Application Security
Need:
We need a better security framework. This problem is already solved with an open source package called Spring Security (formerly Acegi). We should integrate this in to provide better authentication, object-level security, SSO & CAS, and so forth.