WHAT YOU WILL LEARN IN THIS CHAPTER:

• Examining the features Spring Security provides
• Configuring and using Spring Security
• Authenticating users
• Authorizing web requests

Most applications today are multiuser, and they are usually accessed over insecure networks, such as the Internet. Therefore, security requirements for applications must be carefully thought out, and they must be implemented starting at day zero of the project development process. Unfortunately, many people mistakenly think that security features could be added at later steps of the project development, and teams delay working on them until a considerable amount of time has been spent on project development. As a result, applications lack some of the most fundamental security features, which causes some architectural changes and rework when developers attempt to cover those features gradually. One of the reasons for such delays is that teams usually don't have enough understanding of security concepts of multiuser enterprise web applications, and they usually choose to implement those security requirements by themselves as they discover and learn them over time.

Such an approach, however, results in legacy in-house security ...