Replace package.html with package-info.java files, creating new ones where missing and updating outdated contents.

acl/src/main/java/org/springframework/security/acls/afterinvocation/package-info.java

@@ -0,0 +1,6 @@
+/**
+ * After-invocation providers for collection and array filtering. Consider using a {@code PostFilter} annotation in
+ * preference.
+ */
+package org.springframework.security.acls.afterinvocation;
+

acl/src/main/java/org/springframework/security/acls/domain/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Basic implementation of access control lists (ACLs) interfaces.
+ */
+package org.springframework.security.acls.domain;
+

acl/src/main/java/org/springframework/security/acls/domain/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Basic implementation of access control lists (ACLs) interfaces.
-</body>
-</html>

acl/src/main/java/org/springframework/security/acls/jdbc/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * JDBC-based persistence of ACL information
+ */
+package org.springframework.security.acls.jdbc;
+

acl/src/main/java/org/springframework/security/acls/jdbc/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-JDBC-based persistence of ACL information.
-</body>
-</html>

acl/src/main/java/org/springframework/security/acls/model/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.
+ */
+package org.springframework.security.acls.model;
+

acl/src/main/java/org/springframework/security/acls/model/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.
-</body>
-</html>

acl/src/main/java/org/springframework/security/acls/package-info.java

@@ -0,0 +1,9 @@
+/**
+ * The Spring Security ACL package which implements instance-based security for domain objects.
+ * <p>
+ * Consider using the annotation based approach ({@code @PreAuthorize}, {@code @PostFilter} annotations) combined
+ * with a {@link org.springframework.security.acls.AclPermissionEvaluator} in preference to the older and more verbose
+ * attribute/voter/after-invocation approach from versions before Spring Security 3.0.
+ */
+package org.springframework.security.acls;
+

cas/src/main/java/org/springframework/security/cas/authentication/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * An {@code AuthenticationProvider} that can process CAS service tickets and proxy tickets.
+ */
+package org.springframework.security.cas.authentication;
+

cas/src/main/java/org/springframework/security/cas/authentication/package.html

@@ -1,6 +0,0 @@
-<html>
-<body>
-An authentication provider that can process JA-SIG Central Authentication Service (CAS)
-service tickets and proxy tickets.
-</body>
-</html>

cas/src/main/java/org/springframework/security/cas/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Spring Security support for Jasig's Central Authentication Service (<a href="http://www.jasig.org/cas">CAS</a>).
+ */
+package org.springframework.security.cas;
+

cas/src/main/java/org/springframework/security/cas/web/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Authenticates standard web browser users via CAS.
+ */
+package org.springframework.security.cas.web;
+

cas/src/main/java/org/springframework/security/cas/web/package.html

@@ -1,6 +0,0 @@
-<html>
-<body>
-Authenticates standard web browser users via
-JA-SIG Central Authentication Service (CAS).
-</body>
-</html>

config/src/main/java/org/springframework/security/config/authentication/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Parsing of <authentication-manager> and related elements.
+ */
+package org.springframework.security.config.authentication;
+

config/src/main/java/org/springframework/security/config/http/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Parsing of the <http> namespace element.
+ */
+package org.springframework.security.config.http;
+

config/src/main/java/org/springframework/security/config/ldap/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Security namespace support for LDAP authentication.
+ */
+package org.springframework.security.config.ldap;
+

config/src/main/java/org/springframework/security/config/method/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Support for parsing of the <global-method-security> and <intercept-methods> elements.
+ */
+package org.springframework.security.config.method;
+

config/src/main/java/org/springframework/security/config/package-info.java

@@ -0,0 +1,6 @@
+/**
+ * Support classes for the Spring Security namespace. None of the code in these packages should be used directly
+ * in applications.
+ */
+package org.springframework.security.config;
+

core/src/main/java/org/springframework/security/access/annotation/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * Support for JSR-250 and Spring Security {@code @Secured} annotations.  
+ */
+package org.springframework.security.access.annotation;

core/src/main/java/org/springframework/security/access/event/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * Authorization event and listener classes.
+ */
+package org.springframework.security.access.event;

core/src/main/java/org/springframework/security/access/expression/method/package-info.java

@@ -0,0 +1,6 @@
+/**
+ * Implementation of expression-based method security.
+ *
+ * @since 3.0
+ */
+package org.springframework.security.access.expression.method;

core/src/main/java/org/springframework/security/access/expression/package-info.java

@@ -0,0 +1,7 @@
+/**
+ * Expression handling code to support the use of Spring-EL based expressions in {@code @PreAuthorize}, {@code @PreFilter},
+ * {@code @PostAuthorize} and {@code @PostFilter} annotations. Mainly for internal framework use and liable to change.
+ *
+ * @since 3.0
+ */
+package org.springframework.security.access.expression;

core/src/main/java/org/springframework/security/access/expression/package.html

@@ -1,8 +0,0 @@
-<html>
-<body>
-<p>
-Expression handling code to support the use of Spring-EL based expressions in @PreAuthorize, @PreFilter,
-@PostAuthorizue and @PostFilter annotations. Mainly for internal framework use and liable to change.
-</p>
-</body>
-</html>

core/src/main/java/org/springframework/security/access/hierarchicalroles/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * Role hierarchy implementation.
+ */
+package org.springframework.security.access.hierarchicalroles;

core/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * Enforces security for AOP Alliance <code>MethodInvocation</code>s, such as via Spring AOP.
+ */
+package org.springframework.security.access.intercept.aopalliance;

core/src/main/java/org/springframework/security/access/intercept/aopalliance/package.html

@@ -1,6 +0,0 @@
-<html>
-<body>
-Enforces security for AOP Alliance <code>MethodInvocation</code>s, such as via
-Spring AOP.
-</body>
-</html>

core/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * Enforces security for AspectJ <code>JointPoint</code>s, delegating secure object callbacks to the calling aspect.
+ */
+package org.springframework.security.access.intercept.aspectj;

core/src/main/java/org/springframework/security/access/intercept/aspectj/package.html

@@ -1,8 +0,0 @@
-<html>
-<body>
-Enforces security for AspectJ <code>JointPoint</code>s, delegating secure
-object callbacks to the calling aspect.
-
-<p>Refer to the reference guide for information on usage.
-</body>
-</html>

core/src/main/java/org/springframework/security/access/intercept/package-info.java

@@ -0,0 +1,21 @@
+/**
+ * Abstract level security interception classes which are responsible for enforcing the
+ * configured security constraints for a secure object.
+ * <p>
+ * A <i>secure object</i> is a term frequently used throughout the security
+ * system. It does <b>not</b> refer to a business object that is being
+ * secured, but instead refers to some infrastructure object that can have
+ * security facilities provided for it by Spring Security.
+ * For example, one secure object would be <code>MethodInvocation</code>,
+ * whilst another would be HTTP
+ * {@link org.springframework.security.web.FilterInvocation}. Note these are
+ * infrastructure objects and their design allows them to represent a large
+ * variety of actual resources that might need to be secured, such as business
+ * objects or HTTP request URLs.
+ * <p>Each secure object typically has its own interceptor package.
+ * Each package usually includes a concrete security interceptor (which subclasses
+ * {@link org.springframework.security.access.intercept.AbstractSecurityInterceptor}) and an
+ * appropriate {@link org.springframework.security.access.SecurityMetadataSource}
+ * for the type of resources the secure object represents.
+ */
+package org.springframework.security.access.intercept;

core/src/main/java/org/springframework/security/access/intercept/package.html

@@ -1,26 +0,0 @@
-<html>
-<body>
-Actually enforces the security and ties the whole security system together.
-<p>
-A <i>secure object</i> is a term frequently used throughout the security
-system. It does <b>not</b> refer to a business object that is being
-secured, but instead refers to some infrastructure object that can have
-security facilities provided for it by Spring Security.
-For example, one secure object would be <code>MethodInvocation</code>,
-whilst another would be HTTP
-{@link org.springframework.security.web.FilterInvocation}. Note these are
-infrastructure objects and their design allows them to represent a large
-variety of actual resources that might need to be secured, such as business
-objects or HTTP request URLs.
-</p>
-
-<p>Each secure object typically has its
-own interceptor package.
-Each package usually includes a concrete security interceptor (which
-subclasses {@link org.springframework.security.access.intercept.AbstractSecurityInterceptor},
-an appropriate {@link org.springframework.security.access.SecurityMetadataSource}
-for the type of resources the secure object represents, and a property editor
-to populate the <code>SecurityMetadataSource</code>.
-
-</body>
-</html>

core/src/main/java/org/springframework/security/access/method/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Provides {@code SecurityMetadataSource} implementations for securing Java method invocations via different
+ * AOP libraries.
+ */
+package org.springframework.security.access.method;

core/src/main/java/org/springframework/security/access/method/package.html

@@ -1,6 +0,0 @@
-<html>
-<body>
-Provides support objects for securing Java method invocations
-via different AOP libraries.
-</body>
-</html>

core/src/main/java/org/springframework/security/access/package-info.java

@@ -0,0 +1,7 @@
+/**
+ * Core access-control related code, including security metadata related classes, interception code, access control
+ * annotations, EL support and voter-based implementations of the central
+ * {@link org.springframework.security.access.AccessDecisionManager AccessDecisionManager} interface.
+ */
+package org.springframework.security.access;
+

core/src/main/java/org/springframework/security/access/package.html

@@ -1,11 +0,0 @@
-<html>
-<body>
-Core access-control related code, including
-<ul>
-<li>security metadata related classes</li>
-<li>interception code</li>
-<li>Security access control annotations</li>
-<li>Voter-based AccessDecisionManager implementations</li>
-</ul>
-</body>
-</html>

core/src/main/java/org/springframework/security/access/prepost/package-info.java

@@ -0,0 +1,8 @@
+/**
+ * Contains the infrastructure classes for handling the {@code @PreAuthorize}, {@code @PreFilter}, {@code @PostAuthorize}
+ * and {@code @PostFilter} annotations.
+ * <p>
+ * Other than the annotations themselves, the classes should be regarded as for internal framework use and
+ * are liable to change without notice.
+ */
+package org.springframework.security.access.prepost;

core/src/main/java/org/springframework/security/access/prepost/package.html

@@ -1,10 +0,0 @@
-<html>
-<body>
-<p>
-Contains the infrastructure classes for handling the @PreAuthorize, @PreFilter, @PostAuthorize and
-@PostFilter annotations.
-</p>
-Other than the annotations themselves, the classes should be regarded as for internal framework use and
-are liable to change without notice.
-</body>
-</html>

core/src/main/java/org/springframework/security/access/vote/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * Implements a vote-based approach to authorization decisions.
+ */
+package org.springframework.security.access.vote;

core/src/main/java/org/springframework/security/access/vote/package.html

@@ -1,6 +0,0 @@
-<html>
-<body>
-Implements a vote-based approach to authorization decisions.
-<p>
-</body>
-</html>

core/src/main/java/org/springframework/security/authentication/dao/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * An {@code AuthenticationProvider} which relies upon a data access object.
+ */
+package org.springframework.security.authentication.dao;

core/src/main/java/org/springframework/security/authentication/dao/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-An authentication provider that relies upon a data access object.
-</body>
-</html>

core/src/main/java/org/springframework/security/authentication/encoding/package-info.java

@@ -0,0 +1,10 @@
+/**
+ * Password encoding implementations. Apart from the "null" implementations, they are all based on
+ * password hashing using digest functions. See the
+ * <a href="http://static.springsource.org/spring-security/site/docs/3.0.x/reference/core-services.html#core-services-password-encoding">
+ * reference manual</a> for more information.
+ * <p>
+ * Third part implementations such as those provided by <a href="http://www.jasypt.org/springsecurity.html">Jasypt</a>
+ * can also be used.
+ */
+package org.springframework.security.authentication.encoding;

core/src/main/java/org/springframework/security/authentication/encoding/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Password encoding implementations.
-</body>
-</html>

core/src/main/java/org/springframework/security/authentication/event/package-info.java

@@ -0,0 +1,8 @@
+/**
+ * Authentication success and failure events which can be published to the Spring application context.
+ *
+ * The <code>ProviderManager</code> automatically publishes events to the application context. These events are
+ * received by all registered Spring <code>ApplicationListener</code>s.
+ */
+
+package org.springframework.security.authentication.event;

core/src/main/java/org/springframework/security/authentication/event/package.html

@@ -1,9 +0,0 @@
-<html>
-<body>
-Enables authentication events to be published to the Spring application context.
-
-<p>The <code>ProviderManager</code> automatically publishes
-events to the application context. These events are received by all
-registered Spring <code>ApplicationListener</code>s.</p>
-</body>
-</html>

core/src/main/java/org/springframework/security/authentication/jaas/event/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * JAAS authentication events which can be published to the Spring application context by the JAAS authentication
+ * provider.
+ */
+package org.springframework.security.authentication.jaas.event;

core/src/main/java/org/springframework/security/authentication/jaas/event/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Enables JAAS events to be published to the Spring application context.
-</body>
-</html>

core/src/main/java/org/springframework/security/authentication/jaas/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * An authentication provider for JAAS.
+ */
+package org.springframework.security.authentication.jaas;

core/src/main/java/org/springframework/security/authentication/jaas/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-An authentication provider for JAAS.
-</body>
-</html>

core/src/main/java/org/springframework/security/authentication/package-info.java

@@ -0,0 +1,9 @@
+/**
+ * Core classes and interfaces related to user authentication, which are used throughout Spring Security.
+ * <p>
+ * Of key importance is the {@link org.springframework.security.authentication.AuthenticationManager AuthenticationManager}
+ * and its default implementation {@link org.springframework.security.authentication.ProviderManager
+ * ProviderManager}, which maintains a list {@link org.springframework.security.authentication.AuthenticationProvider
+ * AuthenticationProvider}s to which it delegates authentication requests.
+ */
+package org.springframework.security.authentication;

core/src/main/java/org/springframework/security/authentication/package.html

@@ -1,6 +0,0 @@
-<html>
-<body>
-Implements a provider-based approach to authentication decisions.
-<p>
-</body>
-</html>

core/src/main/java/org/springframework/security/authentication/rcp/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * Allows remote clients to authenticate and obtain a populated <code>Authentication</code> object.
+ */
+package org.springframework.security.authentication.rcp;

core/src/main/java/org/springframework/security/authentication/rcp/package.html

@@ -1,7 +0,0 @@
-<html>
-<body>
-Allows remote clients to authenticate and obtain a populated
-<code>Authentication</code> object.
-</body>
-</html>
-

core/src/main/java/org/springframework/security/core/authority/mapping/package-info.java

@@ -0,0 +1,8 @@
+/**
+ * Strategies for mapping a list of attributes (such as roles or LDAP groups) to a list of
+ * {@code GrantedAuthority}s.
+ * <p>
+ * Provides a layer of indirection between a security data repository and the logical authorities
+ * required within an application.
+ */
+package org.springframework.security.core.authority.mapping;

core/src/main/java/org/springframework/security/core/authority/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * The default implementation of the {@code GrantedAuthority} interface.
+ */
+package org.springframework.security.core.authority;

core/src/main/java/org/springframework/security/core/codec/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * Internal codec classes. Only intended for use within the framework.
+ */
+package org.springframework.security.core.codec;

core/src/main/java/org/springframework/security/core/context/package-info.java

@@ -0,0 +1,11 @@
+/**
+ * Classes related to the establishment of a security context for the duration of a request (such as
+ * an HTTP or RMI invocation).
+ * <p>
+ * A security context is usually associated with the current execution thread for the duration of the request,
+ * making the authentication information it contains available throughout all the layers of an application.
+ * <p>
+ * The {@link org.springframework.security.core.context.SecurityContext SecurityContext} can be accessed at any point
+ * by calling the {@link org.springframework.security.core.context.SecurityContextHolder SecurityContextHolder}.
+ */
+package org.springframework.security.core.context;

core/src/main/java/org/springframework/security/core/context/package.html

@@ -1,10 +0,0 @@
-<html>
-<body>
-Classes related to the establishment of a security context for the duration of a request (such as
-an HTTP or RMI invocation).
-<p>
-A security context is associated with the current execution thread for the duration of the request, making the
-authentication information it contains available throughout all the layers of an application.
-</body>
-</html>
-

core/src/main/java/org/springframework/security/core/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Core classes and interfaces related to user authentication and authorization, as well as the maintenance of
+ * a security context.
+ */
+package org.springframework.security.core;

core/src/main/java/org/springframework/security/core/session/package-info.java

@@ -0,0 +1,6 @@
+/**
+ * Session abstraction which is provided by the {@code org.springframework.security.core.session.SessionInformation
+ * SessionInformation} class. The {@link org.springframework.security.core.session.SessionRegistry SessionRegistry}
+ * is a core part of the web-based concurrent session control, but the code is not dependent on any of the servlet APIs.
+ */
+package org.springframework.security.core.session;

core/src/main/java/org/springframework/security/core/session/package.html

@@ -1,6 +0,0 @@
-<html>
-<body>
-Session registry and other related classes.
-</body>
-</html>
-

core/src/main/java/org/springframework/security/core/token/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * A service for building secure random tokens.
+ */
+package org.springframework.security.core.token;

core/src/main/java/org/springframework/security/core/userdetails/cache/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * Implementations of {@link org.springframework.security.core.userdetails.UserCache UserCache}.
+ */
+package org.springframework.security.core.userdetails.cache;

core/src/main/java/org/springframework/security/core/userdetails/jdbc/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Exposes a JDBC-based authentication repository, implementing
+ * {@code org.springframework.security.core.userdetails.UserDetailsService UserDetailsService}.
+ */
+package org.springframework.security.core.userdetails.jdbc;

core/src/main/java/org/springframework/security/core/userdetails/jdbc/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Exposes a JDBC-based authentication repository.
-</body>
-</html>

core/src/main/java/org/springframework/security/core/userdetails/memory/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * Exposes an in-memory authentication repository.
+ */
+package org.springframework.security.core.userdetails.memory;

core/src/main/java/org/springframework/security/core/userdetails/memory/package.html

@@ -1,6 +0,0 @@
-<html>
-<body>
-Exposes an in-memory authentication repository.
-</body>
-</html>
-

core/src/main/java/org/springframework/security/core/userdetails/package-info.java

@@ -0,0 +1,8 @@
+/**
+ * The standard interfaces for implementing user data DAOs.
+ * <p>
+ * Can be the traditional {@link org.springframework.security.core.userdetails.UserDetailsService UserDetailsService}
+ * which uses a unique username to identify the user or, for more complex requirements, the
+ * {@link org.springframework.security.core.userdetails.AuthenticationUserDetailsService AuthenticationUserDetailsService}.
+ */
+package org.springframework.security.core.userdetails;

core/src/main/java/org/springframework/security/provisioning/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Contains simple user and authority group account provisioning interfaces together with a a
+ * JDBC-based implementation.
+ */
+package org.springframework.security.provisioning;

core/src/main/java/org/springframework/security/provisioning/package.html

@@ -1,6 +0,0 @@
-<html>
-<body>
-<p>Contains simple user and authority group account provisioning interfaces together with a
-a JDBC-based implementation.</p>
-</body>
-</html>

core/src/main/java/org/springframework/security/remoting/dns/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * DNS resolution.
+ */
+package org.springframework.security.remoting.dns;

core/src/main/java/org/springframework/security/remoting/httpinvoker/package-info.java

@@ -0,0 +1,19 @@
+/**
+ * Enables use of Spring's <code>HttpInvoker</code> extension points to
+ * present the <code>principal</code> and <code>credentials</code> located
+ * in the <code>ContextHolder</code> via BASIC authentication.
+ * <p>
+ * The beans are wired as follows:
+ *
+ * <pre>
+ * &lt;bean id="test" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean"&gt;
+ *   &lt;property name="serviceUrl"&gt;&lt;value&gt;http://localhost/Test&lt;/value&gt;&lt;/property&gt;
+ *   &lt;property name="serviceInterface"&gt;&lt;value&gt;test.TargetInterface&lt;/value&gt;&lt;/property&gt;
+ *   &lt;property name="httpInvokerRequestExecutor"&gt;&lt;ref bean="httpInvokerRequestExecutor"/&gt;&lt;/property&gt;
+ * &lt;/bean&gt;
+ *
+ * &lt;bean id="httpInvokerRequestExecutor"
+ *     class="org.springframework.security.core.context.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/&gt;
+ * </pre>
+ */
+package org.springframework.security.remoting.httpinvoker;

core/src/main/java/org/springframework/security/remoting/httpinvoker/package.html

@@ -1,21 +0,0 @@
-<html>
-<body>
-Enables use of Spring's <code>HttpInvoker</code> extension points to
-present the <code>principal</code> and <code>credentials</code> located
-in the <code>ContextHolder</code> via BASIC authentication.
-
-<P>The beans are wired as follows:
-
-<P>
-<code>
-&lt;bean id="test" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean"&gt;<BR>
-   &lt;property name="serviceUrl"&gt;&lt;value&gt;http://localhost/Test&lt;/value&gt;&lt;/property&gt;<BR>
-   &lt;property name="serviceInterface"&gt;&lt;value&gt;test.TargetInterface&lt;/value&gt;&lt;/property&gt;<BR>
-   &lt;property name="httpInvokerRequestExecutor"&gt;&lt;ref bean="httpInvokerRequestExecutor"/&gt;&lt;/property&gt;<BR>
-&lt;/bean&gt;<BR>
-<BR>
-&lt;bean id="httpInvokerRequestExecutor" class="org.springframework.security.core.context.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/&gt;<BR>
-</code>
-
-</body>
-</html>

core/src/main/java/org/springframework/security/remoting/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * Remote client related functionality.
+ */
+package org.springframework.security.remoting;

core/src/main/java/org/springframework/security/remoting/rmi/package-info.java

@@ -0,0 +1,18 @@
+/**
+ * Enables use of Spring's RMI remoting extension points to propagate the <code>SecurityContextHolder</code> (which
+ * should contain an <code>Authentication</code> request token) from one JVM to the remote JVM.
+ * <p>
+ * The beans are wired as follows:
+ * <pre>
+ * &lt;bean id="test" class="org.springframework.remoting.rmi.RmiProxyFactoryBean"&gt;
+ *   &lt;property name="serviceUrl"&gt;&lt;value&gt;rmi://localhost/Test&lt;/value&gt;&lt;/property&gt;
+ *   &lt;property name="serviceInterface"&gt;&lt;value&gt;test.TargetInterface&lt;/value&gt;&lt;/property&gt;
+ *   &lt;property name="refreshStubOnConnectFailure"&gt;&lt;value&gt;true&lt;/value&gt;&lt;/property&gt;
+ *   &lt;property name="remoteInvocationFactory"&gt;&lt;ref bean="remoteInvocationFactory"/&gt;&lt;/property&gt;
+ * &lt;/bean&gt;
+ *
+ * &lt;bean id="remoteInvocationFactory"
+ *     class="org.springframework.security.remoting.rmi.ContextPropagatingRemoteInvocationFactory"/&gt;
+ * </pre>
+ */
+package org.springframework.security.remoting.rmi;

core/src/main/java/org/springframework/security/remoting/rmi/package.html

@@ -1,23 +0,0 @@
-<html>
-<body>
-Enables use of Spring's RMI remoting extension points to propagate
-the <code>ContextHolder</code> (which should contain an
-<code>Authentication</code> request token)
-from one JVM to the remote JVM.
-
-<P>The beans are wired as follows:
-
-<P>
-<code>
-&lt;bean id="test" class="org.springframework.remoting.rmi.RmiProxyFactoryBean"&gt;<BR>
-   &lt;property name="serviceUrl"&gt;&lt;value&gt;rmi://localhost/Test&lt;/value&gt;&lt;/property&gt;<BR>
-   &lt;property name="serviceInterface"&gt;&lt;value&gt;test.TargetInterface&lt;/value&gt;&lt;/property&gt;<BR>
-   &lt;property name="refreshStubOnConnectFailure"&gt;&lt;value&gt;true&lt;/value&gt;&lt;/property&gt;<BR>
-   &lt;property name="remoteInvocationFactory"&gt;&lt;ref bean="remoteInvocationFactory"/&gt;&lt;/property&gt;<BR>
-&lt;/bean&gt;<BR>
-<BR>
-&lt;bean id="remoteInvocationFactory" class="org.springframework.security.core.context.rmi.ContextPropagatingRemoteInvocationFactory"/&gt;<BR>
-</code>
-
-</body>
-</html>

core/src/main/java/org/springframework/security/util/package-info.java

@@ -0,0 +1,7 @@
+/**
+ * General utility classes used throughout the Spring Security framework. Intended for internal use.
+ * <p>
+ * This package should be standalone - it should not have dependencies on other parts of the framework,
+ * just on external libraries and the JDK.
+ */
+package org.springframework.security.util;

core/src/main/java/org/springframework/security/util/package.html

@@ -1,11 +0,0 @@
-<html>
-<body>
-<p>
-General utility classes used throughout the Spring Security framework.
-</p>
-<p>
-This package should essentially be standalone - it should not have dependencies on other
-parts of the framework, just on external libraries and the JDK.
-</p>
-</body>
-</html>

ldap/src/main/java/org/springframework/security/ldap/authentication/package-info.java

@@ -0,0 +1,11 @@
+/**
+ * The LDAP authentication provider package. Interfaces are provided for
+ * both authentication and retrieval of user roles from an LDAP server.
+ * <p>
+ * The main provider class is <tt>LdapAuthenticationProvider</tt>.
+ * This is configured with an <tt>LdapAuthenticator</tt> instance and
+ * an <tt>LdapAuthoritiesPopulator</tt>. The latter is used to obtain the
+ * list of roles for the user.
+ */
+package org.springframework.security.ldap.authentication;
+

ldap/src/main/java/org/springframework/security/ldap/authentication/package.html

@@ -1,15 +0,0 @@
-<html>
-<body>
-<p>
-The LDAP authentication provider package. Interfaces are provided for
-both authentication and retrieval of user roles from an LDAP server.
-</p>
-<p>
-The main provider class is <tt>LdapAuthenticationProvider</tt>.
-This is configured with an <tt>LdapAuthenticator</tt> instance and
-an <tt>LdapAuthoritiesPopulator</tt>. The latter is used to obtain the
-list of roles for the user.
-</p>
-
-</body>
-</html>

ldap/src/main/java/org/springframework/security/ldap/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Spring Security's LDAP module.
+ */
+package org.springframework.security.ldap;
+

ldap/src/main/java/org/springframework/security/ldap/ppolicy/package-info.java

@@ -0,0 +1,9 @@
+/**
+ * Implementation of password policy functionality based on the
+ * <a href="http://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt">
+ * Password Policy for LDAP Directories</a>.
+ * <p>
+ * This code will not work with servers such as Active Directory, which do not implement this standard.
+ */
+package org.springframework.security.ldap.ppolicy;
+

ldap/src/main/java/org/springframework/security/ldap/search/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * {@code LdapUserSearch} implementations. These may be used to locate the user in the directory.
+ */
+package org.springframework.security.ldap.search;
+

ldap/src/main/java/org/springframework/security/ldap/search/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-<tt>LdapUserSearch</tt> implementations. These may be used to locate the user in the directory.
-</body>
-</html>

ldap/src/main/java/org/springframework/security/ldap/server/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Embedded Apache Directory Server implementation, as used by the configuration namespace.
+ */
+package org.springframework.security.ldap.server;
+

ldap/src/main/java/org/springframework/security/ldap/userdetails/package-info.java

@@ -0,0 +1,6 @@
+/**
+ * LDAP-focused {@code UserDetails} implementations which map from a ubset of the data
+ * contained in some of the standard LDAP types (such as {@code InetOrgPerson}).
+ */
+package org.springframework.security.ldap.userdetails;
+

openid/src/main/java/org/springframework/security/openid/package-info.java

@@ -0,0 +1,2 @@
+package org.springframework.security.openid;
+

taglibs/src/main/java/org/springframework/security/taglibs/authz/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * JSP Security tag library implementation.
+ */
+package org.springframework.security.taglibs.authz;
+

taglibs/src/main/java/org/springframework/security/taglibs/authz/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Java implementation of security taglib.
-</body>
-</html>

taglibs/src/main/java/org/springframework/security/taglibs/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Security related tag libraries that can be used in JSPs and templates.
+ */
+package org.springframework.security.taglibs;
+

taglibs/src/main/java/org/springframework/security/taglibs/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Provides security related taglibs that can be used in JSPs.
-</body>
-</html>

taglibs/src/main/java/org/springframework/security/taglibs/velocity/package-info.java

@@ -0,0 +1,2 @@
+package org.springframework.security.taglibs.velocity;
+

web/src/main/java/org/springframework/security/web/access/channel/package-info.java

@@ -0,0 +1,7 @@
+/**
+ * Classes that ensure web requests are received over required transport channels.
+ * <p>
+ * Most commonly used to enforce that requests are submitted over HTTP or HTTPS.
+ */
+package org.springframework.security.web.access.channel;
+

web/src/main/java/org/springframework/security/web/access/channel/package.html

@@ -1,6 +0,0 @@
-<html>
-<body>
-Classes that ensure web requests are received over required
-transport channels.
-</body>
-</html>

web/src/main/java/org/springframework/security/web/access/expression/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Implementation of web security expressions.
+ */
+package org.springframework.security.web.access.expression;
+

web/src/main/java/org/springframework/security/web/access/intercept/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Enforcement of security for HTTP requests, typically by the URL requested.
+ */
+package org.springframework.security.web.access.intercept;
+

web/src/main/java/org/springframework/security/web/access/intercept/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Enforces security for HTTP requests, typically by the URL requested.
-</body>
-</html>

web/src/main/java/org/springframework/security/web/access/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Access-control related classes and packages.
+ */
+package org.springframework.security.web.access;
+

web/src/main/java/org/springframework/security/web/authentication/logout/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * Logout functionality based around a filter which handles a specific logout URL.
+ */
+package org.springframework.security.web.authentication.logout;
+

web/src/main/java/org/springframework/security/web/authentication/package-info.java

@@ -0,0 +1,6 @@
+/**
+ * Authentication processing mechanisms, which respond to the submission of authentication
+ * credentials using various protocols (eg BASIC, CAS, form login etc).
+ */
+package org.springframework.security.web.authentication;
+

web/src/main/java/org/springframework/security/web/authentication/package.html

@@ -1,6 +0,0 @@
-<html>
-<body>
-Authentication processing mechanisms, which respond to the submission of authentication
-credentials using various protocols (eg BASIC, CAS, form login etc).
-</body>
-</html>