Originally posted by Suman Chaudhuri:
What type of security features are provided in Spring ?
a) Is there support for roles and principals ?
b) If I want to restrict a component in that it can be used by a certain role (eg, only Managers), how is this achieved in Spring ?
Spring supports a variety of security features (authentication using a number of methods and authorization using a number of methods) through
Acegi Security System for Spring. I haven't used Acegi myself but I do know it supports role-based authorization with all sorts of voting schemes and authentication using a variety of methods from LDAP to
JDBC to SSO and so forth.
I'd suggest browsing the Acegi documentation (or buying a Spring book;) for more details.