Skip to content
Related Articles
Open in App
Not now

Related Articles

Spring Security Architecture

Improve Article
Save Article
  • Last Updated : 31 Oct, 2022
Improve Article
Save Article

Spring Security framework adds two important capabilities to web applications,

  1. Authentication 
  2. Authorization/Access Control

This framework provides protection against popular security issues like SCRF attacks, or Fixation attacks. It provides a secure and standard way to set up user login functionality in web applications and thus provides quick user authentication and access control.

Spring Security Architecture



Authentication is the process of verifying the identity of the computer user. It is the process of verifying the user and devices before allowing them to access the resources. In Java, the AuthenticationManager interface is responsible for handling authentication events. 


Java AuthenticationManager Interface


The AuthenticationManager interface method “authenticate()” returns authentication (i.e if authentication= true )if it verifies the identity. The AuthenticationException is thrown if it identifies an invalid identity or principal. It returns null if he cannot decide the identity.

Authorization/Access Control

When a user or a device is authenticated, the next step is authorization which is the process of allowing the authority to perform certain tasks or operations. In Java, AccessDecisionManager and AccessDecsionVoter classes help in the authorization process. 


Authorization / Access Control


The class ConfigAttribute provides the secure object metadata to provide the permission required to access it. The AccessDecisionVoter handles the Spring Expression Language (SpEL) expressions. ConfigAttribute is an interface that contains only one method that returns a string that defines the rules for access control.


  • Provides support for Java Configuration
  • Provides support for integration with Spring MVC
  • Provides protection against major security issues
  • Provides efficient portability

Sample Java Configuration File 


// Configuration Java File
import org.springframework.context.annotation.*;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
public class WebSecurityConfig implements WebMvcConfigurer {
    // method to authenticate by collecting user related
    // data
    public UserDetailsService userDetailsService()
        throws Exception
        // Managing the users in the memory database
        InMemoryUserDetailsManager manager
            = new InMemoryUserDetailsManager();
        // Creating the new user with userid AbhijeetRathore
        // and Password Abhijeet123
        // returns User detail service
        return manager;
    // configuring MVC Configuration with HTTP Security
    protected void configure(HttpSecurity http)
        throws Exception
        // define the role of the user

My Personal Notes arrow_drop_up
Related Articles

Start Your Coding Journey Now!