FILTER chains in Spring Security are very complex and flexible. They use SERVICES such as UserDetailsService and AuthenticationManager to accomplish their tasks. It is also important to consider their orders since you might want to verify their AUTHENTICITY before authorizing them. A few of the important security filters from Spring's filter chain are listed below in the order they occur: 

• SecurityContextPersistenceFilter: Stores the SecurityContext contents between HTTP requests. It also clears SecurityContextHolder when a request is finished.
• ConcurrentSessionFilter: It is responsible for HANDLING concurrent sessions. Its PURPOSE is to refresh the last modified time of the request's session and to ensure the session hasn't expired.
• UsernamePasswordAuthenticationFilter: It's the most popular authentication filter and is the one that's most often customized.
• ExceptionTranslationFilter: This filter resides above FilterSecurityInterceptor in the security filter stack. Although it doesn't perform actual security enforcement, it handles exceptions thrown by the security interceptors and returns valid and suitable HTTP responses.
• FilterSecurityInterceptor: It is responsible for securing HTTP resources (web URIs), and raising or throwing authentication and authorization exceptions when access is denied.