Some important terms in Spring Security

Spring is the most famous Java Web Framework available nowadays. It serves to build web applications through Java programming language. To work with this framework one needs to have a strong background and understanding of Java.

It is essential to protect our valuable data from unethical practices. In this article, we will walk through some important terms in Spring Security that helps us in protecting users’ data. We won’t go into a deep analysis of any terminology.

Terms related to Spring Security

The Spring Security is an open source security framework and serves as a comprehensive security solution for your spring application. It can be easily integrated with Spring and Spring boot frameworks. It handles major areas of application security such as Authentication, Authorization, CSRF and so forth.

Let’s discuss some terminology related to Spring Security −


It is the process of checking or validating one’s identity who are interacting with the application. It is the foremost important step as to avail other services of application the identity of user must be verified. One of the common practices to verify a user is by entering username and password. Spring Security has its own set of authentication features that can be integrated with technologies like −

  • HTTP authentication.

  • LDAP, provides cross platform authentication needs.

  • OpenID authentication.

  • Form Based authentication

  • Automatic authentication like “Remember me”, is a checkbox available on the login form that is used to avoid re-authentication for a certain period.

Spring Security has an exceptional feature called in-memory authentication that allows the storage of user’s data inside application memory or RAM. We can perform authentication without bothering other databases. It saves our time and also improves efficiency.


After authenticating the user, the next step is to validate what sort of actions a particular user is allowed to perform and this activity is called as authorization. For example, an HR Management System have two types of user, one is an employee and another one is the admin. There exist some differences between the authority of an employee and the admin. A normal employee cannot add, update or remove any kind of information on the other hand an admin may have the right to do so.

Let’s understand how authorization works in Spring Security in very simple words. During the process of authentication, a list of ‘GrantedAuthority’ objects is created. These objects represent the authority given to a certain user or system. Then, these objects are inserted into ‘Authentication’ objects by ‘AuthenticationManager’. Later throughout the process of making authorization decisions, the ‘GrantedAuthority’ objects are read by ‘AccessDecisionMangers’.

Password Encoding

Around the globe, most of the devices get hacked and face phishing attacks because of weak passwords. Obviously, strengthing your password is another topic. We will discuss here the safety measures taken by the Spring Security.

The worst mistake could be storing the user’s password in a plain text. Thankfully, Spring Security allows various password encoder methods such as MD5 and scrypt. By default, BCrypt is used to encrypt the passwords. These all techniques come under hashing algorithm and we don’t need to develop them by ourselves. They are written inside ‘<password-encoder>’ element.


This term holds a special meaning in the Spring Security framework. It refers to a user, device or any kind of system that interact and performs any sort of action with your application.


In order to apply its services, Spring Security uses a chain of filters. Whenever a request comes from a client, it goes through these filters first before the execution. The use case of some filters is discussed below −

  • BasicAuthenticationFilter − The basic authentication of users is taken care of by this filter.

  • FormBasedAuthenticationFilter − It authenticates the request coming from a form based login technique.

  • CsrfFilter − It handles the cross-site requests.

  • CorsFilter − The cross-origin resource sharing is handled by this filter.


The two main areas that the Spring Security framework targets are Authentication and Authorization. In this article, we have discussed various techniques and methods that Sprind Security utilizes to make an application secure. Most of the features are fully customizable and can be configured as per our needs.

Updated on: 15-May-2023


Kickstart Your Career

Get certified by completing the course

Get Started