SEC-1132: More refactoring to remove cycles ad reduce complexity metrics

config/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java

@@ -12,7 +12,7 @@ import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
 import org.springframework.security.authentication.concurrent.SessionRegistryImpl;
-import org.springframework.security.web.concurrent.ConcurrentSessionFilter;
+import org.springframework.security.web.authentication.concurrent.ConcurrentSessionFilter;
 import org.springframework.util.StringUtils;
 import org.w3c.dom.Element;
 

config/src/main/java/org/springframework/security/config/EntryPointInjectionBeanPostProcessor.java

@@ -10,7 +10,7 @@ import org.springframework.beans.factory.BeanFactoryAware;
 import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
 import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.security.web.ExceptionTranslationFilter;
+import org.springframework.security.web.access.ExceptionTranslationFilter;
 import org.springframework.util.Assert;
 
 /**

config/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java

@@ -19,17 +19,17 @@ import org.springframework.core.Ordered;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.config.ConfigUtils.FilterChainList;
-import org.springframework.security.web.ExceptionTranslationFilter;
 import org.springframework.security.web.FilterChainProxy;
-import org.springframework.security.web.SessionFixationProtectionFilter;
+import org.springframework.security.web.access.ExceptionTranslationFilter;
+import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.authentication.AnonymousProcessingFilter;
 import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
-import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
+import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 import org.springframework.security.web.authentication.www.BasicProcessingFilter;
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
-import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.intercept.FilterSecurityInterceptor;
+import org.springframework.security.web.session.SessionFixationProtectionFilter;
 import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
 
 /**

config/src/main/java/org/springframework/security/config/FilterInvocationSecurityMetadataSourceBeanDefinitionParser.java

@@ -7,8 +7,8 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.intercept.RequestKey;
+import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.access.intercept.RequestKey;
 import org.springframework.security.web.util.AntUrlPathMatcher;
 import org.springframework.security.web.util.UrlMatcher;
 import org.springframework.util.StringUtils;
@@ -24,7 +24,7 @@ import org.w3c.dom.Element;
 public class FilterInvocationSecurityMetadataSourceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
 
     protected String getBeanClassName(Element element) {
-        return "org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource";
+        return "org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource";
     }
 
     protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {

config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java

@@ -8,9 +8,9 @@ import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
-import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 import org.springframework.util.StringUtils;
 
 import org.w3c.dom.Element;

config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java

@@ -23,23 +23,23 @@ import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.access.vote.AccessDecisionVoter;
 import org.springframework.security.access.vote.AuthenticatedVoter;
 import org.springframework.security.access.vote.RoleVoter;
-import org.springframework.security.web.AccessDeniedHandlerImpl;
-import org.springframework.security.web.ExceptionTranslationFilter;
 import org.springframework.security.web.FilterChainProxy;
-import org.springframework.security.web.SessionFixationProtectionFilter;
-import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
+import org.springframework.security.web.access.AccessDeniedHandlerImpl;
+import org.springframework.security.web.access.ExceptionTranslationFilter;
+import org.springframework.security.web.access.channel.ChannelDecisionManagerImpl;
+import org.springframework.security.web.access.channel.ChannelProcessingFilter;
+import org.springframework.security.web.access.channel.InsecureChannelProcessor;
+import org.springframework.security.web.access.channel.RetryWithHttpEntryPoint;
+import org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint;
+import org.springframework.security.web.access.channel.SecureChannelProcessor;
+import org.springframework.security.web.access.expression.WebExpressionVoter;
+import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
+import org.springframework.security.web.access.intercept.RequestKey;
+import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
-import org.springframework.security.web.expression.WebExpressionVoter;
-import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.intercept.FilterSecurityInterceptor;
-import org.springframework.security.web.intercept.RequestKey;
-import org.springframework.security.web.securechannel.ChannelDecisionManagerImpl;
-import org.springframework.security.web.securechannel.ChannelProcessingFilter;
-import org.springframework.security.web.securechannel.InsecureChannelProcessor;
-import org.springframework.security.web.securechannel.RetryWithHttpEntryPoint;
-import org.springframework.security.web.securechannel.RetryWithHttpsEntryPoint;
-import org.springframework.security.web.securechannel.SecureChannelProcessor;
+import org.springframework.security.web.session.SessionFixationProtectionFilter;
 import org.springframework.security.web.util.AntUrlPathMatcher;
 import org.springframework.security.web.util.RegexUrlPathMatcher;
 import org.springframework.security.web.util.UrlMatcher;
@@ -112,8 +112,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
     static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider";
     static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.AuthenticationProcessingFilter";
 
-    static final String EXPRESSION_FIMDS_CLASS = "org.springframework.security.web.expression.ExpressionBasedFilterInvocationSecurityMetadataSource";
-    static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.web.expression.DefaultWebSecurityExpressionHandler";
+    static final String EXPRESSION_FIMDS_CLASS = "org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource";
+    static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler";
     private static final String EXPRESSION_HANDLER_ID = "_webExpressionHandler";
 
     @SuppressWarnings("unchecked")

config/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java

@@ -36,7 +36,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
     public static final String PERSON_MAPPER_CLASS = "org.springframework.security.ldap.userdetails.PersonContextMapper";
     public static final String INET_ORG_PERSON_MAPPER_CLASS = "org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper";
     public static final String LDAP_USER_MAPPER_CLASS = "org.springframework.security.ldap.userdetails.LdapUserDetailsMapper";
-    public static final String LDAP_AUTHORITIES_POPULATOR_CLASS = "org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator";
+    public static final String LDAP_AUTHORITIES_POPULATOR_CLASS = "org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator";
 
     protected String getBeanClassName(Element element) {
         return "org.springframework.security.ldap.userdetails.LdapUserDetailsService";

config/src/main/java/org/springframework/security/config/LogoutBeanDefinitionParser.java

@@ -6,8 +6,8 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.ManagedList;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.web.logout.LogoutFilter;
-import org.springframework.security.web.logout.SecurityContextLogoutHandler;
+import org.springframework.security.web.authentication.logout.LogoutFilter;
+import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.util.StringUtils;
 import org.w3c.dom.Element;
 

config/src/main/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessor.java

@@ -11,8 +11,8 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.security.authentication.concurrent.ConcurrentSessionController;
 import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
 import org.springframework.security.authentication.concurrent.SessionRegistry;
-import org.springframework.security.web.SessionFixationProtectionFilter;
 import org.springframework.security.web.authentication.AbstractProcessingFilter;
+import org.springframework.security.web.session.SessionFixationProtectionFilter;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

config/src/test/java/org/springframework/security/config/FilterInvocationSecurityMetadataSourceBeanDefinitionParserTests.java

@@ -15,7 +15,7 @@ import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.web.FilterInvocation;
-import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
 import org.w3c.dom.Element;
 
 /**
@@ -59,7 +59,7 @@ public class FilterInvocationSecurityMetadataSourceBeanDefinitionParserTests {
     public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
         setContext(
                 "<http auto-config='true'/>" +
-                "<b:bean id='fsi' class='org.springframework.security.web.intercept.FilterSecurityInterceptor' autowire='byType'>" +
+                "<b:bean id='fsi' class='org.springframework.security.web.access.intercept.FilterSecurityInterceptor' autowire='byType'>" +
                 "   <b:property name='securityMetadataSource'>" +
                 "       <filter-invocation-definition-source>" +
                 "           <intercept-url pattern='/secure/extreme/**' access='ROLE_SUPERVISOR'/>" +

config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java

@@ -33,35 +33,35 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.openid.OpenIDAuthenticationProcessingFilter;
 import org.springframework.security.openid.OpenIDAuthenticationProvider;
 import org.springframework.security.util.FieldUtils;
-import org.springframework.security.web.AccessDeniedHandlerImpl;
-import org.springframework.security.web.ExceptionTranslationFilter;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.PortMapperImpl;
-import org.springframework.security.web.SessionFixationProtectionFilter;
+import org.springframework.security.web.access.AccessDeniedHandlerImpl;
+import org.springframework.security.web.access.ExceptionTranslationFilter;
+import org.springframework.security.web.access.channel.ChannelProcessingFilter;
+import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
+import org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.authentication.AnonymousProcessingFilter;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
+import org.springframework.security.web.authentication.concurrent.ConcurrentSessionFilter;
+import org.springframework.security.web.authentication.logout.LogoutFilter;
+import org.springframework.security.web.authentication.logout.LogoutHandler;
 import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
 import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
 import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
 import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
+import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 import org.springframework.security.web.authentication.www.BasicProcessingFilter;
-import org.springframework.security.web.concurrent.ConcurrentSessionFilter;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
-import org.springframework.security.web.expression.DefaultWebSecurityExpressionHandler;
-import org.springframework.security.web.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.intercept.FilterSecurityInterceptor;
-import org.springframework.security.web.logout.LogoutFilter;
-import org.springframework.security.web.logout.LogoutHandler;
-import org.springframework.security.web.securechannel.ChannelProcessingFilter;
+import org.springframework.security.web.session.SessionFixationProtectionFilter;
 import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
 import org.springframework.util.ReflectionUtils;
 

config/src/test/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParserTests.java

@@ -13,8 +13,8 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.GrantedAuthorityImpl;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
 import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
+import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
 import org.springframework.security.ldap.userdetails.InetOrgPerson;
 import org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;

core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java

@@ -7,7 +7,6 @@ import java.util.Date;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.codec.binary.Hex;
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.util.Sha512DigestUtils;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 

core/src/main/java/org/springframework/security/util/Sha512DigestUtils.java → core/src/main/java/org/springframework/security/core/token/Sha512DigestUtils.java

@@ -1,4 +1,4 @@
-package org.springframework.security.util;
+package org.springframework.security.core.token;
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;

itest/context/src/test/resources/filter-chain-performance-app-context.xml

@@ -57,16 +57,16 @@
     <bean id="preAuthenticatedProcessingFilterEntryPoint"
             class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
 
-    <bean id="logoutFilter" class="org.springframework.security.web.logout.LogoutFilter">
+    <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
         <constructor-arg value="/"/>
         <constructor-arg>
             <list>
-                <bean class="org.springframework.security.web.logout.SecurityContextLogoutHandler"/>
+                <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
             </list>
         </constructor-arg>
     </bean>
 
-    <bean id="etf" class="org.springframework.security.web.ExceptionTranslationFilter">
+    <bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter">
         <property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/>
     </bean>
 
@@ -88,7 +88,7 @@
         </property>
     </bean>
 
-    <bean id="fsi" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
+    <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
         <property name="authenticationManager" ref="authenticationManager"/>
         <property name="accessDecisionManager" ref="accessDecisionManager"/>
         <property name="securityMetadataSource">

ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticator.java

@@ -16,8 +16,7 @@
 package org.springframework.security.ldap.authentication;
 
 import org.springframework.security.core.SpringSecurityMessageSource;
-import org.springframework.security.ldap.LdapAuthenticator;
-import org.springframework.security.ldap.LdapUserSearch;
+import org.springframework.security.ldap.search.LdapUserSearch;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;

ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java

@@ -28,9 +28,8 @@ import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.ldap.LdapAuthenticator;
-import org.springframework.security.ldap.LdapAuthoritiesPopulator;
-import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
 import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
 import org.springframework.context.MessageSource;

ldap/src/main/java/org/springframework/security/ldap/LdapAuthenticator.java → ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticator.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.ldap;
+package org.springframework.security.ldap.authentication;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.ldap.core.DirContextOperations;
@@ -28,8 +28,8 @@ import org.springframework.ldap.core.DirContextOperations;
  * @author Luke Taylor
  * @version $Id$
  *
- * @see org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator
- * @see org.springframework.security.ldap.populator.UserDetailsServiceLdapAuthoritiesPopulator
+ * @see org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
+ * @see org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator
  */
 public interface LdapAuthenticator {
     //~ Methods ========================================================================================================

ldap/src/main/java/org/springframework/security/ldap/authentication/PasswordComparisonAuthenticator.java

@@ -32,7 +32,7 @@ import org.springframework.util.Assert;
 
 
 /**
- * An {@link org.springframework.security.ldap.LdapAuthenticator LdapAuthenticator} which compares the login
+ * An {@link org.springframework.security.ldap.authentication.LdapAuthenticator LdapAuthenticator} which compares the login
  * password with the value stored in the directory using a remote LDAP "compare" operation.
  *
  * <p>

ldap/src/main/java/org/springframework/security/ldap/SpringSecurityAuthenticationSource.java → ldap/src/main/java/org/springframework/security/ldap/authentication/SpringSecurityAuthenticationSource.java

@@ -1,4 +1,4 @@
-package org.springframework.security.ldap;
+package org.springframework.security.ldap.authentication;
 
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;

ldap/src/main/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulator.java → ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java

@@ -1,10 +1,10 @@
-package org.springframework.security.ldap.populator;
+package org.springframework.security.ldap.authentication;
 
 import java.util.List;
 
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.ldap.LdapAuthoritiesPopulator;
+import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.util.Assert;
 

ldap/src/main/java/org/springframework/security/ldap/populator/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-LdapAuthoritiesPopulator implementations.
-</body>
-</html>

ldap/src/main/java/org/springframework/security/ldap/search/FilterBasedLdapUserSearch.java

@@ -17,7 +17,6 @@ package org.springframework.security.ldap.search;
 
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.ldap.SpringSecurityLdapTemplate;
-import org.springframework.security.ldap.LdapUserSearch;
 
 
 import org.apache.commons.logging.Log;

ldap/src/main/java/org/springframework/security/ldap/LdapUserSearch.java → ldap/src/main/java/org/springframework/security/ldap/search/LdapUserSearch.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.ldap;
+package org.springframework.security.ldap.search;
 
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;

ldap/src/main/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulator.java → ldap/src/main/java/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.java

@@ -13,12 +13,11 @@
  * limitations under the License.
  */
 
-package org.springframework.security.ldap.populator;
+package org.springframework.security.ldap.userdetails;
 
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.GrantedAuthorityImpl;
 import org.springframework.security.ldap.SpringSecurityLdapTemplate;
-import org.springframework.security.ldap.LdapAuthoritiesPopulator;
 import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.ldap.core.LdapTemplate;

ldap/src/main/java/org/springframework/security/ldap/LdapAuthoritiesPopulator.java → ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.ldap;
+package org.springframework.security.ldap.userdetails;
 
 import java.util.List;
 

ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsService.java

@@ -4,8 +4,7 @@ import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.ldap.LdapAuthoritiesPopulator;
-import org.springframework.security.ldap.LdapUserSearch;
+import org.springframework.security.ldap.search.LdapUserSearch;
 import org.springframework.util.Assert;
 
 /**

ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java

@@ -4,6 +4,7 @@ import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;
 import org.springframework.ldap.core.AuthenticationSource;
 import org.springframework.ldap.core.DistinguishedName;

ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java

@@ -34,8 +34,7 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.ldap.LdapAuthenticator;
-import org.springframework.security.ldap.LdapAuthoritiesPopulator;
+import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
 
 

ldap/src/test/java/org/springframework/security/ldap/authentication/MockUserSearch.java

@@ -15,7 +15,7 @@
 
 package org.springframework.security.ldap.authentication;
 
-import org.springframework.security.ldap.LdapUserSearch;
+import org.springframework.security.ldap.search.LdapUserSearch;
 
 import org.springframework.ldap.core.DirContextOperations;
 

ldap/src/test/java/org/springframework/security/ldap/populator/DefaultLdapAuthoritiesPopulatorTests.java

@@ -18,7 +18,7 @@ package org.springframework.security.ldap.populator;
 
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.ldap.AbstractLdapIntegrationTests;
-import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
 
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DistinguishedName;

ldap/src/test/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulatorTests.java

@@ -11,6 +11,7 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator;
 
 /**
  * @author Luke Taylor

ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java

@@ -13,7 +13,6 @@ import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.ldap.LdapAuthoritiesPopulator;
 import org.springframework.security.ldap.authentication.MockUserSearch;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsService;

samples/ldap/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -48,7 +48,7 @@
             </bean>
         </constructor-arg>
         <constructor-arg>
-            <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
+            <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
                 <constructor-arg ref="contextSource" />
                 <constructor-arg value="ou=groups" />
                 <property name="groupSearchFilter" value="(member={0})"/>

samples/preauth/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -38,11 +38,11 @@
     <bean id="preAuthenticatedProcessingFilterEntryPoint"
             class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
 
-    <bean id="logoutFilter" class="org.springframework.security.web.logout.LogoutFilter">
+    <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
         <constructor-arg value="/"/>
         <constructor-arg>
             <list>
-                <bean class="org.springframework.security.web.logout.SecurityContextLogoutHandler"/>
+                <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
             </list>
         </constructor-arg>
     </bean>
@@ -69,7 +69,7 @@
 
     <bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/>
 
-    <bean id="etf" class="org.springframework.security.web.ExceptionTranslationFilter">
+    <bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter">
         <property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/>
     </bean>
 
@@ -82,7 +82,7 @@
         </property>
     </bean>
 
-    <bean id="fsi" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
+    <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
         <property name="authenticationManager" ref="authenticationManager"/>
         <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
         <property name="securityMetadataSource">

web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java

@@ -16,6 +16,7 @@
 package org.springframework.security.web;
 
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.access.ExceptionTranslationFilter;
 
 import java.io.IOException;
 

web/src/main/java/org/springframework/security/web/FilterChainProxy.java

@@ -34,7 +34,7 @@ import javax.servlet.ServletResponse;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
 import org.springframework.security.web.util.AntUrlPathMatcher;
 import org.springframework.security.web.util.UrlMatcher;
 import org.springframework.util.Assert;

web/src/main/java/org/springframework/security/web/AccessDeniedHandler.java → web/src/main/java/org/springframework/security/web/access/AccessDeniedHandler.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web;
+package org.springframework.security.web.access;
 
 import org.springframework.security.access.AccessDeniedException;
 

web/src/main/java/org/springframework/security/web/AccessDeniedHandlerImpl.java → web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web;
+package org.springframework.security.web.access;
 
 import java.io.IOException;
 

web/src/main/java/org/springframework/security/web/ExceptionTranslationFilter.java → web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web;
+package org.springframework.security.web.access;
 
 import java.io.IOException;
 
@@ -29,6 +29,11 @@ import org.springframework.security.authentication.AuthenticationTrustResolverIm
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.FilterChainOrder;
+import org.springframework.security.web.PortResolver;
+import org.springframework.security.web.PortResolverImpl;
+import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.savedrequest.SavedRequest;
 import org.springframework.security.web.util.ThrowableAnalyzer;
 import org.springframework.security.web.util.ThrowableCauseExtractor;
@@ -47,8 +52,8 @@ import org.springframework.util.Assert;
  * <p>
  * If an {@link AccessDeniedException} is detected, the filter will determine whether or not the user is an anonymous
  * user. If they are an anonymous user, the <code>authenticationEntryPoint</code> will be launched. If they are not
- * an anonymous user, the filter will delegate to the {@link org.springframework.security.web.AccessDeniedHandler}.
- * By default the filter will use {@link org.springframework.security.web.AccessDeniedHandlerImpl}.
+ * an anonymous user, the filter will delegate to the {@link org.springframework.security.web.access.AccessDeniedHandler}.
+ * By default the filter will use {@link org.springframework.security.web.access.AccessDeniedHandlerImpl}.
  * <p>
  * To use this filter, it is necessary to specify the following properties:
  * <ul>

web/src/main/java/org/springframework/security/web/intercept/WebInvocationPrivilegeEvaluator.java → web/src/main/java/org/springframework/security/web/access/WebInvocationPrivilegeEvaluator.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.intercept;
+package org.springframework.security.web.access;
 
 import java.io.IOException;
 import java.util.List;

web/src/main/java/org/springframework/security/web/securechannel/AbstractRetryEntryPoint.java → web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 import org.springframework.security.web.PortMapper;
 import org.springframework.security.web.PortMapperImpl;

web/src/main/java/org/springframework/security/web/securechannel/ChannelDecisionManager.java → web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;

web/src/main/java/org/springframework/security/web/securechannel/ChannelDecisionManagerImpl.java → web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 
 import org.springframework.security.access.ConfigAttribute;

web/src/main/java/org/springframework/security/web/securechannel/ChannelEntryPoint.java → web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 import java.io.IOException;
 

web/src/main/java/org/springframework/security/web/securechannel/ChannelProcessingFilter.java → web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 import java.io.IOException;
 import java.util.Collection;
@@ -31,7 +31,7 @@ import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterChainOrder;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.SpringSecurityFilter;
-import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
 import org.springframework.util.Assert;
 
 

web/src/main/java/org/springframework/security/web/securechannel/ChannelProcessor.java → web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;

web/src/main/java/org/springframework/security/web/securechannel/InsecureChannelProcessor.java → web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 import java.io.IOException;
 import java.util.List;

web/src/main/java/org/springframework/security/web/securechannel/RetryWithHttpEntryPoint.java → web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 
 /**

web/src/main/java/org/springframework/security/web/securechannel/RetryWithHttpsEntryPoint.java → web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 /**
  * Commences a secure channel by retrying the original request using HTTPS.

web/src/main/java/org/springframework/security/web/securechannel/SecureChannelProcessor.java → web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 import java.io.IOException;
 import java.util.List;

web/src/main/java/org/springframework/security/web/expression/DefaultWebSecurityExpressionHandler.java → web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.expression;
+package org.springframework.security.web.access.expression;
 
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.ExpressionParser;

web/src/main/java/org/springframework/security/web/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java → web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.expression;
+package org.springframework.security.web.access.expression;
 
 import java.util.ArrayList;
 import java.util.LinkedHashMap;
@@ -10,8 +10,8 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.expression.ExpressionParser;
 import org.springframework.expression.ParseException;
 import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.intercept.RequestKey;
+import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.access.intercept.RequestKey;
 import org.springframework.security.web.util.UrlMatcher;
 import org.springframework.util.Assert;
 

web/src/main/java/org/springframework/security/web/expression/WebExpressionConfigAttribute.java → web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.expression;
+package org.springframework.security.web.access.expression;
 
 import org.springframework.expression.Expression;
 import org.springframework.security.access.ConfigAttribute;

web/src/main/java/org/springframework/security/web/expression/WebExpressionVoter.java → web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.expression;
+package org.springframework.security.web.access.expression;
 
 import java.util.List;
 

web/src/main/java/org/springframework/security/web/expression/WebSecurityExpressionHandler.java → web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionHandler.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.expression;
+package org.springframework.security.web.access.expression;
 
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.ExpressionParser;

web/src/main/java/org/springframework/security/web/expression/WebSecurityExpressionRoot.java → web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.expression;
+package org.springframework.security.web.access.expression;
 
 import java.net.InetAddress;
 import java.net.UnknownHostException;

web/src/main/java/org/springframework/security/web/intercept/DefaultFilterInvocationSecurityMetadataSource.java → web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.intercept;
+package org.springframework.security.web.access.intercept;
 
 import java.util.Arrays;
 import java.util.Collection;

web/src/main/java/org/springframework/security/web/intercept/FilterInvocationSecurityMetadataSource.java → web/src/main/java/org/springframework/security/web/access/intercept/FilterInvocationSecurityMetadataSource.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.intercept;
+package org.springframework.security.web.access.intercept;
 
 import org.springframework.security.access.intercept.SecurityMetadataSource;
 import org.springframework.security.web.FilterInvocation;

web/src/main/java/org/springframework/security/web/intercept/FilterSecurityInterceptor.java → web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.intercept;
+package org.springframework.security.web.access.intercept;
 
 import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
 import org.springframework.security.access.intercept.InterceptorStatusToken;

web/src/main/java/org/springframework/security/web/intercept/RequestKey.java → web/src/main/java/org/springframework/security/web/access/intercept/RequestKey.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.intercept;
+package org.springframework.security.web.access.intercept;
 
 /**
  * @author Luke Taylor

web/src/main/java/org/springframework/security/web/AbstractAuthenticationTargetUrlRequestHandler.java → web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web;
+package org.springframework.security.web.authentication;
 
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
@@ -11,8 +11,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-import org.springframework.security.web.logout.LogoutHandler;
+import org.springframework.security.web.authentication.logout.LogoutHandler;
 import org.springframework.security.web.util.RedirectUtils;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;

web/src/main/java/org/springframework/security/web/authentication/AbstractProcessingFilter.java

@@ -38,7 +38,7 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.SpringSecurityFilter;
-import org.springframework.security.web.util.SessionUtils;
+import org.springframework.security.web.session.SessionUtils;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 

web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilter.java

@@ -172,11 +172,11 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
         return FilterChainOrder.AUTHENTICATION_PROCESSING_FILTER;
     }
 
-    String getUsernameParameter() {
+    public final String getUsernameParameter() {
         return usernameParameter;
     }
 
-    String getPasswordParameter() {
+    public final String getPasswordParameter() {
         return passwordParameter;
     }
 }

web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPoint.java

@@ -19,11 +19,11 @@ package org.springframework.security.web.authentication;
 
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.security.web.ExceptionTranslationFilter;
 import org.springframework.security.web.PortMapper;
 import org.springframework.security.web.PortMapperImpl;
 import org.springframework.security.web.PortResolver;
 import org.springframework.security.web.PortResolverImpl;
+import org.springframework.security.web.access.ExceptionTranslationFilter;
 import org.springframework.security.web.util.RedirectUrlBuilder;
 import org.springframework.security.web.util.UrlUtils;
 

web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java

@@ -8,7 +8,7 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.springframework.security.core.Authentication;
-import org.springframework.security.web.ExceptionTranslationFilter;
+import org.springframework.security.web.access.ExceptionTranslationFilter;
 import org.springframework.security.web.savedrequest.SavedRequest;
 import org.springframework.security.web.util.RedirectUtils;
 import org.springframework.security.web.wrapper.SavedRequestAwareWrapper;

web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.java

@@ -7,7 +7,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
-import org.springframework.security.web.AbstractAuthenticationTargetUrlRequestHandler;
 
 public class SimpleUrlAuthenticationSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler implements AuthenticationSuccessHandler {
 

web/src/main/java/org/springframework/security/web/concurrent/ConcurrentSessionFilter.java → web/src/main/java/org/springframework/security/web/authentication/concurrent/ConcurrentSessionFilter.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.concurrent;
+package org.springframework.security.web.authentication.concurrent;
 
 import org.springframework.security.authentication.concurrent.SessionInformation;
 import org.springframework.security.authentication.concurrent.SessionRegistry;
@@ -21,8 +21,8 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.FilterChainOrder;
 import org.springframework.security.web.SpringSecurityFilter;
-import org.springframework.security.web.logout.LogoutHandler;
-import org.springframework.security.web.logout.SecurityContextLogoutHandler;
+import org.springframework.security.web.authentication.logout.LogoutHandler;
+import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
@@ -44,7 +44,7 @@ import java.io.IOException;
  * {@link org.springframework.security.authentication.concurrent.SessionInformation} from the <code>SessionRegistry</code>
  * for each request and checks if the session has been marked as expired.
  * If it has been marked as expired, the configured logout handlers will be called (as happens with
- * {@link org.springframework.security.web.logout.LogoutFilter}), typically to invalidate the session.
+ * {@link org.springframework.security.web.authentication.logout.LogoutFilter}), typically to invalidate the session.
  * A redirect to the expiredURL specified will be performed, and the session invalidation will cause an
  * {@link org.springframework.security.web.session.HttpSessionDestroyedEvent} to be published via the
  * {@link org.springframework.security.web.session.HttpSessionEventPublisher} registered in <code>web.xml</code>.</p>

web/src/main/java/org/springframework/security/web/logout/LogoutFilter.java → web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.logout;
+package org.springframework.security.web.authentication.logout;
 
 import java.io.IOException;
 import java.util.Arrays;

web/src/main/java/org/springframework/security/web/logout/LogoutHandler.java → web/src/main/java/org/springframework/security/web/authentication/logout/LogoutHandler.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.logout;
+package org.springframework.security.web.authentication.logout;
 
 import org.springframework.security.core.Authentication;
 

web/src/main/java/org/springframework/security/web/logout/LogoutSuccessHandler.java → web/src/main/java/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.logout;
+package org.springframework.security.web.authentication.logout;
 
 import java.io.IOException;
 

web/src/main/java/org/springframework/security/web/logout/SecurityContextLogoutHandler.java → web/src/main/java/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.logout;
+package org.springframework.security.web.authentication.logout;
 
 
 import org.springframework.security.core.Authentication;

web/src/main/java/org/springframework/security/web/logout/SimpleUrlLogoutSuccessHandler.java → web/src/main/java/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.logout;
+package org.springframework.security.web.authentication.logout;
 
 import java.io.IOException;
 
@@ -7,7 +7,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
-import org.springframework.security.web.AbstractAuthenticationTargetUrlRequestHandler;
+import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler;
 
 /**
  * Handles the navigation on logout by delegating to the {@link AbstractAuthenticationTargetUrlRequestHandler}

web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPoint.java

@@ -31,7 +31,7 @@ import org.springframework.core.Ordered;
  * This code is based on
  * {@link org.springframework.security.ui.x509.X509ProcessingFilterEntryPoint}.
  *
- * @see org.springframework.security.web.ExceptionTranslationFilter
+ * @see org.springframework.security.web.access.ExceptionTranslationFilter
  *
  * @author Luke Taylor
  * @author Ruud Senden

web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java

@@ -17,7 +17,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
-import org.springframework.security.web.logout.LogoutHandler;
+import org.springframework.security.web.authentication.logout.LogoutHandler;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 

web/src/main/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilter.java → web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.authentication;
+package org.springframework.security.web.authentication.ui;
 
 import java.io.IOException;
 
@@ -12,6 +12,8 @@ import org.springframework.beans.BeanWrapperImpl;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.FilterChainOrder;
 import org.springframework.security.web.SpringSecurityFilter;
+import org.springframework.security.web.authentication.AbstractProcessingFilter;
+import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
 
 /**

web/src/main/java/org/springframework/security/web/concurrent/package.html

@@ -1,6 +0,0 @@
-<html>
-<body>
-Concurrent session control and registration classes.
-</body>
-</html>
-

web/src/main/java/org/springframework/security/web/context/package.html

@@ -0,0 +1,2 @@
+Classes which are responsible for maintaining the security context
+between HTTP requests.

web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java

@@ -37,7 +37,7 @@ import java.util.TreeMap;
  * Represents central information from a <code>HttpServletRequest</code>.<p>This class is used by {@link
  * org.springframework.security.web.authentication.AbstractProcessingFilter} and {@link org.springframework.security.web.wrapper.SavedRequestAwareWrapper} to
  * reproduce the request after successful authentication. An instance of this class is stored at the time of an
- * authentication exception by {@link org.springframework.security.web.ExceptionTranslationFilter}.</p>
+ * authentication exception by {@link org.springframework.security.web.access.ExceptionTranslationFilter}.</p>
  * <p><em>IMPLEMENTATION NOTE</em>: It is assumed that this object is accessed only from the context of a single
  * thread, so no synchronization around internal collection classes is performed.</p>
  * <p>This class is based on code in Apache Tomcat.</p>

web/src/main/java/org/springframework/security/web/SessionFixationProtectionFilter.java → web/src/main/java/org/springframework/security/web/session/SessionFixationProtectionFilter.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web;
+package org.springframework.security.web.session;
 
 import java.io.IOException;
 
@@ -14,8 +14,9 @@ import org.springframework.security.authentication.concurrent.SessionRegistry;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.FilterChainOrder;
+import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
-import org.springframework.security.web.util.SessionUtils;
 
 /**
  * Detects that a user has been authenticated since the start of the request and starts a new session.

web/src/main/java/org/springframework/security/web/util/SessionUtils.java → web/src/main/java/org/springframework/security/web/session/SessionUtils.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.util;
+package org.springframework.security.web.session;
 
 import java.util.Enumeration;
 import java.util.HashMap;

web/src/main/java/org/springframework/security/web/util/RedirectUtils.java

@@ -1,7 +1,7 @@
 package org.springframework.security.web.util;
 
 import org.springframework.security.web.authentication.AbstractProcessingFilter;
-import org.springframework.security.web.logout.LogoutFilter;
+import org.springframework.security.web.authentication.logout.LogoutFilter;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

web/src/main/java/org/springframework/security/web/wrapper/SavedRequestAwareWrapper.java

@@ -1,348 +1,348 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.web.wrapper;
-
-import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Set;
-import java.util.TimeZone;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.security.web.PortResolver;
-import org.springframework.security.web.savedrequest.Enumerator;
-import org.springframework.security.web.savedrequest.FastHttpDateFormat;
-import org.springframework.security.web.savedrequest.SavedRequest;
-
-
-/**
- * Provides request parameters, headers and cookies from either an original request or a saved request.
- *
- * <p>Note that not all request parameters in the original request are emulated by this wrapper.
- * Nevertheless, the important data from the original request is emulated and this should prove
- * adequate for most purposes (in particular standard HTTP GET and POST operations).</p>
- *
- * <p>Added into a request by {@link org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter}.</p>
- *
- *
- * @see SecurityContextHolderAwareRequestFilter
- *
- * @author Andrey Grebnev
- * @author Ben Alex
- * @version $Id$
- */
-public class SavedRequestAwareWrapper extends SecurityContextHolderAwareRequestWrapper {
-    //~ Static fields/initializers =====================================================================================
-
-    protected static final Log logger = LogFactory.getLog(SavedRequestAwareWrapper.class);
-    protected static final TimeZone GMT_ZONE = TimeZone.getTimeZone("GMT");
-
-    /** The default Locale if none are specified. */
-    protected static Locale defaultLocale = Locale.getDefault();
-
-    //~ Instance fields ================================================================================================
-
-    protected SavedRequest savedRequest = null;
-
-    /**
-     * The set of SimpleDateFormat formats to use in getDateHeader(). Notice that because SimpleDateFormat is
-     * not thread-safe, we can't declare formats[] as a static variable.
-     */
-    protected SimpleDateFormat[] formats = new SimpleDateFormat[3];
-
-    //~ Constructors ===================================================================================================
-
-    public SavedRequestAwareWrapper(HttpServletRequest request, PortResolver portResolver, String rolePrefix) {
-        super(request, portResolver, rolePrefix);
-
-        HttpSession session = request.getSession(false);
-
-        if (session == null) {
-            if (logger.isDebugEnabled()) {
-                logger.debug("Wrapper not replaced; no session available for SavedRequest extraction");
-            }
-
-            return;
-        }
-
-        SavedRequest saved = (SavedRequest) session.getAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY);
-
-        if ((saved != null) && saved.doesRequestMatch(request, portResolver)) {
-            if (logger.isDebugEnabled()) {
-                logger.debug("Wrapper replaced; SavedRequest was: " + saved);
-            }
-
-            savedRequest = saved;
-            session.removeAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY);
-
-            formats[0] = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
-            formats[1] = new SimpleDateFormat("EEEEEE, dd-MMM-yy HH:mm:ss zzz", Locale.US);
-            formats[2] = new SimpleDateFormat("EEE MMMM d HH:mm:ss yyyy", Locale.US);
-
-            formats[0].setTimeZone(GMT_ZONE);
-            formats[1].setTimeZone(GMT_ZONE);
-            formats[2].setTimeZone(GMT_ZONE);
-        } else {
-            if (logger.isDebugEnabled()) {
-                logger.debug("Wrapper not replaced; SavedRequest was: " + saved);
-            }
-        }
-    }
-
-    //~ Methods ========================================================================================================
-
-    @Override
-    public Cookie[] getCookies() {
-        if (savedRequest == null) {
-            return super.getCookies();
-        } else {
-            List<Cookie> cookies = savedRequest.getCookies();
-
-            return cookies.toArray(new Cookie[cookies.size()]);
-        }
-    }
-
-    @Override
-    public long getDateHeader(String name) {
-        if (savedRequest == null) {
-            return super.getDateHeader(name);
-        } else {
-            String value = getHeader(name);
-
-            if (value == null) {
-                return -1L;
-            }
-
-            // Attempt to convert the date header in a variety of formats
-            long result = FastHttpDateFormat.parseDate(value, formats);
-
-            if (result != -1L) {
-                return result;
-            }
-
-            throw new IllegalArgumentException(value);
-        }
-    }
-
-    @Override
-    public String getHeader(String name) {
-        if (savedRequest == null) {
-            return super.getHeader(name);
-        } else {
-            String header = null;
-            Iterator<String> iterator = savedRequest.getHeaderValues(name);
-
-            while (iterator.hasNext()) {
-                header = iterator.next();
-
-                break;
-            }
-
-            return header;
-        }
-    }
-
-    @Override
-    @SuppressWarnings("unchecked")
-    public Enumeration getHeaderNames() {
-        if (savedRequest == null) {
-            return super.getHeaderNames();
-        } else {
-            return new Enumerator<String>(savedRequest.getHeaderNames());
-        }
-    }
-
-    @Override
-    @SuppressWarnings("unchecked")
-    public Enumeration getHeaders(String name) {
-        if (savedRequest == null) {
-            return super.getHeaders(name);
-        } else {
-            return new Enumerator<String>(savedRequest.getHeaderValues(name));
-        }
-    }
-
-    @Override
-    public int getIntHeader(String name) {
-        if (savedRequest == null) {
-            return super.getIntHeader(name);
-        } else {
-            String value = getHeader(name);
-
-            if (value == null) {
-                return -1;
-            } else {
-                return Integer.parseInt(value);
-            }
-        }
-    }
-
-    @Override
-    public Locale getLocale() {
-        if (savedRequest == null) {
-            return super.getLocale();
-        } else {
-            Locale locale = null;
-            Iterator<Locale> iterator = savedRequest.getLocales();
-
-            while (iterator.hasNext()) {
-                locale = (Locale) iterator.next();
-
-                break;
-            }
-
-            if (locale == null) {
-                return defaultLocale;
-            } else {
-                return locale;
-            }
-        }
-    }
-
-    @Override
-    @SuppressWarnings("unchecked")
-    public Enumeration getLocales() {
-        if (savedRequest == null) {
-            return super.getLocales();
-        }
-
-        Iterator<Locale> iterator = savedRequest.getLocales();
-
-        if (iterator.hasNext()) {
-            return new Enumerator<Locale>(iterator);
-        }
-        // Fall back to default locale
-        ArrayList<Locale> results = new ArrayList<Locale>(1);
-        results.add(defaultLocale);
-
-        return new Enumerator<Locale>(results.iterator());
-    }
-
-    @Override
-    public String getMethod() {
-        if (savedRequest == null) {
-            return super.getMethod();
-        } else {
-            return savedRequest.getMethod();
-        }
-    }
-
-    /**
-     * If the parameter is available from the wrapped request then either
-     * <ol>
-     * <li>There is no saved request (it a normal request)</li>
-     * <li>There is a saved request, but the request has been forwarded/included to a URL with parameters, either
-     * supplementing or overriding the saved request values.</li>
-     * </ol>
-     * In both cases the value from the wrapped request should be used.
-     * <p>
-     * If the value from the wrapped request is null, an attempt will be made to retrieve the parameter
-     * from the SavedRequest, if available..
-     */
-    @Override
-    public String getParameter(String name) {
-        String value = super.getParameter(name);
-
-        if (value != null || savedRequest == null) {
-            return value;
-        }
-
-        String[] values = savedRequest.getParameterValues(name);
-        if (values == null || values.length == 0) {
-            return null;
-        }
-
-        return values[0];
-    }
-
-    @Override
-    @SuppressWarnings("unchecked")
-    public Map getParameterMap() {
-        if (savedRequest == null) {
-            return super.getParameterMap();
-        }
-
-        Set<String> names = getCombinedParameterNames();
-        Map<String, String[]> parameterMap = new HashMap<String, String[]>(names.size());
-
-        for (String name : names) {
-            parameterMap.put(name, getParameterValues(name));
-        }
-
-        return parameterMap;
-    }
-
-    @SuppressWarnings("unchecked")
-    private Set<String> getCombinedParameterNames() {
-        Set<String> names = new HashSet<String>();
-        names.addAll(super.getParameterMap().keySet());
-
-        if (savedRequest != null) {
-            names.addAll(savedRequest.getParameterMap().keySet());
-        }
-
-        return names;
-    }
-
-    @Override
-    @SuppressWarnings("unchecked")
-    public Enumeration getParameterNames() {
-        return new Enumerator(getCombinedParameterNames());
-    }
-
-    @Override
-    public String[] getParameterValues(String name) {
-        if (savedRequest == null) {
-            return super.getParameterValues(name);
-        }
-
-        String[] savedRequestParams = savedRequest.getParameterValues(name);
-        String[] wrappedRequestParams = super.getParameterValues(name);
-
-        if (savedRequestParams == null) {
-            return wrappedRequestParams;
-        }
-
-        if (wrappedRequestParams == null) {
-            return savedRequestParams;
-        }
-
-        // We have parameters in both saved and wrapped requests so have to merge them
-        List<String> wrappedParamsList = Arrays.asList(wrappedRequestParams);
-        List<String> combinedParams = new ArrayList<String>(wrappedParamsList);
-
-        // We want to add all parameters of the saved request *apart from* duplicates of those already added
-        for (int i = 0; i < savedRequestParams.length; i++) {
-            if (!wrappedParamsList.contains(savedRequestParams[i])) {
-                combinedParams.add(savedRequestParams[i]);
-            }
-        }
-
-        return combinedParams.toArray(new String[combinedParams.size()]);
-    }
-}
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.wrapper;
+
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Set;
+import java.util.TimeZone;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.security.web.PortResolver;
+import org.springframework.security.web.savedrequest.Enumerator;
+import org.springframework.security.web.savedrequest.FastHttpDateFormat;
+import org.springframework.security.web.savedrequest.SavedRequest;
+
+
+/**
+ * Provides request parameters, headers and cookies from either an original request or a saved request.
+ *
+ * <p>Note that not all request parameters in the original request are emulated by this wrapper.
+ * Nevertheless, the important data from the original request is emulated and this should prove
+ * adequate for most purposes (in particular standard HTTP GET and POST operations).</p>
+ *
+ * <p>Added into a request by {@link org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter}.</p>
+ *
+ *
+ * @see SecurityContextHolderAwareRequestFilter
+ *
+ * @author Andrey Grebnev
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class SavedRequestAwareWrapper extends SecurityContextHolderAwareRequestWrapper {
+    //~ Static fields/initializers =====================================================================================
+
+    protected static final Log logger = LogFactory.getLog(SavedRequestAwareWrapper.class);
+    protected static final TimeZone GMT_ZONE = TimeZone.getTimeZone("GMT");
+
+    /** The default Locale if none are specified. */
+    protected static Locale defaultLocale = Locale.getDefault();
+
+    //~ Instance fields ================================================================================================
+
+    protected SavedRequest savedRequest = null;
+
+    /**
+     * The set of SimpleDateFormat formats to use in getDateHeader(). Notice that because SimpleDateFormat is
+     * not thread-safe, we can't declare formats[] as a static variable.
+     */
+    protected SimpleDateFormat[] formats = new SimpleDateFormat[3];
+
+    //~ Constructors ===================================================================================================
+
+    public SavedRequestAwareWrapper(HttpServletRequest request, PortResolver portResolver, String rolePrefix) {
+        super(request, portResolver, rolePrefix);
+
+        HttpSession session = request.getSession(false);
+
+        if (session == null) {
+            if (logger.isDebugEnabled()) {
+                logger.debug("Wrapper not replaced; no session available for SavedRequest extraction");
+            }
+
+            return;
+        }
+
+        SavedRequest saved = (SavedRequest) session.getAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY);
+
+        if ((saved != null) && saved.doesRequestMatch(request, portResolver)) {
+            if (logger.isDebugEnabled()) {
+                logger.debug("Wrapper replaced; SavedRequest was: " + saved);
+            }
+
+            savedRequest = saved;
+            session.removeAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY);
+
+            formats[0] = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
+            formats[1] = new SimpleDateFormat("EEEEEE, dd-MMM-yy HH:mm:ss zzz", Locale.US);
+            formats[2] = new SimpleDateFormat("EEE MMMM d HH:mm:ss yyyy", Locale.US);
+
+            formats[0].setTimeZone(GMT_ZONE);
+            formats[1].setTimeZone(GMT_ZONE);
+            formats[2].setTimeZone(GMT_ZONE);
+        } else {
+            if (logger.isDebugEnabled()) {
+                logger.debug("Wrapper not replaced; SavedRequest was: " + saved);
+            }
+        }
+    }
+
+    //~ Methods ========================================================================================================
+
+    @Override
+    public Cookie[] getCookies() {
+        if (savedRequest == null) {
+            return super.getCookies();
+        } else {
+            List<Cookie> cookies = savedRequest.getCookies();
+
+            return cookies.toArray(new Cookie[cookies.size()]);
+        }
+    }
+
+    @Override
+    public long getDateHeader(String name) {
+        if (savedRequest == null) {
+            return super.getDateHeader(name);
+        } else {
+            String value = getHeader(name);
+
+            if (value == null) {
+                return -1L;
+            }
+
+            // Attempt to convert the date header in a variety of formats
+            long result = FastHttpDateFormat.parseDate(value, formats);
+
+            if (result != -1L) {
+                return result;
+            }
+
+            throw new IllegalArgumentException(value);
+        }
+    }
+
+    @Override
+    public String getHeader(String name) {
+        if (savedRequest == null) {
+            return super.getHeader(name);
+        } else {
+            String header = null;
+            Iterator<String> iterator = savedRequest.getHeaderValues(name);
+
+            while (iterator.hasNext()) {
+                header = iterator.next();
+
+                break;
+            }
+
+            return header;
+        }
+    }
+
+    @Override
+    @SuppressWarnings("unchecked")
+    public Enumeration getHeaderNames() {
+        if (savedRequest == null) {
+            return super.getHeaderNames();
+        } else {
+            return new Enumerator<String>(savedRequest.getHeaderNames());
+        }
+    }
+
+    @Override
+    @SuppressWarnings("unchecked")
+    public Enumeration getHeaders(String name) {
+        if (savedRequest == null) {
+            return super.getHeaders(name);
+        } else {
+            return new Enumerator<String>(savedRequest.getHeaderValues(name));
+        }
+    }
+
+    @Override
+    public int getIntHeader(String name) {
+        if (savedRequest == null) {
+            return super.getIntHeader(name);
+        } else {
+            String value = getHeader(name);
+
+            if (value == null) {
+                return -1;
+            } else {
+                return Integer.parseInt(value);
+            }
+        }
+    }
+
+    @Override
+    public Locale getLocale() {
+        if (savedRequest == null) {
+            return super.getLocale();
+        } else {
+            Locale locale = null;
+            Iterator<Locale> iterator = savedRequest.getLocales();
+
+            while (iterator.hasNext()) {
+                locale = (Locale) iterator.next();
+
+                break;
+            }
+
+            if (locale == null) {
+                return defaultLocale;
+            } else {
+                return locale;
+            }
+        }
+    }
+
+    @Override
+    @SuppressWarnings("unchecked")
+    public Enumeration getLocales() {
+        if (savedRequest == null) {
+            return super.getLocales();
+        }
+
+        Iterator<Locale> iterator = savedRequest.getLocales();
+
+        if (iterator.hasNext()) {
+            return new Enumerator<Locale>(iterator);
+        }
+        // Fall back to default locale
+        ArrayList<Locale> results = new ArrayList<Locale>(1);
+        results.add(defaultLocale);
+
+        return new Enumerator<Locale>(results.iterator());
+    }
+
+    @Override
+    public String getMethod() {
+        if (savedRequest == null) {
+            return super.getMethod();
+        } else {
+            return savedRequest.getMethod();
+        }
+    }
+
+    /**
+     * If the parameter is available from the wrapped request then either
+     * <ol>
+     * <li>There is no saved request (it a normal request)</li>
+     * <li>There is a saved request, but the request has been forwarded/included to a URL with parameters, either
+     * supplementing or overriding the saved request values.</li>
+     * </ol>
+     * In both cases the value from the wrapped request should be used.
+     * <p>
+     * If the value from the wrapped request is null, an attempt will be made to retrieve the parameter
+     * from the SavedRequest, if available..
+     */
+    @Override
+    public String getParameter(String name) {
+        String value = super.getParameter(name);
+
+        if (value != null || savedRequest == null) {
+            return value;
+        }
+
+        String[] values = savedRequest.getParameterValues(name);
+        if (values == null || values.length == 0) {
+            return null;
+        }
+
+        return values[0];
+    }
+
+    @Override
+    @SuppressWarnings("unchecked")
+    public Map getParameterMap() {
+        if (savedRequest == null) {
+            return super.getParameterMap();
+        }
+
+        Set<String> names = getCombinedParameterNames();
+        Map<String, String[]> parameterMap = new HashMap<String, String[]>(names.size());
+
+        for (String name : names) {
+            parameterMap.put(name, getParameterValues(name));
+        }
+
+        return parameterMap;
+    }
+
+    @SuppressWarnings("unchecked")
+    private Set<String> getCombinedParameterNames() {
+        Set<String> names = new HashSet<String>();
+        names.addAll(super.getParameterMap().keySet());
+
+        if (savedRequest != null) {
+            names.addAll(savedRequest.getParameterMap().keySet());
+        }
+
+        return names;
+    }
+
+    @Override
+    @SuppressWarnings("unchecked")
+    public Enumeration getParameterNames() {
+        return new Enumerator(getCombinedParameterNames());
+    }
+
+    @Override
+    public String[] getParameterValues(String name) {
+        if (savedRequest == null) {
+            return super.getParameterValues(name);
+        }
+
+        String[] savedRequestParams = savedRequest.getParameterValues(name);
+        String[] wrappedRequestParams = super.getParameterValues(name);
+
+        if (savedRequestParams == null) {
+            return wrappedRequestParams;
+        }
+
+        if (wrappedRequestParams == null) {
+            return savedRequestParams;
+        }
+
+        // We have parameters in both saved and wrapped requests so have to merge them
+        List<String> wrappedParamsList = Arrays.asList(wrappedRequestParams);
+        List<String> combinedParams = new ArrayList<String>(wrappedParamsList);
+
+        // We want to add all parameters of the saved request *apart from* duplicates of those already added
+        for (int i = 0; i < savedRequestParams.length; i++) {
+            if (!wrappedParamsList.contains(savedRequestParams[i])) {
+                combinedParams.add(savedRequestParams[i]);
+            }
+        }
+
+        return combinedParams.toArray(new String[combinedParams.size()]);
+    }
+}

web/src/test/java/org/springframework/security/web/ExceptionTranslationFilterTests.java → web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web;
+package org.springframework.security.web.access;
 
 import java.io.IOException;
 
@@ -35,8 +35,8 @@ import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.AccessDeniedHandlerImpl;
-import org.springframework.security.web.ExceptionTranslationFilter;
+import org.springframework.security.web.access.AccessDeniedHandlerImpl;
+import org.springframework.security.web.access.ExceptionTranslationFilter;
 import org.springframework.security.web.savedrequest.SavedRequest;
 
 /**

web/src/test/java/org/springframework/security/web/intercept/WebInvocationPrivilegeEvaluatorTests.java → web/src/test/java/org/springframework/security/web/access/WebInvocationPrivilegeEvaluatorTests.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.intercept;
+package org.springframework.security.web.access;
 
 import static org.junit.Assert.*;
 import static org.mockito.Matchers.*;
@@ -32,10 +32,12 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 
 
 /**
- * Tests {@link org.springframework.security.web.intercept.WebInvocationPrivilegeEvaluator}.
+ * Tests {@link org.springframework.security.web.access.WebInvocationPrivilegeEvaluator}.
  *
  * @author Ben Alex
  * @version $Id$

web/src/test/java/org/springframework/security/web/securechannel/ChannelDecisionManagerImplTests.java → web/src/test/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImplTests.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 import static org.mockito.Mockito.mock;
 
@@ -32,8 +32,8 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.web.FilterInvocation;
-import org.springframework.security.web.securechannel.ChannelDecisionManagerImpl;
-import org.springframework.security.web.securechannel.ChannelProcessor;
+import org.springframework.security.web.access.channel.ChannelDecisionManagerImpl;
+import org.springframework.security.web.access.channel.ChannelProcessor;
 
 
 /**

web/src/test/java/org/springframework/security/web/securechannel/ChannelProcessingFilterTests.java → web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;
@@ -31,9 +31,9 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.web.FilterInvocation;
-import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.securechannel.ChannelDecisionManager;
-import org.springframework.security.web.securechannel.ChannelProcessingFilter;
+import org.springframework.security.web.access.channel.ChannelDecisionManager;
+import org.springframework.security.web.access.channel.ChannelProcessingFilter;
+import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
 
 
 /**

web/src/test/java/org/springframework/security/web/securechannel/InsecureChannelProcessorTests.java → web/src/test/java/org/springframework/security/web/access/channel/InsecureChannelProcessorTests.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 import static org.mockito.Mockito.mock;
 
@@ -25,7 +25,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.web.FilterInvocation;
-import org.springframework.security.web.securechannel.InsecureChannelProcessor;
+import org.springframework.security.web.access.channel.InsecureChannelProcessor;
 
 
 /**

web/src/test/java/org/springframework/security/web/securechannel/RetryWithHttpEntryPointTests.java → web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPointTests.java

@@ -13,14 +13,14 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 import junit.framework.TestCase;
 
 import org.springframework.security.MockPortResolver;
 
 import org.springframework.security.web.PortMapperImpl;
-import org.springframework.security.web.securechannel.RetryWithHttpEntryPoint;
+import org.springframework.security.web.access.channel.RetryWithHttpEntryPoint;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;

web/src/test/java/org/springframework/security/web/securechannel/RetryWithHttpsEntryPointTests.java → web/src/test/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPointTests.java

@@ -13,14 +13,14 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 import junit.framework.TestCase;
 
 import org.springframework.security.MockPortResolver;
 
 import org.springframework.security.web.PortMapperImpl;
-import org.springframework.security.web.securechannel.RetryWithHttpsEntryPoint;
+import org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;

web/src/test/java/org/springframework/security/web/securechannel/SecureChannelProcessorTests.java → web/src/test/java/org/springframework/security/web/access/channel/SecureChannelProcessorTests.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.securechannel;
+package org.springframework.security.web.access.channel;
 
 import static org.mockito.Mockito.mock;
 
@@ -25,7 +25,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.web.FilterInvocation;
-import org.springframework.security.web.securechannel.SecureChannelProcessor;
+import org.springframework.security.web.access.channel.SecureChannelProcessor;
 
 
 /**

web/src/test/java/org/springframework/security/web/expression/WebSecurityExpressionRootTests.java → web/src/test/java/org/springframework/security/web/access/expression/WebSecurityExpressionRootTests.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.expression;
+package org.springframework.security.web.access.expression;
 
 import static org.junit.Assert.*;
 import static org.mockito.Mockito.mock;
@@ -10,6 +10,7 @@ import org.junit.Test;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.access.expression.WebSecurityExpressionRoot;
 
 /**
  * Tests for {@link WebSecurityExpressionRoot}.

web/src/test/java/org/springframework/security/web/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java → web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.intercept;
+package org.springframework.security.web.access.intercept;
 
 import static org.junit.Assert.*;
 import static org.mockito.Mockito.mock;
@@ -29,8 +29,8 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.web.FilterInvocation;
-import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.intercept.RequestKey;
+import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.access.intercept.RequestKey;
 import org.springframework.security.web.util.AntUrlPathMatcher;
 
 /**

web/src/test/java/org/springframework/security/web/intercept/FilterInvocationTests.java → web/src/test/java/org/springframework/security/web/access/intercept/FilterInvocationTests.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.intercept;
+package org.springframework.security.web.access.intercept;
 
 import static org.junit.Assert.assertEquals;
 import static org.mockito.Mockito.mock;

web/src/test/java/org/springframework/security/web/intercept/FilterSecurityInterceptorTests.java → web/src/test/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptorTests.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.intercept;
+package org.springframework.security.web.access.intercept;
 
 import java.util.List;
 
@@ -38,6 +38,8 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 
 
 /**

web/src/test/java/org/springframework/security/web/intercept/RequestKeyTests.java → web/src/test/java/org/springframework/security/web/access/intercept/RequestKeyTests.java

@@ -1,9 +1,9 @@
-package org.springframework.security.web.intercept;
+package org.springframework.security.web.access.intercept;
 
 import static org.junit.Assert.*;
 
 import org.junit.Test;
-import org.springframework.security.web.intercept.RequestKey;
+import org.springframework.security.web.access.intercept.RequestKey;
 
 /**
  * 

web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java → web/src/test/java/org/springframework/security/web/authentication/ConcurrentSessionFilterTests.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.concurrent;
+package org.springframework.security.web.authentication;
 
 import junit.framework.TestCase;
 import org.springframework.mock.web.MockFilterConfig;
@@ -22,7 +22,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.authentication.concurrent.SessionRegistry;
 import org.springframework.security.authentication.concurrent.SessionRegistryImpl;
-import org.springframework.security.web.concurrent.ConcurrentSessionFilter;
+import org.springframework.security.web.authentication.concurrent.ConcurrentSessionFilter;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;

web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java

@@ -17,6 +17,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.web.FilterChainOrder;
+import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 
 /**
  *