1) Main concepts and components

2) Authentication mechanisms:

▸ Clients: OAuth - SAML - CAS - OpenID Connect - HTTP - Google App Engine - Kerberos (SPNEGO)

▸ Authenticators: LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API

3) Authorization mechanisms: Authorizers

▸ On the user profile: roles, anonymous/remember-me/(fully) authenticated, etc.

▸ On the web context: CSRF, IP address, HTTP method, etc.

4) Matchers

5) Security configuration - Security module

6) Web components:

▸ Security filter - Callback endpoint - Logout endpoint

7) User profile - Profile manager

8) WebContext - HttpActionAdapter

9) SessionStore - Store

10) Release notes - Backward compatibility

11) Authentication flows

12) Customizations

13) Javadoc