Authentication and authorization: configurable security processes that support a range of standards, protocols, tools and practices via the Spring Security sub-project (formerly Acegi Security System for Spring).
Convention over configuration: a rapid application development solution for Spring-based enterprise applications is offered in the Spring Roo module
Data access: working with relational database management systems on the Java platform using JDBC and object-relational mapping tools and with NoSQL databases
Inversion of control container: configuration of application components and lifecycle management of Java objects, done mainly via dependency injection
Messaging: configurative registration of message listener objects for transparent message-consumption from message queues via JMS, improvement of message sending over standard JMS APIs
Model–view–controller: an HTTP- and servlet-based framework providing hooks for extension and customization for web applications and RESTful Web services.
Remote access framework: configurative RPC-style marshalling of Java objects over networks supporting RMI, CORBA and HTTP-based protocols including Web services (SOAP)
Transaction management: unifies several transaction management APIs and coordinates transactions for Java objects
Remote management: configurative exposure and management of Java objects for local or remote configuration via JMX
Testing: support classes for writing unit tests and integration tests