Using Spring Security 4.2 to address security concerns

Spring Security 4.2 provides a wealth of resources that allow for many common security practices to be declared or configured in a straightforward manner. In the coming chapters, we'll apply a combination of source code and application configuration changes to address all of the concerns raised by the security auditors (and more), to give ourselves the confidence that our calendar application is secure.

With Spring Security 4.2, we'll be able to make the following changes to increase our application's security:

• Segment users of the system into user classes
• Assign levels of authorization to user roles
• Assign user roles to user classes
• Apply authentication rules globally across application resources
• Apply authorization rules at all levels of the application architecture
• Prevent common types of attacks intended to manipulate or steal a user's session