Some Important Terms in Spring Security
Spring Security secures our web application by default and further, we can customize it as per our needs. So important terminologies in Spring Securit are as follows:
Let us discuss each of them individually s follows:
Terminology 1: Authentication
The identity of users is verified for providing the access to the system. If the user is verified as per the saved credentials, the request is accepted and the desired response is given to the client from the server. Some of the methods are as follows:
- Login form
- HTTP authentication
- Customer authentication method
1.1 Login Form: It is a web page to a website that requires user identification and authentication, performed by entering a username and password.
1.2 HTTP authentication – In this, the server can request authentication information (user ID and password) from a client.
1.3 Customer Authentication Method – customer authentication is a new regulation designed to prevent online transaction fraud.
Terminology 2: Authorization
Giving the user to permission to access a specific resource or function. Some of the methods: –
2.1 Access Control for URLs – Security of URLs allows you to restrict access to specific Internet sites based on the contents of the URL(keywords).
2.2 Secure Objects and Methods – The Class method is called by a security interceptor implementation to ensure that the configured AccessDecisionManager supports the type of secure object or not.
2.3 Access Control Lists – An ACLs specifies which users are granted access to objects, as well as what operations are allowed to them.
Terminology 3: Filter
A filter is a function that is invoked at the time of preprocessing and postprocessing of a request. Spring Security maintains a filter chain where all filters have different responsibilities and filters are added or removed depending on which services are required.