For the most part, the classic AIA and WSA do not have security built into them and require manual configuration of the Web application's descriptor (web.xml) in order to use the servlet container's security features. In PAS for OpenEdge, the security for the APSV (formerly AIA) and SOAP services has been taken over by the Spring Security framework. All security that has previously been implemented for the AIA and WSA can be migrated to the Spring Security's container security.

Classic REST and Data Object Web applications already include Spring Security as their primary security framework. This continues in PAS for OpenEdge's OE ABL Web applications. The template files for Spring Security have changed, which requires manually porting the classic REST and Data Object Web application configuration into the configuration files of OE ABL Web applications.

For more information on OE ABL Web application support for Spring Security, see the sections on security in the Progress Application Server for OpenEdge: Administration Guide.