Spring Security (formerly known as 'Acegi') enables self-contained, consistent, and extensible solutions for securing your applications. Version 2.0 provides major enhancements including a domain-specific XML namespace, convention-based defaulting, and annotation support. This provides a significantly simpler experience for developers while still supporting the same degree of flexibility.

Spring Security's interceptor-based approach is non-invasive even when extended to accommodate domain-specific requirements. The two main security processes (authentication and authorization) are decoupled in order to provide flexibility across a wide variety of providers and strategies. This presentation will include an overview of Spring Security's pluggable authentication process and how it accommodates a wide range of possibilities including Database, LDAP, Single Sign On, and even an in-memory option for development and testing. We will then proceed to cover authorization where you will see its consistent approach for securing web requests and method invocations. Throughout the session, we will walk through a sample application that demonstrates Spring Security's core features.