In Spring Framework, Spring Security is a top-level project. Within the Spring Security project (https://github.com/spring-projects/spring-security), there are a number of sub-modules:
- Core (
spring-security-core
): Spring security's core classes and interfaces on authentication and access control reside here. - Remoting (
spring-security-remoting
): In case you need Spring Remoting, this is the module with the necessary classes. - Aspect (
spring-security-aspects
): Aspect-Oriented Programming (AOP) support within Spring Security. - Config (
spring-security-config
): Provides XML and Java configuration support. - Crypto (
spring-security-crypto
): Contains cryptography support. - Data (
spring-security-data
): Integration with Spring Data. - Messaging (
spring-security-messaging
) - OAuth2: Support for OAuth 2.x support within Spring Security:
- Core (
spring-security-oauth2-core
) - Client (
spring-security-oauth2-client
) - JOSE (
spring-security-oauth2-jose
)
- Core (
- OpenID (
spring-security-openid
): OpenID web-authentication support. - CAS (
spring-security-cas
): CAS (Central Authentication Service) client integration. - TagLib (
spring-security-taglibs
): Various tag libraries regarding Spring Security. - Test (
spring-security-test
): Testing support. - Web (
spring-security-web
): Contains web security infrastructure code, such as various filters and other Servlet API dependencies.
These are the top-level projects within Spring Framework that are strongly linked to Spring Security:
spring-ldap
: Simplifying Lightweight Directory Access Protocol (LDAP) programming in Java.spring-security-oauth
: Easy programming with OAuth 1.x and OAuth 2.x protocols.spring-security-saml
: Bringing the SAML 2.0 service provider capabilities to Spring applications.spring-security-kerberos
: Bringing easy integration of Spring application with Kerberos protocol.
Security Assertion Markup Language (SAML) is an XML-based framework for ensuring that transmitted communications are secure. SAML defines mechanisms to exchange authentication, authorization, and non-repudiation information, allowing single sign-on capabilities for Web services.
The Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. Its based on a client-server model and provides a mechanism used to connect to, search, and modify Internet directories.
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret key cryptography. A free implementation of this protocol is available from MIT and it is also available in many commercial products.