A secure object is a term frequently used throughout the security system. It does not refer to a business object that is being secured, but instead refers to some infrastructure object that can have security facilities provided for it by the Acegi Security System for Spring. For example, one secure object would be MethodInvocation, whilst another would be HTTP FilterInvocation . Note these are infrastructure objects and their design allows them to represent a large variety of actual resources that might need to be secured, such as business objects or HTTP request URLs.

Each secure object typically has its own org.acegisecurity.intercept package. Each package usually includes a concrete security interceptor (which subclasses AbstractSecurityInterceptor , an appropriate ObjectDefinitionSource for the type of resources the secure object represents, and a property editor to populate the ObjectDefinitionSource.

It is simple to create new secure object types, given the AbstractSecurityInterceptor provides the majority of the logic and other specialised packages provide the authentication, authorization, run-as replacement management and ContextHolder population.