This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.
No announcement yet.
Acegi users or security accreditationPage Title Module
Acegi Security is used in a wide variety of applications by a range of companies, including some very large ones. However, understandably many consultants working on those projects aren't able to disclose the companies they work for. I receive emails from peope privately and as such I know it is being used in some interesting places.
Acegi Security has not been subject to any security evaluations AFAIK, but the sheer volume of people using it would suggest issues have a greater chance of being found + fixed than writing home-grown security code (which unfortunately is still the way most people deal with security in enterprise apps if the Servlet Spec proves insufficient).
I can certainly understand why developers might not want to disclose the fact that they're using Acegi Security in their projects. I suspect the same would be true with us too.
While reviewing the security infrastructure for our project which is currently a JAAS-based network of code I threw out the idea of using Acegi Security since we're already using Spring. During those discussions management wanted to know what Acegi Security's usage or accreditations it may have. On that note, I don't think JAAS has any security accreditations either so this may be a moot point of comparison.
But, if anyone would be willing to share how they're using Acegi Security and on what projects privately it would be very helpful.