Ben Alex has released the 0.6.1 version of the Acegi Security System for Spring.
For those who don’t know the project provides comprehensive security services for The Spring Framework. I think it’s a must if you need security in your applications (who doesn’t need?). It’s easy and powerful.

FEATURES:

* It is ready NOW
* Easy to use and deploy (eg see samples/quick-start directory)
* Enterprise-wide single sign on (via Yale Uni’s CAS project)
* Reuses your Spring expertise
* Domain object instance security
* Non-intrusive setup
* Full (but optional) container integration
* Keeps your objects free of security code
* Secures your HTTP requests (regular expressions, Ant Paths etc)
* Channel security (HTTPS/HTTP auto redirection etc)
* Supports HTTP BASIC authentication (RFC 1945)
* Convenient security taglib
* Application context or attribute-based configuration
* Various authentication backends (including JDBC)
* Event support
* Easy integration with existing databases (no schema changes)
* Caching (now pluggable, with an EHCACHE implementation)
* Pluggable architecture
* Startup-time validation
* Remoting support (demonstrated in sample application)
* Advanced password encoding (SHA, MD5, salts etc)
* Run-as replacement
* Unit tests (Clover coverage is currently 98%)
* Container integration tests
* Supports your own unit tests
* Peer reviewed
* Thorough documentation
* Apache license

CHANGES IN 0.6.1:

* Resolved to use http://apr.apache.org/versioning.html for versioning
* Added additional DaoAuthenticationProvider event when user not found
* Added Authentication.getDetails() to DaoAuthenticationProvider resp
* Added DaoAuthenticationProvider.hideUserNotFoundExceptions
* Added PasswordAuthenticationProvider for password-validating DAOs
* Added FilterToBeanProxy compatibility with ContextLoaderServlet
* Added convenience methods to ConfigAttributeDefinition
* Improved sample applications’ bean reference notation
* Clarified contract for ObjectDefinitionSource.getAttributes(Object)
* Extracted removeUserFromCache(String) to UserCache interface
* Improved ConfigAttributeEditor so it trims spaces
* Refactored UsernamePasswordAuthenticationToken.getDetails() to Object
* Fixed MethodDefinitionAttributes to implement ObjectDefinitionSource
* Fixed EH-CACHE-based caching implementation behaviour if cache exists
* Fixed Ant “release” target not including project.properties
* Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided
* Documentation improvements

As per the Apache APR project versioning guidelines (URL above), this is
a patch release. Existing users of release 0.6 should be able to upgrade
by simply replacing the JAR(s) and testing.