For the latest stable version, please use Spring Security 6.3.4! |
Authentication
Spring Security provides comprehensive support for Authentication. We start by discussing the overall Servlet Authentication Architecture. As you might expect, this section is more abstract describing the architecture without much discussion on how it applies to concrete flows.
If you prefer, you can refer to Authentication Mechanisms for concrete ways in which users can authenticate. These sections focus on specific ways you may want to authenticate and point back at the architecture sections to describe how the specific flows work.
Authentication Mechanisms
-
Username and Password - how to authenticate with a username/password
-
OAuth 2.0 Login - OAuth 2.0 Log In with OpenID Connect and non-standard OAuth 2.0 Login (i.e. GitHub)
-
SAML 2.0 Login - SAML 2.0 Log In
-
Central Authentication Server (CAS) - Central Authentication Server (CAS) Support
-
Remember Me - how to remember a user past session expiration
-
JAAS Authentication - authenticate with JAAS
-
OpenID - OpenID Authentication (not to be confused with OpenID Connect)
-
Pre-Authentication Scenarios - authenticate with an external mechanism such as SiteMinder or Java EE security but still use Spring Security for authorization and protection against common exploits.
-
X509 Authentication - X509 Authentication