SEC-1132: Moved access-control/authorization specific code to org.sf.security.access package. Created provisioning package for user management classes to remove cyclical deps. Some other moving of classes to remove code tangles. Restructuring of portlet module under org.sf.security.portlet

acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java

@@ -7,6 +7,7 @@ import java.util.List;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.security.Authentication;
+import org.springframework.security.access.expression.PermissionEvaluator;
 import org.springframework.security.acls.domain.BasePermission;
 import org.springframework.security.acls.objectidentity.ObjectIdentity;
 import org.springframework.security.acls.objectidentity.ObjectIdentityGenerator;
@@ -15,12 +16,11 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityRetrievalS
 import org.springframework.security.acls.sid.Sid;
 import org.springframework.security.acls.sid.SidRetrievalStrategy;
 import org.springframework.security.acls.sid.SidRetrievalStrategyImpl;
-import org.springframework.security.expression.PermissionEvaluator;
 
 /**
  * Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular
  * object using the ACL module. Similar in behaviour to
- * {@link org.springframework.security.vote.AclEntryVoter AclEntryVoter}.
+ * {@link org.springframework.security.access.vote.AclEntryVoter AclEntryVoter}.
  *
  * @author Luke Taylor
  * @version $Id$

acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java

@@ -19,8 +19,9 @@ import java.util.Arrays;
 import java.util.List;
 
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
 
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.intercept.AfterInvocationProvider;
 import org.springframework.security.acls.Acl;
 import org.springframework.security.acls.AclService;
 import org.springframework.security.acls.NotFoundException;
@@ -32,7 +33,6 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityRetrievalS
 import org.springframework.security.acls.sid.Sid;
 import org.springframework.security.acls.sid.SidRetrievalStrategy;
 import org.springframework.security.acls.sid.SidRetrievalStrategyImpl;
-import org.springframework.security.afterinvocation.AfterInvocationProvider;
 
 import org.springframework.util.Assert;
 

acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java

@@ -19,10 +19,10 @@ import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
-import org.springframework.security.AuthorizationServiceException;
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.AuthorizationServiceException;
+import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.acls.AclService;
 import org.springframework.security.acls.Permission;
 

acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java

@@ -21,10 +21,10 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
-import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
 import org.springframework.security.SpringSecurityMessageSource;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.acls.AclService;
 import org.springframework.security.acls.Permission;
 

acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java

@@ -18,9 +18,9 @@ package org.springframework.security.acls.domain;
 import java.util.Arrays;
 import java.util.List;
 
-import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
 import org.springframework.security.GrantedAuthority;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.acls.Acl;
 import org.springframework.security.acls.sid.PrincipalSid;
 import org.springframework.security.acls.sid.Sid;

acl/src/main/java/org/springframework/security/acls/vote/AclEntryVoter.java

@@ -22,8 +22,9 @@ import java.util.List;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.security.Authentication;
-import org.springframework.security.AuthorizationServiceException;
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.AuthorizationServiceException;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.vote.AbstractAclVoter;
 import org.springframework.security.acls.Acl;
 import org.springframework.security.acls.AclService;
 import org.springframework.security.acls.NotFoundException;
@@ -34,7 +35,6 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityRetrievalS
 import org.springframework.security.acls.sid.Sid;
 import org.springframework.security.acls.sid.SidRetrievalStrategy;
 import org.springframework.security.acls.sid.SidRetrievalStrategyImpl;
-import org.springframework.security.vote.AbstractAclVoter;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
@@ -55,7 +55,7 @@ import org.springframework.util.StringUtils;
  * method.
  * <p>
  * If the method argument is <tt>null</tt>, the voter will abstain from voting. If the method argument
- * could not be found, an {@link org.springframework.security.AuthorizationServiceException} will be thrown.
+ * could not be found, an {@link org.springframework.security.access.AuthorizationServiceException} will be thrown.
  * <p>
  * In practical terms users will typically setup a number of <tt>AclEntryVoter</tt>s. Each will have a
  * different {@link #processDomainObjectClass}, {@link #processConfigAttribute} and {@link #requirePermission}

acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java

@@ -3,10 +3,10 @@ package org.springframework.security.acls.domain;
 import junit.framework.Assert;
 import junit.framework.TestCase;
 
-import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.acls.Acl;
 import org.springframework.security.acls.MutableAcl;
 import org.springframework.security.acls.NotFoundException;

cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java

@@ -29,12 +29,12 @@ import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.cas.ServiceProperties;
 import org.springframework.security.cas.authentication.cache.NullStatelessTicketCache;
 import org.springframework.security.cas.web.CasProcessingFilter;
+import org.springframework.security.providers.AccountStatusUserDetailsChecker;
 import org.springframework.security.providers.AuthenticationProvider;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsChecker;
 import org.springframework.security.userdetails.UserDetailsService;
-import org.springframework.security.userdetails.checker.AccountStatusUserDetailsChecker;
 import org.springframework.util.Assert;
 
 

cas/src/main/java/org/springframework/security/cas/web/CasProcessingFilter.java

@@ -26,8 +26,8 @@ import org.springframework.security.AuthenticationException;
 import org.springframework.security.cas.ServiceProperties;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 
+import org.springframework.security.web.FilterChainOrder;
 import org.springframework.security.web.authentication.AbstractProcessingFilter;
-import org.springframework.security.web.util.FilterChainOrder;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

config/src/main/java/org/springframework/security/config/ConfigUtils.java

@@ -12,12 +12,12 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.ManagedList;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
-import org.springframework.security.expression.method.MethodExpressionVoter;
-import org.springframework.security.vote.AccessDecisionVoter;
-import org.springframework.security.vote.AffirmativeBased;
-import org.springframework.security.vote.AuthenticatedVoter;
-import org.springframework.security.vote.RoleVoter;
+import org.springframework.security.access.expression.method.MethodExpressionVoter;
+import org.springframework.security.access.intercept.AfterInvocationProviderManager;
+import org.springframework.security.access.vote.AccessDecisionVoter;
+import org.springframework.security.access.vote.AffirmativeBased;
+import org.springframework.security.access.vote.AuthenticatedVoter;
+import org.springframework.security.access.vote.RoleVoter;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.StringUtils;
 import org.w3c.dom.Element;

config/src/main/java/org/springframework/security/config/CustomAfterInvocationProviderBeanDefinitionDecorator.java

@@ -6,7 +6,7 @@ import org.springframework.beans.factory.xml.ParserContext;
 import org.w3c.dom.Node;
 
 /**
- * Adds the decorated {@link org.springframework.security.afterinvocation.AfterInvocationProvider} to the
+ * Adds the decorated {@link org.springframework.security.access.intercept.AfterInvocationProvider} to the
  * AfterInvocationProviderManager's list.
  *
  * @author Luke Taylor

config/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java

@@ -16,7 +16,7 @@ import org.springframework.beans.factory.ListableBeanFactory;
 import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.core.OrderComparator;
 import org.springframework.core.Ordered;
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.config.ConfigUtils.FilterChainList;
 import org.springframework.security.providers.AnonymousAuthenticationToken;
 import org.springframework.security.web.ExceptionTranslationFilter;

config/src/main/java/org/springframework/security/config/FilterInvocationSecurityMetadataSourceBeanDefinitionParser.java

@@ -6,7 +6,7 @@ import java.util.List;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.util.AntUrlPathMatcher;
 import org.springframework.security.util.UrlMatcher;
 import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;

config/src/main/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParser.java

@@ -16,19 +16,19 @@ import org.springframework.beans.factory.support.ManagedList;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.SecurityConfig;
-import org.springframework.security.expression.method.MethodExpressionAfterInvocationProvider;
-import org.springframework.security.expression.method.MethodExpressionVoter;
-import org.springframework.security.expression.support.DefaultMethodSecurityExpressionHandler;
-import org.springframework.security.intercept.method.DelegatingMethodSecurityMetadataSource;
-import org.springframework.security.intercept.method.MapBasedMethodSecurityMetadataSource;
-import org.springframework.security.intercept.method.ProtectPointcutPostProcessor;
-import org.springframework.security.intercept.method.aopalliance.MethodSecurityMetadataSourceAdvisor;
-import org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor;
-import org.springframework.security.vote.AffirmativeBased;
-import org.springframework.security.vote.AuthenticatedVoter;
-import org.springframework.security.vote.RoleVoter;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.SecurityConfig;
+import org.springframework.security.access.expression.method.MethodExpressionAfterInvocationProvider;
+import org.springframework.security.access.expression.method.MethodExpressionVoter;
+import org.springframework.security.access.expression.support.DefaultMethodSecurityExpressionHandler;
+import org.springframework.security.access.intercept.method.DelegatingMethodSecurityMetadataSource;
+import org.springframework.security.access.intercept.method.MapBasedMethodSecurityMetadataSource;
+import org.springframework.security.access.intercept.method.ProtectPointcutPostProcessor;
+import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor;
+import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityMetadataSourceAdvisor;
+import org.springframework.security.access.vote.AffirmativeBased;
+import org.springframework.security.access.vote.AuthenticatedVoter;
+import org.springframework.security.access.vote.RoleVoter;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
@@ -45,10 +45,10 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
     private final Log logger = LogFactory.getLog(getClass());
 
-    static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.SecuredMethodSecurityMetadataSource";
-    static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource";
-    static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource";
-    static final String JSR_250_VOTER_CLASS = "org.springframework.security.annotation.Jsr250Voter";
+    static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.access.annotation.SecuredMethodSecurityMetadataSource";
+    static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.access.expression.method.ExpressionAnnotationMethodSecurityMetadataSource";
+    static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource";
+    static final String JSR_250_VOTER_CLASS = "org.springframework.security.access.annotation.Jsr250Voter";
 
     /*
      * Internal Bean IDs which are only used within this class

config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java

@@ -16,15 +16,15 @@ import org.springframework.beans.factory.support.ManagedList;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeEditor;
-import org.springframework.security.SecurityConfig;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.ConfigAttributeEditor;
+import org.springframework.security.access.SecurityConfig;
+import org.springframework.security.access.vote.AccessDecisionVoter;
+import org.springframework.security.access.vote.AuthenticatedVoter;
+import org.springframework.security.access.vote.RoleVoter;
 import org.springframework.security.util.AntUrlPathMatcher;
 import org.springframework.security.util.RegexUrlPathMatcher;
 import org.springframework.security.util.UrlMatcher;
-import org.springframework.security.vote.AccessDecisionVoter;
-import org.springframework.security.vote.AuthenticatedVoter;
-import org.springframework.security.vote.RoleVoter;
 import org.springframework.security.web.AccessDeniedHandlerImpl;
 import org.springframework.security.web.ExceptionTranslationFilter;
 import org.springframework.security.web.FilterChainProxy;

config/src/main/java/org/springframework/security/config/InterceptMethodsBeanDefinitionDecorator.java

@@ -10,7 +10,7 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor;
+import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;

config/src/main/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParser.java

@@ -18,7 +18,7 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
     static final String ATT_ROLE_PREFIX = "role-prefix";
 
     protected String getBeanClassName(Element element) {
-        return "org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager";
+        return "org.springframework.security.provisioning.JdbcUserDetailsManager";
     }
 
     protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
@@ -30,24 +30,24 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
             parserContext.getReaderContext().error(ATT_DATA_SOURCE  + " is required for "
                     + Elements.JDBC_USER_SERVICE, parserContext.extractSource(element));
         }
-        
+
         String usersQuery = element.getAttribute(ATT_USERS_BY_USERNAME_QUERY);
         String authoritiesQuery = element.getAttribute(ATT_AUTHORITIES_BY_USERNAME_QUERY);
         String groupAuthoritiesQuery = element.getAttribute(ATT_GROUP_AUTHORITIES_QUERY);
         String rolePrefix = element.getAttribute(ATT_ROLE_PREFIX);
-        
+
         if (StringUtils.hasText(rolePrefix)) {
             builder.addPropertyValue("rolePrefix", rolePrefix);
         }
-        
+
         if (StringUtils.hasText(usersQuery)) {
             builder.addPropertyValue("usersByUsernameQuery", usersQuery);
         }
-        
+
         if (StringUtils.hasText(authoritiesQuery)) {
             builder.addPropertyValue("authoritiesByUsernameQuery", authoritiesQuery);
         }
-        
+
         if (StringUtils.hasText(groupAuthoritiesQuery)) {
             builder.addPropertyValue("enableGroups", Boolean.TRUE);
             builder.addPropertyValue("groupAuthoritiesByUsernameQuery", groupAuthoritiesQuery);

config/src/main/java/org/springframework/security/config/MethodSecurityInterceptorPostProcessor.java

@@ -6,8 +6,8 @@ import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.BeanFactory;
 import org.springframework.beans.factory.BeanFactoryAware;
 import org.springframework.beans.factory.config.BeanPostProcessor;
-import org.springframework.security.AfterInvocationManager;
-import org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor;
+import org.springframework.security.access.intercept.AfterInvocationManager;
+import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor;
 
 /**
  * BeanPostProcessor which sets the AfterInvocationManager on the global MethodSecurityInterceptor,

config/src/main/java/org/springframework/security/config/OrderedFilterBeanDefinitionDecorator.java

@@ -15,7 +15,7 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.core.Ordered;
-import org.springframework.security.web.util.FilterChainOrder;
+import org.springframework.security.web.FilterChainOrder;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import org.w3c.dom.Element;

config/src/test/java/org/springframework/security/config/CustomAfterInvocationProviderBeanDefinitionDecoratorTests.java

@@ -5,9 +5,9 @@ import static org.junit.Assert.*;
 import org.junit.After;
 import org.junit.Test;
 import org.springframework.context.support.AbstractXmlApplicationContext;
-import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
+import org.springframework.security.access.intercept.AfterInvocationProviderManager;
+import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
-import org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor;
 
 public class CustomAfterInvocationProviderBeanDefinitionDecoratorTests {
     private AbstractXmlApplicationContext appContext;

config/src/test/java/org/springframework/security/config/FilterInvocationSecurityMetadataSourceBeanDefinitionParserTests.java

@@ -11,11 +11,11 @@ import org.springframework.context.support.AbstractXmlApplicationContext;
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.SecurityConfig;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
+import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.intercept.FilterInvocation;
 import org.w3c.dom.Element;
 
 /**

config/src/test/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParserTests.java

@@ -11,24 +11,24 @@ import org.junit.After;
 import org.junit.Test;
 import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
 import org.springframework.context.support.AbstractXmlApplicationContext;
-import org.springframework.security.AccessDeniedException;
 import org.springframework.security.AuthenticationCredentialsNotFoundException;
-import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
-import org.springframework.security.annotation.BusinessService;
-import org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource;
-import org.springframework.security.annotation.Jsr250Voter;
-import org.springframework.security.annotation.SecuredMethodSecurityMetadataSource;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.annotation.BusinessService;
+import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource;
+import org.springframework.security.access.annotation.Jsr250Voter;
+import org.springframework.security.access.annotation.SecuredMethodSecurityMetadataSource;
+import org.springframework.security.access.expression.method.ExpressionAnnotationMethodSecurityMetadataSource;
+import org.springframework.security.access.expression.method.MethodExpressionAfterInvocationProvider;
+import org.springframework.security.access.expression.method.MethodExpressionVoter;
+import org.springframework.security.access.intercept.AfterInvocationProviderManager;
+import org.springframework.security.access.vote.AffirmativeBased;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource;
-import org.springframework.security.expression.method.MethodExpressionAfterInvocationProvider;
-import org.springframework.security.expression.method.MethodExpressionVoter;
 import org.springframework.security.providers.TestingAuthenticationToken;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.userdetails.UserDetailsService;
 import org.springframework.security.util.AuthorityUtils;
 import org.springframework.security.util.FieldUtils;
-import org.springframework.security.vote.AffirmativeBased;
 
 /**
  * @author Ben Alex
@@ -42,7 +42,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
 
     public void loadContext() {
         setContext(
-                "<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/>" +
+                "<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" +
                 "<global-method-security>" +
                 "    <protect-pointcut expression='execution(* *.someUser*(..))' access='ROLE_USER'/>" +
                 "    <protect-pointcut expression='execution(* *.someAdmin*(..))' access='ROLE_ADMIN'/>" +
@@ -132,10 +132,10 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
     @Test
     public void supportsMethodArgumentsInPointcut() {
         setContext(
-                "<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/>" +
+                "<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" +
                 "<global-method-security>" +
-                "   <protect-pointcut expression='execution(* org.springframework.security.annotation.BusinessService.someOther(String))' access='ROLE_ADMIN'/>" +
-                "   <protect-pointcut expression='execution(* org.springframework.security.annotation.BusinessService.*(..))' access='ROLE_USER'/>" +
+                "   <protect-pointcut expression='execution(* org.springframework.security.access.annotation.BusinessService.someOther(String))' access='ROLE_ADMIN'/>" +
+                "   <protect-pointcut expression='execution(* org.springframework.security.access.annotation.BusinessService.*(..))' access='ROLE_USER'/>" +
                 "</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML
         );
         SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
@@ -154,11 +154,11 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
     @Test
     public void supportsBooleanPointcutExpressions() {
         setContext(
-                "<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/>" +
+                "<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" +
                 "<global-method-security>" +
                 "   <protect-pointcut expression=" +
-                "     'execution(* org.springframework.security.annotation.BusinessService.*(..)) " +
-                "       and not execution(* org.springframework.security.annotation.BusinessService.someOther(String)))' " +
+                "     'execution(* org.springframework.security.access.annotation.BusinessService.*(..)) " +
+                "       and not execution(* org.springframework.security.access.annotation.BusinessService.someOther(String)))' " +
                 "               access='ROLE_USER'/>" +
                 "</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML
         );
@@ -191,7 +191,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
                 "<global-method-security secured-annotations='enabled'/>" +
                 "<b:bean id='businessService' class='org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean'>" +
                 "    <b:property name='serviceUrl' value='http://localhost:8080/SomeService'/>" +
-                "    <b:property name='serviceInterface' value='org.springframework.security.annotation.BusinessService'/>" +
+                "    <b:property name='serviceInterface' value='org.springframework.security.access.annotation.BusinessService'/>" +
                 "</b:bean>" + AUTH_PROVIDER_XML
                 );
 
@@ -220,7 +220,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
     public void accessIsDeniedForHasRoleExpression() {
         setContext(
                 "<global-method-security expression-annotations='enabled'/>" +
-                "<b:bean id='target' class='org.springframework.security.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
+                "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
                 AUTH_PROVIDER_XML);
         SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("bob","bobspassword"));
         target = (BusinessService) appContext.getBean("target");
@@ -231,7 +231,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
     public void preAndPostFilterAnnotationsWorkWithLists() {
         setContext(
                 "<global-method-security expression-annotations='enabled'/>" +
-                "<b:bean id='target' class='org.springframework.security.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
+                "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
                 AUTH_PROVIDER_XML);
         SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("bob","bobspassword"));
         target = (BusinessService) appContext.getBean("target");
@@ -250,7 +250,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
     public void prePostFilterAnnotationWorksWithArrays() {
         setContext(
                 "<global-method-security expression-annotations='enabled'/>" +
-                "<b:bean id='target' class='org.springframework.security.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
+                "<b:bean id='target' class='org.springframework.security.access.annotation.ExpressionProtectedBusinessServiceImpl'/>" +
                 AUTH_PROVIDER_XML);
         SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("bob","bobspassword"));
         target = (BusinessService) appContext.getBean("target");

config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java

@@ -19,10 +19,10 @@ import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockHttpSession;
-import org.springframework.security.AccessDeniedException;
-import org.springframework.security.ConfigAttribute;
 import org.springframework.security.MockAuthenticationEntryPoint;
-import org.springframework.security.SecurityConfig;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.concurrent.ConcurrentLoginException;
 import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
@@ -34,6 +34,7 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke
 import org.springframework.security.util.FieldUtils;
 import org.springframework.security.web.ExceptionTranslationFilter;
 import org.springframework.security.web.FilterChainProxy;
+import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.PortMapperImpl;
 import org.springframework.security.web.SessionFixationProtectionFilter;
 import org.springframework.security.web.WebAuthenticationDetails;
@@ -55,7 +56,6 @@ import org.springframework.security.web.context.HttpSessionSecurityContextReposi
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
 import org.springframework.security.web.expression.DefaultWebSecurityExpressionHandler;
 import org.springframework.security.web.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.intercept.FilterInvocation;
 import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
 import org.springframework.security.web.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.logout.LogoutFilter;

config/src/test/java/org/springframework/security/config/InterceptMethodsBeanDefinitionDecoratorTests.java

@@ -6,8 +6,8 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
-import org.springframework.security.AccessDeniedException;
 import org.springframework.security.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.util.AuthorityUtils;

config/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java

@@ -1,6 +1,7 @@
 package org.springframework.security.config;
 
 import static org.junit.Assert.*;
+import static org.mockito.Mockito.*;
 
 import org.junit.After;
 import org.junit.Test;
@@ -9,10 +10,11 @@ import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.providers.ProviderManager;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.providers.dao.DaoAuthenticationProvider;
+import org.springframework.security.provisioning.JdbcUserDetailsManager;
 import org.springframework.security.userdetails.UserDetails;
-import org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager;
 import org.springframework.security.util.AuthorityUtils;
 import org.springframework.security.util.FieldUtils;
+import org.w3c.dom.Element;
 
 /**
  * @author Ben Alex
@@ -40,6 +42,11 @@ public class JdbcUserServiceBeanDefinitionParserTests {
         }
     }
 
+    @Test
+    public void beanNameIsCorrect() throws Exception {
+        assertEquals(JdbcUserDetailsManager.class.getName(), new JdbcUserServiceBeanDefinitionParser().getBeanClassName(mock(Element.class)));
+    }
+
     @Test
     public void validUsernameIsFound() {
         setContext("<jdbc-user-service data-source-ref='dataSource'/>" + DATA_SOURCE);

config/src/test/java/org/springframework/security/config/Jsr250AnnotationDrivenBeanDefinitionParserTests.java

@@ -3,9 +3,9 @@ package org.springframework.security.config;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
-import org.springframework.security.AccessDeniedException;
 import org.springframework.security.AuthenticationCredentialsNotFoundException;
-import org.springframework.security.annotation.BusinessService;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.annotation.BusinessService;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
@@ -23,7 +23,7 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
     @Before
     public void loadContext() {
         appContext = new InMemoryXmlApplicationContext(
-                "<b:bean id='target' class='org.springframework.security.annotation.Jsr250BusinessServiceImpl'/>" +
+                "<b:bean id='target' class='org.springframework.security.access.annotation.Jsr250BusinessServiceImpl'/>" +
                 "<global-method-security jsr250-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML
                 );
         target = (BusinessService) appContext.getBean("target");

config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java

@@ -2,10 +2,10 @@ package org.springframework.security.config;
 
 import java.util.List;
 
-import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.afterinvocation.AfterInvocationProvider;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.intercept.AfterInvocationProvider;
 
 public class MockAfterInvocationProvider implements AfterInvocationProvider {
 

config/src/test/java/org/springframework/security/config/SecuredAnnotationDrivenBeanDefinitionParserTests.java

@@ -3,9 +3,9 @@ package org.springframework.security.config;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
-import org.springframework.security.AccessDeniedException;
 import org.springframework.security.AuthenticationCredentialsNotFoundException;
-import org.springframework.security.annotation.BusinessService;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.annotation.BusinessService;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
@@ -24,7 +24,7 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
     public void loadContext() {
         SecurityContextHolder.clearContext();
         appContext = new InMemoryXmlApplicationContext(
-                "<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/>" +
+                "<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" +
                 "<global-method-security secured-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML
                 );
         target = (BusinessService) appContext.getBean("target");

config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java

@@ -25,9 +25,9 @@ public class MethodSecurityInterceptorWithAopConfigTests {
         "    </authentication-provider>";
 
     static final String ACCESS_MANAGER_XML =
-        "<b:bean id='accessDecisionManager' class='org.springframework.security.vote.AffirmativeBased'>" +
+        "<b:bean id='accessDecisionManager' class='org.springframework.security.access.vote.AffirmativeBased'>" +
         "   <b:property name='decisionVoters'>" +
-        "       <b:list><b:bean class='org.springframework.security.vote.RoleVoter'/></b:list>" +
+        "       <b:list><b:bean class='org.springframework.security.access.vote.RoleVoter'/></b:list>" +
         "   </b:property>" +
         "</b:bean>";
 
@@ -55,7 +55,7 @@ public class MethodSecurityInterceptorWithAopConfigTests {
                 "     <aop:advisor advice-ref='securityInterceptor' pointcut-ref='targetMethods' />" +
                 "</aop:config>" +
                 "<b:bean id='target' class='org.springframework.security.TargetObject'/>" +
-                "<b:bean id='securityInterceptor' class='org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor' autowire='byType' >" +
+                "<b:bean id='securityInterceptor' class='org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor' autowire='byType' >" +
                 "     <b:property name='securityMetadataSource'>" +
                 "       <b:value>" +
                             "org.springframework.security.TargetObject.makeLower*=ROLE_A\n" +

core/src/main/java/org/springframework/security/GrantedAuthority.java

@@ -17,6 +17,7 @@ package org.springframework.security;
 
 import java.io.Serializable;
 
+import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.userdetails.UserDetails;
 
 /**

core/src/main/java/org/springframework/security/InsufficientAuthenticationException.java

@@ -17,7 +17,7 @@ package org.springframework.security;
 
 /**
  * Thrown if an authentication request is rejected because the credentials are not sufficiently trusted.<p>{{@link
- * org.springframework.security.vote.AccessDecisionVoter}s will typically throw this exception if they are dissatisfied with the
+ * org.springframework.security.access.vote.AccessDecisionVoter}s will typically throw this exception if they are dissatisfied with the
  * level of the authentication, such as if performed using a remember-me mechanism or anonymously. The commonly used
  * {@link org.springframework.security.ui.ExceptionTranslationFilter} will thus cause the <code>AuthenticationEntryPoint</code>
  * to be called, allowing the principal to authenticate with a stronger level of authentication.}</p>

core/src/main/java/org/springframework/security/SpringSecurityException.java

@@ -19,8 +19,10 @@ import org.springframework.core.NestedRuntimeException;
 
 
 /**
- * Abstract superclass for all exceptions thrown in the security package and subpackages.<p>Note that this is a
- * runtime (unchecked) exception. Security exceptions are usually fatal; there is no reason for them to be checked.</p>
+ * Abstract superclass for all exceptions thrown in the security package and subpackages.
+ * <p>
+ * Note that this is a runtime (unchecked) exception. Security exceptions are usually fatal; there is no reason for
+ * them to be checked.
  *
  * @author Ben Alex
  * @version $Id$

core/src/main/java/org/springframework/security/event/authorization/AbstractAuthorizationEvent.java → core/src/main/java/org/springframework/security/access/AbstractAuthorizationEvent.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.event.authorization;
+package org.springframework.security.access;
 
 import org.springframework.context.ApplicationEvent;
 
@@ -27,7 +27,7 @@ import org.springframework.context.ApplicationEvent;
 public abstract class AbstractAuthorizationEvent extends ApplicationEvent {
     //~ Constructors ===================================================================================================
 
-/**
+    /**
      * Construct the event, passing in the secure object being intercepted.
      *
      * @param secureObject the secure object

core/src/main/java/org/springframework/security/AccessDecisionManager.java → core/src/main/java/org/springframework/security/access/AccessDecisionManager.java

@@ -13,10 +13,13 @@
  * limitations under the License.
  */
 
-package org.springframework.security;
+package org.springframework.security.access;
 
 import java.util.List;
 
+import org.springframework.security.Authentication;
+import org.springframework.security.InsufficientAuthenticationException;
+
 /**
  * Makes a final access control (authorization) decision.
  *

core/src/main/java/org/springframework/security/AccessDeniedException.java → core/src/main/java/org/springframework/security/access/AccessDeniedException.java

@@ -13,7 +13,10 @@
  * limitations under the License.
  */
 
-package org.springframework.security;
+package org.springframework.security.access;
+
+import org.springframework.security.Authentication;
+import org.springframework.security.SpringSecurityException;
 
 /**
  * Thrown if an {@link Authentication} object does not hold a required authority.

core/src/main/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEvent.java → core/src/main/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEvent.java

@@ -13,12 +13,11 @@
  * limitations under the License.
  */
 
-package org.springframework.security.event.authorization;
+package org.springframework.security.access;
 
 import java.util.List;
 
 import org.springframework.security.AuthenticationCredentialsNotFoundException;
-import org.springframework.security.ConfigAttribute;
 
 
 /**

core/src/main/java/org/springframework/security/event/authorization/AuthorizationFailureEvent.java → core/src/main/java/org/springframework/security/access/AuthorizationFailureEvent.java

@@ -13,13 +13,11 @@
  * limitations under the License.
  */
 
-package org.springframework.security.event.authorization;
+package org.springframework.security.access;
 
 import java.util.List;
 
-import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
 
 
 /**
@@ -27,8 +25,8 @@ import org.springframework.security.ConfigAttribute;
  * be authorized for the request.
  *
  * <p>This event might be thrown as a result of either an
- * {@link org.springframework.security.AccessDecisionManager AccessDecisionManager} or an
- * {@link org.springframework.security.AfterInvocationManager AfterInvocationManager}.
+ * {@link org.springframework.security.access.AccessDecisionManager AccessDecisionManager} or an
+ * {@link org.springframework.security.access.intercept.AfterInvocationManager AfterInvocationManager}.
  *
  * @author Ben Alex
  * @version $Id$

core/src/main/java/org/springframework/security/AuthorizationServiceException.java → core/src/main/java/org/springframework/security/access/AuthorizationServiceException.java

@@ -13,11 +13,13 @@
  * limitations under the License.
  */
 
-package org.springframework.security;
+package org.springframework.security.access;
 
 /**
- * Thrown if an authorization request could not be processed due to a system problem.<p>This might be thrown if an
- * <code>AccessDecisionManager</code> implementation could not locate a required method argument, for example.</p>
+ * Thrown if an authorization request could not be processed due to a system problem.
+ * <p>
+ * This might be thrown if an <code>AccessDecisionManager</code> implementation could not locate a required method
+ * argument, for example.
  *
  * @author Ben Alex
  * @version $Id$
@@ -25,7 +27,7 @@ package org.springframework.security;
 public class AuthorizationServiceException extends AccessDeniedException {
     //~ Constructors ===================================================================================================
 
-/**
+    /**
      * Constructs an <code>AuthorizationServiceException</code> with the
      * specified message.
      *
@@ -35,7 +37,7 @@ public class AuthorizationServiceException extends AccessDeniedException {
         super(msg);
     }
 
-/**
+    /**
      * Constructs an <code>AuthorizationServiceException</code> with the
      * specified message and root cause.
      *

core/src/main/java/org/springframework/security/event/authorization/AuthorizedEvent.java → core/src/main/java/org/springframework/security/access/AuthorizedEvent.java

@@ -13,12 +13,11 @@
  * limitations under the License.
  */
 
-package org.springframework.security.event.authorization;
+package org.springframework.security.access;
 
 import java.util.List;
 
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
 
 
 /**

core/src/main/java/org/springframework/security/ConfigAttribute.java → core/src/main/java/org/springframework/security/access/ConfigAttribute.java

@@ -13,16 +13,18 @@
  * limitations under the License.
  */
 
-package org.springframework.security;
+package org.springframework.security.access;
 
 import java.io.Serializable;
 
+import org.springframework.security.access.intercept.RunAsManager;
+
 
 /**
  * Stores a security system related configuration attribute.
  *
  * <p>
- * When an {@link org.springframework.security.intercept.AbstractSecurityInterceptor}
+ * When an {@link org.springframework.security.access.intercept.AbstractSecurityInterceptor}
  * is set up, a list of configuration attributes is defined for secure object
  * patterns. These configuration attributes have special meaning to a {@link RunAsManager},
  * {@link AccessDecisionManager} or <code>AccessDecisionManager</code> delegate.

core/src/main/java/org/springframework/security/ConfigAttributeEditor.java → core/src/main/java/org/springframework/security/access/ConfigAttributeEditor.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security;
+package org.springframework.security.access;
 
 import org.springframework.util.StringUtils;
 

core/src/main/java/org/springframework/security/event/authorization/LoggerListener.java → core/src/main/java/org/springframework/security/access/LoggerListener.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.event.authorization;
+package org.springframework.security.access;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

core/src/main/java/org/springframework/security/event/authorization/PublicInvocationEvent.java → core/src/main/java/org/springframework/security/access/PublicInvocationEvent.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.event.authorization;
+package org.springframework.security.access;
 
 /**
  * Event that is generated whenever a public secure object is invoked.<p>A public secure object is a secure object

core/src/main/java/org/springframework/security/SecurityConfig.java → core/src/main/java/org/springframework/security/access/SecurityConfig.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security;
+package org.springframework.security.access;
 
 import java.util.ArrayList;
 import java.util.List;

core/src/main/java/org/springframework/security/annotation/Jsr250MethodSecurityMetadataSource.java → core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.annotation;
+package org.springframework.security.access.annotation;
 
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
@@ -26,8 +26,8 @@ import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 
 import org.springframework.core.annotation.AnnotationUtils;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.intercept.method.AbstractFallbackMethodSecurityMetadataSource;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.intercept.method.AbstractFallbackMethodSecurityMetadataSource;
 
 
 /**

core/src/main/java/org/springframework/security/annotation/Jsr250SecurityConfig.java → core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java

@@ -1,6 +1,6 @@
-package org.springframework.security.annotation;
+package org.springframework.security.access.annotation;
 
-import org.springframework.security.SecurityConfig;
+import org.springframework.security.access.SecurityConfig;
 
 import javax.annotation.security.PermitAll;
 import javax.annotation.security.DenyAll;

core/src/main/java/org/springframework/security/annotation/Jsr250Voter.java → core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java

@@ -1,11 +1,11 @@
-package org.springframework.security.annotation;
+package org.springframework.security.access.annotation;
 
 import java.util.List;
 
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
 import org.springframework.security.GrantedAuthority;
-import org.springframework.security.vote.AccessDecisionVoter;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.vote.AccessDecisionVoter;
 
 /**
  * Voter on JSR-250 configuration attributes.

core/src/main/java/org/springframework/security/annotation/Secured.java → core/src/main/java/org/springframework/security/access/annotation/Secured.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.annotation;
+package org.springframework.security.access.annotation;
 
 import java.lang.annotation.Documented;
 import java.lang.annotation.ElementType;

core/src/main/java/org/springframework/security/annotation/SecuredMethodSecurityMetadataSource.java → core/src/main/java/org/springframework/security/access/annotation/SecuredMethodSecurityMetadataSource.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.annotation;
+package org.springframework.security.access.annotation;
 
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
@@ -22,9 +22,9 @@ import java.util.Collection;
 import java.util.List;
 
 import org.springframework.core.annotation.AnnotationUtils;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.SecurityConfig;
-import org.springframework.security.intercept.method.AbstractFallbackMethodSecurityMetadataSource;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.SecurityConfig;
+import org.springframework.security.access.intercept.method.AbstractFallbackMethodSecurityMetadataSource;
 
 
 /**

core/src/main/java/org/springframework/security/authoritymapping/Attributes2GrantedAuthoritiesMapper.java → core/src/main/java/org/springframework/security/access/authoritymapping/Attributes2GrantedAuthoritiesMapper.java

@@ -1,4 +1,4 @@
-package org.springframework.security.authoritymapping;
+package org.springframework.security.access.authoritymapping;
 
 import java.util.Collection;
 import java.util.List;

core/src/main/java/org/springframework/security/authoritymapping/MapBasedAttributes2GrantedAuthoritiesMapper.java → core/src/main/java/org/springframework/security/access/authoritymapping/MapBasedAttributes2GrantedAuthoritiesMapper.java

@@ -1,4 +1,4 @@
-package org.springframework.security.authoritymapping;
+package org.springframework.security.access.authoritymapping;
 
 import java.util.ArrayList;
 import java.util.Collection;
@@ -144,7 +144,7 @@ public class MapBasedAttributes2GrantedAuthoritiesMapper implements Attributes2G
 
     /**
      *
-     * @see org.springframework.security.authoritymapping.MappableAttributesRetriever#getMappableAttributes()
+     * @see org.springframework.security.access.authoritymapping.MappableAttributesRetriever#getMappableAttributes()
      */
     public Set<String> getMappableAttributes() {
         return mappableAttributes;

core/src/main/java/org/springframework/security/authoritymapping/MappableAttributesRetriever.java → core/src/main/java/org/springframework/security/access/authoritymapping/MappableAttributesRetriever.java

@@ -1,4 +1,4 @@
-package org.springframework.security.authoritymapping;
+package org.springframework.security.access.authoritymapping;
 
 import java.util.Set;
 

core/src/main/java/org/springframework/security/authoritymapping/SimpleAttributes2GrantedAuthoritiesMapper.java → core/src/main/java/org/springframework/security/access/authoritymapping/SimpleAttributes2GrantedAuthoritiesMapper.java

@@ -1,4 +1,4 @@
-package org.springframework.security.authoritymapping;
+package org.springframework.security.access.authoritymapping;
 
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;

core/src/main/java/org/springframework/security/authoritymapping/SimpleMappableAttributesRetriever.java → core/src/main/java/org/springframework/security/access/authoritymapping/SimpleMappableAttributesRetriever.java

@@ -1,4 +1,4 @@
-package org.springframework.security.authoritymapping;
+package org.springframework.security.access.authoritymapping;
 
 import java.util.Collections;
 import java.util.HashSet;
@@ -18,7 +18,7 @@ public class SimpleMappableAttributesRetriever implements MappableAttributesRetr
     /*
      * (non-Javadoc)
      *
-     * @see org.springframework.security.authoritymapping.MappableAttributesRetriever#getMappableAttributes()
+     * @see org.springframework.security.access.authoritymapping.MappableAttributesRetriever#getMappableAttributes()
      */
     public Set<String> getMappableAttributes() {
         return mappableAttributes;

core/src/main/java/org/springframework/security/authoritymapping/XmlMappableAttributesRetriever.java → core/src/main/java/org/springframework/security/access/authoritymapping/XmlMappableAttributesRetriever.java

@@ -1,4 +1,4 @@
-package org.springframework.security.authoritymapping;
+package org.springframework.security.access.authoritymapping;
 
 import java.io.FilterInputStream;
 import java.io.IOException;

core/src/main/java/org/springframework/security/expression/ExpressionUtils.java → core/src/main/java/org/springframework/security/access/expression/ExpressionUtils.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression;
+package org.springframework.security.access.expression;
 
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.EvaluationException;

core/src/main/java/org/springframework/security/expression/MethodSecurityExpressionHandler.java → core/src/main/java/org/springframework/security/access/expression/MethodSecurityExpressionHandler.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression;
+package org.springframework.security.access.expression;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.springframework.expression.EvaluationContext;

core/src/main/java/org/springframework/security/expression/PermissionEvaluator.java → core/src/main/java/org/springframework/security/access/expression/PermissionEvaluator.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression;
+package org.springframework.security.access.expression;
 
 import java.io.Serializable;
 

core/src/main/java/org/springframework/security/expression/annotation/PostAuthorize.java → core/src/main/java/org/springframework/security/access/expression/annotation/PostAuthorize.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression.annotation;
+package org.springframework.security.access.expression.annotation;
 
 import java.lang.annotation.Documented;
 import java.lang.annotation.ElementType;

core/src/main/java/org/springframework/security/expression/annotation/PostFilter.java → core/src/main/java/org/springframework/security/access/expression/annotation/PostFilter.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression.annotation;
+package org.springframework.security.access.expression.annotation;
 
 import java.lang.annotation.Documented;
 import java.lang.annotation.ElementType;

core/src/main/java/org/springframework/security/expression/annotation/PreAuthorize.java → core/src/main/java/org/springframework/security/access/expression/annotation/PreAuthorize.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression.annotation;
+package org.springframework.security.access.expression.annotation;
 
 import java.lang.annotation.Documented;
 import java.lang.annotation.ElementType;

core/src/main/java/org/springframework/security/expression/annotation/PreFilter.java → core/src/main/java/org/springframework/security/access/expression/annotation/PreFilter.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression.annotation;
+package org.springframework.security.access.expression.annotation;
 
 import java.lang.annotation.Documented;
 import java.lang.annotation.ElementType;

core/src/main/java/org/springframework/security/expression/method/AbstractExpressionBasedMethodConfigAttribute.java → core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java

@@ -1,9 +1,9 @@
-package org.springframework.security.expression.method;
+package org.springframework.security.access.expression.method;
 
 import org.springframework.expression.Expression;
 import org.springframework.expression.ParseException;
 import org.springframework.expression.spel.antlr.SpelAntlrExpressionParser;
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.ConfigAttribute;
 import org.springframework.util.Assert;
 
 /**

core/src/main/java/org/springframework/security/expression/method/ExpressionAnnotationMethodSecurityMetadataSource.java → core/src/main/java/org/springframework/security/access/expression/method/ExpressionAnnotationMethodSecurityMetadataSource.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression.method;
+package org.springframework.security.access.expression.method;
 
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
@@ -11,13 +11,13 @@ import org.springframework.expression.Expression;
 import org.springframework.expression.ExpressionParser;
 import org.springframework.expression.ParseException;
 import org.springframework.expression.spel.antlr.SpelAntlrExpressionParser;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.expression.MethodSecurityExpressionHandler;
-import org.springframework.security.expression.annotation.PostAuthorize;
-import org.springframework.security.expression.annotation.PostFilter;
-import org.springframework.security.expression.annotation.PreAuthorize;
-import org.springframework.security.expression.annotation.PreFilter;
-import org.springframework.security.intercept.method.AbstractMethodSecurityMetadataSource;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.expression.MethodSecurityExpressionHandler;
+import org.springframework.security.access.expression.annotation.PostAuthorize;
+import org.springframework.security.access.expression.annotation.PostFilter;
+import org.springframework.security.access.expression.annotation.PreAuthorize;
+import org.springframework.security.access.expression.annotation.PreFilter;
+import org.springframework.security.access.intercept.method.AbstractMethodSecurityMetadataSource;
 import org.springframework.util.ClassUtils;
 
 /**
@@ -75,7 +75,7 @@ public class ExpressionAnnotationMethodSecurityMetadataSource extends AbstractMe
     }
 
     /**
-     * See {@link org.springframework.security.intercept.method.AbstractFallbackMethodSecurityMetadataSource#getAttributes(Method, Class)}
+     * See {@link org.springframework.security.access.intercept.method.AbstractFallbackMethodSecurityMetadataSource#getAttributes(Method, Class)}
      * for the logic of this method. The ordering here is slightly different in that we consider method-specific
      * annotations on an interface before class-level ones.
      */

core/src/main/java/org/springframework/security/expression/method/MethodExpressionAfterInvocationProvider.java → core/src/main/java/org/springframework/security/access/expression/method/MethodExpressionAfterInvocationProvider.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression.method;
+package org.springframework.security.access.expression.method;
 
 import java.util.List;
 
@@ -7,13 +7,13 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
-import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.afterinvocation.AfterInvocationProvider;
-import org.springframework.security.expression.ExpressionUtils;
-import org.springframework.security.expression.MethodSecurityExpressionHandler;
-import org.springframework.security.expression.support.DefaultMethodSecurityExpressionHandler;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.expression.ExpressionUtils;
+import org.springframework.security.access.expression.MethodSecurityExpressionHandler;
+import org.springframework.security.access.expression.support.DefaultMethodSecurityExpressionHandler;
+import org.springframework.security.access.intercept.AfterInvocationProvider;
 
 /**
  * AfterInvocationProvider which handles the @PostAuthorize and @PostFilter annotation expressions.

core/src/main/java/org/springframework/security/expression/method/MethodExpressionVoter.java → core/src/main/java/org/springframework/security/access/expression/method/MethodExpressionVoter.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression.method;
+package org.springframework.security.access.expression.method;
 
 import java.util.Collection;
 import java.util.List;
@@ -9,11 +9,11 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.expression.ExpressionUtils;
-import org.springframework.security.expression.MethodSecurityExpressionHandler;
-import org.springframework.security.expression.support.DefaultMethodSecurityExpressionHandler;
-import org.springframework.security.vote.AccessDecisionVoter;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.expression.ExpressionUtils;
+import org.springframework.security.access.expression.MethodSecurityExpressionHandler;
+import org.springframework.security.access.expression.support.DefaultMethodSecurityExpressionHandler;
+import org.springframework.security.access.vote.AccessDecisionVoter;
 
 /**
  * Voter which performs the actions for @PreFilter and @PostAuthorize annotations.

core/src/main/java/org/springframework/security/expression/method/PostInvocationExpressionAttribute.java → core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression.method;
+package org.springframework.security.access.expression.method;
 
 import org.springframework.expression.Expression;
 import org.springframework.expression.ParseException;

core/src/main/java/org/springframework/security/expression/method/PreInvocationExpressionAttribute.java → core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression.method;
+package org.springframework.security.access.expression.method;
 
 import org.springframework.expression.Expression;
 import org.springframework.expression.ParseException;

core/src/main/java/org/springframework/security/access/expression/support/AbstractSecurityExpressionHandler.java

@@ -0,0 +1,5 @@
+package org.springframework.security.access.expression.support;
+
+public class AbstractSecurityExpressionHandler {
+
+}

core/src/main/java/org/springframework/security/expression/support/DefaultMethodSecurityExpressionHandler.java → core/src/main/java/org/springframework/security/access/expression/support/DefaultMethodSecurityExpressionHandler.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression.support;
+package org.springframework.security.access.expression.support;
 
 import java.lang.reflect.Array;
 import java.util.ArrayList;
@@ -17,9 +17,9 @@ import org.springframework.expression.spel.antlr.SpelAntlrExpressionParser;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationTrustResolver;
 import org.springframework.security.AuthenticationTrustResolverImpl;
-import org.springframework.security.expression.ExpressionUtils;
-import org.springframework.security.expression.PermissionEvaluator;
-import org.springframework.security.expression.MethodSecurityExpressionHandler;
+import org.springframework.security.access.expression.ExpressionUtils;
+import org.springframework.security.access.expression.MethodSecurityExpressionHandler;
+import org.springframework.security.access.expression.PermissionEvaluator;
 
 /**
  * The standard implementation of <tt>SecurityExpressionHandler</tt>.

core/src/main/java/org/springframework/security/expression/support/DenyAllPermissionEvaluator.java → core/src/main/java/org/springframework/security/access/expression/support/DenyAllPermissionEvaluator.java

@@ -1,11 +1,11 @@
-package org.springframework.security.expression.support;
+package org.springframework.security.access.expression.support;
 
 import java.io.Serializable;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.security.Authentication;
-import org.springframework.security.expression.PermissionEvaluator;
+import org.springframework.security.access.expression.PermissionEvaluator;
 
 /**
  * A null PermissionEvaluator which denies all access. Used by default for situations when permission

core/src/main/java/org/springframework/security/expression/support/MethodSecurityEvaluationContext.java → core/src/main/java/org/springframework/security/access/expression/support/MethodSecurityEvaluationContext.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression.support;
+package org.springframework.security.access.expression.support;
 
 import java.lang.reflect.Method;
 

core/src/main/java/org/springframework/security/expression/support/MethodSecurityExpressionRoot.java → core/src/main/java/org/springframework/security/access/expression/support/MethodSecurityExpressionRoot.java

@@ -1,9 +1,9 @@
-package org.springframework.security.expression.support;
+package org.springframework.security.access.expression.support;
 
 import java.io.Serializable;
 
 import org.springframework.security.Authentication;
-import org.springframework.security.expression.PermissionEvaluator;
+import org.springframework.security.access.expression.PermissionEvaluator;
 
 
 /**

core/src/main/java/org/springframework/security/expression/support/SecurityExpressionRoot.java → core/src/main/java/org/springframework/security/access/expression/support/SecurityExpressionRoot.java

@@ -1,4 +1,4 @@
-package org.springframework.security.expression.support;
+package org.springframework.security.access.expression.support;
 
 import java.util.Set;
 

core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/CycleInRoleHierarchyException.java → core/src/main/java/org/springframework/security/access/hierarchicalroles/CycleInRoleHierarchyException.java

@@ -12,7 +12,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.userdetails.hierarchicalroles;
+package org.springframework.security.access.hierarchicalroles;
 
 /**
  * Exception that is thrown because of a cycle in the role hierarchy definition

core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchy.java → core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java

@@ -12,7 +12,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.userdetails.hierarchicalroles;
+package org.springframework.security.access.hierarchicalroles;
 
 import java.util.List;
 

core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImpl.java → core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java

@@ -12,7 +12,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.userdetails.hierarchicalroles;
+package org.springframework.security.access.hierarchicalroles;
 
 
 import org.springframework.security.GrantedAuthority;

core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsServiceWrapper.java → core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsServiceWrapper.java

@@ -12,7 +12,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.userdetails.hierarchicalroles;
+package org.springframework.security.access.hierarchicalroles;
 
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;

core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapper.java → core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsWrapper.java

@@ -12,7 +12,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.userdetails.hierarchicalroles;
+package org.springframework.security.access.hierarchicalroles;
 
 import java.util.List;
 

core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java → core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.intercept;
+package org.springframework.security.access.intercept;
 
 import java.util.Collection;
 import java.util.HashSet;
@@ -29,21 +29,18 @@ import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
-import org.springframework.security.AccessDecisionManager;
-import org.springframework.security.AccessDeniedException;
-import org.springframework.security.AfterInvocationManager;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.AuthenticationManager;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.RunAsManager;
 import org.springframework.security.SpringSecurityMessageSource;
+import org.springframework.security.access.AccessDecisionManager;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.AuthenticationCredentialsNotFoundEvent;
+import org.springframework.security.access.AuthorizationFailureEvent;
+import org.springframework.security.access.AuthorizedEvent;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.PublicInvocationEvent;
 import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent;
-import org.springframework.security.event.authorization.AuthorizationFailureEvent;
-import org.springframework.security.event.authorization.AuthorizedEvent;
-import org.springframework.security.event.authorization.PublicInvocationEvent;
-import org.springframework.security.runas.NullRunAsManager;
 import org.springframework.util.Assert;
 
 /**

core/src/main/java/org/springframework/security/AfterInvocationManager.java → core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java

@@ -13,10 +13,14 @@
  * limitations under the License.
  */
 
-package org.springframework.security;
+package org.springframework.security.access.intercept;
 
 import java.util.List;
 
+import org.springframework.security.Authentication;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.ConfigAttribute;
+
 /**
  * Reviews the <code>Object</code> returned from a secure object invocation,
  * being able to modify the <code>Object</code> or throw an {@link

core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProvider.java → core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProvider.java

@@ -13,13 +13,13 @@
  * limitations under the License.
  */
 
-package org.springframework.security.afterinvocation;
+package org.springframework.security.access.intercept;
 
 import java.util.List;
 
-import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.ConfigAttribute;
 
 
 /**

core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProviderManager.java → core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.afterinvocation;
+package org.springframework.security.access.intercept;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -21,10 +21,9 @@ import java.util.List;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.AccessDeniedException;
-import org.springframework.security.AfterInvocationManager;
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.ConfigAttribute;
 import org.springframework.util.Assert;
 
 

core/src/main/java/org/springframework/security/intercept/InterceptorStatusToken.java → core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java

@@ -13,19 +13,19 @@
  * limitations under the License.
  */
 
-package org.springframework.security.intercept;
+package org.springframework.security.access.intercept;
 
 import java.util.List;
 
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.ConfigAttribute;
 
 
 /**
  * A return object received by {@link AbstractSecurityInterceptor} subclasses.
  * <p>
  * This class reflects the status of the security interception, so that the final call to
- * {@link org.springframework.security.intercept.AbstractSecurityInterceptor#afterInvocation(InterceptorStatusToken, Object)}
+ * {@link org.springframework.security.access.intercept.AbstractSecurityInterceptor#afterInvocation(InterceptorStatusToken, Object)}
  * can tidy up correctly.
  *
  * @author Ben Alex

core/src/main/java/org/springframework/security/runas/NullRunAsManager.java → core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java

@@ -13,13 +13,12 @@
  * limitations under the License.
  */
 
-package org.springframework.security.runas;
+package org.springframework.security.access.intercept;
 
 import java.util.List;
 
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.RunAsManager;
+import org.springframework.security.access.ConfigAttribute;
 
 
 /**
@@ -30,7 +29,7 @@ import org.springframework.security.RunAsManager;
  * @author Ben Alex
  * @version $Id$
  */
-public class NullRunAsManager implements RunAsManager {
+final class NullRunAsManager implements RunAsManager {
     //~ Methods ========================================================================================================
 
     public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {

core/src/main/java/org/springframework/security/runas/RunAsImplAuthenticationProvider.java → core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.runas;
+package org.springframework.security.access.intercept;
 
 import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.Authentication;

core/src/main/java/org/springframework/security/RunAsManager.java → core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java

@@ -13,10 +13,13 @@
  * limitations under the License.
  */
 
-package org.springframework.security;
+package org.springframework.security.access.intercept;
 
 import java.util.List;
 
+import org.springframework.security.Authentication;
+import org.springframework.security.access.ConfigAttribute;
+
 /**
  * Creates a new temporary {@link Authentication} object for the current secure
  * object invocation only.
@@ -25,7 +28,7 @@ import java.util.List;
  * This interface permits implementations to replace the
  * <code>Authentication</code> object that applies to the current secure
  * object invocation only. The {@link
- * org.springframework.security.intercept.AbstractSecurityInterceptor} will replace
+ * org.springframework.security.access.intercept.AbstractSecurityInterceptor} will replace
  * the <code>Authentication</code> object held in the
  * {@link org.springframework.security.context.SecurityContext SecurityContext}
  * for the duration of  the secure object callback only, returning it to

core/src/main/java/org/springframework/security/runas/RunAsManagerImpl.java → core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java

@@ -13,17 +13,16 @@
  * limitations under the License.
  */
 
-package org.springframework.security.runas;
+package org.springframework.security.access.intercept;
 
 import java.util.ArrayList;
 import java.util.List;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
-import org.springframework.security.RunAsManager;
+import org.springframework.security.access.ConfigAttribute;
 import org.springframework.util.Assert;
 
 

core/src/main/java/org/springframework/security/runas/RunAsUserToken.java → core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.runas;
+package org.springframework.security.access.intercept;
 
 import java.util.Arrays;
 import java.util.List;

core/src/main/java/org/springframework/security/intercept/SecurityMetadataSource.java → core/src/main/java/org/springframework/security/access/intercept/SecurityMetadataSource.java

@@ -13,12 +13,12 @@
  * limitations under the License.
  */
 
-package org.springframework.security.intercept;
+package org.springframework.security.access.intercept;
 
 import java.util.Collection;
 import java.util.List;
 
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.ConfigAttribute;
 
 
 /**

core/src/main/java/org/springframework/security/intercept/method/AbstractFallbackMethodSecurityMetadataSource.java → core/src/main/java/org/springframework/security/access/intercept/method/AbstractFallbackMethodSecurityMetadataSource.java

@@ -1,9 +1,9 @@
-package org.springframework.security.intercept.method;
+package org.springframework.security.access.intercept.method;
 
 import java.lang.reflect.Method;
 import java.util.List;
 
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.ConfigAttribute;
 import org.springframework.util.ClassUtils;
 
 /**

core/src/main/java/org/springframework/security/intercept/method/AbstractMethodSecurityMetadataSource.java → core/src/main/java/org/springframework/security/access/intercept/method/AbstractMethodSecurityMetadataSource.java

@@ -13,9 +13,9 @@
  * limitations under the License.
  */
 
-package org.springframework.security.intercept.method;
+package org.springframework.security.access.intercept.method;
 
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.ConfigAttribute;
 
 import org.aopalliance.intercept.MethodInvocation;
 

core/src/main/java/org/springframework/security/intercept/method/DelegatingMethodSecurityMetadataSource.java → core/src/main/java/org/springframework/security/access/intercept/method/DelegatingMethodSecurityMetadataSource.java

@@ -1,4 +1,4 @@
-package org.springframework.security.intercept.method;
+package org.springframework.security.access.intercept.method;
 
 import java.lang.reflect.Method;
 import java.util.Collection;
@@ -10,7 +10,7 @@ import java.util.Map;
 import java.util.Set;
 
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.ConfigAttribute;
 import org.springframework.util.Assert;
 import org.springframework.util.ObjectUtils;
 

core/src/main/java/org/springframework/security/intercept/method/MapBasedMethodSecurityMetadataSource.java → core/src/main/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSource.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.intercept.method;
+package org.springframework.security.access.intercept.method;
 
 import java.lang.reflect.Method;
 import java.util.ArrayList;
@@ -25,7 +25,7 @@ import java.util.Map;
 import java.util.Set;
 
 import org.springframework.beans.factory.BeanClassLoaderAware;
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.ConfigAttribute;
 import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
 

core/src/main/java/org/springframework/security/intercept/method/MethodInvocationPrivilegeEvaluator.java → core/src/main/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluator.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.intercept.method;
+package org.springframework.security.access.intercept.method;
 
 import java.util.List;
 
@@ -21,17 +21,17 @@ import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.intercept.AbstractSecurityInterceptor;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
 import org.springframework.util.Assert;
 
 
 /**
  * Allows users to determine whether they have "before invocation" privileges for a given method invocation.
  * <p>
- * Of course, if an {@link org.springframework.security.AfterInvocationManager} is used to authorize the
+ * Of course, if an {@link org.springframework.security.access.intercept.AfterInvocationManager} is used to authorize the
  * <em>result</em> of a method invocation, this class cannot assist determine whether or not the
  * <code>AfterInvocationManager</code> will enable
  * access. Instead this class aims to allow applications to determine whether or not the current principal would be

core/src/main/java/org/springframework/security/intercept/method/MethodSecurityMetadataSource.java → core/src/main/java/org/springframework/security/access/intercept/method/MethodSecurityMetadataSource.java

@@ -13,13 +13,13 @@
  * limitations under the License.
  */
 
-package org.springframework.security.intercept.method;
+package org.springframework.security.access.intercept.method;
 
 import java.lang.reflect.Method;
 import java.util.List;
 
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.intercept.SecurityMetadataSource;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.intercept.SecurityMetadataSource;
 
 
 /**

core/src/main/java/org/springframework/security/intercept/method/MethodSecurityMetadataSourceEditor.java → core/src/main/java/org/springframework/security/access/intercept/method/MethodSecurityMetadataSourceEditor.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.intercept.method;
+package org.springframework.security.access.intercept.method;
 
 import java.beans.PropertyEditorSupport;
 import java.util.ArrayList;
@@ -24,8 +24,8 @@ import java.util.Map;
 import java.util.Properties;
 
 import org.springframework.beans.propertyeditors.PropertiesEditor;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.SecurityConfig;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.SecurityConfig;
 import org.springframework.util.StringUtils;
 
 

core/src/main/java/org/springframework/security/intercept/method/ProtectPointcutPostProcessor.java → core/src/main/java/org/springframework/security/access/intercept/method/ProtectPointcutPostProcessor.java

@@ -1,4 +1,4 @@
-package org.springframework.security.intercept.method;
+package org.springframework.security.access.intercept.method;
 
 import java.lang.reflect.Method;
 import java.util.HashSet;
@@ -14,8 +14,8 @@ import org.aspectj.weaver.tools.PointcutParser;
 import org.aspectj.weaver.tools.PointcutPrimitive;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.config.BeanPostProcessor;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.intercept.method.aopalliance.MethodSecurityMetadataSourceAdvisor;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityMetadataSourceAdvisor;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 

core/src/main/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptor.java → core/src/main/java/org/springframework/security/access/intercept/method/aopalliance/MethodSecurityInterceptor.java

@@ -13,12 +13,12 @@
  * limitations under the License.
  */
 
-package org.springframework.security.intercept.method.aopalliance;
+package org.springframework.security.access.intercept.method.aopalliance;
 
-import org.springframework.security.intercept.AbstractSecurityInterceptor;
-import org.springframework.security.intercept.InterceptorStatusToken;
-import org.springframework.security.intercept.SecurityMetadataSource;
-import org.springframework.security.intercept.method.MethodSecurityMetadataSource;
+import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
+import org.springframework.security.access.intercept.InterceptorStatusToken;
+import org.springframework.security.access.intercept.SecurityMetadataSource;
+import org.springframework.security.access.intercept.method.MethodSecurityMetadataSource;
 
 import org.aopalliance.intercept.MethodInterceptor;
 import org.aopalliance.intercept.MethodInvocation;

core/src/main/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityMetadataSourceAdvisor.java → core/src/main/java/org/springframework/security/access/intercept/method/aopalliance/MethodSecurityMetadataSourceAdvisor.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.intercept.method.aopalliance;
+package org.springframework.security.access.intercept.method.aopalliance;
 
 import java.lang.reflect.AccessibleObject;
 import java.lang.reflect.Method;
@@ -26,7 +26,7 @@ import org.springframework.aop.support.StaticMethodMatcherPointcut;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.BeanFactory;
 import org.springframework.beans.factory.BeanFactoryAware;
-import org.springframework.security.intercept.method.MethodSecurityMetadataSource;
+import org.springframework.security.access.intercept.method.MethodSecurityMetadataSource;
 import org.springframework.util.Assert;
 
 /**