I have been asked to look in to the Authentication & Authorization of a website. This website is developed on Spring framework and current security issues are handled by spring's security module. Current state of security has to many special cases that are making it vulnerable.
Now i have asked to look in to this and if possible; remove this security project away form main website project.
So can you please give me some pointer and ideas; that will be helpful in designing my project well and will be robust enough to impress the managers.