The Spring Security ACL package which implements instance-based security for domain objects.

Consider using the annotation based approach (@PreAuthorize, @PostFilter annotations) combined with a AclPermissionEvaluator in preference to the older and more verbose attribute/voter/after-invocation approach from versions before Spring Security 3.0.



Given a domain object instance passed as a method argument, ensures the principal has appropriate permission as indicated by the AclService

AclPermissionCacheOptimizer Batch loads ACLs for collections of objects to allow optimised filtering. 
AclPermissionEvaluator Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular object using the ACL module.