Spring Security has a number of capabilities apart from core security features, authentication and authorization. Some of the most important ones are listed here. In Chapter 7, Spring Security Add-Ons, we will go through each of these in more detail using hands-on coding. We will build on the example that we have created in this chapter and explain each of these very important Spring Security capabilities:

• Remember-me authentication: This is also known as persistent-login, and it allows websites to remember a user's identity in between multiple sessions. Spring Security provides a couple of implementations (hashed-token-based and persistent-token-based) that make this easy.
• Cross Site Request Forgery (CSRF): This is a very common security exploit employed by hackers to do unethical operations, whereby unauthorized commands are sent on behalf of the user. Spring Security allows us to fix this exploit easily with configurations.
• Cross-Origin Resource Sharing (CORS): This is a mechanism by which a web application running on a particular domain can access resources exposed in another domain by adding additional HTTP headers. This is one of the security mechanisms employed to make sure that only legitimate code can have access to resources exposed by a domain.
• Session management: Proper user session management is key to any application's security. Here are some of the important session-related functions that Spring Security takes care of easily:
  • Session timeout: This makes sure that user sessions time out at the configured value, and this cannot be hacked.
  • Concurrent session: This prevents users from having multiple (configured value) sessions active within the server.
  • Session fixation: This is a security attack that allows the attacker to hijack a valid user's session and then start using it for unethical operations.

These are some of the important features that Spring Security brings to the table. We will thoroughly explore them after covering additional topics that are relevant to Spring Security.