Removing $Id$ markers and stripping trailing whitespace from the codebase.

acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java

@@ -80,7 +80,6 @@ import org.springframework.util.StringUtils;
  *  <p>All comparisons and prefixes are case sensitive.</p>
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class AclEntryVoter extends AbstractAclVoter {
     //~ Static fields/initializers =====================================================================================

acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java

@@ -28,7 +28,6 @@ import org.springframework.security.core.Authentication;
  * {@link org.springframework.security.acls.AclEntryVoter AclEntryVoter}.
  *
  * @author Luke Taylor
- * @version $Id$
  * @since 3.0
  */
 public class AclPermissionEvaluator implements PermissionEvaluator {

acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java

@@ -39,7 +39,6 @@ import org.springframework.util.Assert;
  * Abstract {@link AfterInvocationProvider} which provides commonly-used ACL-related services.
  *
  * @author Ben Alex
- * @version $Id$
   */
 public abstract class AbstractAclProvider implements AfterInvocationProvider {
     //~ Instance fields ================================================================================================

acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java

@@ -57,7 +57,6 @@ import org.springframework.security.core.Authentication;
  *
  * @author Ben Alex
  * @author Paulo Neves
- * @version $Id$
  */
 public class AclEntryAfterInvocationCollectionFilteringProvider extends AbstractAclProvider {
     //~ Static fields/initializers =====================================================================================

acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java

@@ -30,7 +30,6 @@ import org.apache.commons.logging.LogFactory;
  *
  * @author Ben Alex
  * @author Paulo Neves
- * @version $Id$
  */
 class ArrayFilterer<T> implements Filterer<T> {
     //~ Static fields/initializers =====================================================================================

acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java

@@ -29,7 +29,6 @@ import java.util.Set;
  *
  * @author Ben Alex
  * @author Paulo Neves
- * @version $Id$
  */
 class CollectionFilterer<T> implements Filterer<T> {
     //~ Static fields/initializers =====================================================================================

acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java

@@ -23,7 +23,6 @@ import java.util.Iterator;
  *
  * @author Ben Alex
  * @author Paulo Neves
- * @version $Id$
  */
 interface Filterer<T> extends Iterable<T> {
     //~ Methods ========================================================================================================

acl/src/main/java/org/springframework/security/acls/domain/AccessControlEntryImpl.java

@@ -29,7 +29,6 @@ import java.io.Serializable;
  * An immutable default implementation of <code>AccessControlEntry</code>.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class AccessControlEntryImpl implements AccessControlEntry, AuditableAccessControlEntry {
     //~ Instance fields ================================================================================================
@@ -77,7 +76,7 @@ public class AccessControlEntryImpl implements AccessControlEntry, AuditableAcce
             if (rhs.getAcl() == null) {
                 return false;
             }
-            
+
             // Both this.acl and rhs.acl are non-null, so do a comparison
             if (this.acl.getObjectIdentity() == null) {
                 if (rhs.acl.getObjectIdentity() != null) {
@@ -91,7 +90,7 @@ public class AccessControlEntryImpl implements AccessControlEntry, AuditableAcce
                 }
             }
         }
-        
+
         if (this.id == null) {
             if (rhs.id != null) {
                 return false;
@@ -108,7 +107,7 @@ public class AccessControlEntryImpl implements AccessControlEntry, AuditableAcce
                 return false;
             }
         }
-        
+
         if ((this.auditFailure != rhs.isAuditFailure()) || (this.auditSuccess != rhs.isAuditSuccess())
             || (this.granting != rhs.isGranting())
             || !this.permission.equals(rhs.getPermission()) || !this.sid.equals(rhs.getSid())) {

acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategy.java

@@ -23,7 +23,6 @@ import org.springframework.security.acls.model.Acl;
  * adminstrative methods on the <code>AclImpl</code>.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public interface AclAuthorizationStrategy {
     //~ Static fields/initializers =====================================================================================

acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java

@@ -37,7 +37,6 @@ import org.springframework.util.Assert;
  * {@link GrantedAuthority} and injected into the constructor.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
     //~ Instance fields ================================================================================================

acl/src/main/java/org/springframework/security/acls/domain/AclFormattingUtils.java

@@ -22,7 +22,6 @@ import org.springframework.util.Assert;
  * Utility methods for displaying ACL information.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public abstract class AclFormattingUtils {
 

acl/src/main/java/org/springframework/security/acls/domain/AclImpl.java

@@ -35,7 +35,6 @@ import org.springframework.util.Assert;
  * Base implementation of <code>Acl</code>.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
     //~ Instance fields ================================================================================================

acl/src/main/java/org/springframework/security/acls/domain/AuditLogger.java

@@ -21,7 +21,6 @@ import org.springframework.security.acls.model.AccessControlEntry;
  * Used by <code>AclImpl</code> to log audit events.
  *
  * @author Ben Alex
- * @version $Id$
  *
  */
 public interface AuditLogger {

acl/src/main/java/org/springframework/security/acls/domain/BasePermission.java

@@ -26,7 +26,6 @@ import org.springframework.security.acls.model.Permission;
  * </p>
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class BasePermission extends AbstractPermission {
     public static final Permission READ = new BasePermission(1 << 0, 'R'); // 1

acl/src/main/java/org/springframework/security/acls/domain/ConsoleAuditLogger.java

@@ -24,7 +24,6 @@ import org.springframework.util.Assert;
  * A basic implementation of {@link AuditLogger}.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class ConsoleAuditLogger implements AuditLogger {
     //~ Methods ========================================================================================================

acl/src/main/java/org/springframework/security/acls/domain/CumulativePermission.java

@@ -19,11 +19,10 @@ import org.springframework.security.acls.model.Permission;
 
 /**
  * Represents a <code>Permission</code> that is constructed at runtime from other permissions.
- * 
+ *
  * <p>Methods return <code>this</code>, in order to facilitate method chaining.</p>
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class CumulativePermission extends AbstractPermission {
 
@@ -32,7 +31,7 @@ public class CumulativePermission extends AbstractPermission {
     public CumulativePermission() {
         super(0, ' ');
     }
-    
+
     public CumulativePermission clear(Permission permission) {
         this.mask &= ~permission.getMask();
         this.pattern = AclFormattingUtils.demergePatterns(this.pattern, permission.getPattern());
@@ -46,14 +45,14 @@ public class CumulativePermission extends AbstractPermission {
 
         return this;
     }
-    
+
     public CumulativePermission set(Permission permission) {
         this.mask |= permission.getMask();
         this.pattern = AclFormattingUtils.mergePatterns(this.pattern, permission.getPattern());
 
         return this;
     }
-    
+
     public String getPattern() {
         return this.pattern;
     }

acl/src/main/java/org/springframework/security/acls/domain/EhCacheBasedAclCache.java

@@ -36,7 +36,6 @@ import org.springframework.util.Assert;
  * </p>
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class EhCacheBasedAclCache implements AclCache {
     //~ Instance fields ================================================================================================

acl/src/main/java/org/springframework/security/acls/domain/GrantedAuthoritySid.java

@@ -26,7 +26,6 @@ import org.springframework.util.Assert;
  * wish to provide an alternative <code>Sid</code> implementation that uses some other identifier.</p>
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class GrantedAuthoritySid implements Sid {
     //~ Instance fields ================================================================================================

acl/src/main/java/org/springframework/security/acls/domain/IdentityUnavailableException.java

@@ -18,7 +18,6 @@ package org.springframework.security.acls.domain;
  * Thrown if an ACL identity could not be extracted from an object.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class IdentityUnavailableException extends RuntimeException {
     //~ Constructors ===================================================================================================

acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityImpl.java

@@ -29,7 +29,6 @@ import org.springframework.util.ClassUtils;
  * reflection to build the identity information.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class ObjectIdentityImpl implements ObjectIdentity {
     //~ Instance fields ================================================================================================

acl/src/main/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImpl.java

@@ -26,7 +26,6 @@ import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
  * that uses the constructors of {@link ObjectIdentityImpl} to create the {@link ObjectIdentity}.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class ObjectIdentityRetrievalStrategyImpl implements ObjectIdentityRetrievalStrategy, ObjectIdentityGenerator {
     //~ Methods ========================================================================================================

acl/src/main/java/org/springframework/security/acls/domain/PrincipalSid.java

@@ -28,7 +28,6 @@ import org.springframework.util.Assert;
  * objects may wish to provide an alternative <code>Sid</code> implementation that uses some other identifier.</p>
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class PrincipalSid implements Sid {
     //~ Instance fields ================================================================================================

acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java

@@ -35,7 +35,6 @@ import org.springframework.util.Assert;
  * The returned array will always contain the {@link PrincipalSid} before any {@link GrantedAuthoritySid} elements.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class SidRetrievalStrategyImpl implements SidRetrievalStrategy {
 

acl/src/main/java/org/springframework/security/acls/domain/package.html

@@ -1,5 +1,5 @@
-<html>
-<body>
-Basic implementation of access control lists (ACLs) interfaces.
-</body>
-</html>
+<html>
+<body>
+Basic implementation of access control lists (ACLs) interfaces.
+</body>
+</html>

acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java

@@ -72,7 +72,6 @@ import org.springframework.util.Assert;
  * generated by the the default values.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public final class BasicLookupStrategy implements LookupStrategy {
 

acl/src/main/java/org/springframework/security/acls/jdbc/JdbcAclService.java

@@ -43,7 +43,6 @@ import org.springframework.util.Assert;
  * detect changed parameters easily.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class JdbcAclService implements AclService {
     //~ Static fields/initializers =====================================================================================

acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java

@@ -56,7 +56,6 @@ import org.springframework.util.Assert;
  *
  * @author Ben Alex
  * @author Johannes Zlattinger
- * @version $Id$
  */
 public class JdbcMutableAclService extends JdbcAclService implements MutableAclService {
     //~ Instance fields ================================================================================================

acl/src/main/java/org/springframework/security/acls/jdbc/LookupStrategy.java

@@ -27,7 +27,6 @@ import java.util.Map;
  * Performs lookups for {@link org.springframework.security.acls.model.AclService}.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public interface LookupStrategy {
     //~ Methods ========================================================================================================

acl/src/main/java/org/springframework/security/acls/jdbc/package.html

@@ -1,5 +1,5 @@
-<html>
-<body>
-JDBC-based persistence of ACL information.
-</body>
-</html>
+<html>
+<body>
+JDBC-based persistence of ACL information.
+</body>
+</html>

acl/src/main/java/org/springframework/security/acls/model/AccessControlEntry.java

@@ -27,7 +27,6 @@ import java.io.Serializable;
  * </p>
  *
  * @author Ben Alex
- * @version $Id$
  *
  */
 public interface AccessControlEntry extends Serializable {

acl/src/main/java/org/springframework/security/acls/model/Acl.java

@@ -31,7 +31,7 @@ import java.util.List;
  * </p>
  *
  * <p>
- * Implementing classes may elect to return instances that represent 
+ * Implementing classes may elect to return instances that represent
  * {@link org.springframework.security.acls.model.Permission} information for either
  * some OR all {@link org.springframework.security.acls.model.Sid}
  * instances. Therefore, an instance may NOT necessarily contain ALL <tt>Sid</tt>s
@@ -39,23 +39,22 @@ import java.util.List;
  * </p>
  *
  * @author Ben Alex
- * @version $Id$
  */
 public interface Acl extends Serializable {
 
     /**
      * Returns all of the entries represented by the present <tt>Acl</tt>. Entries associated with
      * the <tt>Acl</tt> parents are not returned.
-     * 
+     *
      * <p>This method is typically used for administrative purposes.</p>
-     * 
+     *
      * <p>The order that entries appear in the array is important for methods declared in the
      * {@link MutableAcl} interface. Furthermore, some implementations MAY use ordering as
      * part of advanced permission checking.</p>
-     * 
+     *
      * <p>Do <em>NOT</em> use this method for making authorization decisions. Instead use {@link
      * #isGranted(List, List, boolean)}.</p>
-     * 
+     *
      * <p>This method must operate correctly even if the <tt>Acl</tt> only represents a subset of
      * <tt>Sid</tt>s. The caller is responsible for correctly handling the result if only a subset of
      * <tt>Sid</tt>s is represented.</p>
@@ -84,11 +83,11 @@ public interface Acl extends Serializable {
     /**
      * A domain object may have a parent for the purpose of ACL inheritance. If there is a parent, its ACL can
      * be accessed via this method. In turn, the parent's parent (grandparent) can be accessed and so on.
-     * 
+     *
      * <p>This method solely represents the presence of a navigation hierarchy between the parent <tt>Acl</tt> and this
      * <tt>Acl</tt>. For actual inheritance to take place, the {@link #isEntriesInheriting()} must also be
      * <tt>true</tt>.</p>
-     * 
+     *
      * <p>This method must operate correctly even if the <tt>Acl</tt> only represents a subset of
      * <tt>Sid</tt>s. The caller is responsible for correctly handling the result if only a subset of
      * <tt>Sid</tt>s is represented.</p>
@@ -111,13 +110,13 @@ public interface Acl extends Serializable {
     /**
      * This is the actual authorization logic method, and must be used whenever ACL authorization decisions are
      * required.
-     * 
+     *
      * <p>An array of <tt>Sid</tt>s are presented, representing security identifies of the current
      * principal. In addition, an array of <tt>Permission</tt>s is presented which will have one or more bits set
      * in order to indicate the permissions needed for an affirmative authorization decision. An array is presented
      * because holding <em>any</em> of the <tt>Permission</tt>s inside the array will be sufficient for an
      * affirmative authorization.</p>
-     * 
+     *
      * <p>The actual approach used to make authorization decisions is left to the implementation and is not
      * specified by this interface. For example, an implementation <em>MAY</em> search the current ACL in the order
      * the ACL entries have been stored. If a single entry is found that has the same active bits as are shown in a
@@ -127,9 +126,9 @@ public interface Acl extends Serializable {
      * ACL, provided that {@link #isEntriesInheriting()} is <tt>true</tt>, the authorization decision may be
      * passed to the parent ACL. If there is no matching entry, the implementation MAY throw an exception, or make a
      * predefined authorization decision.</p>
-     * 
+     *
      * <p>This method must operate correctly even if the <tt>Acl</tt> only represents a subset of <tt>Sid</tt>s,
-     * although the implementation is permitted to throw one of the signature-defined exceptions if the method 
+     * although the implementation is permitted to throw one of the signature-defined exceptions if the method
      * is called requesting an authorization decision for a {@link Sid} that was never loaded in this <tt>Acl</tt>.
      * </p>
      *

acl/src/main/java/org/springframework/security/acls/model/AclCache.java

@@ -23,7 +23,6 @@ import java.io.Serializable;
  * A caching layer for {@link JdbcAclService}.
  *
  * @author Ben Alex
- * @version $Id$
  *
  */
 public interface AclCache {

acl/src/main/java/org/springframework/security/acls/model/AclDataAccessException.java

@@ -4,7 +4,6 @@ package org.springframework.security.acls.model;
  * Abstract base class for Acl data operations.
  *
  * @author Luke Taylor
- * @version $Id$
  * @since 3.0
  */
 public abstract class AclDataAccessException extends RuntimeException {

acl/src/main/java/org/springframework/security/acls/model/AclService.java

@@ -23,7 +23,6 @@ import java.util.Map;
  * Provides retrieval of {@link Acl} instances.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public interface AclService {
     //~ Methods ========================================================================================================

acl/src/main/java/org/springframework/security/acls/model/AlreadyExistsException.java

@@ -19,7 +19,6 @@ package org.springframework.security.acls.model;
  * Thrown if an <code>Acl</code> entry already exists for the object.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class AlreadyExistsException extends AclDataAccessException {
     //~ Constructors ===================================================================================================

acl/src/main/java/org/springframework/security/acls/model/AuditableAccessControlEntry.java

@@ -19,7 +19,6 @@ package org.springframework.security.acls.model;
  * Represents an ACE that provides auditing information.
  *
  * @author Ben Alex
- * @version $Id$
  *
  */
 public interface AuditableAccessControlEntry extends AccessControlEntry {

acl/src/main/java/org/springframework/security/acls/model/AuditableAcl.java

@@ -19,7 +19,6 @@ package org.springframework.security.acls.model;
  * A mutable ACL that provides audit capabilities.
  *
  * @author Ben Alex
- * @version $Id$
  *
  */
 public interface AuditableAcl extends MutableAcl {

acl/src/main/java/org/springframework/security/acls/model/ChildrenExistException.java

@@ -19,7 +19,6 @@ package org.springframework.security.acls.model;
  * Thrown if an {@link Acl} cannot be deleted because children <code>Acl</code>s exist.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class ChildrenExistException extends AclDataAccessException {
     //~ Constructors ===================================================================================================

acl/src/main/java/org/springframework/security/acls/model/MutableAcl.java

@@ -25,7 +25,6 @@ import java.io.Serializable;
  * before allowing access to its methods.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public interface MutableAcl extends Acl {
     //~ Methods ========================================================================================================

acl/src/main/java/org/springframework/security/acls/model/MutableAclService.java

@@ -20,7 +20,6 @@ package org.springframework.security.acls.model;
  * Provides support for creating and storing <code>Acl</code> instances.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public interface MutableAclService extends AclService {
     //~ Methods ========================================================================================================

acl/src/main/java/org/springframework/security/acls/model/NotFoundException.java

@@ -19,7 +19,6 @@ package org.springframework.security.acls.model;
  * Thrown if an ACL-related object cannot be found.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class NotFoundException extends AclDataAccessException {
     //~ Constructors ===================================================================================================

acl/src/main/java/org/springframework/security/acls/model/ObjectIdentity.java

@@ -30,7 +30,6 @@ import java.io.Serializable;
  * </p>
  *
  * @author Ben Alex
- * @version $Id$
  */
 public interface ObjectIdentity extends Serializable {
     //~ Methods ========================================================================================================

acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityGenerator.java

@@ -11,7 +11,6 @@ import java.io.Serializable;
  * instance isn't available.
  *
  * @author Luke Taylor
- * @version $Id$
  * @since 3.0
  */
 public interface ObjectIdentityGenerator {

acl/src/main/java/org/springframework/security/acls/model/ObjectIdentityRetrievalStrategy.java

@@ -21,7 +21,6 @@ package org.springframework.security.acls.model;
  * will be returned for a particular domain object
  *
  * @author Ben Alex
- * @version $Id$
  *
  */
 public interface ObjectIdentityRetrievalStrategy {

acl/src/main/java/org/springframework/security/acls/model/OwnershipAcl.java

@@ -24,7 +24,6 @@ package org.springframework.security.acls.model;
  * well as assign a new owner.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public interface OwnershipAcl extends MutableAcl {
     //~ Methods ========================================================================================================

acl/src/main/java/org/springframework/security/acls/model/Permission.java

@@ -20,7 +20,6 @@ import java.io.Serializable;
  * Represents a permission granted to a <tt>Sid</tt> for a given domain object.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public interface Permission extends Serializable {
     //~ Static fields/initializers =====================================================================================

acl/src/main/java/org/springframework/security/acls/model/Sid.java

@@ -29,7 +29,6 @@ import java.io.Serializable;
  * </p>
  *
  * @author Ben Alex
- * @version $Id$
  */
 public interface Sid extends Serializable {
     //~ Methods ========================================================================================================

acl/src/main/java/org/springframework/security/acls/model/SidRetrievalStrategy.java

@@ -25,7 +25,6 @@ import org.springframework.security.core.Authentication;
  * for an {@link Authentication}.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public interface SidRetrievalStrategy {
     //~ Methods ========================================================================================================

acl/src/main/java/org/springframework/security/acls/model/UnloadedSidException.java

@@ -20,7 +20,6 @@ package org.springframework.security.acls.model;
  * the caller has requested details for an unloaded <code>Sid</code>.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class UnloadedSidException extends AclDataAccessException {
     //~ Constructors ===================================================================================================

acl/src/main/java/org/springframework/security/acls/model/package.html

@@ -1,5 +1,5 @@
-<html>
-<body>
-Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.
-</body>
-</html>
+<html>
+<body>
+Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.
+</body>
+</html>

acl/src/main/resources/createAclSchema.sql

@@ -1,46 +1,46 @@
--- ACL schema sql used in HSQLDB
-
--- drop table acl_entry;
--- drop table acl_object_identity;
--- drop table acl_class;
--- drop table acl_sid;
-
-
-create table acl_sid(
-    id bigint generated by default as identity(start with 100) not null primary key,
-    principal boolean not null,
-    sid varchar_ignorecase(100) not null,
-    constraint unique_uk_1 unique(sid,principal));
-
-create table acl_class(
-    id bigint generated by default as identity(start with 100) not null primary key,
-    class varchar_ignorecase(100) not null,
-    constraint unique_uk_2 unique(class)
-);
-
-create table acl_object_identity(
-    id bigint generated by default as identity(start with 100) not null primary key,
-    object_id_class bigint not null,
-    object_id_identity bigint not null,
-    parent_object bigint,
-    owner_sid bigint,
-    entries_inheriting boolean not null,
-    constraint unique_uk_3 unique(object_id_class,object_id_identity),
-    constraint foreign_fk_1 foreign key(parent_object)references acl_object_identity(id),
-    constraint foreign_fk_2 foreign key(object_id_class)references acl_class(id),
-    constraint foreign_fk_3 foreign key(owner_sid)references acl_sid(id)
-);
-
-create table acl_entry(
-    id bigint generated by default as identity(start with 100) not null primary key,
-    acl_object_identity bigint not null,
-    ace_order int not null,
-    sid bigint not null,
-    mask integer not null,
-    granting boolean not null,
-    audit_success boolean not null,
-    audit_failure boolean not null,
-    constraint unique_uk_4 unique(acl_object_identity,ace_order),
-    constraint foreign_fk_4 foreign key(acl_object_identity) references acl_object_identity(id),
-    constraint foreign_fk_5 foreign key(sid) references acl_sid(id)
-);
+-- ACL schema sql used in HSQLDB
+
+-- drop table acl_entry;
+-- drop table acl_object_identity;
+-- drop table acl_class;
+-- drop table acl_sid;
+
+
+create table acl_sid(
+    id bigint generated by default as identity(start with 100) not null primary key,
+    principal boolean not null,
+    sid varchar_ignorecase(100) not null,
+    constraint unique_uk_1 unique(sid,principal));
+
+create table acl_class(
+    id bigint generated by default as identity(start with 100) not null primary key,
+    class varchar_ignorecase(100) not null,
+    constraint unique_uk_2 unique(class)
+);
+
+create table acl_object_identity(
+    id bigint generated by default as identity(start with 100) not null primary key,
+    object_id_class bigint not null,
+    object_id_identity bigint not null,
+    parent_object bigint,
+    owner_sid bigint,
+    entries_inheriting boolean not null,
+    constraint unique_uk_3 unique(object_id_class,object_id_identity),
+    constraint foreign_fk_1 foreign key(parent_object)references acl_object_identity(id),
+    constraint foreign_fk_2 foreign key(object_id_class)references acl_class(id),
+    constraint foreign_fk_3 foreign key(owner_sid)references acl_sid(id)
+);
+
+create table acl_entry(
+    id bigint generated by default as identity(start with 100) not null primary key,
+    acl_object_identity bigint not null,
+    ace_order int not null,
+    sid bigint not null,
+    mask integer not null,
+    granting boolean not null,
+    audit_success boolean not null,
+    audit_failure boolean not null,
+    constraint unique_uk_4 unique(acl_object_identity,ace_order),
+    constraint foreign_fk_4 foreign key(acl_object_identity) references acl_object_identity(id),
+    constraint foreign_fk_5 foreign key(sid) references acl_sid(id)
+);

acl/src/main/resources/createAclSchemaPostgres.sql

@@ -1,46 +1,46 @@
--- ACL Schema SQL for PostgreSQL
-
--- drop table acl_entry;
--- drop table acl_object_identity;
--- drop table acl_class;
--- drop table acl_sid;
-
-create table acl_sid(
-    id bigserial not null primary key,
-    principal boolean not null,
-    sid varchar(100) not null,
-    constraint unique_uk_1 unique(sid,principal)
-);
-
-create table acl_class(
-    id bigserial not null primary key,
-    class varchar(100) not null,
-    constraint unique_uk_2 unique(class)
-);
-
-create table acl_object_identity(
-    id bigserial primary key,
-    object_id_class bigint not null,
-    object_id_identity bigint not null,
-    parent_object bigint,
-    owner_sid bigint,
-    entries_inheriting boolean not null,
-    constraint unique_uk_3 unique(object_id_class,object_id_identity),
-    constraint foreign_fk_1 foreign key(parent_object)references acl_object_identity(id),
-    constraint foreign_fk_2 foreign key(object_id_class)references acl_class(id),
-    constraint foreign_fk_3 foreign key(owner_sid)references acl_sid(id)
-);
-
-create table acl_entry(
-    id bigserial primary key,
-    acl_object_identity bigint not null,
-    ace_order int not null,
-    sid bigint not null,
-    mask integer not null,
-    granting boolean not null,
-    audit_success boolean not null,
-    audit_failure boolean not null,
-    constraint unique_uk_4 unique(acl_object_identity,ace_order),
-    constraint foreign_fk_4 foreign key(acl_object_identity) references acl_object_identity(id),
-    constraint foreign_fk_5 foreign key(sid) references acl_sid(id)
-);
+-- ACL Schema SQL for PostgreSQL
+
+-- drop table acl_entry;
+-- drop table acl_object_identity;
+-- drop table acl_class;
+-- drop table acl_sid;
+
+create table acl_sid(
+    id bigserial not null primary key,
+    principal boolean not null,
+    sid varchar(100) not null,
+    constraint unique_uk_1 unique(sid,principal)
+);
+
+create table acl_class(
+    id bigserial not null primary key,
+    class varchar(100) not null,
+    constraint unique_uk_2 unique(class)
+);
+
+create table acl_object_identity(
+    id bigserial primary key,
+    object_id_class bigint not null,
+    object_id_identity bigint not null,
+    parent_object bigint,
+    owner_sid bigint,
+    entries_inheriting boolean not null,
+    constraint unique_uk_3 unique(object_id_class,object_id_identity),
+    constraint foreign_fk_1 foreign key(parent_object)references acl_object_identity(id),
+    constraint foreign_fk_2 foreign key(object_id_class)references acl_class(id),
+    constraint foreign_fk_3 foreign key(owner_sid)references acl_sid(id)
+);
+
+create table acl_entry(
+    id bigserial primary key,
+    acl_object_identity bigint not null,
+    ace_order int not null,
+    sid bigint not null,
+    mask integer not null,
+    granting boolean not null,
+    audit_success boolean not null,
+    audit_failure boolean not null,
+    constraint unique_uk_4 unique(acl_object_identity,ace_order),
+    constraint foreign_fk_4 foreign key(acl_object_identity) references acl_object_identity(id),
+    constraint foreign_fk_5 foreign key(sid) references acl_sid(id)
+);

acl/src/main/resources/select.sql

@@ -1,39 +1,39 @@
--- Not required. Just shows the sort of queries being sent to DB.
-
-
-select  acl_object_identity.object_id_identity,
-        acl_entry.ace_order,
-        acl_object_identity.id as acl_id,
-        acl_object_identity.parent_object,
-        acl_object_identity,
-        entries_inheriting,
-        acl_entry.id as ace_id,
-        acl_entry.mask,
-        acl_entry.granting,
-        acl_entry.audit_success,
-        acl_entry.audit_failure,
-        acl_sid.principal as ace_principal,
-        acl_sid.sid as ace_sid,
-        acli_sid.principal as acl_principal,
-        acli_sid.sid as acl_sid,
-        acl_class.class
-
-from    acl_object_identity,
-        acl_sid acli_sid,
-        acl_class
-
-left join acl_entry on acl_object_identity.id = acl_entry.acl_object_identity
-left join acl_sid on acl_entry.sid = acl_sid.id
-
-where
-    acli_sid.id = acl_object_identity.owner_sid
-
-and acl_class.id = acl_object_identity.object_id_class
-
-and (
-
-    (acl_object_identity.object_id_identity = 1 and acl_class.class = 'sample.contact.contact')
-or
-    (acl_object_identity.object_id_identity = 2000 and acl_class.class = 'sample.contact.contact')
-
-) order by acl_object_identity.object_id_identity asc, acl_entry.ace_order asc
+-- Not required. Just shows the sort of queries being sent to DB.
+
+
+select  acl_object_identity.object_id_identity,
+        acl_entry.ace_order,
+        acl_object_identity.id as acl_id,
+        acl_object_identity.parent_object,
+        acl_object_identity,
+        entries_inheriting,
+        acl_entry.id as ace_id,
+        acl_entry.mask,
+        acl_entry.granting,
+        acl_entry.audit_success,
+        acl_entry.audit_failure,
+        acl_sid.principal as ace_principal,
+        acl_sid.sid as ace_sid,
+        acli_sid.principal as acl_principal,
+        acli_sid.sid as acl_sid,
+        acl_class.class
+
+from    acl_object_identity,
+        acl_sid acli_sid,
+        acl_class
+
+left join acl_entry on acl_object_identity.id = acl_entry.acl_object_identity
+left join acl_sid on acl_entry.sid = acl_sid.id
+
+where
+    acli_sid.id = acl_object_identity.owner_sid
+
+and acl_class.id = acl_object_identity.object_id_class
+
+and (
+
+    (acl_object_identity.object_id_identity = 1 and acl_class.class = 'sample.contact.contact')
+or
+    (acl_object_identity.object_id_identity = 2000 and acl_class.class = 'sample.contact.contact')
+
+) order by acl_object_identity.object_id_identity asc, acl_entry.ace_order asc

acl/src/test/java/org/springframework/security/acls/AclFormattingUtilsTests.java

@@ -1,127 +1,127 @@
-package org.springframework.security.acls;
-
-import org.springframework.security.acls.domain.AclFormattingUtils;
-import org.springframework.security.acls.model.Permission;
-
-import junit.framework.Assert;
-import junit.framework.TestCase;
-
-/**
- * Tests for {@link AclFormattingUtils}.
- *
- * @author Andrei Stefan
- */
-public class AclFormattingUtilsTests extends TestCase {
-
-    //~ Methods ========================================================================================================
-    
-    public final void testDemergePatternsParametersConstraints() throws Exception {
-        try {
-            AclFormattingUtils.demergePatterns(null, "SOME STRING");
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            AclFormattingUtils.demergePatterns("SOME STRING", null);
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            AclFormattingUtils.demergePatterns("SOME STRING", "LONGER SOME STRING");
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            AclFormattingUtils.demergePatterns("SOME STRING", "SAME LENGTH");
-            Assert.assertTrue(true);
-        }
-        catch (IllegalArgumentException notExpected) {
-            Assert.fail("It shouldn't have thrown IllegalArgumentException");
-        }
-    }
-
-    public final void testDemergePatterns() throws Exception {
-        String original = "...........................A...R";
-        String removeBits = "...............................R";
-        Assert.assertEquals("...........................A....", AclFormattingUtils
-                .demergePatterns(original, removeBits));
-
-        Assert.assertEquals("ABCDEF", AclFormattingUtils.demergePatterns("ABCDEF", "......"));
-        Assert.assertEquals("......", AclFormattingUtils.demergePatterns("ABCDEF", "GHIJKL"));
-    }
-    
-    public final void testMergePatternsParametersConstraints() throws Exception {
-        try {
-            AclFormattingUtils.mergePatterns(null, "SOME STRING");
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            AclFormattingUtils.mergePatterns("SOME STRING", null);
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            AclFormattingUtils.mergePatterns("SOME STRING", "LONGER SOME STRING");
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            AclFormattingUtils.mergePatterns("SOME STRING", "SAME LENGTH");
-            Assert.assertTrue(true);
-        }
-        catch (IllegalArgumentException notExpected) {
-            Assert.fail("It shouldn't have thrown IllegalArgumentException");
-        }
-    }
-
-    public final void testMergePatterns() throws Exception {
-        String original = "...............................R";
-        String extraBits = "...........................A....";
-        Assert.assertEquals("...........................A...R", AclFormattingUtils
-                .mergePatterns(original, extraBits));
-
-        Assert.assertEquals("ABCDEF", AclFormattingUtils.mergePatterns("ABCDEF", "......"));
-        Assert.assertEquals("GHIJKL", AclFormattingUtils.mergePatterns("ABCDEF", "GHIJKL"));
-    }
-    
-    public final void testBinaryPrints() throws Exception {
-        Assert.assertEquals("............................****", AclFormattingUtils.printBinary(15));
-        
-        try {
-            AclFormattingUtils.printBinary(15, Permission.RESERVED_ON);
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException notExpected) {
-            Assert.assertTrue(true);
-        }
-        
-        try {
-            AclFormattingUtils.printBinary(15, Permission.RESERVED_OFF);
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException notExpected) {
-            Assert.assertTrue(true);
-        }
-        
-        Assert.assertEquals("............................xxxx", AclFormattingUtils.printBinary(15, 'x'));
-    }
-}
+package org.springframework.security.acls;
+
+import org.springframework.security.acls.domain.AclFormattingUtils;
+import org.springframework.security.acls.model.Permission;
+
+import junit.framework.Assert;
+import junit.framework.TestCase;
+
+/**
+ * Tests for {@link AclFormattingUtils}.
+ *
+ * @author Andrei Stefan
+ */
+public class AclFormattingUtilsTests extends TestCase {
+
+    //~ Methods ========================================================================================================
+
+    public final void testDemergePatternsParametersConstraints() throws Exception {
+        try {
+            AclFormattingUtils.demergePatterns(null, "SOME STRING");
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            AclFormattingUtils.demergePatterns("SOME STRING", null);
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            AclFormattingUtils.demergePatterns("SOME STRING", "LONGER SOME STRING");
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            AclFormattingUtils.demergePatterns("SOME STRING", "SAME LENGTH");
+            Assert.assertTrue(true);
+        }
+        catch (IllegalArgumentException notExpected) {
+            Assert.fail("It shouldn't have thrown IllegalArgumentException");
+        }
+    }
+
+    public final void testDemergePatterns() throws Exception {
+        String original = "...........................A...R";
+        String removeBits = "...............................R";
+        Assert.assertEquals("...........................A....", AclFormattingUtils
+                .demergePatterns(original, removeBits));
+
+        Assert.assertEquals("ABCDEF", AclFormattingUtils.demergePatterns("ABCDEF", "......"));
+        Assert.assertEquals("......", AclFormattingUtils.demergePatterns("ABCDEF", "GHIJKL"));
+    }
+
+    public final void testMergePatternsParametersConstraints() throws Exception {
+        try {
+            AclFormattingUtils.mergePatterns(null, "SOME STRING");
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            AclFormattingUtils.mergePatterns("SOME STRING", null);
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            AclFormattingUtils.mergePatterns("SOME STRING", "LONGER SOME STRING");
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            AclFormattingUtils.mergePatterns("SOME STRING", "SAME LENGTH");
+            Assert.assertTrue(true);
+        }
+        catch (IllegalArgumentException notExpected) {
+            Assert.fail("It shouldn't have thrown IllegalArgumentException");
+        }
+    }
+
+    public final void testMergePatterns() throws Exception {
+        String original = "...............................R";
+        String extraBits = "...........................A....";
+        Assert.assertEquals("...........................A...R", AclFormattingUtils
+                .mergePatterns(original, extraBits));
+
+        Assert.assertEquals("ABCDEF", AclFormattingUtils.mergePatterns("ABCDEF", "......"));
+        Assert.assertEquals("GHIJKL", AclFormattingUtils.mergePatterns("ABCDEF", "GHIJKL"));
+    }
+
+    public final void testBinaryPrints() throws Exception {
+        Assert.assertEquals("............................****", AclFormattingUtils.printBinary(15));
+
+        try {
+            AclFormattingUtils.printBinary(15, Permission.RESERVED_ON);
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException notExpected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            AclFormattingUtils.printBinary(15, Permission.RESERVED_OFF);
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException notExpected) {
+            Assert.assertTrue(true);
+        }
+
+        Assert.assertEquals("............................xxxx", AclFormattingUtils.printBinary(15, 'x'));
+    }
+}

acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java

@@ -15,7 +15,6 @@ import org.springframework.security.core.Authentication;
 /**
  *
  * @author Luke Taylor
- * @version $Id$
  * @since 3.0
  */
 public class AclPermissionEvaluatorTests {

acl/src/test/java/org/springframework/security/acls/TargetObject.java

@@ -4,7 +4,6 @@ package org.springframework.security.acls;
  * Dummy domain object class
  *
  * @author Luke Taylor
- * @version $Id$
  */
 public final class TargetObject {
 

acl/src/test/java/org/springframework/security/acls/domain/AccessControlImplEntryTests.java

@@ -1,105 +1,104 @@
-package org.springframework.security.acls.domain;
-
-import static org.junit.Assert.*;
-
-import org.jmock.Expectations;
-import org.jmock.Mockery;
-import org.jmock.integration.junit4.JUnit4Mockery;
-import org.junit.Test;
-import org.springframework.security.acls.model.AccessControlEntry;
-import org.springframework.security.acls.model.Acl;
-import org.springframework.security.acls.model.AuditableAccessControlEntry;
-import org.springframework.security.acls.model.ObjectIdentity;
-import org.springframework.security.acls.model.Sid;
-
-/**
- * Tests for {@link AccessControlEntryImpl}.
- *
- * @author Andrei Stefan
- * @version $Id$
- */
-public class AccessControlImplEntryTests {
-    Mockery jmock = new JUnit4Mockery();
-
-    //~ Methods ========================================================================================================
-
-    @Test
-    public void testConstructorRequiredFields() {
-        // Check Acl field is present
-        try {
-            new AccessControlEntryImpl(null, null, new PrincipalSid("johndoe"),
-                    BasePermission.ADMINISTRATION, true, true, true);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-
-        // Check Sid field is present
-        try {
-            new AccessControlEntryImpl(null, jmock.mock(Acl.class), null,
-                    BasePermission.ADMINISTRATION, true, true, true);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-
-        // Check Permission field is present
-        try {
-            new AccessControlEntryImpl(null, jmock.mock(Acl.class), new PrincipalSid("johndoe"), null,
-                    true, true, true);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-    }
-
-    @Test
-    public void testAccessControlEntryImplGetters() {
-        Acl mockAcl = jmock.mock(Acl.class);
-        Sid sid = new PrincipalSid("johndoe");
-
-        // Create a sample entry
-        AccessControlEntry ace = new AccessControlEntryImpl(new Long(1), mockAcl, sid, BasePermission.ADMINISTRATION,
-                true, true, true);
-
-        // and check every get() method
-        assertEquals(new Long(1), ace.getId());
-        assertEquals(mockAcl, ace.getAcl());
-        assertEquals(sid, ace.getSid());
-        assertTrue(ace.isGranting());
-        assertEquals(BasePermission.ADMINISTRATION, ace.getPermission());
-        assertTrue(((AuditableAccessControlEntry) ace).isAuditFailure());
-        assertTrue(((AuditableAccessControlEntry) ace).isAuditSuccess());
-    }
-
-    @Test
-    public void testEquals() {
-        final Acl mockAcl = jmock.mock(Acl.class);
-        final ObjectIdentity oid = jmock.mock(ObjectIdentity.class);
-        jmock.checking(new Expectations() {{
-            allowing(mockAcl).getObjectIdentity(); will(returnValue(oid));
-        }});
-        Sid sid = new PrincipalSid("johndoe");
-
-        AccessControlEntry ace = new AccessControlEntryImpl(new Long(1), mockAcl, sid, BasePermission.ADMINISTRATION,
-                true, true, true);
-
-        assertFalse(ace.equals(null));
-        assertFalse(ace.equals(new Long(100)));
-        assertTrue(ace.equals(ace));
-        assertTrue(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid,
-                BasePermission.ADMINISTRATION, true, true, true)));
-        assertFalse(ace.equals(new AccessControlEntryImpl(new Long(2), mockAcl, sid,
-                BasePermission.ADMINISTRATION, true, true, true)));
-        assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, new PrincipalSid("scott"),
-                BasePermission.ADMINISTRATION, true, true, true)));
-        assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid, BasePermission.WRITE, true,
-                true, true)));
-        assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid,
-                BasePermission.ADMINISTRATION, false, true, true)));
-        assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid,
-                BasePermission.ADMINISTRATION, true, false, true)));
-        assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid,
-                BasePermission.ADMINISTRATION, true, true, false)));
-    }
-}
+package org.springframework.security.acls.domain;
+
+import static org.junit.Assert.*;
+
+import org.jmock.Expectations;
+import org.jmock.Mockery;
+import org.jmock.integration.junit4.JUnit4Mockery;
+import org.junit.Test;
+import org.springframework.security.acls.model.AccessControlEntry;
+import org.springframework.security.acls.model.Acl;
+import org.springframework.security.acls.model.AuditableAccessControlEntry;
+import org.springframework.security.acls.model.ObjectIdentity;
+import org.springframework.security.acls.model.Sid;
+
+/**
+ * Tests for {@link AccessControlEntryImpl}.
+ *
+ * @author Andrei Stefan
+ */
+public class AccessControlImplEntryTests {
+    Mockery jmock = new JUnit4Mockery();
+
+    //~ Methods ========================================================================================================
+
+    @Test
+    public void testConstructorRequiredFields() {
+        // Check Acl field is present
+        try {
+            new AccessControlEntryImpl(null, null, new PrincipalSid("johndoe"),
+                    BasePermission.ADMINISTRATION, true, true, true);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+
+        // Check Sid field is present
+        try {
+            new AccessControlEntryImpl(null, jmock.mock(Acl.class), null,
+                    BasePermission.ADMINISTRATION, true, true, true);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+
+        // Check Permission field is present
+        try {
+            new AccessControlEntryImpl(null, jmock.mock(Acl.class), new PrincipalSid("johndoe"), null,
+                    true, true, true);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+    }
+
+    @Test
+    public void testAccessControlEntryImplGetters() {
+        Acl mockAcl = jmock.mock(Acl.class);
+        Sid sid = new PrincipalSid("johndoe");
+
+        // Create a sample entry
+        AccessControlEntry ace = new AccessControlEntryImpl(new Long(1), mockAcl, sid, BasePermission.ADMINISTRATION,
+                true, true, true);
+
+        // and check every get() method
+        assertEquals(new Long(1), ace.getId());
+        assertEquals(mockAcl, ace.getAcl());
+        assertEquals(sid, ace.getSid());
+        assertTrue(ace.isGranting());
+        assertEquals(BasePermission.ADMINISTRATION, ace.getPermission());
+        assertTrue(((AuditableAccessControlEntry) ace).isAuditFailure());
+        assertTrue(((AuditableAccessControlEntry) ace).isAuditSuccess());
+    }
+
+    @Test
+    public void testEquals() {
+        final Acl mockAcl = jmock.mock(Acl.class);
+        final ObjectIdentity oid = jmock.mock(ObjectIdentity.class);
+        jmock.checking(new Expectations() {{
+            allowing(mockAcl).getObjectIdentity(); will(returnValue(oid));
+        }});
+        Sid sid = new PrincipalSid("johndoe");
+
+        AccessControlEntry ace = new AccessControlEntryImpl(new Long(1), mockAcl, sid, BasePermission.ADMINISTRATION,
+                true, true, true);
+
+        assertFalse(ace.equals(null));
+        assertFalse(ace.equals(new Long(100)));
+        assertTrue(ace.equals(ace));
+        assertTrue(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid,
+                BasePermission.ADMINISTRATION, true, true, true)));
+        assertFalse(ace.equals(new AccessControlEntryImpl(new Long(2), mockAcl, sid,
+                BasePermission.ADMINISTRATION, true, true, true)));
+        assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, new PrincipalSid("scott"),
+                BasePermission.ADMINISTRATION, true, true, true)));
+        assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid, BasePermission.WRITE, true,
+                true, true)));
+        assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid,
+                BasePermission.ADMINISTRATION, false, true, true)));
+        assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid,
+                BasePermission.ADMINISTRATION, true, false, true)));
+        assertFalse(ace.equals(new AccessControlEntryImpl(new Long(1), mockAcl, sid,
+                BasePermission.ADMINISTRATION, true, true, false)));
+    }
+}

acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java

@@ -1,567 +1,567 @@
-package org.springframework.security.acls.domain;
-
-import static org.junit.Assert.*;
-import static org.mockito.Mockito.mock;
-
-import java.lang.reflect.Field;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Map;
-
-import org.jmock.Mockery;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.springframework.security.acls.model.AccessControlEntry;
-import org.springframework.security.acls.model.Acl;
-import org.springframework.security.acls.model.AlreadyExistsException;
-import org.springframework.security.acls.model.AuditableAccessControlEntry;
-import org.springframework.security.acls.model.AuditableAcl;
-import org.springframework.security.acls.model.ChildrenExistException;
-import org.springframework.security.acls.model.MutableAcl;
-import org.springframework.security.acls.model.MutableAclService;
-import org.springframework.security.acls.model.NotFoundException;
-import org.springframework.security.acls.model.ObjectIdentity;
-import org.springframework.security.acls.model.OwnershipAcl;
-import org.springframework.security.acls.model.Permission;
-import org.springframework.security.acls.model.Sid;
-import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.GrantedAuthorityImpl;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.util.FieldUtils;
-
-
-/**
- * Tests for {@link AclImpl}.
- *
- * @author Andrei Stefan
- */
-public class AclImplTests {
-    private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
-    private static final List<Permission> READ = Arrays.asList(BasePermission.READ );
-    private static final List<Permission> WRITE = Arrays.asList(BasePermission.WRITE);
-    private static final List<Permission> CREATE = Arrays.asList(BasePermission.CREATE );
-    private static final List<Permission> DELETE = Arrays.asList(BasePermission.DELETE );
-    private static final List<Sid> SCOTT = Arrays.asList((Sid)new PrincipalSid("scott"));
-    private static final List<Sid> BEN = Arrays.asList((Sid)new PrincipalSid("ben"));
-
-    Authentication auth = new TestingAuthenticationToken("joe", "ignored", "ROLE_ADMINISTRATOR");
-    Mockery jmockCtx = new Mockery();
-    AclAuthorizationStrategy mockAuthzStrategy;
-    AuditLogger mockAuditLogger;
-    ObjectIdentity objectIdentity = new ObjectIdentityImpl(TARGET_CLASS, 100);
-
-    // ~ Methods ========================================================================================================
-
-    @Before
-    public void setUp() throws Exception {
-        SecurityContextHolder.getContext().setAuthentication(auth);
-        mockAuthzStrategy = mock(AclAuthorizationStrategy.class);
-        mockAuditLogger = mock(AuditLogger.class);;
-        auth.setAuthenticated(true);
-    }
-
-    @After
-    public void tearDown() throws Exception {
-        SecurityContextHolder.clearContext();
-    }
-
-    @Test(expected=IllegalArgumentException.class)
-    public void constructorsRejectNullObjectIdentity() throws Exception {
-        try {
-            new AclImpl(null, 1, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid("joe"));
-            fail("Should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-        new AclImpl(null, 1, mockAuthzStrategy, mockAuditLogger);
-    }
-
-    @Test(expected=IllegalArgumentException.class)
-    public void constructorsRejectNullId() throws Exception {
-        try {
-            new AclImpl(objectIdentity, null, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid("joe"));
-            fail("Should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-        new AclImpl(objectIdentity, null, mockAuthzStrategy, mockAuditLogger);
-    }
-
-    @Test(expected=IllegalArgumentException.class)
-    public void constructorsRejectNullAclAuthzStrategy() throws Exception {
-        try {
-            new AclImpl(objectIdentity, 1, null, mockAuditLogger, null, null, true, new PrincipalSid("joe"));
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-        new AclImpl(objectIdentity, 1, null, mockAuditLogger);
-    }
-
-    @Test(expected=IllegalArgumentException.class)
-    public void constructorsRejectNullAuditLogger() throws Exception {
-        try {
-            new AclImpl(objectIdentity, 1, mockAuthzStrategy, null, null, null, true, new PrincipalSid("joe"));
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-        new AclImpl(objectIdentity, 1, mockAuthzStrategy, null);
-    }
-
-    @Test
-    public void insertAceRejectsNullParameters() throws Exception {
-        MutableAcl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid(
-                "joe"));
-        try {
-            acl.insertAce(0, null, new GrantedAuthoritySid("ROLE_IGNORED"), true);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-        try {
-            acl.insertAce(0, BasePermission.READ, null, true);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-    }
-
-    @Test
-    public void insertAceAddsElementAtCorrectIndex() throws Exception {
-        MutableAcl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid("joe"));
-        MockAclService service = new MockAclService();
-
-        // Insert one permission
-        acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
-        service.updateAcl(acl);
-        // Check it was successfully added
-        assertEquals(1, acl.getEntries().size());
-        assertEquals(acl.getEntries().get(0).getAcl(), acl);
-        assertEquals(acl.getEntries().get(0).getPermission(), BasePermission.READ);
-        assertEquals(acl.getEntries().get(0).getSid(), new GrantedAuthoritySid("ROLE_TEST1"));
-
-        // Add a second permission
-        acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
-        service.updateAcl(acl);
-        // Check it was added on the last position
-        assertEquals(2, acl.getEntries().size());
-        assertEquals(acl.getEntries().get(1).getAcl(), acl);
-        assertEquals(acl.getEntries().get(1).getPermission(), BasePermission.READ);
-        assertEquals(acl.getEntries().get(1).getSid(), new GrantedAuthoritySid("ROLE_TEST2"));
-
-        // Add a third permission, after the first one
-        acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_TEST3"), false);
-        service.updateAcl(acl);
-        assertEquals(3, acl.getEntries().size());
-        // Check the third entry was added between the two existent ones
-        assertEquals(acl.getEntries().get(0).getPermission(), BasePermission.READ);
-        assertEquals(acl.getEntries().get(0).getSid(), new GrantedAuthoritySid("ROLE_TEST1"));
-        assertEquals(acl.getEntries().get(1).getPermission(), BasePermission.WRITE);
-        assertEquals(acl.getEntries().get(1).getSid(), new GrantedAuthoritySid("ROLE_TEST3"));
-        assertEquals(acl.getEntries().get(2).getPermission(), BasePermission.READ);
-        assertEquals(acl.getEntries().get(2).getSid(), new GrantedAuthoritySid("ROLE_TEST2"));
-    }
-
-    @Test(expected=NotFoundException.class)
-    public void insertAceFailsForNonExistentElement() throws Exception {
-        MutableAcl acl = new AclImpl(objectIdentity,1, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid(
-                "joe"));
-        MockAclService service = new MockAclService();
-
-        // Insert one permission
-        acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
-        service.updateAcl(acl);
-
-        acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
-    }
-
-    @Test
-    public void deleteAceKeepsInitialOrdering() throws Exception {
-        MutableAcl acl = new AclImpl(objectIdentity,1, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid(
-                "joe"));
-        MockAclService service = new MockAclService();
-
-        // Add several permissions
-        acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
-        acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
-        acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST3"), true);
-        service.updateAcl(acl);
-
-        // Delete first permission and check the order of the remaining permissions is kept
-        acl.deleteAce(0);
-        assertEquals(2, acl.getEntries().size());
-        assertEquals(acl.getEntries().get(0).getSid(), new GrantedAuthoritySid("ROLE_TEST2"));
-        assertEquals(acl.getEntries().get(1).getSid(), new GrantedAuthoritySid("ROLE_TEST3"));
-
-        // Add one more permission and remove the permission in the middle
-        acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST4"), true);
-        service.updateAcl(acl);
-        acl.deleteAce(1);
-        assertEquals(2, acl.getEntries().size());
-        assertEquals(acl.getEntries().get(0).getSid(), new GrantedAuthoritySid("ROLE_TEST2"));
-        assertEquals(acl.getEntries().get(1).getSid(), new GrantedAuthoritySid("ROLE_TEST4"));
-
-        // Remove remaining permissions
-        acl.deleteAce(1);
-        acl.deleteAce(0);
-        assertEquals(0, acl.getEntries().size());
-    }
-
-    @Test
-    public void deleteAceFailsForNonExistentElement() throws Exception {
-        AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
-                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
-                new GrantedAuthorityImpl("ROLE_GENERAL") });
-        AuditLogger auditLogger = new ConsoleAuditLogger();
-        MutableAcl acl = new AclImpl(objectIdentity, (1), strategy, auditLogger, null, null, true, new PrincipalSid(
-                "joe"));
-        try {
-            acl.deleteAce(99);
-            fail("It should have thrown NotFoundException");
-        }
-        catch (NotFoundException expected) {
-        }
-    }
-
-    @Test
-    public void isGrantingRejectsEmptyParameters() throws Exception {
-        MutableAcl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid(
-                "joe"));
-        Sid ben = new PrincipalSid("ben");
-        try {
-            acl.isGranted(new ArrayList<Permission>(0), Arrays.asList(ben) , false);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-        try {
-            acl.isGranted(READ, new ArrayList<Sid>(0), false);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-    }
-
-    @Test
-    public void isGrantingGrantsAccessForAclWithNoParent() throws Exception {
-        Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL","ROLE_GUEST");
-        auth.setAuthenticated(true);
-        SecurityContextHolder.getContext().setAuthentication(auth);
-        ObjectIdentity rootOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
-
-        // Create an ACL which owner is not the authenticated principal
-        MutableAcl rootAcl = new AclImpl(rootOid, 1, mockAuthzStrategy, mockAuditLogger, null, null, false, new PrincipalSid(
-                "joe"));
-
-        // Grant some permissions
-        rootAcl.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), false);
-        rootAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("scott"), true);
-        rootAcl.insertAce(2, BasePermission.WRITE, new PrincipalSid("rod"), false);
-        rootAcl.insertAce(3, BasePermission.WRITE, new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), true);
-
-        // Check permissions granting
-        List<Permission> permissions = Arrays.asList(BasePermission.READ, BasePermission.CREATE);
-        List<Sid> sids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_GUEST"));
-        assertFalse(rootAcl.isGranted(permissions, sids, false));
-        try {
-            rootAcl.isGranted(permissions, SCOTT, false);
-            fail("It should have thrown NotFoundException");
-        }
-        catch (NotFoundException expected) {
-        }
-        assertTrue(rootAcl.isGranted(WRITE, SCOTT, false));
-        assertFalse(rootAcl.isGranted(WRITE,
-                Arrays.asList(new PrincipalSid("rod"), new GrantedAuthoritySid("WRITE_ACCESS_ROLE")), false));
-        assertTrue(rootAcl.isGranted(WRITE, Arrays.asList(new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), new PrincipalSid("rod")), false));
-        try {
-            // Change the type of the Sid and check the granting process
-            rootAcl.isGranted(WRITE, Arrays.asList(new GrantedAuthoritySid("rod"), new PrincipalSid("WRITE_ACCESS_ROLE")), false);
-            fail("It should have thrown NotFoundException");
-        }
-        catch (NotFoundException expected) {
-        }
-    }
-
-    @Test
-    public void isGrantingGrantsAccessForInheritableAcls() throws Exception {
-        Authentication auth = new TestingAuthenticationToken("ben", "ignored","ROLE_GENERAL");
-        auth.setAuthenticated(true);
-        SecurityContextHolder.getContext().setAuthentication(auth);
-        ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
-        ObjectIdentity parentOid1 = new ObjectIdentityImpl(TARGET_CLASS, 101);
-        ObjectIdentity parentOid2 = new ObjectIdentityImpl(TARGET_CLASS, 102);
-        ObjectIdentity childOid1 = new ObjectIdentityImpl(TARGET_CLASS, 103);
-        ObjectIdentity childOid2 = new ObjectIdentityImpl(TARGET_CLASS, 104);
-
-        // Create ACLs
-        MutableAcl grandParentAcl = new AclImpl(grandParentOid, 1, mockAuthzStrategy, mockAuditLogger, null, null, false,
-                new PrincipalSid("joe"));
-        MutableAcl parentAcl1 = new AclImpl(parentOid1, 2, mockAuthzStrategy, mockAuditLogger, null, null, true,
-                new PrincipalSid("joe"));
-        MutableAcl parentAcl2 = new AclImpl(parentOid2, 3, mockAuthzStrategy, mockAuditLogger, null, null, true,
-                new PrincipalSid("joe"));
-        MutableAcl childAcl1 = new AclImpl(childOid1, 4, mockAuthzStrategy, mockAuditLogger, null, null, true,
-                new PrincipalSid("joe"));
-        MutableAcl childAcl2 = new AclImpl(childOid2, 4, mockAuthzStrategy, mockAuditLogger, null, null, false,
-                new PrincipalSid("joe"));
-
-        // Create hierarchies
-        childAcl2.setParent(childAcl1);
-        childAcl1.setParent(parentAcl1);
-        parentAcl2.setParent(grandParentAcl);
-        parentAcl1.setParent(grandParentAcl);
-
-        // Add some permissions
-        grandParentAcl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
-        grandParentAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("ben"), true);
-        grandParentAcl.insertAce(2, BasePermission.DELETE, new PrincipalSid("ben"), false);
-        grandParentAcl.insertAce(3, BasePermission.DELETE, new PrincipalSid("scott"), true);
-        parentAcl1.insertAce(0, BasePermission.READ, new PrincipalSid("scott"), true);
-        parentAcl1.insertAce(1, BasePermission.DELETE, new PrincipalSid("scott"), false);
-        parentAcl2.insertAce(0, BasePermission.CREATE, new PrincipalSid("ben"), true);
-        childAcl1.insertAce(0, BasePermission.CREATE, new PrincipalSid("scott"), true);
-
-        // Check granting process for parent1
-        assertTrue(parentAcl1.isGranted(READ, SCOTT, false));
-        assertTrue(parentAcl1.isGranted(READ, Arrays.asList((Sid)new GrantedAuthoritySid("ROLE_USER_READ")), false));
-        assertTrue(parentAcl1.isGranted(WRITE, BEN, false));
-        assertFalse(parentAcl1.isGranted(DELETE, BEN, false));
-        assertFalse(parentAcl1.isGranted(DELETE, SCOTT, false));
-
-        // Check granting process for parent2
-        assertTrue(parentAcl2.isGranted(CREATE, BEN, false));
-        assertTrue(parentAcl2.isGranted(WRITE, BEN, false));
-        assertFalse(parentAcl2.isGranted(DELETE, BEN, false));
-
-        // Check granting process for child1
-        assertTrue(childAcl1.isGranted(CREATE, SCOTT,
-                false));
-        assertTrue(childAcl1.isGranted(READ, Arrays.asList((Sid)new GrantedAuthoritySid("ROLE_USER_READ")), false));
-        assertFalse(childAcl1.isGranted(DELETE, BEN, false));
-
-        // Check granting process for child2 (doesn't inherit the permissions from its parent)
-        try {
-            assertTrue(childAcl2.isGranted(CREATE, SCOTT, false));
-            fail("It should have thrown NotFoundException");
-        }
-        catch (NotFoundException expected) {
-            assertTrue(true);
-        }
-        try {
-            assertTrue(childAcl2.isGranted(CREATE, Arrays.asList((Sid)new PrincipalSid("joe")), false));
-            fail("It should have thrown NotFoundException");
-        }
-        catch (NotFoundException expected) {
-            assertTrue(true);
-        }
-    }
-
-    @Test
-    public void updatedAceValuesAreCorrectlyReflectedInAcl() throws Exception {
-        Authentication auth = new TestingAuthenticationToken("ben", "ignored","ROLE_GENERAL");
-        auth.setAuthenticated(true);
-        SecurityContextHolder.getContext().setAuthentication(auth);
-        MutableAcl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, false, new PrincipalSid(
-                "joe"));
-        MockAclService service = new MockAclService();
-
-        acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
-        acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
-        acl.insertAce(2, BasePermission.CREATE, new PrincipalSid("ben"), true);
-        service.updateAcl(acl);
-
-        assertEquals(acl.getEntries().get(0).getPermission(), BasePermission.READ);
-        assertEquals(acl.getEntries().get(1).getPermission(), BasePermission.WRITE);
-        assertEquals(acl.getEntries().get(2).getPermission(), BasePermission.CREATE);
-
-        // Change each permission
-        acl.updateAce(0, BasePermission.CREATE);
-        acl.updateAce(1, BasePermission.DELETE);
-        acl.updateAce(2, BasePermission.READ);
-
-        // Check the change was successfuly made
-        assertEquals(acl.getEntries().get(0).getPermission(), BasePermission.CREATE);
-        assertEquals(acl.getEntries().get(1).getPermission(), BasePermission.DELETE);
-        assertEquals(acl.getEntries().get(2).getPermission(), BasePermission.READ);
-    }
-
-    @Test
-    public void auditableEntryFlagsAreUpdatedCorrectly() throws Exception {
-        Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_AUDITING", "ROLE_GENERAL");
-        auth.setAuthenticated(true);
-        SecurityContextHolder.getContext().setAuthentication(auth);
-        MutableAcl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, false, new PrincipalSid(
-                "joe"));
-        MockAclService service = new MockAclService();
-
-        acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
-        acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
-        service.updateAcl(acl);
-
-        assertFalse(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditFailure());
-        assertFalse(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditFailure());
-        assertFalse(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditSuccess());
-        assertFalse(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditSuccess());
-
-        // Change each permission
-        ((AuditableAcl) acl).updateAuditing(0, true, true);
-        ((AuditableAcl) acl).updateAuditing(1, true, true);
-
-        // Check the change was successfuly made
-        assertTrue(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditFailure());
-        assertTrue(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditFailure());
-        assertTrue(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditSuccess());
-        assertTrue(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditSuccess());
-    }
-
-    @Test
-    public void gettersAndSettersAreConsistent() throws Exception {
-        Authentication auth = new TestingAuthenticationToken("ben", "ignored", new GrantedAuthority[] {
-                new GrantedAuthorityImpl("ROLE_GENERAL") });
-        auth.setAuthenticated(true);
-        SecurityContextHolder.getContext().setAuthentication(auth);
-        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, (100));
-        ObjectIdentity identity2 = new ObjectIdentityImpl(TARGET_CLASS, (101));
-        MutableAcl acl = new AclImpl(identity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true,
-                new PrincipalSid("joe"));
-        MutableAcl parentAcl = new AclImpl(identity2, 2, mockAuthzStrategy, mockAuditLogger, null, null, true,
-                new PrincipalSid("joe"));
-        MockAclService service = new MockAclService();
-        acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
-        acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
-        service.updateAcl(acl);
-
-        assertEquals(acl.getId(), 1);
-        assertEquals(acl.getObjectIdentity(), identity);
-        assertEquals(acl.getOwner(), new PrincipalSid("joe"));
-        assertNull(acl.getParentAcl());
-        assertTrue(acl.isEntriesInheriting());
-        assertEquals(2, acl.getEntries().size());
-
-        acl.setParent(parentAcl);
-        assertEquals(acl.getParentAcl(), parentAcl);
-
-        acl.setEntriesInheriting(false);
-        assertFalse(acl.isEntriesInheriting());
-
-        ((OwnershipAcl) acl).setOwner(new PrincipalSid("ben"));
-        assertEquals(acl.getOwner(), new PrincipalSid("ben"));
-    }
-
-    @Test
-    public void isSidLoadedBehavesAsExpected() throws Exception {
-        List<Sid> loadedSids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_IGNORED"));
-        MutableAcl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, loadedSids, true,
-                new PrincipalSid("joe"));
-
-        assertTrue(acl.isSidLoaded(loadedSids));
-        assertTrue(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new PrincipalSid("ben"))));
-        assertTrue(acl.isSidLoaded(Arrays.asList((Sid)new GrantedAuthoritySid("ROLE_IGNORED"))));
-        assertTrue(acl.isSidLoaded(BEN));
-        assertTrue(acl.isSidLoaded(null));
-        assertTrue(acl.isSidLoaded(new ArrayList<Sid>(0)));
-        assertTrue(acl.isSidLoaded(Arrays.asList((Sid)new GrantedAuthoritySid("ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_IGNORED"))));
-        assertFalse(acl.isSidLoaded(Arrays.asList((Sid)new GrantedAuthoritySid("ROLE_GENERAL"), new GrantedAuthoritySid("ROLE_IGNORED"))));
-        assertFalse(acl.isSidLoaded(Arrays.asList((Sid)new GrantedAuthoritySid("ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_GENERAL"))));
-    }
-
-    @Test(expected=NotFoundException.class)
-    public void insertAceRaisesNotFoundExceptionForIndexLessThanZero() throws Exception {
-        AclImpl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true,
-                new PrincipalSid("joe"));
-        acl.insertAce(-1, mock(Permission.class), mock(Sid.class), true);
-    }
-
-    @Test(expected=NotFoundException.class)
-    public void deleteAceRaisesNotFoundExceptionForIndexLessThanZero() throws Exception {
-        AclImpl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true,
-                new PrincipalSid("joe"));
-        acl.deleteAce(-1);
-    }
-
-    @Test(expected=NotFoundException.class)
-    public void insertAceRaisesNotFoundExceptionForIndexGreaterThanSize() throws Exception {
-        AclImpl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true,
-                new PrincipalSid("joe"));
-        // Insert at zero, OK.
-        acl.insertAce(0, mock(Permission.class), mock(Sid.class), true);
-        // Size is now 1
-        acl.insertAce(2, mock(Permission.class), mock(Sid.class), true);
-    }
-
-    // SEC-1151
-    @Test(expected=NotFoundException.class)
-    public void deleteAceRaisesNotFoundExceptionForIndexEqualToSize() throws Exception {
-        AclImpl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true,
-                new PrincipalSid("joe"));
-        acl.insertAce(0, mock(Permission.class), mock(Sid.class), true);
-        // Size is now 1
-        acl.deleteAce(1);
-    }
-
-
-    //~ Inner Classes ==================================================================================================
-
-    private class MockAclService implements MutableAclService {
-        public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
-            return null;
-        }
-
-        public void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren) throws ChildrenExistException {
-        }
-
-        /*
-         * Mock implementation that populates the aces list with fully initialized AccessControlEntries
-         * @see org.springframework.security.acls.MutableAclService#updateAcl(org.springframework.security.acls.MutableAcl)
-         */
-        @SuppressWarnings("unchecked")
-        public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
-            List<AccessControlEntry> oldAces = acl.getEntries();
-            Field acesField = FieldUtils.getField(AclImpl.class, "aces");
-            acesField.setAccessible(true);
-            List newAces;
-            try {
-                newAces = (List) acesField.get(acl);
-                newAces.clear();
-
-                for (int i = 0; i < oldAces.size(); i++) {
-                    AccessControlEntry ac = oldAces.get(i);
-                    // Just give an ID to all this acl's aces, rest of the fields are just copied
-                    newAces.add(new AccessControlEntryImpl((i + 1), ac.getAcl(), ac.getSid(), ac.getPermission(), ac
-                            .isGranting(), ((AuditableAccessControlEntry) ac).isAuditSuccess(),
-                            ((AuditableAccessControlEntry) ac).isAuditFailure()));
-                }
-            }
-            catch (IllegalAccessException e) {
-                e.printStackTrace();
-            }
-
-            return acl;
-        }
-
-        public List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity) {
-            return null;
-        }
-
-        public Acl readAclById(ObjectIdentity object) throws NotFoundException {
-            return null;
-        }
-
-        public Acl readAclById(ObjectIdentity object, List<Sid> sids) throws NotFoundException {
-            return null;
-        }
-
-        public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects) throws NotFoundException {
-            return null;
-        }
-
-        public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) throws NotFoundException {
-            return null;
-        }
-    }
-}
+package org.springframework.security.acls.domain;
+
+import static org.junit.Assert.*;
+import static org.mockito.Mockito.mock;
+
+import java.lang.reflect.Field;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+
+import org.jmock.Mockery;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.acls.model.AccessControlEntry;
+import org.springframework.security.acls.model.Acl;
+import org.springframework.security.acls.model.AlreadyExistsException;
+import org.springframework.security.acls.model.AuditableAccessControlEntry;
+import org.springframework.security.acls.model.AuditableAcl;
+import org.springframework.security.acls.model.ChildrenExistException;
+import org.springframework.security.acls.model.MutableAcl;
+import org.springframework.security.acls.model.MutableAclService;
+import org.springframework.security.acls.model.NotFoundException;
+import org.springframework.security.acls.model.ObjectIdentity;
+import org.springframework.security.acls.model.OwnershipAcl;
+import org.springframework.security.acls.model.Permission;
+import org.springframework.security.acls.model.Sid;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.util.FieldUtils;
+
+
+/**
+ * Tests for {@link AclImpl}.
+ *
+ * @author Andrei Stefan
+ */
+public class AclImplTests {
+    private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
+    private static final List<Permission> READ = Arrays.asList(BasePermission.READ );
+    private static final List<Permission> WRITE = Arrays.asList(BasePermission.WRITE);
+    private static final List<Permission> CREATE = Arrays.asList(BasePermission.CREATE );
+    private static final List<Permission> DELETE = Arrays.asList(BasePermission.DELETE );
+    private static final List<Sid> SCOTT = Arrays.asList((Sid)new PrincipalSid("scott"));
+    private static final List<Sid> BEN = Arrays.asList((Sid)new PrincipalSid("ben"));
+
+    Authentication auth = new TestingAuthenticationToken("joe", "ignored", "ROLE_ADMINISTRATOR");
+    Mockery jmockCtx = new Mockery();
+    AclAuthorizationStrategy mockAuthzStrategy;
+    AuditLogger mockAuditLogger;
+    ObjectIdentity objectIdentity = new ObjectIdentityImpl(TARGET_CLASS, 100);
+
+    // ~ Methods ========================================================================================================
+
+    @Before
+    public void setUp() throws Exception {
+        SecurityContextHolder.getContext().setAuthentication(auth);
+        mockAuthzStrategy = mock(AclAuthorizationStrategy.class);
+        mockAuditLogger = mock(AuditLogger.class);;
+        auth.setAuthenticated(true);
+    }
+
+    @After
+    public void tearDown() throws Exception {
+        SecurityContextHolder.clearContext();
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void constructorsRejectNullObjectIdentity() throws Exception {
+        try {
+            new AclImpl(null, 1, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid("joe"));
+            fail("Should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+        new AclImpl(null, 1, mockAuthzStrategy, mockAuditLogger);
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void constructorsRejectNullId() throws Exception {
+        try {
+            new AclImpl(objectIdentity, null, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid("joe"));
+            fail("Should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+        new AclImpl(objectIdentity, null, mockAuthzStrategy, mockAuditLogger);
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void constructorsRejectNullAclAuthzStrategy() throws Exception {
+        try {
+            new AclImpl(objectIdentity, 1, null, mockAuditLogger, null, null, true, new PrincipalSid("joe"));
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+        new AclImpl(objectIdentity, 1, null, mockAuditLogger);
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void constructorsRejectNullAuditLogger() throws Exception {
+        try {
+            new AclImpl(objectIdentity, 1, mockAuthzStrategy, null, null, null, true, new PrincipalSid("joe"));
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+        new AclImpl(objectIdentity, 1, mockAuthzStrategy, null);
+    }
+
+    @Test
+    public void insertAceRejectsNullParameters() throws Exception {
+        MutableAcl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid(
+                "joe"));
+        try {
+            acl.insertAce(0, null, new GrantedAuthoritySid("ROLE_IGNORED"), true);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+        try {
+            acl.insertAce(0, BasePermission.READ, null, true);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+    }
+
+    @Test
+    public void insertAceAddsElementAtCorrectIndex() throws Exception {
+        MutableAcl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid("joe"));
+        MockAclService service = new MockAclService();
+
+        // Insert one permission
+        acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
+        service.updateAcl(acl);
+        // Check it was successfully added
+        assertEquals(1, acl.getEntries().size());
+        assertEquals(acl.getEntries().get(0).getAcl(), acl);
+        assertEquals(acl.getEntries().get(0).getPermission(), BasePermission.READ);
+        assertEquals(acl.getEntries().get(0).getSid(), new GrantedAuthoritySid("ROLE_TEST1"));
+
+        // Add a second permission
+        acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
+        service.updateAcl(acl);
+        // Check it was added on the last position
+        assertEquals(2, acl.getEntries().size());
+        assertEquals(acl.getEntries().get(1).getAcl(), acl);
+        assertEquals(acl.getEntries().get(1).getPermission(), BasePermission.READ);
+        assertEquals(acl.getEntries().get(1).getSid(), new GrantedAuthoritySid("ROLE_TEST2"));
+
+        // Add a third permission, after the first one
+        acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_TEST3"), false);
+        service.updateAcl(acl);
+        assertEquals(3, acl.getEntries().size());
+        // Check the third entry was added between the two existent ones
+        assertEquals(acl.getEntries().get(0).getPermission(), BasePermission.READ);
+        assertEquals(acl.getEntries().get(0).getSid(), new GrantedAuthoritySid("ROLE_TEST1"));
+        assertEquals(acl.getEntries().get(1).getPermission(), BasePermission.WRITE);
+        assertEquals(acl.getEntries().get(1).getSid(), new GrantedAuthoritySid("ROLE_TEST3"));
+        assertEquals(acl.getEntries().get(2).getPermission(), BasePermission.READ);
+        assertEquals(acl.getEntries().get(2).getSid(), new GrantedAuthoritySid("ROLE_TEST2"));
+    }
+
+    @Test(expected=NotFoundException.class)
+    public void insertAceFailsForNonExistentElement() throws Exception {
+        MutableAcl acl = new AclImpl(objectIdentity,1, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid(
+                "joe"));
+        MockAclService service = new MockAclService();
+
+        // Insert one permission
+        acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
+        service.updateAcl(acl);
+
+        acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
+    }
+
+    @Test
+    public void deleteAceKeepsInitialOrdering() throws Exception {
+        MutableAcl acl = new AclImpl(objectIdentity,1, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid(
+                "joe"));
+        MockAclService service = new MockAclService();
+
+        // Add several permissions
+        acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
+        acl.insertAce(1, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true);
+        acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST3"), true);
+        service.updateAcl(acl);
+
+        // Delete first permission and check the order of the remaining permissions is kept
+        acl.deleteAce(0);
+        assertEquals(2, acl.getEntries().size());
+        assertEquals(acl.getEntries().get(0).getSid(), new GrantedAuthoritySid("ROLE_TEST2"));
+        assertEquals(acl.getEntries().get(1).getSid(), new GrantedAuthoritySid("ROLE_TEST3"));
+
+        // Add one more permission and remove the permission in the middle
+        acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST4"), true);
+        service.updateAcl(acl);
+        acl.deleteAce(1);
+        assertEquals(2, acl.getEntries().size());
+        assertEquals(acl.getEntries().get(0).getSid(), new GrantedAuthoritySid("ROLE_TEST2"));
+        assertEquals(acl.getEntries().get(1).getSid(), new GrantedAuthoritySid("ROLE_TEST4"));
+
+        // Remove remaining permissions
+        acl.deleteAce(1);
+        acl.deleteAce(0);
+        assertEquals(0, acl.getEntries().size());
+    }
+
+    @Test
+    public void deleteAceFailsForNonExistentElement() throws Exception {
+        AclAuthorizationStrategyImpl strategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
+                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
+                new GrantedAuthorityImpl("ROLE_GENERAL") });
+        AuditLogger auditLogger = new ConsoleAuditLogger();
+        MutableAcl acl = new AclImpl(objectIdentity, (1), strategy, auditLogger, null, null, true, new PrincipalSid(
+                "joe"));
+        try {
+            acl.deleteAce(99);
+            fail("It should have thrown NotFoundException");
+        }
+        catch (NotFoundException expected) {
+        }
+    }
+
+    @Test
+    public void isGrantingRejectsEmptyParameters() throws Exception {
+        MutableAcl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true, new PrincipalSid(
+                "joe"));
+        Sid ben = new PrincipalSid("ben");
+        try {
+            acl.isGranted(new ArrayList<Permission>(0), Arrays.asList(ben) , false);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+        try {
+            acl.isGranted(READ, new ArrayList<Sid>(0), false);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+    }
+
+    @Test
+    public void isGrantingGrantsAccessForAclWithNoParent() throws Exception {
+        Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL","ROLE_GUEST");
+        auth.setAuthenticated(true);
+        SecurityContextHolder.getContext().setAuthentication(auth);
+        ObjectIdentity rootOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
+
+        // Create an ACL which owner is not the authenticated principal
+        MutableAcl rootAcl = new AclImpl(rootOid, 1, mockAuthzStrategy, mockAuditLogger, null, null, false, new PrincipalSid(
+                "joe"));
+
+        // Grant some permissions
+        rootAcl.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), false);
+        rootAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("scott"), true);
+        rootAcl.insertAce(2, BasePermission.WRITE, new PrincipalSid("rod"), false);
+        rootAcl.insertAce(3, BasePermission.WRITE, new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), true);
+
+        // Check permissions granting
+        List<Permission> permissions = Arrays.asList(BasePermission.READ, BasePermission.CREATE);
+        List<Sid> sids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_GUEST"));
+        assertFalse(rootAcl.isGranted(permissions, sids, false));
+        try {
+            rootAcl.isGranted(permissions, SCOTT, false);
+            fail("It should have thrown NotFoundException");
+        }
+        catch (NotFoundException expected) {
+        }
+        assertTrue(rootAcl.isGranted(WRITE, SCOTT, false));
+        assertFalse(rootAcl.isGranted(WRITE,
+                Arrays.asList(new PrincipalSid("rod"), new GrantedAuthoritySid("WRITE_ACCESS_ROLE")), false));
+        assertTrue(rootAcl.isGranted(WRITE, Arrays.asList(new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), new PrincipalSid("rod")), false));
+        try {
+            // Change the type of the Sid and check the granting process
+            rootAcl.isGranted(WRITE, Arrays.asList(new GrantedAuthoritySid("rod"), new PrincipalSid("WRITE_ACCESS_ROLE")), false);
+            fail("It should have thrown NotFoundException");
+        }
+        catch (NotFoundException expected) {
+        }
+    }
+
+    @Test
+    public void isGrantingGrantsAccessForInheritableAcls() throws Exception {
+        Authentication auth = new TestingAuthenticationToken("ben", "ignored","ROLE_GENERAL");
+        auth.setAuthenticated(true);
+        SecurityContextHolder.getContext().setAuthentication(auth);
+        ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
+        ObjectIdentity parentOid1 = new ObjectIdentityImpl(TARGET_CLASS, 101);
+        ObjectIdentity parentOid2 = new ObjectIdentityImpl(TARGET_CLASS, 102);
+        ObjectIdentity childOid1 = new ObjectIdentityImpl(TARGET_CLASS, 103);
+        ObjectIdentity childOid2 = new ObjectIdentityImpl(TARGET_CLASS, 104);
+
+        // Create ACLs
+        MutableAcl grandParentAcl = new AclImpl(grandParentOid, 1, mockAuthzStrategy, mockAuditLogger, null, null, false,
+                new PrincipalSid("joe"));
+        MutableAcl parentAcl1 = new AclImpl(parentOid1, 2, mockAuthzStrategy, mockAuditLogger, null, null, true,
+                new PrincipalSid("joe"));
+        MutableAcl parentAcl2 = new AclImpl(parentOid2, 3, mockAuthzStrategy, mockAuditLogger, null, null, true,
+                new PrincipalSid("joe"));
+        MutableAcl childAcl1 = new AclImpl(childOid1, 4, mockAuthzStrategy, mockAuditLogger, null, null, true,
+                new PrincipalSid("joe"));
+        MutableAcl childAcl2 = new AclImpl(childOid2, 4, mockAuthzStrategy, mockAuditLogger, null, null, false,
+                new PrincipalSid("joe"));
+
+        // Create hierarchies
+        childAcl2.setParent(childAcl1);
+        childAcl1.setParent(parentAcl1);
+        parentAcl2.setParent(grandParentAcl);
+        parentAcl1.setParent(grandParentAcl);
+
+        // Add some permissions
+        grandParentAcl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
+        grandParentAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("ben"), true);
+        grandParentAcl.insertAce(2, BasePermission.DELETE, new PrincipalSid("ben"), false);
+        grandParentAcl.insertAce(3, BasePermission.DELETE, new PrincipalSid("scott"), true);
+        parentAcl1.insertAce(0, BasePermission.READ, new PrincipalSid("scott"), true);
+        parentAcl1.insertAce(1, BasePermission.DELETE, new PrincipalSid("scott"), false);
+        parentAcl2.insertAce(0, BasePermission.CREATE, new PrincipalSid("ben"), true);
+        childAcl1.insertAce(0, BasePermission.CREATE, new PrincipalSid("scott"), true);
+
+        // Check granting process for parent1
+        assertTrue(parentAcl1.isGranted(READ, SCOTT, false));
+        assertTrue(parentAcl1.isGranted(READ, Arrays.asList((Sid)new GrantedAuthoritySid("ROLE_USER_READ")), false));
+        assertTrue(parentAcl1.isGranted(WRITE, BEN, false));
+        assertFalse(parentAcl1.isGranted(DELETE, BEN, false));
+        assertFalse(parentAcl1.isGranted(DELETE, SCOTT, false));
+
+        // Check granting process for parent2
+        assertTrue(parentAcl2.isGranted(CREATE, BEN, false));
+        assertTrue(parentAcl2.isGranted(WRITE, BEN, false));
+        assertFalse(parentAcl2.isGranted(DELETE, BEN, false));
+
+        // Check granting process for child1
+        assertTrue(childAcl1.isGranted(CREATE, SCOTT,
+                false));
+        assertTrue(childAcl1.isGranted(READ, Arrays.asList((Sid)new GrantedAuthoritySid("ROLE_USER_READ")), false));
+        assertFalse(childAcl1.isGranted(DELETE, BEN, false));
+
+        // Check granting process for child2 (doesn't inherit the permissions from its parent)
+        try {
+            assertTrue(childAcl2.isGranted(CREATE, SCOTT, false));
+            fail("It should have thrown NotFoundException");
+        }
+        catch (NotFoundException expected) {
+            assertTrue(true);
+        }
+        try {
+            assertTrue(childAcl2.isGranted(CREATE, Arrays.asList((Sid)new PrincipalSid("joe")), false));
+            fail("It should have thrown NotFoundException");
+        }
+        catch (NotFoundException expected) {
+            assertTrue(true);
+        }
+    }
+
+    @Test
+    public void updatedAceValuesAreCorrectlyReflectedInAcl() throws Exception {
+        Authentication auth = new TestingAuthenticationToken("ben", "ignored","ROLE_GENERAL");
+        auth.setAuthenticated(true);
+        SecurityContextHolder.getContext().setAuthentication(auth);
+        MutableAcl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, false, new PrincipalSid(
+                "joe"));
+        MockAclService service = new MockAclService();
+
+        acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
+        acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
+        acl.insertAce(2, BasePermission.CREATE, new PrincipalSid("ben"), true);
+        service.updateAcl(acl);
+
+        assertEquals(acl.getEntries().get(0).getPermission(), BasePermission.READ);
+        assertEquals(acl.getEntries().get(1).getPermission(), BasePermission.WRITE);
+        assertEquals(acl.getEntries().get(2).getPermission(), BasePermission.CREATE);
+
+        // Change each permission
+        acl.updateAce(0, BasePermission.CREATE);
+        acl.updateAce(1, BasePermission.DELETE);
+        acl.updateAce(2, BasePermission.READ);
+
+        // Check the change was successfuly made
+        assertEquals(acl.getEntries().get(0).getPermission(), BasePermission.CREATE);
+        assertEquals(acl.getEntries().get(1).getPermission(), BasePermission.DELETE);
+        assertEquals(acl.getEntries().get(2).getPermission(), BasePermission.READ);
+    }
+
+    @Test
+    public void auditableEntryFlagsAreUpdatedCorrectly() throws Exception {
+        Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_AUDITING", "ROLE_GENERAL");
+        auth.setAuthenticated(true);
+        SecurityContextHolder.getContext().setAuthentication(auth);
+        MutableAcl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, false, new PrincipalSid(
+                "joe"));
+        MockAclService service = new MockAclService();
+
+        acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
+        acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
+        service.updateAcl(acl);
+
+        assertFalse(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditFailure());
+        assertFalse(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditFailure());
+        assertFalse(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditSuccess());
+        assertFalse(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditSuccess());
+
+        // Change each permission
+        ((AuditableAcl) acl).updateAuditing(0, true, true);
+        ((AuditableAcl) acl).updateAuditing(1, true, true);
+
+        // Check the change was successfuly made
+        assertTrue(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditFailure());
+        assertTrue(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditFailure());
+        assertTrue(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditSuccess());
+        assertTrue(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditSuccess());
+    }
+
+    @Test
+    public void gettersAndSettersAreConsistent() throws Exception {
+        Authentication auth = new TestingAuthenticationToken("ben", "ignored", new GrantedAuthority[] {
+                new GrantedAuthorityImpl("ROLE_GENERAL") });
+        auth.setAuthenticated(true);
+        SecurityContextHolder.getContext().setAuthentication(auth);
+        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, (100));
+        ObjectIdentity identity2 = new ObjectIdentityImpl(TARGET_CLASS, (101));
+        MutableAcl acl = new AclImpl(identity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true,
+                new PrincipalSid("joe"));
+        MutableAcl parentAcl = new AclImpl(identity2, 2, mockAuthzStrategy, mockAuditLogger, null, null, true,
+                new PrincipalSid("joe"));
+        MockAclService service = new MockAclService();
+        acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
+        acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
+        service.updateAcl(acl);
+
+        assertEquals(acl.getId(), 1);
+        assertEquals(acl.getObjectIdentity(), identity);
+        assertEquals(acl.getOwner(), new PrincipalSid("joe"));
+        assertNull(acl.getParentAcl());
+        assertTrue(acl.isEntriesInheriting());
+        assertEquals(2, acl.getEntries().size());
+
+        acl.setParent(parentAcl);
+        assertEquals(acl.getParentAcl(), parentAcl);
+
+        acl.setEntriesInheriting(false);
+        assertFalse(acl.isEntriesInheriting());
+
+        ((OwnershipAcl) acl).setOwner(new PrincipalSid("ben"));
+        assertEquals(acl.getOwner(), new PrincipalSid("ben"));
+    }
+
+    @Test
+    public void isSidLoadedBehavesAsExpected() throws Exception {
+        List<Sid> loadedSids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_IGNORED"));
+        MutableAcl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, loadedSids, true,
+                new PrincipalSid("joe"));
+
+        assertTrue(acl.isSidLoaded(loadedSids));
+        assertTrue(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new PrincipalSid("ben"))));
+        assertTrue(acl.isSidLoaded(Arrays.asList((Sid)new GrantedAuthoritySid("ROLE_IGNORED"))));
+        assertTrue(acl.isSidLoaded(BEN));
+        assertTrue(acl.isSidLoaded(null));
+        assertTrue(acl.isSidLoaded(new ArrayList<Sid>(0)));
+        assertTrue(acl.isSidLoaded(Arrays.asList((Sid)new GrantedAuthoritySid("ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_IGNORED"))));
+        assertFalse(acl.isSidLoaded(Arrays.asList((Sid)new GrantedAuthoritySid("ROLE_GENERAL"), new GrantedAuthoritySid("ROLE_IGNORED"))));
+        assertFalse(acl.isSidLoaded(Arrays.asList((Sid)new GrantedAuthoritySid("ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_GENERAL"))));
+    }
+
+    @Test(expected=NotFoundException.class)
+    public void insertAceRaisesNotFoundExceptionForIndexLessThanZero() throws Exception {
+        AclImpl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true,
+                new PrincipalSid("joe"));
+        acl.insertAce(-1, mock(Permission.class), mock(Sid.class), true);
+    }
+
+    @Test(expected=NotFoundException.class)
+    public void deleteAceRaisesNotFoundExceptionForIndexLessThanZero() throws Exception {
+        AclImpl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true,
+                new PrincipalSid("joe"));
+        acl.deleteAce(-1);
+    }
+
+    @Test(expected=NotFoundException.class)
+    public void insertAceRaisesNotFoundExceptionForIndexGreaterThanSize() throws Exception {
+        AclImpl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true,
+                new PrincipalSid("joe"));
+        // Insert at zero, OK.
+        acl.insertAce(0, mock(Permission.class), mock(Sid.class), true);
+        // Size is now 1
+        acl.insertAce(2, mock(Permission.class), mock(Sid.class), true);
+    }
+
+    // SEC-1151
+    @Test(expected=NotFoundException.class)
+    public void deleteAceRaisesNotFoundExceptionForIndexEqualToSize() throws Exception {
+        AclImpl acl = new AclImpl(objectIdentity, 1, mockAuthzStrategy, mockAuditLogger, null, null, true,
+                new PrincipalSid("joe"));
+        acl.insertAce(0, mock(Permission.class), mock(Sid.class), true);
+        // Size is now 1
+        acl.deleteAce(1);
+    }
+
+
+    //~ Inner Classes ==================================================================================================
+
+    private class MockAclService implements MutableAclService {
+        public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
+            return null;
+        }
+
+        public void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren) throws ChildrenExistException {
+        }
+
+        /*
+         * Mock implementation that populates the aces list with fully initialized AccessControlEntries
+         * @see org.springframework.security.acls.MutableAclService#updateAcl(org.springframework.security.acls.MutableAcl)
+         */
+        @SuppressWarnings("unchecked")
+        public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
+            List<AccessControlEntry> oldAces = acl.getEntries();
+            Field acesField = FieldUtils.getField(AclImpl.class, "aces");
+            acesField.setAccessible(true);
+            List newAces;
+            try {
+                newAces = (List) acesField.get(acl);
+                newAces.clear();
+
+                for (int i = 0; i < oldAces.size(); i++) {
+                    AccessControlEntry ac = oldAces.get(i);
+                    // Just give an ID to all this acl's aces, rest of the fields are just copied
+                    newAces.add(new AccessControlEntryImpl((i + 1), ac.getAcl(), ac.getSid(), ac.getPermission(), ac
+                            .isGranting(), ((AuditableAccessControlEntry) ac).isAuditSuccess(),
+                            ((AuditableAccessControlEntry) ac).isAuditFailure()));
+                }
+            }
+            catch (IllegalAccessException e) {
+                e.printStackTrace();
+            }
+
+            return acl;
+        }
+
+        public List<ObjectIdentity> findChildren(ObjectIdentity parentIdentity) {
+            return null;
+        }
+
+        public Acl readAclById(ObjectIdentity object) throws NotFoundException {
+            return null;
+        }
+
+        public Acl readAclById(ObjectIdentity object, List<Sid> sids) throws NotFoundException {
+            return null;
+        }
+
+        public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects) throws NotFoundException {
+            return null;
+        }
+
+        public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) throws NotFoundException {
+            return null;
+        }
+    }
+}

acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java

@@ -1,260 +1,260 @@
-package org.springframework.security.acls.domain;
-
-import junit.framework.Assert;
-import junit.framework.TestCase;
-
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.acls.model.Acl;
-import org.springframework.security.acls.model.MutableAcl;
-import org.springframework.security.acls.model.NotFoundException;
-import org.springframework.security.acls.model.ObjectIdentity;
-import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.GrantedAuthorityImpl;
-import org.springframework.security.core.context.SecurityContextHolder;
-
-/**
- * Test class for {@link AclAuthorizationStrategyImpl} and {@link AclImpl}
- * security checks.
- *
- * @author Andrei Stefan
- */
-public class AclImplementationSecurityCheckTests extends TestCase {
-    private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
-
-    //~ Methods ========================================================================================================
-
-    protected void setUp() throws Exception {
-        SecurityContextHolder.clearContext();
-    }
-
-    protected void tearDown() throws Exception {
-        SecurityContextHolder.clearContext();
-    }
-
-    public void testSecurityCheckNoACEs() throws Exception {
-        Authentication auth = new TestingAuthenticationToken("user", "password","ROLE_GENERAL","ROLE_AUDITING","ROLE_OWNERSHIP");
-        auth.setAuthenticated(true);
-        SecurityContextHolder.getContext().setAuthentication(auth);
-
-        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
-        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
-                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
-                new GrantedAuthorityImpl("ROLE_GENERAL") });
-
-        Acl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
-
-        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
-        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
-        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
-
-        // Create another authorization strategy
-        AclAuthorizationStrategy aclAuthorizationStrategy2 = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
-                new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO"),
-                new GrantedAuthorityImpl("ROLE_THREE") });
-        Acl acl2 = new AclImpl(identity, new Long(1), aclAuthorizationStrategy2, new ConsoleAuditLogger());
-        // Check access in case the principal has no authorization rights
-        try {
-            aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_GENERAL);
-            Assert.fail("It should have thrown NotFoundException");
-        }
-        catch (NotFoundException expected) {
-        }
-        try {
-            aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_AUDITING);
-            Assert.fail("It should have thrown NotFoundException");
-        }
-        catch (NotFoundException expected) {
-        }
-        try {
-            aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
-            Assert.fail("It should have thrown NotFoundException");
-        }
-        catch (NotFoundException expected) {
-        }
-    }
-
-    public void testSecurityCheckWithMultipleACEs() throws Exception {
-        // Create a simple authentication with ROLE_GENERAL
-        Authentication auth = new TestingAuthenticationToken("user", "password",
-                new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_GENERAL") });
-        auth.setAuthenticated(true);
-        SecurityContextHolder.getContext().setAuthentication(auth);
-
-        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
-        // Authorization strategy will require a different role for each access
-        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
-                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
-                new GrantedAuthorityImpl("ROLE_GENERAL") });
-
-        // Let's give the principal the ADMINISTRATION permission, without
-        // granting access
-        MutableAcl aclFirstDeny = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
-        aclFirstDeny.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false);
-
-        // The CHANGE_GENERAL test should pass as the principal has ROLE_GENERAL
-        aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_GENERAL);
-
-        // The CHANGE_AUDITING and CHANGE_OWNERSHIP should fail since the
-        // principal doesn't have these authorities,
-        // nor granting access
-        try {
-            aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_AUDITING);
-            Assert.fail("It should have thrown AccessDeniedException");
-        }
-        catch (AccessDeniedException expected) {
-        }
-        try {
-            aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
-            Assert.fail("It should have thrown AccessDeniedException");
-        }
-        catch (AccessDeniedException expected) {
-        }
-
-        // Add granting access to this principal
-        aclFirstDeny.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
-        // and try again for CHANGE_AUDITING - the first ACE's granting flag
-        // (false) will deny this access
-        try {
-            aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_AUDITING);
-            Assert.fail("It should have thrown AccessDeniedException");
-        }
-        catch (AccessDeniedException expected) {
-        }
-
-        // Create another ACL and give the principal the ADMINISTRATION
-        // permission, with granting access
-        MutableAcl aclFirstAllow = new AclImpl(identity, new Long(1), aclAuthorizationStrategy,
-                new ConsoleAuditLogger());
-        aclFirstAllow.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
-
-        // The CHANGE_AUDITING test should pass as there is one ACE with
-        // granting access
-
-        aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING);
-
-        // Add a deny ACE and test again for CHANGE_AUDITING
-        aclFirstAllow.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false);
-        try {
-            aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING);
-            Assert.assertTrue(true);
-        }
-        catch (AccessDeniedException notExpected) {
-            Assert.fail("It shouldn't have thrown AccessDeniedException");
-        }
-
-        // Create an ACL with no ACE
-        MutableAcl aclNoACE = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
-        try {
-            aclAuthorizationStrategy.securityCheck(aclNoACE, AclAuthorizationStrategy.CHANGE_AUDITING);
-            Assert.fail("It should have thrown NotFoundException");
-        }
-        catch (NotFoundException expected) {
-            Assert.assertTrue(true);
-        }
-        // and still grant access for CHANGE_GENERAL
-        try {
-            aclAuthorizationStrategy.securityCheck(aclNoACE, AclAuthorizationStrategy.CHANGE_GENERAL);
-            Assert.assertTrue(true);
-        }
-        catch (NotFoundException expected) {
-            Assert.fail("It shouldn't have thrown NotFoundException");
-        }
-    }
-
-    public void testSecurityCheckWithInheritableACEs() throws Exception {
-        // Create a simple authentication with ROLE_GENERAL
-        Authentication auth = new TestingAuthenticationToken("user", "password",
-                new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_GENERAL") });
-        auth.setAuthenticated(true);
-        SecurityContextHolder.getContext().setAuthentication(auth);
-
-        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
-        // Authorization strategy will require a different role for each access
-        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
-                new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO"),
-                new GrantedAuthorityImpl("ROLE_GENERAL") });
-
-        // Let's give the principal an ADMINISTRATION permission, with granting
-        // access
-        MutableAcl parentAcl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
-        parentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
-        MutableAcl childAcl = new AclImpl(identity, new Long(2), aclAuthorizationStrategy, new ConsoleAuditLogger());
-
-        // Check against the 'child' acl, which doesn't offer any authorization
-        // rights on CHANGE_OWNERSHIP
-        try {
-            aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
-            Assert.fail("It should have thrown NotFoundException");
-        }
-        catch (NotFoundException expected) {
-            Assert.assertTrue(true);
-        }
-
-        // Link the child with its parent and test again against the
-        // CHANGE_OWNERSHIP right
-        childAcl.setParent(parentAcl);
-        childAcl.setEntriesInheriting(true);
-        try {
-            aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
-            Assert.assertTrue(true);
-        }
-        catch (NotFoundException expected) {
-            Assert.fail("It shouldn't have thrown NotFoundException");
-        }
-
-        // Create a root parent and link it to the middle parent
-        MutableAcl rootParentAcl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy,
-                new ConsoleAuditLogger());
-        parentAcl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
-        rootParentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
-        parentAcl.setEntriesInheriting(true);
-        parentAcl.setParent(rootParentAcl);
-        childAcl.setParent(parentAcl);
-        try {
-            aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
-            Assert.assertTrue(true);
-        }
-        catch (NotFoundException expected) {
-            Assert.fail("It shouldn't have thrown NotFoundException");
-        }
-    }
-
-    public void testSecurityCheckPrincipalOwner() throws Exception {
-        Authentication auth = new TestingAuthenticationToken("user", "password", new GrantedAuthority[] {
-                new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_ONE"),
-                new GrantedAuthorityImpl("ROLE_ONE") });
-        auth.setAuthenticated(true);
-        SecurityContextHolder.getContext().setAuthentication(auth);
-
-        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
-        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
-                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
-                new GrantedAuthorityImpl("ROLE_GENERAL") });
-
-        Acl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger(), null, null,
-                false, new PrincipalSid(auth));
-        try {
-            aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
-            Assert.assertTrue(true);
-        }
-        catch (AccessDeniedException notExpected) {
-            Assert.fail("It shouldn't have thrown AccessDeniedException");
-        }
-        try {
-            aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
-            Assert.fail("It shouldn't have thrown AccessDeniedException");
-        }
-        catch (NotFoundException expected) {
-            Assert.assertTrue(true);
-        }
-        try {
-            aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
-            Assert.assertTrue(true);
-        }
-        catch (AccessDeniedException notExpected) {
-            Assert.fail("It shouldn't have thrown AccessDeniedException");
-        }
-    }
-}
+package org.springframework.security.acls.domain;
+
+import junit.framework.Assert;
+import junit.framework.TestCase;
+
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.acls.model.Acl;
+import org.springframework.security.acls.model.MutableAcl;
+import org.springframework.security.acls.model.NotFoundException;
+import org.springframework.security.acls.model.ObjectIdentity;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+/**
+ * Test class for {@link AclAuthorizationStrategyImpl} and {@link AclImpl}
+ * security checks.
+ *
+ * @author Andrei Stefan
+ */
+public class AclImplementationSecurityCheckTests extends TestCase {
+    private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
+
+    //~ Methods ========================================================================================================
+
+    protected void setUp() throws Exception {
+        SecurityContextHolder.clearContext();
+    }
+
+    protected void tearDown() throws Exception {
+        SecurityContextHolder.clearContext();
+    }
+
+    public void testSecurityCheckNoACEs() throws Exception {
+        Authentication auth = new TestingAuthenticationToken("user", "password","ROLE_GENERAL","ROLE_AUDITING","ROLE_OWNERSHIP");
+        auth.setAuthenticated(true);
+        SecurityContextHolder.getContext().setAuthentication(auth);
+
+        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
+        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
+                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
+                new GrantedAuthorityImpl("ROLE_GENERAL") });
+
+        Acl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
+
+        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
+        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
+        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+
+        // Create another authorization strategy
+        AclAuthorizationStrategy aclAuthorizationStrategy2 = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
+                new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO"),
+                new GrantedAuthorityImpl("ROLE_THREE") });
+        Acl acl2 = new AclImpl(identity, new Long(1), aclAuthorizationStrategy2, new ConsoleAuditLogger());
+        // Check access in case the principal has no authorization rights
+        try {
+            aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_GENERAL);
+            Assert.fail("It should have thrown NotFoundException");
+        }
+        catch (NotFoundException expected) {
+        }
+        try {
+            aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_AUDITING);
+            Assert.fail("It should have thrown NotFoundException");
+        }
+        catch (NotFoundException expected) {
+        }
+        try {
+            aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+            Assert.fail("It should have thrown NotFoundException");
+        }
+        catch (NotFoundException expected) {
+        }
+    }
+
+    public void testSecurityCheckWithMultipleACEs() throws Exception {
+        // Create a simple authentication with ROLE_GENERAL
+        Authentication auth = new TestingAuthenticationToken("user", "password",
+                new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_GENERAL") });
+        auth.setAuthenticated(true);
+        SecurityContextHolder.getContext().setAuthentication(auth);
+
+        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
+        // Authorization strategy will require a different role for each access
+        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
+                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
+                new GrantedAuthorityImpl("ROLE_GENERAL") });
+
+        // Let's give the principal the ADMINISTRATION permission, without
+        // granting access
+        MutableAcl aclFirstDeny = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
+        aclFirstDeny.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false);
+
+        // The CHANGE_GENERAL test should pass as the principal has ROLE_GENERAL
+        aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_GENERAL);
+
+        // The CHANGE_AUDITING and CHANGE_OWNERSHIP should fail since the
+        // principal doesn't have these authorities,
+        // nor granting access
+        try {
+            aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_AUDITING);
+            Assert.fail("It should have thrown AccessDeniedException");
+        }
+        catch (AccessDeniedException expected) {
+        }
+        try {
+            aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+            Assert.fail("It should have thrown AccessDeniedException");
+        }
+        catch (AccessDeniedException expected) {
+        }
+
+        // Add granting access to this principal
+        aclFirstDeny.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
+        // and try again for CHANGE_AUDITING - the first ACE's granting flag
+        // (false) will deny this access
+        try {
+            aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_AUDITING);
+            Assert.fail("It should have thrown AccessDeniedException");
+        }
+        catch (AccessDeniedException expected) {
+        }
+
+        // Create another ACL and give the principal the ADMINISTRATION
+        // permission, with granting access
+        MutableAcl aclFirstAllow = new AclImpl(identity, new Long(1), aclAuthorizationStrategy,
+                new ConsoleAuditLogger());
+        aclFirstAllow.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
+
+        // The CHANGE_AUDITING test should pass as there is one ACE with
+        // granting access
+
+        aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING);
+
+        // Add a deny ACE and test again for CHANGE_AUDITING
+        aclFirstAllow.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false);
+        try {
+            aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING);
+            Assert.assertTrue(true);
+        }
+        catch (AccessDeniedException notExpected) {
+            Assert.fail("It shouldn't have thrown AccessDeniedException");
+        }
+
+        // Create an ACL with no ACE
+        MutableAcl aclNoACE = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
+        try {
+            aclAuthorizationStrategy.securityCheck(aclNoACE, AclAuthorizationStrategy.CHANGE_AUDITING);
+            Assert.fail("It should have thrown NotFoundException");
+        }
+        catch (NotFoundException expected) {
+            Assert.assertTrue(true);
+        }
+        // and still grant access for CHANGE_GENERAL
+        try {
+            aclAuthorizationStrategy.securityCheck(aclNoACE, AclAuthorizationStrategy.CHANGE_GENERAL);
+            Assert.assertTrue(true);
+        }
+        catch (NotFoundException expected) {
+            Assert.fail("It shouldn't have thrown NotFoundException");
+        }
+    }
+
+    public void testSecurityCheckWithInheritableACEs() throws Exception {
+        // Create a simple authentication with ROLE_GENERAL
+        Authentication auth = new TestingAuthenticationToken("user", "password",
+                new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_GENERAL") });
+        auth.setAuthenticated(true);
+        SecurityContextHolder.getContext().setAuthentication(auth);
+
+        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
+        // Authorization strategy will require a different role for each access
+        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
+                new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO"),
+                new GrantedAuthorityImpl("ROLE_GENERAL") });
+
+        // Let's give the principal an ADMINISTRATION permission, with granting
+        // access
+        MutableAcl parentAcl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
+        parentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
+        MutableAcl childAcl = new AclImpl(identity, new Long(2), aclAuthorizationStrategy, new ConsoleAuditLogger());
+
+        // Check against the 'child' acl, which doesn't offer any authorization
+        // rights on CHANGE_OWNERSHIP
+        try {
+            aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+            Assert.fail("It should have thrown NotFoundException");
+        }
+        catch (NotFoundException expected) {
+            Assert.assertTrue(true);
+        }
+
+        // Link the child with its parent and test again against the
+        // CHANGE_OWNERSHIP right
+        childAcl.setParent(parentAcl);
+        childAcl.setEntriesInheriting(true);
+        try {
+            aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+            Assert.assertTrue(true);
+        }
+        catch (NotFoundException expected) {
+            Assert.fail("It shouldn't have thrown NotFoundException");
+        }
+
+        // Create a root parent and link it to the middle parent
+        MutableAcl rootParentAcl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy,
+                new ConsoleAuditLogger());
+        parentAcl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
+        rootParentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
+        parentAcl.setEntriesInheriting(true);
+        parentAcl.setParent(rootParentAcl);
+        childAcl.setParent(parentAcl);
+        try {
+            aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+            Assert.assertTrue(true);
+        }
+        catch (NotFoundException expected) {
+            Assert.fail("It shouldn't have thrown NotFoundException");
+        }
+    }
+
+    public void testSecurityCheckPrincipalOwner() throws Exception {
+        Authentication auth = new TestingAuthenticationToken("user", "password", new GrantedAuthority[] {
+                new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_ONE"),
+                new GrantedAuthorityImpl("ROLE_ONE") });
+        auth.setAuthenticated(true);
+        SecurityContextHolder.getContext().setAuthentication(auth);
+
+        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
+        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
+                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
+                new GrantedAuthorityImpl("ROLE_GENERAL") });
+
+        Acl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger(), null, null,
+                false, new PrincipalSid(auth));
+        try {
+            aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
+            Assert.assertTrue(true);
+        }
+        catch (AccessDeniedException notExpected) {
+            Assert.fail("It shouldn't have thrown AccessDeniedException");
+        }
+        try {
+            aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
+            Assert.fail("It shouldn't have thrown AccessDeniedException");
+        }
+        catch (NotFoundException expected) {
+            Assert.assertTrue(true);
+        }
+        try {
+            aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
+            Assert.assertTrue(true);
+        }
+        catch (AccessDeniedException notExpected) {
+            Assert.fail("It shouldn't have thrown AccessDeniedException");
+        }
+    }
+}

acl/src/test/java/org/springframework/security/acls/domain/AuditLoggerTests.java

@@ -1,92 +1,91 @@
-package org.springframework.security.acls.domain;
-
-import static org.junit.Assert.*;
-
-import java.io.ByteArrayOutputStream;
-import java.io.PrintStream;
-
-import org.jmock.Expectations;
-import org.jmock.Mockery;
-import org.jmock.integration.junit4.JUnit4Mockery;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.springframework.security.acls.model.AccessControlEntry;
-import org.springframework.security.acls.model.AuditableAccessControlEntry;
-
-/**
- * Test class for {@link ConsoleAuditLogger}.
- *
- * @author Andrei Stefan
- * @version $Id$
- */
-public class AuditLoggerTests {
-    //~ Instance fields ================================================================================================
-    private Mockery jmock = new JUnit4Mockery();
-    private PrintStream console;
-    private ByteArrayOutputStream bytes = new ByteArrayOutputStream();
-    private ConsoleAuditLogger logger;
-    private AuditableAccessControlEntry ace;
-    private Expectations aceRequiresAudit;
-    private Expectations aceDoesntRequireAudit;
-
-    //~ Methods ========================================================================================================
-
-    @Before
-    public void setUp() throws Exception {
-        logger = new ConsoleAuditLogger();
-        ace = jmock.mock(AuditableAccessControlEntry.class);
-        aceRequiresAudit = new Expectations() {{
-            allowing(ace).isAuditSuccess(); will(returnValue(true));
-            allowing(ace).isAuditFailure(); will(returnValue(true));
-        }};
-        aceDoesntRequireAudit = new Expectations() {{
-            allowing(ace).isAuditSuccess(); will(returnValue(false));
-            allowing(ace).isAuditFailure(); will(returnValue(false));
-        }};
-
-        console = System.out;
-        System.setOut(new PrintStream(bytes));
-    }
-
-    @After
-    public void tearDown() throws Exception {
-        System.setOut(console);
-        bytes.reset();
-    }
-
-    @Test
-    public void nonAuditableAceIsIgnored() {
-        AccessControlEntry ace = jmock.mock(AccessControlEntry.class);
-        logger.logIfNeeded(true, ace);
-        assertEquals(0, bytes.size());
-    }
-
-    @Test
-    public void successIsNotLoggedIfAceDoesntRequireSuccessAudit() throws Exception {
-        jmock.checking(aceDoesntRequireAudit);
-        logger.logIfNeeded(true, ace);
-        assertEquals(0, bytes.size());
-    }
-
-    @Test
-    public void successIsLoggedIfAceRequiresSuccessAudit() throws Exception {
-        jmock.checking(aceRequiresAudit);
-        logger.logIfNeeded(true, ace);
-        assertTrue(bytes.toString().startsWith("GRANTED due to ACE"));
-    }
-
-    @Test
-    public void failureIsntLoggedIfAceDoesntRequireFailureAudit() throws Exception {
-        jmock.checking(aceDoesntRequireAudit);
-        logger.logIfNeeded(false, ace);
-        assertEquals(0, bytes.size());
-    }
-
-    @Test
-    public void failureIsLoggedIfAceRequiresFailureAudit() throws Exception {
-        jmock.checking(aceRequiresAudit);
-        logger.logIfNeeded(false, ace);
-        assertTrue(bytes.toString().startsWith("DENIED due to ACE"));
-    }
-}
+package org.springframework.security.acls.domain;
+
+import static org.junit.Assert.*;
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+
+import org.jmock.Expectations;
+import org.jmock.Mockery;
+import org.jmock.integration.junit4.JUnit4Mockery;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.acls.model.AccessControlEntry;
+import org.springframework.security.acls.model.AuditableAccessControlEntry;
+
+/**
+ * Test class for {@link ConsoleAuditLogger}.
+ *
+ * @author Andrei Stefan
+ */
+public class AuditLoggerTests {
+    //~ Instance fields ================================================================================================
+    private Mockery jmock = new JUnit4Mockery();
+    private PrintStream console;
+    private ByteArrayOutputStream bytes = new ByteArrayOutputStream();
+    private ConsoleAuditLogger logger;
+    private AuditableAccessControlEntry ace;
+    private Expectations aceRequiresAudit;
+    private Expectations aceDoesntRequireAudit;
+
+    //~ Methods ========================================================================================================
+
+    @Before
+    public void setUp() throws Exception {
+        logger = new ConsoleAuditLogger();
+        ace = jmock.mock(AuditableAccessControlEntry.class);
+        aceRequiresAudit = new Expectations() {{
+            allowing(ace).isAuditSuccess(); will(returnValue(true));
+            allowing(ace).isAuditFailure(); will(returnValue(true));
+        }};
+        aceDoesntRequireAudit = new Expectations() {{
+            allowing(ace).isAuditSuccess(); will(returnValue(false));
+            allowing(ace).isAuditFailure(); will(returnValue(false));
+        }};
+
+        console = System.out;
+        System.setOut(new PrintStream(bytes));
+    }
+
+    @After
+    public void tearDown() throws Exception {
+        System.setOut(console);
+        bytes.reset();
+    }
+
+    @Test
+    public void nonAuditableAceIsIgnored() {
+        AccessControlEntry ace = jmock.mock(AccessControlEntry.class);
+        logger.logIfNeeded(true, ace);
+        assertEquals(0, bytes.size());
+    }
+
+    @Test
+    public void successIsNotLoggedIfAceDoesntRequireSuccessAudit() throws Exception {
+        jmock.checking(aceDoesntRequireAudit);
+        logger.logIfNeeded(true, ace);
+        assertEquals(0, bytes.size());
+    }
+
+    @Test
+    public void successIsLoggedIfAceRequiresSuccessAudit() throws Exception {
+        jmock.checking(aceRequiresAudit);
+        logger.logIfNeeded(true, ace);
+        assertTrue(bytes.toString().startsWith("GRANTED due to ACE"));
+    }
+
+    @Test
+    public void failureIsntLoggedIfAceDoesntRequireFailureAudit() throws Exception {
+        jmock.checking(aceDoesntRequireAudit);
+        logger.logIfNeeded(false, ace);
+        assertEquals(0, bytes.size());
+    }
+
+    @Test
+    public void failureIsLoggedIfAceRequiresFailureAudit() throws Exception {
+        jmock.checking(aceRequiresAudit);
+        logger.logIfNeeded(false, ace);
+        assertTrue(bytes.toString().startsWith("DENIED due to ACE"));
+    }
+}

acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityImplTests.java

@@ -1,189 +1,189 @@
-package org.springframework.security.acls.domain;
-
-import static org.junit.Assert.*;
-
-import org.junit.Test;
-import org.springframework.security.acls.domain.IdentityUnavailableException;
-import org.springframework.security.acls.domain.ObjectIdentityImpl;
-import org.springframework.security.acls.model.ObjectIdentity;
-
-/**
- * Tests for {@link ObjectIdentityImpl}.
- *
- * @author Andrei Stefan
- */
-@SuppressWarnings("unused")
-public class ObjectIdentityImplTests {
-
-    private static final String DOMAIN_CLASS =
-        "org.springframework.security.acls.domain.ObjectIdentityImplTests$MockIdDomainObject";
-
-    //~ Methods ========================================================================================================
-
-    @Test
-    public void constructorsRespectRequiredFields() throws Exception {
-        // Check one-argument constructor required field
-        try {
-            new ObjectIdentityImpl(null);
-            fail("It should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-        }
-
-        // Check String-Serializable constructor required field
-        try {
-            new ObjectIdentityImpl("", Long.valueOf(1));
-            fail("It should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-        }
-
-        // Check Serializable parameter is not null
-        try {
-            new ObjectIdentityImpl(DOMAIN_CLASS, null);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-
-        // The correct way of using String-Serializable constructor
-        try {
-            new ObjectIdentityImpl(DOMAIN_CLASS, Long.valueOf(1));
-        }
-        catch (IllegalArgumentException notExpected) {
-            fail("It shouldn't have thrown IllegalArgumentException");
-        }
-
-        // Check the Class-Serializable constructor
-        try {
-            new ObjectIdentityImpl(MockIdDomainObject.class, null);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-    }
-
-    @Test
-    public void gettersReturnExpectedValues() throws Exception {
-        ObjectIdentity obj = new ObjectIdentityImpl(DOMAIN_CLASS, Long.valueOf(1));
-        assertEquals(Long.valueOf(1), obj.getIdentifier());
-        assertEquals(MockIdDomainObject.class.getName(), obj.getType());
-    }
-
-    @Test
-    public void testGetIdMethodConstraints() throws Exception {
-        // Check the getId() method is present
-        try {
-            new ObjectIdentityImpl("A_STRING_OBJECT");
-            fail("It should have thrown IdentityUnavailableException");
-        }
-        catch (IdentityUnavailableException expected) {
-
-        }
-
-        // getId() should return a non-null value
-        MockIdDomainObject mockId = new MockIdDomainObject();
-        try {
-            new ObjectIdentityImpl(mockId);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-
-        }
-
-        // getId() should return a Serializable object
-        mockId.setId(new MockIdDomainObject());
-        try {
-            new ObjectIdentityImpl(mockId);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-        }
-
-        // getId() should return a Serializable object
-        mockId.setId(new Long(100));
-        try {
-            new ObjectIdentityImpl(mockId);
-        }
-        catch (IllegalArgumentException expected) {
-        }
-    }
-
-    @Test(expected=IllegalArgumentException.class)
-    public void constructorRejectsInvalidTypeParameter() throws Exception {
-        new ObjectIdentityImpl("", Long.valueOf(1));
-    }
-
-    @Test
-    public void testEquals() throws Exception {
-        ObjectIdentity obj = new ObjectIdentityImpl(DOMAIN_CLASS, Long.valueOf(1));
-        MockIdDomainObject mockObj = new MockIdDomainObject();
-        mockObj.setId(Long.valueOf(1));
-
-        String string = "SOME_STRING";
-        assertNotSame(obj, string);
-        assertFalse(obj.equals(null));
-        assertFalse(obj.equals("DIFFERENT_OBJECT_TYPE"));
-        assertFalse(obj.equals(new ObjectIdentityImpl(DOMAIN_CLASS, Long.valueOf(2))));
-        assertFalse(obj.equals(new ObjectIdentityImpl(
-                "org.springframework.security.acls.domain.ObjectIdentityImplTests$MockOtherIdDomainObject",
-                Long.valueOf(1))));
-        assertEquals(new ObjectIdentityImpl(DOMAIN_CLASS,Long.valueOf(1)), obj);
-        assertEquals(obj, new ObjectIdentityImpl(mockObj));
-    }
-
-    @Test
-    public void hashcodeIsDifferentForDifferentJavaTypes() throws Exception {
-        ObjectIdentity obj = new ObjectIdentityImpl(Object.class, Long.valueOf(1));
-        ObjectIdentity obj2 = new ObjectIdentityImpl(String.class, Long.valueOf(1));
-        assertFalse(obj.hashCode() == obj2.hashCode());
-    }
-
-    @Test
-    public void longAndIntegerIdsWithSameValueAreEqualAndHaveSameHashcode() {
-        ObjectIdentity obj = new ObjectIdentityImpl(Object.class, new Long(5));
-        ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, new Integer(5));
-
-        assertEquals(obj, obj2);
-        assertEquals(obj.hashCode(), obj2.hashCode());
-    }
-
-    @Test
-    public void equalStringIdsAreEqualAndHaveSameHashcode() throws Exception {
-        ObjectIdentity obj = new ObjectIdentityImpl(Object.class, "1000");
-        ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, "1000");
-        assertEquals(obj, obj2);
-        assertEquals(obj.hashCode(), obj2.hashCode());
-    }
-
-    @Test
-    public void stringAndNumericIdsAreNotEqual() throws Exception {
-        ObjectIdentity obj = new ObjectIdentityImpl(Object.class, "1000");
-        ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, Long.valueOf(1000));
-        assertFalse(obj.equals(obj2));
-    }
-
-    //~ Inner Classes ==================================================================================================
-
-    private class MockIdDomainObject {
-        private Object id;
-
-        public Object getId() {
-            return id;
-        }
-
-        public void setId(Object id) {
-            this.id = id;
-        }
-    }
-
-    private class MockOtherIdDomainObject {
-        private Object id;
-
-        public Object getId() {
-            return id;
-        }
-
-        public void setId(Object id) {
-            this.id = id;
-        }
-    }
-}
+package org.springframework.security.acls.domain;
+
+import static org.junit.Assert.*;
+
+import org.junit.Test;
+import org.springframework.security.acls.domain.IdentityUnavailableException;
+import org.springframework.security.acls.domain.ObjectIdentityImpl;
+import org.springframework.security.acls.model.ObjectIdentity;
+
+/**
+ * Tests for {@link ObjectIdentityImpl}.
+ *
+ * @author Andrei Stefan
+ */
+@SuppressWarnings("unused")
+public class ObjectIdentityImplTests {
+
+    private static final String DOMAIN_CLASS =
+        "org.springframework.security.acls.domain.ObjectIdentityImplTests$MockIdDomainObject";
+
+    //~ Methods ========================================================================================================
+
+    @Test
+    public void constructorsRespectRequiredFields() throws Exception {
+        // Check one-argument constructor required field
+        try {
+            new ObjectIdentityImpl(null);
+            fail("It should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+        }
+
+        // Check String-Serializable constructor required field
+        try {
+            new ObjectIdentityImpl("", Long.valueOf(1));
+            fail("It should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+        }
+
+        // Check Serializable parameter is not null
+        try {
+            new ObjectIdentityImpl(DOMAIN_CLASS, null);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+
+        // The correct way of using String-Serializable constructor
+        try {
+            new ObjectIdentityImpl(DOMAIN_CLASS, Long.valueOf(1));
+        }
+        catch (IllegalArgumentException notExpected) {
+            fail("It shouldn't have thrown IllegalArgumentException");
+        }
+
+        // Check the Class-Serializable constructor
+        try {
+            new ObjectIdentityImpl(MockIdDomainObject.class, null);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+    }
+
+    @Test
+    public void gettersReturnExpectedValues() throws Exception {
+        ObjectIdentity obj = new ObjectIdentityImpl(DOMAIN_CLASS, Long.valueOf(1));
+        assertEquals(Long.valueOf(1), obj.getIdentifier());
+        assertEquals(MockIdDomainObject.class.getName(), obj.getType());
+    }
+
+    @Test
+    public void testGetIdMethodConstraints() throws Exception {
+        // Check the getId() method is present
+        try {
+            new ObjectIdentityImpl("A_STRING_OBJECT");
+            fail("It should have thrown IdentityUnavailableException");
+        }
+        catch (IdentityUnavailableException expected) {
+
+        }
+
+        // getId() should return a non-null value
+        MockIdDomainObject mockId = new MockIdDomainObject();
+        try {
+            new ObjectIdentityImpl(mockId);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+
+        }
+
+        // getId() should return a Serializable object
+        mockId.setId(new MockIdDomainObject());
+        try {
+            new ObjectIdentityImpl(mockId);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+        }
+
+        // getId() should return a Serializable object
+        mockId.setId(new Long(100));
+        try {
+            new ObjectIdentityImpl(mockId);
+        }
+        catch (IllegalArgumentException expected) {
+        }
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void constructorRejectsInvalidTypeParameter() throws Exception {
+        new ObjectIdentityImpl("", Long.valueOf(1));
+    }
+
+    @Test
+    public void testEquals() throws Exception {
+        ObjectIdentity obj = new ObjectIdentityImpl(DOMAIN_CLASS, Long.valueOf(1));
+        MockIdDomainObject mockObj = new MockIdDomainObject();
+        mockObj.setId(Long.valueOf(1));
+
+        String string = "SOME_STRING";
+        assertNotSame(obj, string);
+        assertFalse(obj.equals(null));
+        assertFalse(obj.equals("DIFFERENT_OBJECT_TYPE"));
+        assertFalse(obj.equals(new ObjectIdentityImpl(DOMAIN_CLASS, Long.valueOf(2))));
+        assertFalse(obj.equals(new ObjectIdentityImpl(
+                "org.springframework.security.acls.domain.ObjectIdentityImplTests$MockOtherIdDomainObject",
+                Long.valueOf(1))));
+        assertEquals(new ObjectIdentityImpl(DOMAIN_CLASS,Long.valueOf(1)), obj);
+        assertEquals(obj, new ObjectIdentityImpl(mockObj));
+    }
+
+    @Test
+    public void hashcodeIsDifferentForDifferentJavaTypes() throws Exception {
+        ObjectIdentity obj = new ObjectIdentityImpl(Object.class, Long.valueOf(1));
+        ObjectIdentity obj2 = new ObjectIdentityImpl(String.class, Long.valueOf(1));
+        assertFalse(obj.hashCode() == obj2.hashCode());
+    }
+
+    @Test
+    public void longAndIntegerIdsWithSameValueAreEqualAndHaveSameHashcode() {
+        ObjectIdentity obj = new ObjectIdentityImpl(Object.class, new Long(5));
+        ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, new Integer(5));
+
+        assertEquals(obj, obj2);
+        assertEquals(obj.hashCode(), obj2.hashCode());
+    }
+
+    @Test
+    public void equalStringIdsAreEqualAndHaveSameHashcode() throws Exception {
+        ObjectIdentity obj = new ObjectIdentityImpl(Object.class, "1000");
+        ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, "1000");
+        assertEquals(obj, obj2);
+        assertEquals(obj.hashCode(), obj2.hashCode());
+    }
+
+    @Test
+    public void stringAndNumericIdsAreNotEqual() throws Exception {
+        ObjectIdentity obj = new ObjectIdentityImpl(Object.class, "1000");
+        ObjectIdentity obj2 = new ObjectIdentityImpl(Object.class, Long.valueOf(1000));
+        assertFalse(obj.equals(obj2));
+    }
+
+    //~ Inner Classes ==================================================================================================
+
+    private class MockIdDomainObject {
+        private Object id;
+
+        public Object getId() {
+            return id;
+        }
+
+        public void setId(Object id) {
+            this.id = id;
+        }
+    }
+
+    private class MockOtherIdDomainObject {
+        private Object id;
+
+        public Object getId() {
+            return id;
+        }
+
+        public void setId(Object id) {
+            this.id = id;
+        }
+    }
+}

acl/src/test/java/org/springframework/security/acls/domain/ObjectIdentityRetrievalStrategyImplTests.java

@@ -1,42 +1,42 @@
-package org.springframework.security.acls.domain;
-
-import org.springframework.security.acls.domain.ObjectIdentityImpl;
-import org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl;
-import org.springframework.security.acls.model.ObjectIdentity;
-import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
-
-import junit.framework.TestCase;
-
-/**
- * Tests for {@link ObjectIdentityRetrievalStrategyImpl}
- *
- * @author Andrei Stefan
- */
-public class ObjectIdentityRetrievalStrategyImplTests extends TestCase {
-    //~ Methods ========================================================================================================
-
-    public void testObjectIdentityCreation() throws Exception {
-        MockIdDomainObject domain = new MockIdDomainObject();
-        domain.setId(new Integer(1));
-
-        ObjectIdentityRetrievalStrategy retStrategy = new ObjectIdentityRetrievalStrategyImpl();
-        ObjectIdentity identity = retStrategy.getObjectIdentity(domain);
-
-        assertNotNull(identity);
-        assertEquals(identity, new ObjectIdentityImpl(domain));
-    }
-
-    //~ Inner Classes ==================================================================================================
-    @SuppressWarnings("unused")
-    private class MockIdDomainObject {
-        private Object id;
-
-        public Object getId() {
-            return id;
-        }
-
-        public void setId(Object id) {
-            this.id = id;
-        }
-    }
-}
+package org.springframework.security.acls.domain;
+
+import org.springframework.security.acls.domain.ObjectIdentityImpl;
+import org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl;
+import org.springframework.security.acls.model.ObjectIdentity;
+import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
+
+import junit.framework.TestCase;
+
+/**
+ * Tests for {@link ObjectIdentityRetrievalStrategyImpl}
+ *
+ * @author Andrei Stefan
+ */
+public class ObjectIdentityRetrievalStrategyImplTests extends TestCase {
+    //~ Methods ========================================================================================================
+
+    public void testObjectIdentityCreation() throws Exception {
+        MockIdDomainObject domain = new MockIdDomainObject();
+        domain.setId(new Integer(1));
+
+        ObjectIdentityRetrievalStrategy retStrategy = new ObjectIdentityRetrievalStrategyImpl();
+        ObjectIdentity identity = retStrategy.getObjectIdentity(domain);
+
+        assertNotNull(identity);
+        assertEquals(identity, new ObjectIdentityImpl(domain));
+    }
+
+    //~ Inner Classes ==================================================================================================
+    @SuppressWarnings("unused")
+    private class MockIdDomainObject {
+        private Object id;
+
+        public Object getId() {
+            return id;
+        }
+
+        public void setId(Object id) {
+            this.id = id;
+        }
+    }
+}

acl/src/test/java/org/springframework/security/acls/domain/PermissionTests.java

@@ -25,7 +25,6 @@ import org.springframework.security.acls.model.Permission;
  * Tests classes associated with Permission.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class PermissionTests {
 

acl/src/test/java/org/springframework/security/acls/domain/SpecialPermission.java

@@ -21,7 +21,6 @@ import org.springframework.security.acls.model.Permission;
  * A test permission.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class SpecialPermission extends BasePermission {
     public static final Permission ENTER = new SpecialPermission(1 << 5, 'E'); // 32

acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java

@@ -1,312 +1,312 @@
-package org.springframework.security.acls.jdbc;
-
-import java.util.Arrays;
-import java.util.List;
-import java.util.Map;
-
-import junit.framework.Assert;
-import net.sf.ehcache.Cache;
-import net.sf.ehcache.CacheManager;
-import net.sf.ehcache.Ehcache;
-
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.springframework.core.io.ClassPathResource;
-import org.springframework.core.io.Resource;
-import org.springframework.jdbc.core.JdbcTemplate;
-import org.springframework.jdbc.datasource.SingleConnectionDataSource;
-import org.springframework.security.acls.domain.AclAuthorizationStrategy;
-import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
-import org.springframework.security.acls.domain.BasePermission;
-import org.springframework.security.acls.domain.ConsoleAuditLogger;
-import org.springframework.security.acls.domain.DefaultPermissionFactory;
-import org.springframework.security.acls.domain.EhCacheBasedAclCache;
-import org.springframework.security.acls.domain.ObjectIdentityImpl;
-import org.springframework.security.acls.domain.PrincipalSid;
-import org.springframework.security.acls.model.Acl;
-import org.springframework.security.acls.model.AuditableAccessControlEntry;
-import org.springframework.security.acls.model.MutableAcl;
-import org.springframework.security.acls.model.NotFoundException;
-import org.springframework.security.acls.model.ObjectIdentity;
-import org.springframework.security.acls.model.Permission;
-import org.springframework.security.acls.model.Sid;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.GrantedAuthorityImpl;
-import org.springframework.util.FileCopyUtils;
-
-/**
- * Tests {@link BasicLookupStrategy}
- *
- * @author Andrei Stefan
- */
-public class BasicLookupStrategyTests {
-
-    private static final Sid BEN_SID = new PrincipalSid("ben");
-    private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
-
-    //~ Instance fields ================================================================================================
-
-    private static JdbcTemplate jdbcTemplate;
-    private BasicLookupStrategy strategy;
-    private static SingleConnectionDataSource dataSource;
-    private static CacheManager cacheManager;
-
-    //~ Methods ========================================================================================================
-    @BeforeClass
-    public static void initCacheManaer() {
-        cacheManager = new CacheManager();
-        cacheManager.addCache(new Cache("basiclookuptestcache", 500, false, false, 30, 30));
-    }
-
-    @BeforeClass
-    public static void createDatabase() throws Exception {
-        dataSource = new SingleConnectionDataSource("jdbc:hsqldb:mem:lookupstrategytest", "sa", "", true);
-        dataSource.setDriverClassName("org.hsqldb.jdbcDriver");
-        jdbcTemplate = new JdbcTemplate(dataSource);
-
-        Resource resource = new ClassPathResource("createAclSchema.sql");
-        String sql = new String(FileCopyUtils.copyToByteArray(resource.getInputStream()));
-        jdbcTemplate.execute(sql);
-    }
-
-    @AfterClass
-    public static void dropDatabase() throws Exception {
-        dataSource.destroy();
-    }
-
-    @AfterClass
-    public static void shutdownCacheManager() {
-        cacheManager.removalAll();
-        cacheManager.shutdown();
-    }
-
-    @Before
-    public void populateDatabase() {
-        String query = "INSERT INTO acl_sid(ID,PRINCIPAL,SID) VALUES (1,1,'ben');"
-                + "INSERT INTO acl_class(ID,CLASS) VALUES (2,'" + TARGET_CLASS + "');"
-                + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (1,2,100,null,1,1);"
-                + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (2,2,101,1,1,1);"
-                + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (3,2,102,2,1,1);"
-                + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (1,1,0,1,1,1,0,0);"
-                + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (2,1,1,1,2,0,0,0);"
-                + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (3,2,0,1,8,1,0,0);"
-                + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (4,3,0,1,8,0,0,0);";
-        jdbcTemplate.execute(query);
-    }
-
-    @Before
-    public void initializeBeans() {
-        EhCacheBasedAclCache cache = new EhCacheBasedAclCache(getCache());
-        AclAuthorizationStrategy authorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
-                new GrantedAuthorityImpl("ROLE_ADMINISTRATOR"), new GrantedAuthorityImpl("ROLE_ADMINISTRATOR"),
-                new GrantedAuthorityImpl("ROLE_ADMINISTRATOR") });
-        strategy = new BasicLookupStrategy(dataSource, cache, authorizationStrategy, new ConsoleAuditLogger());
-        strategy.setPermissionFactory(new DefaultPermissionFactory());
-    }
-
-    @After
-    public void emptyDatabase() {
-        String query = "DELETE FROM acl_entry;" + "DELETE FROM acl_object_identity WHERE ID = 7;"
-                + "DELETE FROM acl_object_identity WHERE ID = 6;" + "DELETE FROM acl_object_identity WHERE ID = 5;"
-                + "DELETE FROM acl_object_identity WHERE ID = 4;" + "DELETE FROM acl_object_identity WHERE ID = 3;"
-                + "DELETE FROM acl_object_identity WHERE ID = 2;" + "DELETE FROM acl_object_identity WHERE ID = 1;"
-                + "DELETE FROM acl_class;" + "DELETE FROM acl_sid;";
-        jdbcTemplate.execute(query);
-    }
-
-    private Ehcache getCache() {
-        Ehcache cache = cacheManager.getCache("basiclookuptestcache");
-        cache.removeAll();
-        return cache;
-    }
-
-    @Test
-    public void testAclsRetrievalWithDefaultBatchSize() throws Exception {
-        ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
-        ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(101));
-        // Deliberately use an integer for the child, to reproduce bug report in SEC-819
-        ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Integer(102));
-
-        Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
-        checkEntries(topParentOid, middleParentOid, childOid, map);
-    }
-
-    @Test
-    public void testAclsRetrievalFromCacheOnly() throws Exception {
-        ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Integer(100));
-        ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(101));
-        ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(102));
-
-        // Objects were put in cache
-        strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
-
-        // Let's empty the database to force acls retrieval from cache
-        emptyDatabase();
-        Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
-
-        checkEntries(topParentOid, middleParentOid, childOid, map);
-    }
-
-    @Test
-    public void testAclsRetrievalWithCustomBatchSize() throws Exception {
-        ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
-        ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Integer(101));
-        ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(102));
-
-        // Set a batch size to allow multiple database queries in order to retrieve all acls
-        ((BasicLookupStrategy) this.strategy).setBatchSize(1);
-        Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
-        checkEntries(topParentOid, middleParentOid, childOid, map);
-    }
-
-    private void checkEntries(ObjectIdentity topParentOid, ObjectIdentity middleParentOid, ObjectIdentity childOid,
-            Map<ObjectIdentity, Acl> map) throws Exception {
-        Assert.assertEquals(3, map.size());
-
-        MutableAcl topParent = (MutableAcl) map.get(topParentOid);
-        MutableAcl middleParent = (MutableAcl) map.get(middleParentOid);
-        MutableAcl child = (MutableAcl) map.get(childOid);
-
-        // Check the retrieved versions has IDs
-        Assert.assertNotNull(topParent.getId());
-        Assert.assertNotNull(middleParent.getId());
-        Assert.assertNotNull(child.getId());
-
-        // Check their parents were correctly retrieved
-        Assert.assertNull(topParent.getParentAcl());
-        Assert.assertEquals(topParentOid, middleParent.getParentAcl().getObjectIdentity());
-        Assert.assertEquals(middleParentOid, child.getParentAcl().getObjectIdentity());
-
-        // Check their ACEs were correctly retrieved
-        Assert.assertEquals(2, topParent.getEntries().size());
-        Assert.assertEquals(1, middleParent.getEntries().size());
-        Assert.assertEquals(1, child.getEntries().size());
-
-        // Check object identities were correctly retrieved
-        Assert.assertEquals(topParentOid, topParent.getObjectIdentity());
-        Assert.assertEquals(middleParentOid, middleParent.getObjectIdentity());
-        Assert.assertEquals(childOid, child.getObjectIdentity());
-
-        // Check each entry
-        Assert.assertTrue(topParent.isEntriesInheriting());
-        Assert.assertEquals(topParent.getId(), new Long(1));
-        Assert.assertEquals(topParent.getOwner(), new PrincipalSid("ben"));
-        Assert.assertEquals(topParent.getEntries().get(0).getId(), new Long(1));
-        Assert.assertEquals(topParent.getEntries().get(0).getPermission(), BasePermission.READ);
-        Assert.assertEquals(topParent.getEntries().get(0).getSid(), new PrincipalSid("ben"));
-        Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditFailure());
-        Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditSuccess());
-        Assert.assertTrue(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isGranting());
-
-        Assert.assertEquals(topParent.getEntries().get(1).getId(), new Long(2));
-        Assert.assertEquals(topParent.getEntries().get(1).getPermission(), BasePermission.WRITE);
-        Assert.assertEquals(topParent.getEntries().get(1).getSid(), new PrincipalSid("ben"));
-        Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isAuditFailure());
-        Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isAuditSuccess());
-        Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isGranting());
-
-        Assert.assertTrue(middleParent.isEntriesInheriting());
-        Assert.assertEquals(middleParent.getId(), new Long(2));
-        Assert.assertEquals(middleParent.getOwner(), new PrincipalSid("ben"));
-        Assert.assertEquals(middleParent.getEntries().get(0).getId(), new Long(3));
-        Assert.assertEquals(middleParent.getEntries().get(0).getPermission(), BasePermission.DELETE);
-        Assert.assertEquals(middleParent.getEntries().get(0).getSid(), new PrincipalSid("ben"));
-        Assert.assertFalse(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isAuditFailure());
-        Assert.assertFalse(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isAuditSuccess());
-        Assert.assertTrue(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isGranting());
-
-        Assert.assertTrue(child.isEntriesInheriting());
-        Assert.assertEquals(child.getId(), new Long(3));
-        Assert.assertEquals(child.getOwner(), new PrincipalSid("ben"));
-        Assert.assertEquals(child.getEntries().get(0).getId(), new Long(4));
-        Assert.assertEquals(child.getEntries().get(0).getPermission(), BasePermission.DELETE);
-        Assert.assertEquals(child.getEntries().get(0).getSid(), new PrincipalSid("ben"));
-        Assert.assertFalse(((AuditableAccessControlEntry) child.getEntries().get(0)).isAuditFailure());
-        Assert.assertFalse(((AuditableAccessControlEntry) child.getEntries().get(0)).isAuditSuccess());
-        Assert.assertFalse((child.getEntries().get(0)).isGranting());
-    }
-
-    @Test
-    public void testAllParentsAreRetrievedWhenChildIsLoaded() throws Exception {
-        String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,2,103,1,1,1);";
-        jdbcTemplate.execute(query);
-
-        ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
-        ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Integer(101));
-        ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(102));
-        ObjectIdentity middleParent2Oid = new ObjectIdentityImpl(TARGET_CLASS, new Long(103));
-
-        // Retrieve the child
-        Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(childOid), null);
-
-        // Check that the child and all its parents were retrieved
-        Assert.assertNotNull(map.get(childOid));
-        Assert.assertEquals(childOid, ((Acl) map.get(childOid)).getObjectIdentity());
-        Assert.assertNotNull(map.get(middleParentOid));
-        Assert.assertEquals(middleParentOid, ((Acl) map.get(middleParentOid)).getObjectIdentity());
-        Assert.assertNotNull(map.get(topParentOid));
-        Assert.assertEquals(topParentOid, ((Acl) map.get(topParentOid)).getObjectIdentity());
-
-        // The second parent shouldn't have been retrieved
-        Assert.assertNull(map.get(middleParent2Oid));
-    }
-
-    /**
-     * Test created from SEC-590.
-     */
-    @Test
-    public void testReadAllObjectIdentitiesWhenLastElementIsAlreadyCached() throws Exception {
-        String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,2,104,null,1,1);"
-                + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (5,2,105,4,1,1);"
-                + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,106,4,1,1);"
-                + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (7,2,107,5,1,1);"
-                + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (5,4,0,1,1,1,0,0)";
-        jdbcTemplate.execute(query);
-
-        ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(104));
-        ObjectIdentity parent1Oid = new ObjectIdentityImpl(TARGET_CLASS, new Long(105));
-        ObjectIdentity parent2Oid = new ObjectIdentityImpl(TARGET_CLASS, new Integer(106));
-        ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Integer(107));
-
-        // First lookup only child, thus populating the cache with grandParent, parent1 and child
-        List<Permission> checkPermission = Arrays.asList(BasePermission.READ);
-        List<Sid> sids = Arrays.asList(BEN_SID);
-        List<ObjectIdentity> childOids = Arrays.asList(childOid);
-
-        strategy.setBatchSize(6);
-        Map<ObjectIdentity, Acl> foundAcls = strategy.readAclsById(childOids, sids);
-
-        Acl foundChildAcl = (Acl) foundAcls.get(childOid);
-        Assert.assertNotNull(foundChildAcl);
-        Assert.assertTrue(foundChildAcl.isGranted(checkPermission, sids, false));
-
-        // Search for object identities has to be done in the following order: last element have to be one which
-        // is already in cache and the element before it must not be stored in cache
-        List<ObjectIdentity> allOids = Arrays.asList(grandParentOid, parent1Oid, parent2Oid, childOid);
-        try {
-            foundAcls = strategy.readAclsById(allOids, sids);
-            Assert.assertTrue(true);
-        } catch (NotFoundException notExpected) {
-            Assert.fail("It shouldn't have thrown NotFoundException");
-        }
-
-        Acl foundParent2Acl = (Acl) foundAcls.get(parent2Oid);
-        Assert.assertNotNull(foundParent2Acl);
-        Assert.assertTrue(foundParent2Acl.isGranted(checkPermission, sids, false));
-    }
-
-    @Test(expected=IllegalArgumentException.class)
-    public void nullOwnerIsNotSupported() {
-        String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,2,104,null,null,1);";
-
-        jdbcTemplate.execute(query);
-
-        ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, new Long(104));
-
-        strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
-    }
-
-}
+package org.springframework.security.acls.jdbc;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+
+import junit.framework.Assert;
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.Ehcache;
+
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.jdbc.datasource.SingleConnectionDataSource;
+import org.springframework.security.acls.domain.AclAuthorizationStrategy;
+import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
+import org.springframework.security.acls.domain.BasePermission;
+import org.springframework.security.acls.domain.ConsoleAuditLogger;
+import org.springframework.security.acls.domain.DefaultPermissionFactory;
+import org.springframework.security.acls.domain.EhCacheBasedAclCache;
+import org.springframework.security.acls.domain.ObjectIdentityImpl;
+import org.springframework.security.acls.domain.PrincipalSid;
+import org.springframework.security.acls.model.Acl;
+import org.springframework.security.acls.model.AuditableAccessControlEntry;
+import org.springframework.security.acls.model.MutableAcl;
+import org.springframework.security.acls.model.NotFoundException;
+import org.springframework.security.acls.model.ObjectIdentity;
+import org.springframework.security.acls.model.Permission;
+import org.springframework.security.acls.model.Sid;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+import org.springframework.util.FileCopyUtils;
+
+/**
+ * Tests {@link BasicLookupStrategy}
+ *
+ * @author Andrei Stefan
+ */
+public class BasicLookupStrategyTests {
+
+    private static final Sid BEN_SID = new PrincipalSid("ben");
+    private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
+
+    //~ Instance fields ================================================================================================
+
+    private static JdbcTemplate jdbcTemplate;
+    private BasicLookupStrategy strategy;
+    private static SingleConnectionDataSource dataSource;
+    private static CacheManager cacheManager;
+
+    //~ Methods ========================================================================================================
+    @BeforeClass
+    public static void initCacheManaer() {
+        cacheManager = new CacheManager();
+        cacheManager.addCache(new Cache("basiclookuptestcache", 500, false, false, 30, 30));
+    }
+
+    @BeforeClass
+    public static void createDatabase() throws Exception {
+        dataSource = new SingleConnectionDataSource("jdbc:hsqldb:mem:lookupstrategytest", "sa", "", true);
+        dataSource.setDriverClassName("org.hsqldb.jdbcDriver");
+        jdbcTemplate = new JdbcTemplate(dataSource);
+
+        Resource resource = new ClassPathResource("createAclSchema.sql");
+        String sql = new String(FileCopyUtils.copyToByteArray(resource.getInputStream()));
+        jdbcTemplate.execute(sql);
+    }
+
+    @AfterClass
+    public static void dropDatabase() throws Exception {
+        dataSource.destroy();
+    }
+
+    @AfterClass
+    public static void shutdownCacheManager() {
+        cacheManager.removalAll();
+        cacheManager.shutdown();
+    }
+
+    @Before
+    public void populateDatabase() {
+        String query = "INSERT INTO acl_sid(ID,PRINCIPAL,SID) VALUES (1,1,'ben');"
+                + "INSERT INTO acl_class(ID,CLASS) VALUES (2,'" + TARGET_CLASS + "');"
+                + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (1,2,100,null,1,1);"
+                + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (2,2,101,1,1,1);"
+                + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (3,2,102,2,1,1);"
+                + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (1,1,0,1,1,1,0,0);"
+                + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (2,1,1,1,2,0,0,0);"
+                + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (3,2,0,1,8,1,0,0);"
+                + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (4,3,0,1,8,0,0,0);";
+        jdbcTemplate.execute(query);
+    }
+
+    @Before
+    public void initializeBeans() {
+        EhCacheBasedAclCache cache = new EhCacheBasedAclCache(getCache());
+        AclAuthorizationStrategy authorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
+                new GrantedAuthorityImpl("ROLE_ADMINISTRATOR"), new GrantedAuthorityImpl("ROLE_ADMINISTRATOR"),
+                new GrantedAuthorityImpl("ROLE_ADMINISTRATOR") });
+        strategy = new BasicLookupStrategy(dataSource, cache, authorizationStrategy, new ConsoleAuditLogger());
+        strategy.setPermissionFactory(new DefaultPermissionFactory());
+    }
+
+    @After
+    public void emptyDatabase() {
+        String query = "DELETE FROM acl_entry;" + "DELETE FROM acl_object_identity WHERE ID = 7;"
+                + "DELETE FROM acl_object_identity WHERE ID = 6;" + "DELETE FROM acl_object_identity WHERE ID = 5;"
+                + "DELETE FROM acl_object_identity WHERE ID = 4;" + "DELETE FROM acl_object_identity WHERE ID = 3;"
+                + "DELETE FROM acl_object_identity WHERE ID = 2;" + "DELETE FROM acl_object_identity WHERE ID = 1;"
+                + "DELETE FROM acl_class;" + "DELETE FROM acl_sid;";
+        jdbcTemplate.execute(query);
+    }
+
+    private Ehcache getCache() {
+        Ehcache cache = cacheManager.getCache("basiclookuptestcache");
+        cache.removeAll();
+        return cache;
+    }
+
+    @Test
+    public void testAclsRetrievalWithDefaultBatchSize() throws Exception {
+        ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
+        ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(101));
+        // Deliberately use an integer for the child, to reproduce bug report in SEC-819
+        ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Integer(102));
+
+        Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
+        checkEntries(topParentOid, middleParentOid, childOid, map);
+    }
+
+    @Test
+    public void testAclsRetrievalFromCacheOnly() throws Exception {
+        ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Integer(100));
+        ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(101));
+        ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(102));
+
+        // Objects were put in cache
+        strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
+
+        // Let's empty the database to force acls retrieval from cache
+        emptyDatabase();
+        Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
+
+        checkEntries(topParentOid, middleParentOid, childOid, map);
+    }
+
+    @Test
+    public void testAclsRetrievalWithCustomBatchSize() throws Exception {
+        ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
+        ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Integer(101));
+        ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(102));
+
+        // Set a batch size to allow multiple database queries in order to retrieve all acls
+        ((BasicLookupStrategy) this.strategy).setBatchSize(1);
+        Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
+        checkEntries(topParentOid, middleParentOid, childOid, map);
+    }
+
+    private void checkEntries(ObjectIdentity topParentOid, ObjectIdentity middleParentOid, ObjectIdentity childOid,
+            Map<ObjectIdentity, Acl> map) throws Exception {
+        Assert.assertEquals(3, map.size());
+
+        MutableAcl topParent = (MutableAcl) map.get(topParentOid);
+        MutableAcl middleParent = (MutableAcl) map.get(middleParentOid);
+        MutableAcl child = (MutableAcl) map.get(childOid);
+
+        // Check the retrieved versions has IDs
+        Assert.assertNotNull(topParent.getId());
+        Assert.assertNotNull(middleParent.getId());
+        Assert.assertNotNull(child.getId());
+
+        // Check their parents were correctly retrieved
+        Assert.assertNull(topParent.getParentAcl());
+        Assert.assertEquals(topParentOid, middleParent.getParentAcl().getObjectIdentity());
+        Assert.assertEquals(middleParentOid, child.getParentAcl().getObjectIdentity());
+
+        // Check their ACEs were correctly retrieved
+        Assert.assertEquals(2, topParent.getEntries().size());
+        Assert.assertEquals(1, middleParent.getEntries().size());
+        Assert.assertEquals(1, child.getEntries().size());
+
+        // Check object identities were correctly retrieved
+        Assert.assertEquals(topParentOid, topParent.getObjectIdentity());
+        Assert.assertEquals(middleParentOid, middleParent.getObjectIdentity());
+        Assert.assertEquals(childOid, child.getObjectIdentity());
+
+        // Check each entry
+        Assert.assertTrue(topParent.isEntriesInheriting());
+        Assert.assertEquals(topParent.getId(), new Long(1));
+        Assert.assertEquals(topParent.getOwner(), new PrincipalSid("ben"));
+        Assert.assertEquals(topParent.getEntries().get(0).getId(), new Long(1));
+        Assert.assertEquals(topParent.getEntries().get(0).getPermission(), BasePermission.READ);
+        Assert.assertEquals(topParent.getEntries().get(0).getSid(), new PrincipalSid("ben"));
+        Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditFailure());
+        Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditSuccess());
+        Assert.assertTrue(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isGranting());
+
+        Assert.assertEquals(topParent.getEntries().get(1).getId(), new Long(2));
+        Assert.assertEquals(topParent.getEntries().get(1).getPermission(), BasePermission.WRITE);
+        Assert.assertEquals(topParent.getEntries().get(1).getSid(), new PrincipalSid("ben"));
+        Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isAuditFailure());
+        Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isAuditSuccess());
+        Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isGranting());
+
+        Assert.assertTrue(middleParent.isEntriesInheriting());
+        Assert.assertEquals(middleParent.getId(), new Long(2));
+        Assert.assertEquals(middleParent.getOwner(), new PrincipalSid("ben"));
+        Assert.assertEquals(middleParent.getEntries().get(0).getId(), new Long(3));
+        Assert.assertEquals(middleParent.getEntries().get(0).getPermission(), BasePermission.DELETE);
+        Assert.assertEquals(middleParent.getEntries().get(0).getSid(), new PrincipalSid("ben"));
+        Assert.assertFalse(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isAuditFailure());
+        Assert.assertFalse(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isAuditSuccess());
+        Assert.assertTrue(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isGranting());
+
+        Assert.assertTrue(child.isEntriesInheriting());
+        Assert.assertEquals(child.getId(), new Long(3));
+        Assert.assertEquals(child.getOwner(), new PrincipalSid("ben"));
+        Assert.assertEquals(child.getEntries().get(0).getId(), new Long(4));
+        Assert.assertEquals(child.getEntries().get(0).getPermission(), BasePermission.DELETE);
+        Assert.assertEquals(child.getEntries().get(0).getSid(), new PrincipalSid("ben"));
+        Assert.assertFalse(((AuditableAccessControlEntry) child.getEntries().get(0)).isAuditFailure());
+        Assert.assertFalse(((AuditableAccessControlEntry) child.getEntries().get(0)).isAuditSuccess());
+        Assert.assertFalse((child.getEntries().get(0)).isGranting());
+    }
+
+    @Test
+    public void testAllParentsAreRetrievedWhenChildIsLoaded() throws Exception {
+        String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,2,103,1,1,1);";
+        jdbcTemplate.execute(query);
+
+        ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
+        ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Integer(101));
+        ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(102));
+        ObjectIdentity middleParent2Oid = new ObjectIdentityImpl(TARGET_CLASS, new Long(103));
+
+        // Retrieve the child
+        Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(childOid), null);
+
+        // Check that the child and all its parents were retrieved
+        Assert.assertNotNull(map.get(childOid));
+        Assert.assertEquals(childOid, ((Acl) map.get(childOid)).getObjectIdentity());
+        Assert.assertNotNull(map.get(middleParentOid));
+        Assert.assertEquals(middleParentOid, ((Acl) map.get(middleParentOid)).getObjectIdentity());
+        Assert.assertNotNull(map.get(topParentOid));
+        Assert.assertEquals(topParentOid, ((Acl) map.get(topParentOid)).getObjectIdentity());
+
+        // The second parent shouldn't have been retrieved
+        Assert.assertNull(map.get(middleParent2Oid));
+    }
+
+    /**
+     * Test created from SEC-590.
+     */
+    @Test
+    public void testReadAllObjectIdentitiesWhenLastElementIsAlreadyCached() throws Exception {
+        String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,2,104,null,1,1);"
+                + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (5,2,105,4,1,1);"
+                + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,106,4,1,1);"
+                + "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (7,2,107,5,1,1);"
+                + "INSERT INTO acl_entry(ID,ACL_OBJECT_IDENTITY,ACE_ORDER,SID,MASK,GRANTING,AUDIT_SUCCESS,AUDIT_FAILURE) VALUES (5,4,0,1,1,1,0,0)";
+        jdbcTemplate.execute(query);
+
+        ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(104));
+        ObjectIdentity parent1Oid = new ObjectIdentityImpl(TARGET_CLASS, new Long(105));
+        ObjectIdentity parent2Oid = new ObjectIdentityImpl(TARGET_CLASS, new Integer(106));
+        ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Integer(107));
+
+        // First lookup only child, thus populating the cache with grandParent, parent1 and child
+        List<Permission> checkPermission = Arrays.asList(BasePermission.READ);
+        List<Sid> sids = Arrays.asList(BEN_SID);
+        List<ObjectIdentity> childOids = Arrays.asList(childOid);
+
+        strategy.setBatchSize(6);
+        Map<ObjectIdentity, Acl> foundAcls = strategy.readAclsById(childOids, sids);
+
+        Acl foundChildAcl = (Acl) foundAcls.get(childOid);
+        Assert.assertNotNull(foundChildAcl);
+        Assert.assertTrue(foundChildAcl.isGranted(checkPermission, sids, false));
+
+        // Search for object identities has to be done in the following order: last element have to be one which
+        // is already in cache and the element before it must not be stored in cache
+        List<ObjectIdentity> allOids = Arrays.asList(grandParentOid, parent1Oid, parent2Oid, childOid);
+        try {
+            foundAcls = strategy.readAclsById(allOids, sids);
+            Assert.assertTrue(true);
+        } catch (NotFoundException notExpected) {
+            Assert.fail("It shouldn't have thrown NotFoundException");
+        }
+
+        Acl foundParent2Acl = (Acl) foundAcls.get(parent2Oid);
+        Assert.assertNotNull(foundParent2Acl);
+        Assert.assertTrue(foundParent2Acl.isGranted(checkPermission, sids, false));
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void nullOwnerIsNotSupported() {
+        String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,2,104,null,null,1);";
+
+        jdbcTemplate.execute(query);
+
+        ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, new Long(104));
+
+        strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID));
+    }
+
+}

acl/src/test/java/org/springframework/security/acls/jdbc/DatabaseSeeder.java

@@ -30,7 +30,6 @@ import javax.sql.DataSource;
  * Seeds the database for {@link JdbcMutableAclServiceTests}.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class DatabaseSeeder {
     //~ Constructors ===================================================================================================

acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java

@@ -1,267 +1,266 @@
-package org.springframework.security.acls.jdbc;
-
-import static org.junit.Assert.*;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.io.Serializable;
-import java.util.Map;
-
-import net.sf.ehcache.Cache;
-import net.sf.ehcache.CacheManager;
-import net.sf.ehcache.Ehcache;
-
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.springframework.security.acls.domain.AclAuthorizationStrategy;
-import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
-import org.springframework.security.acls.domain.AclImpl;
-import org.springframework.security.acls.domain.ConsoleAuditLogger;
-import org.springframework.security.acls.domain.EhCacheBasedAclCache;
-import org.springframework.security.acls.domain.ObjectIdentityImpl;
-import org.springframework.security.acls.model.MutableAcl;
-import org.springframework.security.acls.model.ObjectIdentity;
-import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.GrantedAuthorityImpl;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.util.FieldUtils;
-
-/**
- * Tests {@link EhCacheBasedAclCache}
- *
- * @author Andrei Stefan
- * @version $Id$
- */
-public class EhCacheBasedAclCacheTests {
-    private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
-
-    private static CacheManager cacheManager;
-
-    @BeforeClass
-    public static void initCacheManaer() {
-        cacheManager = new CacheManager();
-        // Use disk caching immediately (to test for serialization issue reported in SEC-527)
-        cacheManager.addCache(new Cache("ehcachebasedacltests", 0, true, false, 600, 300));
-    }
-
-    @AfterClass
-    public static void shutdownCacheManager() {
-        cacheManager.removalAll();
-        cacheManager.shutdown();
-    }
-
-    @After
-    public void clearContext() {
-        SecurityContextHolder.clearContext();
-    }
-
-    private Ehcache getCache() {
-        Ehcache cache = cacheManager.getCache("ehcachebasedacltests");
-        cache.removeAll();
-
-        return cache;
-    }
-
-    @Test(expected=IllegalArgumentException.class)
-    public void constructorRejectsNullParameters() throws Exception {
-        new EhCacheBasedAclCache(null);
-    }
-
-    @Test
-    public void methodsRejectNullParameters() throws Exception {
-        Ehcache cache = new MockEhcache();
-        EhCacheBasedAclCache myCache = new EhCacheBasedAclCache(cache);
-
-        try {
-            Serializable id = null;
-            myCache.evictFromCache(id);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-
-        try {
-            ObjectIdentity obj = null;
-            myCache.evictFromCache(obj);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-
-        try {
-            Serializable id = null;
-            myCache.getFromCache(id);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-
-        try {
-            ObjectIdentity obj = null;
-            myCache.getFromCache(obj);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-
-        try {
-            MutableAcl acl = null;
-            myCache.putInCache(acl);
-            fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-    }
-
-    // SEC-527
-    @Test
-    public void testDiskSerializationOfMutableAclObjectInstance() throws Exception {
-        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
-        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
-                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
-                new GrantedAuthorityImpl("ROLE_GENERAL") });
-        MutableAcl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
-
-        // Serialization test
-        File file = File.createTempFile("SEC_TEST", ".object");
-        FileOutputStream fos = new FileOutputStream(file);
-        ObjectOutputStream oos = new ObjectOutputStream(fos);
-        oos.writeObject(acl);
-        oos.close();
-
-        FileInputStream fis = new FileInputStream(file);
-        ObjectInputStream ois = new ObjectInputStream(fis);
-        MutableAcl retrieved = (MutableAcl) ois.readObject();
-        ois.close();
-
-        assertEquals(acl, retrieved);
-
-        Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy", retrieved);
-        assertEquals(null, retrieved1);
-
-        Object retrieved2 = FieldUtils.getProtectedFieldValue("auditLogger", retrieved);
-        assertEquals(null, retrieved2);
-    }
-
-    @Test
-    public void cacheOperationsAclWithoutParent() throws Exception {
-        Ehcache cache = getCache();
-        EhCacheBasedAclCache myCache = new EhCacheBasedAclCache(cache);
-
-        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
-        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
-                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
-                new GrantedAuthorityImpl("ROLE_GENERAL") });
-        MutableAcl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
-
-        assertEquals(0, cache.getDiskStoreSize());
-        myCache.putInCache(acl);
-        assertEquals(cache.getSize(), 2);
-        assertEquals(2, cache.getDiskStoreSize());
-        assertTrue(cache.isElementOnDisk(acl.getObjectIdentity()));
-        assertFalse(cache.isElementInMemory(acl.getObjectIdentity()));
-
-        // Check we can get from cache the same objects we put in
-        assertEquals(myCache.getFromCache(new Long(1)), acl);
-        assertEquals(myCache.getFromCache(identity), acl);
-
-        // Put another object in cache
-        ObjectIdentity identity2 = new ObjectIdentityImpl(TARGET_CLASS, new Long(101));
-        MutableAcl acl2 = new AclImpl(identity2, new Long(2), aclAuthorizationStrategy, new ConsoleAuditLogger());
-
-        myCache.putInCache(acl2);
-        assertEquals(cache.getSize(), 4);
-        assertEquals(4, cache.getDiskStoreSize());
-
-        // Try to evict an entry that doesn't exist
-        myCache.evictFromCache(new Long(3));
-        myCache.evictFromCache(new ObjectIdentityImpl(TARGET_CLASS, new Long(102)));
-        assertEquals(cache.getSize(), 4);
-        assertEquals(4, cache.getDiskStoreSize());
-
-        myCache.evictFromCache(new Long(1));
-        assertEquals(cache.getSize(), 2);
-        assertEquals(2, cache.getDiskStoreSize());
-
-        // Check the second object inserted
-        assertEquals(myCache.getFromCache(new Long(2)), acl2);
-        assertEquals(myCache.getFromCache(identity2), acl2);
-
-        myCache.evictFromCache(identity2);
-        assertEquals(cache.getSize(), 0);
-    }
-
-    @SuppressWarnings("unchecked")
-    @Test
-    public void cacheOperationsAclWithParent() throws Exception {
-        Ehcache cache = getCache();
-        EhCacheBasedAclCache myCache = new EhCacheBasedAclCache(cache);
-
-        Authentication auth = new TestingAuthenticationToken("user", "password", new GrantedAuthority[] {
-                new GrantedAuthorityImpl("ROLE_GENERAL") });
-        auth.setAuthenticated(true);
-        SecurityContextHolder.getContext().setAuthentication(auth);
-
-        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(1));
-        ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, new Long(2));
-        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
-                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
-                new GrantedAuthorityImpl("ROLE_GENERAL") });
-        MutableAcl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
-        MutableAcl parentAcl = new AclImpl(identityParent, new Long(2), aclAuthorizationStrategy, new ConsoleAuditLogger());
-
-        acl.setParent(parentAcl);
-
-        assertEquals(0, cache.getDiskStoreSize());
-        myCache.putInCache(acl);
-        assertEquals(cache.getSize(), 4);
-        assertEquals(4, cache.getDiskStoreSize());
-        assertTrue(cache.isElementOnDisk(acl.getObjectIdentity()));
-        assertTrue(cache.isElementOnDisk(Long.valueOf(1)));
-        assertFalse(cache.isElementInMemory(acl.getObjectIdentity()));
-        assertFalse(cache.isElementInMemory(Long.valueOf(1)));
-        cache.flush();
-        // Wait for the spool to be written to disk (it's asynchronous)
-        Map spool = (Map) FieldUtils.getFieldValue(cache, "diskStore.spool");
-
-        while(spool.size() > 0) {
-            Thread.sleep(50);
-        }
-
-        // Check we can get from cache the same objects we put in
-        AclImpl aclFromCache = (AclImpl) myCache.getFromCache(new Long(1));
-        // For the checks on transient fields, we need to be sure that the object is being loaded from the cache,
-        // not from the ehcache spool or elsewhere...
-        assertFalse(acl == aclFromCache);
-        assertEquals(acl, aclFromCache);
-        // SEC-951 check transient fields are set on parent
-        assertNotNull(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "aclAuthorizationStrategy"));
-        assertNotNull(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "auditLogger"));
-        assertEquals(acl, myCache.getFromCache(identity));
-        assertNotNull(FieldUtils.getFieldValue(aclFromCache, "aclAuthorizationStrategy"));
-        AclImpl parentAclFromCache = (AclImpl) myCache.getFromCache(new Long(2));
-        assertEquals(parentAcl, parentAclFromCache);
-        assertNotNull(FieldUtils.getFieldValue(parentAclFromCache, "aclAuthorizationStrategy"));
-        assertEquals(parentAcl, myCache.getFromCache(identityParent));
-    }
-
-    //~ Inner Classes ==================================================================================================
-
-    private class MockEhcache extends Cache {
-        public MockEhcache() {
-            super("cache", 0, true, true, 0, 0);
-        }
-    }
-}
+package org.springframework.security.acls.jdbc;
+
+import static org.junit.Assert.*;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+import java.util.Map;
+
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.Ehcache;
+
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.springframework.security.acls.domain.AclAuthorizationStrategy;
+import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
+import org.springframework.security.acls.domain.AclImpl;
+import org.springframework.security.acls.domain.ConsoleAuditLogger;
+import org.springframework.security.acls.domain.EhCacheBasedAclCache;
+import org.springframework.security.acls.domain.ObjectIdentityImpl;
+import org.springframework.security.acls.model.MutableAcl;
+import org.springframework.security.acls.model.ObjectIdentity;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.util.FieldUtils;
+
+/**
+ * Tests {@link EhCacheBasedAclCache}
+ *
+ * @author Andrei Stefan
+ */
+public class EhCacheBasedAclCacheTests {
+    private static final String TARGET_CLASS = "org.springframework.security.acls.TargetObject";
+
+    private static CacheManager cacheManager;
+
+    @BeforeClass
+    public static void initCacheManaer() {
+        cacheManager = new CacheManager();
+        // Use disk caching immediately (to test for serialization issue reported in SEC-527)
+        cacheManager.addCache(new Cache("ehcachebasedacltests", 0, true, false, 600, 300));
+    }
+
+    @AfterClass
+    public static void shutdownCacheManager() {
+        cacheManager.removalAll();
+        cacheManager.shutdown();
+    }
+
+    @After
+    public void clearContext() {
+        SecurityContextHolder.clearContext();
+    }
+
+    private Ehcache getCache() {
+        Ehcache cache = cacheManager.getCache("ehcachebasedacltests");
+        cache.removeAll();
+
+        return cache;
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void constructorRejectsNullParameters() throws Exception {
+        new EhCacheBasedAclCache(null);
+    }
+
+    @Test
+    public void methodsRejectNullParameters() throws Exception {
+        Ehcache cache = new MockEhcache();
+        EhCacheBasedAclCache myCache = new EhCacheBasedAclCache(cache);
+
+        try {
+            Serializable id = null;
+            myCache.evictFromCache(id);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            assertTrue(true);
+        }
+
+        try {
+            ObjectIdentity obj = null;
+            myCache.evictFromCache(obj);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            assertTrue(true);
+        }
+
+        try {
+            Serializable id = null;
+            myCache.getFromCache(id);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            assertTrue(true);
+        }
+
+        try {
+            ObjectIdentity obj = null;
+            myCache.getFromCache(obj);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            assertTrue(true);
+        }
+
+        try {
+            MutableAcl acl = null;
+            myCache.putInCache(acl);
+            fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            assertTrue(true);
+        }
+    }
+
+    // SEC-527
+    @Test
+    public void testDiskSerializationOfMutableAclObjectInstance() throws Exception {
+        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
+        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
+                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
+                new GrantedAuthorityImpl("ROLE_GENERAL") });
+        MutableAcl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
+
+        // Serialization test
+        File file = File.createTempFile("SEC_TEST", ".object");
+        FileOutputStream fos = new FileOutputStream(file);
+        ObjectOutputStream oos = new ObjectOutputStream(fos);
+        oos.writeObject(acl);
+        oos.close();
+
+        FileInputStream fis = new FileInputStream(file);
+        ObjectInputStream ois = new ObjectInputStream(fis);
+        MutableAcl retrieved = (MutableAcl) ois.readObject();
+        ois.close();
+
+        assertEquals(acl, retrieved);
+
+        Object retrieved1 = FieldUtils.getProtectedFieldValue("aclAuthorizationStrategy", retrieved);
+        assertEquals(null, retrieved1);
+
+        Object retrieved2 = FieldUtils.getProtectedFieldValue("auditLogger", retrieved);
+        assertEquals(null, retrieved2);
+    }
+
+    @Test
+    public void cacheOperationsAclWithoutParent() throws Exception {
+        Ehcache cache = getCache();
+        EhCacheBasedAclCache myCache = new EhCacheBasedAclCache(cache);
+
+        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
+        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
+                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
+                new GrantedAuthorityImpl("ROLE_GENERAL") });
+        MutableAcl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
+
+        assertEquals(0, cache.getDiskStoreSize());
+        myCache.putInCache(acl);
+        assertEquals(cache.getSize(), 2);
+        assertEquals(2, cache.getDiskStoreSize());
+        assertTrue(cache.isElementOnDisk(acl.getObjectIdentity()));
+        assertFalse(cache.isElementInMemory(acl.getObjectIdentity()));
+
+        // Check we can get from cache the same objects we put in
+        assertEquals(myCache.getFromCache(new Long(1)), acl);
+        assertEquals(myCache.getFromCache(identity), acl);
+
+        // Put another object in cache
+        ObjectIdentity identity2 = new ObjectIdentityImpl(TARGET_CLASS, new Long(101));
+        MutableAcl acl2 = new AclImpl(identity2, new Long(2), aclAuthorizationStrategy, new ConsoleAuditLogger());
+
+        myCache.putInCache(acl2);
+        assertEquals(cache.getSize(), 4);
+        assertEquals(4, cache.getDiskStoreSize());
+
+        // Try to evict an entry that doesn't exist
+        myCache.evictFromCache(new Long(3));
+        myCache.evictFromCache(new ObjectIdentityImpl(TARGET_CLASS, new Long(102)));
+        assertEquals(cache.getSize(), 4);
+        assertEquals(4, cache.getDiskStoreSize());
+
+        myCache.evictFromCache(new Long(1));
+        assertEquals(cache.getSize(), 2);
+        assertEquals(2, cache.getDiskStoreSize());
+
+        // Check the second object inserted
+        assertEquals(myCache.getFromCache(new Long(2)), acl2);
+        assertEquals(myCache.getFromCache(identity2), acl2);
+
+        myCache.evictFromCache(identity2);
+        assertEquals(cache.getSize(), 0);
+    }
+
+    @SuppressWarnings("unchecked")
+    @Test
+    public void cacheOperationsAclWithParent() throws Exception {
+        Ehcache cache = getCache();
+        EhCacheBasedAclCache myCache = new EhCacheBasedAclCache(cache);
+
+        Authentication auth = new TestingAuthenticationToken("user", "password", new GrantedAuthority[] {
+                new GrantedAuthorityImpl("ROLE_GENERAL") });
+        auth.setAuthenticated(true);
+        SecurityContextHolder.getContext().setAuthentication(auth);
+
+        ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(1));
+        ObjectIdentity identityParent = new ObjectIdentityImpl(TARGET_CLASS, new Long(2));
+        AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] {
+                new GrantedAuthorityImpl("ROLE_OWNERSHIP"), new GrantedAuthorityImpl("ROLE_AUDITING"),
+                new GrantedAuthorityImpl("ROLE_GENERAL") });
+        MutableAcl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
+        MutableAcl parentAcl = new AclImpl(identityParent, new Long(2), aclAuthorizationStrategy, new ConsoleAuditLogger());
+
+        acl.setParent(parentAcl);
+
+        assertEquals(0, cache.getDiskStoreSize());
+        myCache.putInCache(acl);
+        assertEquals(cache.getSize(), 4);
+        assertEquals(4, cache.getDiskStoreSize());
+        assertTrue(cache.isElementOnDisk(acl.getObjectIdentity()));
+        assertTrue(cache.isElementOnDisk(Long.valueOf(1)));
+        assertFalse(cache.isElementInMemory(acl.getObjectIdentity()));
+        assertFalse(cache.isElementInMemory(Long.valueOf(1)));
+        cache.flush();
+        // Wait for the spool to be written to disk (it's asynchronous)
+        Map spool = (Map) FieldUtils.getFieldValue(cache, "diskStore.spool");
+
+        while(spool.size() > 0) {
+            Thread.sleep(50);
+        }
+
+        // Check we can get from cache the same objects we put in
+        AclImpl aclFromCache = (AclImpl) myCache.getFromCache(new Long(1));
+        // For the checks on transient fields, we need to be sure that the object is being loaded from the cache,
+        // not from the ehcache spool or elsewhere...
+        assertFalse(acl == aclFromCache);
+        assertEquals(acl, aclFromCache);
+        // SEC-951 check transient fields are set on parent
+        assertNotNull(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "aclAuthorizationStrategy"));
+        assertNotNull(FieldUtils.getFieldValue(aclFromCache.getParentAcl(), "auditLogger"));
+        assertEquals(acl, myCache.getFromCache(identity));
+        assertNotNull(FieldUtils.getFieldValue(aclFromCache, "aclAuthorizationStrategy"));
+        AclImpl parentAclFromCache = (AclImpl) myCache.getFromCache(new Long(2));
+        assertEquals(parentAcl, parentAclFromCache);
+        assertNotNull(FieldUtils.getFieldValue(parentAclFromCache, "aclAuthorizationStrategy"));
+        assertEquals(parentAcl, myCache.getFromCache(identityParent));
+    }
+
+    //~ Inner Classes ==================================================================================================
+
+    private class MockEhcache extends Cache {
+        public MockEhcache() {
+            super("cache", 0, true, true, 0, 0);
+        }
+    }
+}

acl/src/test/java/org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.java

@@ -57,7 +57,6 @@ import org.springframework.transaction.annotation.Transactional;
  *
  * @author Ben Alex
  * @author Andrei Stefan
- * @version $Id:JdbcMutableAclServiceTests.java 1754 2006-11-17 02:01:21Z benalex $
  */
 @ContextConfiguration(locations={"/jdbcMutableAclServiceTests-context.xml"})
 public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4SpringContextTests {

acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java

@@ -1,66 +1,66 @@
-package org.springframework.security.acls.sid;
-
-import static org.junit.Assert.*;
-import static org.mockito.Matchers.*;
-import static org.mockito.Mockito.*;
-
-import java.util.List;
-
-import org.junit.Test;
-import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
-import org.springframework.security.acls.domain.GrantedAuthoritySid;
-import org.springframework.security.acls.domain.PrincipalSid;
-import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
-import org.springframework.security.acls.model.Sid;
-import org.springframework.security.acls.model.SidRetrievalStrategy;
-import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.AuthorityUtils;
-
-/**
- * Tests for {@link SidRetrievalStrategyImpl}
- *
- * @author Andrei Stefan
- * @author Luke Taylor
- */
-@SuppressWarnings("unchecked")
-public class SidRetrievalStrategyTests {
-    Authentication authentication = new TestingAuthenticationToken("scott", "password", "A", "B", "C");
-
-    //~ Methods ========================================================================================================
-
-    @Test
-    public void correctSidsAreRetrieved() throws Exception {
-        SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl();
-        List<Sid> sids = retrStrategy.getSids(authentication);
-
-        assertNotNull(sids);
-        assertEquals(4, sids.size());
-        assertNotNull(sids.get(0));
-        assertTrue(sids.get(0) instanceof PrincipalSid);
-
-        for (int i = 1; i < sids.size(); i++) {
-            assertTrue(sids.get(i) instanceof GrantedAuthoritySid);
-        }
-
-        assertEquals("scott", ((PrincipalSid) sids.get(0)).getPrincipal());
-        assertEquals("A", ((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority());
-        assertEquals("B", ((GrantedAuthoritySid) sids.get(2)).getGrantedAuthority());
-        assertEquals("C", ((GrantedAuthoritySid) sids.get(3)).getGrantedAuthority());
-    }
-
-    @Test
-    public void roleHierarchyIsUsedWhenSet() throws Exception {
-        RoleHierarchy rh =  mock(RoleHierarchy.class);
-        List<GrantedAuthority> rhAuthorities = AuthorityUtils.createAuthorityList("D");
-        when(rh.getReachableGrantedAuthorities(anyList())).thenReturn(rhAuthorities);
-        SidRetrievalStrategy strat = new SidRetrievalStrategyImpl(rh);
-
-        List<Sid> sids = strat.getSids(authentication);
-        assertEquals(2, sids.size());
-        assertNotNull(sids.get(0));
-        assertTrue(sids.get(0) instanceof PrincipalSid);
-        assertEquals("D", ((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority());
-    }
-}
+package org.springframework.security.acls.sid;
+
+import static org.junit.Assert.*;
+import static org.mockito.Matchers.*;
+import static org.mockito.Mockito.*;
+
+import java.util.List;
+
+import org.junit.Test;
+import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
+import org.springframework.security.acls.domain.GrantedAuthoritySid;
+import org.springframework.security.acls.domain.PrincipalSid;
+import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
+import org.springframework.security.acls.model.Sid;
+import org.springframework.security.acls.model.SidRetrievalStrategy;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+
+/**
+ * Tests for {@link SidRetrievalStrategyImpl}
+ *
+ * @author Andrei Stefan
+ * @author Luke Taylor
+ */
+@SuppressWarnings("unchecked")
+public class SidRetrievalStrategyTests {
+    Authentication authentication = new TestingAuthenticationToken("scott", "password", "A", "B", "C");
+
+    //~ Methods ========================================================================================================
+
+    @Test
+    public void correctSidsAreRetrieved() throws Exception {
+        SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl();
+        List<Sid> sids = retrStrategy.getSids(authentication);
+
+        assertNotNull(sids);
+        assertEquals(4, sids.size());
+        assertNotNull(sids.get(0));
+        assertTrue(sids.get(0) instanceof PrincipalSid);
+
+        for (int i = 1; i < sids.size(); i++) {
+            assertTrue(sids.get(i) instanceof GrantedAuthoritySid);
+        }
+
+        assertEquals("scott", ((PrincipalSid) sids.get(0)).getPrincipal());
+        assertEquals("A", ((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority());
+        assertEquals("B", ((GrantedAuthoritySid) sids.get(2)).getGrantedAuthority());
+        assertEquals("C", ((GrantedAuthoritySid) sids.get(3)).getGrantedAuthority());
+    }
+
+    @Test
+    public void roleHierarchyIsUsedWhenSet() throws Exception {
+        RoleHierarchy rh =  mock(RoleHierarchy.class);
+        List<GrantedAuthority> rhAuthorities = AuthorityUtils.createAuthorityList("D");
+        when(rh.getReachableGrantedAuthorities(anyList())).thenReturn(rhAuthorities);
+        SidRetrievalStrategy strat = new SidRetrievalStrategyImpl(rh);
+
+        List<Sid> sids = strat.getSids(authentication);
+        assertEquals(2, sids.size());
+        assertNotNull(sids.get(0));
+        assertTrue(sids.get(0) instanceof PrincipalSid);
+        assertEquals("D", ((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority());
+    }
+}

acl/src/test/java/org/springframework/security/acls/sid/SidTests.java

@@ -1,190 +1,190 @@
-package org.springframework.security.acls.sid;
-
-import junit.framework.Assert;
-import junit.framework.TestCase;
-
-import org.springframework.security.acls.domain.GrantedAuthoritySid;
-import org.springframework.security.acls.domain.PrincipalSid;
-import org.springframework.security.acls.model.Sid;
-import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.GrantedAuthorityImpl;
-
-public class SidTests extends TestCase {
-
-    //~ Methods ========================================================================================================
-
-    public void testPrincipalSidConstructorsRequiredFields() throws Exception {
-        // Check one String-argument constructor
-        try {
-            String string = null;
-            new PrincipalSid(string);
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            new PrincipalSid("");
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            new PrincipalSid("johndoe");
-            Assert.assertTrue(true);
-        }
-        catch (IllegalArgumentException notExpected) {
-            Assert.fail("It shouldn't have thrown IllegalArgumentException");
-        }
-
-        // Check one Authentication-argument constructor
-        try {
-            Authentication authentication = null;
-            new PrincipalSid(authentication);
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            Authentication authentication = new TestingAuthenticationToken(null, "password");
-            new PrincipalSid(authentication);
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
-            new PrincipalSid(authentication);
-            Assert.assertTrue(true);
-        }
-        catch (IllegalArgumentException notExpected) {
-            Assert.fail("It shouldn't have thrown IllegalArgumentException");
-        }
-    }
-
-    public void testGrantedAuthoritySidConstructorsRequiredFields() throws Exception {
-        // Check one String-argument constructor
-        try {
-            String string = null;
-            new GrantedAuthoritySid(string);
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            new GrantedAuthoritySid("");
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            new GrantedAuthoritySid("ROLE_TEST");
-            Assert.assertTrue(true);
-        }
-        catch (IllegalArgumentException notExpected) {
-            Assert.fail("It shouldn't have thrown IllegalArgumentException");
-        }
-
-        // Check one GrantedAuthority-argument constructor
-        try {
-            GrantedAuthority ga = null;
-            new GrantedAuthoritySid(ga);
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            GrantedAuthority ga = new GrantedAuthorityImpl(null);
-            new GrantedAuthoritySid(ga);
-            Assert.fail("It should have thrown IllegalArgumentException");
-        }
-        catch (IllegalArgumentException expected) {
-            Assert.assertTrue(true);
-        }
-
-        try {
-            GrantedAuthority ga = new GrantedAuthorityImpl("ROLE_TEST");
-            new GrantedAuthoritySid(ga);
-            Assert.assertTrue(true);
-        }
-        catch (IllegalArgumentException notExpected) {
-            Assert.fail("It shouldn't have thrown IllegalArgumentException");
-        }
-    }
-
-    public void testPrincipalSidEquals() throws Exception {
-        Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
-        Sid principalSid = new PrincipalSid(authentication);
-
-        Assert.assertFalse(principalSid.equals(null));
-        Assert.assertFalse(principalSid.equals("DIFFERENT_TYPE_OBJECT"));
-        Assert.assertTrue(principalSid.equals(principalSid));
-        Assert.assertTrue(principalSid.equals(new PrincipalSid(authentication)));
-        Assert.assertTrue(principalSid.equals(new PrincipalSid(new TestingAuthenticationToken("johndoe", null))));
-        Assert.assertFalse(principalSid.equals(new PrincipalSid(new TestingAuthenticationToken("scott", null))));
-        Assert.assertTrue(principalSid.equals(new PrincipalSid("johndoe")));
-        Assert.assertFalse(principalSid.equals(new PrincipalSid("scott")));
-    }
-
-    public void testGrantedAuthoritySidEquals() throws Exception {
-        GrantedAuthority ga = new GrantedAuthorityImpl("ROLE_TEST");
-        Sid gaSid = new GrantedAuthoritySid(ga);
-
-        Assert.assertFalse(gaSid.equals(null));
-        Assert.assertFalse(gaSid.equals("DIFFERENT_TYPE_OBJECT"));
-        Assert.assertTrue(gaSid.equals(gaSid));
-        Assert.assertTrue(gaSid.equals(new GrantedAuthoritySid(ga)));
-        Assert.assertTrue(gaSid.equals(new GrantedAuthoritySid(new GrantedAuthorityImpl("ROLE_TEST"))));
-        Assert.assertFalse(gaSid.equals(new GrantedAuthoritySid(new GrantedAuthorityImpl("ROLE_NOT_EQUAL"))));
-        Assert.assertTrue(gaSid.equals(new GrantedAuthoritySid("ROLE_TEST")));
-        Assert.assertFalse(gaSid.equals(new GrantedAuthoritySid("ROLE_NOT_EQUAL")));
-    }
-
-    public void testPrincipalSidHashCode() throws Exception {
-        Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
-        Sid principalSid = new PrincipalSid(authentication);
-
-        Assert.assertTrue(principalSid.hashCode() == new String("johndoe").hashCode());
-        Assert.assertTrue(principalSid.hashCode() == new PrincipalSid("johndoe").hashCode());
-        Assert.assertTrue(principalSid.hashCode() != new PrincipalSid("scott").hashCode());
-        Assert.assertTrue(principalSid.hashCode() != new PrincipalSid(new TestingAuthenticationToken("scott", "password")).hashCode());
-    }
-
-    public void testGrantedAuthoritySidHashCode() throws Exception {
-        GrantedAuthority ga = new GrantedAuthorityImpl("ROLE_TEST");
-        Sid gaSid = new GrantedAuthoritySid(ga);
-
-        Assert.assertTrue(gaSid.hashCode() == new String("ROLE_TEST").hashCode());
-        Assert.assertTrue(gaSid.hashCode() == new GrantedAuthoritySid("ROLE_TEST").hashCode());
-        Assert.assertTrue(gaSid.hashCode() != new GrantedAuthoritySid("ROLE_TEST_2").hashCode());
-        Assert.assertTrue(gaSid.hashCode() != new GrantedAuthoritySid(new GrantedAuthorityImpl("ROLE_TEST_2")).hashCode());
-    }
-
-    public void testGetters() throws Exception {
-        Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
-        PrincipalSid principalSid = new PrincipalSid(authentication);
-        GrantedAuthority ga = new GrantedAuthorityImpl("ROLE_TEST");
-        GrantedAuthoritySid gaSid = new GrantedAuthoritySid(ga);
-
-        Assert.assertTrue("johndoe".equals(principalSid.getPrincipal()));
-        Assert.assertFalse("scott".equals(principalSid.getPrincipal()));
-
-        Assert.assertTrue("ROLE_TEST".equals(gaSid.getGrantedAuthority()));
-        Assert.assertFalse("ROLE_TEST2".equals(gaSid.getGrantedAuthority()));
-    }
-}
+package org.springframework.security.acls.sid;
+
+import junit.framework.Assert;
+import junit.framework.TestCase;
+
+import org.springframework.security.acls.domain.GrantedAuthoritySid;
+import org.springframework.security.acls.domain.PrincipalSid;
+import org.springframework.security.acls.model.Sid;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+
+public class SidTests extends TestCase {
+
+    //~ Methods ========================================================================================================
+
+    public void testPrincipalSidConstructorsRequiredFields() throws Exception {
+        // Check one String-argument constructor
+        try {
+            String string = null;
+            new PrincipalSid(string);
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            new PrincipalSid("");
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            new PrincipalSid("johndoe");
+            Assert.assertTrue(true);
+        }
+        catch (IllegalArgumentException notExpected) {
+            Assert.fail("It shouldn't have thrown IllegalArgumentException");
+        }
+
+        // Check one Authentication-argument constructor
+        try {
+            Authentication authentication = null;
+            new PrincipalSid(authentication);
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            Authentication authentication = new TestingAuthenticationToken(null, "password");
+            new PrincipalSid(authentication);
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
+            new PrincipalSid(authentication);
+            Assert.assertTrue(true);
+        }
+        catch (IllegalArgumentException notExpected) {
+            Assert.fail("It shouldn't have thrown IllegalArgumentException");
+        }
+    }
+
+    public void testGrantedAuthoritySidConstructorsRequiredFields() throws Exception {
+        // Check one String-argument constructor
+        try {
+            String string = null;
+            new GrantedAuthoritySid(string);
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            new GrantedAuthoritySid("");
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            new GrantedAuthoritySid("ROLE_TEST");
+            Assert.assertTrue(true);
+        }
+        catch (IllegalArgumentException notExpected) {
+            Assert.fail("It shouldn't have thrown IllegalArgumentException");
+        }
+
+        // Check one GrantedAuthority-argument constructor
+        try {
+            GrantedAuthority ga = null;
+            new GrantedAuthoritySid(ga);
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            GrantedAuthority ga = new GrantedAuthorityImpl(null);
+            new GrantedAuthoritySid(ga);
+            Assert.fail("It should have thrown IllegalArgumentException");
+        }
+        catch (IllegalArgumentException expected) {
+            Assert.assertTrue(true);
+        }
+
+        try {
+            GrantedAuthority ga = new GrantedAuthorityImpl("ROLE_TEST");
+            new GrantedAuthoritySid(ga);
+            Assert.assertTrue(true);
+        }
+        catch (IllegalArgumentException notExpected) {
+            Assert.fail("It shouldn't have thrown IllegalArgumentException");
+        }
+    }
+
+    public void testPrincipalSidEquals() throws Exception {
+        Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
+        Sid principalSid = new PrincipalSid(authentication);
+
+        Assert.assertFalse(principalSid.equals(null));
+        Assert.assertFalse(principalSid.equals("DIFFERENT_TYPE_OBJECT"));
+        Assert.assertTrue(principalSid.equals(principalSid));
+        Assert.assertTrue(principalSid.equals(new PrincipalSid(authentication)));
+        Assert.assertTrue(principalSid.equals(new PrincipalSid(new TestingAuthenticationToken("johndoe", null))));
+        Assert.assertFalse(principalSid.equals(new PrincipalSid(new TestingAuthenticationToken("scott", null))));
+        Assert.assertTrue(principalSid.equals(new PrincipalSid("johndoe")));
+        Assert.assertFalse(principalSid.equals(new PrincipalSid("scott")));
+    }
+
+    public void testGrantedAuthoritySidEquals() throws Exception {
+        GrantedAuthority ga = new GrantedAuthorityImpl("ROLE_TEST");
+        Sid gaSid = new GrantedAuthoritySid(ga);
+
+        Assert.assertFalse(gaSid.equals(null));
+        Assert.assertFalse(gaSid.equals("DIFFERENT_TYPE_OBJECT"));
+        Assert.assertTrue(gaSid.equals(gaSid));
+        Assert.assertTrue(gaSid.equals(new GrantedAuthoritySid(ga)));
+        Assert.assertTrue(gaSid.equals(new GrantedAuthoritySid(new GrantedAuthorityImpl("ROLE_TEST"))));
+        Assert.assertFalse(gaSid.equals(new GrantedAuthoritySid(new GrantedAuthorityImpl("ROLE_NOT_EQUAL"))));
+        Assert.assertTrue(gaSid.equals(new GrantedAuthoritySid("ROLE_TEST")));
+        Assert.assertFalse(gaSid.equals(new GrantedAuthoritySid("ROLE_NOT_EQUAL")));
+    }
+
+    public void testPrincipalSidHashCode() throws Exception {
+        Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
+        Sid principalSid = new PrincipalSid(authentication);
+
+        Assert.assertTrue(principalSid.hashCode() == new String("johndoe").hashCode());
+        Assert.assertTrue(principalSid.hashCode() == new PrincipalSid("johndoe").hashCode());
+        Assert.assertTrue(principalSid.hashCode() != new PrincipalSid("scott").hashCode());
+        Assert.assertTrue(principalSid.hashCode() != new PrincipalSid(new TestingAuthenticationToken("scott", "password")).hashCode());
+    }
+
+    public void testGrantedAuthoritySidHashCode() throws Exception {
+        GrantedAuthority ga = new GrantedAuthorityImpl("ROLE_TEST");
+        Sid gaSid = new GrantedAuthoritySid(ga);
+
+        Assert.assertTrue(gaSid.hashCode() == new String("ROLE_TEST").hashCode());
+        Assert.assertTrue(gaSid.hashCode() == new GrantedAuthoritySid("ROLE_TEST").hashCode());
+        Assert.assertTrue(gaSid.hashCode() != new GrantedAuthoritySid("ROLE_TEST_2").hashCode());
+        Assert.assertTrue(gaSid.hashCode() != new GrantedAuthoritySid(new GrantedAuthorityImpl("ROLE_TEST_2")).hashCode());
+    }
+
+    public void testGetters() throws Exception {
+        Authentication authentication = new TestingAuthenticationToken("johndoe", "password");
+        PrincipalSid principalSid = new PrincipalSid(authentication);
+        GrantedAuthority ga = new GrantedAuthorityImpl("ROLE_TEST");
+        GrantedAuthoritySid gaSid = new GrantedAuthoritySid(ga);
+
+        Assert.assertTrue("johndoe".equals(principalSid.getPrincipal()));
+        Assert.assertFalse("scott".equals(principalSid.getPrincipal()));
+
+        Assert.assertTrue("ROLE_TEST".equals(gaSid.getGrantedAuthority()));
+        Assert.assertFalse("ROLE_TEST2".equals(gaSid.getGrantedAuthority()));
+    }
+}

acl/src/test/resources/jdbcMutableAclServiceTests-context.xml

@@ -1,84 +1,83 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-
-<!--
-  - Application context containing business beans.
-  -
-  - Used by all artifacts.
-  -
-  - $Id:applicationContext-test.xml 1754 2006-11-17 02:01:21Z benalex $
-  -->
-
-<beans>
-    <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
-        <property name="dataSource" ref="dataSource"/>
-    </bean>
-
-    <bean id="aclCache" class="org.springframework.security.acls.domain.EhCacheBasedAclCache">
-        <constructor-arg>
-           <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
-              <property name="cacheManager">
-                <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
-              </property>
-              <property name="cacheName" value="aclCache"/>
-           </bean>
-        </constructor-arg>
-    </bean>
-
-    <bean id="lookupStrategy" class="org.springframework.security.acls.jdbc.BasicLookupStrategy">
-        <constructor-arg ref="dataSource"/>
-        <constructor-arg ref="aclCache"/>
-        <constructor-arg ref="aclAuthorizationStrategy"/>
-        <constructor-arg>
-            <bean class="org.springframework.security.acls.domain.ConsoleAuditLogger"/>
-        </constructor-arg>
-    </bean>
-
-    <bean id="aclAuthorizationStrategy" class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
-        <constructor-arg>
-            <list>
-                <bean class="org.springframework.security.core.authority.GrantedAuthorityImpl">
-                    <constructor-arg value="ROLE_ADMINISTRATOR"/>
-                </bean>
-                <bean class="org.springframework.security.core.authority.GrantedAuthorityImpl">
-                    <constructor-arg value="ROLE_ADMINISTRATOR"/>
-                </bean>
-                <bean class="org.springframework.security.core.authority.GrantedAuthorityImpl">
-                    <constructor-arg value="ROLE_ADMINISTRATOR"/>
-                </bean>
-            </list>
-        </constructor-arg>
-    </bean>
-
-    <bean id="aclService" class="org.springframework.security.acls.jdbc.JdbcMutableAclService">
-        <constructor-arg ref="dataSource"/>
-        <constructor-arg ref="lookupStrategy"/>
-        <constructor-arg ref="aclCache"/>
-
-<!-- Uncomment to use PostgreSQL
-        <property name="classIdentityQuery" value="select currval(pg_get_serial_sequence('acl_class', 'id'))"/>
-        <property name="sidIdentityQuery" value="select currval(pg_get_serial_sequence('acl_sid', 'id'))"/>
- -->
-    </bean>
-
-<!-- PostgreSQL DataSource configuration
-
-    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
-        <property name="driverClassName" value="org.postgresql.Driver"/>
-        <property name="url" value="jdbc:postgresql://localhost:5432/acltest"/>
-        <property name="username" value="acltest"/>
-        <property name="password" value="acltest"/>
-    </bean>
- -->
-    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
-        <property name="driverClassName" value="org.hsqldb.jdbcDriver"/>
-        <property name="url" value="jdbc:hsqldb:mem:acltest"/>
-        <property name="username" value="sa"/>
-        <property name="password" value=""/>
-    </bean>
-
-    <bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
-        <property name="dataSource" ref="dataSource"/>
-    </bean>
-
-</beans>
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+
+<!--
+  - Application context containing business beans.
+  -
+  - Used by all artifacts.
+  -
+  -->
+
+<beans>
+    <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
+        <property name="dataSource" ref="dataSource"/>
+    </bean>
+
+    <bean id="aclCache" class="org.springframework.security.acls.domain.EhCacheBasedAclCache">
+        <constructor-arg>
+           <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
+              <property name="cacheManager">
+                <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
+              </property>
+              <property name="cacheName" value="aclCache"/>
+           </bean>
+        </constructor-arg>
+    </bean>
+
+    <bean id="lookupStrategy" class="org.springframework.security.acls.jdbc.BasicLookupStrategy">
+        <constructor-arg ref="dataSource"/>
+        <constructor-arg ref="aclCache"/>
+        <constructor-arg ref="aclAuthorizationStrategy"/>
+        <constructor-arg>
+            <bean class="org.springframework.security.acls.domain.ConsoleAuditLogger"/>
+        </constructor-arg>
+    </bean>
+
+    <bean id="aclAuthorizationStrategy" class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
+        <constructor-arg>
+            <list>
+                <bean class="org.springframework.security.core.authority.GrantedAuthorityImpl">
+                    <constructor-arg value="ROLE_ADMINISTRATOR"/>
+                </bean>
+                <bean class="org.springframework.security.core.authority.GrantedAuthorityImpl">
+                    <constructor-arg value="ROLE_ADMINISTRATOR"/>
+                </bean>
+                <bean class="org.springframework.security.core.authority.GrantedAuthorityImpl">
+                    <constructor-arg value="ROLE_ADMINISTRATOR"/>
+                </bean>
+            </list>
+        </constructor-arg>
+    </bean>
+
+    <bean id="aclService" class="org.springframework.security.acls.jdbc.JdbcMutableAclService">
+        <constructor-arg ref="dataSource"/>
+        <constructor-arg ref="lookupStrategy"/>
+        <constructor-arg ref="aclCache"/>
+
+<!-- Uncomment to use PostgreSQL
+        <property name="classIdentityQuery" value="select currval(pg_get_serial_sequence('acl_class', 'id'))"/>
+        <property name="sidIdentityQuery" value="select currval(pg_get_serial_sequence('acl_sid', 'id'))"/>
+ -->
+    </bean>
+
+<!-- PostgreSQL DataSource configuration
+
+    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
+        <property name="driverClassName" value="org.postgresql.Driver"/>
+        <property name="url" value="jdbc:postgresql://localhost:5432/acltest"/>
+        <property name="username" value="acltest"/>
+        <property name="password" value="acltest"/>
+    </bean>
+ -->
+    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
+        <property name="driverClassName" value="org.hsqldb.jdbcDriver"/>
+        <property name="url" value="jdbc:hsqldb:mem:acltest"/>
+        <property name="username" value="sa"/>
+        <property name="password" value=""/>
+    </bean>
+
+    <bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
+        <property name="dataSource" ref="dataSource"/>
+    </bean>
+
+</beans>

cas/src/main/java/org/springframework/security/cas/SamlServiceProperties.java

@@ -18,7 +18,6 @@ package org.springframework.security.cas;
  * Sets the appropriate parameters for CAS's implementation of SAML (which is not guaranteed to be actually SAML compliant).
  *
  * @author Scott Battaglia
- * @version $Revision$ $Date$
  * @since 3.0
  */
 public final class SamlServiceProperties extends ServiceProperties {

cas/src/main/java/org/springframework/security/cas/ServiceProperties.java

@@ -27,7 +27,6 @@ import org.springframework.util.Assert;
  * that is being secured by Spring Security.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class ServiceProperties implements InitializingBean {
 

cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java

@@ -24,7 +24,6 @@ import org.springframework.security.core.GrantedAuthority;
  * Temporary authentication object needed to load the user details service.
  *
  * @author Scott Battaglia
- * @version $Id$
  * @since 3.0
  */
 public final class CasAssertionAuthenticationToken extends AbstractAuthenticationToken {

cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java

@@ -46,7 +46,6 @@ import org.springframework.util.Assert;
  *
  * @author Ben Alex
  * @author Scott Battaglia
- * @version $Id$
  */
 public class CasAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
 

cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java

@@ -28,7 +28,6 @@ import org.springframework.security.core.userdetails.UserDetails;
  *
  * @author Ben Alex
  * @author Scott Battaglia
- * @version $Id$
  */
 public class CasAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
     //~ Instance fields ================================================================================================

cas/src/main/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCache.java

@@ -34,7 +34,6 @@ import org.springframework.util.Assert;
  * Caches tickets using a Spring IoC defined <A HREF="http://ehcache.sourceforge.net">EHCACHE</a>.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class EhCacheBasedTicketCache implements StatelessTicketCache, InitializingBean {
     //~ Static fields/initializers =====================================================================================

cas/src/main/java/org/springframework/security/cas/authentication/NullStatelessTicketCache.java

@@ -1,60 +1,59 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.cas.authentication;
-
-
-/**
- * Implementation of @link {@link StatelessTicketCache} that has no backing cache.  Useful
- * in instances where storing of tickets for stateless session management is not required.
- * <p>
- * This is the default StatelessTicketCache of the @link {@link CasAuthenticationProvider} to
- * eliminate the unnecessary dependency on EhCache that applications have even if they are not using
- * the stateless session management.
- * 
- * @author Scott Battaglia
- * @version $Id$
- *
- *@see CasAuthenticationProvider
- */
-public final class NullStatelessTicketCache implements StatelessTicketCache {
-
-    /**
-     * @return null since we are not storing any tickets.
-     */
-    public CasAuthenticationToken getByTicketId(final String serviceTicket) {
-        return null;
-    }
-
-    /**
-     * This is a no-op since we are not storing tickets.
-     */
-    public void putTicketInCache(final CasAuthenticationToken token) {
-        // nothing to do
-    }
-
-    /**
-     * This is a no-op since we are not storing tickets.
-     */
-    public void removeTicketFromCache(final CasAuthenticationToken token) {
-        // nothing to do
-    }
-
-    /**
-     * This is a no-op since we are not storing tickets.
-     */
-    public void removeTicketFromCache(final String serviceTicket) {
-        // nothing to do
-    }
-}
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.cas.authentication;
+
+
+/**
+ * Implementation of @link {@link StatelessTicketCache} that has no backing cache.  Useful
+ * in instances where storing of tickets for stateless session management is not required.
+ * <p>
+ * This is the default StatelessTicketCache of the @link {@link CasAuthenticationProvider} to
+ * eliminate the unnecessary dependency on EhCache that applications have even if they are not using
+ * the stateless session management.
+ *
+ * @author Scott Battaglia
+ *
+ *@see CasAuthenticationProvider
+ */
+public final class NullStatelessTicketCache implements StatelessTicketCache {
+
+    /**
+     * @return null since we are not storing any tickets.
+     */
+    public CasAuthenticationToken getByTicketId(final String serviceTicket) {
+        return null;
+    }
+
+    /**
+     * This is a no-op since we are not storing tickets.
+     */
+    public void putTicketInCache(final CasAuthenticationToken token) {
+        // nothing to do
+    }
+
+    /**
+     * This is a no-op since we are not storing tickets.
+     */
+    public void removeTicketFromCache(final CasAuthenticationToken token) {
+        // nothing to do
+    }
+
+    /**
+     * This is a no-op since we are not storing tickets.
+     */
+    public void removeTicketFromCache(final String serviceTicket) {
+        // nothing to do
+    }
+}

cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java

@@ -57,7 +57,6 @@ package org.springframework.security.cas.authentication;
  * </p>
  *
  * @author Ben Alex
- * @version $Id$
  */
 public interface StatelessTicketCache {
     //~ Methods ================================================================

cas/src/main/java/org/springframework/security/cas/userdetails/AbstractCasAssertionUserDetailsService.java

@@ -27,7 +27,6 @@ import org.jasig.cas.client.validation.Assertion;
  * useful when combined with a SAML-based response from the CAS Server/client.
  *
  * @author Scott Battaglia
- * @version $Revision$ $Date$
  * @since 3.0
  */
 public abstract class AbstractCasAssertionUserDetailsService implements AuthenticationUserDetailsService {

cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java

@@ -30,7 +30,6 @@ import java.util.ArrayList;
  * value then its not added.
  *
  * @author Scott Battaglia
- * @version $Revision$ $Date$
  * @since 3.0
  */
 public final class GrantedAuthorityFromAssertionAttributesUserDetailsService extends AbstractCasAssertionUserDetailsService {

cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java

@@ -33,7 +33,7 @@ import org.springframework.util.Assert;
  * Used by the <code>ExceptionTranslationFilter</code> to commence authentication via the JA-SIG Central
  * Authentication Service (CAS).
  * <p>
- * The user's browser will be redirected to the JA-SIG CAS enterprise-wide login page. 
+ * The user's browser will be redirected to the JA-SIG CAS enterprise-wide login page.
  * This page is specified by the <code>loginUrl</code> property. Once login is complete, the CAS login page will
  * redirect to the page indicated by the <code>service</code> property. The <code>service</code> is a HTTP URL
  * belonging to the current application. The <code>service</code> URL is monitored by the {@link CasAuthenticationFilter},
@@ -41,7 +41,6 @@ import org.springframework.util.Assert;
  *
  * @author Ben Alex
  * @author Scott Battaglia
- * @version $Id$
  */
 public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
     //~ Instance fields ================================================================================================
@@ -83,7 +82,7 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, In
      * Constructs a new Service Url.  The default implementation relies on the CAS client to do the bulk of the work.
      * @param request the HttpServletRequest
      * @param response the HttpServlet Response
-     * @return the constructed service url.  CANNOT be NULL.  
+     * @return the constructed service url.  CANNOT be NULL.
      */
     protected String createServiceUrl(final HttpServletRequest request, final HttpServletResponse response) {
         return CommonUtils.constructServiceUrl(null, response, this.serviceProperties.getService(), null, this.serviceProperties.getArtifactParameter(), this.encodeServiceUrlWithSessionId);
@@ -101,7 +100,7 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, In
 
     /**
      * Template method for you to do your own pre-processing before the redirect occurs.
-     * 
+     *
      * @param request the HttpServletRequest
      * @param response the HttpServletResponse
      */

cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java

@@ -54,7 +54,6 @@ import org.springframework.security.web.authentication.AbstractAuthenticationPro
  * By default this filter processes the URL <tt>/j_spring_cas_security_check</tt>.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
     //~ Static fields/initializers =====================================================================================

cas/src/main/java/org/springframework/security/cas/web/package.html

@@ -1,6 +1,6 @@
 <html>
 <body>
-Authenticates standard web browser users via 
+Authenticates standard web browser users via
 JA-SIG Central Authentication Service (CAS).
 </body>
 </html>

cas/src/test/java/org/springframework/security/cas/authentication/AbstractStatelessTicketCacheTests.java

@@ -1,32 +1,31 @@
-package org.springframework.security.cas.authentication;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.jasig.cas.client.validation.Assertion;
-import org.jasig.cas.client.validation.AssertionImpl;
-import org.springframework.security.cas.authentication.CasAuthenticationToken;
-import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.core.userdetails.User;
-
-/**
- *
- * @author Scott Battaglia
- * @version $Id$
- * @since 2.0
- *
- */
-public abstract class AbstractStatelessTicketCacheTests {
-
-    protected CasAuthenticationToken getToken() {
-        List<String> proxyList = new ArrayList<String>();
-        proxyList.add("https://localhost/newPortal/j_spring_cas_security_check");
-
-        User user = new User("rod", "password", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
-        final Assertion assertion = new AssertionImpl("rod");
-
-        return new CasAuthenticationToken("key", user, "ST-0-ER94xMJmn6pha35CQRoZ",
-                AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), user, assertion);
-    }
-
-}
+package org.springframework.security.cas.authentication;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.jasig.cas.client.validation.Assertion;
+import org.jasig.cas.client.validation.AssertionImpl;
+import org.springframework.security.cas.authentication.CasAuthenticationToken;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.userdetails.User;
+
+/**
+ *
+ * @author Scott Battaglia
+ * @since 2.0
+ *
+ */
+public abstract class AbstractStatelessTicketCacheTests {
+
+    protected CasAuthenticationToken getToken() {
+        List<String> proxyList = new ArrayList<String>();
+        proxyList.add("https://localhost/newPortal/j_spring_cas_security_check");
+
+        User user = new User("rod", "password", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
+        final Assertion assertion = new AssertionImpl("rod");
+
+        return new CasAuthenticationToken("key", user, "ST-0-ER94xMJmn6pha35CQRoZ",
+                AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), user, assertion);
+    }
+
+}

cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java

@@ -46,7 +46,6 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
  *
  * @author Ben Alex
  * @author Scott Battaglia
- * @version $Id$
  */
 public class CasAuthenticationProviderTests {
     //~ Methods ========================================================================================================

cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java

@@ -32,7 +32,6 @@ import org.springframework.security.core.userdetails.UserDetails;
  * Tests {@link CasAuthenticationToken}.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class CasAuthenticationTokenTests extends TestCase {
     private final List<GrantedAuthority> ROLES = AuthorityUtils.createAuthorityList("ROLE_ONE","ROLE_TWO");

cas/src/test/java/org/springframework/security/cas/authentication/EhCacheBasedTicketCacheTests.java

@@ -32,7 +32,6 @@ import static org.junit.Assert.*;
  * Tests {@link EhCacheBasedTicketCache}.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class EhCacheBasedTicketCacheTests extends AbstractStatelessTicketCacheTests {
     private static CacheManager cacheManager;
@@ -55,7 +54,7 @@ public class EhCacheBasedTicketCacheTests extends AbstractStatelessTicketCacheTe
         EhCacheBasedTicketCache cache = new EhCacheBasedTicketCache();
         cache.setCache(cacheManager.getCache("castickets"));
         cache.afterPropertiesSet();
-        
+
         final CasAuthenticationToken token = getToken();
 
         // Check it gets stored in the cache

cas/src/test/java/org/springframework/security/cas/authentication/NullStatelessTicketCacheTests.java

@@ -1,48 +1,47 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.cas.authentication;
-
-
-import org.junit.Test;
-import org.springframework.security.cas.authentication.CasAuthenticationToken;
-import org.springframework.security.cas.authentication.NullStatelessTicketCache;
-import org.springframework.security.cas.authentication.StatelessTicketCache;
-
-import static org.junit.Assert.*;
-
-/**
- * Test cases for the @link {@link NullStatelessTicketCache}
- * 
- * @author Scott Battaglia
- * @version $Id$
- *
- */
-public class NullStatelessTicketCacheTests extends AbstractStatelessTicketCacheTests {
-
-    private StatelessTicketCache cache = new NullStatelessTicketCache();
-    
-    @Test
-    public void testGetter() {
-        assertNull(cache.getByTicketId(null));
-        assertNull(cache.getByTicketId("test"));
-    }
-    
-    @Test
-    public void testInsertAndGet() {
-        final CasAuthenticationToken token = getToken();
-        cache.putTicketInCache(token);
-        assertNull(cache.getByTicketId((String) token.getCredentials()));
-    }
-}
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.cas.authentication;
+
+
+import org.junit.Test;
+import org.springframework.security.cas.authentication.CasAuthenticationToken;
+import org.springframework.security.cas.authentication.NullStatelessTicketCache;
+import org.springframework.security.cas.authentication.StatelessTicketCache;
+
+import static org.junit.Assert.*;
+
+/**
+ * Test cases for the @link {@link NullStatelessTicketCache}
+ *
+ * @author Scott Battaglia
+ *
+ */
+public class NullStatelessTicketCacheTests extends AbstractStatelessTicketCacheTests {
+
+    private StatelessTicketCache cache = new NullStatelessTicketCache();
+
+    @Test
+    public void testGetter() {
+        assertNull(cache.getByTicketId(null));
+        assertNull(cache.getByTicketId("test"));
+    }
+
+    @Test
+    public void testInsertAndGet() {
+        final CasAuthenticationToken token = getToken();
+        cache.putTicketInCache(token);
+        assertNull(cache.getByTicketId((String) token.getCredentials()));
+    }
+}

cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java

@@ -29,7 +29,6 @@ import java.net.URLEncoder;
  * Tests {@link CasAuthenticationEntryPoint}.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class CasAuthenticationEntryPointTests extends TestCase {
     //~ Methods ========================================================================================================

cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java

@@ -30,7 +30,6 @@ import org.springframework.security.core.AuthenticationException;
  * Tests {@link CasAuthenticationFilter}.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class CasAuthenticationFilterTests {
     //~ Methods ========================================================================================================

cas/src/test/java/org/springframework/security/cas/web/ServicePropertiesTests.java

@@ -24,7 +24,6 @@ import junit.framework.TestCase;
  * Tests {@link ServiceProperties}.
  *
  * @author Ben Alex
- * @version $Id$
  */
 public class ServicePropertiesTests extends TestCase {
     //~ Methods ========================================================================================================

config/src/main/java/org/springframework/security/config/BeanIds.java

@@ -6,7 +6,6 @@ package org.springframework.security.config;
  * These are intended for internal use.
  *
  * @author Ben Alex
- * @version $Id: BeanIds.java 3770 2009-07-15 23:09:47Z ltaylor $
  */
 public abstract class BeanIds {
     private static final String PREFIX = "org.springframework.security.";

config/src/main/java/org/springframework/security/config/Elements.java

@@ -4,7 +4,6 @@ package org.springframework.security.config;
  * Contains all the element names used by Spring Security 2 namespace support.
  *
  * @author Ben Alex
- * @version $Id: Elements.java 3697 2009-06-08 12:59:13Z ltaylor $
  */
 public abstract class Elements {
 

config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java

@@ -31,7 +31,6 @@ import org.w3c.dom.Node;
  * @author Luke Taylor
  * @author Ben Alex
  * @since 2.0
- * @version $Id$
  */
 public final class SecurityNamespaceHandler implements NamespaceHandler {
     private final Map<String, BeanDefinitionParser> parsers = new HashMap<String, BeanDefinitionParser>();

config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java

@@ -17,7 +17,6 @@ import org.w3c.dom.Element;
 
 /**
  * @author Luke Taylor
- * @version $Id$
  */
 public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements BeanDefinitionParser {
     static final String CACHE_REF = "cache-ref";

config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java

@@ -31,7 +31,6 @@ import org.w3c.dom.NodeList;
  * coming from.
  *
  * @author Luke Taylor
- * @version $Id$
  */
 public class AuthenticationManagerBeanDefinitionParser implements BeanDefinitionParser {
     private static final String ATT_ALIAS = "alias";

config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java

@@ -15,7 +15,6 @@ import org.springframework.security.config.BeanIds;
  * the <authentication-manager> element.
  *
  * @author Luke Taylor
- * @version $Id$
  * @since 3.0
  */
 public class AuthenticationManagerFactoryBean implements FactoryBean<AuthenticationManager>, BeanFactoryAware {

config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java

@@ -17,7 +17,6 @@ import org.w3c.dom.Element;
  * ProviderManager.
  *
  * @author Luke Taylor
- * @version $Id$
  */
 public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitionParser {
     private static String ATT_USER_DETAILS_REF = "user-service-ref";

config/src/main/java/org/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java

@@ -9,7 +9,6 @@ import org.w3c.dom.Element;
 
 /**
  * @author Luke Taylor
- * @version $Id$
  */
 public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser {
     static final String ATT_DATA_SOURCE = "data-source-ref";