As you know, Spring Security (previously Acegi) provides an easy and robust solution to secure web applications. Thereby, web developers do not have to deal with all that stuff in their source code, but just have to configure Spring Security to enable authentication and authorization for their application.
As it works pretty good with 'conventional' application, things go less cool with applications like GWT ones. This is mainly due to the asynchronous calls.
