posted 13 years ago
Hello Joe,
Glad to hear the feedback, and thanks for the great question!
In general I think it's important to design the application with an understanding of the concepts behind the security infrastructure, even if you don't incorporate security up front, especially for applications that are going to use complex techniques such as method-level security or ACLs. We do cover some techniques for planning authorization at the page level using Visio or other diagramming tools as well. It's quite common for applications to add Spring Security to either augment existing, unsecured applications, or to replace homebrew security infrastructure.
Hope that answers your question!
Peter
Author, Spring Security 3 (the Book), Packt Publishing, 2010
SCJP, OCP