Understanding Spring Security
Spring Security (https://spring.io/projects/spring-security) provides security services for Java-based web applications. The Spring Security project was started in 2003 and was previously named Acegi Security System for Spring.
By default, Spring Security enables the following features:
- An
AuthenticationManager
bean with an in-memory single user. The username isuser
and the password is printed to the console output. - Ignored paths for common static resource locations, such as
/css
and/images
. HTTP basic authentication for all other endpoints. - Security events published to Spring’s
ApplicationEventPublisher
interface. - Common low-level features turned on by default, including HTTP Strict Transport Security (HSTS), cross-site scripting (XSS), and cross-site request forgery (CSRF).
- A default autogenerated login page.
You can include Spring Security in your application by adding the following highlighted...