Spring Security is a framework that provides authentication , authorization , and protection against common attacks . With first class support for securing both imperative and reactive applications, it is the de-facto standard for securing Spring-based applications.

For a complete list of features, see the Features section of the reference.

If you are ready to start securing an application see the Getting Started sections for servlet and reactive . These sections will walk you through creating your first Spring Security applications.

If you want to understand how Spring Security works, you can refer to the Architecture section.

If you have any questions, there is a wonderful community that would love to help you!

© VMware , Inc. or its affiliates. Terms of Use • Privacy • Trademark Guidelines • Thank you • Your California Privacy Rights • Cookie Settings

Apache®, Apache Tomcat®, Apache Kafka®, Apache Cassandra™, and Apache Geode™ are trademarks or registered trademarks of the Apache Software Foundation in the United States and/or other countries. Java™, Java™ SE, Java™ EE, and OpenJDK™ are trademarks of Oracle and/or its affiliates. Kubernetes® is a registered trademark of the Linux Foundation in the United States and other countries. Linux® is the registered trademark of Linus Torvalds in the United States and other countries. Windows® and Microsoft® Azure are registered trademarks of Microsoft Corporation. “AWS” and “Amazon Web Services” are trademarks or registered trademarks of Amazon.com Inc. or its affiliates. All other trademarks and copyrights are property of their respective owners and are only mentioned for informative purposes. Other names may be trademarks of their respective owners.