Security

Web security refers to the measures and technologies used to protect websites, web applications, and online data from cyber threats. It aims to safeguard sensitive information, such as personal data and financial details, from unauthorized access and attacks.

To learn more:

As with most software, vulnerabilities are regularly discovered in Spring libraries.

To learn more:

Continuous integration allows patches to be applied regularly, thus reducing the attack surface.

Concepts

There are two concepts involved in controlling access to data: authentication and authorization.

Authentication focuses on who. The system asks the principal (the user or agent) to provide proof of their identity, often using a password.
Authorization, on the other hand, focuses on the permissions granted to the identified committer.

Spring Security is the library provided by the Spring platform to implement security in Spring applications. Over the past two decades, Spring Security has mirrored the broader shifts in technology and user behavior. As a result, the programming model has evolved significantly.