Acegi Security System for Spring 1.0 is out

| by Floyd Marinescu Follow 30 Followers on May 30, 2006. Estimated reading time: 1 minute |

A note to our readers: You asked so we have developed a set of features that allow you to reduce the noise: you can get email and web notifications for topics you are interested in. Learn more about our new features.

Acegi Security 1.0 has just been released, after more than two and a half years of use in large production software projects, 70,000+ downloads and hundreds of community contributions. The Acegi framework is particularly useful with Spring, it offers authentication, authorization, instance-based access control, channel security and human user detection capabilities.

Project founder Ben Alex announced the launch on the SpringFramework forums:
In addition to more than 80 improvements and fixes since 1.0.0 RC2, this new release also includes several changes to help new users. This includes a significant restructure and expansion of the reference guide (now more than 90 pages) and a new "bare bones" tutorial sample application. Furthermore, many of the frequently-identified problems experienced by new users have been addressed, such as custom 403 messages (as opposed to using the Servlet Container's error handler), detecting corrupt property input following the reformatting of XML files, and a new logout filter. We've also refactored our LDAP services, made the SecurityContextHolder a pluggable strategy (especially useful for rich clients who wish to avoid ThreadLocal), and improved CAS support.
Acegi Security began in late 2003 in response to a Spring Developers' mailing list question about whether a Spring-based security implementation was in the works. Since then, Acegi has become one of the few Java security frameworks out there, and definitely one of the most comprehensive.   Insufficient features and lack of portability of Servlet and EJB security standards initially drove interest in Acegi, which since the has evolved into a project with support for most of today's authentication schemes.  While much has been written about authentication, the hardest security challenges (which are also the least discussed) is authorization, for which Acegi supports authorization on web requests, method calls, and even access to individual domain object instances.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you