My Spring Security 3 Refcard is out. It covers expression-based authorization in Spring Security 3.
There is also a supporting interview about the Refcard. The interview goes into more depth about some security principles like whitelisting and data-driven security, and explains how to implement these ideas using Spring Security 3.
Thanks to Scott Battaglia, David Harp, Joe Koberstein, Peter Mularien, Peter Veentjer and John Wheeler for their helpful suggestions and also for catching typos.
