Understanding Spring Security
Spring Security (https://spring.io/projects/spring-security) provides security services for Java-based web applications. The Spring Security project was started in 2003 and was previously named Acegi Security System for Spring.
By default, Spring Security enables the following features:
- An
AuthenticationManager
bean with an in-memory single user. The username isuser
, and the password is printed to the console output. - Ignored paths for common static resource locations, such as
/css
and/images
. HyperText Transfer Protocol (HTTP) basic security for all other endpoints. - Security events published to Spring's
ApplicationEventPublisher
interface. - Common low-level features are on by default (HTTP Strict Transport Security (HSTS), cross-site scripting (XSS), cross-site request forgery (CSRF), and so forth).
- Default autogenerated login page.
You can include Spring Security in your application by adding the following dependencies...