what Spring Security make it worth to use?

Question

I am a beginner and i read some part of Spring Security.

from docs,

Spring Security provides you with a very flexible framework for your authentication and authorization requirements,

But i didn't get the actual goal behind Spring Security. Why i need spring security as i can achieve same thing by simple java filter manually.

What Spring Security make sense to worth using it?

Appreciate if anyone can explain in simple words and mention some use cases for that.

refer

http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/faq.html#faq-web-xml

Answer 1

I have configured security on the enterprise projects using both the ways: Here is the benefits using Spring Security over writing Filter:

1) Ease to Use & Configure
2) Multiple Auth Provider (i.e. LDAP, SSO, etc)
3) Maintainabilty
4) Ease to implement Session Management
5) Ease to implement Remember Me Functionality

Answer 2

Spring Security isn't only for protecting pages it can also protect methods, do ACL on your domain objects. Prevent (or at least make it more difficult) to do session hijacking, it also has support for concurrent session usage (a single user can login only max x times at once).

The current release also has support for security headers and out-of-the-box CSFR protection for your forms.

Next to all that it provides, out-of-the-box, multiple ways of storing your security related data be it in files, database, ldap, active directory

Whilst you might be able to do simple protection of pages in a filter it doesn't give you any of the added benefits of Spring Security.

Finally Spring Security has been battle tested and is used by many companies, small to large, whilst your simple custom filter isn't.