1) Main concepts and components

2) Authentication mechanisms:

▸ Clients: OAuth - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine - Kerberos (SPNEGO)

▸ Authenticators: LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API

3) Authorization mechanisms: Authorizers

▸ On the user profile: roles/permissions, anonymous/remember-me/(fully) authenticated, etc.

▸ On the web context: CSRF, IP address, HTTP method, etc.

4) Matchers

5) Security configuration

6) Web components:

▸ Security filter - Callback endpoint - Logout endpoint

7) User profile and Profile manager

8) SessionStore and Store

9) Release notes - Backward compatibility

10) Authentication flows

11) Customizations

12) Third-party extensions

13) Javadoc