# spring-projects/spring-security **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/spring-projects-spring-security).** 9,535 stars · 6,290 forks · Java · Apache-2.0 ## Links - GitHub: https://github.com/spring-projects/spring-security - Homepage: http://spring.io/projects/spring-security - awesome-repositories: https://awesome-repositories.com/repository/spring-projects-spring-security.md ## Topics `framework` `java` `security` `spring` `spring-framework` ## Description Spring Security is a comprehensive security framework for Java applications that provides authentication and authorization for both web and non-web environments. It functions as an implementation of authentication and authorization logic integrated with the Java runtime environment to protect sensitive resources from unauthorized access. The framework includes toolkits for implementing OpenID Connect and OAuth 2.0 authorization servers and clients, as well as tools for integrating SAML 2.0 identity providers to enable cross-domain single sign-on. It utilizes a role-based access control system to restrict application resources based on assigned user roles and specific permissions. The project covers enterprise application security through user authentication management and web request authorization. It employs a variety of mechanisms to control resource access, including filter-chain based interception and aspect-oriented access control. ## Tags ### Security & Cryptography - [Enterprise Security Frameworks](https://awesome-repositories.com/f/security-cryptography/enterprise-security-frameworks.md) — Provides a comprehensive enterprise-grade security framework for protecting Java applications and sensitive resources. - [Authentication and Authorization](https://awesome-repositories.com/f/security-cryptography/authentication-and-authorization.md) — Implements deeply integrated authentication and authorization logic for the Java runtime environment. - [Authentication Providers](https://awesome-repositories.com/f/security-cryptography/authentication-providers.md) — Implements a provider-based architecture to support multiple independent plugins for verifying different user credentials. - [Resource Access Restrictions](https://awesome-repositories.com/f/security-cryptography/domain-access-restrictions/request-access-restrictions/resource-access-restrictions.md) — Enforces resource access restrictions to limit feature or data access based on identity and roles. ([source](https://github.com/spring-projects/spring-security/blob/main/gradle.properties)) - [User Identity Verification](https://awesome-repositories.com/f/security-cryptography/identity-authentication/user-identity-verification.md) — Validates user identities by verifying provided credentials against trusted identity records. ([source](https://github.com/spring-projects/spring-security/blob/main/gradle.properties)) - [Role-Based Access Control](https://awesome-repositories.com/f/security-cryptography/role-based-access-control.md) — Provides a comprehensive system for restricting access to features and data based on assigned user roles and permissions. - [Role-Based Access Control Systems](https://awesome-repositories.com/f/security-cryptography/role-based-access-control-systems.md) — Provides a framework for managing user permissions and access levels based on defined roles. - [User Authentication Workflows](https://awesome-repositories.com/f/security-cryptography/user-authentication-workflows.md) — Manages end-to-end user authentication workflows, including credential verification and session persistence. - [Web Application Security](https://awesome-repositories.com/f/security-cryptography/web-application-security.md) — Serves as a comprehensive security framework for Java applications, offering robust authentication and authorization for web environments. - [Web Request Authorizations](https://awesome-repositories.com/f/security-cryptography/web-request-authorizations.md) — Filters incoming web requests to ensure users possess the necessary privileges before reaching application endpoints. - [Authentication Delegation Managers](https://awesome-repositories.com/f/security-cryptography/identity-access-management/credential-lifecycle-management/authentication-management/authentication-delegation-managers.md) — Provides a delegating manager that routes authentication requests across multiple internal validation providers. - [OAuth 2.0 Authorization Servers](https://awesome-repositories.com/f/security-cryptography/oauth-2-0-authorization-servers.md) — Provides toolkits for implementing OAuth 2.0 authorization servers and clients to secure distributed systems. - [SAML Integrations](https://awesome-repositories.com/f/security-cryptography/oidc-identity-integrations/saml-integrations.md) — Integrates SAML 2.0 identity providers to enable cross-domain single sign-on. ### Networking & Communication - [Security Filter Chains](https://awesome-repositories.com/f/networking-communication/messaging-bot-frameworks/request-interception/security-filter-chains.md) — Employs a sequence of ordered filters to intercept and secure incoming web requests before they reach controllers. ### Software Engineering & Architecture - [Access Control Interceptors](https://awesome-repositories.com/f/software-engineering-architecture/aspect-oriented-programming-frameworks/access-control-interceptors.md) — Implements method-level security checks using aspect-oriented programming to decouple authorization from business logic. - [Security Context Propagators](https://awesome-repositories.com/f/software-engineering-architecture/thread-local-context-management/security-context-propagators.md) — Stores authenticated user details in a thread-local security context for seamless access across the request lifecycle. ### Part of an Awesome List - [Security And Privacy](https://awesome-repositories.com/f/awesome-lists/security/security-and-privacy.md) — Comprehensive security services for Java applications.