Spring Security provides comprehensive security services for J2EE-based enterprise software applications.
Security features of J2EE's Servlet Specification or EJB Specification lack the depth required for typical enterprise application scenarios. They are also not portable at a WAR or EAR level.
Security comprises two major operations:
At an authentication level, Spring Security supports a wide range of authentication models.
Most of these authentication models are either provided by third parties, or are developed by relevant standards bodies such as the Internet Engineering Task Force.
Spring Security is an open platform and it is quite simple to write your own authentication mechanism.
Spring Security fully supports automatic "channel security", together with JCaptcha integration for human user detection.
Spring Security provides a deep set of authorization
There are three main areas of interest in respect of authorization, these being: