Spring Security was formerly known as the Acegi Security System for Spring.
The newer versions of the framework provide a huge array of authentication and access-control features for applications.
Here are some key features of "Spring Security":
· Easy Configuration using Spring Dependency Injection
· Non-Intrusive Setup
· Non-Invasive
· Pluggable Architecture
· Comprehensive Authorization Services
· Enterprise-wide single sign on using CAS 3
· OpenID Support
· X.509 (Certificate) support
· LDAP Support
· User Provisioning APIs
· Supports HTTP BASIC authentication
· Supports HTTP Digest authentication
· Various authentication backends
· Easy integration with existing databases
· Password encoding
· Event support
· Remoting support
· Transparent security propagation
· Run-as replacement
· Compatibility with Servlet Security API
· Tag library support
· Flexible "Pre-Authentication" Framework
· Remember-Me (Persistent Login)
· IDE Support
· Web Flow Security
· WSS (formerly WS-Security)
· Peer reviewed
What's New in This Release: [ read full changelog ]
· Support for multiple HTTP elements
· Support for stateless authentication
· DebugFilter provides additional debugging information
· Improved Active Directory LDAP support (i.e. ActiveDirectoryLdapAuthenticationProvider)
· Added Basic Crypto Module.
· The namespace is fully documented in the reference appendix.
· Added dependencies section to the reference appendix
· Support HttpOnly Flag for Cookies in Servlet 3.0 environments
· InMemoryUserDetailsManager provides in memory implementation of UserDetailsManager
· Support for hasPermission expression on the authorize JSP tag
· Support for disabling UI security (for testing purposes)
· Support erasing credentials after successful authentication
· Support clearing cookies on logout
· Spring Security Google App Engine example application
· Support for CAS proxy tickets
· Support for arbitrary implementations of JAAS Configuration
· Support nested switching of users for SwitchUserFilter