This is a hands-on book, but our first chapter was theoretical (as it should be) because it was an introductory chapter.
In this chapter, we will dive deeply into the technical capabilities of Spring Security, specifically authentication and authorization, using code. However, before we get into the coding, we will give a brief explanation of the theory. We are doing this because it is important to understand the concepts before diving into coding.
The two most important aspects of security are as follows:
- Find the identity of the user
- Find what resources this user has access to
authentication is the mechanism by which you find out who a user is, and authorization is the mechanism that allows an application to find out what the user can do with the application:
Figure 01: Fundamental aspects of security—Authentication and Authorization
In this chapter we will cover the following:
- Authentication
- Authentication mechanisms
- Authorization