Spring Framework, Spring Security - possible to use Spring Security without Spring Framework?

Ive been working now with the Spring Framework 3.0.5 and Spring Security 3.0.5 for several time. I know that Spring Framework uses DI and AOP. I also know that Spring Security uses DI, for example when writing custom handlers or filters. Im not sure whether Spring Security also uses AOP - so my first question is: does it?

Well, Id also like to know how Spring Security can be used for non-spring-based applications. Its written in their documentation that this is possible. Well, I wonder how - it seems like it uses DI, so how should it work in a simple 开发者_开发技巧java web application? I guess at least a web container which supports dependency injection is needed, correct? (Which one could that be?)

Thank you for answering :-)

[EDIT] documentation says:

"documentation says: "Spring Security provides comprehensive security services for J2EE-based enterprise software applications. There is a particular emphasis on supporting projects built using The Spring Framework, which is the leading J2EE solution for enterprise software development. If you're not using Spring for developing enterprise applications, we warmly encourage you to take a closer look at it. Some familiarity with Spring - and in particular dependency injection principles - will help you get up to speed with Spring Security more easily.""

j2ee-based enterprise software applications......... emphasis on supporting projects using spring framework...... well this means it should be possible to work with it without Spring Framework itself! ?

AND:

Even though we use Spring to configure Spring Seurity, your application doesn't have to be Spring-based. Many people use Spring Security with web frameworks such as Struts, for example.

This is from the spring security homepage. well....

Does it use AOP ?

Yes spring-security uses AOP for its method security (you'd have to search the page to find it).

Can you use spring-security without spring ?

Generally no.

As you need to define spring beans for several spring-security elements.

But! You can use Acegi security without spring as far as I know. Which should give you close to the same functionality.

Can you secure a non-J2EE application

Definitely.

Anything that can run in a servlet container can be secured with spring-security. You just need Spring's IoC/DI.

This answer can help you on the minimal spring-security dependencies.