Remember-me authentication: This is also known as persistent-login, and it allows websites to remember a user's identity in between multiple sessions. Spring Security provides a couple of implementations (hashed-token-based and persistent-token-based) that make this easy.
Cross Site Request Forgery (CSRF): This is a very common security exploit employed by hackers to do unethical operations, whereby unauthorized commands are sent on behalf of the user. Spring Security allows us to fix this exploit easily with configurations.
Cross-Origin Resource Sharing (CORS): This is a mechanism by which a web application running on a particular domain can access resources exposed in another domain by adding additional HTTP headers. This is one of the security mechanisms employed to make sure that only legitimate code can have access to resources exposed by a domain.
Session management: Proper user session management is key to any application's security. Here are some of the important session-related functions that Spring Security takes care of easily:
Session timeout: This makes sure that user sessions time out at the configured value, and this cannot be hacked.
Concurrent session: This prevents users from having multiple (configured value) sessions active within the server.
Session fixation: This is a security attack that allows the attacker to hijack a valid user's session and then start using it for unethical operations.
LDAP (Lightweight Directory Access Protocol)
Single sign-on.
JAAS (Java Authentication and Authorization Service) LoginModule.
Basic Access Authentication.
Digest Access Authentication.
Remember-me.
Web Form Authentication.
Authorization.