Every enterprise application requires security in one form or another. The problem domain of the application, its intended user base, and importance to the core business are all major influences on the type of security required. For example, there is a major difference in the security requirements of an Internet banking application from those of an internal telephone directory application. This wide range of security requirements between applications has proven a major challenge in the development of generic security frameworks. In this chapter we will explore the major options available for securing Spring-based applications and examine the recommended security framework, Acegi Security System for Spring.