...
For a list of some other alternatives, one possible starting place is the list of notable security frameworks on The Open Web Application Security Project (OWASP)'s Java Security Table of Contents page. (Note that some of those frameworks may be integral components of web application frameworks, tightly bound to various containers, or have other, similar dependencies, and might not be useful in our context.)
...