Authentication is the process of identifying the user. Authorization is the process of ensuring that a user has access to perform the identified action on the resource.

Authentication and authorization are critical parts of Enterprise applications, both web applications and web services. Spring Security provides declarative authentication and authorization for Java based applications.

Important features in Spring Security are as follows:

• Simplified authentication and authorization
• Great integration with Spring MVC and Servlet APIs
• Support to prevent common security attacks--cross-site forgery request (CSRF) and Session Fixation
• Modules available for integration with SAML and LDAP

We will discuss how to secure web applications with Spring Security in Chapter 3, Building Web Application with Spring MVC.

We will discuss how to secure REST Services with Basic and OAuth authentication mechanisms using Spring Security in Chapter 6, Extending Microservices.