Spring Security is developed on top of the Spring Framework and uses the filters concept in the Servlet engine. Filters are like Servlet; they come into action when any request comes to Servlet and can decide whether the request should be forwarded to Servlet or not. Spring Security registers a single javax.servlet.Filter, that is, the DelegatingFilterProxy.

Before starting with Spring Security, let's quickly recall what Servlet filters are. In the following figure, a user enters the URL in the browser. The request comes to the container and then to Servlet after referring to web.xml for Servlet mapping with respecting URL. After processing the request, the request goes back to the user.

A Filter is present between Servlet ...