In previous chapters, we covered the implementation details of the multiple ways in which core security aspects, such as authentication and authorization, use Spring Security. In doing so, we just skimmed over a very thin layer of the capabilities that can be achieved using Spring Security. In this chapter, we will cover some other capabilities provided by Spring Security in a concise manner.
In addition, the chapter introduces many products (open source and paid versions) that can be considered for use along with Spring Security. I am not backing any of these products, but I do consider them strong contenders for achieving the technical capabilities that you are looking for. We will start off introducing a product by giving a gist of the technical capability that we need to address, then introduce you briefly to the product.
In this chapter we will cover the following topics:
- Remember-me authentication
- Session management
- CSRF
- CSP
- Channel security
- CORS Support
- The Crypto module
- Secret management
- HTTP Data Integrity Validator
- Custom DSL