Security is one of the fundamental requirements of a web application such as TaskAgile. We want to authenticate requests and authorize access to various resources, and we will want to prevent potential attacks that can be performed against our application. Spring Security, originally named Acegi Security, is the most popular security solution adopted in the Spring world. In this chapter, we will introduce the basics of web application security and various authentication processes, including Single Sign-On (SSO) and OAuth 2.0. We will also introduce Spring Security and explore its features, and then take a deep dive into its architecture to understand how it works. We will also implement the login page of the user module along the way.

In a nutshell, the following is what you will learn in this chapter:

• How to secure a web application
• How Spring Security works
• How to set up Spring Security
• Authenticating requests with Spring Security
• Sending emails using JavaMail
• Performing end-to-end integration tests
• Adding a Java unit test coverage report