Spring offers developers a simpler, more robust method for configuring applications. These benefits extend to security through the ACEGI framework. ACEGI makes the otherwise daunting task of securing your application logical and straightforward. More importantly, through its support for single sign-on provision through Yale's CAS system and its ability to provide instance-level authorization, Spring extends the common security model of most J2EE apps beyond what they are traditionally capable of.

In this session, we'll explore:

• configuring ACEGI to authorize against an in-memory user list, a database, and a JAAS login module • page level authorization • method level authorization • instance level authorization • forcing HTTPS connections to secured sites • impersonation using the RunAsManager