Spring Security is a framework that enables a programmer to impose security

restrictions to Spring-framework–based Web applications through JEE components.

>Spring Security operates in two major areas: Authentication and Authorization.

Authentication
==============
Authentication means that, while accessing certain restricted resources, the user
actually is the right person to do so. There are two processes to make sure
that the user is authentic: identification and verification. For example, a user is
authenticated through their username and password, which is typically stored
in a database.

Authorization
==============
Authorization determines the extent of a user’s right to access restricted
resources. It ensures that a user is allowed to access only those parts of the
resource
that one has been authorized to use. The user roles come as part of the
authorization.

Enabling spring security on a spring boot application is so simple. Just add the
spring security dependency in the pom.xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>

Spring Security supports integration with all of these technologies.

--------------------------------------------------------------------
HTTP BASIC authentication headers
HTTP Digest authentication headers
HTTP X.509 client certificate exchange
LDAP (Lighweight Directory Access Protocol)
Form-based authentication
OpenID authentication
Automatic remember-me authentication
Kerberos
JOSSO (Java Open Source Single Sign-On)
AppFuse
AndroMDA
Mule ESB
DWR(Direct Web Request)

LDAP (Lightweight Directory Access Protocol):

-----------------------------------------------
That is an open application protocol for managing and interacting with dispersed
directory information services over the Internet Protocol.

JAAS (Java Authentication and Authorization Service) LoginModule:

---------------------------------------------------------------------
This is a Java-based Pluggable Authentication Module. It is supported by Spring
Security’s authentication procedure.

Web Form Authentication:

-----------------------
Web forms capture and authenticate user credentials from the web browser during
this procedure. While we wish to build web form authentication, Spring Security
supports it.
Digest Access Authentication:
----------------------------
We can make the authentication procedure more secure with this functionality than
with Basic Access Authentication. Before delivering sensitive data over the
network, it requests that the browser verify the user’s identity.

HTTP Authorization:
----------------------
Using Apache Ant paths or regular expressions, Spring provides this functionality
for HTTP authorization of web request URLs.

Basic Access Authentication:

----------------------------------
Spring Security has support for Basic Access Authentication, which is used to give
a user name and password when performing network requests.