- formerly Acegi security -- Acegi is an abbreviation for AbCdEfGhI :-)
- Authentication: URL (coarsegrained) or method (finegrained) authentication
- LDAP support
- pluggable filters (through 1 delegating servletfilter); config in security.xml.
Eg: LDAP, JAAS, OpenID plugins
- repository for storing (e.g.) additional user details
--> implemented in e.g. JDBC or LDAP
--> combine multiple data sources
- SecurityInterceptor (AOP) for method-based security
- @RolesAllowed annotation (JSR-250)
Spring security also provides a authz-taglib for querying security-permissions while building a web page. This is helpful, but you still have to secure the basic URLs and methods.