Q1. What is Spring Security?
The Spring Security framework is the de-facto standards for securing Spring-based applications. Spring Security framework provides security services for enterprise Java software application by handling authentication and authorization. Spring Security handles authentication and authorization at both; the web request level and at method invocation level. Spring Security is a highly customizable and powerful authentication and can access control framework.
Q2. What is authentication and authorization?
Authentication is the process of assuring that a user is the one what user claim to be. Authentication is a combination of identification and verification. The identification can be performed in a number of different ways; for example, as username and password, which can be stored in a database, or LDAP, or CAS (single sign-on protocol) and so on.
Authorization provides access control to the authenticated user. Authorization is the process of ensuring that the authenticated user is allowed to access only those resources which he/she is authorized to use.
Q3. What are the different ways supported by Spring Security for users to log into a web application?
There are multiple ways to be supported by Spring Security for users to log into a web application as follows: