Getting the Source
It is much easier to debug your application or to work out where a problem lies if you don't treat the external code you are working with as a black box which you never look inside. The first thing you should do when an exception you don't understand is thrown from an open source library is jump to the class and line number and take a look to figure out what the code was doing there. Otherwise you're missing out on much of the benefit of using open source code.
With this in mind, we'd always recommend that if you are working with Spring Security (or any other open source code, for that matter) that you have the source available in your IDE as you work. Often the easiest way to do this is to use the source jars which are uploaded to the Maven central repository, but you can also check out the source directly from the Spring Framework subversion server. This is convenient if you want to build the project yourself, build and run the samples and so on.
Spring Security now uses git for version control and is hosted on Github. From the command line, you can use the command
git clone git://github.com/SpringSource/spring-security.gitTo obtain a copy of the source repository.