If your application needs instance based access control there is not a big variety of solutions out there. Here are some helpful links I found while searching on the internet listed in no particular order.
- Apache Shiro
- SAF – Security Annotation Framework (Targeted at Spring applications)
- Security Features of JBoss AS 5.1.0
- ACL Security in Seam
- Spring Security
- Fine-grained Java EE authorization using Enum-based access control lists with EAz
- Java Package java.security.acl (out-dated)