Spring and declarative security

How does Spring handle this. How can i protect my pages , apply user -security (role etc) throgh Spring the way i do by declaring it in web.xml for normal web applications. Have they actually implemented their own security framework?
A brief explanation would help.

Afaik there is a project dedicated to this: Acegi Security System

./pope

So Spring security just act as a wrapper on top of that framework?. Are things like JAAS etc still valid in the Spring context?

I read:

Full (but optional) container integration: The credential collection and authorization capabilities of your Servlet or EJB container can be fully utilised via included "container adapters". We currently support Catalina (Tomcat), Jetty, JBoss and Resin, with additional containers easily added.

but I am not sure this is according to JAAS.

./pope

Originally posted by karthik Guru:
So Spring security just act as a wrapper on top of that framework?. Are things like JAAS etc still valid in the Spring context?

Yes, the Acegi framework supports JAAS. Chapter 13 of Spring Live (next February) will cover Security and Acegi.

Originally posted by Matt Raible:


Chapter 13 of Spring Live (next February) will cover Security and Acegi.

I think now am all the more able to appreciate the SourceBeat model!
Its great to have authors update on their own and also based on the feedback from the readers