Provide a proxy so filters can be loaded directly from the application context.

build.xml

@@ -182,6 +182,7 @@
 				<include name="net/sf/acegisecurity/runas/**"/>
 				<include name="net/sf/acegisecurity/vote/**"/>
 				<include name="net/sf/acegisecurity/ui/**"/>
+				<include name="net/sf/acegisecurity/util/**"/>
 				<include name="net/sf/acegisecurity/intercept/**"/>
 				<include name="net/sf/acegisecurity/adapters/*"/>
 				<include name="net/sf/acegisecurity/adapters/catalina/*"/>
@@ -202,6 +203,7 @@
 				<include name="net/sf/acegisecurity/runas/**"/>
 				<include name="net/sf/acegisecurity/vote/**"/>
 				<include name="net/sf/acegisecurity/ui/**"/>
+				<include name="net/sf/acegisecurity/util/**"/>
 				<include name="net/sf/acegisecurity/intercept/**"/>
 				<include name="net/sf/acegisecurity/adapters/*"/>
 				<include name="net/sf/acegisecurity/adapters/jetty/*"/>
@@ -221,6 +223,7 @@
 				<include name="net/sf/acegisecurity/runas/**"/>
 				<include name="net/sf/acegisecurity/vote/**"/>
 				<include name="net/sf/acegisecurity/ui/**"/>
+				<include name="net/sf/acegisecurity/util/**"/>
 				<include name="net/sf/acegisecurity/intercept/**"/>
 				<include name="net/sf/acegisecurity/adapters/*"/>
 				<include name="net/sf/acegisecurity/adapters/jboss/*"/>
@@ -240,6 +243,7 @@
 				<include name="net/sf/acegisecurity/runas/**"/>
 				<include name="net/sf/acegisecurity/vote/**"/>
 				<include name="net/sf/acegisecurity/ui/**"/>
+				<include name="net/sf/acegisecurity/util/**"/>
 				<include name="net/sf/acegisecurity/intercept/**"/>
 				<include name="net/sf/acegisecurity/adapters/*"/>
 				<include name="net/sf/acegisecurity/adapters/resin/*"/>
@@ -258,7 +262,6 @@
 		<zip zipfile="${dist.dir}/${acegi-security-src.zip}">
 			<fileset dir="${src.dir}">
 				<include name="net/sf/acegisecurity/**"/>
-				<include name="net/sf/acegisecurity/context/**"/>
 			</fileset>
 		</zip>
 	</target>

core/src/main/java/org/acegisecurity/intercept/web/SecurityEnforcementFilter.java

@@ -22,16 +22,10 @@ import net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.beans.factory.InitializingBean;
 
 import java.io.IOException;
 
-import java.util.Map;
-
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -65,72 +59,79 @@ import javax.servlet.http.HttpServletResponse;
  * </p>
  * 
  * <p>
- * This filter works with a <code>FilterSecurityInterceptor</code> instance. By
- * default, at init time, the filter will use Spring's {@link
- * WebApplicationContextUtils#getWebApplicationContext(ServletContext sc)}
- * method to obtain an ApplicationContext instance, inside which must be a
- * configured <code>FilterSecurityInterceptor</code> instance. In the case
- * where it is desireable for this filter to instantiate its own
- * ApplicationContext instance from which to obtain the
- * <code>FilterSecurityInterceptor</code>, the location of the config for this
- * context may be specified with the optional
- * <code>contextConfigLocation</code> init param.
- * </p>
- * 
- * <p>
  * To use this filter, it is necessary to specify the following filter
  * initialization parameters:
  * </p>
  * 
  * <ul>
  * <li>
- * <code>loginFormUrl</code> indicates the URL that should be used for
- * redirection if an <code>AuthenticationException</code> is detected.
+ * <code>filterSecurityInterceptor</code> indicates the
+ * <code>FilterSecurityInterceptor</code> to delegate HTTP security decisions
+ * to.
  * </li>
  * <li>
- * <code>contextConfigLocation</code> (optional, normally not used), indicates
- * the path to an application context that contains a  properly configured
- * <code>FilterSecurityInterceptor</code>. If not specified, {@link
- * WebApplicationContextUtils#getWebApplicationContext(ServletContext sc)}
- * will be used to obtain the context.
+ * <code>loginFormUrl</code> indicates the URL that should be used for
+ * redirection if an <code>AuthenticationException</code> is detected.
  * </li>
  * </ul>
  * 
+ * <P>
+ * <B>Do not use this class directly.</B> Instead configure
+ * <code>web.xml</code> to use the {@link
+ * net.sf.acegisecurity.util.FilterToBeanProxy}.
+ * </p>
  *
  * @author Ben Alex
  * @author colin sampaleanu
  * @version $Id$
  */
-public class SecurityEnforcementFilter implements Filter {
+public class SecurityEnforcementFilter implements Filter, InitializingBean {
     //~ Static fields/initializers =============================================
 
-    /**
-     * Name of (optional) servlet filter parameter that can specify the config
-     * location for a new ApplicationContext used to config this filter.
-     */
-    public static final String CONFIG_LOCATION_PARAM = "contextConfigLocation";
     private static final Log logger = LogFactory.getLog(SecurityEnforcementFilter.class);
 
     //~ Instance fields ========================================================
 
-    protected FilterSecurityInterceptor securityInterceptor;
+    protected FilterSecurityInterceptor filterSecurityInterceptor;
 
     /**
      * The URL that should be used for redirection if an
      * <code>AuthenticationException</code> is detected.
      */
     protected String loginFormUrl;
-    private ApplicationContext ctx;
-    private boolean ourContext = false;
 
     //~ Methods ================================================================
 
-    public void destroy() {
-        if (ourContext && ctx instanceof ConfigurableApplicationContext) {
-            ((ConfigurableApplicationContext) ctx).close();
+    public void setFilterSecurityInterceptor(
+        FilterSecurityInterceptor filterSecurityInterceptor) {
+        this.filterSecurityInterceptor = filterSecurityInterceptor;
+    }
+
+    public FilterSecurityInterceptor getFilterSecurityInterceptor() {
+        return filterSecurityInterceptor;
+    }
+
+    public void setLoginFormUrl(String loginFormUrl) {
+        this.loginFormUrl = loginFormUrl;
+    }
+
+    public String getLoginFormUrl() {
+        return loginFormUrl;
+    }
+
+    public void afterPropertiesSet() throws Exception {
+        if ((loginFormUrl == null) || "".equals(loginFormUrl)) {
+            throw new IllegalArgumentException("loginFormUrl must be specified");
+        }
+
+        if (filterSecurityInterceptor == null) {
+            throw new IllegalArgumentException(
+                "filterSecurityInterceptor must be specified");
         }
     }
 
+    public void destroy() {}
+
     public void doFilter(ServletRequest request, ServletResponse response,
         FilterChain chain) throws IOException, ServletException {
         if (!(request instanceof HttpServletRequest)) {
@@ -144,7 +145,7 @@ public class SecurityEnforcementFilter implements Filter {
         FilterInvocation fi = new FilterInvocation(request, response, chain);
 
         try {
-            securityInterceptor.invoke(fi);
+            filterSecurityInterceptor.invoke(fi);
 
             if (logger.isDebugEnabled()) {
                 logger.debug("Chain processed normally");
@@ -174,49 +175,5 @@ public class SecurityEnforcementFilter implements Filter {
         }
     }
 
-    public void init(FilterConfig filterConfig) throws ServletException {
-        String appContextLocation = filterConfig.getInitParameter(CONFIG_LOCATION_PARAM);
-
-        if ((appContextLocation != null) && (appContextLocation.length() > 0)) {
-            ourContext = true;
-
-            if (Thread.currentThread().getContextClassLoader().getResource(appContextLocation) == null) {
-                throw new ServletException("Cannot locate "
-                    + appContextLocation);
-            }
-        }
-
-        loginFormUrl = filterConfig.getInitParameter("loginFormUrl");
-
-        if ((loginFormUrl == null) || "".equals(loginFormUrl)) {
-            throw new ServletException("loginFormUrl must be specified");
-        }
-
-        try {
-            if (!ourContext) {
-                ctx = WebApplicationContextUtils
-                    .getRequiredWebApplicationContext(filterConfig
-                        .getServletContext());
-            } else {
-                ctx = new ClassPathXmlApplicationContext(appContextLocation);
-            }
-        } catch (RuntimeException e) {
-            throw new ServletException(
-                "Error obtaining/creating ApplicationContext for config. Must be stored in ServletContext, or optionally '"
-                + CONFIG_LOCATION_PARAM
-                + "' param may be used to allow creation of new context by this filter. See root error for additional details",
-                e);
-        }
-
-        Map beans = ctx.getBeansOfType(FilterSecurityInterceptor.class, true,
-                true);
-
-        if (beans.size() == 0) {
-            throw new ServletException(
-                "Bean context must contain at least one bean of type FilterSecurityInterceptor");
-        }
-
-        String beanName = (String) beans.keySet().iterator().next();
-        securityInterceptor = (FilterSecurityInterceptor) beans.get(beanName);
-    }
+    public void init(FilterConfig filterConfig) throws ServletException {}
 }

core/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilter.java

@@ -25,16 +25,10 @@ import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.beans.factory.InitializingBean;
 
 import java.io.IOException;
 
-import java.util.Map;
-
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -87,63 +81,44 @@ import javax.servlet.http.HttpServletResponse;
  * sent with a request, it should return a 403 (forbidden) response.</I>".
  * </p>
  * 
- * <p>
- * This filter works with an {@link AuthenticationManager} which is used to
- * process each authentication request. By default, at init time, the filter
- * will use Spring's {@link
- * WebApplicationContextUtils#getWebApplicationContext(ServletContext sc)}
- * method to obtain an ApplicationContext instance, inside which must be a
- * configured AuthenticationManager instance. In the case where it is
- * desirable for  this filter to instantiate its own ApplicationContext
- * instance from which to obtain the AuthenticationManager, the location of
- * the config for this context may be specified with the optional
- * <code>contextConfigLocation</code> init param.
- * </p>
- * 
- * <p>
- * To use this filter, it is necessary to specify the following filter
- * initialization parameters:
+ * <P>
+ * <B>Do not use this class directly.</B> Instead configure
+ * <code>web.xml</code> to use the {@link
+ * net.sf.acegisecurity.util.FilterToBeanProxy}.
  * </p>
- * 
- * <ul>
- * <li>
- * <code>contextConfigLocation</code> (optional, normally not used), indicates
- * the path to an application context that contains an {@link
- * AuthenticationManager} which should be used to process each authentication
- * request. If not specified, {@link
- * WebApplicationContextUtils#getWebApplicationContext(ServletContext sc)}
- * will be used to obtain the context.
- * </li>
- * </ul>
- * 
  *
  * @author Ben Alex
  * @version $Id$
  */
-public class BasicProcessingFilter implements Filter {
+public class BasicProcessingFilter implements Filter, InitializingBean {
     //~ Static fields/initializers =============================================
 
-    /**
-     * Name of (optional) servlet filter parameter that can specify the config
-     * location for a new ApplicationContext used to config this filter.
-     */
-    public static final String CONFIG_LOCATION_PARAM = "contextConfigLocation";
     private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
 
     //~ Instance fields ========================================================
 
-    private ApplicationContext ctx;
     private AuthenticationManager authenticationManager;
-    private boolean ourContext = false;
 
     //~ Methods ================================================================
 
-    public void destroy() {
-        if (ourContext && ctx instanceof ConfigurableApplicationContext) {
-            ((ConfigurableApplicationContext) ctx).close();
+    public void setAuthenticationManager(
+        AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+    }
+
+    public AuthenticationManager getAuthenticationManager() {
+        return authenticationManager;
+    }
+
+    public void afterPropertiesSet() throws Exception {
+        if (this.authenticationManager == null) {
+            throw new IllegalArgumentException(
+                "An AuthenticationManager is required");
         }
     }
 
+    public void destroy() {}
+
     public void doFilter(ServletRequest request, ServletResponse response,
         FilterChain chain) throws IOException, ServletException {
         if (!(request instanceof HttpServletRequest)) {
@@ -208,42 +183,5 @@ public class BasicProcessingFilter implements Filter {
         chain.doFilter(request, response);
     }
 
-    public void init(FilterConfig filterConfig) throws ServletException {
-        String appContextLocation = filterConfig.getInitParameter(CONFIG_LOCATION_PARAM);
-
-        if ((appContextLocation != null) && (appContextLocation.length() > 0)) {
-            ourContext = true;
-
-            if (Thread.currentThread().getContextClassLoader().getResource(appContextLocation) == null) {
-                throw new ServletException("Cannot locate "
-                    + appContextLocation);
-            }
-        }
-
-        try {
-            if (!ourContext) {
-                ctx = WebApplicationContextUtils
-                    .getRequiredWebApplicationContext(filterConfig
-                        .getServletContext());
-            } else {
-                ctx = new ClassPathXmlApplicationContext(appContextLocation);
-            }
-        } catch (RuntimeException e) {
-            throw new ServletException(
-                "Error obtaining/creating ApplicationContext for config. Must be stored in ServletContext, or optionally '"
-                + CONFIG_LOCATION_PARAM
-                + "' param may be used to allow creation of new context by this filter. See root error for additional details",
-                e);
-        }
-
-        Map beans = ctx.getBeansOfType(AuthenticationManager.class, true, true);
-
-        if (beans.size() == 0) {
-            throw new ServletException(
-                "Bean context must contain at least one bean of type AuthenticationManager");
-        }
-
-        String beanName = (String) beans.keySet().iterator().next();
-        authenticationManager = (AuthenticationManager) beans.get(beanName);
-    }
+    public void init(FilterConfig arg0) throws ServletException {}
 }

core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java

@@ -23,16 +23,10 @@ import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.beans.factory.InitializingBean;
 
 import java.io.IOException;
 
-import java.util.Map;
-
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -70,21 +64,7 @@ import javax.servlet.http.HttpServletResponse;
  * </p>
  * 
  * <p>
- * This filter works with an {@link AuthenticationManager} which is used to
- * process each authentication request. By default, at init time, the filter
- * will use Spring's {@link
- * WebApplicationContextUtils#getWebApplicationContext(ServletContext sc)}
- * method to obtain an ApplicationContext instance, inside which must be a
- * configured AuthenticationManager instance. In the case where it is
- * desirable for  this filter to instantiate its own ApplicationContext
- * instance from which to obtain the AuthenticationManager, the location of
- * the config for this context may be specified with the optional
- * <code>contextConfigLocation</code> init param.
- * </p>
- * 
- * <p>
- * To use this filter, it is necessary to specify the following filter
- * initialization parameters:
+ * To use this filter, it is necessary to specify the following properties:
  * </p>
  * 
  * <ul>
@@ -104,29 +84,21 @@ import javax.servlet.http.HttpServletResponse;
  * respond to. This parameter is optional, and defaults to
  * <code>/j_acegi_security_check</code>.
  * </li>
- * <li>
- * <code>contextConfigLocation</code> (optional, normally not used), indicates
- * the path to an application context that contains an {@link
- * AuthenticationManager} which should be used to process each authentication
- * request. If not specified, {@link
- * WebApplicationContextUtils#getWebApplicationContext(ServletContext sc)}
- * will be used to obtain the context.
- * </li>
  * </ul>
  * 
+ * <P>
+ * <B>Do not use this class directly.</B> Instead configure
+ * <code>web.xml</code> to use the {@link
+ * net.sf.acegisecurity.util.FilterToBeanProxy}.
+ * </p>
  *
  * @author Ben Alex
  * @author Colin Sampaleanu
  * @version $Id$
  */
-public class AuthenticationProcessingFilter implements Filter {
+public class AuthenticationProcessingFilter implements Filter, InitializingBean {
     //~ Static fields/initializers =============================================
 
-    /**
-     * Name of (optional) servlet filter parameter that can specify the config
-     * location for a new ApplicationContext used to config this filter.
-     */
-    public static final String CONFIG_LOCATION_PARAM = "contextConfigLocation";
     public static final String ACEGI_SECURITY_TARGET_URL_KEY = "ACEGI_SECURITY_TARGET_URL";
     public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "j_username";
     public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
@@ -135,7 +107,6 @@ public class AuthenticationProcessingFilter implements Filter {
 
     //~ Instance fields ========================================================
 
-    private ApplicationContext ctx;
     private AuthenticationManager authenticationManager;
 
     /** Where to redirect the browser to if authentication fails */
@@ -151,17 +122,68 @@ public class AuthenticationProcessingFilter implements Filter {
      * The URL destination that this filter intercepts and processes (usually
      * <code>/j_acegi_security_check</code>)
      */
-    private String filterProcessesUrl;
-    private boolean ourContext = false;
+    private String filterProcessesUrl = "/j_acegi_security_check";
 
     //~ Methods ================================================================
 
-    public void destroy() {
-        if (ourContext && ctx instanceof ConfigurableApplicationContext) {
-            ((ConfigurableApplicationContext) ctx).close();
+    public void setAuthenticationFailureUrl(String authenticationFailureUrl) {
+        this.authenticationFailureUrl = authenticationFailureUrl;
+    }
+
+    public String getAuthenticationFailureUrl() {
+        return authenticationFailureUrl;
+    }
+
+    public void setAuthenticationManager(
+        AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+    }
+
+    public AuthenticationManager getAuthenticationManager() {
+        return authenticationManager;
+    }
+
+    public void setDefaultTargetUrl(String defaultTargetUrl) {
+        this.defaultTargetUrl = defaultTargetUrl;
+    }
+
+    public String getDefaultTargetUrl() {
+        return defaultTargetUrl;
+    }
+
+    public void setFilterProcessesUrl(String filterProcessesUrl) {
+        this.filterProcessesUrl = filterProcessesUrl;
+    }
+
+    public String getFilterProcessesUrl() {
+        return filterProcessesUrl;
+    }
+
+    public void afterPropertiesSet() throws Exception {
+        if ((filterProcessesUrl == null) || "".equals(filterProcessesUrl)) {
+            throw new IllegalArgumentException(
+                "filterProcessesUrl must be specified");
+        }
+
+        if ((defaultTargetUrl == null) || "".equals(defaultTargetUrl)) {
+            throw new IllegalArgumentException(
+                "defaultTargetUrl must be specified");
+        }
+
+        if ((authenticationFailureUrl == null)
+            || "".equals(authenticationFailureUrl)) {
+            throw new IllegalArgumentException(
+                "authenticationFailureUrl must be specified");
+        }
+
+        if (authenticationManager == null) {
+            throw new IllegalArgumentException(
+                "authenticationManager must be specified");
         }
     }
 
+    public void destroy() {}
+
     public void doFilter(ServletRequest request, ServletResponse response,
         FilterChain chain) throws IOException, ServletException {
         if (!(request instanceof HttpServletRequest)) {
@@ -245,63 +267,5 @@ public class AuthenticationProcessingFilter implements Filter {
         chain.doFilter(request, response);
     }
 
-    public void init(FilterConfig filterConfig) throws ServletException {
-        String appContextLocation = filterConfig.getInitParameter(CONFIG_LOCATION_PARAM);
-
-        if ((appContextLocation != null) && (appContextLocation.length() > 0)) {
-            ourContext = true;
-
-            if (Thread.currentThread().getContextClassLoader().getResource(appContextLocation) == null) {
-                throw new ServletException("Cannot locate "
-                    + appContextLocation);
-            }
-        }
-
-        defaultTargetUrl = filterConfig.getInitParameter("defaultTargetUrl");
-
-        if ((defaultTargetUrl == null) || "".equals(defaultTargetUrl)) {
-            throw new ServletException("defaultTargetUrl must be specified");
-        }
-
-        authenticationFailureUrl = filterConfig.getInitParameter(
-                "authenticationFailureUrl");
-
-        if ((authenticationFailureUrl == null)
-            || "".equals(authenticationFailureUrl)) {
-            throw new ServletException(
-                "authenticationFailureUrl must be specified");
-        }
-
-        filterProcessesUrl = filterConfig.getInitParameter("filterProcessesUrl");
-
-        if ((filterProcessesUrl == null) || "".equals(filterProcessesUrl)) {
-            filterProcessesUrl = "/j_acegi_security_check";
-        }
-
-        try {
-            if (!ourContext) {
-                ctx = WebApplicationContextUtils
-                    .getRequiredWebApplicationContext(filterConfig
-                        .getServletContext());
-            } else {
-                ctx = new ClassPathXmlApplicationContext(appContextLocation);
-            }
-        } catch (RuntimeException e) {
-            throw new ServletException(
-                "Error obtaining/creating ApplicationContext for config. Must be stored in ServletContext, or optionally '"
-                + CONFIG_LOCATION_PARAM
-                + "' param may be used to allow creation of new context by this filter. See root error for additional details",
-                e);
-        }
-
-        Map beans = ctx.getBeansOfType(AuthenticationManager.class, true, true);
-
-        if (beans.size() == 0) {
-            throw new ServletException(
-                "Bean context must contain at least one bean of type AuthenticationManager");
-        }
-
-        String beanName = (String) beans.keySet().iterator().next();
-        authenticationManager = (AuthenticationManager) beans.get(beanName);
-    }
+    public void init(FilterConfig filterConfig) throws ServletException {}
 }

core/src/main/java/org/acegisecurity/util/FilterToBeanProxy.java

@@ -0,0 +1,164 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.util;
+
+import org.springframework.context.ApplicationContext;
+
+import org.springframework.web.context.support.WebApplicationContextUtils;
+
+import java.io.IOException;
+
+import java.util.Map;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+
+/**
+ * Delegates <code>Filter</code> requests to a Spring-managed bean.
+ * 
+ * <p>
+ * This class acts as a proxy on behalf of a target <code>Filter</code> that is
+ * defined in the Spring bean context. It is necessary to specify which target
+ * <code>Filter</code> should be proxied as a filter initialization parameter.
+ * </p>
+ * 
+ * <p>
+ * On filter initialisation, the class will use Spring's {@link
+ * WebApplicationContextUtils#getWebApplicationContext(ServletContext sc)}
+ * method to obtain an <code>ApplicationContext</code> instance. It will
+ * expect to find the target <code>Filter</code> in this
+ * <code>ApplicationContext</code>.
+ * </p>
+ * 
+ * <p>
+ * To use this filter, it is necessary to specify the following filter
+ * initialization parameters:
+ * </p>
+ * 
+ * <ul>
+ * <li>
+ * <code>targetClass</code> indicates the class of the target
+ * <code>Filter</code> defined in the bean context. The only requirements are
+ * that this target class implements the <code>javax.servlet.Filter</code>
+ * interface and at least one instance is available in the
+ * <code>ApplicationContext</code>.
+ * </li>
+ * <li>
+ * <code>targetBean</code> (optional) indicates the bean name of the target
+ * class. This parameter should be specified if there is more than one bean in
+ * the <code>ApplicationContext</code> of the same type as defined by the
+ * <code>targetClass</code> parameter.
+ * </li>
+ * </ul>
+ * 
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class FilterToBeanProxy implements Filter {
+    //~ Instance fields ========================================================
+
+    private Filter delegate;
+
+    //~ Methods ================================================================
+
+    public void destroy() {
+        delegate.destroy();
+    }
+
+    public void doFilter(ServletRequest request, ServletResponse response,
+        FilterChain chain) throws IOException, ServletException {
+        delegate.doFilter(request, response, chain);
+    }
+
+    public void init(FilterConfig filterConfig) throws ServletException {
+        String targetClassString = filterConfig.getInitParameter("targetClass");
+
+        if ((targetClassString == null) || "".equals(targetClassString)) {
+            throw new ServletException("targetClass must be specified");
+        }
+
+        Class targetClass;
+
+        try {
+            targetClass = Thread.currentThread().getContextClassLoader()
+                                .loadClass(targetClassString);
+        } catch (ClassNotFoundException ex) {
+            throw new ServletException("Class of type " + targetClassString
+                + " not found in classloader");
+        }
+
+        String targetBean = filterConfig.getInitParameter("targetBean");
+
+        if ("".equals(targetBean)) {
+            targetBean = null;
+        }
+
+        ApplicationContext ctx = this.getContext(filterConfig);
+
+        Map beans = ctx.getBeansOfType(targetClass, true, true);
+
+        if (beans.size() == 0) {
+            throw new ServletException(
+                "Bean context must contain at least one bean of type "
+                + targetClassString);
+        }
+
+        String beanName = null;
+
+        if (targetBean == null) {
+            // Use first bean found
+            beanName = (String) beans.keySet().iterator().next();
+        } else {
+            // Use the requested bean, providing it can be found
+            if (beans.containsKey(targetBean)) {
+                beanName = targetBean;
+            } else {
+                throw new ServletException("Bean with name '" + targetBean
+                    + "' cannot be found in bean context");
+            }
+        }
+
+        Object object = beans.get(beanName);
+
+        if (!(object instanceof Filter)) {
+            throw new ServletException("Bean '" + beanName
+                + "' does not implement javax.servlet.Filter");
+        }
+
+        delegate = (Filter) object;
+
+        delegate.init(filterConfig);
+    }
+
+    /**
+     * Allows test cases to override where application context obtained from.
+     *
+     * @param filterConfig which can be used to find the
+     *        <code>ServletContext</code>
+     *
+     * @return the Spring application context
+     */
+    protected ApplicationContext getContext(FilterConfig filterConfig) {
+        return WebApplicationContextUtils.getRequiredWebApplicationContext(filterConfig
+            .getServletContext());
+    }
+}

core/src/main/java/org/acegisecurity/util/package.html

@@ -0,0 +1,5 @@
+<html>
+<body>
+General utility classes used throughout the Acegi Security System.
+</body>
+</html>

core/src/test/java/org/acegisecurity/intercept/web/SecurityEnforcementFilterTests.java

@@ -19,7 +19,6 @@ import junit.framework.TestCase;
 
 import net.sf.acegisecurity.AccessDeniedException;
 import net.sf.acegisecurity.BadCredentialsException;
-import net.sf.acegisecurity.MockFilterConfig;
 import net.sf.acegisecurity.MockHttpServletRequest;
 import net.sf.acegisecurity.MockHttpServletResponse;
 import net.sf.acegisecurity.MockHttpSession;
@@ -75,9 +74,11 @@ public class SecurityEnforcementFilterTests extends TestCase {
                 false);
 
         // Test
+        SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
+        filter.setFilterSecurityInterceptor(interceptor);
+        filter.setLoginFormUrl("/login.jsp");
+
         MockHttpServletResponse response = new MockHttpServletResponse();
-        SecurityEnforcementFilter filter = new MockSecurityEnforcementFilter(interceptor,
-                "/login.jsp");
         filter.doFilter(request, response, chain);
         assertEquals(403, response.getError());
     }
@@ -108,6 +109,16 @@ public class SecurityEnforcementFilterTests extends TestCase {
         }
     }
 
+    public void testGettersSetters() {
+        SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
+        filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
+                false, false));
+        assertTrue(filter.getFilterSecurityInterceptor() != null);
+
+        filter.setLoginFormUrl("/u");
+        assertEquals("/u", filter.getLoginFormUrl());
+    }
+
     public void testRedirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthenticationException()
         throws Exception {
         // Setup our HTTP request
@@ -123,93 +134,42 @@ public class SecurityEnforcementFilterTests extends TestCase {
                 true);
 
         // Test
+        SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
+        filter.setFilterSecurityInterceptor(interceptor);
+        filter.setLoginFormUrl("/login.jsp");
+        filter.afterPropertiesSet();
+
         MockHttpServletResponse response = new MockHttpServletResponse();
-        SecurityEnforcementFilter filter = new MockSecurityEnforcementFilter(interceptor,
-                "/login.jsp");
         filter.doFilter(request, response, chain);
         assertEquals("/login.jsp", response.getRedirect());
         assertEquals("/secure/page.html",
             request.getSession().getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY));
     }
 
-    public void testStartupDetectsInvalidcontextConfigLocation()
+    public void testStartupDetectsMissingFilterSecurityInterceptor()
         throws Exception {
-        MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("loginFormUrl", "/login.jsp");
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/intercept/web/securityfiltertest-invalid.xml");
-
         SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
+        filter.setLoginFormUrl("/login.jsp");
 
         try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertEquals("Bean context must contain at least one bean of type FilterSecurityInterceptor",
+            filter.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertEquals("filterSecurityInterceptor must be specified",
                 expected.getMessage());
         }
     }
 
-    public void testStartupDetectsMissingAppContext() throws Exception {
-        MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("loginFormUrl", "/login.jsp");
-
-        SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
-
-        try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertTrue(expected.getMessage().startsWith("Error obtaining/creating ApplicationContext for config."));
-        }
-
-        config.setInitParmeter("contextConfigLocation", "");
-
-        try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertTrue(expected.getMessage().startsWith("Error obtaining/creating ApplicationContext for config."));
-        }
-    }
-
-    public void testStartupDetectsMissingInvalidcontextConfigLocation()
-        throws Exception {
-        MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("loginFormUrl", "/login.jsp");
-        config.setInitParmeter("contextConfigLocation", "DOES_NOT_EXIST");
-
-        SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
-
-        try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertTrue(expected.getMessage().startsWith("Cannot locate"));
-        }
-    }
-
     public void testStartupDetectsMissingLoginFormUrl()
         throws Exception {
-        MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/intercept/web/securityfiltertest-valid.xml");
-
         SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
+        filter.setFilterSecurityInterceptor(new MockFilterSecurityInterceptor(
+                false, false));
 
         try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertEquals("loginFormUrl must be specified", expected.getMessage());
-        }
-
-        config.setInitParmeter("loginFormUrl", "");
-
-        try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
+            filter.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
             assertEquals("loginFormUrl must be specified", expected.getMessage());
         }
     }
@@ -228,22 +188,19 @@ public class SecurityEnforcementFilterTests extends TestCase {
                 false);
 
         // Test
+        SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
+        filter.setFilterSecurityInterceptor(interceptor);
+        filter.setLoginFormUrl("/login.jsp");
+
         MockHttpServletResponse response = new MockHttpServletResponse();
-        SecurityEnforcementFilter filter = new MockSecurityEnforcementFilter(interceptor,
-                "/login.jsp");
         filter.doFilter(request, response, chain);
     }
 
     public void testSuccessfulStartupAndShutdownDown()
         throws Exception {
-        MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/intercept/web/securityfiltertest-valid.xml");
-        config.setInitParmeter("loginFormUrl", "/login.jsp");
-
         SecurityEnforcementFilter filter = new SecurityEnforcementFilter();
 
-        filter.init(config);
+        filter.init(null);
         filter.destroy();
         assertTrue(true);
     }
@@ -298,17 +255,4 @@ public class SecurityEnforcementFilterTests extends TestCase {
             fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
         }
     }
-
-    private class MockSecurityEnforcementFilter
-        extends SecurityEnforcementFilter {
-        public MockSecurityEnforcementFilter(
-            FilterSecurityInterceptor securityInterceptor, String loginFormUrl) {
-            super.securityInterceptor = securityInterceptor;
-            super.loginFormUrl = loginFormUrl;
-        }
-
-        private MockSecurityEnforcementFilter() {
-            super();
-        }
-    }
 }

core/src/test/java/org/acegisecurity/intercept/web/securityfiltertest-valid.xml

@@ -1,74 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
- * Copyright 2004 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- *
- * $Id$
--->
-
-<beans>
-
-	<bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
-  		<property name="userMap">
-			<value>
-				marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
-				dianne=emu,ROLE_TELLER
-				scott=wombat,ROLE_TELLER
-				peter=opal,disabled,ROLE_TELLER
-			</value>
-		</property>
-	</bean>
-	
-	<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
-     	<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
-	</bean>
-
-	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
-		<property name="providers">
-		  <list>
-		    <ref bean="daoAuthenticationProvider"/>
-		  </list>
-		</property>
-	</bean>
-	
-	<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
-     	<property name="key"><value>my_run_as_password</value></property>
- 	</bean>
-	
-	<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
-
-	<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
-   		<property name="allowIfAllAbstainDecisions"><value>false</value></property>
-		<property name="decisionVoters">
-		  <list>
-		    <ref bean="roleVoter"/>
-		  </list>
-		</property>
-	</bean>
-
-	<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
-	<property name="authenticationManager"><ref bean="authenticationManager"/></property>
-	<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
-	<property name="runAsManager"><ref bean="runAsManager"/></property>
-		<property name="objectDefinitionSource">
-		<value>
-			\A/secure/super.*\Z=ROLE_WE_DONT_HAVE
-			\A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER
-		</value>
-	</property>
-	</bean>
-
-</beans>

core/src/test/java/org/acegisecurity/ui/basicauth/BasicProcessingFilterTests.java

@@ -18,6 +18,7 @@ package net.sf.acegisecurity.ui.basicauth;
 import junit.framework.TestCase;
 
 import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.MockAuthenticationManager;
 import net.sf.acegisecurity.MockFilterConfig;
 import net.sf.acegisecurity.MockHttpServletRequest;
 import net.sf.acegisecurity.MockHttpServletResponse;
@@ -26,6 +27,9 @@ import net.sf.acegisecurity.ui.webapp.HttpSessionIntegrationFilter;
 
 import org.apache.commons.codec.binary.Base64;
 
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
 import java.io.IOException;
 
 import java.util.HashMap;
@@ -102,23 +106,32 @@ public class BasicProcessingFilterTests extends TestCase {
                 null, new MockHttpSession());
         request.setServletPath("/some_file.html");
 
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/basicauth/filtertest-valid.xml");
+        BasicProcessingFilter filter = (BasicProcessingFilter) ctx.getBean(
+                "basicProcessingFilter");
+
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
 
         // Setup our expectation that the filter chain will be invoked
         MockFilterChain chain = new MockFilterChain(true);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         // Test
-        BasicProcessingFilter filter = new BasicProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
 
         assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) == null);
     }
 
+    public void testGettersSetters() {
+        BasicProcessingFilter filter = new BasicProcessingFilter();
+        filter.setAuthenticationManager(new MockAuthenticationManager());
+        assertTrue(filter.getAuthenticationManager() != null);
+    }
+
     public void testInvalidBasicAuthorizationTokenIsIgnored()
         throws Exception {
         // Setup our HTTP request
@@ -131,17 +144,20 @@ public class BasicProcessingFilterTests extends TestCase {
                 null, new MockHttpSession());
         request.setServletPath("/some_file.html");
 
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/basicauth/filtertest-valid.xml");
+        BasicProcessingFilter filter = (BasicProcessingFilter) ctx.getBean(
+                "basicProcessingFilter");
+
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
 
         // Setup our expectation that the filter chain will be invoked
         MockFilterChain chain = new MockFilterChain(true);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         // Test
-        BasicProcessingFilter filter = new BasicProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
 
@@ -159,17 +175,20 @@ public class BasicProcessingFilterTests extends TestCase {
                 null, new MockHttpSession());
         request.setServletPath("/some_file.html");
 
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/basicauth/filtertest-valid.xml");
+        BasicProcessingFilter filter = (BasicProcessingFilter) ctx.getBean(
+                "basicProcessingFilter");
+
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
 
         // Setup our expectation that the filter chain will be invoked
         MockFilterChain chain = new MockFilterChain(true);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         // Test
-        BasicProcessingFilter filter = new BasicProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
 
@@ -189,77 +208,38 @@ public class BasicProcessingFilterTests extends TestCase {
                 null, new MockHttpSession());
         request.setServletPath("/some_file.html");
 
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/basicauth/filtertest-valid.xml");
+        BasicProcessingFilter filter = (BasicProcessingFilter) ctx.getBean(
+                "basicProcessingFilter");
+
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
 
         // Setup our expectation that the filter chain will be invoked
         MockFilterChain chain = new MockFilterChain(true);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         // Test
-        BasicProcessingFilter filter = new BasicProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
 
         assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) == null);
     }
 
-    public void testStartupDetectsInvalidContextConfigLocation()
+    public void testStartupDetectsMissingAuthenticationManager()
         throws Exception {
-        MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-invalid.xml");
-
-        BasicProcessingFilter filter = new BasicProcessingFilter();
-
         try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertEquals("Bean context must contain at least one bean of type AuthenticationManager",
+            BasicProcessingFilter filter = new BasicProcessingFilter();
+            filter.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertEquals("An AuthenticationManager is required",
                 expected.getMessage());
         }
     }
 
-    public void testStartupDetectsMissingAppContext() throws Exception {
-        MockFilterConfig config = new MockFilterConfig();
-
-        BasicProcessingFilter filter = new BasicProcessingFilter();
-
-        try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertTrue(expected.getMessage().startsWith("Error obtaining/creating ApplicationContext for config."));
-        }
-
-        config.setInitParmeter("contextConfigLocation", "");
-
-        try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertTrue(expected.getMessage().startsWith("Error obtaining/creating ApplicationContext for config."));
-        }
-    }
-
-    public void testStartupDetectsMissingInvalidContextConfigLocation()
-        throws Exception {
-        MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation", "DOES_NOT_EXIST");
-
-        BasicProcessingFilter filter = new BasicProcessingFilter();
-
-        try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertTrue(expected.getMessage().startsWith("Cannot locate"));
-        }
-    }
-
     public void testSuccessLoginThenFailureLoginResultsInSessionLoosingToken()
         throws Exception {
         // Setup our HTTP request
@@ -272,17 +252,20 @@ public class BasicProcessingFilterTests extends TestCase {
                 null, new MockHttpSession());
         request.setServletPath("/some_file.html");
 
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/basicauth/filtertest-valid.xml");
+        BasicProcessingFilter filter = (BasicProcessingFilter) ctx.getBean(
+                "basicProcessingFilter");
+
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
 
         // Setup our expectation that the filter chain will be invoked
         MockFilterChain chain = new MockFilterChain(true);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         // Test
-        BasicProcessingFilter filter = new BasicProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
 
@@ -306,7 +289,6 @@ public class BasicProcessingFilterTests extends TestCase {
         response = new MockHttpServletResponse();
 
         // Test
-        filter = new BasicProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
 
@@ -325,17 +307,20 @@ public class BasicProcessingFilterTests extends TestCase {
                 null, new MockHttpSession());
         request.setServletPath("/some_file.html");
 
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/basicauth/filtertest-valid.xml");
+        BasicProcessingFilter filter = (BasicProcessingFilter) ctx.getBean(
+                "basicProcessingFilter");
+
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
 
         // Setup our expectation that the filter chain will not be invoked, as we get a 403 forbidden response
         MockFilterChain chain = new MockFilterChain(false);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         // Test
-        BasicProcessingFilter filter = new BasicProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
 

core/src/test/java/org/acegisecurity/ui/webapp/filtertest-invalid.xml → core/src/test/java/org/acegisecurity/ui/basicauth/filtertest-valid.xml

@@ -33,6 +33,22 @@
 		</property>
 	</bean>
 	
-	<!-- The authentication manager is deliberately missing in order to test error detection -->
+	<!-- Authentication provider that queries our data access object  -->
+	<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
+     	<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
+	</bean>
+
+	<!-- The authentication manager that iterates through our only authentication provider -->
+	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
+		<property name="providers">
+		  <list>
+		    <ref bean="daoAuthenticationProvider"/>
+		  </list>
+		</property>
+	</bean>
+
+	<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
+		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
+	</bean>
 
 </beans>

core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java

@@ -18,11 +18,15 @@ package net.sf.acegisecurity.ui.webapp;
 import junit.framework.TestCase;
 
 import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.MockAuthenticationManager;
 import net.sf.acegisecurity.MockFilterConfig;
 import net.sf.acegisecurity.MockHttpServletRequest;
 import net.sf.acegisecurity.MockHttpServletResponse;
 import net.sf.acegisecurity.MockHttpSession;
 
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
 import java.io.IOException;
 
 import javax.servlet.Filter;
@@ -100,19 +104,20 @@ public class AuthenticationProcessingFilterTests extends TestCase {
             "WRONG_PASSWORD");
         request.setServletPath("/j_acegi_security_check");
 
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
+        AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
+            .getBean("authenticationProcessingFilter");
+
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
-        config.setInitParmeter("defaultTargetUrl", "/");
-        config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
 
         // Setup our expectation that the filter chain will not be invoked, as we redirect to authenticationFailureUrl
         MockFilterChain chain = new MockFilterChain(false);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         // Test
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
         System.out.println(response.getRedirect());
@@ -129,22 +134,25 @@ public class AuthenticationProcessingFilterTests extends TestCase {
             "marissa");
         request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY,
             "koala");
-        request.setServletPath("/j_my_security_check");
+        request.setServletPath("/j_THIS_IS_MY_security_check");
+
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
+        AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
+            .getBean("authenticationProcessingFilter");
+
+        // Must override the XML defined authenticationProcessesUrl
+        filter.setFilterProcessesUrl("/j_THIS_IS_MY_security_check");
 
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
-        config.setInitParmeter("defaultTargetUrl", "/");
-        config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
-        config.setInitParmeter("filterProcessesUrl", "/j_my_security_check");
 
         // Setup our expectation that the filter chain will not be invoked, as we redirect to defaultTargetUrl
         MockFilterChain chain = new MockFilterChain(false);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         // Test
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
         assertEquals("/", response.getRedirect());
@@ -154,6 +162,21 @@ public class AuthenticationProcessingFilterTests extends TestCase {
              .toString());
     }
 
+    public void testGettersSetters() {
+        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        filter.setAuthenticationFailureUrl("/x");
+        assertEquals("/x", filter.getAuthenticationFailureUrl());
+
+        filter.setAuthenticationManager(new MockAuthenticationManager());
+        assertTrue(filter.getAuthenticationManager() != null);
+
+        filter.setDefaultTargetUrl("/default");
+        assertEquals("/default", filter.getDefaultTargetUrl());
+
+        filter.setFilterProcessesUrl("/p");
+        assertEquals("/p", filter.getFilterProcessesUrl());
+    }
+
     public void testIgnoresAnyServletPathOtherThanFilterProcessesUrl()
         throws Exception {
         // Setup our HTTP request
@@ -161,18 +184,19 @@ public class AuthenticationProcessingFilterTests extends TestCase {
                 new MockHttpSession());
         request.setServletPath("/j_some_other_url");
 
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
+        AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
+            .getBean("authenticationProcessingFilter");
+
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
-        config.setInitParmeter("defaultTargetUrl", "/");
-        config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
 
         // Setup our expectation that the filter chain will be invoked, as should just proceed with chain
         MockFilterChain chain = new MockFilterChain(true);
 
         // Test
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request,
             new MockHttpServletResponse(), chain);
     }
@@ -188,19 +212,20 @@ public class AuthenticationProcessingFilterTests extends TestCase {
             "koala");
         request.setServletPath("/j_acegi_security_check");
 
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
+        AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
+            .getBean("authenticationProcessingFilter");
+
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
-        config.setInitParmeter("defaultTargetUrl", "/");
-        config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
 
         // Setup our expectation that the filter chain will not be invoked, as we redirect to defaultTargetUrl
         MockFilterChain chain = new MockFilterChain(false);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         // Test
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
         assertEquals("/", response.getRedirect());
@@ -220,19 +245,20 @@ public class AuthenticationProcessingFilterTests extends TestCase {
             null);
         request.setServletPath("/j_acegi_security_check");
 
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
+        AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
+            .getBean("authenticationProcessingFilter");
+
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
-        config.setInitParmeter("defaultTargetUrl", "/");
-        config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
 
         // Setup our expectation that the filter chain will not be invoked, as we redirect to defaultTargetUrl
         MockFilterChain chain = new MockFilterChain(false);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         // Test
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
         assertEquals("/failed.jsp", response.getRedirect());
@@ -249,138 +275,88 @@ public class AuthenticationProcessingFilterTests extends TestCase {
             "koala");
         request.setServletPath("/j_acegi_security_check");
 
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
+        AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
+            .getBean("authenticationProcessingFilter");
+
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
-        config.setInitParmeter("defaultTargetUrl", "/");
-        config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
 
         // Setup our expectation that the filter chain will not be invoked, as we redirect to defaultTargetUrl
         MockFilterChain chain = new MockFilterChain(false);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         // Test
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
         assertEquals("/failed.jsp", response.getRedirect());
         assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) == null);
     }
 
-    public void testStartupDetectsInvalidcontextConfigLocation()
+    public void testStartupDetectsInvalidAuthenticationFailureUrl()
         throws Exception {
-        MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("defaultTargetUrl", "/");
-        config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-invalid.xml");
-
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        filter.setAuthenticationManager(new MockAuthenticationManager());
+        filter.setDefaultTargetUrl("/");
+        filter.setFilterProcessesUrl("/j_acegi_security_check");
 
         try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertEquals("Bean context must contain at least one bean of type AuthenticationManager",
+            filter.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertEquals("authenticationFailureUrl must be specified",
                 expected.getMessage());
         }
     }
 
-    public void testStartupDetectsMissingAppContext() throws Exception {
-        MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("defaultTargetUrl", "/");
-        config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
-
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
-
-        try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertTrue(expected.getMessage().startsWith("Error obtaining/creating ApplicationContext for config."));
-        }
-
-        config.setInitParmeter("contextConfigLocation", "");
-
-        try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertTrue(expected.getMessage().startsWith("Error obtaining/creating ApplicationContext for config."));
-        }
-    }
-
-    public void testStartupDetectsMissingAuthenticationFailureUrl()
+    public void testStartupDetectsInvalidAuthenticationManager()
         throws Exception {
-        MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
-        config.setInitParmeter("defaultTargetUrl", "/");
-
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        filter.setAuthenticationFailureUrl("/failed.jsp");
+        filter.setDefaultTargetUrl("/");
+        filter.setFilterProcessesUrl("/j_acegi_security_check");
 
         try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertEquals("authenticationFailureUrl must be specified",
-                expected.getMessage());
-        }
-
-        config.setInitParmeter("authenticationFailureUrl", "");
-
-        try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertEquals("authenticationFailureUrl must be specified",
+            filter.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertEquals("authenticationManager must be specified",
                 expected.getMessage());
         }
     }
 
-    public void testStartupDetectsMissingDefaultTargetUrl()
+    public void testStartupDetectsInvalidDefaultTargetUrl()
         throws Exception {
-        MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
-
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        filter.setAuthenticationFailureUrl("/failed.jsp");
+        filter.setAuthenticationManager(new MockAuthenticationManager());
+        filter.setFilterProcessesUrl("/j_acegi_security_check");
 
         try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertEquals("defaultTargetUrl must be specified",
-                expected.getMessage());
-        }
-
-        config.setInitParmeter("defaultTargetUrl", "");
-
-        try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
+            filter.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
             assertEquals("defaultTargetUrl must be specified",
                 expected.getMessage());
         }
     }
 
-    public void testStartupDetectsMissingInvalidcontextConfigLocation()
+    public void testStartupDetectsInvalidFilterProcessesUrl()
         throws Exception {
-        MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("defaultTargetUrl", "/");
-        config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
-        config.setInitParmeter("contextConfigLocation", "DOES_NOT_EXIST");
-
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        filter.setAuthenticationFailureUrl("/failed.jsp");
+        filter.setAuthenticationManager(new MockAuthenticationManager());
+        filter.setDefaultTargetUrl("/");
+        filter.setFilterProcessesUrl(null);
 
         try {
-            filter.init(config);
-            fail("Should have thrown ServletException");
-        } catch (ServletException expected) {
-            assertTrue(expected.getMessage().startsWith("Cannot locate"));
+            filter.afterPropertiesSet();
+            fail("Should have thrown IllegalArgumentException");
+        } catch (IllegalArgumentException expected) {
+            assertEquals("filterProcessesUrl must be specified",
+                expected.getMessage());
         }
     }
 
@@ -395,19 +371,20 @@ public class AuthenticationProcessingFilterTests extends TestCase {
             "koala");
         request.setServletPath("/j_acegi_security_check");
 
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
+        AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
+            .getBean("authenticationProcessingFilter");
+
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
-        config.setInitParmeter("defaultTargetUrl", "/");
-        config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
 
         // Setup our expectation that the filter chain will not be invoked, as we redirect to authenticationFailureUrl
         MockFilterChain chain = new MockFilterChain(false);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         // Test
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
         assertEquals("/", response.getRedirect());
@@ -440,19 +417,20 @@ public class AuthenticationProcessingFilterTests extends TestCase {
         request.getSession().setAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY,
             "/my-destination");
 
+        // Launch an application context and access our bean
+        ApplicationContext ctx = new ClassPathXmlApplicationContext(
+                "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
+        AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
+            .getBean("authenticationProcessingFilter");
+
         // Setup our filter configuration
         MockFilterConfig config = new MockFilterConfig();
-        config.setInitParmeter("contextConfigLocation",
-            "net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
-        config.setInitParmeter("defaultTargetUrl", "/");
-        config.setInitParmeter("authenticationFailureUrl", "/failed.jsp");
 
         // Setup our expectation that the filter chain will not be invoked, as we redirect to defaultTargetUrl
         MockFilterChain chain = new MockFilterChain(false);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         // Test
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         executeFilterInContainerSimulator(config, filter, request, response,
             chain);
         assertEquals("/my-destination", response.getRedirect());

core/src/test/java/org/acegisecurity/ui/webapp/filtertest-valid.xml

@@ -47,4 +47,11 @@
 		</property>
 	</bean>
 
+	<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
+		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
+		<property name="authenticationFailureUrl"><value>/failed.jsp</value></property>
+		<property name="defaultTargetUrl"><value>/</value></property>
+		<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
+	</bean>
+
 </beans>

core/src/test/java/org/acegisecurity/util/FilterToBeanProxyTests.java

@@ -0,0 +1,260 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.util;
+
+import junit.framework.TestCase;
+
+import net.sf.acegisecurity.MockFilterConfig;
+import net.sf.acegisecurity.MockHttpServletRequest;
+import net.sf.acegisecurity.MockHttpServletResponse;
+
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+
+/**
+ * Tests {@link FilterToBeanProxy}.
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class FilterToBeanProxyTests extends TestCase {
+    //~ Constructors ===========================================================
+
+    public FilterToBeanProxyTests() {
+        super();
+    }
+
+    public FilterToBeanProxyTests(String arg0) {
+        super(arg0);
+    }
+
+    //~ Methods ================================================================
+
+    public final void setUp() throws Exception {
+        super.setUp();
+    }
+
+    public static void main(String[] args) {
+        junit.textui.TestRunner.run(FilterToBeanProxyTests.class);
+    }
+
+    public void testDetectsClassNotInClassLoader() throws Exception {
+        // Setup our filter
+        MockFilterConfig config = new MockFilterConfig();
+        config.setInitParmeter("targetClass", "net.sf.DOES.NOT.EXIST");
+
+        FilterToBeanProxy filter = new MockFilterToBeanProxy(
+                "net/sf/acegisecurity/util/filtertest-valid.xml");
+
+        try {
+            filter.init(config);
+            fail("Should have thrown ServletException");
+        } catch (ServletException expected) {
+            assertEquals("Class of type net.sf.DOES.NOT.EXIST not found in classloader",
+                expected.getMessage());
+        }
+    }
+
+    public void testDetectsMissingTargetClass() throws Exception {
+        // Setup our filter
+        MockFilterConfig config = new MockFilterConfig();
+        config.setInitParmeter("targetBean", "mockFilter");
+
+        FilterToBeanProxy filter = new MockFilterToBeanProxy(
+                "net/sf/acegisecurity/util/filtertest-valid.xml");
+
+        try {
+            filter.init(config);
+            fail("Should have thrown ServletException");
+        } catch (ServletException expected) {
+            assertEquals("targetClass must be specified", expected.getMessage());
+        }
+    }
+
+    public void testDetectsTargetBeanIsNotAFilter() throws Exception {
+        // Setup our filter
+        MockFilterConfig config = new MockFilterConfig();
+        config.setInitParmeter("targetClass",
+            "net.sf.acegisecurity.util.MockNotAFilter");
+
+        FilterToBeanProxy filter = new MockFilterToBeanProxy(
+                "net/sf/acegisecurity/util/filtertest-valid.xml");
+
+        try {
+            filter.init(config);
+            fail("Should have thrown ServletException");
+        } catch (ServletException expected) {
+            assertEquals("Bean 'mockNotAFilter' does not implement javax.servlet.Filter",
+                expected.getMessage());
+        }
+    }
+
+    public void testDetectsTargetBeanNotInBeanContext()
+        throws Exception {
+        // Setup our filter
+        MockFilterConfig config = new MockFilterConfig();
+        config.setInitParmeter("targetClass",
+            "net.sf.acegisecurity.util.MockFilter");
+        config.setInitParmeter("targetBean", "WRONG_NAME");
+
+        FilterToBeanProxy filter = new MockFilterToBeanProxy(
+                "net/sf/acegisecurity/util/filtertest-valid.xml");
+
+        try {
+            filter.init(config);
+            fail("Should have thrown ServletException");
+        } catch (ServletException expected) {
+            assertEquals("Bean with name 'WRONG_NAME' cannot be found in bean context",
+                expected.getMessage());
+        }
+    }
+
+    public void testDetectsTargetClassNotInBeanContext()
+        throws Exception {
+        // Setup our filter
+        MockFilterConfig config = new MockFilterConfig();
+        config.setInitParmeter("targetClass",
+            "net.sf.acegisecurity.util.FilterToBeanProxyTests");
+
+        FilterToBeanProxy filter = new MockFilterToBeanProxy(
+                "net/sf/acegisecurity/util/filtertest-valid.xml");
+
+        try {
+            filter.init(config);
+            fail("Should have thrown ServletException");
+        } catch (ServletException expected) {
+            assertEquals("Bean context must contain at least one bean of type net.sf.acegisecurity.util.FilterToBeanProxyTests",
+                expected.getMessage());
+        }
+    }
+
+    public void testIgnoresEmptyTargetBean() throws Exception {
+        // Setup our filter
+        MockFilterConfig config = new MockFilterConfig();
+        config.setInitParmeter("targetClass",
+            "net.sf.acegisecurity.util.MockFilter");
+        config.setInitParmeter("targetBean", "");
+
+        // Setup our expectation that the filter chain will be invoked
+        MockFilterChain chain = new MockFilterChain(true);
+
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        MockHttpServletRequest request = new MockHttpServletRequest("/go");
+
+        FilterToBeanProxy filter = new MockFilterToBeanProxy(
+                "net/sf/acegisecurity/util/filtertest-valid.xml");
+
+        executeFilterInContainerSimulator(config, filter, request, response,
+            chain);
+    }
+
+    public void testNormalOperationWithDefault() throws Exception {
+        // Setup our filter
+        MockFilterConfig config = new MockFilterConfig();
+        config.setInitParmeter("targetClass",
+            "net.sf.acegisecurity.util.MockFilter");
+
+        // Setup our expectation that the filter chain will be invoked
+        MockFilterChain chain = new MockFilterChain(true);
+
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        MockHttpServletRequest request = new MockHttpServletRequest("/go");
+
+        FilterToBeanProxy filter = new MockFilterToBeanProxy(
+                "net/sf/acegisecurity/util/filtertest-valid.xml");
+
+        executeFilterInContainerSimulator(config, filter, request, response,
+            chain);
+    }
+
+    public void testNormalOperationWithSpecificBeanName()
+        throws Exception {
+        // Setup our filter
+        MockFilterConfig config = new MockFilterConfig();
+        config.setInitParmeter("targetClass",
+            "net.sf.acegisecurity.util.MockFilter");
+        config.setInitParmeter("targetBean", "mockFilter");
+
+        // Setup our expectation that the filter chain will be invoked
+        MockFilterChain chain = new MockFilterChain(true);
+
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        MockHttpServletRequest request = new MockHttpServletRequest("/go");
+
+        FilterToBeanProxy filter = new MockFilterToBeanProxy(
+                "net/sf/acegisecurity/util/filtertest-valid.xml");
+
+        executeFilterInContainerSimulator(config, filter, request, response,
+            chain);
+    }
+
+    private void executeFilterInContainerSimulator(FilterConfig filterConfig,
+        Filter filter, ServletRequest request, ServletResponse response,
+        FilterChain filterChain) throws ServletException, IOException {
+        filter.init(filterConfig);
+        filter.doFilter(request, response, filterChain);
+        filter.destroy();
+    }
+
+    //~ Inner Classes ==========================================================
+
+    private class MockFilterChain implements FilterChain {
+        private boolean expectToProceed;
+
+        public MockFilterChain(boolean expectToProceed) {
+            this.expectToProceed = expectToProceed;
+        }
+
+        private MockFilterChain() {
+            super();
+        }
+
+        public void doFilter(ServletRequest request, ServletResponse response)
+            throws IOException, ServletException {
+            if (expectToProceed) {
+                assertTrue(true);
+            } else {
+                fail("Did not expect filter chain to proceed");
+            }
+        }
+    }
+
+    private class MockFilterToBeanProxy extends FilterToBeanProxy {
+        private String appContextLocation;
+
+        public MockFilterToBeanProxy(String appContextLocation) {
+            this.appContextLocation = appContextLocation;
+        }
+
+        private MockFilterToBeanProxy() {
+            super();
+        }
+
+        protected ApplicationContext getContext(FilterConfig filterConfig) {
+            return new ClassPathXmlApplicationContext(appContextLocation);
+        }
+    }
+}

core/src/test/java/org/acegisecurity/util/MockFilter.java

@@ -0,0 +1,45 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.util;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+
+/**
+ * A simple filter that the test case can delegate to.
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class MockFilter implements Filter {
+    //~ Methods ================================================================
+
+    public void destroy() {}
+
+    public void doFilter(ServletRequest request, ServletResponse response,
+        FilterChain chain) throws IOException, ServletException {
+        chain.doFilter(request, response);
+    }
+
+    public void init(FilterConfig config) throws ServletException {}
+}

core/src/test/java/org/acegisecurity/util/MockNotAFilter.java

@@ -0,0 +1,24 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.util;
+
+/**
+ * A class that is not a filter.
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class MockNotAFilter {}

core/src/test/java/org/acegisecurity/intercept/web/securityfiltertest-invalid.xml → core/src/test/java/org/acegisecurity/util/filtertest-valid.xml

@@ -21,17 +21,7 @@
 
 <beans>
 
-	<bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
-  		<property name="userMap">
-			<value>
-				marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
-				dianne=emu,ROLE_TELLER
-				scott=wombat,ROLE_TELLER
-				peter=opal,disabled,ROLE_TELLER
-			</value>
-		</property>
-	</bean>
-	
-	<!-- FilterSecurityInterceptor deliberately missing to cause error -->
+	<bean id="mockFilter" class="net.sf.acegisecurity.util.MockFilter"/>
 
+	<bean id="mockNotAFilter" class="net.sf.acegisecurity.util.MockNotAFilter"/>
 </beans>

docs/reference/src/index.xml

@@ -503,14 +503,14 @@
         <title>FilterInvocation Security Interceptor</title>
 
         <para>To secure <literal>FilterInvocation</literal>s, developers need
-        to add a <literal>SecurityEnforcementFilter</literal> to their
-        <literal>web.xml</literal>. A typical configuration example is
-        provided below: <programlisting>&lt;filter&gt;
+        to add a filter to their <literal>web.xml</literal> that delegates to
+        the <literal>SecurityEnforcementFilter</literal>. A typical
+        configuration example is provided below: <programlisting>&lt;filter&gt;
   &lt;filter-name&gt;Acegi HTTP Request Security Filter&lt;/filter-name&gt;
-  &lt;filter-class&gt;net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter&lt;/filter-class&gt;
+  &lt;filter-class&gt;net.sf.acegisecurity.util.FilterToBeanProxy&lt;/filter-class&gt;
   &lt;init-param&gt;
-    &lt;param-name&gt;loginFormUrl&lt;/param-name&gt;
-    &lt;param-value&gt;/acegilogin.jsp&lt;/param-value&gt;
+    &lt;param-name&gt;targetClass&lt;/param-name&gt;
+    &lt;param-value&gt;net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter&lt;/param-value&gt;
   &lt;/init-param&gt;
 &lt;/filter&gt;
 
@@ -519,34 +519,36 @@
   &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
 &lt;/filter-mapping&gt;</programlisting></para>
 
-        <para>The <literal>loginFormUrl</literal> is where the filter will
-        redirect the user's browser if they request a secure HTTP resource but
-        they are not authenticated. If the user is authenticated, a "403
-        Forbidden" response will be returned to the browser. All paths are
-        relative to the web application root.</para>
-
-        <para>To perform its function, the
-        <literal>SecurityEnforcementFilter</literal> will need to delegate to
-        a properly configured <literal>FilterSecurityInterceptor</literal>. To
-        do this it requires access to a Spring application context, which is
-        usually obtained from
-        <literal>WebApplicationContextUtils.getWebApplicationContext(ServletContext)</literal>.
-        This is usually made available by using Spring's
-        <literal>ContextLoaderListener</literal> in
-        <literal>web.xml</literal>. Alternatively, the
-        <literal>web.xml</literal> can be used to define a filter
-        <literal>&lt;init-param&gt;</literal> named
-        <literal>contextConfigLocation</literal>. This initialization
-        parameter will represent a path to a Spring XML application context
-        that the <literal>SecurityEnforcementFilter</literal> will load during
-        startup.</para>
-
-        <para>The configuration of the
-        <literal>FilterSecurityInterceptor</literal> in the Spring application
-        context is very similar to the
-        <literal>MethodSecurityInterceptor</literal>:</para>
+        <para>Notice that the filter is actually a
+        <literal>FilterToBeanProxy</literal>. Most of the filters used by the
+        Acegi Security System for Spring use this class . What it does is
+        delegate the <literal>Filter</literal>'s methods through to a bean
+        which is obtained from the Spring application context. This enables
+        the bean to benefit from the Spring application context lifecycle
+        support and configuration flexibility. The
+        <literal>FilterToBeanProxy</literal> only requires a single
+        initialization parameter, <literal>targetClass</literal>, which will
+        be used to identify the bean in the application context. In the
+        unlikely event there is more than one bean in the application context
+        that matches this class, the <literal>targetBean</literal>
+        initialization parameter should be used. This parameter simply
+        represents the name of the bean in the application context. Like
+        standard Spring web applications, the
+        <literal>FilterToBeanProxy</literal> accesses the application context
+        via<literal>
+        WebApplicationContextUtils.getWebApplicationContext(ServletContext)</literal>,
+        so you should configure a <literal>ContextLoaderListener</literal> in
+        <literal>web.xml</literal>.</para>
+
+        <para>In the application context you will need to configure two
+        beans:</para>
+
+        <programlisting>&lt;bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter"&gt;
+  &lt;property name="filterSecurityInterceptor"&gt;&lt;ref bean="filterInvocationInterceptor"/&gt;&lt;/property&gt;
+  &lt;property name="loginFormUrl"&gt;&lt;value&gt;/acegilogin.jsp&lt;/value&gt;&lt;/property&gt;
+&lt;/bean&gt;
 
-        <para><programlisting>&lt;bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor"&gt;
+&lt;bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor"&gt;
   &lt;property name="authenticationManager"&gt;&lt;ref bean="authenticationManager"/&gt;&lt;/property&gt;
   &lt;property name="accessDecisionManager"&gt;&lt;ref bean="accessDecisionManager"/&gt;&lt;/property&gt;
   &lt;property name="runAsManager"&gt;&lt;ref bean="runAsManager"/&gt;&lt;/property&gt;
@@ -557,7 +559,18 @@
       \A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER
     &lt;/value&gt;
   &lt;/property&gt;
-&lt;/bean&gt;</programlisting></para>
+&lt;/bean&gt;</programlisting>
+
+        <para>The <literal>loginFormUrl</literal> is where the filter will
+        redirect the user's browser if they request a secure HTTP resource but
+        they are not authenticated. If the user is authenticated, a "403
+        Forbidden" response will be returned to the browser. All paths are
+        relative to the web application root.</para>
+
+        <para>The <literal>SecurityEnforcementFilter</literal> primarily
+        provides redirection and session management support. It delegates
+        actual <literal>FilterInvocation</literal> security decisions to the
+        configured <literal>FilterSecurityInterceptor</literal>.</para>
 
         <para>Like any other security interceptor, the
         <literal>FilterSecurityInterceptor</literal> requires a reference to
@@ -1483,22 +1496,15 @@ public boolean supports(Class clazz);</programlisting></para>
         <literal>j_password</literal> input fields, and posts to a URL that is
         monitored by the filter (by default
         <literal>j_acegi_security_check</literal>). The filter is defined in
-        <literal>web.xml</literal> as follows:</para>
+        <literal>web.xml</literal> behind a
+        <literal>FilterToBeanProxy</literal> as follows:</para>
 
         <para><programlisting>&lt;filter&gt;
   &lt;filter-name&gt;Acegi Authentication Processing Filter&lt;/filter-name&gt;
-  &lt;filter-class&gt;net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter&lt;/filter-class&gt;
+  &lt;filter-class&gt;net.sf.acegisecurity.util.FilterToBeanProxy&lt;/filter-class&gt;
   &lt;init-param&gt;
-    &lt;param-name&gt;authenticationFailureUrl&lt;/param-name&gt;
-    &lt;param-value&gt;/acegilogin.jsp?login_error=1&lt;/param-value&gt;
-  &lt;/init-param&gt;
-  &lt;init-param&gt;
-    &lt;param-name&gt;defaultTargetUrl&lt;/param-name&gt;
-    &lt;param-value&gt;/&lt;/param-value&gt;
-  &lt;/init-param&gt;
-  &lt;init-param&gt;
-    &lt;param-name&gt;filterProcessUrl&lt;/param-name&gt;
-    &lt;param-value&gt;/j_acegi_security_check&lt;/param-value&gt;
+    &lt;param-name&gt;targetClass&lt;/param-name&gt;
+    &lt;param-value&gt;net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter&lt;/param-value&gt;
   &lt;/init-param&gt;
 &lt;/filter&gt;
 
@@ -1507,25 +1513,22 @@ public boolean supports(Class clazz);</programlisting></para>
   &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
 &lt;/filter-mapping&gt;</programlisting></para>
 
-        <para>To perform its function, the
-        <literal>AuthenticationProcessingFilter</literal> will need to
-        delegate to a properly configured
-        <literal>AuthenticationManager</literal>. To do this it requires
-        access to a Spring application context, which is usually obtained from
-        <literal>WebApplicationContextUtils.getWebApplicationContext(ServletContext)</literal>.
-        This is usually made available by using Spring's
-        <literal>ContextLoaderListener</literal> in
-        <literal>web.xml</literal>. Alternatively, the
-        <literal>web.xml</literal> can be used to define a filter
-        <literal>&lt;init-param&gt;</literal> named
-        <literal>contextConfigLocation</literal>. This initialization
-        parameter will represent a path to a Spring XML application context
-        that the <literal>AuthenticationProcessingFilter</literal> will load
-        during startup.</para>
-
-        <para>The <literal>AuthenticationManager</literal> processes each
-        authentication request. If authentication fails, the browser will be
-        redirected to the <literal>authenticationFailureUrl</literal>. The
+        <para>For a discussion of <literal>FilterToBeanProxy</literal>, please
+        refer to the FilterInvocation Security Interceptor section. The
+        application context will need to define the
+        <literal>AuthenticationProcessingFilter</literal>:</para>
+
+        <para><programlisting>&lt;bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter"&gt;
+  &lt;property name="authenticationManager"&gt;&lt;ref bean="authenticationManager"/&gt;&lt;/property&gt;
+  &lt;property name="authenticationFailureUrl"&gt;&lt;value&gt;/acegilogin.jsp?login_error=1&lt;/value&gt;&lt;/property&gt;
+  &lt;property name="defaultTargetUrl"&gt;&lt;value&gt;/&lt;/value&gt;&lt;/property&gt;
+  &lt;property name="filterProcessesUrl"&gt;&lt;value&gt;/j_acegi_security_check&lt;/value&gt;&lt;/property&gt;
+&lt;/bean&gt;</programlisting></para>
+
+        <para>The configured <literal>AuthenticationManager</literal>
+        processes each authentication request. If authentication fails, the
+        browser will be redirected to the
+        <literal>authenticationFailureUrl</literal>. The
         <literal>AuthenticationException</literal> will be placed into the
         <literal>HttpSession</literal> attribute indicated by
         <literal>AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY</literal>,
@@ -1549,8 +1552,7 @@ public boolean supports(Class clazz);</programlisting></para>
         is completed the user can return to what they were trying to access.
         If for some reason the <literal>HttpSession</literal> does not
         indicate the target URL, the browser will be redirected to the
-        <literal>defaultTargetUrl</literal> filter initialization
-        property.</para>
+        <literal>defaultTargetUrl</literal> property.</para>
 
         <para>Because this authentication approach is fully contained within a
         single web application, HTTP Session Authentication is recommended to
@@ -1567,13 +1569,20 @@ public boolean supports(Class clazz);</programlisting></para>
         standard authentication of web browser users, we recommend HTTP
         Session Authentication). The standard governing HTTP Basic
         Authentication is defined by RFC 1945, Section 11, and the
-        <literal>BasicProcessingFilter</literal> conforms with this RFC. To
-        implement HTTP Basic Authentication, it is necessary to add the
-        following filter to <literal>web.xml</literal>:</para>
+        <literal>BasicProcessingFilter</literal> conforms with this RFC.
+        </para>
+
+        <para>To implement HTTP Basic Authentication, it is necessary to add
+        the following filter to <literal>web.xml</literal>, behind a
+        <literal>FilterToBeanProxy</literal>:</para>
 
         <para><programlisting>&lt;filter&gt;
   &lt;filter-name&gt;Acegi HTTP BASIC Authorization Filter&lt;/filter-name&gt;
-  &lt;filter-class&gt;net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter&lt;/filter-class&gt;
+  &lt;filter-class&gt;net.sf.acegisecurity.util.FilterToBeanProxy&lt;/filter-class&gt;
+  &lt;init-param&gt;
+    &lt;param-name&gt;targetClass&lt;/param-name&gt;
+    &lt;param-value&gt;net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter&lt;/param-value&gt;
+  &lt;/init-param&gt;
 &lt;/filter&gt;
 
 &lt;filter-mapping&gt;
@@ -1581,26 +1590,19 @@ public boolean supports(Class clazz);</programlisting></para>
   &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
 &lt;/filter-mapping&gt;</programlisting></para>
 
-        <para>Like the <literal>AuthenticationProcessingFilter</literal>
-        discussed above, the <literal>BasicProcessingFilter</literal> will
-        need to delegate to a properly configured
-        <literal>AuthenticationManager</literal>. To do this it requires
-        access to a Spring application context, which is usually obtained from
-        <literal>WebApplicationContextUtils.getWebApplicationContext(ServletContext)</literal>.
-        This is usually made available by using Spring's
-        <literal>ContextLoaderListener</literal> in
-        <literal>web.xml</literal>. Alternatively, the
-        <literal>web.xml</literal> can be used to define a filter
-        <literal>&lt;init-param&gt;</literal> named
-        <literal>contextConfigLocation</literal>. This initialization
-        parameter will represent a path to a Spring XML application context
-        that the <literal>AuthenticationProcessingFilter</literal> will load
-        during startup.</para>
-
-        <para>The <literal>AuthenticationManager</literal> processes each
-        authentication request. If authentication fails, a 403 (forbidden)
-        response will be returned in response to the HTTP request. If
-        authentication is successful, the resulting
+        <para>For a discussion of <literal>FilterToBeanProxy</literal>, please
+        refer to the FilterInvocation Security Interceptor section. The
+        application context will need to define the
+        <literal>BasicProcessingFilter</literal>:</para>
+
+        <para><programlisting>&lt;bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter"&gt;
+  &lt;property name="authenticationManager"&gt;&lt;ref bean="authenticationManager"/&gt;&lt;/property&gt;
+&lt;/bean&gt;</programlisting></para>
+
+        <para>The configured <literal>AuthenticationManager</literal>
+        processes each authentication request. If authentication fails, a 403
+        (forbidden) response will be returned in response to the HTTP request.
+        If authentication is successful, the resulting
         <literal>Authentication</literal> object will be placed into the
         <literal>HttpSession</literal> attribute indicated by
         <literal>HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY</literal>.

samples/contacts/etc/ca/applicationContext.xml

@@ -50,6 +50,10 @@
      	<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
 	</bean>
 
+	<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
+		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
+	</bean>
+
 	<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->
 
 	<!-- An access decision voter that reads ROLE_* configuaration settings -->

samples/contacts/etc/ca/web.xml

@@ -26,7 +26,11 @@
 
     <filter>
         <filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>
-        <filter-class>net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter</filter-class>
+        <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
+        <init-param>
+            <param-name>targetClass</param-name>
+            <param-value>net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter</param-value>
+        </init-param>
     </filter>
 
     <filter>

samples/contacts/etc/filter/applicationContext.xml

@@ -45,6 +45,10 @@
      	<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
 	</bean>
 
+	<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
+		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
+	</bean>
+
 	<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->
 
 	<!-- An access decision voter that reads ROLE_* configuaration settings -->
@@ -125,6 +129,18 @@
 
 	<!-- ===================== HTTP REQUEST SECURITY ==================== -->
 
+	<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
+		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
+		<property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
+		<property name="defaultTargetUrl"><value>/</value></property>
+		<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
+	</bean>
+
+	<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
+		<property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property>
+		<property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
+	</bean>
+
 	<bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
    		<property name="allowIfAllAbstainDecisions"><value>false</value></property>
 		<property name="decisionVoters">
@@ -134,11 +150,9 @@
 		</property>
 	</bean>
 
-	<!-- The FilterSecurityInterceptor is called by the web.xml-defined SecurityEnforcementFilter.
-	     Note the order that entries are placed against the objectDefinitionSource is critical.
+	<!-- Note the order that entries are placed against the objectDefinitionSource is critical.
 	     The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
 	     Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
-	
 	<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
     	<property name="authenticationManager"><ref bean="authenticationManager"/></property>
     	<property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property>

samples/contacts/etc/filter/web-filters-acegisecurity.xml

@@ -1,112 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
- * Copyright 2004 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- *
- * $Id$
- *
- * This file will be copied into WAR's classes directory if NOT using container adapter
--->
-
-<beans>
-
-	<!-- ==================== AUTHENTICATION DEFINITIONS =================== -->
-	
-	<!-- Data access object which stores authentication information -->
-	<bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
-  		<property name="userMap">
-			<value>
-				marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
-				dianne=emu,ROLE_TELLER
-				scott=wombat,ROLE_TELLER
-				peter=opal,disabled,ROLE_TELLER
-			</value>
-		</property>
-	</bean>
-	
-	<!-- Authentication provider that queries our data access object  -->
-	<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
-     	<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
-	</bean>
-
-	<!-- The authentication manager that iterates through our only authentication provider -->
-	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
-		<property name="providers">
-		  <list>
-		    <ref bean="daoAuthenticationProvider"/>
-		  </list>
-		</property>
-	</bean>
-	
-	<!-- ===================== HTTP REQUEST SECURITY ==================== -->
-
-	<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
-     	<property name="key"><value>my_run_as_password</value></property>
- 	</bean>
-
-	<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
-
-	<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
-   		<property name="allowIfAllAbstainDecisions"><value>false</value></property>
-		<property name="decisionVoters">
-		  <list>
-		    <ref bean="roleVoter"/>
-		  </list>
-		</property>
-	</bean>
-
-	<!-- The FilterSecurityInterceptor is called by the web.xml-defined SecurityEnforcementFilter.
-	     Note the order that entries are placed against the objectDefinitionSource is critical.
-	     The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
-	     Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
-	
-	<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
-    	<property name="authenticationManager"><ref bean="authenticationManager"/></property>
-    	<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
-    	<property name="runAsManager"><ref bean="runAsManager"/></property>
- 		<property name="objectDefinitionSource">
-			<value>
-			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-				\A/secure/super.*\Z=ROLE_WE_DONT_HAVE
-				\A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER
-			</value>
-		</property>
-	</bean>
-	
-	<!-- BASIC Regular Expression Syntax (for beginners):
-	     
-	     \A means the start of the string (ie the beginning of the URL)
-	     \Z means the end of the string (ie the end of the URL)
-	     .  means any single character
-	     *  means null or any number of repetitions of the last expression (so .* means zero or more characters)
-	     
-	     Some examples:
-	     
-	     Expression:   \A/my/directory/.*\Z
-	     Would match:    /my/directory/
-	                     /my/directory/hello.html
-	     
-	     Expression:   \A/.*\Z
-	     Would match:    /hello.html
-	                     /
-	     
-	     Expression:   \A/.*/secret.html\Z
-	     Would match:    /some/directory/secret.html
-	                     /another/secret.html
-	     Not match:      /anothersecret.html (missing required /)
-	-->
-
-</beans>

samples/contacts/etc/filter/web.xml

@@ -26,24 +26,20 @@
 
     <filter>
         <filter-name>Acegi Authentication Processing Filter</filter-name>
-        <filter-class>net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter</filter-class>
+        <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
         <init-param>
-            <param-name>authenticationFailureUrl</param-name>
-            <param-value>/acegilogin.jsp?login_error=1</param-value>
-        </init-param>
-        <init-param>
-              <param-name>defaultTargetUrl</param-name>
-              <param-value>/</param-value>
-        </init-param>
-        <init-param>
-            <param-name>filterProcessUrl</param-name>
-            <param-value>/j_acegi_security_check</param-value>
+            <param-name>targetClass</param-name>
+            <param-value>net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter</param-value>
         </init-param>
     </filter>
 
     <filter>
         <filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>
-        <filter-class>net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter</filter-class>
+        <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
+        <init-param>
+            <param-name>targetClass</param-name>
+            <param-value>net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter</param-value>
+        </init-param>
     </filter>
 
     <filter>
@@ -53,10 +49,10 @@
 
     <filter>
         <filter-name>Acegi HTTP Request Security Filter</filter-name>
-        <filter-class>net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter</filter-class>
+        <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
         <init-param>
-            <param-name>loginFormUrl</param-name>
-            <param-value>/acegilogin.jsp</param-value>
+            <param-name>targetClass</param-name>
+            <param-value>net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter</param-value>
         </init-param>
     </filter>