The predecessor of Spring Security is Acegi Security, which is a framework used to provide security authentication services in the Spring project group.
Spring Security provides comprehensive security services for J2EE-based enterprise application software. Especially enterprise software projects developed using the leading J2EE solution-Spring framework. People use Spring Security for many reasons, but what usually attracts them is that there is no solution for typical enterprise application scenarios in the J2EE Servlet specification or the EJB specification.
In particular, they cannot be ported at the WAR or EAR level. In this way, if you change the server environment, you must do a lot of work in the new target environment to reconfigure your application system safely. Using Spring Security to solve these problems, but also to provide you with many useful, can be specified other security features.
As you may know, security includes two main operations.
1. Authentication
is to establish a subject for the user as he declares. The topic generally refers to the user, device, or other system that can perform actions in your system.
2. Authorization
refers to whether a user can perform an operation in your application. Before reaching the authorization judgment, the subject of the identity has been established by the identity verification process. These concepts are general, not specific to Spring Security. At the authentication level, Spring Security widely supports various authentication modes. Most of these authentication models are provided by third parties or provided by relevant standards bodies under development, such as Internet Engineering Task Force. As a supplement, Spring Security also Provides its own set of verification functions.