Security

  • Spring Security
  • Configuration
  • Best Practices and How To's

Architecture Overview

  • Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.

    • It provided multiple level of security to existing applications
      • URL Based Security
      • Class and Method Based Security
      • Page Element Level Security

Authentication vs. Authorization

  • Authentication verifies that the user is who he says he is, while authorization verifies that the current user has permission to do what he wants to do.

TBD

  • A proposal was made to the ACT Architecture Committee and work is in progress to standardize on use of Spring Security
  • Any application using JPA will be required to implement Spring Security
  • Work in progress

References

  • Spring Security