> > For Spring users, Acegi is the defacto standard. Again in > JSF view, it's > > possible to use the acegi-jsf components. > > > > Seems like many of you are using this Acegi. Good to know that Spring > has a nice security framework available for it. Of course, we > can't use > this technology without also adding Spring.
Adding Spring, yes, but it should be noted that one of the strengths of Spring is that you can use just the pieces you need/want w/o rearchitecting your whole architecture. If you had a non-spring project, you can get away with adding spring core and acegi jars, add a small beans config file, the rest (as far as acegi is concerned) is added by adding a servlet filter and a context listener. You don't have to write a line of code (as long as you can use the distributed mechanisms for user validation), yet have a security layer integrated into your application. Spring rocks! ;-)