Can I define public permissions in Spring Security ACL?

I am working on an JEE 7 application, whose initial code was generated with generjee. Generjee generates application security based on the Apache Shiro library. One disadvantage of Shiro is the missing ability to grand a "public" right to a certain permission. Put simply, I want to grant the permission "article:read" to all users, may they be logged in or not logged in.
The code uses workarounds for public permissions and developers need to know multiple code positions they must change to make a permission public.

Now I am considering if switching to Spring Security could be an option. This are my questions:

Is it possible to use only the Spring Security Library isolated (without the entire Spring Framework) in an application built by generjee (JEE7, JSF/Primefaces, CDI, JPA)?

Does Spring security have built-in support for ACL where I can just define permissions as "public" at only one single configuration place? Permission check must be available for URLs and also per API like .hasPermission("article:read").

Hey Jamie - that's an interesting question.
First off - sure, Spring Security natively supports making an operation public - you don't need any work-arounds to do that.
Next - yes, it's definitely possible to use Spring Security for a non-Spring app. Spring Security is entirely decoupled and can be set up separately just as well.
Finally - yes, ACL is supported out of the box in the framework. You won't need to if you just want to make things public though - that can be handled simply with a Spring expression that allows all access.
Hope that clears things up. Cheers,
Eugen.