Security Framework like seam for Java EE - JSP, Servlet, DAO

What are some good robust security frameworks for a Java EE application?

We are currently using a custom EJB solution that is lacking the authorization, permissions, rules aspect of a secure web application.

Ideally I would like to use Seam due开发者_C百科 to the features (we are using JBoss 5) however my first impression is that it does not integrate with jsp pages.

I was wondering if anyone had any suggestions for an alternative for Seam or any insight on how to create a custom framework utilizing other APIs.

Thank you in advance for your help.

I just love Spring Security, but just to let you know about one more option, there is apache shiro

I would recommend Spring-Security

I haven't used Seam, but you can use JAAS with EJBs. Have a look at the tutorial:

http://download.oracle.com/javaee/6/tutorial/doc/bnbyk.html

http://download.oracle.com/javaee/6/tutorial/doc/gijrp.html