Spring 4 Security

Filed Under: Spring

In this post, we are going to discuss about Spring Framework “Security” Module Basics. We will develop some simple and advanced examples in my coming posts.

Now-a-days, Developing Secure Applications is very crucial aspect to avoid Malfunctioning, Stealing or hacking our confidential data or unauthorized access. We can develop Secure applications using Spring Security Module to restrict access to our applications.

Spring 4 Security

Initially, Spring Framework was using a separate Third-Party Framework to support Spring Applications Security: Acegi Security. But it was not easy approach to develop secure applications and had some drawbacks.

Drawbacks of Spring Acegi Security

  1. Lot of XML Configuration
  2. Too much learning curve
  3. Does not support Annotations

To avoid all these issues, The Spring Team (Pivotal Team) has integrated “Acegi Security” framework into Spring Framework as “Spring Security” module.

Spring 4 Framework has the following modules to provide Security to the Spring-Based Applications:

  1. Spring Security
  2. Spring Security SAML
  3. Spring Security OAuth
  4. Spring Security Kerberos
  5. Spring Cloud Security

spring 4 security

In Spring Framework, “Spring Security” module is the base module for rest of the Spring Security modules.

We are going to discuss some basics of “Spring Security” module in this post. We will discuss some simple and advanced real-time examples in my coming posts.

We will come back to rest of four modules once we are familiar with “Spring Security” module in my coming posts.

What is Spring Security?

Spring Security is one of the Spring Framework’s Security modules. It is a Java SE/Java EE Security Framework to provide Authentication, Authorization, SSO and other Security features for Web Applications or Enterprise Applications.

Spring Security Official website: http://projects.spring.io/spring-security/

Spring Security Documentation website: http://docs.spring.io/spring-security/site/docs/

Latest stable, Spring Security Module version is “4.0.2.RELEASE”

Spring 4 Security Features

Spring 3.x Security Framework provides the following Features:

  1. Authentication and Authorization.
  2. Supports BASIC,Digest and Form-Based Authentication.
  3. Supports LDAP Authentication.
  4. Supports OpenID Authentication.
  5. Supports SSO (Single Sign-On) Implementation.
  6. Supports Cross-Site Request Forgery (CSRF) Implementation.
  7. Supports “Remember-Me” Feature through HTTP Cookies.
  8. Supports Implementation of ACLs
  9. Supports “Channel Security” that means automatically switching between HTTP and HTTPS.
  10. Supports I18N (Internationalisation).
  11. Supports JAAS (Java Authentication and Authorization Service).
  12. Supports Flow Authorization using Spring WebFlow Framework.
  13. Supports WS-Security using Spring Web Services.
  14. Supports Both XML Configuration and Annotations. Very Less or minimal XML Configuration.

Spring 4.x Security Framework supports the following New Features:

  1. Supports WebSocket Security.
  2. Supports Spring Data Integration.
  3. CSRF Token Argument Resolver.

We will develop some simple examples to demonstrate these features in my coming posts.

Spring 4 Security Levels

Spring Security supports the following two Levels of Authorization

  1. Method Level Authorization
  2. URL Level Authorization

NOTE
Spring Security supports “Method Level Security” by using AOP (Aspect-Oriented Programming) that means through Aspects. Spring Security supports “URL Level Security” by using Servlet filters.

Spring 4 Security Advantages

Spring 4 Security Framework provides the following Advantages:

  1. Open Source Security Framework
  2. Flexible, Easy to Develop and Unit Test the applications
  3. Declarative Security Programming
  4. Easy of Extendability
  5. Easy of Maintenance
  6. Takes full advantage of Spring DI(Dependency Injection) and AOP.
  7. We can develop Loosely-Coupled Applications.

Spring 4 Security Sub-Modules

Spring 4 Security Module is again divided into 11 sub-modules. It has the following sub-modules:

  1. Spring Security Core Module
  2. Spring Security Configuration Module
  3. Spring Security Web Module
  4. Spring Security Tag Library Module
  5. Spring Security AspectJ Module
  6. Spring Security ACL Module
  7. Spring Security LDAP Module
  8. Spring Security OpenID Module
  9. Spring Security CAS Module
  10. Spring Security Cryptography Module
  11. Spring Security Remoting Module

spring security submodules

In Spring Framework’s Security Sub-Module, Spring Security Core Sub-Module is the base module for rest of all Security Sub-modules.

To support these 11 Spring Security modules, Spring framework has the following jars:

  1. spring-security-core-4.0.2.RELEASE.jar
  2. spring-security-config-4.0.2.RELEASE.jar
  3. spring-security-web-4.0.2.RELEASE.jar
  4. spring-security-taglibs-4.0.2.RELEASE.jar
  5. spring-security-aspects-4.0.2.RELEASE.jar
  6. spring-security-acl-4.0.2.RELEASE.jar
  7. spring-security-ldap-4.0.2.RELEASE.jar
  8. spring-security-openid-4.0.2.RELEASE.jar
  9. spring-security-cas-4.0.2.RELEASE.jar
  10. spring-security-crypto-4.0.2.RELEASE.jar
  11. spring-security-remoting-4.0.2.RELEASE.jar

Almost all Spring Security JARs have similar kind of Maven or Gradle dependency entries as shown below:

Spring Security Maven


<dependencies>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>[Spring Security Module Name Here]</artifactId>
        <version>4.0.2.RELEASE</version>
    </dependency>
</dependencies>

Spring Security Gradle


dependencies {
compile 
'org.springframework.security:[Spring Security Module Name Here]:4.0.2.RELEASE'
}

pom.xml


<dependencies>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>4.0.2.RELEASE</version>
    </dependency>
</dependencies>

build.gradle


dependencies {
    compile 'org.springframework.security:spring-security-core:4.0.2.RELEASE'
}

That’s it all about Spring 4 Security Module basics. It’s time to start to develop some Simple Examples to explore Spring Security module.

We will use Spring STS Suite IDE, Maven or Gradle Build Tool and Java 7/8 to develop our applications.

Please drop me a comment if you like my post or have any issues/suggestions.

Comments

  1. Devdyuti singh says:

    very nice article. Sort simple and clear overview of spring security basics

  2. Ondoua hervé says:

    Thank you, very much. Useful information; clear and brief presentation.

  3. Vamshi says:

    Hi Rambabu,
    It is a nice article. And it is very useful tutorial for new programmers like me.
    And in my project I am implementing Spring Security. In my case I have to implement filed based authorization(Some people are authorized to edit some of the fields and some people can only view). Is there any possibility to implement by using Spring Security. Please post an article.

    Thanks.

  4. maheswara says:

    Spring 4 Security Introduction was explained very clearly, thank you so much for this post…

  5. RAO TATA says:

    This is very useful information…thanks RAO TATA

  6. Eduardo Chombo says:

    Thaks for the post, it was very useful. 🙂

  7. dk says:

    please write meaningful tutorials

  8. Raichand Ray says:

    Hi,
    Please write a Springsecurity 4,Hibernate4,Mysql and Primefcaes Tutorial

    Thanks
    Raichand

    1. Rambabu says:

      Sure, we will deliver that example soon.

  9. Gourav says:

    Really like the post,hoping to get easier understandable examples of Spring security in your upcoming post.

    1. Rambabu says:

      Thank you.
      Please check my new post on Spring 4 Security Example. We will delivery some more advanced Real-time examples soon.

Leave a Reply

Your email address will not be published. Required fields are marked *

close
Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages