Hi all,

Our company is currently developing a large scale enterprise web application with the spring framework. I am currently evaluating the suitability of using acegi security for our authentication/authorizations needs vs a in-house developed custom authentication/authorizations module (see ps below).

So far I have not found very compelling reasons to use acegi security but I wanted to tap the experiences of developers on this forum on whether :

1) if you used in-house developed custom authentication/authorization module or acegi security for your web application?

2) If you used in-house developed custom module what was the reason? Were you happy with the outcome?

3) If you used acegi, what was the reason ? Were you happy with the outcome?

All your opinions will be greatly appreciated.

Thank you very much.

Harry

ps. Our in house authentication/authorization is designed as follows:
Authentication: implemented in our own base controller class which all our controller extends.
Authorizations: implemented in our separate controllers reading access control list in the database.