5.6 Summary

• Spring Security autoconfiguration is a great way to get started with security, but most applications will need to explicitly configure security to meet their unique security requirements.
• User details can be managed in user stores backed by relational databases, LDAP, or completely custom implementations.
• Spring Security automatically protects against CSRF attacks.
• Information about the authenticated user can be obtained via the SecurityContext object (returned from SecurityContextHolder.getContext()) or injected into controllers using @AuthenticationPrincipal.