Welcome to the next installment of the series about Spring-based web applications development. So far we have covered Angular JS fronted, Spring core, webservices, database access and unit tests. Today we are going to take care of our application security – basic authentication and authorization, users, roles, custom login form and method level security.
Spring Security project started as Acegi security around 2004 and initially focused on custom authorization, using standard Java Enterprise Edition container managed authentication. Version 1.0.0 became official Spring sub-project in 2006 and year later was re-branded to Spring Security. Say hello to Alice, Bob and Eve.
We should briefly clarify some security terminology, which might sometimes by confusing:
Identification is stating a subject identity, like user name, without yet providing any proof for that (Hi, I’m Alice). Read the rest of this entry »