Jon Osborn(Migrated from SEC-938) said:
All of the ACL classes in spring-security are deprecated in favor of spring-security-acl. The taglib, however, still uses spring-security deprecated classes. Either A) add a new tag that uses spring-security-acl (best for compatability) or B) refactor existing tag to use spring-security-acl or C) write a spring-security-acl-taglib artifact (my vote here).
Luke Taylor said:
A) Is already supported through the accesscontrollist tag. Check the contacts sample application (from 2.0.4. The trunk version will use the model to store the permission information in preference to taglibs).