I apologize if I misunderstood your question. This book covers the Spring Security project, which is part of the Spring portfolio, and supplies security for both web-based and non-web-based applications. Although Spring Security uses some aspects of Spring Framework behind the scenes, it isn't mandatory that you use Spring Framework for the web application (although we do this in the book, because it's quite common to combine the two). You are correct in a sense that the core Spring Framework (or Spring Web MVC) does not provide inherent security - the design intention was that this role was fulfilled by the Spring Security product.
Hope this answers your question!
Author, Spring Security 3 (the Book), Packt Publishing, 2010