Formerly the Acegi Security System for Spring, Spring Security provides powerful and flexible security solutions for enterprise applications developed using the Spring Framework. It is a stable and mature product - Acegi Security 1.0.0 was released in May 2006 after more than two and a half years of use in large production software projects and adopted as an official Spring sub-project on its release.
Spring Security 2.0.0 builds on Acegi Security's solid foundations, adding many new features:
- Simplified namespace-based configuration syntax. Old configurations could require hundreds of lines of XML but our new convention over configuration approach ensures that many deployments will now require less than 10 lines.
- OpenID integration, which is the web's emerging single sign on standard (supported by Google, IBM, Sun, Yahoo and others)
- Windows NTLM support, providing easy enterprise-wide single sign on against Windows corporate networks
- Support for JSR 250 ("EJB 3") security annotations, delivering a standards-based model for authorization metadata
- AspectJ pointcut expression language support, allowing developers to apply cross-cutting security logic across their Spring managed objects
- Substantial improvements to the high-performance domain object instance security ("ACL") capabilities
- Comprehensive support for RESTful web request authorization, which works well with Spring 2.5's @MVC model for building RESTful systems
- Long-requested support for groups, hierarchical roles and a user management API, which all combine to reduce development time and significantly improve system administration
- An improved, database-backed "remember me" implementation
- Support for portlet authentication out-of-the-box
- Support for additional languages
- Numerous other general improvements, documentation and new samples
- New support for web state and flow transition authorization through the Spring Web Flow 2.0 release
- New support for visualizing secured methods, plus configuration auto-completion support in Spring IDE
- Enhanced WSS (formerly WS-Security) support through the Spring Web Services 1.5 release
- Updated support for CAS single sign-on (CAS 3 is now supported).
