Spring Security

Last Published: 2 Oct 2008

Spring Framework | OWASP

Overview

Home Building from Source Downloads

Documentation

Reports

Project Information Project Reports

Formerly the Acegi Security System for Spring, Spring Security provides powerful and flexible security solutions for enterprise applications developed using the Spring Framework. It is a stable and mature product - Acegi Security 1.0.0 was released in May 2006 after more than two and a half years of use in large production software projects and adopted as an official Spring sub-project on its release.

Spring Security 2.0.0 builds on Acegi Security's solid foundations, adding many new features:

Simplified namespace-based configuration syntax. Old configurations could require hundreds of lines of XML but our new convention over configuration approach ensures that many deployments will now require less than 10 lines. OpenID integration, which is the web's emerging single sign on standard (supported by Google, IBM, Sun, Yahoo and others) Windows NTLM support, providing easy enterprise-wide single sign on against Windows corporate networks Support for JSR 250 ("EJB 3") security annotations, delivering a standards-based model for authorization metadata AspectJ pointcut expression language support, allowing developers to apply cross-cutting security logic across their Spring managed objects Substantial improvements to the high-performance domain object instance security ("ACL") capabilities Comprehensive support for RESTful web request authorization, which works well with Spring 2.5's @MVC model for building RESTful systems Long-requested support for groups, hierarchical roles and a user management API, which all combine to reduce development time and significantly improve system administration An improved, database-backed "remember me" implementation Support for portlet authentication out-of-the-box Support for additional languages Numerous other general improvements, documentation and new samples New support for web state and flow transition authorization through the Spring Web Flow 2.0 release New support for visualizing secured methods, plus configuration auto-completion support in Spring IDE Enhanced WSS (formerly WS-Security) support through the Spring Web Services 1.5 release Updated support for CAS single sign-on (CAS 3 is now supported).

You are viewing a mobilized version of this site...
View original page here