My team is building a new web application for internal corporate users. We are deciding between Java Security (as defined in the Servlet spec) or Spring Security. I tried googling for the pros/cons of each, and I read documentation from the Springsource website, but still I did not find enough to help me reach a decision.
So far the only benefit for Spring Security is that it is not tied to the container. Are there any other benefits? What are the benefits of sticking with J2EE security as implemented by the container?