No, there's many other advantages. Spring Security also allows you to get a user's information anywhere in your application, which can be quite handy. This is provided by using the SecurityContextHolder.
As far as the default Remember Me implementation, that's changeable. http://static.springsource.org/spring-security/site/apidocs/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.html See the javadoc at the bottom where it links to PersistentTokenBasedRememberMeServices: http://static.springsource.org/spring-security/site/apidocs/org/springframework/security/ui/rememberme/PersistentTokenBasedRememberMeServices.html If you don't want to use Spring Security, you can certainly rip it out. You also might consider using AppFuse Light, which doesn't have any Security configured. Matt On Fri, Nov 20, 2009 at 10:41 AM, ramzi khlil <ramzi.atv...@gmail.com>wrote: > Hi Matt, > > "Remember me" feature through cookies is not recommanded (not > sox-compliant). > Should I understand that's the only difference between these security > schema ? > > Ramzi > > On Wed, Nov 18, 2009 at 4:29 PM, Matt Raible <m...@raibledesigns.com>wrote: > >> Spring Security 2.x is pretty simple if you use the basic >> configuration. The reason we're using Spring Security over >> container-managed authentication is b/c container-managed >> authentication doesn't have any sort of Remember Me feature. >> >> Matt >> >> On Wed, Nov 18, 2009 at 4:23 PM, Oscar Rodriguez >> <orodrigu...@speedy.com.ar> wrote: >> > Thanks Matt. >> > I just was finding out about some schema simpler than Spring. >> > >> > Oscar. >> > >> > ----- Original Message ----- >> > From: Matt Raible >> > To: users@appfuse.dev.java.net >> > Sent: Wednesday, November 18, 2009 5:24 PM >> > Subject: Re: [appfuse-user] Security AppFuse (Acegi) >> > I don't understand your question - can you rephrase it? AppFuse includes >> > Spring Security, so you can use any features it has. >> > Matt >> > On Nov 18, 2009, at 3:21 PM, Oscar Rodriguez wrote: >> > >> > Matt, What do you recommend to add to AppFuse a role and permision based >> > security schema? >> > >> > Without i have use something so complex how ACL. >> > >> > Thanks. >> > >> > ________________________________ >> > E-mail clasificado por el Idenfificador de Spam Inteligente. Para >> modificar >> > la categorÃa clasificada acceda a su webmail >> > >> > ________________________________ >> > Este mensaje ha sido verificado por el E-mail Protegido. Antivirus >> > actualizado en 18/11/2009 / Versión: 0.95.2/10041 >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net >> For additional commands, e-mail: users-h...@appfuse.dev.java.net >> >> >
