This week's book giveaway is in the Java in General forum. We're giving away four copies of Think Java: How to Think Like a Computer Scientist and have Allen B. Downey & Chris Mayfield on-line! See this thread for details.
I have been asked to look in to the Authentication & Authorization of a website. This website is developed on Spring framework and current security issues are handled by spring's security module. Current state of security has to many special cases that are making it vulnerable.
Now i have asked to look in to this and if possible; remove this security project away form main website project.
So can you please give me some pointer and ideas; that will be helpful in designing my project well and will be robust enough to impress the managers.