Security Component SPIs

The core framework defines two SPIs that define the security architecture:

  • the Authenticator SPI allows for different authentication implementations to be used

  • the Authorizor SPI allows for different authorization mechanisms to be used

By "authentication" we mean logging into the application using some credentials, typically a username and password. Authentication also means looking up the set of roles to which a user belongs.

And by "authorization" we mean permissions: granting roles to have access to features (domain object members) of the app, and granting users to those roles.