Update docs to point to ACL samples

Closes gh-10110

docs/manual/src/docs/asciidoc/_includes/servlet/authorization/acls.adoc

@@ -125,7 +125,7 @@ This should therefore work with all major databases.
 At the time of writing, the system had been successfully tested using Hypersonic SQL, PostgreSQL, Microsoft SQL Server and Oracle.
 
 Two samples ship with Spring Security that demonstrate the ACL module.
-The first is the Contacts Sample, and the other is the Document Management System (DMS) Sample.
+The first is the {gh-samples-url}/servlet/xml/java/contacts[Contacts Sample], and the other is the {gh-samples-url}/servlet/xml/java/dms[Document Management System (DMS) Sample].
 We suggest taking a look over these for examples.
 
 

docs/manual/src/docs/asciidoc/_includes/servlet/authorization/expression-based.adoc

@@ -258,7 +258,7 @@ Their use is enabled through the `global-method-security` namespace element:
 
 ===== Access Control using @PreAuthorize and @PostAuthorize
 The most obviously useful annotation is `@PreAuthorize` which decides whether a method can actually be invoked or not.
-For example (from the "Contacts" sample application)
+For example (from the {gh-samples-url}/servlet/xml/java/contacts[Contacts] sample application)
 
 ====
 .Java
@@ -492,7 +492,7 @@ This would look something like this:
 
 Where `myPermissionEvaluator` is the bean which implements `PermissionEvaluator`.
 Usually this will be the implementation from the ACL module which is called `AclPermissionEvaluator`.
-See the "Contacts" sample application configuration for more details.
+See the {gh-samples-url}/servlet/xml/java/contacts[Contacts] sample application configuration for more details.
 
 ===== Method Security Meta Annotations