Security namespaces

sandbox/spring-security-config/.classpath

@@ -0,0 +1,28 @@
+<classpath>
+  <classpathentry kind="src" path="src/main/java"/>
+  <classpathentry kind="src" path="src/main/resources"/>
+  <classpathentry kind="src" path="src/test/java" output="target/test-classes"/>
+  <classpathentry kind="src" path="src/test/resources" output="target/test-classes"/>
+  <classpathentry kind="output" path="target/classes"/>
+  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+  <classpathentry kind="var" path="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1.jar" sourcepath="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-jdbc/2.0.4/spring-jdbc-2.0.4.jar"/>
+  <classpathentry kind="var" path="M2_REPO/javax/servlet/jsp-api/2.0/jsp-api-2.0.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-context/2.0.4/spring-context-2.0.4.jar"/>
+  <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar" sourcepath="M2_REPO/junit/junit/3.8.1/junit-3.8.1-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar" sourcepath="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-web/2.0.4/spring-web-2.0.4.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/2.0.4/spring-beans-2.0.4.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/2.0.4/spring-core-2.0.4.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security/1.1-SNAPSHOT/acegi-security-1.1-SNAPSHOT.jar"/>
+  <classpathentry kind="var" path="M2_REPO/oro/oro/2.0.8/oro-2.0.8.jar" sourcepath="M2_REPO/oro/oro/2.0.8/oro-2.0.8-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-support/2.0.4/spring-support-2.0.4.jar"/>
+  <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-aop/2.0.4/spring-aop-2.0.4.jar"/>
+  <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9.jar" sourcepath="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-dao/2.0.4/spring-dao-2.0.4.jar"/>
+  <classpathentry kind="var" path="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar" sourcepath="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-remoting/2.0.4/spring-remoting-2.0.4.jar"/>
+</classpath>

sandbox/spring-security-config/.project

@@ -0,0 +1,21 @@
+<projectDescription>
+  <name>spring-security-config</name>
+  <comment>Acegi Security System for Spring</comment>
+  <projects/>
+  <buildSpec>
+    <buildCommand>
+      <name>org.eclipse.jdt.core.javabuilder</name>
+      <arguments/>
+    </buildCommand>
+    <buildCommand>
+      <name>org.eclipse.wst.validation.validationbuilder</name>
+      <arguments/>
+    </buildCommand>
+  </buildSpec>
+  <natures>
+    <nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+    <nature>org.eclipse.jdt.core.javanature</nature>
+    <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+    <nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+  </natures>
+</projectDescription>

sandbox/spring-security-config/.settings/.component

@@ -0,0 +1,6 @@
+<project-modules id="moduleCoreId">
+  <wb-module deploy-name="spring-security-config">
+    <wb-resource deploy-path="/" source-path="src/main/java"/>
+    <wb-resource deploy-path="/" source-path="src/main/resources"/>
+  </wb-module>
+</project-modules>

sandbox/spring-security-config/.settings/org.eclipse.jdt.core.prefs

@@ -0,0 +1,5 @@
+#Fri May 25 12:12:42 EST 2007
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5

sandbox/spring-security-config/.settings/org.eclipse.wst.common.project.facet.core.xml

@@ -0,0 +1,6 @@
+<faceted-project>
+  <fixed facet="jst.java"/>
+  <fixed facet="jst.utility"/>
+  <installed facet="jst.utility" version="1.0"/>
+  <installed facet="jst.java" version="5.0"/>
+</faceted-project>

sandbox/spring-security-config/basicauth/BasicProcessingFilter.java

@@ -0,0 +1,239 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.acegisecurity.ui.basicauth;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.acegisecurity.Authentication;
+import org.acegisecurity.AuthenticationException;
+import org.acegisecurity.AuthenticationManager;
+import org.acegisecurity.context.SecurityContextHolder;
+import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
+import org.acegisecurity.ui.AuthenticationDetailsSource;
+import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
+import org.acegisecurity.ui.AuthenticationEntryPoint;
+import org.acegisecurity.ui.rememberme.RememberMeServices;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.Ordered;
+import org.springframework.util.Assert;
+
+
+/**
+ * Processes a HTTP request's BASIC authorization headers, putting the result into the
+ * <code>SecurityContextHolder</code>.<p>For a detailed background on what this filter is designed to process,
+ * refer to <A HREF="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</A>. Any realm name presented in
+ * the HTTP request is ignored.</p>
+ *  <p>In summary, this filter is responsible for processing any request that has a HTTP request header of
+ * <code>Authorization</code> with an authentication scheme of <code>Basic</code> and a Base64-encoded
+ * <code>username:password</code> token. For example, to authenticate user "Aladdin" with password "open sesame" the
+ * following header would be presented:</p>
+ *  <p><code>Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==</code>.</p>
+ *  <p>This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as
+ * Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).</p>
+ *  <P>If authentication is successful, the resulting {@link Authentication} object will be placed into the
+ * <code>SecurityContextHolder</code>.</p>
+ *  <p>If authentication fails and <code>ignoreFailure</code> is <code>false</code> (the default), an {@link
+ * AuthenticationEntryPoint} implementation is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
+ * which will prompt the user to authenticate again via BASIC authentication.</p>
+ *  <p>Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
+ * transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
+ * provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
+ * org.acegisecurity.ui.digestauth.DigestProcessingFilter}.</p>
+ *  <p>Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
+ * details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
+ * they will be authenticated using the remember-me mechanism.</p>
+ *  <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
+ * org.acegisecurity.util.FilterToBeanProxy}.</p>
+ *
+ * @author Ben Alex
+ * @version $Id: BasicProcessingFilter.java 1783 2007-02-23 19:21:44Z luke_t $
+ */
+public class BasicProcessingFilter implements Filter, InitializingBean, Ordered {
+    //~ Static fields/initializers =====================================================================================
+
+	private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
+
+    //~ Instance fields ================================================================================================
+
+    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationEntryPoint authenticationEntryPoint;
+    private AuthenticationManager authenticationManager;
+    private RememberMeServices rememberMeServices;
+    private boolean ignoreFailure = false;
+    private int order;
+
+    //~ Methods ========================================================================================================
+
+    public void afterPropertiesSet() throws Exception {
+        Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
+        Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
+    }
+
+    public void destroy() {}
+
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
+
+        if (!(request instanceof HttpServletRequest)) {
+            throw new ServletException("Can only process HttpServletRequest");
+        }
+
+        if (!(response instanceof HttpServletResponse)) {
+            throw new ServletException("Can only process HttpServletResponse");
+        }
+
+        HttpServletRequest httpRequest = (HttpServletRequest) request;
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+
+        String header = httpRequest.getHeader("Authorization");
+
+        if (logger.isDebugEnabled()) {
+            logger.debug("Authorization header: " + header);
+        }
+
+        if ((header != null) && header.startsWith("Basic ")) {
+            String base64Token = header.substring(6);
+            String token = new String(Base64.decodeBase64(base64Token.getBytes()));
+
+            String username = "";
+            String password = "";
+            int delim = token.indexOf(":");
+
+            if (delim != -1) {
+                username = token.substring(0, delim);
+                password = token.substring(delim + 1);
+            }
+
+            if (authenticationIsRequired(username)) {
+                UsernamePasswordAuthenticationToken authRequest =
+                        new UsernamePasswordAuthenticationToken(username, password);
+                authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
+
+                Authentication authResult;
+
+                try {
+                    authResult = authenticationManager.authenticate(authRequest);
+                } catch (AuthenticationException failed) {
+                    // Authentication failed
+                    if (logger.isDebugEnabled()) {
+                        logger.debug("Authentication request for user: " + username + " failed: " + failed.toString());
+                    }
+
+                    SecurityContextHolder.getContext().setAuthentication(null);
+
+                    if (rememberMeServices != null) {
+                        rememberMeServices.loginFail(httpRequest, httpResponse);
+                    }
+
+                    if (ignoreFailure) {
+                        chain.doFilter(request, response);
+                    } else {
+                        authenticationEntryPoint.commence(request, response, failed);
+                    }
+
+                    return;
+                }
+
+                // Authentication success
+                if (logger.isDebugEnabled()) {
+                    logger.debug("Authentication success: " + authResult.toString());
+                }
+
+                SecurityContextHolder.getContext().setAuthentication(authResult);
+
+                if (rememberMeServices != null) {
+                    rememberMeServices.loginSuccess(httpRequest, httpResponse, authResult);
+                }
+            }
+        }
+
+        chain.doFilter(request, response);
+    }
+
+    private boolean authenticationIsRequired(String username) {
+        // Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated
+        // (see SEC-53)
+        Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
+
+        if(existingAuth == null || !existingAuth.isAuthenticated()) {
+            return true;
+        }
+
+        // Limit username comparison to providers which use usernames (ie UsernamePasswordAuthenticationToken)
+        // (see SEC-348)
+
+        if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
+        return authenticationEntryPoint;
+    }
+
+    public AuthenticationManager getAuthenticationManager() {
+        return authenticationManager;
+    }
+
+    public void init(FilterConfig arg0) throws ServletException {}
+
+    public boolean isIgnoreFailure() {
+        return ignoreFailure;
+    }
+
+    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
+        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
+        this.authenticationDetailsSource = authenticationDetailsSource;
+    }
+
+    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
+        this.authenticationEntryPoint = authenticationEntryPoint;
+    }
+
+    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+    }
+
+    public void setIgnoreFailure(boolean ignoreFailure) {
+        this.ignoreFailure = ignoreFailure;
+    }
+
+    public void setRememberMeServices(RememberMeServices rememberMeServices) {
+        this.rememberMeServices = rememberMeServices;
+    }
+
+	public int getOrder() {
+		return order;
+	}
+
+	public void setOrder(int order) {
+		this.order = order;
+	}
+}

sandbox/spring-security-config/basicauth/BasicProcessingFilterEntryPoint.java

@@ -0,0 +1,89 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.acegisecurity.ui.basicauth;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+
+import org.acegisecurity.AuthenticationException;
+import org.acegisecurity.ui.AuthenticationEntryPoint;
+import org.acegisecurity.util.OrderedUtils;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.core.Ordered;
+import org.springframework.util.Assert;
+
+
+/**
+ * Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
+ * BasicProcessingFilter}.<P>Once a user agent is authenticated using BASIC authentication, logout requires that
+ * the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call
+ * the {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} method below. This will indicate to
+ * the browser its credentials are no longer authorized, causing it to prompt the user to login again.</p>
+ *
+ * @author Ben Alex
+ * @version $Id: BasicProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z vishalpuri $
+ */
+public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered, ApplicationContextAware {
+    //~ Instance fields ================================================================================================
+
+	private static final int DEFAULT_ORDER = Integer.MAX_VALUE;
+    private String realmName;
+    private int order = DEFAULT_ORDER;
+    private ApplicationContext applicationContext;
+
+    //~ Methods ========================================================================================================
+
+    public int getOrder() {
+		return order;
+	}
+
+	public void setOrder(int order) {
+		this.order = order;
+	}
+
+	public void afterPropertiesSet() throws Exception {
+		Assert.hasText(realmName, "realmName must be specified");
+		if (order == DEFAULT_ORDER) {
+			OrderedUtils.copyOrderFromOtherClass(BasicProcessingFilter.class, applicationContext, this, true);
+		}
+    }
+
+    public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
+        throws IOException, ServletException {
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
+        httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
+    }
+
+    public String getRealmName() {
+        return realmName;
+    }
+
+    public void setRealmName(String realmName) {
+        this.realmName = realmName;
+    }
+
+	public void setApplicationContext(ApplicationContext applicationContext) {
+		this.applicationContext = applicationContext;
+	}
+}

sandbox/spring-security-config/basicauth/package.html

@@ -0,0 +1,5 @@
+<html>
+<body>
+Authenticates HTTP BASIC authentication requests.
+</body>
+</html>

sandbox/spring-security-config/pom.xml

@@ -0,0 +1,122 @@
+<?xml version="1.0"?><project>
+  <parent>
+    <artifactId>acegi-security-sandbox</artifactId>
+    <groupId>org.acegisecurity</groupId>
+    <version>1.0.4-SNAPSHOT</version>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>org.acegisecurity</groupId>
+  <artifactId>spring-security-config</artifactId>
+  <name>spring-security-config</name>
+  <version>1.0-SNAPSHOT</version>
+  <url>http://maven.apache.org</url>
+ <dependencies>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-remoting</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-jdbc</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-support</artifactId>
+			<scope>runtime</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-mock</artifactId>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>net.sf.ehcache</groupId>
+			<artifactId>ehcache</artifactId>
+			<version>1.2.4</version>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>cas</groupId>
+			<artifactId>casclient</artifactId>
+			<version>2.0.11</version>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>commons-lang</groupId>
+			<artifactId>commons-lang</artifactId>
+			<version>2.1</version>
+		</dependency>
+		<dependency>
+			<groupId>commons-logging</groupId>
+			<artifactId>commons-logging</artifactId>
+			<version>1.0.4</version>
+		</dependency>
+		<dependency>
+			<groupId>commons-codec</groupId>
+			<artifactId>commons-codec</artifactId>
+			<version>1.3</version>
+		</dependency>
+		<dependency>
+			<groupId>oro</groupId>
+			<artifactId>oro</artifactId>
+			<version>2.0.8</version>
+		</dependency>
+		<dependency>
+			<groupId>commons-collections</groupId>
+			<artifactId>commons-collections</artifactId>
+			<version>3.1</version>
+		</dependency>
+		<dependency>
+			<groupId>aspectj</groupId>
+			<artifactId>aspectjrt</artifactId>
+			<version>1.2</version>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>jsp-api</artifactId>
+			<version>2.0</version>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>servlet-api</artifactId>
+			<version>2.4</version>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>taglibs</groupId>
+			<artifactId>standard</artifactId>
+			<version>1.0.6</version>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>hsqldb</groupId>
+			<artifactId>hsqldb</artifactId>
+			<version>1.8.0.4</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.directory.server</groupId>
+			<artifactId>apacheds-core</artifactId>
+			<version>1.0.0</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>slf4j-log4j12</artifactId>
+			<version>1.0.1</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>jmock</groupId>
+			<artifactId>jmock</artifactId>
+			<version>1.0.1</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>log4j</groupId>
+			<artifactId>log4j</artifactId>
+		</dependency>
+	</dependencies>
+</project>

sandbox/spring-security-config/src/main/java/org/acegisecurity/App.java

@@ -0,0 +1,13 @@
+package org.acegisecurity;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+    public static void main( String[] args )
+    {
+        System.out.println( "Hello World!" );
+    }
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AccessDeniedHandlerBeanDefinitionLocator.java

@@ -0,0 +1,50 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import org.acegisecurity.ui.AccessDeniedHandler;
+import org.acegisecurity.ui.ExceptionTranslationFilter;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.util.Assert;
+
+/**
+ * @author vpuri
+ * 
+ */
+public class AccessDeniedHandlerBeanDefinitionLocator implements BeanFactoryPostProcessor {
+
+	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
+
+		Map m = beanFactory.getBeansOfType(AccessDeniedHandler.class);
+
+		List l = new ArrayList(m.values());
+		
+		
+
+		if (m.size() > 1) {
+			throw new IllegalArgumentException(
+					"More than one AccessDeniedHandler beans detected please refer to the one using "
+							+ " [ accessDeniedBeanRef  ] " + "attribute");
+		}
+		else if (m.size() == 1) {
+			// use this
+			String[] names = beanFactory.getBeanNamesForType(ExceptionTranslationFilter.class);
+			Assert.notEmpty(names, "No bean of type ExceptionTranslationFilter found in ApplicationContext");
+			RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[0]);
+			Assert.isAssignable(AccessDeniedHandler.class, l.get(0).getClass());
+			definition.getPropertyValues().addPropertyValue("accessDeniedHandler", l.get(0));
+		}
+		else {
+			// use the default one for now
+		}
+
+	}
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthenticationMechanismBeanDefinitionParser.java

@@ -0,0 +1,80 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.acegisecurity.config;
+import org.acegisecurity.providers.ProviderManager;
+import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.AbstractBeanDefinition;
+import org.springframework.beans.factory.support.ManagedList;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
+import org.springframework.beans.factory.xml.BeanDefinitionParser;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * * {@link BeanDefinitionParser} for the <code>authentication-mechanism</code> tag, 
+ * resolves to  {@link org.acegisecurity.providers.ProviderManager} </br>
+	
+ * @author vpuri
+ * @see {@link org.springframework.beans.factory.BeanFactory}
+ * @see {@link org.acegisecurity.providers.ProviderManager}
+ * 
+ */
+public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDefinitionParser implements
+		BeanDefinitionParser {
+	// ~ Instance fields
+	// ================================================================================================
+
+	private static final String AUTHENTICATION_JDBC = "authentication-jdbc";
+
+	private static final String REF = "ref";
+
+	// ~ Methods
+	// ========================================================================================================
+	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
+
+		ManagedList providers = new ManagedList();
+		Assert.notNull(parserContext, "ParserContext must not be null");
+		RootBeanDefinition authMechanismBeanDef = new RootBeanDefinition(ProviderManager.class);
+		NodeList childNodes = element.getChildNodes();
+
+		for (int i = 0, n = childNodes.getLength(); i < n; i++) {
+			Node node = childNodes.item(i);
+
+			if (node.getNodeType() == Node.ELEMENT_NODE) {
+				Element childElement = (Element) node;
+				//this.providerExists = true;
+
+				if (AUTHENTICATION_JDBC.equals(node.getLocalName())) {
+					String attribute = childElement.getAttribute(REF);
+					if (StringUtils.hasLength(attribute)) {
+						// create a beandefinition
+						providers.add(new RuntimeBeanReference(attribute));
+					}
+
+				}
+				// TODO:Add other providers here
+			}
+			authMechanismBeanDef.getPropertyValues().addPropertyValue("providers", providers);
+
+		}
+		return authMechanismBeanDef;
+	}
+	
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthenticationProcessingFilterBeanDefinitionParser.java

@@ -0,0 +1,58 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
+import org.springframework.beans.factory.support.AbstractBeanDefinition;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
+import org.springframework.beans.factory.xml.BeanDefinitionParser;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.util.StringUtils;
+import org.w3c.dom.Element;
+
+/**
+ * @author vpuri
+ * 
+ */
+public class AuthenticationProcessingFilterBeanDefinitionParser extends AbstractBeanDefinitionParser implements
+		BeanDefinitionParser {
+
+	// ~ Instance fields
+	// ================================================================================================
+
+	private static final String AUTHENTICATION_URL = "authenticationUrl";
+
+	private static final String ERROR_FORM_URL = "errorFormUrl";
+
+	private static final String DEFAULT_TARGET_URL = "defaultTargetUrl";
+
+	// ~ Methods
+	// ================================================================================================
+
+	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
+
+		RootBeanDefinition definition = new RootBeanDefinition(AuthenticationProcessingFilter.class);
+
+		setPropertyIfAvailable(element, AUTHENTICATION_URL, "filterProcessesUrl", definition);
+		setPropertyIfAvailable(element, ERROR_FORM_URL, "authenticationFailureUrl", definition);
+		setPropertyIfAvailable(element, DEFAULT_TARGET_URL, "defaultTargetUrl", definition);
+
+		// register BFPP to re-unite all other collaborators
+		RootBeanDefinition postProcessor = new RootBeanDefinition(
+				AuthenticationProcessingFilterDependenciesConfigurer.class);
+		parserContext.getReaderContext().registerWithGeneratedName(postProcessor);
+
+		return definition;
+	}
+
+	private void setPropertyIfAvailable(Element element, String attribute, String property,
+			RootBeanDefinition definition) {
+		String propertyValue = element.getAttribute(attribute);
+		if (StringUtils.hasText(propertyValue)) {
+			definition.getPropertyValues().addPropertyValue(property, propertyValue);
+		}
+	}
+
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthenticationProcessingFilterDependenciesConfigurer.java

@@ -0,0 +1,43 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import org.acegisecurity.AuthenticationManager;
+import org.acegisecurity.ui.rememberme.RememberMeServices;
+import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+
+/**
+ * @author vpuri
+ * 
+ */
+public class AuthenticationProcessingFilterDependenciesConfigurer implements BeanFactoryPostProcessor {
+
+	// ~ Methods
+	// ================================================================================================
+	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
+
+		String [] authenticationProcessingFilter = beanFactory.getBeanNamesForType(AuthenticationProcessingFilter.class);
+		
+		RootBeanDefinition def = (RootBeanDefinition)beanFactory.getBeanDefinition(authenticationProcessingFilter[0]);
+		
+		String[] remServiceNames = beanFactory.getBeanNamesForType(RememberMeServices.class);
+		
+		RootBeanDefinition rememberMeServices = (RootBeanDefinition) beanFactory.getBeanDefinition(remServiceNames[0]);
+
+		if (remServiceNames.length > 0)
+			def.getPropertyValues()
+					.addPropertyValue("rememberMeServices", rememberMeServices);
+
+		String[] authManager = beanFactory.getBeanNamesForType(AuthenticationManager.class);
+		
+		RootBeanDefinition authenticationManager = (RootBeanDefinition) beanFactory.getBeanDefinition(authManager[0]);
+		
+		if (authManager.length > 0)
+			def.getPropertyValues().addPropertyValue("authenticationManager", authenticationManager);
+	}
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthenticationProviderOrderResolver.java

@@ -0,0 +1,43 @@
+package org.acegisecurity.config;
+
+import java.util.Collections;
+
+import org.acegisecurity.AuthenticationManager;
+import org.acegisecurity.providers.AuthenticationProvider;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.support.ManagedList;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.core.OrderComparator;
+
+public class AuthenticationProviderOrderResolver implements BeanFactoryPostProcessor {
+	
+	/**
+	 * 
+	 */
+	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
+		// retrieve all the AuthenticationProvider instances
+		ManagedList providers = retrieveAllAuthenticationProviders(beanFactory);
+		String[] names = beanFactory.getBeanNamesForType(AuthenticationManager.class);
+		RootBeanDefinition definition = (RootBeanDefinition)beanFactory.getBeanDefinition(names[0]);
+		definition.getPropertyValues().addPropertyValue("providers",providers);
+	}
+	/**
+	 * 
+	 * @param beanFactory
+	 * @return
+	 */
+	private ManagedList retrieveAllAuthenticationProviders(ConfigurableListableBeanFactory beanFactory) {
+		String[] m = beanFactory.getBeanNamesForType(AuthenticationProvider.class);
+		ManagedList l = new ManagedList();
+		for(int i=0;i<m.length;i++){
+			RootBeanDefinition def = (RootBeanDefinition)beanFactory.getBeanDefinition(m[i]);
+			l.add(def);
+		}
+		Collections.sort(l, new OrderComparator());
+		return l;
+	}
+
+	
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthenticationRepositoryBeanDefinitionParser.java

@@ -0,0 +1,196 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
+import org.acegisecurity.providers.dao.salt.ReflectionSaltSource;
+import org.acegisecurity.providers.dao.salt.SystemWideSaltSource;
+import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
+import org.springframework.beans.factory.config.BeanDefinitionHolder;
+import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.AbstractBeanDefinition;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+import org.springframework.util.xml.DomUtils;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * @author vpuri
+ * 
+ */
+public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser {
+
+	// ~ Instance fields
+	// ================================================================================================
+
+	private static final String REPOSITORY_BEAN_REF = "repositoryBeanRef";
+
+	private static final String USER_DETAILS_SERVICE = "userDetailsService";
+
+	private static final String SALT_SOURCE_ELEMENT = "salt-source";
+
+	private static final String SALT_SOURCE_REF = "saltSourceBeanRef";
+
+	private static final String SYSTEM_WIDE_SALT_SOURCE = "system-wide";
+
+	private static final String REFLECTION_SALT_SOURCE = "reflection";
+
+	private static final String PASSWORD_ENCODER_ELEMENT = "password-encoder";
+
+	private static final String PASSWORD_ENCODER_REF = "encoderBeanRef";
+
+	private static final String PASSWORD_ENCODER = "encoder";
+
+	// ~ Method
+	// ================================================================================================
+	/**
+	 * TODO: Document Me !!!
+	 */
+	public AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
+		Assert.notNull(parserContext, "ParserContext must not be null");
+
+		RootBeanDefinition repositoryBeanDef = new RootBeanDefinition(DaoAuthenticationProvider.class);
+		
+		// check if saltSource is defined
+		Element saltSourceEle = DomUtils.getChildElementByTagName(element, SALT_SOURCE_ELEMENT);
+		setSaltSourceProperty(repositoryBeanDef, saltSourceEle);
+
+		Element passwordEncoderEle = DomUtils.getChildElementByTagName(element, PASSWORD_ENCODER_ELEMENT);
+		setPasswordEncoderProperty(repositoryBeanDef, passwordEncoderEle);
+
+		// if repositoryBeanRef is specified use its referred bean
+		String userDetailsRef = element.getAttribute(REPOSITORY_BEAN_REF);
+		if (StringUtils.hasLength(userDetailsRef)) {
+			repositoryBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE,
+					new RuntimeBeanReference(userDetailsRef));
+		}
+		else {
+			// autodetect userDetailsService from App Context
+			RootBeanDefinition depConfigurer = new RootBeanDefinition(
+					AuthenticationRepositoryDependenciesConfigurer.class);
+			BeanDefinitionHolder holder = new BeanDefinitionHolder(depConfigurer, parserContext.getReaderContext().generateBeanName(depConfigurer));
+			registerBeanDefinition(holder, parserContext.getRegistry());
+		}
+		return repositoryBeanDef;
+	}
+
+	/**
+	 * 
+	 * @param repositoryBeanDef
+	 * @param element
+	 */
+	private void setSaltSourceProperty(RootBeanDefinition repositoryBeanDef, Element element) {
+		if (element != null) {
+			setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "saltSource", element
+					.getAttribute(SALT_SOURCE_REF));
+		}
+	}
+
+	/**
+	 * 
+	 * @param repositoryBeanDef
+	 * @param element
+	 */
+	private void setPasswordEncoderProperty(RootBeanDefinition repositoryBeanDef, Element element) {
+		if (element != null) {
+			setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "passwordEncoder", element
+					.getAttribute(PASSWORD_ENCODER_REF));
+		}
+	}
+
+	/**
+	 * 
+	 * @param repositoryBeanDef
+	 * @param element
+	 * @param property
+	 * @param reference
+	 */
+	private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element,
+			String property, String reference) {
+		// check for encoderBeanRef attribute
+		if (StringUtils.hasLength(reference)) {
+			repositoryBeanDef.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(reference));
+		}
+		else {
+			doSetInnerBeanDefinitions(repositoryBeanDef, element, property);
+		}
+	}
+
+	/**
+	 * 
+	 * @param repositoryBeanDef
+	 * @param element
+	 * @param property
+	 */
+	private void doSetInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element, String property) {
+		NodeList children = element.getChildNodes();
+		for (int i = 0, n = children.getLength(); i < n; i++) {
+			Node node = children.item(i);
+
+			if (node.getNodeType() == Node.ELEMENT_NODE) {
+				Element childElement = (Element) node;
+				RootBeanDefinition innerBeanDefinition = null;
+
+				if (SYSTEM_WIDE_SALT_SOURCE.equals(node.getLocalName())) {
+					innerBeanDefinition = createSystemWideSaltSource(childElement);
+					repositoryBeanDef.getPropertyValues().addPropertyValue(property, innerBeanDefinition);
+				}
+				else if (REFLECTION_SALT_SOURCE.equals(node.getLocalName())) {
+					innerBeanDefinition = createReflectionSaltSource(childElement);
+					repositoryBeanDef.getPropertyValues().addPropertyValue(property, innerBeanDefinition);
+				}
+				if (PASSWORD_ENCODER.equals(node.getLocalName())) {
+					RootBeanDefinition passwordEncoderInnerBeanDefinition = createPasswordEncoder(childElement);
+					repositoryBeanDef.getPropertyValues()
+							.addPropertyValue(property, passwordEncoderInnerBeanDefinition);
+				}
+			}
+		}
+	}
+
+	/**
+	 * 
+	 * @param childElement
+	 * @return
+	 */
+	private RootBeanDefinition createPasswordEncoder(Element childElement) {
+		String attributeValue = childElement.getAttribute("method");
+		RootBeanDefinition definition = null;
+		// TODO: add other encoders support
+		if (attributeValue.equals("md5")) {
+			definition = new RootBeanDefinition(Md5PasswordEncoder.class);
+		}
+		return definition;
+	}
+
+	/**
+	 * 
+	 * @param saltSourceTypeElement
+	 * @return
+	 */
+	private RootBeanDefinition createReflectionSaltSource(Element saltSourceTypeElement) {
+		RootBeanDefinition definition = new RootBeanDefinition(ReflectionSaltSource.class);
+		definition.getPropertyValues().addPropertyValue("userPropertyToUse",
+				saltSourceTypeElement.getAttribute("userPropertyToUse"));
+		return definition;
+	}
+
+	/**
+	 * 
+	 * @param saltSourceTypeElement
+	 * @return
+	 */
+	private RootBeanDefinition createSystemWideSaltSource(Element saltSourceTypeElement) {
+		RootBeanDefinition definition = new RootBeanDefinition(SystemWideSaltSource.class);
+		definition.getPropertyValues().addPropertyValue("systemWideSalt",
+				saltSourceTypeElement.getAttribute("systemWideSalt"));
+		return definition;
+	}
+
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthenticationRepositoryDependenciesConfigurer.java

@@ -0,0 +1,36 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
+import org.acegisecurity.userdetails.UserDetailsService;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+
+/**
+ * @author vpuri
+ * 
+ */
+public class AuthenticationRepositoryDependenciesConfigurer implements BeanFactoryPostProcessor {
+
+	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
+		String[] userDetailServices = beanFactory.getBeanNamesForType(UserDetailsService.class);
+
+		String[] authenticationProvider = beanFactory.getBeanNamesForType(DaoAuthenticationProvider.class);
+
+		RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(authenticationProvider[0]);
+
+		// there should be only one principal-repository defined, pick the first
+		// one
+		if (userDetailServices.length != 0) {
+			definition.getPropertyValues().addPropertyValue("userDetailsService",
+					new RuntimeBeanReference(userDetailServices[0]));
+		}
+
+	}
+
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/ContextIntegrationBeanDefinitionParser.java

@@ -0,0 +1,78 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
+import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.core.Conventions;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+
+/**
+ * 
+ * @author vpuri
+ * 
+ */
+public class ContextIntegrationBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
+	
+	private static final String HTTP_SESSION_CONTEXT_INTEGRATION = "session-context-integration";
+	
+	private static final String SESSION_CREATION = "sessionCreation";
+	
+	
+
+	private static final String IF_REQUIRED = "ifRequired";
+
+	private static final String ALWAYS = "always";
+
+	private static final String NEVER = "never";
+
+	
+	
+	protected Class getBeanClass(Element element) {
+		return HttpSessionContextIntegrationFilter.class;
+	}
+	
+	
+
+	protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
+		
+		NamedNodeMap attributes = element.getAttributes();
+		
+		for (int x = 0; x < attributes.getLength(); x++) {
+			Attr attribute = (Attr) attributes.item(x);
+			String attributeName = attribute.getLocalName();
+			if ( !ID_ATTRIBUTE.equals(attributeName)) {
+				if (attributeName.equals(SESSION_CREATION)) {
+					String sessionCreation = element.getAttribute(SESSION_CREATION);
+					
+					if(sessionCreation.equals(IF_REQUIRED)) {
+						builder.addPropertyValue("allowSessionCreation", Boolean.TRUE);
+					}
+					
+					if(sessionCreation.equals(ALWAYS)) {
+						builder.addPropertyValue("allowSessionCreation", Boolean.TRUE);
+					}
+					
+					if(sessionCreation.equals(NEVER)) {
+						builder.addPropertyValue("allowSessionCreation", Boolean.FALSE);
+					}
+				}
+				else{			
+					String propertyName = Conventions.attributeNameToPropertyName(attributeName);
+					Assert.state(StringUtils.hasText(propertyName),
+							"Illegal property name returned from 'extractPropertyName(String)': cannot be null or empty.");
+					builder.addPropertyValue(propertyName, attribute.getValue());			
+				}
+			}
+		}	
+	}
+}
+
+	

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/ExceptionTranslationFilterBeanDefinitionParser.java

@@ -0,0 +1,121 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import org.acegisecurity.ui.AccessDeniedHandlerImpl;
+import org.acegisecurity.ui.ExceptionTranslationFilter;
+import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.AbstractBeanDefinition;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.util.StringUtils;
+import org.springframework.util.xml.DomUtils;
+import org.w3c.dom.Element;
+
+/**
+ * Basically accessDeniedUrl is optional, we if unspecified impl will
+ * auto-detect any AccessDeniedHandler in ctx and use it; alternately if there
+ * are > 1 such handlers, we can nominate the one to use via
+ * accessDeniedBeanRef;
+ * 
+ * @author vpuri
+ * @since
+ */
+public class ExceptionTranslationFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
+
+	private static final String ACCESS_DENIED = "access-denied";
+
+	private static final String ACCESS_DENIED_REF = "accessDeniedBeanRef";
+
+	private static final String ACCESS_DENIED_URL = "accessDeniedUrl";
+	
+	private static final String ENTRY_POINT = "entry-point";
+	
+	private static final String ENTRY_POINT_REF ="entryPointBeanRef";
+
+	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
+
+		RootBeanDefinition exceptionFilterDef = new RootBeanDefinition(ExceptionTranslationFilter.class);
+
+		// add handler
+		Element accessDeniedElement = DomUtils.getChildElementByTagName(element, ACCESS_DENIED);
+		setAccessDeniedHandlerProperty(parserContext, exceptionFilterDef, accessDeniedElement);
+		
+		Element entryPointElement = DomUtils.getChildElementByTagName(element, ENTRY_POINT);
+		setEntryPointProperty(exceptionFilterDef, entryPointElement);
+		
+		return exceptionFilterDef;
+	}
+
+	private void setEntryPointProperty(RootBeanDefinition exceptionFilterDef, Element entryPointElement) {
+		if (entryPointElement != null) {
+			setBeanReferenceOrInnerBeanDefinitions(exceptionFilterDef, entryPointElement, "authenticationEntryPoint",
+					entryPointElement.getAttribute(ENTRY_POINT_REF));
+		}
+	}
+
+	/**
+	 * 
+	 * @param parserContext
+	 * @param repositoryBeanDef
+	 * @param element
+	 */
+	private void setAccessDeniedHandlerProperty(ParserContext parserContext, RootBeanDefinition exceptionFilterDef,
+			Element accessDeniedElement) {
+		if (accessDeniedElement != null) {
+			setBeanReferenceOrInnerBeanDefinitions(exceptionFilterDef, accessDeniedElement, "accessDeniedHandler",
+					accessDeniedElement.getAttribute(ACCESS_DENIED_REF));
+		}
+		else {
+			// register BFPP to check if handler exist in application context,
+			// if > 1 throw error saying ref should be specified as there are
+			// more than one
+			RootBeanDefinition accessDeniedHandlerLocatorBeanDef = new RootBeanDefinition(
+					AccessDeniedHandlerBeanDefinitionLocator.class);
+			parserContext.getReaderContext().registerWithGeneratedName(accessDeniedHandlerLocatorBeanDef);
+		}
+	}
+
+	/**
+	 * 
+	 * @param repositoryBeanDef
+	 * @param element
+	 * @param property
+	 * @param reference
+	 */
+	private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition exceptionFilterDef,
+			Element element, String property, String beanRef) {
+		// check for encoderBeanRef attribute
+		if (StringUtils.hasLength(beanRef)) {
+			exceptionFilterDef.getPropertyValues().addPropertyValue(property,
+					new RuntimeBeanReference(beanRef));
+		}
+		else {
+			doSetInnerBeanDefinitions(exceptionFilterDef, element, property);
+		}
+	}
+
+	/**
+	 * 
+	 * @param repositoryBeanDef
+	 * @param element
+	 * @param property
+	 */
+	private void doSetInnerBeanDefinitions(RootBeanDefinition exceptionFilterDef, Element accessDeniedElement,
+			String property) {
+		RootBeanDefinition accessDeniedHandlerBeanDef = new RootBeanDefinition(AccessDeniedHandlerImpl.class);
+		setPropertyIfAvailable(accessDeniedElement, ACCESS_DENIED_URL, "errorPage", accessDeniedHandlerBeanDef);
+		exceptionFilterDef.getPropertyValues().addPropertyValue(property, accessDeniedHandlerBeanDef);
+
+	}
+
+	private void setPropertyIfAvailable(Element element, String attribute, String property,
+			RootBeanDefinition definition) {
+		String propertyValue = element.getAttribute(attribute);
+		if (StringUtils.hasText(propertyValue)) {
+			definition.getPropertyValues().addPropertyValue(property, propertyValue);
+		}
+	}
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/LogoutFilterBeanDefinitionParser.java

@@ -0,0 +1,64 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import org.acegisecurity.ui.logout.LogoutFilter;
+import org.springframework.beans.factory.support.AbstractBeanDefinition;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.util.StringUtils;
+import org.w3c.dom.Element;
+
+/**
+ * @author vpuri
+ * @since
+ */
+public class LogoutFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
+
+	// ~ Instance fields
+	// ================================================================================================
+	private static final String REDIRECT_AFTER_LOGOUT_URL = "redirectAfterLogoutUrl";
+
+	private static final String LOGOUT_URL = "logoutUrl";
+
+	// ~ Methods
+	// ================================================================================================
+
+	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
+
+		// add the properties
+		RootBeanDefinition definition = new RootBeanDefinition(LogoutFilter.class);
+		setConstructorArgumentIfAvailable(0, element, REDIRECT_AFTER_LOGOUT_URL, "logoutSuccessUrl", definition);
+		
+		setPropertyIfAvailable(element, LOGOUT_URL, "filterProcessesUrl", definition);
+
+		// register BFPP to check if LogoutFilter does not have setHandlers
+		// populated, introspect app ctx for LogoutHandlers, using Ordered (if
+		// present, otherwise assume Integer.MAX_VALUE)
+		RootBeanDefinition bfpp = new RootBeanDefinition(LogoutHandlerOrderResolver.class);
+		parserContext.getReaderContext().registerWithGeneratedName(bfpp);
+
+		return definition;
+	}
+
+	private void setConstructorArgumentIfAvailable(int index, Element element, String attribute, String property,
+			RootBeanDefinition definition) {
+		String propertyValue = element.getAttribute(attribute);
+		if (StringUtils.hasText(propertyValue)) {
+			definition.getConstructorArgumentValues().addIndexedArgumentValue(index, propertyValue);
+		}
+	}
+
+	private void setPropertyIfAvailable(Element element, String attribute, String property,
+			RootBeanDefinition definition) {
+		String propertyValue = element.getAttribute(attribute);
+		if (StringUtils.hasText(propertyValue)) {
+			definition.getPropertyValues().addPropertyValue(property, propertyValue);
+		}
+	}
+
+	//
+
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/LogoutHandlerOrderResolver.java

@@ -0,0 +1,95 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import java.util.Collections;
+import java.util.List;
+
+import org.acegisecurity.ui.logout.LogoutFilter;
+import org.acegisecurity.ui.logout.LogoutHandler;
+import org.acegisecurity.ui.logout.SecurityContextLogoutHandler;
+import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
+import org.springframework.beans.factory.support.ManagedList;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.core.OrderComparator;
+import org.springframework.core.Ordered;
+
+/**
+ * @author vpuri
+ * @since
+ */
+public class LogoutHandlerOrderResolver implements BeanFactoryPostProcessor {
+
+	// ~ Methods
+	// ================================================================================================
+
+	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
+		// If LogoutFilter does not have setHandlers populated, introspect app
+		// ctx for LogoutHandlers, using Ordered (if present, otherwise assume
+		// Integer.MAX_VALUE)
+		String[] names = beanFactory.getBeanNamesForType(LogoutFilter.class);
+		RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[0]);
+		ValueHolder holder = getHandlersIfConfigured(beanFactory, definition);
+		if (holder == null) {
+			// intropect the appcontext for registerd LogoutHandler
+			List logoutHandlers = retrieveAllLogoutHandlers(beanFactory);
+			definition.getConstructorArgumentValues().addIndexedArgumentValue(1, logoutHandlers);
+		}
+	}
+
+	/**
+	 * 
+	 * @param beanFactory
+	 * @param definition
+	 * @return
+	 */
+	private ValueHolder getHandlersIfConfigured(ConfigurableListableBeanFactory beanFactory,
+			RootBeanDefinition definition) {
+		// there should be only one LogoutFilter
+		return definition.getConstructorArgumentValues().getArgumentValue(1, null);
+
+	}
+
+	/**
+	 * 
+	 * @param beanFactory
+	 * @return
+	 */
+	private List retrieveAllLogoutHandlers(ConfigurableListableBeanFactory beanFactory) {
+		String[] names = beanFactory.getBeanNamesForType(LogoutHandler.class);
+		ManagedList list = new ManagedList();
+
+		for (int i = 0, n = names.length; i < n; i++) {
+			RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[i]);
+
+			if (definition.hasBeanClass()) {
+				if (Ordered.class.isAssignableFrom(definition.getBeanClass())) {
+					definition.getPropertyValues().addPropertyValue("order",
+							new Integer(getOrder(definition.getBeanClass())));
+				}
+				else {
+					definition.getPropertyValues().addPropertyValue("order", new Integer(Integer.MAX_VALUE));
+				}
+			}
+			list.add(definition);
+		}
+		Collections.sort(list, new OrderComparator());
+		return list;
+	}
+
+	private int getOrder(Class clazz) {
+		if (clazz.getName().equals(TokenBasedRememberMeServices.class.getName())) {
+			return 100;
+		}
+		if (clazz.getName().equals(SecurityContextLogoutHandler.class.getName())) {
+			return 200;
+		}
+		return Integer.MAX_VALUE;
+	}
+
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/PrincipalRepositoryBeanDefinitionParser.java

@@ -0,0 +1,235 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import java.util.Properties;
+
+import org.acegisecurity.GrantedAuthorityImpl;
+import org.acegisecurity.userdetails.User;
+import org.acegisecurity.userdetails.UserDetails;
+import org.acegisecurity.userdetails.jdbc.JdbcDaoImpl;
+import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
+import org.acegisecurity.userdetails.memory.UserAttribute;
+import org.acegisecurity.userdetails.memory.UserMap;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.beans.factory.config.PropertiesFactoryBean;
+import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.AbstractBeanDefinition;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
+import org.springframework.beans.factory.support.ManagedList;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
+import org.springframework.beans.factory.xml.BeanDefinitionParser;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.util.StringUtils;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**   
+ * @author vpuri
+ * 
+ */
+public class PrincipalRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser implements
+		BeanDefinitionParser {
+	
+	//	~ Static fields/initializers =====================================================================================
+
+    private static final Log logger = LogFactory.getLog(PrincipalRepositoryBeanDefinitionParser.class);
+
+	// ~ Instance fields
+	// ================================================================================================
+	private static final String JDBC = "jdbc";
+
+	private static final String DATASOURCE_REF = "dataSourceBeanRef";
+
+	private static final String DATASOURCE = "dataSource";
+
+	private static final String JDBCTEMPLATE_REF = "jdbcTemplateBeanRef";
+
+	private static final String JDBCTEMPLATE = "jdbcTemplate";
+
+	private static final String AUTHORITIES_BY_USERNAME_QUERY = "authoritiesByUsernameQuery";
+
+	private static final String ROLE_PREFIX = "rolePrefix";
+
+	private static final String USERNAME_BASED_PRIMARY_KEY = "usernameBasedPrimaryKey";
+
+	private static final String PROPERTIES = "properties";
+
+	private static final String RESOURCE = "resource";
+
+	private static final String USER_PROPERTIES = "userProperties";
+
+	private static final String USER_DEFINITION = "user-definition";
+
+	private static final Object GRANTED_AUTHORITY = "granted-authority";
+
+	private static final String USERNAME = "username";
+
+	private static final String PASSWORD = "password";
+
+	private static final String ENABLED = "enabled";
+
+	private static final String GRANTED_AUTHORITY_REF = "granted-authority-ref";
+
+	private static final String AUTHORITY = "authority";
+	
+	private static final String AUTHORITY_BEAN_REF="authorityBeanRef";
+
+	// ~ Method
+	// ================================================================================================
+	/**
+	 * 
+	 */
+	
+	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
+		NodeList userDetailsServiceChildren = element.getChildNodes();
+		RootBeanDefinition userDetailsServiceDefinition = null;
+		for (int i = 0, n = userDetailsServiceChildren.getLength(); i < n; i++) {
+			Node userDetailsService = userDetailsServiceChildren.item(i);
+
+			if (JDBC.equals(userDetailsService.getLocalName()) && userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
+				Element ele = (Element) userDetailsService;
+				userDetailsServiceDefinition = parseUserDetailsServiceJdbcDefinition(ele);
+				userDetailsServiceDefinition.setSource(parserContext.extractSource(element));
+				parserContext.getReaderContext().registerWithGeneratedName(userDetailsServiceDefinition);
+			}
+			if (PROPERTIES.equals(userDetailsService.getLocalName())
+					&& userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
+				Element ele = (Element) userDetailsService;
+
+				userDetailsServiceDefinition = new RootBeanDefinition(InMemoryDaoImpl.class);
+				userDetailsServiceDefinition.getPropertyValues().addPropertyValue(USER_PROPERTIES,
+						new RuntimeBeanReference(createPropertiesBeanDefinition(ele, parserContext)));
+				userDetailsServiceDefinition.setSource(parserContext.extractSource(element));
+				parserContext.getReaderContext().registerWithGeneratedName(userDetailsServiceDefinition);
+			}
+			if (USER_DEFINITION.equals(userDetailsService.getLocalName())
+					&& userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
+				Element ele = (Element) userDetailsService;
+
+				// create a UserMap which interns uses UserMapEditor
+				userDetailsServiceDefinition = createUserDefinition(ele, parserContext);
+			}
+		}
+		return userDetailsServiceDefinition;
+	}
+
+	private RootBeanDefinition createUserDefinition(Element ele, ParserContext parserContext) {
+		RootBeanDefinition definition = new RootBeanDefinition(InMemoryDaoImpl.class);
+
+		UserAttribute userAttribute = new UserAttribute();
+		UserMap userMap = new UserMap();
+
+		setPassword(ele, userAttribute);
+		setEnabled(ele, userAttribute);
+		setAuthorities(ele, userAttribute);
+
+		UserDetails user = new User(ele.getAttribute(USERNAME), userAttribute.getPassword(), userAttribute.isEnabled(),
+				true, true, true, userAttribute.getAuthorities());
+		userMap.addUser(user);
+		definition.getPropertyValues().addPropertyValue("userMap", userMap);
+		return definition;
+
+	}
+
+	private String createPropertiesBeanDefinition(Element ele, ParserContext parserContext) {
+		// properties element
+		RootBeanDefinition defintion = new RootBeanDefinition(PropertiesFactoryBean.class);
+		String propertyValue = ele.getAttribute(RESOURCE);
+		defintion.getPropertyValues().addPropertyValue("location", propertyValue);
+		defintion.setSource(parserContext.extractSource(ele));
+		return parserContext.getReaderContext().registerWithGeneratedName(defintion);
+	}
+
+	/**
+	 * 
+	 * @param elementToParse
+	 * @return
+	 */
+	private RootBeanDefinition parseUserDetailsServiceJdbcDefinition(Element elementToParse) {
+		// parse attributes
+		RootBeanDefinition definition = new RootBeanDefinition(JdbcDaoImpl.class);
+		setPropertyIfAvailable(elementToParse, DATASOURCE_REF, DATASOURCE, definition);
+		setPropertyIfAvailable(elementToParse, JDBCTEMPLATE_REF, JDBCTEMPLATE, definition);
+		setPropertyIfAvailable(elementToParse, AUTHORITIES_BY_USERNAME_QUERY, AUTHORITIES_BY_USERNAME_QUERY, definition);
+		setPropertyIfAvailable(elementToParse, ROLE_PREFIX, ROLE_PREFIX, definition);
+		setPropertyIfAvailable(elementToParse, USERNAME_BASED_PRIMARY_KEY, USERNAME_BASED_PRIMARY_KEY, definition);
+		return definition;
+	}
+
+	protected void doParseProperties(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
+		Properties parsedProps = parserContext.getDelegate().parsePropsElement(element);
+		builder.addPropertyValue(PROPERTIES, parsedProps);
+	}
+
+	/**
+	 * 
+	 * @param element
+	 * @param attribute
+	 * @param property
+	 * @param definition
+	 */
+	private void setPropertyIfAvailable(Element element, String attribute, String property,
+			RootBeanDefinition definition) {
+		String propertyValue = element.getAttribute(attribute);
+		if (StringUtils.hasText(propertyValue)) {
+			if (propertyValue.equals(DATASOURCE_REF) || propertyValue.equals(JDBCTEMPLATE_REF)) {
+				definition.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(propertyValue));
+			}
+			else {
+				definition.getPropertyValues().addPropertyValue(property, propertyValue);
+			}
+		}
+	}
+
+	private void setPassword(Element element, UserAttribute userAttribute) {
+		String propertyValue = element.getAttribute(PASSWORD);
+		if (StringUtils.hasText(propertyValue)) {
+			userAttribute.setPassword(propertyValue);
+		}
+	}
+
+	private void setEnabled(Element element, UserAttribute userAttribute) {
+		String propertyValue = element.getAttribute(ENABLED);
+		if (StringUtils.hasText(propertyValue)) {
+			if (propertyValue.equals("true")) {
+				userAttribute.setEnabled(true);
+			}
+			else {
+				userAttribute.setEnabled(false);
+			}
+		}
+	}
+
+	private void setAuthorities(Element ele, UserAttribute userAttribute) {
+		// get authorities
+		NodeList childNodes = ele.getChildNodes();
+
+		ManagedList authorities = new ManagedList();
+
+		for (int i = 0, n = childNodes.getLength(); i < n; i++) {
+			Node authorityNode = childNodes.item(i);
+
+			if (GRANTED_AUTHORITY.equals(authorityNode.getLocalName())
+					&& authorityNode.getNodeType() == Element.ELEMENT_NODE) {
+				Element propertyValue = (Element) authorityNode;
+				authorities.add(new GrantedAuthorityImpl(propertyValue.getAttribute(AUTHORITY)));
+			}
+
+			if (GRANTED_AUTHORITY_REF.equals(authorityNode.getLocalName())
+					&& authorityNode.getNodeType() == Element.ELEMENT_NODE) {
+				Element propertyValue = (Element) authorityNode;
+				String attribute = propertyValue.getAttribute(AUTHORITY_BEAN_REF);
+				if (StringUtils.hasLength(attribute)) {
+					authorities.add(new RuntimeBeanReference(attribute));
+				}
+			}
+		}
+		userAttribute.setAuthorities(authorities);
+	}
+
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/RemeberMeServicesDependenciesConfigurer.java

@@ -0,0 +1,35 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import org.acegisecurity.ui.rememberme.RememberMeServices;
+import org.acegisecurity.userdetails.UserDetailsService;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+
+/**
+ * @author vpuri
+ * 
+ */
+public class RemeberMeServicesDependenciesConfigurer implements BeanFactoryPostProcessor {
+
+	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
+		
+		String [] userDetailServices = beanFactory.getBeanNamesForType(UserDetailsService.class);
+		
+		String [] rememberMeService = beanFactory.getBeanNamesForType(RememberMeServices.class);
+		
+		RootBeanDefinition definition=(RootBeanDefinition) beanFactory.getBeanDefinition(rememberMeService[0]);
+		
+		// there should be only one principal-repository defined, pick the first one
+		if(userDetailServices.length!=0) {
+			definition.getPropertyValues().addPropertyValue("userDetailsService", new RuntimeBeanReference(userDetailServices[0]));
+		}
+		
+	}
+
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/RememberMeFilterBeanDefinitionParser.java

@@ -0,0 +1,49 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
+import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.AbstractBeanDefinition;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+import org.w3c.dom.Element;
+
+/**
+ * @author vpuri
+ *
+ *@since
+ */
+public class RememberMeFilterBeanDefinitionParser extends AbstractBeanDefinitionParser  {
+
+	private static final String REMEMBER_ME_SERVICES_REF = "rememberMeServicesBeanRef";
+	
+	private static final String REMEMBER_ME_SERVICES = "rememberMeServices";
+
+	
+	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
+		Assert.notNull(parserContext, "ParserContext must not be null");
+		
+		RootBeanDefinition rememberMeFilterBeanDef = new RootBeanDefinition(RememberMeProcessingFilter.class);
+		
+		// detect all the required dependencies and autowire them by type
+		rememberMeFilterBeanDef.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_AUTODETECT);
+		
+		// check if rememberMeServicesBeanRef is defined and if it's specified use its referred bean
+		String rememberMeServicesRef = element.getAttribute(REMEMBER_ME_SERVICES_REF);
+		if (StringUtils.hasLength(rememberMeServicesRef)) {
+			rememberMeFilterBeanDef.getPropertyValues().addPropertyValue(REMEMBER_ME_SERVICES,
+					new RuntimeBeanReference(rememberMeServicesRef));
+		} 
+		return rememberMeFilterBeanDef;
+	}
+	
+	
+	
+	
+
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/RememberMeServicesBeanDefinitionParser.java

@@ -0,0 +1,62 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
+import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.AbstractBeanDefinition;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
+import org.springframework.beans.factory.xml.BeanDefinitionParser;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+import org.w3c.dom.Element;
+
+/**
+ * @author vpuri
+ *
+ */
+public class RememberMeServicesBeanDefinitionParser extends AbstractBeanDefinitionParser implements
+		BeanDefinitionParser {
+	
+	private static final String PRINCIPAL_REPOSITORY_BEAN_REF = "principalRepositoryBeanRef";
+	
+	private static final String USER_DETAILS_SERVICE_PROPERTY = "userDetailsService";
+	
+	/*
+	 * key is optional; if unspecified, pick a rnd int and use for all unspecified key properties for acegi beans
+	 */
+	private static final String KEY = "key";
+
+	/**
+	 * 
+	 */
+	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
+		Assert.notNull(parserContext, "ParserContext must not be null");		
+		
+		RootBeanDefinition rememberMeServicesBeanDef = new RootBeanDefinition(TokenBasedRememberMeServices.class);
+		
+		String keyValue = element.getAttribute(KEY);
+		if (StringUtils.hasLength(keyValue)) {
+			rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(KEY,keyValue);
+		}  else {
+			// pick a rnd int
+		}
+		
+		//	 check if rememberMeServicesBeanRef is defined and if it's specified use its referred bean
+		String rememberMeServicesRef = element.getAttribute(PRINCIPAL_REPOSITORY_BEAN_REF);
+		if (StringUtils.hasLength(rememberMeServicesRef)) {
+			rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE_PROPERTY,
+					new RuntimeBeanReference(rememberMeServicesRef));
+		}  
+		else {
+			// register a bean definition parse
+			RootBeanDefinition configurer = new RootBeanDefinition(RemeberMeServicesDependenciesConfigurer.class);
+			parserContext.getReaderContext().registerWithGeneratedName(configurer);
+		}
+		return rememberMeServicesBeanDef;
+	}
+
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/SecurityNamespaceHandler.java

@@ -0,0 +1,33 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import org.springframework.beans.factory.xml.BeanDefinitionParser;
+import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
+
+/**
+ * {@link org.springframework.beans.factory.xml.NamespaceHandler} for the '<code>security</code>' namespace.
+ * @author vpuri
+ * 
+ * @since 
+ */
+public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
+
+	/**
+	 * Register the {@link BeanDefinitionParser BeanDefinitionParsers} for the
+	 * '<code>context-integration</code>', ' and '<code></code>' elements.
+	 */
+	public void init() {
+		registerBeanDefinitionParser("principal-repository", new PrincipalRepositoryBeanDefinitionParser());
+		registerBeanDefinitionParser("session-context-integration", new ContextIntegrationBeanDefinitionParser());
+		registerBeanDefinitionParser("authentication-repository", new AuthenticationRepositoryBeanDefinitionParser());
+		registerBeanDefinitionParser("authentication-mechanism", new AuthenticationMechanismBeanDefinitionParser());
+		registerBeanDefinitionParser("authentication-remember-me-services", new RememberMeServicesBeanDefinitionParser());
+		registerBeanDefinitionParser("authentication-remember-me-filter", new RememberMeFilterBeanDefinitionParser());
+		registerBeanDefinitionParser("logout-support", new LogoutFilterBeanDefinitionParser());
+		registerBeanDefinitionParser("exception-translation", new ExceptionTranslationFilterBeanDefinitionParser());
+		registerBeanDefinitionParser("authentication-form", new AuthenticationProcessingFilterBeanDefinitionParser());
+	}
+
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilter.java

@@ -0,0 +1,239 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.acegisecurity.ui.basicauth;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.acegisecurity.Authentication;
+import org.acegisecurity.AuthenticationException;
+import org.acegisecurity.AuthenticationManager;
+import org.acegisecurity.context.SecurityContextHolder;
+import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
+import org.acegisecurity.ui.AuthenticationDetailsSource;
+import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
+import org.acegisecurity.ui.AuthenticationEntryPoint;
+import org.acegisecurity.ui.rememberme.RememberMeServices;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.Ordered;
+import org.springframework.util.Assert;
+
+
+/**
+ * Processes a HTTP request's BASIC authorization headers, putting the result into the
+ * <code>SecurityContextHolder</code>.<p>For a detailed background on what this filter is designed to process,
+ * refer to <A HREF="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</A>. Any realm name presented in
+ * the HTTP request is ignored.</p>
+ *  <p>In summary, this filter is responsible for processing any request that has a HTTP request header of
+ * <code>Authorization</code> with an authentication scheme of <code>Basic</code> and a Base64-encoded
+ * <code>username:password</code> token. For example, to authenticate user "Aladdin" with password "open sesame" the
+ * following header would be presented:</p>
+ *  <p><code>Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==</code>.</p>
+ *  <p>This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as
+ * Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).</p>
+ *  <P>If authentication is successful, the resulting {@link Authentication} object will be placed into the
+ * <code>SecurityContextHolder</code>.</p>
+ *  <p>If authentication fails and <code>ignoreFailure</code> is <code>false</code> (the default), an {@link
+ * AuthenticationEntryPoint} implementation is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
+ * which will prompt the user to authenticate again via BASIC authentication.</p>
+ *  <p>Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
+ * transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
+ * provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
+ * org.acegisecurity.ui.digestauth.DigestProcessingFilter}.</p>
+ *  <p>Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
+ * details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
+ * they will be authenticated using the remember-me mechanism.</p>
+ *  <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
+ * org.acegisecurity.util.FilterToBeanProxy}.</p>
+ *
+ * @author Ben Alex
+ * @version $Id: BasicProcessingFilter.java 1783 2007-02-23 19:21:44Z luke_t $
+ */
+public class BasicProcessingFilter implements Filter, InitializingBean, Ordered {
+    //~ Static fields/initializers =====================================================================================
+
+	private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
+
+    //~ Instance fields ================================================================================================
+
+    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
+    private AuthenticationEntryPoint authenticationEntryPoint;
+    private AuthenticationManager authenticationManager;
+    private RememberMeServices rememberMeServices;
+    private boolean ignoreFailure = false;
+    private int order;
+
+    //~ Methods ========================================================================================================
+
+    public void afterPropertiesSet() throws Exception {
+        Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
+        Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
+    }
+
+    public void destroy() {}
+
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
+
+        if (!(request instanceof HttpServletRequest)) {
+            throw new ServletException("Can only process HttpServletRequest");
+        }
+
+        if (!(response instanceof HttpServletResponse)) {
+            throw new ServletException("Can only process HttpServletResponse");
+        }
+
+        HttpServletRequest httpRequest = (HttpServletRequest) request;
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+
+        String header = httpRequest.getHeader("Authorization");
+
+        if (logger.isDebugEnabled()) {
+            logger.debug("Authorization header: " + header);
+        }
+
+        if ((header != null) && header.startsWith("Basic ")) {
+            String base64Token = header.substring(6);
+            String token = new String(Base64.decodeBase64(base64Token.getBytes()));
+
+            String username = "";
+            String password = "";
+            int delim = token.indexOf(":");
+
+            if (delim != -1) {
+                username = token.substring(0, delim);
+                password = token.substring(delim + 1);
+            }
+
+            if (authenticationIsRequired(username)) {
+                UsernamePasswordAuthenticationToken authRequest =
+                        new UsernamePasswordAuthenticationToken(username, password);
+                authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
+
+                Authentication authResult;
+
+                try {
+                    authResult = authenticationManager.authenticate(authRequest);
+                } catch (AuthenticationException failed) {
+                    // Authentication failed
+                    if (logger.isDebugEnabled()) {
+                        logger.debug("Authentication request for user: " + username + " failed: " + failed.toString());
+                    }
+
+                    SecurityContextHolder.getContext().setAuthentication(null);
+
+                    if (rememberMeServices != null) {
+                        rememberMeServices.loginFail(httpRequest, httpResponse);
+                    }
+
+                    if (ignoreFailure) {
+                        chain.doFilter(request, response);
+                    } else {
+                        authenticationEntryPoint.commence(request, response, failed);
+                    }
+
+                    return;
+                }
+
+                // Authentication success
+                if (logger.isDebugEnabled()) {
+                    logger.debug("Authentication success: " + authResult.toString());
+                }
+
+                SecurityContextHolder.getContext().setAuthentication(authResult);
+
+                if (rememberMeServices != null) {
+                    rememberMeServices.loginSuccess(httpRequest, httpResponse, authResult);
+                }
+            }
+        }
+
+        chain.doFilter(request, response);
+    }
+
+    private boolean authenticationIsRequired(String username) {
+        // Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated
+        // (see SEC-53)
+        Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
+
+        if(existingAuth == null || !existingAuth.isAuthenticated()) {
+            return true;
+        }
+
+        // Limit username comparison to providers which use usernames (ie UsernamePasswordAuthenticationToken)
+        // (see SEC-348)
+
+        if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
+        return authenticationEntryPoint;
+    }
+
+    public AuthenticationManager getAuthenticationManager() {
+        return authenticationManager;
+    }
+
+    public void init(FilterConfig arg0) throws ServletException {}
+
+    public boolean isIgnoreFailure() {
+        return ignoreFailure;
+    }
+
+    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
+        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
+        this.authenticationDetailsSource = authenticationDetailsSource;
+    }
+
+    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
+        this.authenticationEntryPoint = authenticationEntryPoint;
+    }
+
+    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+    }
+
+    public void setIgnoreFailure(boolean ignoreFailure) {
+        this.ignoreFailure = ignoreFailure;
+    }
+
+    public void setRememberMeServices(RememberMeServices rememberMeServices) {
+        this.rememberMeServices = rememberMeServices;
+    }
+
+	public int getOrder() {
+		return order;
+	}
+
+	public void setOrder(int order) {
+		this.order = order;
+	}
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilterEntryPoint.java

@@ -0,0 +1,89 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.acegisecurity.ui.basicauth;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+
+import org.acegisecurity.AuthenticationException;
+import org.acegisecurity.ui.AuthenticationEntryPoint;
+import org.acegisecurity.util.OrderedUtils;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.core.Ordered;
+import org.springframework.util.Assert;
+
+
+/**
+ * Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
+ * BasicProcessingFilter}.<P>Once a user agent is authenticated using BASIC authentication, logout requires that
+ * the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call
+ * the {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} method below. This will indicate to
+ * the browser its credentials are no longer authorized, causing it to prompt the user to login again.</p>
+ *
+ * @author Ben Alex
+ * @version $Id: BasicProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z vishalpuri $
+ */
+public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered, ApplicationContextAware {
+    //~ Instance fields ================================================================================================
+
+	private static final int DEFAULT_ORDER = Integer.MAX_VALUE;
+    private String realmName;
+    private int order = DEFAULT_ORDER;
+    private ApplicationContext applicationContext;
+
+    //~ Methods ========================================================================================================
+
+    public int getOrder() {
+		return order;
+	}
+
+	public void setOrder(int order) {
+		this.order = order;
+	}
+
+	public void afterPropertiesSet() throws Exception {
+		Assert.hasText(realmName, "realmName must be specified");
+		if (order == DEFAULT_ORDER) {
+			OrderedUtils.copyOrderFromOtherClass(BasicProcessingFilter.class, applicationContext, this, true);
+		}
+    }
+
+    public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
+        throws IOException, ServletException {
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
+        httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
+    }
+
+    public String getRealmName() {
+        return realmName;
+    }
+
+    public void setRealmName(String realmName) {
+        this.realmName = realmName;
+    }
+
+	public void setApplicationContext(ApplicationContext applicationContext) {
+		this.applicationContext = applicationContext;
+	}
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/ui/basicauth/package.html

@@ -0,0 +1,5 @@
+<html>
+<body>
+Authenticates HTTP BASIC authentication requests.
+</body>
+</html>

sandbox/spring-security-config/src/main/java/org/acegisecurity/util/OrderedUtils.java

@@ -0,0 +1,65 @@
+package org.acegisecurity.util;
+
+import java.lang.reflect.Method;
+import java.util.Map;
+
+import org.springframework.context.ApplicationContext;
+import org.springframework.core.Ordered;
+import org.springframework.util.Assert;
+import org.springframework.util.ReflectionUtils;
+
+/**
+ * Proivdes common logic for manipulating classes implementing the Spring
+ * {@link Ordered} interface.
+ * 
+ * @author Ben Alex
+ */
+public abstract class OrderedUtils {
+	/**
+	 * Introspects the application context for a single instance of <code>sourceClass</code>. If found, the order from the source
+	 * class instance is copied into the <code>destinationObject</code>. If more than one instance of <code>sourceClass</code>
+	 * is found, the method throws <code>IllegalStateException</code>.
+	 * 
+	 * <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
+	 * mutation of the order property.
+	 * 
+	 * @param sourceClass to locate in the application context (must be assignable to Ordered)
+	 * @param applicationContext to locate the class
+	 * @param destinationObject to copy the order into (must provide public setOrder(int) method)
+	 * @param skipIfMoreThanOneCandidateSourceClassInstance if the application context provides more than one potential source, skip modifications (if false, the first located matching source will be used)
+	 * @return whether or not the destination class was updated
+	 */
+	public static boolean copyOrderFromOtherClass(Class sourceClass, ApplicationContext applicationContext, Object destinationObject, boolean skipIfMoreThanOneCandidateSourceClassInstance) {
+		Assert.notNull(sourceClass, "Source class required");
+		Assert.notNull(applicationContext, "ApplicationContext required");
+		Assert.notNull(destinationObject, "Destination object required");
+		Assert.isAssignable(Ordered.class, sourceClass, "Source class " + sourceClass + " must be assignable to Ordered");
+		Map map = applicationContext.getBeansOfType(sourceClass);
+		if (map.size() == 0) {
+			return false;
+		} else if (map.size() > 1 && skipIfMoreThanOneCandidateSourceClassInstance) {
+			return false;
+		} else {
+			copyOrderFromOtherObject((Ordered)map.values().iterator().next(), destinationObject);
+			return true;
+		}
+	}
+	
+	/**
+	 * Copies the order property from the <code>sourceObject</code> into the <code>destinationObject</code>.
+	 * 
+	 * <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
+	 * mutation of the order property.
+	 * 
+	 * @param sourceObject to copy the order from
+	 * @param destinationObject to copy the order into (must provide public setOrder(int) method)
+	 */
+	public static void copyOrderFromOtherObject(Ordered sourceObject, Object destinationObject) {
+		Assert.notNull(sourceObject, "Source object required");
+		Assert.notNull(destinationObject, "Destination object required");
+		Method m = ReflectionUtils.findMethod(destinationObject.getClass(), "setOrder", new Class[] {int.class});
+		Assert.notNull(m, "Method setOrder(int) not found on " + destinationObject.getClass());
+		ReflectionUtils.invokeMethod(m, destinationObject, new Object[] {new Integer(sourceObject.getOrder())});
+	}
+	
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/util/package.html

@@ -0,0 +1,5 @@
+<html>
+<body>
+General utility classes used throughout the Acegi Security System.
+</body>
+</html>

sandbox/spring-security-config/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd

@@ -0,0 +1,478 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+
+<xsd:schema xmlns="http://www.springframework.org/schema/security"
+	xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+	targetNamespace="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	elementFormDefault="qualified" attributeFormDefault="unqualified">
+
+	<xsd:import namespace="http://www.springframework.org/schema/util" />
+
+	<xsd:element name="session-context-integration">
+		<xsd:complexType>
+			<xsd:attribute name="id" type="xsd:ID">
+				<xsd:annotation>
+					<xsd:documentation>
+						<![CDATA[
+	The unique identifier for a bean.
+				]]>
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:attribute>
+
+			<xsd:attribute name="sessionCreation"
+				default="ifRequired">
+				<xsd:annotation>
+					<xsd:documentation>
+						<![CDATA[
+	Indicates if this filter can create a HttpSession if
+	needed (sessions are always created sparingly, but setting this value to
+	false will prohibit sessions from ever being created).
+	Defaults to true. Do not set to false if
+	you have set forceEagerSessionCreation to true ,
+	as the properties would be in conflict.
+							]]>
+					</xsd:documentation>
+				</xsd:annotation>
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:string">
+						<xsd:enumeration value="ifRequired" />
+						<xsd:enumeration value="never" />
+						<xsd:enumeration value="always" />
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+
+			<xsd:attribute name="forceEagerSessionCreation"
+				default="false" type="defaultable-boolean" use="optional">
+				<xsd:annotation>
+					<xsd:documentation>
+						<![CDATA[
+	Indicates if this filter is required to create a 'HttpSession'
+	for every request before proceeding through the filter chain, even if the
+	'HttpSession' would not ordinarily have been created. By
+	default this is 'false', which is entirely appropriate for
+	most circumstances as you do not want a 'HttpSession'
+	created unless the filter actually needs one. It is envisaged the main
+	situation in which this property would be set to 'true' is
+	if using other filters that depend on a 'HttpSession'
+	already existing, such as those which need to obtain a session ID. This
+	is only required in specialised cases, so leave it set to
+	'false' unless you have an actual requirement and are
+	conscious of the session creation overhead.
+							]]>
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:attribute>
+			<xsd:attribute name="cloneFromHttpSession" default="false"
+				type="defaultable-boolean" use="optional">
+				<xsd:annotation>
+					<xsd:documentation>
+						<![CDATA[
+	Indicates whether the <code>SecurityContext</code> will be cloned from
+	the HttpSession. The default is to simply reference (ie
+    the default is 'false'. The default may cause issues if
+ 	concurrent threads need to have a different security identity from other
+	threads being concurrently processed that share the same
+	<code>HttpSession</code>. In most normal environments this does not
+	represent an issue, as changes to the security identity in one thread is
+	allowed to affect the security identitiy in other threads associated with
+	the same 'HttpSession'.
+							]]>
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+
+	<xsd:element name="authentication-remember-me-filter"
+		type="RememberMeFilter">
+		<xsd:annotation>
+				<xsd:documentation source="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
+					<![CDATA[
+	makes the filter, but does little else, as it auto-detects everything
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:element>
+
+	<xsd:complexType name="RememberMeFilter">
+		<xsd:attribute name="id" type="xsd:ID">
+			<xsd:annotation>
+				<xsd:documentation>
+					<![CDATA[
+	The unique identifier for a bean.
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+		<xsd:attribute name="rememberMeServicesBeanRef"
+			type="xsd:string" use="optional" />
+	</xsd:complexType>
+
+	<xsd:element name="authentication-remember-me-services"
+		type="RememberMeServices" />
+
+	<xsd:complexType name="RememberMeServices">
+		<xsd:attribute name="id" type="xsd:ID">
+			<xsd:annotation>
+				<xsd:documentation>
+					<![CDATA[
+	The unique identifier for a bean.
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+		<xsd:attribute name="key" type="xsd:string" use="optional" />
+		<xsd:attribute name="principalRepositoryBeanRef"
+			type="xsd:string" use="optional" />
+	</xsd:complexType>
+
+	<!-- Logout Filter -->
+	<xsd:element name="logout-support">
+		<xsd:complexType>
+			<!-- Write other attributes -->
+			<xsd:attribute name="id" type="xsd:ID">
+				<xsd:annotation>
+					<xsd:documentation>
+						<![CDATA[
+	The unique identifier for a bean.
+				]]>
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:attribute>
+			<xsd:attribute name="redirectAfterLogoutUrl"
+				type="xsd:string" default="/" />
+			<xsd:attribute name="logoutUrl" type="xsd:string"
+				default="/logout" />
+			<xsd:anyAttribute namespace="##other" processContents="lax" />
+		</xsd:complexType>
+	</xsd:element>
+
+
+	<!-- Exception Translation Filter -->
+	<xsd:element name="exception-translation"
+		type="ExceptionTranslation" />
+
+	<xsd:complexType name="ExceptionTranslation">
+		<xsd:all>
+			<xsd:element ref="entry-point" maxOccurs="1" />
+			<xsd:element ref="access-denied" maxOccurs="1"
+				minOccurs="0" />
+		</xsd:all>
+		<xsd:attribute name="id" type="xsd:ID">
+			<xsd:annotation>
+				<xsd:documentation>
+					<![CDATA[
+	The unique identifier for a bean.
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+	</xsd:complexType>
+
+	<xsd:element name="entry-point">
+		<xsd:complexType>
+			<xsd:attribute name="entryPointBeanRef" type="xsd:string" />
+		</xsd:complexType>
+	</xsd:element>
+
+	<xsd:element name="access-denied">
+		<xsd:complexType>
+			<xsd:attribute name="accessDeniedUrl" type="xsd:string"
+				use="optional" />
+			<xsd:attribute name="accessDeniedBeanRef" type="xsd:string"
+				use="optional" />
+		</xsd:complexType>
+	</xsd:element>
+
+	<!-- AuthenticationProcessigFilter -->
+	<xsd:element name="authentication-form"
+		type="AuthenticationProcessingFilter" />
+
+	<xsd:complexType name="AuthenticationProcessingFilter">
+		<xsd:attribute name="id" type="xsd:ID">
+			<xsd:annotation>
+				<xsd:documentation>
+					<![CDATA[
+	The unique identifier for a bean.
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+		<xsd:attribute name="authenticationUrl" type="xsd:string"
+			use="required">
+			<xsd:annotation>
+				<xsd:documentation>
+					<![CDATA[
+	The URL destination that this filter intercepts and processes (usually something like
+     /login) 
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+		<xsd:attribute name="defaultTargetUrl" type="xsd:string"
+			use="required">
+			<xsd:annotation>
+				<xsd:documentation>
+					<![CDATA[
+	Where to redirect the browser to if authentication is successful but ACEGI_SAVED_REQUEST_KEY is
+     null
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+		<xsd:attribute name="errorFormUrl" type="xsd:string"
+			use="required">
+			<xsd:annotation>
+				<xsd:documentation>
+					<![CDATA[
+	Where to redirect the browser to if authentication fails.
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+	</xsd:complexType>
+
+
+
+	<xsd:element name="authentication-mechanism"
+		type="AuthenticationManager">
+		<xsd:annotation>
+			<xsd:documentation
+				source="org.acegisecurity.providers.ProviderManager">
+				<![CDATA[
+				Resolves to 'org.acegisecurity.providers.ProviderManager'
+				]]>
+			</xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+
+	<xsd:complexType name="AuthenticationManager">
+		<xsd:sequence>
+			<xsd:element ref="authentication-jdbc" minOccurs="0"
+				maxOccurs="1" />
+			<xsd:element ref="authentication-ldap" minOccurs="0"
+				maxOccurs="1" />
+		</xsd:sequence>
+		<xsd:attribute name="id" type="xsd:ID">
+			<xsd:annotation>
+				<xsd:documentation>
+					<![CDATA[
+	The unique identifier for a bean.
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+	</xsd:complexType>
+
+	<xsd:element name="authentication-jdbc">
+		<xsd:annotation>
+			<xsd:documentation
+				source="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
+				<![CDATA[
+				if not specified will be auto-tetected from the ApplicationContext and tried in order 
+				]]>
+			</xsd:documentation>
+		</xsd:annotation>
+		<xsd:complexType>
+			<xsd:attribute name="ref" type="xsd:string" />
+		</xsd:complexType>
+	</xsd:element>
+
+	<xsd:element name="authentication-ldap">
+		<xsd:annotation>
+			<xsd:documentation
+				source="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
+				<![CDATA[
+				if not specified will be auto-tetected from the ApplicationContext and tried in order 
+				]]>
+			</xsd:documentation>
+		</xsd:annotation>
+		<xsd:complexType>
+			<xsd:attribute name="ref" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>
+						<![CDATA[
+	A short-cut alternative to a nested "<ref bean='...'/>" element.
+					]]>
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+
+
+
+	<xsd:element name="principal-repository" type="PrincipalRepository" />
+
+	<xsd:complexType name="PrincipalRepository">
+		<xsd:choice>
+			<xsd:element ref="jdbc" minOccurs="0" maxOccurs="1" />
+			<xsd:element ref="ldap" minOccurs="0" maxOccurs="1" />
+			<xsd:element ref="properties" minOccurs="0" maxOccurs="1" />
+			<xsd:element ref="user-definition" minOccurs="0"
+				maxOccurs="unbounded" />
+		</xsd:choice>
+		<xsd:attribute name="id" type="xsd:ID">
+			<xsd:annotation>
+				<xsd:documentation>
+					<![CDATA[
+	The unique identifier for a bean.
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+	</xsd:complexType>
+
+	<xsd:element name="jdbc">
+		<xsd:complexType>
+			<xsd:attribute name="dataSourceBeanRef" type="xsd:string" />
+			<xsd:attribute name="authoritiesByUsernameQuery"
+				type="xsd:string" use="optional" />
+			<xsd:attribute name="jdbcTemplateBeanRef" type="xsd:string"
+				use="optional" />
+			<xsd:attribute name="rolePrefix" type="xsd:string"
+				use="optional" />
+			<xsd:attribute name="usernameBasedPrimaryKey"
+				type="xsd:boolean" use="optional" />
+			<xsd:attribute name="usersByUsernameQuery" type="xsd:string"
+				use="optional" />
+		</xsd:complexType>
+	</xsd:element>
+
+
+	<xsd:element name="ldap">
+		<xsd:complexType>
+			<xsd:attribute name="not-yet-defined" type="xsd:string" />
+		</xsd:complexType>
+	</xsd:element>
+
+	<xsd:element name="properties">
+		<xsd:complexType>
+			<xsd:attribute name="resource" type="xsd:string" />
+		</xsd:complexType>
+	</xsd:element>
+
+	<xsd:element name="user-definition">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="granted-authority" minOccurs="0"
+					maxOccurs="unbounded">
+					<xsd:complexType>
+						<xsd:attribute name="authority"
+							type="xsd:string" use="required" />
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="granted-authority-ref" minOccurs="0"
+					maxOccurs="unbounded">
+					<xsd:complexType>
+						<xsd:attribute name="authorityBeanRef"
+							type="xsd:string" use="required" />
+					</xsd:complexType>
+				</xsd:element>
+			</xsd:sequence>
+			<xsd:attribute name="username" type="xsd:string"
+				use="required" />
+			<xsd:attribute name="password" type="xsd:string" />
+			<xsd:attribute name="enabled" type="xsd:boolean" />
+			<xsd:anyAttribute namespace="##local"
+				processContents="strict" />
+		</xsd:complexType>
+	</xsd:element>
+
+
+	<xsd:element name="authentication-repository"
+		type="AuthenticationRepositoryType" />
+
+	<xsd:complexType name="AuthenticationRepositoryType">
+		<xsd:sequence>
+			<xsd:element name="salt-source" type="SaltSource"
+				minOccurs="0" maxOccurs="1" />
+			<xsd:element name="password-encoder" type="PasswordEncoder"
+				minOccurs="0" maxOccurs="1" />
+		</xsd:sequence>
+		<xsd:attributeGroup ref="AuthenticationRepositoryAttributes" />
+	</xsd:complexType>
+
+	<!-- <security:salt-source source="systemwide|reflection" salt="salt"/> -->
+	<xsd:complexType name="SaltSource">
+		<xsd:sequence>
+			<xsd:choice minOccurs="0" maxOccurs="1">
+				<xsd:element name="system-wide">
+					<xsd:complexType>
+						<xsd:attribute name="systemWideSalt"
+							type="xsd:string" />
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="reflection">
+					<xsd:complexType>
+						<xsd:attribute name="userPropertyToUse"
+							type="xsd:string" />
+					</xsd:complexType>
+				</xsd:element>
+			</xsd:choice>
+		</xsd:sequence>
+		<xsd:attribute name="saltSourceBeanRef" type="xsd:string"
+			use="optional" />
+	</xsd:complexType>
+
+	<xsd:complexType name="PasswordEncoder">
+		<xsd:sequence>
+			<xsd:choice minOccurs="0" maxOccurs="1">
+				<xsd:element name="encoder">
+					<xsd:complexType>
+						<xsd:attribute name="method" type="encoders" />
+					</xsd:complexType>
+				</xsd:element>
+			</xsd:choice>
+		</xsd:sequence>
+		<xsd:attribute name="encoderBeanRef" type="xsd:string"
+			use="optional" />
+	</xsd:complexType>
+
+	<xsd:attributeGroup name="AuthenticationRepositoryAttributes">
+		<xsd:attribute name="id" type="xsd:ID">
+			<xsd:annotation>
+				<xsd:documentation>
+					<![CDATA[
+	The unique identifier for a bean.
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+		<xsd:attribute name="repositoryBeanRef" type="xsd:string">
+			<xsd:annotation>
+				<xsd:documentation>
+					<![CDATA[
+	Reference of a bean.
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+	</xsd:attributeGroup>
+
+	<!-- simple internal types -->
+	<xsd:simpleType name="defaultable-boolean">
+		<xsd:restriction base="xsd:NMTOKEN">
+			<xsd:enumeration value="true" />
+			<xsd:enumeration value="false" />
+		</xsd:restriction>
+	</xsd:simpleType>
+
+
+
+	<xsd:simpleType name="encoders">
+		<xsd:restriction base="xsd:NMTOKEN">
+			<xsd:enumeration value="md5" />
+			<xsd:enumeration value="md5Hex" />
+			<xsd:enumeration value="sha" />
+			<xsd:enumeration value="shaHex" />
+			<xsd:enumeration value="custom" />
+		</xsd:restriction>
+	</xsd:simpleType>
+
+
+
+
+</xsd:schema>

sandbox/spring-security-config/src/test/java/org/acegisecurity/AppTest.java

@@ -0,0 +1,38 @@
+package org.acegisecurity;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+    extends TestCase
+{
+    /**
+     * Create the test case
+     *
+     * @param testName name of the test case
+     */
+    public AppTest( String testName )
+    {
+        super( testName );
+    }
+
+    /**
+     * @return the suite of tests being tested
+     */
+    public static Test suite()
+    {
+        return new TestSuite( AppTest.class );
+    }
+
+    /**
+     * Rigourous Test :-)
+     */
+    public void testApp()
+    {
+        assertTrue( true );
+    }
+}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/AuthenticationMechanismNamespaceTests.java

@@ -0,0 +1,25 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import org.acegisecurity.providers.ProviderManager;
+import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+import junit.framework.TestCase;
+
+/**
+ * @author vpuri
+ * 
+ */
+public class AuthenticationMechanismNamespaceTests extends TestCase {
+	public void testParserDefaults() {
+		ApplicationContext context = new ClassPathXmlApplicationContext(
+				"org/acegisecurity/config/remember-me-defaults.xml");
+		ProviderManager mgr = (ProviderManager) context.getBean("authenticationManager");
+		assertEquals(1, mgr.getProviders().size());
+		assertTrue(mgr.getProviders().get(0) instanceof DaoAuthenticationProvider);
+	}
+}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/AuthenticationProcessingFilterNamespaceTests.java

@@ -0,0 +1,25 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+import junit.framework.TestCase;
+
+/**
+ * @author vpuri
+ *
+ */
+public class AuthenticationProcessingFilterNamespaceTests extends TestCase {
+	
+	public void testAuthenticationFilterBeanDefinition() {
+		ApplicationContext context = new ClassPathXmlApplicationContext(
+		"org/acegisecurity/config/authentication-form-filter.xml");
+ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context
+		.getAutowireCapableBeanFactory();
+	}
+
+}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/AuthenticationRepositoryParserTest.java

@@ -0,0 +1,120 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import junit.framework.TestCase;
+
+import org.acegisecurity.providers.AuthenticationProvider;
+import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
+import org.acegisecurity.providers.dao.SaltSource;
+import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
+import org.acegisecurity.providers.encoding.PasswordEncoder;
+import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
+import org.acegisecurity.userdetails.jdbc.JdbcDaoImpl;
+import org.springframework.beans.PropertyValue;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+import org.springframework.util.Assert;
+
+/**
+ * @author vpuri
+ * 
+ */
+public class AuthenticationRepositoryParserTest extends TestCase {
+
+	public void testAuthenticationRepositoryDefaultWithAutoUserdetails() {
+		ApplicationContext context = new ClassPathXmlApplicationContext(
+				"org/acegisecurity/config/authentication-dao-defaults.xml");
+		ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
+				.getAutowireCapableBeanFactory();
+
+		String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
+		assertEquals(1, names.length);
+
+		// check bean class
+		RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
+		assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
+
+		DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
+		Assert.isAssignable(JdbcDaoImpl.class, provider.getUserDetailsService().getClass());
+
+	}
+
+	public void testCollaboratorsAsInnerBeans() {
+		ApplicationContext context = new ClassPathXmlApplicationContext(
+				"org/acegisecurity/config/authentication-innerbeans.xml");
+		ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
+				.getAutowireCapableBeanFactory();
+		// get the main bean definition, there should be only one
+		String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
+		assertEquals(1, names.length);
+		RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
+		assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
+
+		// get the 2 inner beans
+		PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
+		assertEquals("saltSource", saltSourceBean.getName());
+
+		// get the BeanDefinition
+		RootBeanDefinition saltsourceDef = (RootBeanDefinition) saltSourceBean.getValue();
+		Assert.isAssignable(SaltSource.class, saltsourceDef.getBeanClass());
+
+		PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
+		assertEquals("passwordEncoder", encoder.getName());
+
+		// get the BeanDefinition
+		RootBeanDefinition encoderDef = (RootBeanDefinition) encoder.getValue();
+		Assert.isAssignable(PasswordEncoder.class, encoderDef.getBeanClass());
+
+		assertEquals("incorrect bean class name", encoderDef.getBeanClassName(), Md5PasswordEncoder.class.getName());
+	}
+
+	public void testCollaboratorsAsBeanRef() {
+		ApplicationContext context = new ClassPathXmlApplicationContext(
+				"org/acegisecurity/config/authentication-beanRef-attributes.xml");
+		ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
+				.getAutowireCapableBeanFactory();
+		// get the main bean definition, there should be only one
+		String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
+		assertEquals(1, names.length);
+		RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
+		assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
+
+		// get the referred collaborators
+
+		PropertyValue userDetailsBean = definition.getPropertyValues().getPropertyValue("userDetailsService");
+		assertEquals("userDetailsService", userDetailsBean.getName());
+
+		PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
+		assertEquals("saltSource", saltSourceBean.getName());
+
+		// get the BeanDefinition
+		RuntimeBeanReference saltsourceDef = (RuntimeBeanReference) saltSourceBean.getValue();
+		assertEquals("refToSaltSource", saltsourceDef.getBeanName());
+
+		PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
+		assertEquals("passwordEncoder", encoder.getName());
+
+		// get the BeanDefinition
+		RuntimeBeanReference encoderDef = (RuntimeBeanReference) encoder.getValue();
+		assertEquals("refToPasswordEncoder", encoderDef.getBeanName());
+
+		DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
+		assertTrue(provider.getPasswordEncoder() instanceof PasswordEncoder);
+		assertEquals(Md5PasswordEncoder.class, provider.getPasswordEncoder().getClass());
+	}
+
+	public void testAutodetectionOfUserDetailsService() {
+		ApplicationContext context = new ClassPathXmlApplicationContext(
+				"org/acegisecurity/config/authentication-defaults.xml");
+		DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
+		assertNotNull(provider.getUserDetailsService());
+		assertNull(provider.getSaltSource());
+		assertEquals(PlaintextPasswordEncoder.class, provider.getPasswordEncoder().getClass());
+
+	}
+}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/ExceptionTranslationParserTests.java

@@ -0,0 +1,47 @@
+package org.acegisecurity.config;
+
+import javax.servlet.Filter;
+
+import junit.framework.TestCase;
+
+import org.acegisecurity.ui.ExceptionTranslationFilter;
+import org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;
+import org.springframework.beans.PropertyValue;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+public class ExceptionTranslationParserTests extends TestCase {
+
+	public void testParsingBeanReferences() {
+		ApplicationContext context = new ClassPathXmlApplicationContext(
+				"org/acegisecurity/config/exception-translation-beanref.xml");
+		ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context
+				.getAutowireCapableBeanFactory();
+		String[] beanNames = factory.getBeanNamesForType(Filter.class);
+		assertEquals(1, beanNames.length);
+		RootBeanDefinition def = (RootBeanDefinition) factory.getBeanDefinition(beanNames[0]);
+		assertEquals(ExceptionTranslationFilter.class.getName(), def.getBeanClassName());
+		// check collaborators
+		PropertyValue accessDeniedHandler = def.getPropertyValues().getPropertyValue("accessDeniedHandler");
+		assertNotNull(accessDeniedHandler);
+		assertEquals(accessDeniedHandler.getValue(), new RuntimeBeanReference("theBeanToUse"));
+		PropertyValue entryPoint = def.getPropertyValues().getPropertyValue("authenticationEntryPoint");
+		assertNotNull(entryPoint);
+		assertEquals(entryPoint.getValue(), new RuntimeBeanReference("authenticationProcessingFilterEntryPoint"));
+	}
+
+	public void testRuntimeBeanDependencies() {
+		ApplicationContext context = new ClassPathXmlApplicationContext(
+				"org/acegisecurity/config/exception-translation-beanref.xml");
+		ExceptionTranslationFilter filter = (ExceptionTranslationFilter) context.getBean("exceptionTranslationFilter");
+		AuthenticationProcessingFilterEntryPoint entryPoint = (AuthenticationProcessingFilterEntryPoint) filter
+				.getAuthenticationEntryPoint();
+		assertEquals("/acegilogin.jsp", entryPoint.getLoginFormUrl());
+		assertFalse(entryPoint.getForceHttps());
+
+	}
+
+}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/HttpSessionContextIntegrationParserTest.java

@@ -0,0 +1,44 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import javax.servlet.Filter;
+
+import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+
+import junit.framework.TestCase;
+
+/**
+ * @author vpuri
+ *
+ */
+public class HttpSessionContextIntegrationParserTest extends TestCase {
+	
+	public void testApplicationContext() {
+		ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/session-context-integration-defaults.xml");
+		ConfigurableListableBeanFactory clbf = 
+			(ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
+		
+		String[] names = clbf.getBeanNamesForType(Filter.class);
+		assertEquals(1, names.length);
+		
+		// check bean name
+		RootBeanDefinition definition = (RootBeanDefinition)clbf.getBeanDefinition(names[0]);
+		assertEquals(HttpSessionContextIntegrationFilter.class, definition.getBeanClass());
+		
+		// check properties
+		//get the bean
+		HttpSessionContextIntegrationFilter filter = (HttpSessionContextIntegrationFilter)context.getBean("httpSessionContextIntegrationFilter");
+		assertFalse(filter.isAllowSessionCreation());
+		assertNotNull(definition.getPropertyValues().getPropertyValue("allowSessionCreation"));
+		assertFalse(filter.isForceEagerSessionCreation());
+		assertFalse(filter.isCloneFromHttpSession());
+	}
+
+}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/LogoutFilterBeanDefinitionParserTests.java

@@ -0,0 +1,29 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import java.util.Map;
+
+import junit.framework.TestCase;
+
+import org.acegisecurity.ui.logout.LogoutHandler;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+/**
+ * @author vpuri
+ * 
+ */
+public class LogoutFilterBeanDefinitionParserTests extends TestCase {
+
+	public void testLogoutFilter() {
+		ApplicationContext context = new ClassPathXmlApplicationContext(
+				"org/acegisecurity/config/logout-filter-with-handlers.xml");
+		ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
+		Map m = bf.getBeansOfType(LogoutHandler.class);
+		assertEquals(2, m.size());
+	}
+
+}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/NamespaceTests.java

@@ -0,0 +1,22 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import junit.framework.TestCase;
+
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+/**
+ * @author vpuri
+ *
+ */
+public class NamespaceTests extends TestCase {
+	
+		
+	public void testPass() {
+		ApplicationContext c = new ClassPathXmlApplicationContext("org/acegisecurity/config/applicationContext-acegi-security.xml");
+	}
+
+}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/PrincipalRepositoryNamespaceTests.java

@@ -0,0 +1,66 @@
+/**
+ * 
+ */
+package org.acegisecurity.config;
+
+import junit.framework.TestCase;
+
+import org.acegisecurity.GrantedAuthority;
+import org.acegisecurity.GrantedAuthorityImpl;
+import org.acegisecurity.userdetails.User;
+import org.acegisecurity.userdetails.UserDetailsService;
+import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
+import org.acegisecurity.userdetails.memory.UserMap;
+import org.springframework.beans.PropertyValue;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+/**
+ * @author vpuri
+ * 
+ */
+public class PrincipalRepositoryNamespaceTests extends TestCase {
+
+	public void testParserWithUserDefinition() {
+		ApplicationContext context = new ClassPathXmlApplicationContext(
+				"org/acegisecurity/config/principal-repository-user-map.xml");
+
+		ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
+				.getAutowireCapableBeanFactory();
+
+		String[] names = clbf.getBeanNamesForType(UserDetailsService.class);
+		assertEquals(1, names.length);
+
+		RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
+		assertEquals(InMemoryDaoImpl.class, definition.getBeanClass());
+
+		UserMap map = new UserMap();
+
+		GrantedAuthority[] authotities = { new GrantedAuthorityImpl("ROLE_YO"), new GrantedAuthorityImpl("ROLE_YOYO") };
+
+		User user = new User("vishal", "nottellingya", true, true, true, true, authotities);
+
+		map.addUser(user);
+
+		assertPropertyValues(map, definition, "userMap");
+
+	}
+
+	private void assertPropertyValues(UserMap assertionValue, RootBeanDefinition definition, String property) {
+		PropertyValue propertyValue = definition.getPropertyValues().getPropertyValue(property);
+		assertNotNull(propertyValue);
+		assertTrue(propertyValue.getValue() instanceof UserMap);
+		UserMap users = (UserMap) propertyValue.getValue();
+		assertTrue(assertionValue.getUserCount() == users.getUserCount());
+		assertEquals(assertionValue.getUser("vishal"), users.getUser("vishal"));
+		assertTrue(users.getUser("vishal").isEnabled());
+		assertTrue(users.getUser("vishal").isAccountNonExpired());
+		assertTrue(users.getUser("vishal").isAccountNonLocked());
+		assertTrue(users.getUser("vishal").isCredentialsNonExpired());
+		assertEquals(2, users.getUser("vishal").getAuthorities().length);
+		assertEquals(new GrantedAuthorityImpl("ROLE_YO"), users.getUser("vishal").getAuthorities()[0]);
+		assertEquals(new GrantedAuthorityImpl("ROLE_YOYO"), users.getUser("vishal").getAuthorities()[1]);
+	}
+}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/RememberMeBeanDefinitionParserTest.java

@@ -0,0 +1,19 @@
+package org.acegisecurity.config;
+
+import junit.framework.TestCase;
+
+import org.acegisecurity.providers.ProviderManager;
+import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+public class RememberMeBeanDefinitionParserTest extends TestCase {
+	
+	public void testParserDefaults() {
+		ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/remember-me-defaults.xml");
+		ProviderManager mgr = (ProviderManager)context.getBean("authenticationManager");
+		assertEquals(1, mgr.getProviders().size());
+		assertTrue(mgr.getProviders().get(0) instanceof DaoAuthenticationProvider);
+	}
+
+}

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/applicationContext-acegi-security.xml

@@ -0,0 +1,176 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!--
+		- A simple "base bones" Acegi Security configuration.
+		-
+		- The sample includes the "popular" features that people tend to use.
+		- Specifically, form authentication, remember-me, and anonymous processing.
+		- Other features aren't setup, as these can be added later by inserting
+		- the relevant XML fragments as specified in the Reference Guide.
+		-
+		- To assist new users, the filters specified in the FilterChainProxy are
+		- declared in the application context in the same order. Collaborators
+		- required by those filters are placed at the end of the file.
+		-
+		- $Id: applicationContext-acegi-security.xml 1833 2007-05-17 23:06:46Z vishalpuri $
+	-->
+
+
+	<bean id="filterChainProxy"
+		class="org.acegisecurity.util.FilterChainProxy">
+		<property name="filterInvocationDefinitionSource">
+			<value>
+				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+				PATTERN_TYPE_APACHE_ANT
+				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
+			</value>
+		</property>
+	</bean>
+
+	<!-- sessionCreation defaults to ifRequired(true) always(true) never(false) . -->
+	<security:session-context-integration
+		id="httpSessionContextIntegrationFilter" sessionCreation="ifRequired" />
+
+
+	<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
+	<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
+	<security:logout-support id="logoutFilter"
+		redirectAfterLogoutUrl="/index.jsp" logoutUrl="/j_acegi_logout" />
+
+	<security:authentication-remember-me-services
+		id="rememberMeServices" key="someValue" />
+
+
+	<bean id="securityContextLogoutHandler"
+		class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
+
+	<!--  the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
+	<security:authentication-form id="authenticationProcessingFilter"
+		authenticationUrl="/j_acegi_security_check" defaultTargetUrl="/"
+		errorFormUrl="/acegilogin.jsp?login_error=1" />
+
+	<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order  -->
+	<security:authentication-mechanism id="authenticationManager">
+		<security:authentication-jdbc ref="daoAuthenticationProvider" />
+	</security:authentication-mechanism>
+
+
+	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
+	<security:principal-repository id="userDetailsService">
+		<security:properties
+			resource="classpath:org/acegisecurity/config/user.properties" />
+	</security:principal-repository>
+
+	<!-- dao authentication provider "authenticationRepository" -->
+	<security:authentication-repository id="daoAuthenticationProvider" />
+
+
+	<bean id="securityContextHolderAwareRequestFilter"
+		class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
+
+	<!-- makes the filter, but does little else, as it auto-detects everything -->
+	<security:authentication-remember-me-filter
+		id="rememberMeProcessingFilter" />
+
+	<bean id="anonymousProcessingFilter"
+		class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
+		<property name="key" value="changeThis" />
+		<property name="userAttribute"
+			value="anonymousUser,ROLE_ANONYMOUS" />
+	</bean>
+
+	<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it; 
+		alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
+		other props; i do not mind if you move the access denied stuff to a sub-element -->
+	<security:exception-translation id="exceptionTranslationFilter">
+		<security:entry-point
+			entryPointBeanRef="authenticationEntryPoint" />
+	</security:exception-translation>
+
+
+	<bean id="authenticationEntryPoint"
+		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+		<property name="loginFormUrl" value="/acegilogin.jsp" />
+		<property name="forceHttps" value="false" />
+	</bean>
+
+
+	<bean id="accessDeniedHandler"
+		class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
+		<property name="errorPage" value="/accessDenied.jsp" />
+	</bean>
+
+
+	<bean id="filterInvocationInterceptor"
+		class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
+		<property name="authenticationManager"
+			ref="authenticationManager" />
+		<property name="accessDecisionManager">
+			<bean class="org.acegisecurity.vote.AffirmativeBased">
+				<property name="allowIfAllAbstainDecisions"
+					value="false" />
+				<property name="decisionVoters">
+					<list>
+						<bean class="org.acegisecurity.vote.RoleVoter" />
+						<bean
+							class="org.acegisecurity.vote.AuthenticatedVoter" />
+					</list>
+				</property>
+			</bean>
+		</property>
+		<property name="objectDefinitionSource">
+			<value>
+				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+				PATTERN_TYPE_APACHE_ANT
+				/secure/extreme/**=ROLE_SUPERVISOR
+				/secure/**=IS_AUTHENTICATED_REMEMBERED
+				/**=IS_AUTHENTICATED_ANONYMOUSLY
+			</value>
+		</property>
+	</bean>
+
+
+	<!--<bean id="authenticationManager"
+		class="org.acegisecurity.providers.ProviderManager">
+		<property name="providers">
+		<list>
+		<ref local="daoAuthenticationProvider" />
+		<bean
+		class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
+		<property name="key" value="changeThis" />
+		</bean>
+		<bean
+		class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
+		<property name="key" value="changeThis" />
+		</bean>
+		</list>
+		</property>
+		</bean>-->
+
+	<bean id="userCache"
+		class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
+		<property name="cache">
+			<bean
+				class="org.springframework.cache.ehcache.EhCacheFactoryBean">
+				<property name="cacheManager">
+					<bean
+						class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
+				</property>
+				<property name="cacheName" value="userCache" />
+			</bean>
+		</property>
+	</bean>
+
+	<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
+	<bean id="loggerListener"
+		class="org.acegisecurity.event.authentication.LoggerListener" />
+
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authentication-basic-filter.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+	<!-- AuthenticationEntryPoints handled across the system via Ordered interface; every Acegi entry point has an order; the highest order wins and
+		is used as the entry point by ExceptionTranslationFilter; for things like BasicAuthenticationfilter, they're smart enough to know they need a
+		BasicAuthenticationProcessingFilterEntryPoint, so they use that one; here we have an entryPointOrder to say when we make the BasicEntryPoint,
+		we will call setOrder(2) such that this app effectively will use somehing with a higher order as the app-wide default -->
+	<security:authentication-basic id="id"
+		realmName="Spring Security Application" entryPointOrder="2" />
+
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authentication-beanRef-attributes.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+	<security:authentication-repository id="authenticationRepository" repositoryBeanRef="refToUserDetailsService">
+		<security:salt-source saltSourceBeanRef="refToSaltSource"/>
+		<security:password-encoder encoderBeanRef="refToPasswordEncoder"/>		
+	</security:authentication-repository>
+
+	<bean id="refToUserDetailsService"
+		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
+		<property name="dataSource">
+			<ref bean="dataSource" />
+		</property>
+	</bean>
+
+	<bean id="dataSource"
+		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
+		<property name="driverClassName">
+			<value>org.hsqldb.jdbcDriver</value>
+		</property>
+		<property name="url">
+			<value>jdbc:hsqldb:mem:test</value>
+			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
+		</property>
+		<property name="username">
+			<value>sa</value>
+		</property>
+		<property name="password">
+			<value></value>
+		</property>
+	</bean>
+	
+	<bean id="refToSaltSource"
+		class="org.acegisecurity.providers.dao.salt.SystemWideSaltSource">
+		<property name="systemWideSalt">
+			<value>12345</value>
+		</property>
+	</bean>
+
+	<bean id="refToPasswordEncoder"
+		class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
+	
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authentication-dao-defaults.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+	<!-- Case 1: defaults (userDetailsService mandatory)-->
+	<!--  autocreate userDetailsService with dataSource(search in ctx) injected -->
+
+	<security:authentication-repository id="authenticationRepository">
+		<security:password-encoder encoderBeanRef="passwordEncoder" />
+	</security:authentication-repository>
+
+	<bean id="userDetailsService"
+		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
+		<property name="dataSource">
+			<ref bean="dataSource" />
+		</property>
+	</bean>
+
+	<bean id="dataSource"
+		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
+		<property name="driverClassName">
+			<value>org.hsqldb.jdbcDriver</value>
+		</property>
+		<property name="url">
+			<value>jdbc:hsqldb:mem:test</value>
+			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
+		</property>
+		<property name="username">
+			<value>sa</value>
+		</property>
+		<property name="password">
+			<value></value>
+		</property>
+	</bean>
+
+	<bean id="saltSource"
+		class="org.acegisecurity.providers.dao.salt.SystemWideSaltSource">
+		<property name="systemWideSalt">
+			<value>12345</value>
+		</property>
+	</bean>
+
+	<bean id="passwordEncoder"
+		class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authentication-defaults.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+	<security:authentication-repository id="authenticationRepository"/>
+
+	<bean id="userDetailsService"
+		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
+		<property name="dataSource">
+			<ref bean="dataSource" />
+		</property>
+	</bean>
+
+	<bean id="dataSource"
+		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
+		<property name="driverClassName">
+			<value>org.hsqldb.jdbcDriver</value>
+		</property>
+		<property name="url">
+			<value>jdbc:hsqldb:mem:test</value>
+			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
+		</property>
+		<property name="username">
+			<value>sa</value>
+		</property>
+		<property name="password">
+			<value></value>
+		</property>
+	</bean>
+	
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authentication-form-filter.xml

@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+
+	<!--  the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
+	<security:authentication-form id="authenticationProcessinFilter"
+		authenticationUrl="/login" defaultTargetUrl="/login.html"
+		errorFormUrl="error.html" />
+
+	<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order  -->
+	<security:authentication-mechanism id="authenticationManager">
+		<security:authentication-jdbc ref="authenticationRepository"/>
+	</security:authentication-mechanism>
+
+	<!-- dao authentication provider -->
+	<security:authentication-repository id="authenticationRepository" repositoryBeanRef="userDetailsService"/>
+
+	<security:authentication-remember-me-services
+		id="rememberMeServices" key="someValue" />
+
+	<bean id="userDetailsService"
+		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
+		<property name="dataSource">
+			<ref bean="dataSource" />
+		</property>
+	</bean>
+
+	<bean id="dataSource"
+		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
+		<property name="driverClassName">
+			<value>org.hsqldb.jdbcDriver</value>
+		</property>
+		<property name="url">
+			<value>jdbc:hsqldb:mem:test</value>
+			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
+		</property>
+		<property name="username">
+			<value>sa</value>
+		</property>
+		<property name="password">
+			<value></value>
+		</property>
+	</bean>
+
+
+</beans>
+

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authentication-innerbeans.xml

@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+	<!-- Case 1: defaults (userDetailsService mandatory)-->
+	<!--  autocreate userDetailsService with dataSource(search in ctx) injected -->
+
+	<security:authentication-repository id="authenticationRepository">
+		<security:salt-source>
+			<security:system-wide systemWideSalt="12345" />
+		</security:salt-source>
+		<security:password-encoder>
+			<security:encoder method="md5" />
+		</security:password-encoder>
+	</security:authentication-repository>
+
+	<bean id="AnyBeanIdAsThisBeanWillBeAutoDetectedAndInjectedInauthenticationRepositoryUsingAutoWireByType"
+		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
+		<property name="dataSource">
+			<ref bean="dataSource" />
+		</property>
+	</bean>
+
+	<bean id="dataSource"
+		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
+		<property name="driverClassName">
+			<value>org.hsqldb.jdbcDriver</value>
+		</property>
+		<property name="url">
+			<value>jdbc:hsqldb:mem:test</value>
+			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
+		</property>
+		<property name="username">
+			<value>sa</value>
+		</property>
+		<property name="password">
+			<value></value>
+		</property>
+	</bean>
+	
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/exception-translation-autodetect-handler.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+
+	<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it; 
+		alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
+		other props; i do not mind if you move the access denied stuff to a sub-element -->
+	<security:exception-translation id="exceptionTranslationFilter">
+		<security:entry-point
+			entryPointBeanRef="authenticationProcessingFilterEntryPoint" />
+	</security:exception-translation>
+
+	<bean id="theBeanToUse"
+		class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
+		<property name="errorPage" value="/accessDenied.jsp" />
+		</bean>
+		
+	<bean id="authenticationProcessingFilterEntryPoint"
+		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+		<property name="loginFormUrl">
+			<value>/acegilogin.jsp</value>
+		</property>
+		<property name="forceHttps">
+			<value>false</value>
+		</property>
+	</bean>
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/exception-translation-beanref.xml

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+
+	<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it; 
+		alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
+		other props; i do not mind if you move the access denied stuff to a sub-element -->
+	<security:exception-translation id="exceptionTranslationFilter">
+		<security:access-denied accessDeniedBeanRef="theBeanToUse" />
+		<security:entry-point
+			entryPointBeanRef="authenticationProcessingFilterEntryPoint" />
+	</security:exception-translation>
+
+	<bean id="theBeanToUse"
+		class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
+		<property name="errorPage" value="/accessDenied.jsp" />
+	</bean>
+
+	<bean id="authenticationProcessingFilterEntryPoint"
+		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+		<property name="loginFormUrl">
+			<value>/acegilogin.jsp</value>
+		</property>
+		<property name="forceHttps">
+			<value>false</value>
+		</property>
+	</bean>
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/logout-filter-with-handlers.xml

@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+	<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
+	<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
+	<security:logout-support id="logoutFilter" logoutUrl="/logout" redirectAfterLogoutUrl="/"/>
+	
+	
+	
+	<security:authentication-remember-me-services
+		id="rememberMeServices" key="someValue" />
+
+	<bean id="SecurityContextLogoutHandler"
+		class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
+
+	<security:principal-repository id="userDetailsService">
+		<security:user-definition username="vishal"
+			password="nottellingya" enabled="true">
+			<security:granted-authority authority="ROLE_YO" />
+			<security:granted-authority authority="ROLE_YOYO" />
+			<!-- TODO: <security:granted-authority-ref authorityBeanRef="fooBarAuthority"/>-->
+		</security:user-definition>
+	</security:principal-repository>
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/principal-repository-jdbc.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+	<!-- userDetailsService, This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
+		beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
+		If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
+		
+	<!--<security:security-autoconfig/>	-->
+	
+	<security:principal-repository id="userDetailsService">
+		<security:jdbc dataSourceBeanRef="dataSource"/>
+	</security:principal-repository>
+
+	<bean id="dataSource"
+		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
+		<property name="driverClassName">
+			<value>org.hsqldb.jdbcDriver</value>
+		</property>
+		<property name="url">
+			<value>jdbc:hsqldb:mem:test</value>
+			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
+		</property>
+		<property name="username">
+			<value>sa</value>
+		</property>
+		<property name="password">
+			<value></value>
+		</property>
+	</bean>
+	
+	<!--<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
+		<property name="dataSource" ref="dataSource"></property>
+	</bean>-->
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/principal-repository-properties.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+	<!-- userDetailsService, This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
+		beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
+		If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
+		
+	<security:principal-repository id="userDetailsService">
+		<security:properties resource="classpath:org/acegisecurity/config/user.properties"/>
+	</security:principal-repository>
+	
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/principal-repository-user-map.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+	<!-- userDetailsService, This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
+		beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
+		If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
+		
+	<security:principal-repository id="userDetailsService">
+			<security:user-definition username="vishal" password="nottellingya" enabled="true">
+				<security:granted-authority authority="ROLE_YO"/>
+			    <security:granted-authority authority="ROLE_YOYO"/>
+			    <!-- TODO: <security:granted-authority-ref authorityBeanRef="fooBarAuthority"/>-->
+			</security:user-definition>
+	</security:principal-repository>
+	
+	<!-- TODO: <security:granted-authority id="fooBarAuthority" authority="ROLE_FOOBAR"/> -->
+	
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/remember-me-defaults.xml

@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+	<!-- ======================== AUTHENTICATION ======================= -->
+
+	<!-- makes the filter, but does little else, as it auto-detects everything -->
+	<security:authentication-remember-me-filter id="rememberMeFilter" rememberMeServicesBeanRef="rememberMeServices" />
+
+	<!-- services should auto-detect UserDetails from app ctx if principalRepository was not specified; -->
+	<!-- key is optional; if unspecified, in the NamespaceHandler pick a rnd int and use for all unspecified key properties for acegi beans -->
+	<security:authentication-remember-me-services
+		id="rememberMeServices" key="someValue"
+		principalRepositoryBeanRef="userDetailsService" />
+
+	<!-- The rules are:
+		AuthenticationManager interface is implemented by ProviderManager
+		So if you have any auto-detection, create a ProviderManager definition
+		If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
+		Every authentication mechanism OR provider must start with security:authentication-something
+		Use appropriate attrs and elements depending on provider or mechanism
+		-->
+	<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order  -->
+	<security:authentication-mechanism id="authenticationManager">	
+			<security:authentication-jdbc ref="authenticationRepository"/>			
+	</security:authentication-mechanism>
+
+	
+	<!--<bean id="authenticationManager"
+		class="org.acegisecurity.providers.ProviderManager">
+		  
+		 <property name="providers">
+			<list>
+				<ref local="authenticationRepository" />
+			</list>
+		</property>
+	</bean>-->
+	
+	<!-- dao authentication provider -->
+	<security:authentication-repository id="authenticationRepository" />
+	
+
+
+	<bean id="userDetailsService" 
+		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
+		<property name="dataSource">
+			<ref bean="dataSource" />
+		</property>
+	</bean>
+
+	<bean id="dataSource"
+		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
+		<property name="driverClassName">
+			<value>org.hsqldb.jdbcDriver</value>
+		</property>
+		<property name="url">
+			<value>jdbc:hsqldb:mem:test</value>
+			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
+		</property>
+		<property name="username">
+			<value>sa</value>
+		</property>
+		<property name="password">
+			<value></value>
+		</property>
+	</bean>
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/security-autoconfig-autodetect.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+
+	<!-- introspect all bean definitions for an explicit object of a "required" type, and if not found, add it. You can turn OFF ones you dont want added via attributes -->
+	<security:security-autoconfig exceptionTranslation="disable"
+		sessionContextIntegration="disable" logoutSupport="disable"
+		filterChain="disable" servletRequestEmulation="disabled"
+		anonyomousRoleGranter="disabled" />
+
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/security-namespaces.xml

@@ -0,0 +1,183 @@
+ <?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+	<!-- introspect all bean definitions for an explicit object of a "required" type, and if not found, add it. You can turn OFF ones you dont want added via attributes -->
+	<security:security-autoconfig exceptionTranslation="disable"
+		sessionContextIntegration="disable" logoutSupport="disable"
+		filterChain="disable" servletRequestEmulation="disabled"
+		anonyomousRoleGranter="disabled" />
+
+	<!-- autodetect attribute is the default, and an exception is thrown if false, as the expectation is they will write their own legacy <beans> format
+		FilterChainProxy bean definition is dissatisfied with the auto approach. The auto approach simply creates a bean definition similar to that shown
+		below with the AUTODETECT_ALL_ORDERED_FILTERs. As suggested, this causes a runtime check of app ctx for all javax.servlet.Filter instances, and
+		for each that also implemented Ordered, these are automatically applied to the pattern shown (which is **/* in the case of autodetect=true).*-->
+	<security:filter-chain id="id" />
+	<bean id="dcdc" class="FilterChainProxy">
+		<property name="chainConfig">
+			<value>
+				**/*=AUTODETECT_ALL_ORDERED_FILTERS
+				**/*=filter1,filter2,filter3
+			</value>
+		</property>
+	</bean>
+	<!--  also provide an OrderedFilterAdapter, impls Filter and Ordered, and can be configured declaratively in Spring XML (eg SiteMesh), setOrder, setDelegate(Filter object) -->
+
+	<!-- creates a bean definition for an AccessDecisionManager; strategy defaults to AffirmativeBased; 
+		superclass AbstractAccessDecisionManager requires refactoring so if no setProvider(List) given, it introspects app ctx for all AccessDecisionVoters
+		and uses their Ordered interface to apply them; if one doesn't implement Ordered, assume it is Integer.MAX_VALUE -->
+	<security:authorization-manager id="id"
+		strategy="consensus|unanimous|affirmative" />t
+
+	<!-- ======================== AUTHENTICATION ======================= -->
+
+	<!-- sessionCreation defaults to ifRequired. -->
+	<security:session-context-integration
+		id="httpSessionContextIntegrationFilter"
+		sessionCreation="never|ifRequired|always" />
+
+	<!-- The rules are:
+		AuthenticationManager interface is implemented by ProviderManager
+		So if you have any auto-detection, create a ProviderManager definition
+		If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
+		Every authentication mechanism OR provider must start with security:authentication-something
+		Use appropriate attrs and elements depending on provider or mechanism
+	-->
+	<security:authentication-repository id="id"
+		repositoryBeanRef="beanIdOfRepositoryIfUnspecifiedAutoDetectTheirUserDetailsInstance">
+		<security:salt-source
+			saltSourceBeanRef="beanRefOfAnExternalEncoder" />
+		<!--  or allow it to be written inline as an inner bean -->
+		<security:password-encoder
+			encoder="md5|md5Hex|sha|shaHex|custom"
+			encoderBeanRef="beanRefOfAnExternalEncoder" />
+		<!-- same story here, inner beans allowed -->
+	</security:authentication-repository>
+
+	<security:salt-source>
+		<security:system-wide systemWideSalt="12345" />
+		<security-reflection userPropertyToUse="sss" />
+	</security:salt-source>
+
+
+	<!--  the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
+	<security:authentication-form id="id" authenticationUrl="/login"
+		loginFormUrl="/login.html" errorFormUrl="error.html" />
+
+	<!-- AuthenticationEntryPoints handled across the system via Ordered interface; every Acegi entry point has an order; the highest order wins and
+		is used as the entry point by ExceptionTranslationFilter; for things like BasicAuthenticationfilter, they're smart enough to know they need a
+		BasicAuthenticationProcessingFilterEntryPoint, so they use that one; here we have an entryPointOrder to say when we make the BasicEntryPoint,
+		we will call setOrder(2) such that this app effectively will use somehing with a higher order as the app-wide default -->
+	<security:authentication-basic id="id"
+		realmName="Spring Security Application" entryPointOrder="2" />
+
+	<!-- This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
+		beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
+		If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
+	<security:principal-repository id="id">
+		<security:ldap
+			x="you can do the attributes and suitable nested elements" />
+		<security:jdbc
+			x="you can do the attributes and suitable nested elements" />
+		<security:properties
+			location="resourceStringToPropertiesFile">
+<!-- if they specify a resource attrib, that means throw exception if they nest some user-definition data) -->
+			<security:user-definition username="ben"
+				password="nottellingYou" enabled="true"
+				it="more stuff if you want">
+				<security:granted-authority authority="ROLE_ANONYMOUS" />
+				<ref bean="fooBarAuthority" />
+			</security:user-definition>
+		</security:properties>
+	</security:principal-repository>
+
+	<!-- makes the filter, but does little else, as it auto-detects everything -->
+	<security:authentication-remember-me-filter id="id"
+		rememberMeServicesBeanRef="theId" />
+
+	<!-- services should auto-detect UserDetails from app ctx if principalRepository was not specified; key is handled in same way as discussed earlier -->
+	<security:authentication-remember-me-services id="id"
+		key="someValue" principalRepositoryBeanRef="jdbcDaoImpl" />
+
+	<!-- key is optional; if unspecified, in the NamespaceHandler pick a rnd int and use for all unspecified key properties for acegi beans -->
+	<security:anonymous-role-granter id="id" key="someValue">
+		<security:granted-authority authority="ROLE_ANONYMOUS" />
+		<ref bean="fooBarAuthority" />
+	</security:anonymous-role-granter>
+
+	<security:granted-authority id="fooBarAuthority"
+		authority="ROLE_FOOBAR" />
+
+	<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
+	<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
+	<security:logout-support id="logoutFilter"
+		redirectAfterLogoutUrl="/" logoutUrl="/logout" />
+
+
+	<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
+
+	<!--  channel security out of scope; they use existing bean definition format; the channel filter will auto-detect and use Ordered interface as discussed above -->
+
+	<!--  any kind of ACL support is out of scope; frankly it is too hard for 1.1.0 -->
+
+	<!-- ensure element name is not overlapping with portlet or spring web flow or tapestry URI patterns, as this filter is incompatible with them -->
+	<security:authorization-http-url>
+		<security:url-mapping
+			source="xml - the default and no other options"
+			sourceBeanId="referenceToTheirObjectDefinitionSource">
+			<!-- Specify security:uri-patterns in order of processing; each pattern must specify EITHER a regularExpression OR a path, but not both
+				and ALL patterns in the url-mapping MUST be of the SAME type (ie cannot mix a regular expression and Ant Path) - give exception if tried -->
+			<security:uri-pattern path="/index.jsp"
+				regularExpression="whatever">
+				<security:configuration-attribute attribute="ROLE_A" />
+				<ref
+					bean="someExternalConfigurationAttributeThatIsATopLevelBean" />
+			</security:uri-pattern>
+			<security:uri-pattern path="/**"
+				regularExperssion="whatever">
+				<security:configuration-attribute attribute="ROLE_A" />
+				<ref
+					bean="someExternalConfigurationAttributeThatIsATopLevelBean" />
+			</security:uri-pattern>
+		</security:url-mapping>
+	</security:authorization-http-url>
+
+	<!-- the source refers to use of the relevant concete ObjectDefinitionSource; user can alternately specify their own instance and refer to it
+		via the sourceBeanId property; in that case they must specify "custom"; if unspecified, it means it's described as nested elements using the
+		security:method-pattern element, and you will therefore create it via the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
+		For aspectj and springAop, that means create a MethodSecurityInterceptor and AspectJSecurityInterceptor bean definition respectively (in the case of
+		springAop, also create a MethodDefinitionSourceAdvisor); defaults to springAop=true, aspectJ=false -->
+	<security:authorization-joinpoint aspectj="false|true"
+		springAop="true|false">
+		<security:url-mapping source="custom|xml|attributes|annotations"
+			sourceBeanId="referenceToTheirObjectDefinitionSource">
+			<security:method-pattern
+				type="com.foo.Bar.whateverMethodNamePattern">
+				<security:configuration-attribute attribute="ROLE_A" />
+				<ref
+					bean="someExternalConfigurationAttributeThatIsATopLevelBean" />
+			</security:method-pattern>
+		</security:url-mapping>
+		<!-- if get time, do a new security:pointcut-pattern -->
+	</security:authorization-joinpoint>
+
+
+	<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it; 
+		alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
+		other props; i do not mind if you move the access denied stuff to a sub-element -->
+	<security:exception-translation id="id"
+		accessDeniedUrl="/accessDenied.jsp"
+		accessDeniedBeanRef="theBeanToUse">
+		<security:entry-point path="/acegilogin.jsp" https="boolean" />
+	</security:exception-translation>
+
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/session-context-integration-defaults.xml

@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+	<!-- ======================== AUTHENTICATION ======================= -->
+
+	<!-- sessionCreation defaults to ifRequired(true) always(true) never(false) . -->
+	<security:session-context-integration id="httpSessionContextIntegrationFilter" sessionCreation="never"	/>
+
+	<!-- The rules are:
+		AuthenticationManager interface is implemented by ProviderManager
+		So if you have any auto-detection, create a ProviderManager definition
+		If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
+		Every authentication mechanism OR provider must start with security:authentication-something
+		Use appropriate attrs and elements depending on provider or mechanism
+	-->
+	
+	
+	<!-- Case 1 	
+	<security:authentication-repository id="id" repositoryBeanRef="userDetails">
+		<security:salt-source
+			saltSourceBeanRef="beanRefOfAnExternalEncoder" />
+		  or allow it to be written inline as an inner bean 
+		<security:password-encoder
+			encoder="md5|md5Hex|sha|shaHex|custom"
+			encoderBeanRef="beanRefOfAnExternalEncoder" />
+		 same story here, inner beans allowed 
+	</security:authentication-repository>
+	
+	<bean id="userDetails" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
+      <property name="dataSource"><ref bean="dataSource"/></property>
+    </bean>
+    
+     Case 2: autodetect userDetails
+    <security:authentication-repository id="id">
+		<security:salt-source
+			saltSourceBeanRef="beanRefOfAnExternalEncoder" />
+		  or allow it to be written inline as an inner bean 
+		<security:password-encoder
+			encoder="md5|md5Hex|sha|shaHex|custom"
+			encoderBeanRef="beanRefOfAnExternalEncoder" />
+		 same story here, inner beans allowed 
+	</security:authentication-repository>
+	
+	 Case 3: inner beans 
+	<security:authentication-repository id="id"
+		ref="userDetails">
+		<security:salt-source propertyName="propertyValue" />
+		  or allow it to be written inline as an inner bean 
+		<security:password-encoder encoder="md5" />
+		 same story here, inner beans allowed 
+	</security:authentication-repository>
+--></beans>
+

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/user.properties

@@ -0,0 +1,2 @@
+vishal=ity,ROLE_ADMIN
+ity=vishal,ROLE_TELLER