In this chapter, we discussed what security is and how important it is for the developer as well as the client perspective. We discussed the terminologies such as authorization, authentication, roles, and privileges. We also discussed in depth about form-based and basic authentication. We also discussed the Spring Security framework and how it works. We continued the discussion ahead by configuring the security in the application using 'namespace' and authentication providers. We demonstrated these configurations with both, basic as well as form-based authentications and created the users with their roles. We created the roles and assigned them usernames and passwords using in-memory authentication, and JDBC-based authentication. We also demonstrated some advanced security features, such as remember-me and logging out. Further in the topic, we discussed how to manage the sessions from the security perspective. We discussed the problems in traditional HTTP sessions, such as multiple session creations and handling multiple accounts. Lastly, we also discussed in depth how to overcome these problems and the different configurations available for Spring session managements.

In the next chapter, we will discuss the power of RESTful web services and develop the Spring RESTful web service. Enjoy reading.