For the most part, the classic AIA and WSA do not have security built into them, and require manual configuration of the web application's descriptor file (web.xml) in order to use the servlet container's security features. In PAS for OpenEdge, the security for the APSV (formerly AIA) and SOAP services was taken over by the Spring Security framework. All security that has previously been implemented for the AIA and WSA can be migrated to the Spring Security's container security.

Classic REST and Data Object web applications already include Spring Security as their primary security framework. This continues in PAS for OpenEdge's ABL web applications. The template files for Spring Security have changed, which requires you to manually port the classic REST and Data Object web application configuration into the configuration files of ABL web applications.

For more information on ABL web application support for Spring Security, see the topics on security in Manage Progress Application Server (PAS) for OpenEdge such as Enable ABL application authentication.