People use Spring Security for many reasons, but most are drawn to the project after finding the security features of Java EE’s Servlet Specification or EJB Specification lack the depth required for typical enterprise application scenarios. Whilst mentioning these standards, it’s important to recognise that they are not portable at a WAR or EAR level. Therefore, if you switch server environments, it is typically a lot of work to reconfigure your application’s security in the new target environment. Using Spring Security overcomes these problems, and also brings you dozens of other useful, customisable security features.
Although I have only recently been using and learning about Spring (because it is such a dominant player), this whole thing raises a question with me: what other servers could you switch to and get the same security setup, if you were already running Spring?
Are we talking about changing from Tomcat to Jetty?