Filters are the perfect place to perform various actions on the requests that the application receives, such as auditing and security checking. Spring Security is built on filters. To gain a better understanding of how Spring Security works internally, we're going to look at the following types of requests and see how they are processed by Spring Security filters, as well as the Spring Security components that participate in these requests:

• An unauthenticated request accessing a public resource
• An unauthenticated request accessing a protected resource
• An authentication request
• An authenticated request accessing a protected resource
• An authenticated request accessing an unauthorized resource

What is a better way to understand how Spring Security works than seeing it in action? Before we talk about these requests, let's set up Spring Security in our TaskAgile application.