The Spring Security framework provides the security services for J2EE-based applications with powerful and flexible security features. It has its own strong authentication mechanism, along with which, it also supports other technologies. The stack of servlet specification and EJB specification doesn't provide support to handle the security in depth. The servlet or EJB applications, when tried to deploy on different server environment, requires a lot of work for the reconfiguration of the security that can be eliminated by using Spring Security.

In 2003, Spring added the security module that was known as The Acegi Security System. However, in 2007, Acegi Security became an official partner in the Spring Portfolio project, which was renamed Spring Security. The following are the features of Spring Security:

• Easy configuration of the authentication provider through XML
• Easy configuration of the authorization rules for the resources
• Password encoding has been facilitated using the PasswordEncoder interface implementations
• It provides the Spring Security tag library to facilitate the use of security in JSP pages
• It supports method-level annotation-based authorization
• It supports the use of JSR 250 implementations to provide method-level security
• Easy configuration with OpenId, LDAP (Light Weight Directory Access Protocol) to carry out authentication.