Spring security is distributed as osgi ready but unfortunately it contains split packages which could cause problems in OSGI environments.
Examples of split packages can be found in spring-security-acl and spring-security-core:
For more info on split packages see:
Last link provides Chris Aniszczyk article explaining how eclipse does it.
I suggest complete removal of split packages in next major release.