There has been alot of heat surrounding Spring vs. JEE6, migrating from Spring to JEE6, and "The Death of Frameworks", etc. There have been several posts related to migration, yet no-one seems to be addressing security as an aspect of this migration. JEE6 has made tremendous strides, yet in comparison JAAS still seems to be stuck in the dark ages.
Since Spring Security has primarily gained traction due to the cumbersome and restrictive nature of JAAS, what do developers have in mind to secure their JEE6 applications?
My current solution is to use a combination of Spring Security and Spring AOP. The combination of JEE6 and Spring Security (which requires a Spring Context), seems like a dirty mashup, but it works. In essence, calls to EJBs are secured as necessary via annotations and the Security Aspect, using Spring Security as the underlying authentication/authorization mechanism.
So given all the migration hype, what do you have in mind for securing JEE6 apps? Are you finally going to migrate from Spring Security to JAAS? Other alternatives?