Spring Security

Spring Security 2.0.0 builds on Acegi Security's solid foundations, adding many new features:

•Simplified namespace-based configuration syntax. Old configurations could require hundreds of lines of XML but our new convention over configuration approach ensures that many deployments will now require less than 10 lines.

•OpenID integration, which is the web's emerging single sign on standard (supported by Google, IBM, Sun, Yahoo and others)

•Windows NTLM support, providing easy enterprise-wide single sign on against Windows corporate networks
• Support for JSR 250 ("EJB 3") security annotations, delivering a standards-based model for authorization metadata

•AspectJ pointcut expression language support, allowing developers to apply cross-cutting security logic across their Spring managed objects

•Substantial improvements to the high-performance domain object instance security ("ACL") capabilities

•Long-requested support for groups, hierarchical roles and a user management API, which all combine to reduce development time and significantly improve system administration

•An improved, database-backed "remember me" implementation

•Support for portlet authentication out-of-the-box

•New support for web state and flow transition authorization through the Spring Web Flow 2.0 release

•New support for visualizing secured methods, plus configuration auto-completion support in Spring IDE

•Enhanced WSS (formerly WS-Security) support through the Spring Web Services 1.5 release

•Updated support for CAS single sign-on (CAS 3 is now supported).




Source : http://www.springsource.org