Introduction
In this chapter, we'll cover the basics of managing the security of a Spring web application using user authentication, user authorization, and HTTPS.
User authentication is all about identifying a user: usually through a username and a password. User authorization is about assigning roles to users. These roles are then used at runtime to determine whether a user is allowed to perform a given action or view some specific contents. User authentication and authorization are handled by Spring.
HTTPS is all about encrypting the communication between our web server and the user's browser using Secure Sockets Layer (SSL). HTTPS needs to be enabled at the server level. We'll see how to do this with Tomcat.
Note
The first recipe, Enabling Spring Security, is required for any of the other recipes to work.