Spring Security - Key Authentication Features

Key Authentication Features

• LDAP (using both bind-based and password comparison strategies) for centralization of authentication information.
• Single sign-on capabilities using the popular Central Authentication Service.
• Java Authentication and Authorization Service (JAAS) LoginModule, a standards-based method for authentication used within Java. Note this feature is only a delegation to a JAAS Loginmodule.
• Basic access authentication as defined through the IETF Request for Comments 1945 standard.
• Digest access authentication as defined through the IETF Request for Comments 2617 and RFC 2069 standard.
• X.509 client certificate presentation over the Secure Sockets Layer standard.
• CA, Inc SiteMinder for authentication (a popular commercial access management product).
• Su (Unix)-like support for switching principal identity over a HTTP or HTTPS connection.
• Run-as replacement, which enables an operation to assume a different security identity.
• Anonymous authentication, which means that even unauthenticated principals are allocated a security identity.
• Container adapter (custom realm) support for Apache Tomcat, Resin, JBoss and Jetty (web server).
• Windows NTLM to enable browser integration (experimental).
• Web form authentication, similar to the Servlet container specification.
• "Remember-me" support via HTTP Cookies.
• Concurrent session support, which limits the number of simultaneous logins permitted by a principal.
• Full support for customization and plugging in custom authentication implementations.