Spring Python Security—as demonstrated throughout this chapter—is extremely flexible, highly extensible, and non-invasive. However, there is a cost. Everything must be configured by hand (and also configured correctly).

This was one of the major criticisms levied against Acegi Security. Since then, Acegi Security (now branded as Spring Security) has made several updated releases, reducing the amount of manual configuration required. They now provide short-cuts to many industry standard security options, while still allowing us to add customization options, making it much easier to wire up the security framework for our needs.

As Spring Python Security develops, it will be making similar changes while also increasing the protocols it supports. Until then, it is good practice to use as much automated testing as possible to make sure the configuration is performing as expected. And for issues and documentation, be sure to make use of: