SEC-562: Changing constants and key names.

core/src/main/java/org/springframework/security/context/HttpSessionContextIntegrationFilter.java

@@ -106,7 +106,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
 
     static final String FILTER_APPLIED = "__acegi_session_integration_filter_applied";
 
-    public static final String ACEGI_SECURITY_CONTEXT_KEY = "ACEGI_SECURITY_CONTEXT";
+    public static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
 
     //~ Instance fields ================================================================================================
 
@@ -224,7 +224,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
             }
         } else {
             if (logger.isDebugEnabled()) {
-                logger.debug("Obtained a valid SecurityContext from ACEGI_SECURITY_CONTEXT to "
+                logger.debug("Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT to "
                         + "associate with SecurityContextHolder: '" + contextBeforeChainExecution + "'");
             }
         }
@@ -293,11 +293,11 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
 
         // Session exists, so try to obtain a context from it.
 
-        Object contextFromSessionObject = httpSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY);
+        Object contextFromSessionObject = httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY);
 
         if (contextFromSessionObject == null) {
             if (logger.isDebugEnabled()) {
-                logger.debug("HttpSession returned null object for ACEGI_SECURITY_CONTEXT");
+                logger.debug("HttpSession returned null object for SPRING_SECURITY_CONTEXT");
             }
 
             return null;
@@ -323,7 +323,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
 
         if (!(contextFromSessionObject instanceof SecurityContext)) {
             if (logger.isWarnEnabled()) {
-                logger.warn("ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
+                logger.warn("SPRING_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
                         + contextFromSessionObject
                         + "'; are you improperly modifying the HttpSession directly "
                         + "(you should always use SecurityContextHolder) or using the HttpSession attribute "
@@ -405,7 +405,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
         // If HttpSession exists, store current SecurityContextHolder contents but only if
         // the SecurityContext has actually changed (see JIRA SEC-37)
         if (httpSession != null && securityContext.hashCode() != contextHashBeforeChainExecution) {
-            httpSession.setAttribute(ACEGI_SECURITY_CONTEXT_KEY, securityContext);
+            httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext);
 
             if (logger.isDebugEnabled()) {
                 logger.debug("SecurityContext stored to HttpSession: '" + securityContext + "'");

core/src/main/java/org/springframework/security/providers/jaas/JaasAuthenticationProvider.java

@@ -321,7 +321,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
      */
     protected void handleLogout(HttpSessionDestroyedEvent event) {
         SecurityContext context = (SecurityContext)
-                event.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY);
+                event.getSession().getAttribute(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY);
 
         if (context == null) {
             log.debug("The destroyed session has no SecurityContext");

core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java

@@ -71,7 +71,7 @@ import javax.servlet.http.HttpSession;
  * <p>
  * If authentication fails, the <code>AuthenticationException</code> will be
  * placed into the <code>HttpSession</code> with the attribute defined by
- * {@link #ACEGI_SECURITY_LAST_EXCEPTION_KEY}.
+ * {@link #SPRING_SECURITY_LAST_EXCEPTION_KEY}.
  * </p>
  * <p>
  * To use this filter, it is necessary to specify the following properties:
@@ -79,7 +79,7 @@ import javax.servlet.http.HttpSession;
  * <ul>
  * <li><code>defaultTargetUrl</code> indicates the URL that should be used
  * for redirection if the <code>HttpSession</code> attribute named
- * {@link #ACEGI_SAVED_REQUEST_KEY} does not indicate the target URL once
+ * {@link #SPRING_SECURITY_SAVED_REQUEST_KEY} does not indicate the target URL once
  * authentication is completed successfully. eg: <code>/</code>. The
  * <code>defaultTargetUrl</code> will be treated as relative to the web-app's
  * context path, and should include the leading <code>/</code>.
@@ -93,7 +93,7 @@ import javax.servlet.http.HttpSession;
  * <li><code>alwaysUseDefaultTargetUrl</code> causes successful
  * authentication to always redirect to the <code>defaultTargetUrl</code>,
  * even if the <code>HttpSession</code> attribute named {@link
- * #ACEGI_SAVED_REQUEST_KEY} defines the intended target URL.</li>
+ * # SPRING_SECURITY_SAVED_REQUEST_KEY} defines the intended target URL.</li>
  * </ul>
  * <p>
  * To configure this filter to redirect to specific pages as the result of
@@ -143,9 +143,9 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 		MessageSourceAware {
 	//~ Static fields/initializers =====================================================================================
 
-	public static final String ACEGI_SAVED_REQUEST_KEY = "ACEGI_SAVED_REQUEST_KEY";
+	public static final String SPRING_SECURITY_SAVED_REQUEST_KEY = "SPRING_SECURITY_SAVED_REQUEST_KEY";
 
-	public static final String ACEGI_SECURITY_LAST_EXCEPTION_KEY = "ACEGI_SECURITY_LAST_EXCEPTION";
+	public static final String SPRING_SECURITY_LAST_EXCEPTION_KEY = "SPRING_SECURITY_LAST_EXCEPTION";
 
 	//~ Instance fields ================================================================================================
 
@@ -168,7 +168,7 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 
 	/**
 	 * Where to redirect the browser to if authentication is successful but
-	 * ACEGI_SAVED_REQUEST_KEY is <code>null</code>
+	 * SPRING_SECURITY_SAVED_REQUEST_KEY is <code>null</code>
 	 */
 	private String defaultTargetUrl;
 
@@ -349,7 +349,7 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 	}
 
 	public static String obtainFullRequestUrl(HttpServletRequest request) {
-		SavedRequest savedRequest = (SavedRequest) request.getSession().getAttribute(ACEGI_SAVED_REQUEST_KEY);
+		SavedRequest savedRequest = (SavedRequest) request.getSession().getAttribute(SPRING_SECURITY_SAVED_REQUEST_KEY);
 
 		return (savedRequest == null) ? null : savedRequest.getFullRequestUrl();
 	}
@@ -575,7 +575,7 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 		}
 
 		try {
-			request.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY, failed);
+			request.getSession().setAttribute(SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
 		}
 		catch (Exception ignored) {
 		}

core/src/main/java/org/springframework/security/ui/AccessDeniedHandlerImpl.java

@@ -36,7 +36,7 @@ import javax.servlet.http.HttpServletResponse;
  * "forward" to the specified error page view. Being a "forward", the <code>SecurityContextHolder</code> will remain
  * populated. This is of benefit if the view (or a tag library or macro) wishes to access the
  * <code>SecurityContextHolder</code>. The request scope will also be populated with the exception itself, available
- * from the key {@link #ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY}.</p>
+ * from the key {@link #SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY}.</p>
  *
  * @author Ben Alex
  * @version $Id$
@@ -44,7 +44,7 @@ import javax.servlet.http.HttpServletResponse;
 public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
     //~ Static fields/initializers =====================================================================================
 
-    public static final String ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY = "ACEGI_SECURITY_403_EXCEPTION";
+    public static final String SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY = "SPRING_SECURITY_403_EXCEPTION";
     protected static final Log logger = LogFactory.getLog(AccessDeniedHandlerImpl.class);
 
     //~ Instance fields ================================================================================================
@@ -57,7 +57,7 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
         throws IOException, ServletException {
         if (errorPage != null) {
             // Put exception into request scope (perhaps of use to a view)
-            ((HttpServletRequest) request).setAttribute(ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY,
+            ((HttpServletRequest) request).setAttribute(SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY,
                 accessDeniedException);
 
             // Perform RequestDispatcher "forward"

core/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java

@@ -216,7 +216,7 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
 		if (createSessionAllowed) {
 			// Store the HTTP request itself. Used by AbstractProcessingFilter
 			// for redirection after successful authentication (SEC-29)
-			httpRequest.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY, savedRequest);
+			httpRequest.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY, savedRequest);
 		}
 
 		// SEC-112: Clear the SecurityContextHolder's Authentication, as the

core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java

@@ -104,7 +104,7 @@ import org.springframework.web.bind.RequestUtils;
 public class TokenBasedRememberMeServices implements RememberMeServices, InitializingBean, LogoutHandler {
 	//~ Static fields/initializers =====================================================================================
 
-	public static final String ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY = "ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE";
+	public static final String SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY = "SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE";
 
 	public static final String DEFAULT_PARAMETER = "_acegi_security_remember_me";
 
@@ -124,7 +124,7 @@ public class TokenBasedRememberMeServices implements RememberMeServices, Initial
 
 	private boolean alwaysRemember = false;
 
-	private String cookieName = ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY;
+	private String cookieName = SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY;
 
 	//~ Methods ========================================================================================================
 

core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java

@@ -104,7 +104,7 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
 
     // ~ Static fields/initializers
     // =============================================
-    public static final String ACEGI_SECURITY_SWITCH_USERNAME_KEY = "j_username";
+    public static final String SPRING_SECURITY_SWITCH_USERNAME_KEY = "j_username";
     public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR";
 
     //~ Instance fields ================================================================================================
@@ -197,7 +197,7 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
         throws AuthenticationException {
         UsernamePasswordAuthenticationToken targetUserRequest = null;
 
-        String username = request.getParameter(ACEGI_SECURITY_SWITCH_USERNAME_KEY);
+        String username = request.getParameter(SPRING_SECURITY_SWITCH_USERNAME_KEY);
 
         if (username == null) {
             username = "";

core/src/main/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilter.java

@@ -32,7 +32,7 @@ import javax.servlet.http.HttpServletRequest;
  * Processes an authentication form.
  * <p>Login forms must present two parameters to this filter: a username and
  * password. The default parameter names to use are contained in the
- * static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY} and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.
+ * static fields {@link #SPRING_SECURITY_FORM_USERNAME_KEY} and {@link #SPRING_SECURITY_FORM_PASSWORD_KEY}.
  * The parameter names can also be changed by setting the <tt>usernameParameter</tt> and <tt>passwordParameter</tt>
  * properties.
  * </p>
@@ -47,12 +47,12 @@ import javax.servlet.http.HttpServletRequest;
 public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
     //~ Static fields/initializers =====================================================================================
 
-    public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "j_username";
-    public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
-    public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
+    public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";
+    public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";
+    public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SECURITY_SECURITY_LAST_USERNAME";
 
-    private String usernameParameter = ACEGI_SECURITY_FORM_USERNAME_KEY;
-    private String passwordParameter = ACEGI_SECURITY_FORM_PASSWORD_KEY;
+    private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;
+    private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;
 
     //~ Methods ========================================================================================================
 
@@ -73,7 +73,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
         UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
 
         // Place the last username attempted into HttpSession for views
-        request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY, username);
+        request.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY, username);
 
         // Allow subclasses to set the "details" property
         setDetails(request, authRequest);

core/src/main/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilter.java

@@ -39,8 +39,8 @@ import javax.servlet.http.HttpServletResponse;
  * next paragraph). This allows applications to optionally function even when their Siteminder infrastructure is
  * unavailable, as is often the case during development.</p>
  *  <P><B>Login forms</B> must present two <B>parameters</B> to this filter: a username and password. If not
- * specified, the parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY}
- * and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p>
+ * specified, the parameter names to use are contained in the static fields {@link #SPRING_SECURITY_FORM_USERNAME_KEY}
+ * and {@link #SPRING_SECURITY_FORM_PASSWORD_KEY}.</p>
  *  <P><B>Do not use this class directly.</B> Instead, configure <code>web.xml</code> to use the {@link
  * org.springframework.security.util.FilterToBeanProxy}.</p>
  */
@@ -101,7 +101,7 @@ public class SiteminderAuthenticationProcessingFilter extends AuthenticationProc
             if ((formUsernameParameterKey != null) && (formUsernameParameterKey.length() > 0)) {
                 username = request.getParameter(formUsernameParameterKey);
             } else {
-                username = request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
+                username = request.getParameter(SPRING_SECURITY_FORM_USERNAME_KEY);
             }
 
             password = obtainPassword(request);
@@ -130,7 +130,7 @@ public class SiteminderAuthenticationProcessingFilter extends AuthenticationProc
         setDetails(request, authRequest);
 
         // Place the last username attempted into HttpSession for views
-        request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY, username);
+        request.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY, username);
 
         return this.getAuthenticationManager().authenticate(authRequest);
     }
@@ -184,7 +184,7 @@ public class SiteminderAuthenticationProcessingFilter extends AuthenticationProc
         if ((formPasswordParameterKey != null) && (formPasswordParameterKey.length() > 0)) {
             return request.getParameter(formPasswordParameterKey);
         } else {
-            return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
+            return request.getParameter(SPRING_SECURITY_FORM_PASSWORD_KEY);
         }
     }
 
@@ -209,7 +209,7 @@ public class SiteminderAuthenticationProcessingFilter extends AuthenticationProc
         //is present and user is not already authenticated.
         boolean bAuthenticated = false;
         SecurityContext context = (SecurityContext)
-                request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY);
+                request.getSession().getAttribute(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY);
 
         if (context != null) {
             Authentication auth = context.getAuthentication();

core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilter.java

@@ -206,6 +206,6 @@ public class X509ProcessingFilter implements Filter, InitializingBean, Applicati
             logger.debug("Updated SecurityContextHolder to contain null Authentication");
         }
 
-        request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY, failed);
+        request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
     }
 }

core/src/main/java/org/springframework/security/wrapper/SavedRequestAwareWrapper.java

@@ -90,7 +90,7 @@ public class SavedRequestAwareWrapper extends SecurityContextHolderAwareRequestW
             return;
         }
 
-        SavedRequest saved = (SavedRequest) session.getAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY);
+        SavedRequest saved = (SavedRequest) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY);
 
         if ((saved != null) && saved.doesRequestMatch(request, portResolver)) {
             if (logger.isDebugEnabled()) {
@@ -98,7 +98,7 @@ public class SavedRequestAwareWrapper extends SecurityContextHolderAwareRequestW
             }
 
             savedRequest = saved;
-            session.removeAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY);
+            session.removeAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY);
 
             formats[0] = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
             formats[1] = new SimpleDateFormat("EEEEEE, dd-MMM-yy HH:mm:ss zzz", Locale.US);

core/src/test/java/org/springframework/security/context/HttpSessionContextIntegrationFilterTests.java

@@ -118,7 +118,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 		// Build a mock request
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.getSession().setAttribute(
-				HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY,
+				HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY,
 				sc);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -170,7 +170,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 		// Build a mock request
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.getSession().setAttribute(
-				HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY,
+				HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY,
 				sc);
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -188,7 +188,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 
 		// Obtain new/update Authentication from HttpSession
 		SecurityContext context = (SecurityContext) request.getSession().getAttribute(
-						HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY);
+						HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY);
 		assertEquals(updatedPrincipal, ((SecurityContext) context).getAuthentication());
 	}
 
@@ -214,7 +214,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 
 		// Obtain new/updated Authentication from HttpSession
 		SecurityContext context = (SecurityContext) request.getSession(false).getAttribute(
-						HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY);
+						HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY);
 		assertEquals(updatedPrincipal, ((SecurityContext) context).getAuthentication());
 	}
 
@@ -268,7 +268,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 		// Build a mock request
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.getSession().setAttribute(
-				HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY,
+				HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY,
 				"NOT_A_CONTEXT_OBJECT");
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -284,7 +284,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 
 		// Obtain new/update Authentication from HttpSession
 		SecurityContext context = (SecurityContext) request.getSession().getAttribute(
-						HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY);
+						HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY);
 		assertEquals(updatedPrincipal, ((SecurityContext) context).getAuthentication());
 	}
 
@@ -302,7 +302,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.getSession().setAttribute(
-				HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY,
+				HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY,
 				sc);
 		MockHttpServletResponse response = new MockHttpServletResponse();
 

core/src/test/java/org/springframework/security/providers/jaas/JaasAuthenticationProviderTests.java

@@ -214,7 +214,7 @@ public class JaasAuthenticationProviderTests extends TestCase {
         context.setAuthentication(token);
 
         MockHttpSession mockSession = new MockHttpSession();
-        mockSession.setAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY, context);
+        mockSession.setAttribute(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY, context);
 
         jaasProvider.onApplicationEvent(new HttpSessionDestroyedEvent(mockSession));
 

core/src/test/java/org/springframework/security/ui/AbstractProcessingFilterTests.java

@@ -376,7 +376,7 @@ public class AbstractProcessingFilterTests extends TestCase {
         throws Exception {
         // Setup our HTTP request
         MockHttpServletRequest request = createMockRequest();
-        request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
+        request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
 
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig(null, null);
@@ -402,7 +402,7 @@ public class AbstractProcessingFilterTests extends TestCase {
     public void testSuccessfulAuthenticationCausesRedirectToSessionSpecifiedUrl() throws Exception {
         // Setup our HTTP request
         MockHttpServletRequest request = createMockRequest();
-        request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
+        request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
 
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig(null, null);

core/src/test/java/org/springframework/security/ui/ExceptionTranslationFilterTests.java

@@ -128,7 +128,7 @@ public class ExceptionTranslationFilterTests extends TestCase {
 		filter.doFilter(request, response, chain);
 		assertEquals(403, response.getStatus());
 		assertEquals(AccessDeniedException.class, request.getAttribute(
-				AccessDeniedHandlerImpl.ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY).getClass());
+				AccessDeniedHandlerImpl.SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY).getClass());
 	}
 
 	public void testDoFilterWithNonHttpServletRequestDetected() throws Exception {

core/src/test/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServicesTests.java

@@ -105,7 +105,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
 
         assertNull(result);
 
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
         assertNull(returnedCookie); // shouldn't try to invalidate our cookie
     }
 
@@ -126,7 +126,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
 
         assertNull(result);
 
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
         assertNull(returnedCookie); // shouldn't try to invalidate our cookie
     }
 
@@ -139,7 +139,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
         services.setUserDetailsService(new MockAuthenticationDao(user, false));
        // services.afterPropertiesSet();
 
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                 generateCorrectCookieContentForToken(System.currentTimeMillis() - 1000000, "someone", "password", "key"));
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});
@@ -150,7 +150,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
 
         assertNull(result);
 
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
         assertNotNull(returnedCookie);
         assertEquals(0, returnedCookie.getMaxAge());
     }
@@ -165,7 +165,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
         services.setUserDetailsService(new MockAuthenticationDao(user, false));
         //services.afterPropertiesSet();
 
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                 new String(Base64.encodeBase64("x".getBytes())));
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});
@@ -176,7 +176,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
 
         assertNull(result);
 
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
         assertNotNull(returnedCookie);
         assertEquals(0, returnedCookie.getMaxAge());
     }
@@ -190,7 +190,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
         services.setUserDetailsService(new MockAuthenticationDao(user, false));
        //services.afterPropertiesSet();
 
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                 "NOT_BASE_64_ENCODED");
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});
@@ -201,7 +201,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
 
         assertNull(result);
 
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
         assertNotNull(returnedCookie);
         assertEquals(0, returnedCookie.getMaxAge());
     }
@@ -216,7 +216,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
         services.setUserDetailsService(new MockAuthenticationDao(user, false));
         //services.afterPropertiesSet();
 
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                 generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password",
                     "WRONG_KEY"));
         MockHttpServletRequest request = new MockHttpServletRequest();
@@ -228,7 +228,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
 
         assertNull(result);
 
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
         assertNotNull(returnedCookie);
         assertEquals(0, returnedCookie.getMaxAge());
     }
@@ -243,7 +243,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
         services.setUserDetailsService(new MockAuthenticationDao(user, false));
         //services.afterPropertiesSet();
 
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                 new String(Base64.encodeBase64("username:NOT_A_NUMBER:signature".getBytes())));
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});
@@ -254,7 +254,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
 
         assertNull(result);
 
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
         assertNotNull(returnedCookie);
         assertEquals(0, returnedCookie.getMaxAge());
     }
@@ -265,7 +265,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
         services.setUserDetailsService(new MockAuthenticationDao(null, true));
         //services.afterPropertiesSet();
 
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                 generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password", "key"));
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});
@@ -276,7 +276,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
 
         assertNull(result);
 
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
         assertNotNull(returnedCookie);
         assertEquals(0, returnedCookie.getMaxAge());
     }
@@ -290,7 +290,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
         services.setUserDetailsService(new MockAuthenticationDao(user, false));
        // services.afterPropertiesSet();
 
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                 generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password", "key"));
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setCookies(new Cookie[] {cookie});
@@ -330,7 +330,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
         MockHttpServletResponse response = new MockHttpServletResponse();
         services.loginFail(request, response);
 
-        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
         assertNotNull(cookie);
         assertEquals(0, cookie.getMaxAge());
     }
@@ -346,7 +346,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
             new TestingAuthenticationToken("someone", "password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ABC")}));
 
-        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
         assertNull(cookie);
     }
 
@@ -361,7 +361,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
             new TestingAuthenticationToken("someone", "password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ABC")}));
 
-        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
         assertNotNull(cookie);
         assertEquals(services.getTokenValiditySeconds(), cookie.getMaxAge());
         assertTrue(Base64.isArrayByteBase64(cookie.getValue().getBytes()));
@@ -381,7 +381,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
             new TestingAuthenticationToken(user, "ignored",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ABC")}));
 
-        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
         assertNotNull(cookie);
         assertEquals(services.getTokenValiditySeconds(), cookie.getMaxAge());
         assertTrue(Base64.isArrayByteBase64(cookie.getValue().getBytes()));

core/src/test/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilterTests.java

@@ -80,7 +80,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
         SecurityContextHolder.getContext().setAuthentication(auth);
 
         MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "user-that-doesnt-exist");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "user-that-doesnt-exist");
 
         SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
         filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
@@ -101,7 +101,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
         MockHttpServletRequest request = new MockHttpServletRequest();
 
         // this user is disabled
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "mcgarrett");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "mcgarrett");
 
         SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
         filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
@@ -124,7 +124,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
         MockHttpServletRequest request = new MockHttpServletRequest();
 
         // this user is disabled
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "wofat");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "wofat");
 
         SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
         filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
@@ -147,7 +147,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
         MockHttpServletRequest request = new MockHttpServletRequest();
 
         // this user is disabled
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "steve");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "steve");
 
         SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
         filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
@@ -167,7 +167,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
         SecurityContextHolder.getContext().setAuthentication(auth);
 
         MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
 
         SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
         filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
@@ -183,7 +183,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
 
         MockHttpServletRequest request = new MockHttpServletRequest();
         String username = null;
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, username);
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, username);
 
         SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
         filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
@@ -304,7 +304,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
         SecurityContextHolder.getContext().setAuthentication(auth);
 
         MockHttpServletRequest request = createMockSwitchRequest();
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
         request.setRequestURI("/webapp/j_acegi_switch_user");
 
         MockHttpServletResponse response = new MockHttpServletResponse();
@@ -351,7 +351,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
         // http request
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setRequestURI("/webapp/j_acegi_switch_user");
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
 
         // http response
         MockHttpServletResponse response = new MockHttpServletResponse();

core/src/test/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilterTests.java

@@ -52,8 +52,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
 
     public void testNormalOperation() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
-        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
+        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "marissa");
+        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
 
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         filter.setAuthenticationManager(new MockAuthenticationManager(true));
@@ -66,7 +66,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
 
     public void testNullPasswordHandledGracefully() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
+        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "marissa");
 
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         filter.setAuthenticationManager(new MockAuthenticationManager(true));
@@ -78,7 +78,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
 
     public void testNullUsernameHandledGracefully() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
+        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
 
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         filter.setAuthenticationManager(new MockAuthenticationManager(true));
@@ -106,8 +106,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
 
     public void testSpacesAreTrimmedCorrectlyFromUsername() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, " marissa ");
-        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
+        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, " marissa ");
+        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
 
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         filter.setAuthenticationManager(new MockAuthenticationManager(true));

core/src/test/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilterTests.java

@@ -103,8 +103,8 @@ public class SiteminderAuthenticationProcessingFilterTests extends TestCase {
      */
     public void testFormNormalOperation() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(SiteminderAuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
-        request.addParameter(SiteminderAuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
+        request.addParameter(SiteminderAuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "marissa");
+        request.addParameter(SiteminderAuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
 
         MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
 
@@ -124,7 +124,7 @@ public class SiteminderAuthenticationProcessingFilterTests extends TestCase {
      */
     public void testFormNullPasswordHandledGracefully() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(SiteminderAuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
+        request.addParameter(SiteminderAuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "marissa");
 
         MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
 
@@ -143,7 +143,7 @@ public class SiteminderAuthenticationProcessingFilterTests extends TestCase {
      */
     public void testFormNullUsernameHandledGracefully() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(SiteminderAuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
+        request.addParameter(SiteminderAuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
 
         MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
 

core/src/test/java/org/springframework/security/ui/x509/X509ProcessingFilterTests.java

@@ -82,7 +82,7 @@ public class X509ProcessingFilterTests extends TestCase {
         filter.doFilter(request, response, chain);
 
         Object lastException = request.getSession()
-                                      .getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY);
+                                      .getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
 
         assertNull("Authentication should be null", SecurityContextHolder.getContext().getAuthentication());
         assertTrue("BadCredentialsException should have been thrown", lastException instanceof BadCredentialsException);

ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java

@@ -426,7 +426,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
 		authRequest.setDetails(new WebAuthenticationDetails(request));
 
 		// Place the last username attempted into HttpSession for views
-		session.setAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_USERNAME_KEY, authRequest.getName());
+		session.setAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY, authRequest.getName());
 
 		// Backup the current authentication in case of an AuthenticationException
 		backupAuth = SecurityContextHolder.getContext().getAuthentication();

portlet/src/main/java/org/springframework/security/context/PortletSessionContextIntegrationInterceptor.java

@@ -101,7 +101,7 @@ public class PortletSessionContextIntegrationInterceptor
 
 	protected static final Log logger = LogFactory.getLog(PortletSessionContextIntegrationInterceptor.class);
 
-	public static final String ACEGI_SECURITY_CONTEXT_KEY = HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY;
+	public static final String SPRING_SECURITY_CONTEXT_KEY = HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY;
 
 	private static final String SESSION_EXISTED = PortletSessionContextIntegrationInterceptor.class.getName() + ".SESSION_EXISTED";
 	private static final String CONTEXT_HASHCODE = PortletSessionContextIntegrationInterceptor.class.getName() + ".CONTEXT_HASHCODE";
@@ -238,7 +238,7 @@ public class PortletSessionContextIntegrationInterceptor
 			portletSessionExistedAtStartOfRequest = true;
 
 			// attempt to retrieve the context from the session
-			Object contextFromSessionObject = portletSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY, portletSessionScope());
+			Object contextFromSessionObject = portletSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY, portletSessionScope());
 
 			// if we got a context then place it into the holder
 			if (contextFromSessionObject != null) {
@@ -262,12 +262,12 @@ public class PortletSessionContextIntegrationInterceptor
 				// if what we got is a valid context then place it into the holder, otherwise create a new one
 				if (contextFromSessionObject instanceof SecurityContext) {
 					if (logger.isDebugEnabled())
-						logger.debug("Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and "
+						logger.debug("Obtained from SPRING_SECURITY_CONTEXT a valid SecurityContext and "
 								+ "set to SecurityContextHolder: '" + contextFromSessionObject + "'");
 					SecurityContextHolder.setContext((SecurityContext) contextFromSessionObject);
 				} else {
 					if (logger.isWarnEnabled())
-						logger.warn("ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
+						logger.warn("SPRING_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
 										+ contextFromSessionObject
 										+ "'; are you improperly modifying the PortletSession directly "
 										+ "(you should always use SecurityContextHolder) or using the PortletSession attribute "
@@ -280,7 +280,7 @@ public class PortletSessionContextIntegrationInterceptor
 
 				// there was no context in the session, so create a new context and put it in the holder
 				if (logger.isDebugEnabled())
-					logger.debug("PortletSession returned null object for ACEGI_SECURITY_CONTEXT - new "
+					logger.debug("PortletSession returned null object for SPRING_SECURITY_CONTEXT - new "
 							+ "SecurityContext instance associated with SecurityContextHolder");
 				SecurityContextHolder.setContext(generateNewContext());
 			}
@@ -354,7 +354,7 @@ public class PortletSessionContextIntegrationInterceptor
 		// if the session exists and the context has changes, then store the context back into the session
 		if ((portletSession != null)
 			&& (SecurityContextHolder.getContext().hashCode() != oldContextHashCode)) {
-			portletSession.setAttribute(ACEGI_SECURITY_CONTEXT_KEY,	SecurityContextHolder.getContext(), portletSessionScope());
+			portletSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,	SecurityContextHolder.getContext(), portletSessionScope());
 			if (logger.isDebugEnabled())
 				logger.debug("SecurityContext stored to PortletSession: '"
 					+ SecurityContextHolder.getContext() + "'");

portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingInterceptor.java

@@ -55,7 +55,7 @@ import org.springframework.web.portlet.ModelAndView;
  * is guaranteed to have already been created by an earlier interceptor.  If authentication
  * fails, the <code>AuthenticationException</code> will be placed into the
  * <code>APPLICATION_SCOPE</code> of the <code>PortletSession</code> with the attribute defined
- * by {@link AbstractProcessingFilter#ACEGI_SECURITY_LAST_EXCEPTION_KEY}.</p>
+ * by {@link AbstractProcessingFilter#SPRING_SECURITY_LAST_EXCEPTION_KEY}.</p>
  *
  *  <p>Some portals do not properly provide the identity of the current user via the
  * <code>getRemoteUser()</code> or <code>getUserPrincipal()</code> methods of the
@@ -170,7 +170,7 @@ public class PortletProcessingInterceptor implements
 					logger.debug("Authentication failed - updating ContextHolder to contain null Authentication");
 				ctx.setAuthentication(null);
 				request.getPortletSession().setAttribute(
-						AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY,
+						AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY,
 						failed, PortletSession.APPLICATION_SCOPE);
 				onUnsuccessfulAuthentication(request, response, failed);
 			}

portlet/src/test/java/org/springframework/security/context/PortletSessionContextIntegrationInterceptorTests.java

@@ -108,7 +108,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		MockRenderRequest request = PortletTestUtils.createRenderRequest();
 		MockRenderResponse response = PortletTestUtils.createRenderResponse();
 		request.getPortletSession().setAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				sc, PortletSession.APPLICATION_SCOPE);
 
 		// Prepare interceptor
@@ -145,7 +145,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		MockActionRequest request = PortletTestUtils.createActionRequest();
 		MockActionResponse response = PortletTestUtils.createActionResponse();
 		request.getPortletSession().setAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				sc, PortletSession.APPLICATION_SCOPE);
 
 		// Prepare interceptor
@@ -178,7 +178,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		MockActionRequest request = PortletTestUtils.createActionRequest();
 		MockActionResponse response = PortletTestUtils.createActionResponse();
 		request.getPortletSession().setAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				sc, PortletSession.APPLICATION_SCOPE);
 
 		// Prepare interceptor
@@ -209,7 +209,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 
 		// Verify the new principal is stored in the session
 		sc = (SecurityContext)request.getPortletSession().getAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				PortletSession.APPLICATION_SCOPE);
 		assertEquals(baselinePrincipal, sc.getAuthentication());
 	}
@@ -232,7 +232,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 
 		// Verify Authentication is in the PortletSession
 		SecurityContext sc = (SecurityContext)request.getPortletSession(false).
-				getAttribute(PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE);
+				getAttribute(PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE);
 		assertEquals(principal, ((SecurityContext)sc).getAuthentication());
 	}
 
@@ -280,7 +280,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		MockActionRequest request = PortletTestUtils.createActionRequest();
 		MockActionResponse response = PortletTestUtils.createActionResponse();
 		request.getPortletSession().setAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				"NOT_A_CONTEXT_OBJECT", PortletSession.APPLICATION_SCOPE);
 
 		// Prepare the interceptor
@@ -295,7 +295,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 
 		// Verify Authentication is in the PortletSession
 		SecurityContext sc = (SecurityContext)request.getPortletSession(false).
-				getAttribute(PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE);
+				getAttribute(PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE);
 		assertEquals(principal, ((SecurityContext)sc).getAuthentication());
 	}
 
@@ -334,7 +334,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		MockActionRequest request = PortletTestUtils.createActionRequest();
 		MockActionResponse response = PortletTestUtils.createActionResponse();
 		request.getPortletSession().setAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				sc, PortletSession.PORTLET_SCOPE);
 
 		// Prepare interceptor
@@ -363,7 +363,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 
 		// Verify the new principal is stored in the session
 		sc = (SecurityContext)request.getPortletSession().getAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				PortletSession.PORTLET_SCOPE);
 		assertEquals(baselinePrincipal, sc.getAuthentication());
 	}

portlet/src/test/java/org/springframework/security/ui/portlet/PortletProcessingInterceptorTests.java

@@ -149,7 +149,7 @@ public class PortletProcessingInterceptorTests extends TestCase {
 
 		// Verify that proper exception was thrown
 		assertTrue(request.getPortletSession().getAttribute(
-					AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY,
+					AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY,
 					PortletSession.APPLICATION_SCOPE)
 					instanceof BadCredentialsException);
 	}

samples/contacts/src/main/webapp/accessDenied.jsp

@@ -6,7 +6,7 @@
 
 
 <p>
-<%= request.getAttribute(AccessDeniedHandlerImpl.ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)%>
+<%= request.getAttribute(AccessDeniedHandlerImpl.SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)%>
 
 <p>
 

samples/contacts/src/main/webapp/acegilogin.jsp

@@ -28,13 +28,13 @@
     <c:if test="${not empty param.login_error}">
       <font color="red">
         Your login attempt was not successful, try again.<BR><BR>
-        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
+        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
       </font>
     </c:if>
 
     <form action="<c:url value='j_acegi_security_check'/>" method="POST">
       <table>
-        <tr><td>User:</td><td><input type='text' name='j_username' <c:if test="${not empty param.login_error}">value='<%= session.getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_USERNAME_KEY) %>'</c:if>></td></tr>
+        <tr><td>User:</td><td><input type='text' name='j_username' <c:if test="${not empty param.login_error}">value='<%= session.getAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY) %>'</c:if>></td></tr>
         <tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
         <tr><td><input type="checkbox" name="_acegi_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr>
 

samples/contacts/src/main/webapp/casfailed.jsp

@@ -12,7 +12,7 @@
 
       <font color="red">
         Your CAS credentials were rejected.<BR><BR>
-        Reason: <%= ((AuthenticationException) session.getAttribute(org.springframework.security.ui.AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
+        Reason: <%= ((AuthenticationException) session.getAttribute(org.springframework.security.ui.AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
       </font>
 
   </body>

samples/contacts/src/main/webapp/exitUser.jsp

@@ -17,7 +17,7 @@
     <c:if test="${not empty param.login_error}">
       <font color="red">
         Your 'Exit User' attempt was not successful, try again.<BR><BR>
-        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
+        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
       </font>
     </c:if>
 

samples/contacts/src/main/webapp/switchUser.jsp

@@ -26,7 +26,7 @@
     <c:if test="${not empty param.login_error}">
       <font color="red">
         Your 'su' attempt was not successful, try again.<BR><BR>
-        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
+        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
       </font>
     </c:if>
 

samples/tutorial/src/main/webapp/accessDenied.jsp

@@ -6,7 +6,7 @@
 
 
 <p>
-<%= request.getAttribute(AccessDeniedHandlerImpl.ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)%>
+<%= request.getAttribute(AccessDeniedHandlerImpl.SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)%>
 
 <p>
 

samples/tutorial/src/main/webapp/acegilogin.jsp

@@ -25,7 +25,7 @@
     <c:if test="${not empty param.login_error}">
       <font color="red">
         Your login attempt was not successful, try again.<BR><BR>
-        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
+        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
       </font>
     </c:if>
 

sandbox/openid/src/main/java/org/springframework/security/ui/openid/OpenIDResponseProcessingFilter.java

@@ -58,7 +58,7 @@ public class OpenIDResponseProcessingFilter extends AbstractProcessingFilter {
 
         if (authentication.isAuthenticated()) {
             req.getSession()
-               .setAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_USERNAME_KEY, token.getIdentityUrl());
+               .setAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY, token.getIdentityUrl());
         }
 
         return authentication;

sandbox/openid/src/main/java/org/springframework/security/ui/openid/OpenIdAuthenticationProcessingFilter.java

@@ -41,12 +41,12 @@ public class OpenIdAuthenticationProcessingFilter extends AbstractProcessingFilt
     //~ Static fields/initializers =====================================================================================
 
     private static final Log log = LogFactory.getLog(OpenIdAuthenticationProcessingFilter.class);
-    public static final String DEFAULT_CLAMED_IDENTITY_FIELD = "j_username";
+    public static final String DEFAULT_CLAIMED_IDENTITY_FIELD = "j_username";
 
     //~ Instance fields ================================================================================================
 
     private OpenIDConsumer consumer;
-    private String claimedIdentityFieldName = DEFAULT_CLAMED_IDENTITY_FIELD;
+    private String claimedIdentityFieldName = DEFAULT_CLAIMED_IDENTITY_FIELD;
     private String errorPage = "index.jsp";
 
     //~ Methods ========================================================================================================
@@ -72,7 +72,7 @@ public class OpenIdAuthenticationProcessingFilter extends AbstractProcessingFilt
 
         if (authentication.isAuthenticated()) {
             req.getSession()
-                    .setAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_USERNAME_KEY, token.getIdentityUrl());
+                    .setAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY, token.getIdentityUrl());
         }
 
         return authentication;
@@ -175,7 +175,7 @@ public class OpenIdAuthenticationProcessingFilter extends AbstractProcessingFilt
         }
 
         try {
-            request.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY, failed);
+            request.getSession().setAttribute(SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
         } catch (Exception ignored) {
         }