Spring Security is one of the most mature and widely used Spring projects. Founded in 2003 and actively maintained by SpringSource since, today it is used to secure numerous demanding environments including government agencies, military applications and central banks. It is released under an Apache 2.0 license so you can confidently use it in your projects.

Spring Security is also easy to learn, deploy and manage. Our dedicated security namespace provides directives for most common operations, allowing complete application security in just a few lines of XML. We also offer complete tooling integration in SpringSource Tool Suite, plus our Spring Roo rapid application development framework. The Spring Community Forum and SpringSource offer a variety of free and paid support services. Spring Security is also integrated with many other Spring technologies, including Spring Web Flow, Spring Web Services, SpringSource Enterprise, SpringSource Application Management Suite and SpringSource tc Server.

Find out More

For an overview of what's offered by the framework, check out our list of features or read some of the articles which are available online. The project reference manual provides more in-depth reading for those who are using Spring Security in their project. For a more example-drive approach, there's also a recently published book dedicated to Spring Security 3.1, which we recommend highly as a guide. You can also follow us on

TWITTER

Follow @SpringSecurity for the latest official news and release announcements. If you're interested in the development progress of Spring Security and other interesting updates, we also encourage you to follow the Spring Security project team engineers.

If you Tweet about Spring Security, please include #SpringSecurity in the message in order to help others find your Tweet.

Maven Artifacts

The dependencies you need to add to your project will depend on what features you require. For example, a typical Spring Security web application using namespace configuration would have the following artifacts added to its maven pom:

 <dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-core</artifactId>
    <version>3.1.4.RELEASE</version>
 </dependency> 
 <dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-web</artifactId>
    <version>3.1.4.RELEASE</version>
  </dependency> 
  <dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-config</artifactId>
    <version>3.1.4.RELEASE</version>
  </dependency>

A full list of available jars and their purpose is available in the reference manual

Welcome

Welcome to OAuth for Spring Security!

As you can probably deduce from its name, the purpose of this project is to provide an OAuth implementation for Spring Security. Support is provided for the implementation of OAuth providers and OAuth consumers. There is also support for two-legged OAuth (a.k.a. "Signed Fetch") and for OAuth 2.0.

Applying security to an application is not for the faint of heart, and OAuth is no exception. Before you get started, you're going to want to make sure you understand OAuth and the problem it's designed to address. There is good documentation at the OAuth site and a good illustration of how OAuth is applied. You will also want to make sure you understand how Spring and Spring Security work.

With that, you're ready to get started. You'll want to see OAuth for Spring Security in action and read a more detailed explanation in the user guide.

If you run into problems or have other questions, please use the forum.

Maven Artifacts

Here is the Spring Milestone Repository:

<repository>
    <id>spring-milestone</id>
    <name>Spring Maven MILESTONE Repository</name>
    <url>http://maven.springframework.org/milestone</url>
</repository>

Here is the dependency:

<dependency>
 <groupId>org.springframework.security.oauth</groupId>
 <artifactId>spring-security-oauth</artifactId>
 <version>1.0.0.M4</version>
</dependency>