How secure is Spring Security?

How secure is Spring Security? Is it good enough to use Spring Security in web a开发者_如何学JAVApplication for banking system or something equivalent?

Spring Security in itself is very good. It is widely used and any problems are sorted out with high priority. However, as with most technologies, if you use it improperly, your application will not be secure.

If I use it in "most secure way", will be enough secure? - Yes

Earlier versions of Spring security (known as acegi back in the day) required quite a large amount of configuration and it was therefore possible to miss something and leave a hole in your security. Recent versions have significantly reduced the complexity and now use sensible defaults.

However Spring still remains extremely flexible and extensible which gives developers great power, but as always power comes with responsibility. As far as Spring security is concerned a little knowledge is a dangerous thing, I'd strongly recommend that you get a good understanding of the framework before undertaking any customization. It's also a good idea to get involved on the forums and ask the communityto peer review high risk areas of code/customization.

We've implemented Spring security for many banks and other financial institutions both in the US and Europe so in that sense it's definitely "fit for purpose"

Spring security is one of the best things that the Spring frameworks offers, it highly capable of taking care of both authentication and authorization.

The challenge is to model it correctly with right key elements of the framework being put in the right place. I have tried to illustrate its capabilities on one of my blog posts, refer http://www.nimblegeek.com/2012/08/role-base-application-modelling-using.html

Be careful applying Spring Security to applications require high level of security such as banking security system. First of all put your attention securing your application with strong cryptographic methods and securing data channel. then you can integrate it to some framework such Spring Security.