Maybe it's basic, but still, sometimes some suboptimal usage of logger can be seen. There also is/was a notion that Java applications tend to overuse logging. That may or not be true, but using the logger properly should have minimal performance implications on the application. This one is to give you few recommendations for logging things in Java, based on my experience. Feel free to disagree in comments.
Articles of December 2014
Update 12/2017: It will need an update/rewrite since Spring Security 5 is coming.
Spring Security had some opinions of being complicated to use. Well, of course it's quite complicated when you look at it, as its scope covers a lot of use-cases. Thing is that, truly in a Spring spirit, you don't have to use every feature there is at once for the use-case you are having. In fact, when you start cherry-picking and back it with Spring Boot, it doesn't appear so complicated anymore.