Why Spring Security May Be My Favorite Spring Project

Spring Security is a powerful, flexible, and extensible security framework for Java applications that is part of the larger Spring ecosystem.

It is my go-to solution for securing Java-based applications, and I will share with you the reasons it JUST MIGHT be my favorite Spring project.

1 — Sensible Defaults

One of the key reasons why Spring Security stands out is its sensible default configurations. The framework is designed to ensure that your app is protected against a wide range of security threats. And one thing I’ve learned from listening to Rob Winch’s many security talks (lead for Spring Security) is that I don’t know 1% of what this guy knows.

In fact, there’s a common expression amongst security geeks:

Don’t implement security on your own.

You and I, mere mortals in application development, don’t grok enough to guard against the many vectors of attacks. We NEED toolkits like Spring Security to apply good, standardized protections.

For example, if you create a Spring MVC application and hook up a templating engine like Thymeleaf, Spring Security will insert additional HTML directives that are aimed at protecting you. The simplest being that the browser is instructing, when logged-in users are accessing the system, to not hold into cached assets.