Original article: http://acegisecurity.org/faq.html
Acegi security is an open source project that provides comprehensive authentication and authorisation services for enterprise applications based on the Spring framework. acegi security can authenticate using a variety of pluggable providers, and can authorise both Web requests and method invocations. acegi Security provides an integrated security approach authentication SS these various targets, and also offers access control list (ACL) capabilities to enable individual domain object instances to be secured. at an implementation level, acegi security is managed through spring's Inversion of control and lifecycle services, and actually enforces security using interception through servlet filters and Java AOP frameworks. in terms of AOP framework support, acegi security currently supports AOP Alliance (which is what the Spring IoC container uses internally) and aspectj, although additional frameworks can be easily supported.