Learning about authentication

So now I have my Hibernate EntityManager working and a simple User entity that works. Jersey also seems to be working. The next step was thinking about user authentication. I've rolled my own user authentication earlier with PHP where I just had a simple salt and stored the password's hash, then when a user logs in his/her authorization-related details are stored in the session data. I could probably have translated this to Java but decided to look at some standard ways of doing it instead. So I did some internet detective work. The java EE-book I had been using mentioned Wicket's WASP (or maybe it was SWARM) system for authenticating users. WASP/SWARM also seemed to rely on acegi security so I googled for that and found out that it's now part of the Spring Framework as Spring Security. Then I watched a very nice introductory presentation video about Spring Security. It seems both easy to use and seems to be very flexible so I think I'm gonna go with Spring Security.