StackShareStackShare
Follow on
StackShare

Discover and share technology stacks from companies around the world.

Follow on

© 2025 StackShare. All rights reserved.

Product

  • Stacks
  • Tools
  • Feed

Company

  • About
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  1. Stackups
  2. Utilities
  3. Authentication
  4. User Management And Authentication
  5. Spring Security vs Stormpath

Spring Security vs Stormpath

OverviewDecisionsComparisonAlternatives

Overview

Stormpath
Stormpath
Stacks40
Followers96
Votes146
Spring Security
Spring Security
Stacks559
Followers589
Votes6
GitHub Stars9.4K
Forks6.2K

Spring Security vs Stormpath: What are the differences?

Developers describe Spring Security as "A powerful and highly customizable authentication and access-control framework". It is a framework that focuses on providing both authentication and authorization to Java applications. The real power of Spring Security is found in how easily it can be extended to meet custom requirements. On the other hand, Stormpath is detailed as "User Management and Authentication for Developers". Stormpath is an authentication and user management service that helps development teams quickly and securely build web and mobile applications and services.

Spring Security and Stormpath belong to "User Management and Authentication" category of the tech stack.

Some of the features offered by Spring Security are:

  • Comprehensive
  • Servlet API integration
  • Protection against attacks

On the other hand, Stormpath provides the following key features:

  • User Authentication as a Service
  • Authorization – Easily model and manage your data, including pre-built roles
  • Flexible User Profiles

Spring Security is an open source tool with 3.63K GitHub stars and 3.2K GitHub forks. Here's a link to Spring Security's open source repository on GitHub.

Monkey Exchange, Debut, and Monbanquet.fr are some of the popular companies that use Spring Security, whereas Stormpath is used by Stormpath, Forerunner Games, and Notify-e. Spring Security has a broader approval, being mentioned in 12 company stacks & 9 developers stacks; compared to Stormpath, which is listed in 3 company stacks and 4 developer stacks.

Share your Stack

Help developers discover the tools you use. Get visibility for your team's tech choices and contribute to the community's knowledge.

View Docs
CLI (Node.js)
or
Manual

Advice on Stormpath, Spring Security

sindhujasrivastava
sindhujasrivastava

Jan 16, 2020

Needs advice

I am working on building a platform in my company that will provide a single sign on to all of the internal products to the customer. To do that we need to build an Authorisation server to comply with the OIDC protocol. Earlier we had built the Auth server using the Spring Security OAuth project but since in Spring Security 5.x it is no longer supported we are planning to get over with it as well. Below are the 2 options that I was considering to replace the Spring Auth Server.

  1. Keycloak
  2. Okta
  3. Auth0 Please advise which one to use.
258k views258k
Comments

Detailed Comparison

Stormpath
Stormpath
Spring Security
Spring Security

Stormpath is an authentication and user management service that helps development teams quickly and securely build web and mobile applications and services.

It is a framework that focuses on providing both authentication and authorization to Java applications. The real power of Spring Security is found in how easily it can be extended to meet custom requirements.

User Authentication as a Service; Authorization – Easily model and manage your data, including pre-built roles; Flexible User Profiles; Single Sign-On Across your Apps; Easy Partitioning for Multi-Tenant SaaS; Pre-built Security Workflows - Password Reset, Email Verification; Hosted Login Portal; Social Login; API Authentication & Key Management; Token-based Authentication; Multi-Factor Authentication; Active Directory & LDAP Integrations; Advanced Password Security; Admin Console; Safe Harbor Compliance; HIPAA Compliance; Private Deployments;
Comprehensive; Servlet API integration; Protection against attacks
Statistics
GitHub Stars
-
GitHub Stars
9.4K
GitHub Forks
-
GitHub Forks
6.2K
Stacks
40
Stacks
559
Followers
96
Followers
589
Votes
146
Votes
6
Pros & Cons
Pros
  • 29
    Authentication
  • 22
    User Management
  • 19
    API Authentication
  • 17
    Token Authentication
  • 17
    Security Workflows
Cons
  • 4
    Discontinued
Pros
  • 3
    Easy to use
  • 3
    Java integration
Integrations
Node.js
Node.js
G Suite
G Suite
Spring Framework
Spring Framework
Facebook
Facebook
Spring
Spring
Ruby
Ruby
Java
Java
AngularJS
AngularJS
JavaScript
JavaScript
Django
Django
Spring Boot
Spring Boot
Spring MVC
Spring MVC

What are some alternatives to Stormpath, Spring Security?

Auth0

Auth0

A set of unified APIs and tools that instantly enables Single Sign On and user management to all your applications.

Keycloak

Keycloak

It is an Open Source Identity and Access Management For Modern Applications and Services. It adds authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box.

Devise

Devise

Devise is a flexible authentication solution for Rails based on Warden

Firebase Authentication

Firebase Authentication

It provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app. It supports authentication using passwords, phone numbers, popular federated identity providers like Google,

Amazon Cognito

Amazon Cognito

You can create unique identities for your users through a number of public login providers (Amazon, Facebook, and Google) and also support unauthenticated guests. You can save app data locally on users’ devices allowing your applications to work even when the devices are offline.

WorkOS

WorkOS

Start selling to enterprise customers with just a few lines of code.

OAuth.io

OAuth.io

OAuth is a protocol that aimed to provide a single secure recipe to manage authorizations. It is now used by almost every web application. However, 30+ different implementations coexist. OAuth.io fixes this massive problem by acting as a universal adapter, thanks to a robust API. With OAuth.io integrating OAuth takes minutes instead of hours or days.

OmniAuth

OmniAuth

OmniAuth is a Ruby authentication framework aimed to abstract away the difficulties of working with various types of authentication providers. It is meant to be hooked up to just about any system, from social networks to enterprise systems to simple username and password authentication.

ORY Hydra

ORY Hydra

It is a self-managed server that secures access to your applications and APIs with OAuth 2.0 and OpenID Connect. It is OpenID Connect Certified and optimized for latency, high throughput, and low resource consumption.

Kinde

Kinde

Simple, powerful authentication that you can integrate in minutes. Free your users from passwords with secure and frictionless one click sign up and sign in. Built from the ground up using the best in class security protocols available today.

Related Comparisons

Postman
Swagger UI

Postman vs Swagger UI

Mapbox
Google Maps

Google Maps vs Mapbox

Mapbox
Leaflet

Leaflet vs Mapbox vs OpenLayers

Twilio SendGrid
Mailgun

Mailgun vs Mandrill vs SendGrid

Runscope
Postman

Paw vs Postman vs Runscope