Web applications hosted on Progress Application Server (PAS) for OpenEdge automatically use the Spring Security framework to receive all incoming requests and to perform authentication and authorization operations for those web applications. Spring Security is a mature, commercial-grade, Java-based, and always-on access-control security framework that:

  • Is automatically started when you start a PAS for OpenEdge instance
  • Is always on to receive all incoming requests
  • Applies industry-standard filters to ensure that each request is compliant
  • Blocks a request if authentication fails
  • Generates a security token if authentication succeeds
  • Provides an easy-to-configure plug-in framework for multiple authentication provider types

When a client issues a request on a web application that is hosted on a PAS for OpenEdge instance, the request must go through the Spring Security framework. Spring Security invokes the configured authentication manager plug-in to authenticate the client's credentials against an identity store, such as Microsoft Active Directory. If the authentication operation is successful, then the Spring Security framework generates a Spring token, as shown in the following figure.



Spring Security is implemented in the $CATALINA_HOME/common/lib directory of the PAS for OpenEdge installation directory.

For more information, consult the official Spring Security project documentation.