Introduction

A framework for authentication and authorization in Spring applications.

• Handles login/logout, role-based access, and protection against common attacks (CSRF, session fixation)
• Integrates seamlessly with Spring Boot

Use it to:

• Avoid writing custom authentication logic for users
• Prevents common vulnerabilities (XSS, CSRF, brute force)
• Easy to implement role-based or method-level access control
• Works with JWT, OAuth2, LDAP, and databases

Core Concepts

Flow

HTTP Request
    ↓
Security Filter Chain (spring security filters)
    ↓
AuthenticationManager (checks credentials)
    ↓
UserDetailsService (loads user details from DB)
    ↓
PasswordEncoder (validates password)
    ↓
Authentication success (set SecurityContext)
    ↓
Authorization (check roles/permissions)
    ↓
Controller or Resource access granted/denied