages, history, maven, starter project wizard, spring initializer, how to create a  new spring boot project,  spring boot annotations, Spring boot dependency management, crud repository, JPA repository, etc.
Post a Comment
Read more

Express (part-1)

 When building web apps using Node.js, setting up a server might take a long time. Because of the community's support, Node.js has matured enough over time.  Using Node.js as a backend for web apps and websites allows developers to get started quickly on their project. In this article, we'll look at Express, a Node.js web development framework that includes capabilities like routing and rendering, as well as support for REST APIs.        
Post a Comment
Read more