Use hyphens in attribute names, and not Camel Case. This is to maintain

consistency with the rest of Spring Portfolio. Camel Case was preserved 
for attribute values, consistent with Spring Portfolio usage such as 
autowiring modes (byName, byType etc).

core/src/main/java/org/springframework/security/config/AnonymousBeanDefinitionParser.java

@@ -23,7 +23,7 @@ public class AnonymousBeanDefinitionParser implements BeanDefinitionParser {
 	static final String ATT_USERNAME = "username";
 	static final String DEF_USERNAME = "roleAnonymous";
 	
-	static final String ATT_GRANTED_AUTHORITY = "grantedAuthority";
+	static final String ATT_GRANTED_AUTHORITY = "granted-authority";
 	static final String DEF_GRANTED_AUTHORITY = "ROLE_ANONYMOUS";
 	
 	protected final Log logger = LogFactory.getLog(getClass());

core/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java

@@ -23,16 +23,16 @@ import org.apache.commons.logging.LogFactory;
 public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
     protected final Log logger = LogFactory.getLog(getClass());
 
-    static final String ATT_LOGIN_URL = "loginUrl";
+    static final String ATT_LOGIN_URL = "login-url";
     static final String DEF_LOGIN_URL = "/j_spring_security_check";
     
-    static final String ATT_LOGIN_PAGE = "loginPage";
+    static final String ATT_LOGIN_PAGE = "login-page";
     static final String DEF_LOGIN_PAGE = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL;
 
-    static final String ATT_FORM_LOGIN_TARGET_URL = "defaultTargetUrl";
+    static final String ATT_FORM_LOGIN_TARGET_URL = "default-target-url";
     static final String DEF_FORM_LOGIN_TARGET_URL = "/";
 
-    static final String ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = "authenticationFailureUrl";
+    static final String ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = "authentication-failure-url";
     static final String DEF_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL + "?" + DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME;
 
     public BeanDefinition parse(Element elt, ParserContext parserContext) {

core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java

@@ -48,7 +48,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
     static final String ATT_PATH_PATTERN = "pattern";
     
-    static final String ATT_PATH_TYPE = "pathType";
+    static final String ATT_PATH_TYPE = "path-type";
     static final String DEF_PATH_TYPE_ANT = "ant";
     static final String OPT_PATH_TYPE_REGEX = "regex";
 
@@ -56,17 +56,17 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
     static final String OPT_FILTERS_NONE = "none";
 
     static final String ATT_ACCESS_CONFIG = "access";
-    static final String ATT_REQUIRES_CHANNEL = "requiresChannel";
+    static final String ATT_REQUIRES_CHANNEL = "requires-channel";
 
-    static final String ATT_CREATE_SESSION = "createSession";
+    static final String ATT_CREATE_SESSION = "create-session";
     static final String DEF_CREATE_SESSION_IF_REQUIRED = "ifRequired";
     static final String OPT_CREATE_SESSION_ALWAYS = "always";
     static final String OPT_CREATE_SESSION_NEVER = "never";
     
-    static final String ATT_LOWERCASE_COMPARISONS = "lowercaseComparisons";
+    static final String ATT_LOWERCASE_COMPARISONS = "lowercase-comparisons";
     static final String DEF_LOWERCASE_COMPARISONS = "true";
     
-    static final String ATT_AUTO_CONFIG = "autoConfig";
+    static final String ATT_AUTO_CONFIG = "auto-config";
     static final String DEF_AUTO_CONFIG = "false";
     
     public BeanDefinition parse(Element element, ParserContext parserContext) {

core/src/main/java/org/springframework/security/config/LdapBeanDefinitionParser.java

@@ -36,8 +36,8 @@ public class LdapBeanDefinitionParser implements BeanDefinitionParser {
     /** Defines the Url of the ldap server to use. If not specified, an embedded apache DS instance will be created */
     private static final String URL_ATTRIBUTE = "url";
     private static final String AUTH_TYPE_ATTRIBUTE = "auth";
-    private static final String PRINCIPAL_ATTRIBUTE = "managerDn";
-    private static final String PASSWORD_ATTRIBUTE = "managerPassword";
+    private static final String PRINCIPAL_ATTRIBUTE = "manager-dn";
+    private static final String PASSWORD_ATTRIBUTE = "manager-password";
 
     // Properties which apply to embedded server only - when no Url is set
 

core/src/main/java/org/springframework/security/config/LogoutBeanDefinitionParser.java

@@ -17,13 +17,13 @@ import org.w3c.dom.Element;
  * @version $Id$
  */
 public class LogoutBeanDefinitionParser implements BeanDefinitionParser {
-    static final String ATT_LOGOUT_SUCCESS_URL = "logoutSuccessUrl";
+    static final String ATT_LOGOUT_SUCCESS_URL = "logout-success-url";
 	static final String DEF_LOGOUT_SUCCESS_URL = "/";
 
-	static final String ATT_INVALIDATE_SESSION = "invalidateSession";
+	static final String ATT_INVALIDATE_SESSION = "invalidate-session";
 	static final String DEF_INVALIDATE_SESSION  = "true";
 	
-	static final String ATT_LOGOUT_URL = "logoutUrl";
+	static final String ATT_LOGOUT_URL = "logout-url";
 	static final String DEF_LOGOUT_URL = "/j_spring_security_logout";
 
 	public BeanDefinition parse(Element element, ParserContext parserContext) {

core/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java

@@ -25,8 +25,8 @@ public class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
     static final String ATT_KEY = "key";
     static final String DEF_KEY = "doesNotMatter";
     
-	static final String ATT_DATA_SOURCE = "dataSource";
-	static final String ATT_TOKEN_REPOSITORY = "tokenRepository";
+	static final String ATT_DATA_SOURCE = "data-source";
+	static final String ATT_TOKEN_REPOSITORY = "token-repository";
 	protected final Log logger = LogFactory.getLog(getClass());
 
     public BeanDefinition parse(Element element, ParserContext parserContext) {
@@ -65,7 +65,7 @@ public class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
                 ((BeanDefinition)tokenRepo).getPropertyValues().addPropertyValue(ATT_DATA_SOURCE,
                         new RuntimeBeanReference(dataSource));
             }
-            services.getPropertyValues().addPropertyValue(ATT_TOKEN_REPOSITORY, tokenRepo);
+            services.getPropertyValues().addPropertyValue("tokenRepository", tokenRepo);
         } else {
             isPersistent = false;
             services = new RootBeanDefinition(TokenBasedRememberMeServices.class);

core/src/main/java/org/springframework/security/config/RepositoryBeanDefinitionParser.java

@@ -26,10 +26,10 @@ import org.w3c.dom.Element;
  */
 class RepositoryBeanDefinitionParser implements BeanDefinitionParser {
 
-	static final String ATT_DATA_SOURCE = "dataSource";
+	static final String ATT_DATA_SOURCE = "data-source";
 	static final String ATT_ID = "id";
 
-	static final String ATT_CREATE_PROVIDER = "createProvider";
+	static final String ATT_CREATE_PROVIDER = "create-provider";
 	static final String DEF_CREATE_PROVIDER = "true";
 
 	static final String ATT_HASH = "hash";

core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc

@@ -14,9 +14,9 @@ hash =
     ## Defines the type of hashing used on user passwords. If unspecified, "plaintext" is nominated, which indicates that the passwords are not hashed. We recommend strongly against using MD4, as it is a very weak hashing algorithm.
     attribute hash {"plaintext" | "sha:hex" | "sha:base64" | "md5:hex" | "md5:base64" | "md4:hex" | "md4:base64"}
 
-pathType =
+path-type =
     ## Defines the type of pattern used to specify URL paths (either JDK 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if unspecified.
-    attribute pathType {"ant" | "regex"}
+    attribute path-type {"ant" | "regex"}
     
 port =
     ## Specifies an IP port number. Used to configure an embedded LDAP server, for example. 
@@ -68,19 +68,19 @@ http =
    element http {http.attlist, (intercept-url+ & form-login? & http-basic? & logout? & concurrent-session-control? & remember-me? & anonymous? & servlet-api-integration?) }
 http.attlist &=
     ## Automatically registers a login form, BASIC authentication, anonymous authentication, logout services, remember-me and servlet-api-integration. If set to "true", all of these capabilities are added (although you can still customize the configuration of each by providing the respective element). If unspecified, defaults to "false".
-    attribute autoConfig {"true" | "false" }?
+    attribute auto-config {"true" | "false" }?
 http.attlist &=
     ## Controls the eagerness with which an HTTP session is created. If not set, defaults to "ifRequired".
-    attribute createSession {"ifRequired" | "always" | "never" }?
+    attribute create-session {"ifRequired" | "always" | "never" }?
 http.attlist &=
     ## The path format used to define the paths in child elements. 
-    pathType?
+    path-type?
 http.attlist &=
     ## Whether test URLs should be converted to lower case prior to comparing with defined path patterns. If unspecified, defaults to "true".
-    attribute lowercaseComparisons {"true" | "false"}?
+    attribute lowercase-comparisons {"true" | "false"}?
 http.attlist &=
     ## Optional attribute specifying the ID of the AccessDecisionManager implementation which should be used for authorizing HTTP requests.
-    attribute accessDecisionManager {xsd:string}?
+    attribute access-decision-manager {xsd:string}?
 http.attlist &=
     ## Optional attribute specifying the realm name that will be used for all authentication features that require a realm name (eg BASIC and Digest authentication). If unspecified, defaults to "Spring Security Application".
     attribute realm {xsd:string}?
@@ -100,42 +100,42 @@ intercept-url.attlist &=
     attribute filters {"none"}?
 intercept-url.attlist &=
     ## Used to specify that a URL must be accessed over http or https
-    attribute requiresChannel {"http" | "https"}?
+    attribute requires-channel {"http" | "https"}?
 
 logout =
 	## Incorporates a logout processing filter. Most web applications require a logout filter, although you may not require one if you write a controller to provider similar logic.
     element logout {logout.attlist, empty}
 logout.attlist &=
 	## Specifies the URL that will cause a logout. Spring Security will initialize a filter that responds to this particular URL. Defaults to /j_spring_security_logout if unspecified.
-    attribute logoutUrl {xsd:string}?
+    attribute logout-url {xsd:string}?
 logout.attlist &=
 	## Specifies the URL to display once the user has logged out. If not specified, defaults to /.
-    attribute logoutSuccessUrl {xsd:string}?
+    attribute logout-success-url {xsd:string}?
 logout.attlist &=
 	## Specifies whether a logout also causes HttpSession invalidation, which is generally desirable. If unspecified, defaults to true.
-    attribute invalidateSession {"true" | "false"}?
+    attribute invalidate-session {"true" | "false"}?
 
 form-login =
     ## Sets up a form login configuration
     element form-login {form-login.attlist, empty}    
 form-login.attlist &=
     ## The URL that the login form is posted to. If unspecified, it defaults to /j_spring_security_check.
-    attribute loginUrl {xsd:string}?   
+    attribute login-url {xsd:string}?   
 form-login.attlist &=
     ## The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application.
-    attribute defaultTargetUrl {xsd:string}?   
+    attribute default-target-url {xsd:string}?   
 form-login.attlist &=
     ## The URL for the login page. If no login URL is specified, Spring Security will automatically create a login URL at /spring_security_login and a corresponding filter to render that login URL when requested.
-    attribute loginPage {xsd:string}?   
+    attribute login-page {xsd:string}?   
 form-login.attlist &=
     ## The URL for the login failure page. If no login failure URL is specified, Spring Security will automatically create a failure login URL at /spring_security_login?login_error and a corresponding filter to render that login failure URL when requested.
-    attribute authenticationFailureUrl {xsd:string}?   
+    attribute authentication-failure-url {xsd:string}?   
 
 filter-chain-map = 
     ## Used to explicitly configure a FilterChainProxy instance with a FilterChainMap
     element filter-chain-map {filter-chain-map.attlist, filter-chain+}
 filter-chain-map.attlist &=
-    pathType    
+    path-type    
 
 filter-chain =
     ## Used within filter-chain-map to define a specific URL pattern and the list of filters which apply to the URLs matching that pattern. When multiple filter-chain elements are used within a filter-chain-map element, the most specific patterns must be placed at the top of the list, with  most general ones at the bottom.
@@ -154,16 +154,16 @@ concurrent-session-control =
     ## Adds support for concurrent session control, allowing limits to be placed on the number of sessions a user can have.
     element concurrent-session-control {concurrent-sessions.attlist, empty}
 concurrent-sessions.attlist &=
-    attribute maxSessions {xsd:positiveInteger}?
+    attribute max-sessions {xsd:positiveInteger}?
 concurrent-sessions.attlist &=
-    attribute expiredUrl {xsd:string}?
+    attribute expired-url {xsd:string}?
 concurrent-sessions.attlist &=
-    attribute exceptionIfMaximumExceeded {"true" | "false"}?
+    attribute exception-if-maximum-exceeded {"true" | "false"}?
 
 remember-me = 
     element remember-me {remember-me.attlist} 
 remember-me.attlist &= 
-    (attribute key {xsd:string} | (attribute tokenRepository {xsd:string} | attribute datasource {xsd:string}))        
+    (attribute key {xsd:string} | (attribute token-repository {xsd:string} | attribute data-source {xsd:string}))        
     
 servlet-api-integration = 
     element servlet-api-integration {servlet-api-integration.attlist} 
@@ -180,13 +180,13 @@ anonymous.attlist &=
     attribute username {xsd:string}?
 anonymous.attlist &=
 	## The granted authority that should be assigned to the anonymous request. Commonly this is used to assign the anonymous request particular roles, which can subsequently be used in authorization decisions. If unset, defaults to "ROLE_ANONYMOUS".
-    attribute grantedAuthority {xsd:string}?
+    attribute granted-authority {xsd:string}?
 
 repository =
      element repository {repository.attlist, (user-service | jdbc-user-service | custom-user-service)}
 repository.attlist &=
 	## Indicates the repository should have an authentication provider created. If unspecified, defaults to true.
-    attribute createProvider {"true" | "false"}?
+    attribute create-provider {"true" | "false"}?
 
 user-service =
     element user-service {user-service.attlist, (user*)}
@@ -215,7 +215,7 @@ jdbc-user-service.attlist &=
     hash?
 jdbc-user-service.attlist &=
 	## The bean ID of the DataSource which provides the required tables.
-    attribute dataSource {xsd:string}
+    attribute data-source {xsd:string}
 
 custom-user-service =
 	## Represents a UserDetailsService implementation that has been provided by you. Registration here will automate the creation of a DaoAuthenticationProvider that delegates to your UserDetailsService implementation.

core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd

@@ -19,8 +19,8 @@
       </xs:simpleType>
     </xs:attribute>
   </xs:attributeGroup>
-  <xs:attributeGroup name="pathType">
-    <xs:attribute name="pathType" use="required">
+  <xs:attributeGroup name="path-type">
+    <xs:attribute name="path-type" use="required">
       <xs:annotation>
         <xs:documentation>Defines the type of pattern used to specify URL paths (either JDK 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if unspecified.</xs:documentation>
       </xs:annotation>
@@ -126,7 +126,7 @@
     </xs:complexType>
   </xs:element>
   <xs:attributeGroup name="http.attlist">
-    <xs:attribute name="autoConfig">
+    <xs:attribute name="auto-config">
       <xs:annotation>
         <xs:documentation>Automatically registers a login form, BASIC authentication, anonymous authentication, logout services, remember-me and servlet-api-integration. If set to "true", all of these capabilities are added (although you can still customize the configuration of each by providing the respective element). If unspecified, defaults to "false".</xs:documentation>
       </xs:annotation>
@@ -137,7 +137,7 @@
         </xs:restriction>
       </xs:simpleType>
     </xs:attribute>
-    <xs:attribute name="createSession">
+    <xs:attribute name="create-session">
       <xs:annotation>
         <xs:documentation>Controls the eagerness with which an HTTP session is created. If not set, defaults to "ifRequired".</xs:documentation>
       </xs:annotation>
@@ -149,7 +149,7 @@
         </xs:restriction>
       </xs:simpleType>
     </xs:attribute>
-    <xs:attribute name="pathType">
+    <xs:attribute name="path-type">
       <xs:annotation>
         <xs:documentation>Defines the type of pattern used to specify URL paths (either JDK 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if unspecified.</xs:documentation>
       </xs:annotation>
@@ -160,7 +160,7 @@
         </xs:restriction>
       </xs:simpleType>
     </xs:attribute>
-    <xs:attribute name="lowercaseComparisons">
+    <xs:attribute name="lowercase-comparisons">
       <xs:annotation>
         <xs:documentation>Whether test URLs should be converted to lower case prior to comparing with defined path patterns. If unspecified, defaults to "true".</xs:documentation>
       </xs:annotation>
@@ -171,7 +171,7 @@
         </xs:restriction>
       </xs:simpleType>
     </xs:attribute>
-    <xs:attribute name="accessDecisionManager" type="xs:string">
+    <xs:attribute name="access-decision-manager" type="xs:string">
       <xs:annotation>
         <xs:documentation>Optional attribute specifying the ID of the AccessDecisionManager implementation which should be used for authorizing HTTP requests.</xs:documentation>
       </xs:annotation>
@@ -211,7 +211,7 @@
         </xs:restriction>
       </xs:simpleType>
     </xs:attribute>
-    <xs:attribute name="requiresChannel">
+    <xs:attribute name="requires-channel">
       <xs:annotation>
         <xs:documentation>Used to specify that a URL must be accessed over http or https</xs:documentation>
       </xs:annotation>
@@ -232,17 +232,17 @@
     </xs:complexType>
   </xs:element>
   <xs:attributeGroup name="logout.attlist">
-    <xs:attribute name="logoutUrl" type="xs:string">
+    <xs:attribute name="logout-url" type="xs:string">
       <xs:annotation>
         <xs:documentation>Specifies the URL that will cause a logout. Spring Security will initialize a filter that responds to this particular URL. Defaults to /j_spring_security_logout if unspecified.</xs:documentation>
       </xs:annotation>
     </xs:attribute>
-    <xs:attribute name="logoutSuccessUrl" type="xs:string">
+    <xs:attribute name="logout-success-url" type="xs:string">
       <xs:annotation>
         <xs:documentation>Specifies the URL to display once the user has logged out. If not specified, defaults to /.</xs:documentation>
       </xs:annotation>
     </xs:attribute>
-    <xs:attribute name="invalidateSession">
+    <xs:attribute name="invalidate-session">
       <xs:annotation>
         <xs:documentation>Specifies whether a logout also causes HttpSession invalidation, which is generally desirable. If unspecified, defaults to true.</xs:documentation>
       </xs:annotation>
@@ -263,22 +263,22 @@
     </xs:complexType>
   </xs:element>
   <xs:attributeGroup name="form-login.attlist">
-    <xs:attribute name="loginUrl" type="xs:string">
+    <xs:attribute name="login-url" type="xs:string">
       <xs:annotation>
         <xs:documentation>The URL that the login form is posted to. If unspecified, it defaults to /j_spring_security_check.</xs:documentation>
       </xs:annotation>
     </xs:attribute>
-    <xs:attribute name="defaultTargetUrl" type="xs:string">
+    <xs:attribute name="default-target-url" type="xs:string">
       <xs:annotation>
         <xs:documentation>The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application.</xs:documentation>
       </xs:annotation>
     </xs:attribute>
-    <xs:attribute name="loginPage" type="xs:string">
+    <xs:attribute name="login-page" type="xs:string">
       <xs:annotation>
         <xs:documentation>The URL for the login page. If no login URL is specified, Spring Security will automatically create a login URL at /spring_security_login and a corresponding filter to render that login URL when requested.</xs:documentation>
       </xs:annotation>
     </xs:attribute>
-    <xs:attribute name="authenticationFailureUrl" type="xs:string">
+    <xs:attribute name="authentication-failure-url" type="xs:string">
       <xs:annotation>
         <xs:documentation>The URL for the login failure page. If no login failure URL is specified, Spring Security will automatically create a failure login URL at /spring_security_login?login_error and a corresponding filter to render that login failure URL when requested.</xs:documentation>
       </xs:annotation>
@@ -296,7 +296,7 @@
     </xs:complexType>
   </xs:element>
   <xs:attributeGroup name="filter-chain-map.attlist">
-    <xs:attributeGroup ref="security:pathType"/>
+    <xs:attributeGroup ref="security:path-type"/>
   </xs:attributeGroup>
   <xs:element name="filter-chain">
     <xs:annotation>
@@ -325,9 +325,9 @@
     </xs:complexType>
   </xs:element>
   <xs:attributeGroup name="concurrent-sessions.attlist">
-    <xs:attribute name="maxSessions" type="xs:positiveInteger"/>
-    <xs:attribute name="expiredUrl" type="xs:string"/>
-    <xs:attribute name="exceptionIfMaximumExceeded">
+    <xs:attribute name="max-sessions" type="xs:positiveInteger"/>
+    <xs:attribute name="expired-url" type="xs:string"/>
+    <xs:attribute name="exception-if-maximum-exceeded">
       <xs:simpleType>
         <xs:restriction base="xs:token">
           <xs:enumeration value="true"/>
@@ -343,8 +343,8 @@
   </xs:element>
   <xs:attributeGroup name="remember-me.attlist">
     <xs:attribute name="key" type="xs:string"/>
-    <xs:attribute name="tokenRepository" type="xs:string"/>
-    <xs:attribute name="datasource" type="xs:string"/>
+    <xs:attribute name="token-repository" type="xs:string"/>
+    <xs:attribute name="data-source" type="xs:string"/>
   </xs:attributeGroup>
   <xs:element name="servlet-api-integration">
     <xs:complexType/>
@@ -368,7 +368,7 @@
         <xs:documentation>The username that should be assigned to the anonymous request. This allows the principal to be identified, which may be important for logging and auditing. if unset, defaults to "anonymousUser". </xs:documentation>
       </xs:annotation>
     </xs:attribute>
-    <xs:attribute name="grantedAuthority" type="xs:string">
+    <xs:attribute name="granted-authority" type="xs:string">
       <xs:annotation>
         <xs:documentation>The granted authority that should be assigned to the anonymous request. Commonly this is used to assign the anonymous request particular roles, which can subsequently be used in authorization decisions. If unset, defaults to "ROLE_ANONYMOUS".</xs:documentation>
       </xs:annotation>
@@ -385,7 +385,7 @@
     </xs:complexType>
   </xs:element>
   <xs:attributeGroup name="repository.attlist">
-    <xs:attribute name="createProvider">
+    <xs:attribute name="create-provider">
       <xs:annotation>
         <xs:documentation>Indicates the repository should have an authentication provider created. If unspecified, defaults to true.</xs:documentation>
       </xs:annotation>
@@ -474,7 +474,7 @@
         </xs:restriction>
       </xs:simpleType>
     </xs:attribute>
-    <xs:attribute name="dataSource" use="required" type="xs:string">
+    <xs:attribute name="data-source" use="required" type="xs:string">
       <xs:annotation>
         <xs:documentation>The bean ID of the DataSource which provides the required tables.</xs:documentation>
       </xs:annotation>

core/src/test/resources/org/springframework/security/config/http-security.xml

@@ -8,7 +8,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
 
     <http>
         <intercept-url pattern="/unprotected" filters="none" />
-        <intercept-url pattern="/somepath" access="ROLE_SPECIAL,ROLE_USER" requiresChannel="http" />
+        <intercept-url pattern="/somepath" access="ROLE_SPECIAL,ROLE_USER" requires-channel="http" />
         <intercept-url pattern="/**" access="ROLE_USER" />
 
         <!-- Default form login configuration. Will create filter and entry point -->
@@ -20,9 +20,9 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
         <!-- Default logout configuration -->
         <logout />
 
-        <concurrent-session-control maxSessions="1"/>
+        <concurrent-session-control max-sessions="1"/>
 
-        <remember-me key="doesntmatter" tokenRepository="tokenRepo"/>
+        <remember-me key="doesntmatter" token-repository="tokenRepo"/>
     </http>
 
     <repository>

core/src/test/resources/org/springframework/security/config/jdbc-user-details.xml

@@ -18,7 +18,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
 	</beans:bean>
 
     <repository>
-        <jdbc-user-service dataSource="dataSource"/>
+        <jdbc-user-service data-source="dataSource"/>
     </repository>
 
 </beans:beans>

core/src/test/resources/org/springframework/security/util/filtertest-valid.xml

@@ -54,7 +54,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
     </bean>
 
     <bean id="newFilterChainProxy" class="org.springframework.security.util.FilterChainProxy">
-        <sec:filter-chain-map pathType="ant">
+        <sec:filter-chain-map path-type="ant">
             <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
             <sec:filter-chain pattern="/some/other/path/**" filters="sif,mockFilter,mockFilter2"/>
             <sec:filter-chain pattern="/do/not/filter" filters="none"/>
@@ -63,7 +63,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
     </bean>
 
     <bean id="newFilterChainProxyWrongPathOrder" class="org.springframework.security.util.FilterChainProxy">
-        <sec:filter-chain-map pathType="ant">
+        <sec:filter-chain-map path-type="ant">
             <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
             <sec:filter-chain pattern="/**" filters="sif,apf,mockFilter"/>
             <sec:filter-chain pattern="/some/other/path/**" filters="sif,mockFilter,mockFilter2"/>
@@ -71,7 +71,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
     </bean>
 
     <bean id="newFilterChainProxyRegex" class="org.springframework.security.util.FilterChainProxy">
-        <sec:filter-chain-map pathType="regex">
+        <sec:filter-chain-map path-type="regex">
             <sec:filter-chain pattern="\A/foo/.*\Z" filters="mockFilter"/>
             <sec:filter-chain pattern="\A/some/other/path/.*\Z" filters="sif,mockFilter,mockFilter2"/>
             <sec:filter-chain pattern="\A/do/not/filter\Z" filters="none"/>

samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security-ns.xml

@@ -12,21 +12,21 @@
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
 
-    <http autoConfig="true">
+    <http auto-config="true">
         <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
         <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
         <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
 
-		<!-- All of this is unnecessary if autoConfig="true"
+		<!-- All of this is unnecessary if auto-config="true"
         <form-login />
         <anonymous />
         <http-basic />
         <logout />
         <remember-me />
- 		<servlet-api-integration/>
+ 		<servlet-api-integration />
  		-->
  		
-        <concurrent-session-control maxSessions="1" exceptionIfMaximumExceeded="true"/>
+        <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
 
     </http>