SEC-1013: Refactored out use of ConfigAttributeDefinition from remaining interfaces

acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java

@@ -14,21 +14,19 @@
  */
 package org.springframework.security.afterinvocation;
 
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthorizationServiceException;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
 import org.springframework.security.acls.AclService;
 import org.springframework.security.acls.Permission;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import java.util.Collection;
-import java.util.Iterator;
-
 
 /**
  * <p>
@@ -75,7 +73,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
 
     //~ Methods ========================================================================================================
 
-    public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+    public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
             Object returnedObject) throws AccessDeniedException {
 
         if (returnedObject == null) {
@@ -86,7 +84,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
             return null;
         }
 
-        Iterator iter = config.getConfigAttributes().iterator();
+        Iterator iter = config.iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java

@@ -14,23 +14,20 @@
  */
 package org.springframework.security.afterinvocation;
 
-import org.springframework.security.AccessDeniedException;
-import org.springframework.security.SpringSecurityMessageSource;
-import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
-import org.springframework.security.acls.AclService;
-import org.springframework.security.acls.Permission;
+import java.util.Iterator;
+import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
-
-import java.util.Iterator;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.Authentication;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.SpringSecurityMessageSource;
+import org.springframework.security.acls.AclService;
+import org.springframework.security.acls.Permission;
 
 
 /**
@@ -74,10 +71,10 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
 
     //~ Methods ========================================================================================================
 
-    public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+    public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
             Object returnedObject) throws AccessDeniedException {
 
-        Iterator iter = config.getConfigAttributes().iterator();
+        Iterator iter = config.iterator();
 
         if (returnedObject == null) {
             // AclManager interface contract prohibits nulls
@@ -95,7 +92,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
             }
 
             return returnedObject;
-        }        
+        }
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

acl/src/main/java/org/springframework/security/vote/AclEntryVoter.java

@@ -17,11 +17,11 @@ package org.springframework.security.vote;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.util.Iterator;
+import java.util.List;
 
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthorizationServiceException;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.acls.Acl;
 import org.springframework.security.acls.AclService;
 import org.springframework.security.acls.NotFoundException;
@@ -150,11 +150,9 @@ public class AclEntryVoter extends AbstractAclVoter {
         }
     }
 
-    public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
-        Iterator iter = config.getConfigAttributes().iterator();
+    public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
 
-        while (iter.hasNext()) {
-            ConfigAttribute attr = (ConfigAttribute) iter.next();
+        for(ConfigAttribute attr : attributes) {
 
             if (!this.supports(attr)) {
                 continue;

core/src/main/java/org/springframework/security/AccessDecisionManager.java

@@ -15,6 +15,8 @@
 
 package org.springframework.security;
 
+import java.util.List;
+
 /**
  * Makes a final access control (authorization) decision.
  *
@@ -29,14 +31,14 @@ public interface AccessDecisionManager {
      *
      * @param authentication the caller invoking the method
      * @param object the secured object being called
-     * @param config the configuration attributes associated with the secured object being invoked
+     * @param configAttributes the configuration attributes associated with the secured object being invoked
      *
      * @throws AccessDeniedException if access is denied as the authentication does not hold a required authority or
      *         ACL privilege
      * @throws InsufficientAuthenticationException if access is denied as the authentication does not provide a
      *         sufficient level of trust
      */
-    void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
+    void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
         throws AccessDeniedException, InsufficientAuthenticationException;
 
     /**

core/src/main/java/org/springframework/security/AfterInvocationManager.java

@@ -15,6 +15,8 @@
 
 package org.springframework.security;
 
+import java.util.List;
+
 /**
  * Reviews the <code>Object</code> returned from a secure object invocation,
  * being able to modify the <code>Object</code> or throw an {@link
@@ -60,7 +62,7 @@ public interface AfterInvocationManager {
      *
      * @throws AccessDeniedException if access is denied
      */
-    Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+    Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
         Object returnedObject) throws AccessDeniedException;
 
     /**

core/src/main/java/org/springframework/security/ConfigAttribute.java

@@ -27,12 +27,9 @@ import java.io.Serializable;
  * patterns. These configuration attributes have special meaning to a {@link
  * RunAsManager}, {@link AccessDecisionManager} or
  * <code>AccessDecisionManager</code> delegate.
- * </p>
  *
- * <P>
- * Stored at runtime with other <code>ConfigAttribute</code>s for the same
- * secure object target within a {@link ConfigAttributeDefinition}.
- * </p>
+ * <p>
+ * Stored at runtime with other <code>ConfigAttribute</code>s for the same secure object target.
  *
  * @author Ben Alex
  * @version $Id$

core/src/main/java/org/springframework/security/ConfigAttributeEditor.java

@@ -20,7 +20,7 @@ import org.springframework.util.StringUtils;
 import java.beans.PropertyEditorSupport;
 
 /**
- * A property editor that can create a populated  {@link ConfigAttributeDefinition} from a comma separated list of
+ * A property editor that can create a populated  {@link List<ConfigAttribute>} from a comma separated list of
  * values.
  * <p>
  * Trims preceding and trailing spaces from presented command separated tokens, as this can be a source

core/src/main/java/org/springframework/security/RunAsManager.java

@@ -15,6 +15,8 @@
 
 package org.springframework.security;
 
+import java.util.List;
+
 /**
  * Creates a new temporary {@link Authentication} object for the current secure
  * object invocation only.
@@ -71,7 +73,7 @@ public interface RunAsManager {
      * @return a replacement object to be used for duration of the secure object invocation, or <code>null</code> if
      *         the <code>Authentication</code> should be left as is
      */
-    Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config);
+    Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config);
 
     /**
      * Indicates whether this <code>RunAsManager</code> is able to process the passed

core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProvider.java

@@ -15,10 +15,11 @@
 
 package org.springframework.security.afterinvocation;
 
+import java.util.List;
+
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 
 
 /**
@@ -30,7 +31,7 @@ import org.springframework.security.ConfigAttributeDefinition;
 public interface AfterInvocationProvider {
     //~ Methods ========================================================================================================
 
-    Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+    Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
         Object returnedObject) throws AccessDeniedException;
 
     /**

core/src/main/java/org/springframework/security/afterinvocation/AfterInvocationProviderManager.java

@@ -19,8 +19,6 @@ import org.springframework.security.AccessDeniedException;
 import org.springframework.security.AfterInvocationManager;
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -35,7 +33,7 @@ import java.util.List;
  * Provider-based implementation of {@link AfterInvocationManager}.<p>Handles configuration of a bean context
  * defined list of  {@link AfterInvocationProvider}s.</p>
  *  <p>Every <code>AfterInvocationProvider</code> will be polled when the {@link #decide(Authentication, Object,
- * ConfigAttributeDefinition, Object)} method is called. The <code>Object</code> returned from each provider will be
+ * List<ConfigAttribute>, Object)} method is called. The <code>Object</code> returned from each provider will be
  * presented to the successive provider for processing. This means each provider <b>must</b> ensure they return the
  * <code>Object</code>, even if they are not interested in the "after invocation" decision (perhaps as the secure
  * object invocation did not include a configuration attribute a given provider is configured to respond to).</p>
@@ -64,7 +62,7 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
         }
     }
 
-    public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+    public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
         Object returnedObject) throws AccessDeniedException {
         Iterator iter = this.providers.iterator();
 

core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java

@@ -14,27 +14,23 @@
  */
 package org.springframework.security.afterinvocation;
 
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthorizationServiceException;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
 import org.springframework.security.acl.AclEntry;
 import org.springframework.security.acl.AclManager;
 import org.springframework.security.acl.basic.BasicAclEntry;
 import org.springframework.security.acl.basic.SimpleAclEntry;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.springframework.beans.factory.InitializingBean;
-
 import org.springframework.util.Assert;
 
-import java.util.Collection;
-import java.util.Iterator;
-
 
 /**
  * <p>Given a <code>Collection</code> of domain object instances returned from a secure object invocation, remove
@@ -91,9 +87,9 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider implements
         }
     }
 
-    public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+    public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
         Object returnedObject) throws AccessDeniedException {
-        Iterator iter = config.getConfigAttributes().iterator();
+        Iterator iter = config.iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProvider.java

@@ -15,31 +15,26 @@
 
 package org.springframework.security.afterinvocation;
 
-import org.springframework.security.AccessDeniedException;
-import org.springframework.security.SpringSecurityMessageSource;
-import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
-import org.springframework.security.acl.AclEntry;
-import org.springframework.security.acl.AclManager;
-import org.springframework.security.acl.basic.BasicAclEntry;
-import org.springframework.security.acl.basic.SimpleAclEntry;
+import java.util.Iterator;
+import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
 import org.springframework.beans.factory.InitializingBean;
-
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.i18n.LocaleContextHolder;
 import org.springframework.context.support.MessageSourceAccessor;
-
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.Authentication;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.SpringSecurityMessageSource;
+import org.springframework.security.acl.AclEntry;
+import org.springframework.security.acl.AclManager;
+import org.springframework.security.acl.basic.BasicAclEntry;
+import org.springframework.security.acl.basic.SimpleAclEntry;
 import org.springframework.util.Assert;
 
-import java.util.Iterator;
-
 /**
  * <p>Given a domain object instance returned from a secure object invocation, ensures the principal has
  * appropriate permission as defined by the {@link AclManager}.</p>
@@ -61,7 +56,7 @@ import java.util.Iterator;
  *  <p>If the provided <code>returnObject</code> is <code>null</code>, permission will always be granted and
  * <code>null</code> will be returned.</p>
  *  <p>All comparisons and prefixes are case sensitive.</p>
- *  
+ *
  *  @deprecated Use new spring-security-acl module instead
  */
 public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProvider, InitializingBean,
@@ -90,9 +85,9 @@ public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProv
         }
     }
 
-    public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+    public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
         Object returnedObject) throws AccessDeniedException {
-        Iterator iter = config.getConfigAttributes().iterator();
+        Iterator iter = config.iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/annotation/Jsr250MethodDefinitionSource.java

@@ -27,7 +27,6 @@ import javax.annotation.security.RolesAllowed;
 
 import org.springframework.core.annotation.AnnotationUtils;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.intercept.method.AbstractFallbackMethodDefinitionSource;
 
 
@@ -48,7 +47,7 @@ public class Jsr250MethodDefinitionSource extends AbstractFallbackMethodDefiniti
         return processAnnotations(AnnotationUtils.getAnnotations(method));
     }
 
-    public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
+    public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
         return null;
     }
 

core/src/main/java/org/springframework/security/annotation/Jsr250Voter.java

@@ -2,11 +2,11 @@ package org.springframework.security.annotation;
 
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.Authentication;
 import org.springframework.security.vote.AccessDecisionVoter;
 
 import java.util.Iterator;
+import java.util.List;
 
 /**
  * Voter on JSR-250 configuration attributes.
@@ -44,9 +44,9 @@ public class Jsr250Voter implements AccessDecisionVoter {
      * @param definition     The configuration definition.
      * @return The vote.
      */
-    public int vote(Authentication authentication, Object object, ConfigAttributeDefinition definition) {
+    public int vote(Authentication authentication, Object object, List<ConfigAttribute> definition) {
         int result = ACCESS_ABSTAIN;
-        Iterator iter = definition.getConfigAttributes().iterator();
+        Iterator iter = definition.iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/annotation/SecuredMethodDefinitionSource.java

@@ -43,7 +43,7 @@ public class SecuredMethodDefinitionSource extends AbstractFallbackMethodDefinit
         return processAnnotation(AnnotationUtils.findAnnotation(method, Secured.class));
     }
 
-    public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
+    public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
         return null;
     }
 

core/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java

@@ -17,7 +17,6 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.core.OrderComparator;
 import org.springframework.core.Ordered;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.config.ConfigUtils.FilterChainList;
 import org.springframework.security.context.HttpSessionContextIntegrationFilter;
 import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
@@ -160,8 +159,6 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
                 return;
             }
 
-            ConfigAttributeDefinition cad = new ConfigAttributeDefinition(fids.lookupAttributes(loginPage, "POST"));
-
             if (!beanFactory.containsBean(BeanIds.ANONYMOUS_PROCESSING_FILTER)) {
                 logger.warn("The login page is being protected by the filter chain, but you don't appear to have" +
                         " anonymous authentication enabled. This is almost certainly an error.");
@@ -174,7 +171,7 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
                     new AnonymousAuthenticationToken("key", anonPF.getUserAttribute().getPassword(),
                             anonPF.getUserAttribute().getAuthorities());
             try {
-                fsi.getAccessDecisionManager().decide(token, new Object(), cad);
+                fsi.getAccessDecisionManager().decide(token, new Object(), fids.lookupAttributes(loginPage, "POST"));
             } catch (Exception e) {
                 logger.warn("Anonymous access to the login page doesn't appear to be enabled. This is almost certainly " +
                         "an error. Please check your configuration allows unauthenticated access to the configured " +

core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java

@@ -12,13 +12,11 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.BeanDefinitionRegistry;
-import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.support.ManagedList;
+import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.ConfigAttributeEditor;
-import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
 import org.springframework.security.context.HttpSessionContextIntegrationFilter;
 import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
 import org.springframework.security.intercept.web.FilterSecurityInterceptor;
@@ -26,17 +24,18 @@ import org.springframework.security.intercept.web.RequestKey;
 import org.springframework.security.securechannel.ChannelDecisionManagerImpl;
 import org.springframework.security.securechannel.ChannelProcessingFilter;
 import org.springframework.security.securechannel.InsecureChannelProcessor;
-import org.springframework.security.securechannel.SecureChannelProcessor;
 import org.springframework.security.securechannel.RetryWithHttpEntryPoint;
 import org.springframework.security.securechannel.RetryWithHttpsEntryPoint;
+import org.springframework.security.securechannel.SecureChannelProcessor;
 import org.springframework.security.ui.AccessDeniedHandlerImpl;
 import org.springframework.security.ui.ExceptionTranslationFilter;
 import org.springframework.security.ui.SessionFixationProtectionFilter;
 import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
+import org.springframework.security.util.AntUrlPathMatcher;
 import org.springframework.security.util.FilterChainProxy;
 import org.springframework.security.util.RegexUrlPathMatcher;
-import org.springframework.security.util.AntUrlPathMatcher;
 import org.springframework.security.util.UrlMatcher;
+import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
@@ -603,7 +602,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
             String access = urlElt.getAttribute(ATT_ACCESS_CONFIG);
 
-            // Convert the comma-separated list of access attributes to a ConfigAttributeDefinition
+            // Convert the comma-separated list of access attributes to a List<ConfigAttribute>
             if (StringUtils.hasText(access)) {
                 editor.setAsText(access);
                 Object key = new RequestKey(path, method);

core/src/main/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEvent.java

@@ -15,8 +15,10 @@
 
 package org.springframework.security.event.authorization;
 
+import java.util.List;
+
 import org.springframework.security.AuthenticationCredentialsNotFoundException;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
 
 
 /**
@@ -30,36 +32,34 @@ public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizatio
     //~ Instance fields ================================================================================================
 
     private AuthenticationCredentialsNotFoundException credentialsNotFoundException;
-    private ConfigAttributeDefinition configAttributeDefinition;
+    private List<ConfigAttribute> configAttribs;
 
     //~ Constructors ===================================================================================================
 
-/**
+    /**
      * Construct the event.
      *
      * @param secureObject the secure object
      * @param configAttribs that apply to the secure object
-     * @param credentialsNotFoundException exception returned to the caller
-     *        (contains reason)
+     * @param credentialsNotFoundException exception returned to the caller (contains reason)
      *
-     * @throws IllegalArgumentException DOCUMENT ME!
      */
-    public AuthenticationCredentialsNotFoundEvent(Object secureObject, ConfigAttributeDefinition configAttribs,
-        AuthenticationCredentialsNotFoundException credentialsNotFoundException) {
+    public AuthenticationCredentialsNotFoundEvent(Object secureObject, List<ConfigAttribute> configAttribs,
+            AuthenticationCredentialsNotFoundException credentialsNotFoundException) {
         super(secureObject);
 
         if ((configAttribs == null) || (credentialsNotFoundException == null)) {
             throw new IllegalArgumentException("All parameters are required and cannot be null");
         }
 
-        this.configAttributeDefinition = configAttribs;
+        this.configAttribs = configAttribs;
         this.credentialsNotFoundException = credentialsNotFoundException;
     }
 
     //~ Methods ========================================================================================================
 
-    public ConfigAttributeDefinition getConfigAttributeDefinition() {
-        return configAttributeDefinition;
+    public List<ConfigAttribute> getConfigAttributes() {
+        return configAttribs;
     }
 
     public AuthenticationCredentialsNotFoundException getCredentialsNotFoundException() {

core/src/main/java/org/springframework/security/event/authorization/AuthorizationFailureEvent.java

@@ -15,9 +15,11 @@
 
 package org.springframework.security.event.authorization;
 
+import java.util.List;
+
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
 
 
 /**
@@ -36,7 +38,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
 
     private AccessDeniedException accessDeniedException;
     private Authentication authentication;
-    private ConfigAttributeDefinition configAttributeDefinition;
+    private List<ConfigAttribute> configAttributeDefinition;
 
     //~ Constructors ===================================================================================================
 
@@ -51,7 +53,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
      *
      * @throws IllegalArgumentException if any null arguments are presented.
      */
-    public AuthorizationFailureEvent(Object secureObject, ConfigAttributeDefinition configAttribs,
+    public AuthorizationFailureEvent(Object secureObject, List<ConfigAttribute> configAttribs,
         Authentication authentication, AccessDeniedException accessDeniedException) {
         super(secureObject);
 
@@ -74,7 +76,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
         return authentication;
     }
 
-    public ConfigAttributeDefinition getConfigAttributeDefinition() {
+    public List<ConfigAttribute> getConfigAttributes() {
         return configAttributeDefinition;
     }
 }

core/src/main/java/org/springframework/security/event/authorization/AuthorizedEvent.java

@@ -15,8 +15,10 @@
 
 package org.springframework.security.event.authorization;
 
+import java.util.List;
+
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
 
 
 /**
@@ -30,20 +32,19 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
     //~ Instance fields ================================================================================================
 
     private Authentication authentication;
-    private ConfigAttributeDefinition configAttributeDefinition;
+    private List<ConfigAttribute> configAttributeDefinition;
 
     //~ Constructors ===================================================================================================
 
-/**
+    /**
      * Construct the event.
      *
      * @param secureObject the secure object
      * @param configAttribs that apply to the secure object
      * @param authentication that successfully called the secure object
      *
-     * @throws IllegalArgumentException DOCUMENT ME!
      */
-    public AuthorizedEvent(Object secureObject, ConfigAttributeDefinition configAttribs, Authentication authentication) {
+    public AuthorizedEvent(Object secureObject, List<ConfigAttribute> configAttribs, Authentication authentication) {
         super(secureObject);
 
         if ((configAttribs == null) || (authentication == null)) {
@@ -60,7 +61,7 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
         return authentication;
     }
 
-    public ConfigAttributeDefinition getConfigAttributeDefinition() {
+    public List<ConfigAttribute> getConfigAttributes() {
         return configAttributeDefinition;
     }
 }

core/src/main/java/org/springframework/security/event/authorization/LoggerListener.java

@@ -46,7 +46,7 @@ public class LoggerListener implements ApplicationListener {
             if (logger.isWarnEnabled()) {
                 logger.warn("Security interception failed due to: " + authEvent.getCredentialsNotFoundException()
                     + "; secure object: " + authEvent.getSource() + "; configuration attributes: "
-                    + authEvent.getConfigAttributeDefinition());
+                    + authEvent.getConfigAttributes());
             }
         }
 
@@ -57,7 +57,7 @@ public class LoggerListener implements ApplicationListener {
                 logger.warn("Security authorization failed due to: " + authEvent.getAccessDeniedException()
                     + "; authenticated principal: " + authEvent.getAuthentication()
                     + "; secure object: " + authEvent.getSource()
-                    + "; configuration attributes: " + authEvent.getConfigAttributeDefinition());
+                    + "; configuration attributes: " + authEvent.getConfigAttributes());
             }
         }
 
@@ -67,7 +67,7 @@ public class LoggerListener implements ApplicationListener {
             if (logger.isInfoEnabled()) {
                 logger.info("Security authorized for authenticated principal: " + authEvent.getAuthentication()
                     + "; secure object: " + authEvent.getSource() + "; configuration attributes: "
-                    + authEvent.getConfigAttributeDefinition());
+                    + authEvent.getConfigAttributes());
             }
         }
 

core/src/main/java/org/springframework/security/event/authorization/PublicInvocationEvent.java

@@ -17,7 +17,7 @@ package org.springframework.security.event.authorization;
 
 /**
  * Event that is generated whenever a public secure object is invoked.<p>A public secure object is a secure object
- * that has no <code>ConfigAttributeDefinition</code> defined. A public secure object will not cause the
+ * that has no <code>ConfigAttribute</code>s defined. A public secure object will not cause the
  * <code>SecurityContextHolder</code> to be inspected or authenticated, and no authorization will take place.</p>
  *  <p>Published just before the secure object attempts to proceed.</p>
  *

core/src/main/java/org/springframework/security/expression/SecurityExpressionRoot.java

@@ -7,6 +7,12 @@ import org.springframework.security.AuthenticationTrustResolver;
 import org.springframework.security.AuthenticationTrustResolverImpl;
 import org.springframework.security.util.AuthorityUtils;
 
+/**
+ * Default root object for use in Spring Security expression evaluations.
+ *
+ * @author Luke Taylor
+ *
+ */
 public class SecurityExpressionRoot {
     private Authentication authentication;
     private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
@@ -21,6 +27,9 @@ public class SecurityExpressionRoot {
 
 
     public SecurityExpressionRoot(Authentication a) {
+        if (a == null) {
+            throw new IllegalArgumentException("Authentication object cannot be null");
+        }
         this.authentication = a;
     }
 
@@ -56,14 +65,14 @@ public class SecurityExpressionRoot {
         return trustResolver.isRememberMe(authentication);
     }
 
-    public Authentication getAuthentication() {
-        return authentication;
-    }
-
     public final boolean isFullyAuthenticated() {
         return !trustResolver.isAnonymous(authentication) && !trustResolver.isRememberMe(authentication);
     }
 
+    public Authentication getAuthentication() {
+        return authentication;
+    }
+
     public void setFilterObject(Object filterObject) {
         this.filterObject = filterObject;
     }

core/src/main/java/org/springframework/security/expression/support/ExpressionAnnotationMethodDefinitionSource.java

@@ -37,6 +37,10 @@ import org.springframework.util.ClassUtils;
 public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDefinitionSource {
 
     public List<ConfigAttribute> getAttributes(Method method, Class targetClass) {
+        if (method.getDeclaringClass() == Object.class) {
+            return null;
+        }
+
         logger.debug("Looking for expression annotations for method '" +
                 method.getName() + "' on target class '" + targetClass + "'");
         PreFilter preFilter = findAnnotation(method, targetClass, PreFilter.class);
@@ -101,7 +105,7 @@ public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDe
         return null;
     }
 
-    public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
+    public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
         return null;
     }
 

core/src/main/java/org/springframework/security/expression/support/MethodExpressionAfterInvocationProvider.java

@@ -1,6 +1,7 @@
 package org.springframework.security.expression.support;
 
 import java.lang.reflect.Method;
+import java.util.List;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
@@ -13,7 +14,6 @@ import org.springframework.expression.spel.standard.StandardEvaluationContext;
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.afterinvocation.AfterInvocationProvider;
 import org.springframework.security.expression.ExpressionUtils;
 import org.springframework.security.expression.SecurityExpressionRoot;
@@ -32,7 +32,7 @@ public class MethodExpressionAfterInvocationProvider implements AfterInvocationP
 
     private ParameterNameDiscoverer parameterNameDiscoverer = new LocalVariableTableParameterNameDiscoverer();
 
-    public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
+    public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config, Object returnedObject)
             throws AccessDeniedException {
 
         PostInvocationExpressionConfigAttribute mca = findMethodAccessControlExpression(config);
@@ -86,9 +86,9 @@ public class MethodExpressionAfterInvocationProvider implements AfterInvocationP
         }
     }
 
-    private PostInvocationExpressionConfigAttribute findMethodAccessControlExpression(ConfigAttributeDefinition config) {
+    private PostInvocationExpressionConfigAttribute findMethodAccessControlExpression(List<ConfigAttribute> config) {
         // Find the MethodAccessControlExpression attribute
-        for (ConfigAttribute attribute : config.getConfigAttributes()) {
+        for (ConfigAttribute attribute : config) {
             if (attribute instanceof PostInvocationExpressionConfigAttribute) {
                 return (PostInvocationExpressionConfigAttribute)attribute;
             }

core/src/main/java/org/springframework/security/expression/support/MethodExpressionVoter.java

@@ -1,6 +1,7 @@
 package org.springframework.security.expression.support;
 
 import java.lang.reflect.Method;
+import java.util.List;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
@@ -12,7 +13,6 @@ import org.springframework.expression.Expression;
 import org.springframework.expression.spel.standard.StandardEvaluationContext;
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.expression.ExpressionUtils;
 import org.springframework.security.expression.SecurityExpressionRoot;
 import org.springframework.security.vote.AccessDecisionVoter;
@@ -43,8 +43,8 @@ public class MethodExpressionVoter implements AccessDecisionVoter {
         return clazz.isAssignableFrom(MethodInvocation.class);
     }
 
-    public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
-        PreInvocationExpressionConfigAttribute mace = findMethodAccessControlExpression(config);
+    public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
+        PreInvocationExpressionConfigAttribute mace = findMethodAccessControlExpression(attributes);
 
         if (mace == null) {
             // No expression based metadata, so abstain
@@ -102,9 +102,9 @@ public class MethodExpressionVoter implements AccessDecisionVoter {
         return filterTarget;
     }
 
-    private PreInvocationExpressionConfigAttribute findMethodAccessControlExpression(ConfigAttributeDefinition config) {
+    private PreInvocationExpressionConfigAttribute findMethodAccessControlExpression(List<ConfigAttribute> config) {
         // Find the MethodAccessControlExpression attribute
-        for (ConfigAttribute attribute : config.getConfigAttributes()) {
+        for (ConfigAttribute attribute : config) {
             if (attribute instanceof PreInvocationExpressionConfigAttribute) {
                 return (PreInvocationExpressionConfigAttribute)attribute;
             }

core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java

@@ -15,46 +15,37 @@
 
 package org.springframework.security.intercept;
 
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.ApplicationEvent;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.context.ApplicationEventPublisherAware;
+import org.springframework.context.MessageSource;
+import org.springframework.context.MessageSourceAware;
+import org.springframework.context.support.MessageSourceAccessor;
 import org.springframework.security.AccessDecisionManager;
 import org.springframework.security.AccessDeniedException;
-import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.AfterInvocationManager;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.AuthenticationManager;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.RunAsManager;
-
+import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.context.SecurityContextHolder;
-
 import org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent;
 import org.springframework.security.event.authorization.AuthorizationFailureEvent;
 import org.springframework.security.event.authorization.AuthorizedEvent;
 import org.springframework.security.event.authorization.PublicInvocationEvent;
-
 import org.springframework.security.runas.NullRunAsManager;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.springframework.beans.factory.InitializingBean;
-
-import org.springframework.context.ApplicationEvent;
-import org.springframework.context.ApplicationEventPublisher;
-import org.springframework.context.ApplicationEventPublisherAware;
-import org.springframework.context.MessageSource;
-import org.springframework.context.MessageSourceAware;
-import org.springframework.context.support.MessageSourceAccessor;
-
 import org.springframework.util.Assert;
 
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-import java.util.Collection;
-
 /**
  * Abstract class that implements security interception for secure objects.
  * <p>
@@ -64,8 +55,8 @@ import java.util.Collection;
  * <li>Obtain the {@link Authentication} object from the {@link SecurityContextHolder}.</li>
  * <li>Determine if the request relates to a secured or public invocation by looking up the secure object request
  * against the {@link ObjectDefinitionSource}.</li>
- * <li>For an invocation that is secured (there is a
- * <code>ConfigAttributeDefinition</code> for the secure object invocation):
+ * <li>For an invocation that is secured (there is a list of <code>ConfigAttribute</code>s for the secure
+ * object invocation):
  * <ol type="a">
  * <li>If either the {@link org.springframework.security.Authentication#isAuthenticated()}
  * returns <code>false</code>, or the {@link #alwaysReauthenticate} is
@@ -88,7 +79,7 @@ import java.util.Collection;
  * the caller.</li>
  * </ol>
  * </li>
- * <li>For an invocation that is public (there is no <code>ConfigAttributeDefinition</code> for the secure object
+ * <li>For an invocation that is public (there are no <code>ConfigAttribute</code>s for the secure object
  * invocation):
  * <ol type="a">
  * <li>As described above, the concrete subclass will be returned an <code>InterceptorStatusToken</code> which is
@@ -125,46 +116,6 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
 
     //~ Methods ========================================================================================================
 
-    /**
-     * Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure object invocation has been
-     * completed.
-     *
-     * @param token as returned by the {@link #beforeInvocation(Object)}} method
-     * @param returnedObject any object returned from the secure object invocation (may be <tt>null</tt>)
-     * @return the object the secure object invocation should ultimately return to its caller (may be <tt>null</tt>)
-     */
-    protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
-        if (token == null) {
-            // public object
-            return returnedObject;
-        }
-
-        if (token.isContextHolderRefreshRequired()) {
-            if (logger.isDebugEnabled()) {
-                logger.debug("Reverting to original Authentication: " + token.getAuthentication().toString());
-            }
-
-            SecurityContextHolder.getContext().setAuthentication(token.getAuthentication());
-        }
-
-        if (afterInvocationManager != null) {
-            // Attempt after invocation handling
-            try {
-                returnedObject = afterInvocationManager.decide(token.getAuthentication(), token.getSecureObject(),
-                        token.getAttr(), returnedObject);
-            }
-            catch (AccessDeniedException accessDeniedException) {
-                AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token
-                        .getAttr(), token.getAuthentication(), accessDeniedException);
-                publishEvent(event);
-
-                throw accessDeniedException;
-            }
-        }
-
-        return returnedObject;
-    }
-
     public void afterPropertiesSet() throws Exception {
         Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
         Assert.notNull(this.messages, "A message source must be set");
@@ -185,11 +136,11 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
         }
 
         if (this.validateConfigAttributes) {
-            Collection<List<? extends ConfigAttribute>> attributeDefs = this.obtainObjectDefinitionSource().getConfigAttributeDefinitions();
+            Collection<List<? extends ConfigAttribute>> attributeDefs = this.obtainObjectDefinitionSource().getAllConfigAttributes();
 
             if (attributeDefs == null) {
                 logger.warn("Could not validate configuration attributes as the ObjectDefinitionSource did not return "
-                        + "a ConfigAttributeDefinition collection");
+                        + "any attributes from getAllConfigAttributes()");
                 return;
             }
 
@@ -222,15 +173,9 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
                     + getSecureObjectClass());
         }
 
-        List<? extends ConfigAttribute> attributes = this.obtainObjectDefinitionSource().getAttributes(object);
-        ConfigAttributeDefinition attr = null;
-
-        // TODO: temporary until refactor security interceptor and AccessManager
-        if (attributes != null) {
-            attr = new ConfigAttributeDefinition(attributes);
-        }
+        List<ConfigAttribute> attributes = this.obtainObjectDefinitionSource().getAttributes(object);
 
-        if (attr == null) {
+        if (attributes == null) {
             if (rejectPublicInvocations) {
                 throw new IllegalArgumentException(
                         "No public invocations are allowed via this AbstractSecurityInterceptor. "
@@ -248,22 +193,22 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
         }
 
         if (logger.isDebugEnabled()) {
-            logger.debug("Secure object: " + object + "; ConfigAttributes: " + attr);
+            logger.debug("Secure object: " + object + "; Attributes: " + attributes);
         }
 
         if (SecurityContextHolder.getContext().getAuthentication() == null) {
             credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
-                    "An Authentication object was not found in the SecurityContext"), object, attr);
+                    "An Authentication object was not found in the SecurityContext"), object, attributes);
         }
 
         Authentication authenticated = authenticateIfRequired();
 
         // Attempt authorization
         try {
-            this.accessDecisionManager.decide(authenticated, object, attr);
+            this.accessDecisionManager.decide(authenticated, object, attributes);
         }
         catch (AccessDeniedException accessDeniedException) {
-            AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attr, authenticated,
+            AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attributes, authenticated,
                     accessDeniedException);
             publishEvent(event);
 
@@ -274,11 +219,11 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
             logger.debug("Authorization successful");
         }
 
-        AuthorizedEvent event = new AuthorizedEvent(object, attr, authenticated);
+        AuthorizedEvent event = new AuthorizedEvent(object, attributes, authenticated);
         publishEvent(event);
 
         // Attempt to run as a different user
-        Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attr);
+        Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attributes);
 
         if (runAs == null) {
             if (logger.isDebugEnabled()) {
@@ -286,7 +231,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
             }
 
             // no further work post-invocation
-            return new InterceptorStatusToken(authenticated, false, attr, object);
+            return new InterceptorStatusToken(authenticated, false, attributes, object);
         } else {
             if (logger.isDebugEnabled()) {
                 logger.debug("Switching to RunAs Authentication: " + runAs);
@@ -295,10 +240,51 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
             SecurityContextHolder.getContext().setAuthentication(runAs);
 
             // revert to token.Authenticated post-invocation
-            return new InterceptorStatusToken(authenticated, true, attr, object);
+            return new InterceptorStatusToken(authenticated, true, attributes, object);
+        }
+    }
+
+    /**
+     * Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure object invocation has been
+     * completed.
+     *
+     * @param token as returned by the {@link #beforeInvocation(Object)}} method
+     * @param returnedObject any object returned from the secure object invocation (may be <tt>null</tt>)
+     * @return the object the secure object invocation should ultimately return to its caller (may be <tt>null</tt>)
+     */
+    protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
+        if (token == null) {
+            // public object
+            return returnedObject;
         }
+
+        if (token.isContextHolderRefreshRequired()) {
+            if (logger.isDebugEnabled()) {
+                logger.debug("Reverting to original Authentication: " + token.getAuthentication().toString());
+            }
+
+            SecurityContextHolder.getContext().setAuthentication(token.getAuthentication());
+        }
+
+        if (afterInvocationManager != null) {
+            // Attempt after invocation handling
+            try {
+                returnedObject = afterInvocationManager.decide(token.getAuthentication(), token.getSecureObject(),
+                        token.getAttributes(), returnedObject);
+            }
+            catch (AccessDeniedException accessDeniedException) {
+                AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token
+                        .getAttributes(), token.getAuthentication(), accessDeniedException);
+                publishEvent(event);
+
+                throw accessDeniedException;
+            }
+        }
+
+        return returnedObject;
     }
 
+
     /**
      * Checks the current authentication token and passes it to the AuthenticationManager if
      * {@link org.springframework.security.Authentication#isAuthenticated()} returns false or the property
@@ -339,7 +325,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
      * @param secureObject  that was being called
      * @param configAttribs that were defined for the secureObject
      */
-    private void credentialsNotFound(String reason, Object secureObject, ConfigAttributeDefinition configAttribs) {
+    private void credentialsNotFound(String reason, Object secureObject, List<ConfigAttribute> configAttribs) {
         AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(reason);
 
         AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject,

core/src/main/java/org/springframework/security/intercept/InterceptorStatusToken.java

@@ -15,7 +15,10 @@
 
 package org.springframework.security.intercept;
 
+import java.util.List;
+
 import org.springframework.security.Authentication;
+import org.springframework.security.ConfigAttribute;
 import org.springframework.security.ConfigAttributeDefinition;
 
 
@@ -33,14 +36,14 @@ public class InterceptorStatusToken {
     //~ Instance fields ================================================================================================
 
     private Authentication authentication;
-    private ConfigAttributeDefinition attr;
+    private List<ConfigAttribute> attr;
     private Object secureObject;
     private boolean contextHolderRefreshRequired;
 
     //~ Constructors ===================================================================================================
 
     public InterceptorStatusToken(Authentication authentication, boolean contextHolderRefreshRequired,
-        ConfigAttributeDefinition attr, Object secureObject) {
+            List<ConfigAttribute> attr, Object secureObject) {
         this.authentication = authentication;
         this.contextHolderRefreshRequired = contextHolderRefreshRequired;
         this.attr = attr;
@@ -49,7 +52,7 @@ public class InterceptorStatusToken {
 
     //~ Methods ========================================================================================================
 
-    public ConfigAttributeDefinition getAttr() {
+    public List<ConfigAttribute> getAttributes() {
         return attr;
     }
 

core/src/main/java/org/springframework/security/intercept/ObjectDefinitionSource.java

@@ -15,16 +15,15 @@
 
 package org.springframework.security.intercept;
 
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
 import java.util.Collection;
 import java.util.List;
 
+import org.springframework.security.ConfigAttribute;
+
 
 /**
  * Implemented by classes that store and can identify the {@link
- * ConfigAttributeDefinition} that applies to a given secure object
+ * ConfigAttribute}s that applies to a given secure object
  * invocation.
  *
  * @author Ben Alex
@@ -34,7 +33,7 @@ public interface ObjectDefinitionSource {
     //~ Methods ========================================================================================================
 
     /**
-     * Accesses the <code>ConfigAttributeDefinition</code> that applies to a given secure object.
+     * Accesses the <code>ConfigAttribute</code>s that apply to a given secure object.
      * <p>Returns <code>null</code> if no attributes apply.
      *
      * @param object the object being secured
@@ -47,18 +46,18 @@ public interface ObjectDefinitionSource {
     List<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException;
 
     /**
-     * If available, returns all of the <code>ConfigAttributeDefinition</code>s defined by the implementing class.
+     * If available, returns all of the <code>ConfigAttribute</code>s defined by the implementing class.
      * <p>
      * This is used by the {@link AbstractSecurityInterceptor} to perform startup time validation of each
      * <code>ConfigAttribute</code> configured against it.
      *
-     * @return the <code>ConfigAttributeDefinition</code>s or <code>null</code> if unsupported
+     * @return the <code>ConfigAttribute</code>s or <code>null</code> if unsupported
      */
-    Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions();
+    Collection<List<? extends ConfigAttribute>> getAllConfigAttributes();
 
     /**
      * Indicates whether the <code>ObjectDefinitionSource</code> implementation is able to provide
-     * <code>ConfigAttributeDefinition</code>s for the indicated secure object type.
+     * <code>ConfigAttribute</code>s for the indicated secure object type.
      *
      * @param clazz the class that is being queried
      *

core/src/main/java/org/springframework/security/intercept/method/DelegatingMethodDefinitionSource.java

@@ -73,12 +73,12 @@ public final class DelegatingMethodDefinitionSource extends AbstractMethodDefini
         }
     }
 
-    public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
+    public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
         Set set = new HashSet();
         Iterator i = methodDefinitionSources.iterator();
         while (i.hasNext()) {
             MethodDefinitionSource s = (MethodDefinitionSource) i.next();
-            Collection<List<? extends ConfigAttribute>> attrs = s.getConfigAttributeDefinitions();
+            Collection<List<? extends ConfigAttribute>> attrs = s.getAllConfigAttributes();
             if (attrs != null) {
                 set.addAll(attrs);
             }

core/src/main/java/org/springframework/security/intercept/method/MapBasedMethodDefinitionSource.java

@@ -25,13 +25,12 @@ import java.util.Map;
 
 import org.springframework.beans.factory.BeanClassLoaderAware;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
 
 
 /**
- * Stores a {@link ConfigAttributeDefinition} for a method or class signature.
+ * Stores a list of <tt>ConfigAttribute</tt>s for a method or class signature.
  *
  * <p>
  * This class is the preferred implementation of {@link MethodDefinitionSource} for XML-based
@@ -48,7 +47,7 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
     //~ Instance fields ================================================================================================
     private ClassLoader beanClassLoader = ClassUtils.getDefaultClassLoader();
 
-    /** Map from RegisteredMethod to ConfigAttributeDefinition */
+    /** Map from RegisteredMethod to ConfigAttribute list */
     protected Map<RegisteredMethod, List<? extends ConfigAttribute>> methodMap = new HashMap();
 
     /** Map from RegisteredMethod to name pattern used for registration */
@@ -61,14 +60,11 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
 
     /**
      * Creates the MapBasedMethodDefinitionSource from a
-     * @param methodMap map of method names to <tt>ConfigAttributeDefinition</tt>s.
+     * @param methodMap map of method names to <tt>ConfigAttribute</tt>s.
      */
-    public MapBasedMethodDefinitionSource(Map methodMap) {
-        Iterator iterator = methodMap.entrySet().iterator();
-
-        while (iterator.hasNext()) {
-            Map.Entry entry = (Map.Entry) iterator.next();
-            addSecureMethod((String)entry.getKey(), (List<ConfigAttribute>)entry.getValue());
+    public MapBasedMethodDefinitionSource(Map<String, List<ConfigAttribute>> methodMap) {
+        for (Map.Entry<String, List<ConfigAttribute>> entry : methodMap.entrySet()) {
+            addSecureMethod(entry.getKey(), entry.getValue());
         }
     }
 
@@ -213,7 +209,7 @@ public class MapBasedMethodDefinitionSource extends AbstractFallbackMethodDefini
      *
      * @return the attributes explicitly defined against this bean
      */
-    public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
+    public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
         return methodMap.values();
     }
 

core/src/main/java/org/springframework/security/intercept/method/MethodInvocationPrivilegeEvaluator.java

@@ -17,27 +17,23 @@ package org.springframework.security.intercept.method;
 
 import java.util.List;
 
-import org.springframework.security.AccessDeniedException;
-import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
-import org.springframework.security.intercept.AbstractSecurityInterceptor;
-
 import org.aopalliance.intercept.MethodInvocation;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
 import org.springframework.beans.factory.InitializingBean;
-
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.Authentication;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.intercept.AbstractSecurityInterceptor;
 import org.springframework.util.Assert;
 
 
 /**
- * Allows users to determine whether they have "before invocation" privileges for a given method invocation.<p>Of
- * course, if an {@link org.springframework.security.AfterInvocationManager} is used to authorize the <em>result</em> of a method
- * invocation, this class cannot assist determine whether or not the <code>AfterInvocationManager</code> will enable
+ * Allows users to determine whether they have "before invocation" privileges for a given method invocation.
+ * <p>
+ * Of course, if an {@link org.springframework.security.AfterInvocationManager} is used to authorize the
+ * <em>result</em> of a method invocation, this class cannot assist determine whether or not the
+ * <code>AfterInvocationManager</code> will enable
  * access. Instead this class aims to allow applications to determine whether or not the current principal would be
  * allowed to at least attempt to invoke the method, irrespective of the "after" invocation handling.</p>
  *
@@ -63,7 +59,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
         Assert.notNull(mi, "MethodInvocation required");
         Assert.notNull(mi.getMethod(), "MethodInvocation must provide a non-null getMethod()");
 
-        List<? extends ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(mi);
+        List<ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(mi);
 
         if (attrs == null) {
             if (securityInterceptor.isRejectPublicInvocations()) {
@@ -79,7 +75,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
         }
 
         try {
-            securityInterceptor.getAccessDecisionManager().decide(authentication, mi, new ConfigAttributeDefinition(attrs));
+            securityInterceptor.getAccessDecisionManager().decide(authentication, mi, attrs);
         } catch (AccessDeniedException unauthorized) {
             if (logger.isDebugEnabled()) {
                 logger.debug(mi.toString() + " denied for " + authentication.toString(), unauthorized);

core/src/main/java/org/springframework/security/intercept/method/ProtectPointcutPostProcessor.java

@@ -16,7 +16,6 @@ import org.aspectj.weaver.tools.PointcutPrimitive;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
@@ -145,7 +144,7 @@ public final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 
     private void addPointcut(String pointcutExpression, List<ConfigAttribute> definition) {
         Assert.hasText(pointcutExpression, "An AspectJ pointcut expression is required");
-        Assert.notNull(definition, "ConfigAttributeDefinition required");
+        Assert.notNull(definition, "A List of ConfigAttributes is required");
         pointcutExpression = replaceBooleanOperators(pointcutExpression);
         pointcutMap.put(pointcutExpression, definition);
 

core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java

@@ -15,40 +15,37 @@
 
 package org.springframework.security.intercept.web;
 
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.util.UrlMatcher;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
+import java.util.Arrays;
 import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.LinkedHashMap;
-import java.util.Iterator;
-import java.util.HashMap;
 import java.util.Set;
-import java.util.HashSet;
-import java.util.Arrays;
-import java.util.Collections;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.util.UrlMatcher;
 
 
 /**
  * Default implementation of <tt>FilterInvocationDefinitionSource</tt>.
  * <p>
- * Stores an ordered map of compiled URL paths to <tt>ConfigAttributeDefinition</tt>s and provides URL matching
+ * Stores an ordered map of compiled URL paths to <tt>ConfigAttribute</tt> lists and provides URL matching
  * against the items stored in this map using the configured <tt>UrlMatcher</tt>.
  * <p>
  * The order of registering the regular expressions using the
- * {@link #addSecureUrl(String, ConfigAttributeDefinition)} is very important.
+ * {@link #addSecureUrl(String, List<ConfigAttribute>)} is very important.
  * The system will identify the <b>first</b>  matching regular
  * expression for a given HTTP URL. It will not proceed to evaluate later regular expressions if a match has already
  * been found. Accordingly, the most specific regular expressions should be registered first, with the most general
  * regular expressions registered last.
  * <p>
  * If URLs are registered for a particular HTTP method using
- * {@link #addSecureUrl(String, String, ConfigAttributeDefinition)}, then the method-specific matches will take
+ * {@link #addSecureUrl(String, String, List<ConfigAttribute>)}, then the method-specific matches will take
  * precedence over any URLs which are registered without an HTTP method.
  *
  * @author Ben Alex
@@ -62,7 +59,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
     protected final Log logger = LogFactory.getLog(getClass());
 
     /**
-     * Non method-specific map of URL patterns to <tt>ConfigAttributeDefinition</tt>s
+     * Non method-specific map of URL patterns to <tt>List<ConfiAttribute></tt>s
      * TODO: Store in the httpMethod map with null key.
      */
     private Map requestMap = new LinkedHashMap();
@@ -87,30 +84,30 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
      * the type of the supplied UrlMatcher.
      *
      * @param urlMatcher typically an ant or regular expression matcher.
-     * @param requestMap order-preserving map of <RequestKey, ConfigAttributeDefinition>.
+     * @param requestMap order-preserving map of request definitions to attribute lists
      */
     public DefaultFilterInvocationDefinitionSource(UrlMatcher urlMatcher,
-            LinkedHashMap<RequestKey, List<? extends ConfigAttribute>> requestMap) {
+            LinkedHashMap<RequestKey, List<ConfigAttribute>> requestMap) {
         this.urlMatcher = urlMatcher;
 
-        for (Map.Entry<RequestKey, List<? extends ConfigAttribute>> entry : requestMap.entrySet()) {
+        for (Map.Entry<RequestKey, List<ConfigAttribute>> entry : requestMap.entrySet()) {
             addSecureUrl(entry.getKey().getUrl(), entry.getKey().getMethod(), entry.getValue());
         }
     }
 
     //~ Methods ========================================================================================================
 
-    void addSecureUrl(String pattern, List<? extends ConfigAttribute> attr) {
+    void addSecureUrl(String pattern, List<ConfigAttribute> attr) {
         addSecureUrl(pattern, null, attr);
     }
 
     /**
-     * Adds a URL-ConfigAttributeDefinition pair to the request map, first allowing the <tt>UrlMatcher</tt> to
+     * Adds a URL,attribute-list pair to the request map, first allowing the <tt>UrlMatcher</tt> to
      * process the pattern if required, using its <tt>compile</tt> method. The returned object will be used as the key
      * to the request map and will be passed back to the <tt>UrlMatcher</tt> when iterating through the map to find
      * a match for a particular URL.
      */
-    void addSecureUrl(String pattern, String method, List<? extends ConfigAttribute> attr) {
+    void addSecureUrl(String pattern, String method, List<ConfigAttribute> attr) {
         Map mapToUse = getRequestMapForHttpMethod(method);
 
         mapToUse.put(urlMatcher.compile(pattern), attr);
@@ -124,7 +121,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
     /**
      * Return the HTTP method specific request map, creating it if it doesn't already exist.
      * @param method GET, POST etc
-     * @return map of URL patterns to <tt>ConfigAttributeDefinition</tt>s for this method.
+     * @return map of URL patterns to <tt>ConfigAttribute</tt>s for this method.
      */
     private Map getRequestMapForHttpMethod(String method) {
         if (method == null) {
@@ -144,7 +141,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
         return methodRequestmap;
     }
 
-    public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
+    public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
         return Collections.unmodifiableCollection(getRequestMap().values());
     }
 
@@ -175,7 +172,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
      * @param url the URI to retrieve configuration attributes for
      * @param method the HTTP method (GET, POST, DELETE...).
      *
-     * @return the <code>ConfigAttributeDefinition</code> that applies to the specified <code>FilterInvocation</code>
+     * @return the <code>ConfigAttribute</code>s that apply to the specified <code>FilterInvocation</code>
      * or null if no match is foud
      */
     public List<ConfigAttribute> lookupAttributes(String url, String method) {

core/src/main/java/org/springframework/security/intercept/web/FIDSToFilterChainMapConverter.java

@@ -28,8 +28,8 @@ public class FIDSToFilterChainMapConverter {
 
     public FIDSToFilterChainMapConverter(DefaultFilterInvocationDefinitionSource fids, ApplicationContext appContext) {
         // TODO: Check if this is necessary. Retained from refactoring of FilterChainProxy
-        Assert.notNull(fids.getConfigAttributeDefinitions(), "FilterChainProxy requires the " +
-                "FilterInvocationDefinitionSource to return a non-null response to getConfigAttributeDefinitions()");
+        Assert.notNull(fids.getAllConfigAttributes(), "FilterChainProxy requires the " +
+                "FilterInvocationDefinitionSource to return a non-null response to getAllConfigAttributes()");
         matcher = fids.getUrlMatcher();
         Map requestMap = fids.getRequestMap();
         Iterator paths = requestMap.keySet().iterator();

core/src/main/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluator.java

@@ -17,18 +17,13 @@ package org.springframework.security.intercept.web;
 
 import java.util.List;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
 import org.springframework.security.intercept.AbstractSecurityInterceptor;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.springframework.beans.factory.InitializingBean;
-
 import org.springframework.util.Assert;
 
 
@@ -56,7 +51,7 @@ public class WebInvocationPrivilegeEvaluator implements InitializingBean {
     public boolean isAllowed(FilterInvocation fi, Authentication authentication) {
         Assert.notNull(fi, "FilterInvocation required");
 
-        List<? extends ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(fi);
+        List<ConfigAttribute> attrs = securityInterceptor.obtainObjectDefinitionSource().getAttributes(fi);
 
         if (attrs == null) {
             if (securityInterceptor.isRejectPublicInvocations()) {
@@ -72,7 +67,7 @@ public class WebInvocationPrivilegeEvaluator implements InitializingBean {
         }
 
         try {
-            securityInterceptor.getAccessDecisionManager().decide(authentication, fi, new ConfigAttributeDefinition(attrs));
+            securityInterceptor.getAccessDecisionManager().decide(authentication, fi, attrs);
         } catch (AccessDeniedException unauthorized) {
             if (logger.isDebugEnabled()) {
                 logger.debug(fi.toString() + " denied for " + authentication.toString(), unauthorized);

core/src/main/java/org/springframework/security/providers/UsernamePasswordAuthenticationToken.java

@@ -21,9 +21,10 @@ import org.springframework.security.GrantedAuthority;
 /**
  * An {@link org.springframework.security.Authentication} implementation that is designed for simple presentation of a
  * username and password.
- * <p>The <code>principal</code> and <code>credentials</code> should be set with an <code>Object</code> that provides
+ * <p>
+ * The <code>principal</code> and <code>credentials</code> should be set with an <code>Object</code> that provides
  * the respective property via its <code>Object.toString()</code> method. The simplest such <code>Object</code> to use
- * is <code>String</code>.</p>
+ * is <code>String</code>.
  *
  * @author Ben Alex
  * @version $Id$
@@ -52,7 +53,7 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
 
     /**
      * This constructor should only be used by <code>AuthenticationManager</code> or <code>AuthenticationProvider</code>
-     * implementations that are satisfied with producing a trusted (ie {@link #isAuthenticated()} = <code>true</code>)
+     * implementations that are satisfied with producing a trusted (i.e. {@link #isAuthenticated()} = <code>true</code>)
      * authentication token.
      *
      * @param principal

core/src/main/java/org/springframework/security/runas/NullRunAsManager.java

@@ -15,15 +15,17 @@
 
 package org.springframework.security.runas;
 
+import java.util.List;
+
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.RunAsManager;
 
 
 /**
- * Implementation of a {@link RunAsManager} that does nothing.<p>This class should be used if you do not require
- * run-as authenticaiton replacement functionality.</p>
+ * Implementation of a {@link RunAsManager} that does nothing.
+ * <p>
+ * This class should be used if you do not require run-as authentication replacement functionality.
  *
  * @author Ben Alex
  * @version $Id$
@@ -31,7 +33,7 @@ import org.springframework.security.RunAsManager;
 public class NullRunAsManager implements RunAsManager {
     //~ Methods ========================================================================================================
 
-    public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+    public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
         return null;
     }
 

core/src/main/java/org/springframework/security/runas/RunAsManagerImpl.java

@@ -15,21 +15,17 @@
 
 package org.springframework.security.runas;
 
+import java.util.List;
+import java.util.Vector;
+
+import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.RunAsManager;
-
-import org.springframework.beans.factory.InitializingBean;
-
 import org.springframework.util.Assert;
 
-import java.util.Iterator;
-import java.util.List;
-import java.util.Vector;
-
 
 /**
  * Basic concrete implementation of a {@link RunAsManager}.<p>Is activated if any {@link
@@ -39,14 +35,15 @@ import java.util.Vector;
  * created <code>GrantedAuthorityImpl</code>s will be prefixed with a special prefix indicating that it is a role
  * (default prefix value is <code>ROLE_</code>), and then the remainder of the <code>RUN_AS_</code> keyword. For
  * example, <code>RUN_AS_FOO</code> will result in the creation of a granted authority of
- * <code>ROLE_RUN_AS_FOO</code>.</p>
- *  <p>The role prefix may be overriden from the default, to match that used elsewhere, for example when using an
+ * <code>ROLE_RUN_AS_FOO</code>.
+ * <p>
+ * The role prefix may be overriden from the default, to match that used elsewhere, for example when using an
  * existing role database with another prefix. An empty role prefix may also be specified. Note however that there are
  * potential issues with using an empty role prefix since different categories of  {@link
  * org.springframework.security.ConfigAttribute} can not be properly discerned based on the prefix, with possible consequences
  * when performing voting and other actions. However, this option may be of some use when using preexisting role names
  * without a prefix, and no ability exists to prefix them with a role prefix on reading them in, such as provided for
- * example in  {@link org.springframework.security.userdetails.jdbc.JdbcDaoImpl}.</p>
+ * example in  {@link org.springframework.security.userdetails.jdbc.JdbcDaoImpl}.
  *
  * @author Ben Alex
  * @author colin sampaleanu
@@ -64,13 +61,10 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
         Assert.notNull(key, "A Key is required and should match that configured for the RunAsImplAuthenticationProvider");
     }
 
-    public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+    public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
         List newAuthorities = new Vector();
-        Iterator iter = config.getConfigAttributes().iterator();
-
-        while (iter.hasNext()) {
-            ConfigAttribute attribute = (ConfigAttribute) iter.next();
 
+        for(ConfigAttribute attribute : config) {
             if (this.supports(attribute)) {
                 GrantedAuthorityImpl extraAuthority = new GrantedAuthorityImpl(getRolePrefix()
                         + attribute.getAttribute());
@@ -80,17 +74,18 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 
         if (newAuthorities.size() == 0) {
             return null;
-        } else {
-            for (int i = 0; i < authentication.getAuthorities().length; i++) {
-                newAuthorities.add(authentication.getAuthorities()[i]);
-            }
+        }
 
-            GrantedAuthority[] resultType = {new GrantedAuthorityImpl("holder")};
-            GrantedAuthority[] newAuthoritiesAsArray = (GrantedAuthority[]) newAuthorities.toArray(resultType);
 
-            return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(),
-                newAuthoritiesAsArray, authentication.getClass());
+        for (int i = 0; i < authentication.getAuthorities().length; i++) {
+            newAuthorities.add(authentication.getAuthorities()[i]);
         }
+
+        GrantedAuthority[] resultType = {new GrantedAuthorityImpl("holder")};
+        GrantedAuthority[] newAuthoritiesAsArray = (GrantedAuthority[]) newAuthorities.toArray(resultType);
+
+        return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(),
+            newAuthoritiesAsArray, authentication.getClass());
     }
 
     public String getKey() {

core/src/main/java/org/springframework/security/securechannel/ChannelDecisionManager.java

@@ -16,11 +16,10 @@
 package org.springframework.security.securechannel;
 
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
 import org.springframework.security.intercept.web.FilterInvocation;
 
 import java.io.IOException;
+import java.util.List;
 
 import javax.servlet.ServletException;
 
@@ -36,16 +35,10 @@ public interface ChannelDecisionManager {
 
     /**
      * Decided whether the presented {@link FilterInvocation} provides the appropriate level of channel
-     * security based on the requested {@link ConfigAttributeDefinition}.
-     *
-     * @param invocation DOCUMENT ME!
-     * @param config DOCUMENT ME!
+     * security based on the requested list of <tt>ConfigAttribute</tt>s.
      *
-     * @throws IOException DOCUMENT ME!
-     * @throws ServletException DOCUMENT ME!
      */
-    void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
-        throws IOException, ServletException;
+    void decide(FilterInvocation invocation, List<ConfigAttribute> config) throws IOException, ServletException;
 
     /**
      * Indicates whether this <code>ChannelDecisionManager</code> is able to process the passed

core/src/main/java/org/springframework/security/securechannel/ChannelDecisionManagerImpl.java

@@ -16,7 +16,6 @@
 package org.springframework.security.securechannel;
 
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 
 import org.springframework.security.intercept.web.FilterInvocation;
 
@@ -65,15 +64,15 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
         Assert.notEmpty(listToCheck, "A list of ChannelProcessors is required");
     }
 
-    public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
+    public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
             throws IOException, ServletException {
 
-        Iterator attrs = config.getConfigAttributes().iterator();
+        Iterator attrs = config.iterator();
 
         while (attrs.hasNext()) {
-			ConfigAttribute attribute = (ConfigAttribute) attrs.next();
-			if (ANY_CHANNEL.equals(attribute.getAttribute())) {
-				return;
+            ConfigAttribute attribute = (ConfigAttribute) attrs.next();
+            if (ANY_CHANNEL.equals(attribute.getAttribute())) {
+                return;
             }
         }
 

core/src/main/java/org/springframework/security/securechannel/ChannelProcessingFilter.java

@@ -15,25 +15,24 @@
 
 package org.springframework.security.securechannel;
 
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.intercept.web.FilterInvocation;
-import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
-import org.springframework.security.ui.SpringSecurityFilter;
-import org.springframework.security.ui.FilterChainOrder;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.util.Assert;
+import java.io.IOException;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-import java.util.Collection;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.intercept.web.FilterInvocation;
+import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
+import org.springframework.security.ui.FilterChainOrder;
+import org.springframework.security.ui.SpringSecurityFilter;
+import org.springframework.util.Assert;
 
 
 /**
@@ -60,12 +59,12 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
         Assert.notNull(filterInvocationDefinitionSource, "filterInvocationDefinitionSource must be specified");
         Assert.notNull(channelDecisionManager, "channelDecisionManager must be specified");
 
-        Collection<List<? extends ConfigAttribute>> attrDefs = this.filterInvocationDefinitionSource.getConfigAttributeDefinitions();
+        Collection<List<? extends ConfigAttribute>> attrDefs = this.filterInvocationDefinitionSource.getAllConfigAttributes();
 
         if (attrDefs == null) {
             if (logger.isWarnEnabled()) {
                 logger.warn("Could not validate configuration attributes as the FilterInvocationDefinitionSource did "
-                        + "not return a ConfigAttributeDefinition Iterator");
+                        + "not return any attributes");
             }
 
             return;
@@ -91,17 +90,17 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
     }
 
     public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
-        throws IOException, ServletException {
+            throws IOException, ServletException {
 
         FilterInvocation fi = new FilterInvocation(request, response, chain);
-        List<? extends ConfigAttribute> attr = this.filterInvocationDefinitionSource.getAttributes(fi);
+        List<ConfigAttribute> attr = this.filterInvocationDefinitionSource.getAttributes(fi);
 
         if (attr != null) {
             if (logger.isDebugEnabled()) {
                 logger.debug("Request: " + fi.toString() + "; ConfigAttributes: " + attr);
             }
 
-            channelDecisionManager.decide(fi, new ConfigAttributeDefinition(attr));
+            channelDecisionManager.decide(fi, attr);
 
             if (fi.getResponse().isCommitted()) {
                 return;

core/src/main/java/org/springframework/security/securechannel/ChannelProcessor.java

@@ -16,11 +16,10 @@
 package org.springframework.security.securechannel;
 
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
 import org.springframework.security.intercept.web.FilterInvocation;
 
 import java.io.IOException;
+import java.util.List;
 
 import javax.servlet.ServletException;
 
@@ -47,15 +46,10 @@ public interface ChannelProcessor {
 
     /**
      * Decided whether the presented {@link FilterInvocation} provides the appropriate level of channel
-     * security based on the requested {@link ConfigAttributeDefinition}.
-     *
-     * @param invocation DOCUMENT ME!
-     * @param config DOCUMENT ME!
+     * security based on the requested list of <tt>ConfigAttribute</tt>s.
      *
-     * @throws IOException DOCUMENT ME!
-     * @throws ServletException DOCUMENT ME!
      */
-    void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
+    void decide(FilterInvocation invocation, List<ConfigAttribute> config)
         throws IOException, ServletException;
 
     /**

core/src/main/java/org/springframework/security/securechannel/InsecureChannelProcessor.java

@@ -16,7 +16,6 @@
 package org.springframework.security.securechannel;
 
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 
 import org.springframework.security.intercept.web.FilterInvocation;
 
@@ -27,6 +26,7 @@ import org.springframework.util.Assert;
 import java.io.IOException;
 
 import java.util.Iterator;
+import java.util.List;
 
 import javax.servlet.ServletException;
 
@@ -55,13 +55,13 @@ public class InsecureChannelProcessor implements InitializingBean, ChannelProces
         Assert.notNull(entryPoint, "entryPoint required");
     }
 
-    public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
+    public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
         throws IOException, ServletException {
         if ((invocation == null) || (config == null)) {
             throw new IllegalArgumentException("Nulls cannot be provided");
         }
 
-        Iterator iter = config.getConfigAttributes().iterator();
+        Iterator iter = config.iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/securechannel/SecureChannelProcessor.java

@@ -16,7 +16,6 @@
 package org.springframework.security.securechannel;
 
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 
 import org.springframework.security.intercept.web.FilterInvocation;
 
@@ -27,6 +26,7 @@ import org.springframework.util.Assert;
 import java.io.IOException;
 
 import java.util.Iterator;
+import java.util.List;
 
 import javax.servlet.ServletException;
 
@@ -55,11 +55,11 @@ public class SecureChannelProcessor implements InitializingBean, ChannelProcesso
         Assert.notNull(entryPoint, "entryPoint required");
     }
 
-    public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
+    public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
         throws IOException, ServletException {
         Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");
 
-        Iterator iter = config.getConfigAttributes().iterator();
+        Iterator iter = config.iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/vote/AbstractAccessDecisionManager.java

@@ -60,7 +60,7 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
         }
     }
 
-    public List getDecisionVoters() {
+    public List<AccessDecisionVoter> getDecisionVoters() {
         return this.decisionVoters;
     }
 

core/src/main/java/org/springframework/security/vote/AccessDecisionVoter.java

@@ -15,9 +15,10 @@
 
 package org.springframework.security.vote;
 
+import java.util.List;
+
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 
 
 /**
@@ -83,9 +84,9 @@ public interface AccessDecisionVoter {
      *
      * @param authentication the caller invoking the method
      * @param object the secured object
-     * @param config the configuration attributes associated with the method being invoked
+     * @param attributes the configuration attributes associated with the method being invoked
      *
      * @return either {@link #ACCESS_GRANTED}, {@link #ACCESS_ABSTAIN} or {@link #ACCESS_DENIED}
      */
-    int vote(Authentication authentication, Object object, ConfigAttributeDefinition config);
+    int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes);
 }

core/src/main/java/org/springframework/security/vote/AffirmativeBased.java

@@ -17,9 +17,10 @@ package org.springframework.security.vote;
 
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
 
 import java.util.Iterator;
+import java.util.List;
 
 
 /**
@@ -37,18 +38,18 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
      *
      * @param authentication the caller invoking the method
      * @param object the secured object
-     * @param config the configuration attributes associated with the method being invoked
+     * @param configAttributes the configuration attributes associated with the method being invoked
      *
      * @throws AccessDeniedException if access is denied
      */
-    public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
-        throws AccessDeniedException {
+    public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
+            throws AccessDeniedException {
         Iterator iter = this.getDecisionVoters().iterator();
         int deny = 0;
 
         while (iter.hasNext()) {
             AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
-            int result = voter.vote(authentication, object, config);
+            int result = voter.vote(authentication, object, configAttributes);
 
             switch (result) {
             case AccessDecisionVoter.ACCESS_GRANTED:

core/src/main/java/org/springframework/security/vote/AuthenticatedVoter.java

@@ -19,24 +19,26 @@ import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationTrustResolver;
 import org.springframework.security.AuthenticationTrustResolverImpl;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 
 import org.springframework.util.Assert;
 
 import java.util.Iterator;
+import java.util.List;
 
 
 /**
- * <p>Votes if a {@link ConfigAttribute#getAttribute()} of <code>IS_AUTHENTICATED_FULLY</code> or
+ * Votes if a {@link ConfigAttribute#getAttribute()} of <code>IS_AUTHENTICATED_FULLY</code> or
  * <code>IS_AUTHENTICATED_REMEMBERED</code> or <code>IS_AUTHENTICATED_ANONYMOUSLY</code> is present. This list is in
- * order of most strict checking to least strict checking.</p>
- *  <p>The current <code>Authentication</code> will be inspected to determine if the principal has a particular
- * level of authentication. The "FULLY" authenticated option means the user is authenticated fully (ie {@link
+ * order of most strict checking to least strict checking.
+ * <p>
+ * The current <code>Authentication</code> will be inspected to determine if the principal has a particular
+ * level of authentication. The "FULLY" authenticated option means the user is authenticated fully (i.e. {@link
  * org.springframework.security.AuthenticationTrustResolver#isAnonymous(Authentication)} is false and {@link
- * org.springframework.security.AuthenticationTrustResolver#isRememberMe(Authentication)} is false. The "REMEMBERED" will grant
+ * org.springframework.security.AuthenticationTrustResolver#isRememberMe(Authentication)} is false). The "REMEMBERED" will grant
  * access if the principal was either authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY" will
- * grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.</p>
- *  <p>All comparisons and prefixes are case sensitive.</p>
+ * grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.
+ * <p>
+ * All comparisons and prefixes are case sensitive.
  *
  * @author Ben Alex
  * @version $Id$
@@ -54,8 +56,8 @@ public class AuthenticatedVoter implements AccessDecisionVoter {
     //~ Methods ========================================================================================================
 
     private boolean isFullyAuthenticated(Authentication authentication) {
-        return (!authenticationTrustResolver.isAnonymous(authentication)
-        && !authenticationTrustResolver.isRememberMe(authentication));
+        return (!authenticationTrustResolver.isAnonymous(authentication) &&
+                !authenticationTrustResolver.isRememberMe(authentication));
     }
 
     public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
@@ -85,9 +87,9 @@ public class AuthenticatedVoter implements AccessDecisionVoter {
         return true;
     }
 
-    public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+    public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
         int result = ACCESS_ABSTAIN;
-        Iterator iter = config.getConfigAttributes().iterator();
+        Iterator iter = attributes.iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/vote/BasicAclEntryVoter.java

@@ -18,7 +18,6 @@ package org.springframework.security.vote;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthorizationServiceException;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 
 import org.springframework.security.acl.AclEntry;
 import org.springframework.security.acl.AclManager;
@@ -36,6 +35,7 @@ import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 
 import java.util.Iterator;
+import java.util.List;
 
 
 /**
@@ -163,8 +163,8 @@ public class BasicAclEntryVoter extends AbstractAclVoter implements Initializing
         }
     }
 
-    public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
-        Iterator iter = config.getConfigAttributes().iterator();
+    public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
+        Iterator iter = attributes.iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/vote/ConsensusBased.java

@@ -17,9 +17,10 @@ package org.springframework.security.vote;
 
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
 
 import java.util.Iterator;
+import java.util.List;
 
 
 /**
@@ -43,11 +44,11 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
      *
      * @param authentication the caller invoking the method
      * @param object the secured object
-     * @param config the configuration attributes associated with the method being invoked
+     * @param configAttributes the configuration attributes associated with the method being invoked
      *
      * @throws AccessDeniedException if access is denied
      */
-    public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
+    public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
         throws AccessDeniedException {
         Iterator iter = this.getDecisionVoters().iterator();
         int grant = 0;
@@ -56,7 +57,7 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
 
         while (iter.hasNext()) {
             AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
-            int result = voter.vote(authentication, object, config);
+            int result = voter.vote(authentication, object, configAttributes);
 
             switch (result) {
             case AccessDecisionVoter.ACCESS_GRANTED:

core/src/main/java/org/springframework/security/vote/LabelBasedAclVoter.java

@@ -16,7 +16,6 @@ package org.springframework.security.vote;
 
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 
 import org.aopalliance.intercept.MethodInvocation;
 
@@ -170,20 +169,16 @@ public class LabelBasedAclVoter extends AbstractAclVoter {
      * Vote on whether or not the user has all the labels necessary to match the method argument's labeled
      * data.
      *
-     * @param authentication DOCUMENT ME!
-     * @param object DOCUMENT ME!
-     * @param config DOCUMENT ME!
-     *
      * @return ACCESS_ABSTAIN, ACCESS_GRANTED, or ACCESS_DENIED.
      */
-    public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+    public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
         int result = ACCESS_ABSTAIN;
 
         if (logger.isDebugEnabled()) {
             logger.debug("==========================================================");
         }
 
-        if (this.supports((ConfigAttribute) config.getConfigAttributes().iterator().next())) {
+        if (this.supports((ConfigAttribute) attributes.iterator().next())) {
             result = ACCESS_DENIED;
 
             /* Parse out the user's labels by examining the security context, and checking

core/src/main/java/org/springframework/security/vote/RoleVoter.java

@@ -16,10 +16,10 @@
 package org.springframework.security.vote;
 
 import java.util.Iterator;
+import java.util.List;
 
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.GrantedAuthority;
 
 /**
@@ -92,10 +92,10 @@ public class RoleVoter implements AccessDecisionVoter {
         return true;
     }
 
-    public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+    public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
         int result = ACCESS_ABSTAIN;
-        Iterator iter = config.getConfigAttributes().iterator();
-        GrantedAuthority[] authorities = extractAuthorities(authentication);        
+        Iterator iter = attributes.iterator();
+        GrantedAuthority[] authorities = extractAuthorities(authentication);
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();
@@ -114,8 +114,8 @@ public class RoleVoter implements AccessDecisionVoter {
 
         return result;
     }
-    
+
     GrantedAuthority[] extractAuthorities(Authentication authentication) {
-    	return authentication.getAuthorities();
+        return authentication.getAuthorities();
     }
 }

core/src/main/java/org/springframework/security/vote/UnanimousBased.java

@@ -15,17 +15,17 @@
 
 package org.springframework.security.vote;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-
-import java.util.Iterator;
 
 
 /**
- * Simple concrete implementation of  {@link org.springframework.security.AccessDecisionManager} that  requires all voters to
- * abstain or grant access.
+ * Simple concrete implementation of  {@link org.springframework.security.AccessDecisionManager} that requires all
+ * voters to abstain or grant access.
  */
 public class UnanimousBased extends AbstractAccessDecisionManager {
     //~ Methods ========================================================================================================
@@ -34,35 +34,33 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
      * This concrete implementation polls all configured  {@link AccessDecisionVoter}s for each {@link
      * ConfigAttribute} and grants access if <b>only</b> grant votes were received.
      * <p>
-     * Other voting implementations usually pass the entire list of {@link ConfigAttributeDefinition}s to the
+     * Other voting implementations usually pass the entire list of <tt>ConfigAttribute</tt>s to the
      * <code>AccessDecisionVoter</code>. This implementation differs in that each <code>AccessDecisionVoter</code>
-     * knows only about a single <code>ConfigAttribute</code> at a time.</p>
-     *  <p>If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the
-     * {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).</p>
+     * knows only about a single <code>ConfigAttribute</code> at a time.
+     * <p>
+     * If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the
+     * {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).
      *
      * @param authentication the caller invoking the method
      * @param object the secured object
-     * @param config the configuration attributes associated with the method being invoked
+     * @param attributes the configuration attributes associated with the method being invoked
      *
      * @throws AccessDeniedException if access is denied
      */
-    public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
+    public void decide(Authentication authentication, Object object, List<ConfigAttribute> attributes)
              throws AccessDeniedException {
 
         int grant = 0;
         int abstain = 0;
 
-        Iterator configIter = config.getConfigAttributes().iterator();
-
-        while (configIter.hasNext()) {
-            ConfigAttributeDefinition singleAttrDef =
-                    new ConfigAttributeDefinition((ConfigAttribute) configIter.next());
+        List<ConfigAttribute> singleAttributeList = new ArrayList<ConfigAttribute>(1);
+        singleAttributeList.add(null);
 
-            Iterator voters = this.getDecisionVoters().iterator();
+        for (ConfigAttribute attribute : attributes) {
+            singleAttributeList.set(0, attribute);
 
-            while (voters.hasNext()) {
-                AccessDecisionVoter voter = (AccessDecisionVoter) voters.next();
-                int result = voter.vote(authentication, object, singleAttrDef);
+            for(AccessDecisionVoter voter : getDecisionVoters()) {
+                int result = voter.vote(authentication, object, singleAttributeList);
 
                 switch (result) {
                 case AccessDecisionVoter.ACCESS_GRANTED:

core/src/test/java/org/springframework/security/MockAccessDecisionManager.java

@@ -16,6 +16,7 @@
 package org.springframework.security;
 
 import java.util.Iterator;
+import java.util.List;
 
 
 /**
@@ -28,13 +29,10 @@ import java.util.Iterator;
 public class MockAccessDecisionManager implements AccessDecisionManager {
     //~ Methods ========================================================================================================
 
-    public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
-        throws AccessDeniedException {
-        Iterator iter = config.getConfigAttributes().iterator();
-
-        while (iter.hasNext()) {
-            ConfigAttribute attr = (ConfigAttribute) iter.next();
+    public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
+            throws AccessDeniedException {
 
+        for(ConfigAttribute attr : configAttributes) {
             if (this.supports(attr)) {
                 for (int i = 0; i < authentication.getAuthorities().length; i++) {
                     if (attr.getAttribute().equals(authentication.getAuthorities()[i].getAuthority())) {

core/src/test/java/org/springframework/security/MockAfterInvocationManager.java

@@ -16,6 +16,7 @@
 package org.springframework.security;
 
 import java.util.Iterator;
+import java.util.List;
 
 
 /**
@@ -27,9 +28,9 @@ import java.util.Iterator;
 public class MockAfterInvocationManager implements AfterInvocationManager {
     //~ Methods ========================================================================================================
 
-    public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+    public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
         Object returnedObject) throws AccessDeniedException {
-        Iterator iter = config.getConfigAttributes().iterator();
+        Iterator iter = config.iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/test/java/org/springframework/security/MockRunAsManager.java

@@ -16,6 +16,7 @@
 package org.springframework.security;
 
 import java.util.Iterator;
+import java.util.List;
 
 
 /**
@@ -28,8 +29,8 @@ import java.util.Iterator;
 public class MockRunAsManager implements RunAsManager {
     //~ Methods ========================================================================================================
 
-    public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
-        Iterator iter = config.getConfigAttributes().iterator();
+    public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
+        Iterator iter = config.iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/test/java/org/springframework/security/afterinvocation/AfterInvocationProviderManagerTests.java

@@ -15,23 +15,19 @@
 
 package org.springframework.security.afterinvocation;
 
+import java.util.List;
+import java.util.Vector;
+
 import junit.framework.TestCase;
 
+import org.aopalliance.intercept.MethodInvocation;
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.SecurityConfig;
-
 import org.springframework.security.intercept.web.FilterInvocation;
-
 import org.springframework.security.util.SimpleMethodInvocation;
 
-import org.aopalliance.intercept.MethodInvocation;
-
-import java.util.List;
-import java.util.Vector;
-
 
 /**
  * Tests {@link AfterInvocationProviderManager}.
@@ -62,11 +58,11 @@ public class AfterInvocationProviderManagerTests extends TestCase {
         assertEquals(list, manager.getProviders());
         manager.afterPropertiesSet();
 
-        ConfigAttributeDefinition attr1 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP1"});
-        ConfigAttributeDefinition attr2 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP2"});
-        ConfigAttributeDefinition attr3 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP3"});
-        ConfigAttributeDefinition attr2and3 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP2","GIVE_ME_SWAP3"});
-        ConfigAttributeDefinition attr4 = new ConfigAttributeDefinition(new String[] {"NEVER_CAUSES_SWAP"});
+        List<ConfigAttribute> attr1 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP1"});
+        List<ConfigAttribute> attr2 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP2"});
+        List<ConfigAttribute> attr3 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP3"});
+        List<ConfigAttribute> attr2and3 = SecurityConfig.createList(new String[] {"GIVE_ME_SWAP2","GIVE_ME_SWAP3"});
+        List<ConfigAttribute> attr4 = SecurityConfig.createList(new String[] {"NEVER_CAUSES_SWAP"});
 
         assertEquals("swap1", manager.decide(null, new SimpleMethodInvocation(), attr1, "content-before-swapping"));
 
@@ -162,7 +158,7 @@ public class AfterInvocationProviderManagerTests extends TestCase {
             this.configAttribute = configAttribute;
         }
 
-        public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+        public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
             Object returnedObject) throws AccessDeniedException {
             if (config.contains(configAttribute)) {
                 return forceReturnObject;

core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProviderTests.java

@@ -15,23 +15,22 @@
 
 package org.springframework.security.afterinvocation;
 
+import java.util.List;
+import java.util.Vector;
+
 import junit.framework.TestCase;
 
 import org.springframework.security.AuthorizationServiceException;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
 import org.springframework.security.MockAclManager;
+import org.springframework.security.SecurityConfig;
 import org.springframework.security.acl.AclEntry;
 import org.springframework.security.acl.AclManager;
 import org.springframework.security.acl.basic.MockAclObjectIdentity;
 import org.springframework.security.acl.basic.SimpleAclEntry;
-
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-
 import org.springframework.security.util.SimpleMethodInvocation;
 
-import java.util.List;
-import java.util.Vector;
-
 
 /**
  * Tests {@link BasicAclEntryAfterInvocationCollectionFilteringProvider}.
@@ -73,10 +72,10 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
 
         // Filter
-        List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
+        List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(),
+                SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), list);
 
         assertEquals(0, filteredList.size());
     }
@@ -106,7 +105,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+        List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
 
         // Filter
         List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@@ -140,7 +139,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+        List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
 
         // Filter
         List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@@ -175,7 +174,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+        List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
 
         // Filter
         String[] filteredList = (String[]) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@@ -201,7 +200,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+        List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
 
         // Filter
         try {
@@ -229,7 +228,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+        List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
 
         // Filter
         List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, null);
@@ -262,14 +261,13 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+        List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
 
         // As no matching config attrib, ensure provider doesn't change list
         assertEquals(4, ((List) provider.decide(auth, new SimpleMethodInvocation(), attr, list)).size());
 
         // Filter, this time with the conf attrib provider setup to answer
-        attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_ADMIN");
-        //attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_ADMIN"));
+        attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_ADMIN");
 
         List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
 
@@ -303,7 +301,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
+        List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_COLLECTION_READ");
 
         // Filter
         List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);

core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProviderTests.java

@@ -15,11 +15,15 @@
 
 package org.springframework.security.afterinvocation;
 
+import java.util.List;
+
 import junit.framework.TestCase;
 
 import org.springframework.security.AccessDeniedException;
+import org.springframework.security.ConfigAttribute;
 import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.MockAclManager;
+import org.springframework.security.SecurityConfig;
 import org.springframework.security.acl.AclEntry;
 import org.springframework.security.acl.AclManager;
 import org.springframework.security.acl.basic.MockAclObjectIdentity;
@@ -54,7 +58,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
+        List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
 
         try {
             provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont");
@@ -81,7 +85,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
+        List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
 
         try {
             provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont");
@@ -109,7 +113,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
+        List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
 
         // Filter
         assertEquals("belmont", provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont"));
@@ -132,7 +136,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
+        List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
 
         // Filter
         assertNull(provider.decide(auth, new SimpleMethodInvocation(), attr, null));
@@ -156,13 +160,13 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
+        List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
 
         // As no matching config attrib, ensure provider returns original obj
         assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));
 
         // Filter, this time with the conf attrib provider setup to answer
-        attr = new ConfigAttributeDefinition("AFTER_ACL_ADMIN");
+        attr = SecurityConfig.createList("AFTER_ACL_ADMIN");
         assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));
     }
 
@@ -184,7 +188,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
+        List<ConfigAttribute> attr = SecurityConfig.createList("AFTER_ACL_READ");
 
         // Filter
         assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));

core/src/test/java/org/springframework/security/annotation/Jsr250MethodDefinitionSourceTests.java

@@ -12,7 +12,6 @@ import junit.framework.Assert;
 
 import org.junit.Test;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 
 /**
  * @author Luke Taylor

core/src/test/java/org/springframework/security/annotation/SecuredMethodDefinitionSourceTests.java

@@ -22,7 +22,6 @@ import junit.framework.TestCase;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.SecurityConfig;
 import org.springframework.util.StringUtils;
 

core/src/test/java/org/springframework/security/config/FilterInvocationDefinitionSourceParserTests.java

@@ -1,6 +1,6 @@
 package org.springframework.security.config;
 
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertTrue;
 
 import java.util.List;
 
@@ -11,7 +11,6 @@ import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.SecurityConfig;
 import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
 import org.springframework.security.intercept.web.FilterInvocation;

core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java

@@ -1,7 +1,12 @@
 package org.springframework.security.config;
 
-import static org.junit.Assert.*;
-import static org.springframework.security.config.ConfigTestUtils.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
 
 import java.lang.reflect.Method;
 import java.util.Iterator;
@@ -10,14 +15,12 @@ import java.util.List;
 import org.junit.After;
 import org.junit.Test;
 import org.springframework.beans.factory.BeanCreationException;
-import org.springframework.beans.factory.BeanDefinitionStoreException;
 import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
 import org.springframework.context.support.AbstractXmlApplicationContext;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.MockAuthenticationEntryPoint;
 import org.springframework.security.MockFilterChain;
 import org.springframework.security.SecurityConfig;

core/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java

@@ -1,24 +1,25 @@
 package org.springframework.security.config;
 
+import java.util.List;
+
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.afterinvocation.AfterInvocationProvider;
 
 public class MockAfterInvocationProvider implements AfterInvocationProvider {
 
-	public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
-			throws AccessDeniedException {
-		return returnedObject;
-	}
+    public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config, Object returnedObject)
+            throws AccessDeniedException {
+        return returnedObject;
+    }
 
-	public boolean supports(ConfigAttribute attribute) {
-		return true;
-	}
+    public boolean supports(ConfigAttribute attribute) {
+        return true;
+    }
 
-	public boolean supports(Class clazz) {
-		return true;
-	}
+    public boolean supports(Class clazz) {
+        return true;
+    }
 
 }

core/src/test/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEventTests.java

@@ -15,11 +15,9 @@
 
 package org.springframework.security.event.authorization;
 
-import junit.framework.TestCase;
-
+import org.junit.Test;
 import org.springframework.security.AuthenticationCredentialsNotFoundException;
-import org.springframework.security.ConfigAttributeDefinition;
-
+import org.springframework.security.SecurityConfig;
 import org.springframework.security.util.SimpleMethodInvocation;
 
 
@@ -29,42 +27,22 @@ import org.springframework.security.util.SimpleMethodInvocation;
  * @author Ben Alex
  * @version $Id$
  */
-public class AuthenticationCredentialsNotFoundEventTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public AuthenticationCredentialsNotFoundEventTests() {
-        super();
-    }
-
-    public AuthenticationCredentialsNotFoundEventTests(String arg0) {
-        super(arg0);
-    }
-
-    //~ Methods ========================================================================================================
+public class AuthenticationCredentialsNotFoundEventTests {
 
+    @Test(expected=IllegalArgumentException.class)
     public void testRejectsNulls() {
-        try {
-            new AuthenticationCredentialsNotFoundEvent(null, new ConfigAttributeDefinition(new String[] {}),
+        new AuthenticationCredentialsNotFoundEvent(null, SecurityConfig.createList("TEST"),
                 new AuthenticationCredentialsNotFoundException("test"));
-            fail("Should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
+    }
 
-        try {
-            new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), null,
+    @Test(expected=IllegalArgumentException.class)
+    public void testRejectsNulls2() {
+        new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), null,
                 new AuthenticationCredentialsNotFoundException("test"));
-            fail("Should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
+    }
 
-        try {
-            new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), new ConfigAttributeDefinition(new String[] {}),
-                null);
-            fail("Should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
+    @Test(expected=IllegalArgumentException.class)
+    public void testRejectsNulls3() {
+        new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null);
     }
 }

core/src/test/java/org/springframework/security/event/authorization/AuthorizationFailureEventTests.java

@@ -15,15 +15,10 @@
 
 package org.springframework.security.event.authorization;
 
-import junit.framework.TestCase;
-
+import org.junit.Test;
 import org.springframework.security.AccessDeniedException;
-import org.springframework.security.ConfigAttributeDefinition;
-
-import org.springframework.security.event.authorization.AuthorizationFailureEvent;
-
+import org.springframework.security.SecurityConfig;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-
 import org.springframework.security.util.SimpleMethodInvocation;
 
 
@@ -33,54 +28,29 @@ import org.springframework.security.util.SimpleMethodInvocation;
  * @author Ben Alex
  * @version $Id$
  */
-public class AuthorizationFailureEventTests extends TestCase {
-    //~ Constructors ===================================================================================================
+public class AuthorizationFailureEventTests {
 
-    public AuthorizationFailureEventTests() {
-        super();
+    @Test(expected=IllegalArgumentException.class)
+    public void testRejectsNulls() {
+        new AuthorizationFailureEvent(null, SecurityConfig.createList("TEST"),
+            new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
     }
 
-    public AuthorizationFailureEventTests(String arg0) {
-        super(arg0);
+    @Test(expected=IllegalArgumentException.class)
+    public void testRejectsNulls2() {
+        new AuthorizationFailureEvent(new SimpleMethodInvocation(), null,
+            new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
     }
 
-    //~ Methods ========================================================================================================
-
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(AuthorizationFailureEventTests.class);
+    @Test(expected=IllegalArgumentException.class)
+    public void testRejectsNulls3() {
+        new AuthorizationFailureEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null,
+            new AccessDeniedException("error"));
     }
 
-    public void testRejectsNulls() {
-        try {
-            new AuthorizationFailureEvent(null, ConfigAttributeDefinition.NO_ATTRIBUTES,
-                new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
-            fail("Should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-
-        try {
-            new AuthorizationFailureEvent(new SimpleMethodInvocation(), null,
-                new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
-            fail("Should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-
-        try {
-            new AuthorizationFailureEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES, null,
-                new AccessDeniedException("error"));
-            fail("Should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-
-        try {
-            new AuthorizationFailureEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES,
-                new UsernamePasswordAuthenticationToken("foo", "bar"), null);
-            fail("Should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
+    @Test(expected=IllegalArgumentException.class)
+    public void testRejectsNulls4() {
+        new AuthorizationFailureEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"),
+            new UsernamePasswordAuthenticationToken("foo", "bar"), null);
     }
 }

core/src/test/java/org/springframework/security/event/authorization/AuthorizedEventTests.java

@@ -15,12 +15,9 @@
 
 package org.springframework.security.event.authorization;
 
-import junit.framework.TestCase;
-
-import org.springframework.security.ConfigAttributeDefinition;
-
+import org.junit.Test;
+import org.springframework.security.SecurityConfig;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-
 import org.springframework.security.util.SimpleMethodInvocation;
 
 
@@ -30,41 +27,21 @@ import org.springframework.security.util.SimpleMethodInvocation;
  * @author Ben Alex
  * @version $Id$
  */
-public class AuthorizedEventTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public AuthorizedEventTests() {
-        super();
-    }
+public class AuthorizedEventTests {
 
-    public AuthorizedEventTests(String arg0) {
-        super(arg0);
+    @Test(expected=IllegalArgumentException.class)
+    public void testRejectsNulls() {
+        new AuthorizedEvent(null, SecurityConfig.createList("TEST"), new UsernamePasswordAuthenticationToken("foo", "bar"));
     }
 
-    //~ Methods ========================================================================================================
-
-    public void testRejectsNulls() {
-        try {
-            new AuthorizedEvent(null, ConfigAttributeDefinition.NO_ATTRIBUTES,
-                new UsernamePasswordAuthenticationToken("foo", "bar"));
-            fail("Should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
+    @Test(expected=IllegalArgumentException.class)
+    public void testRejectsNulls2() {
 
-        try {
-            new AuthorizedEvent(new SimpleMethodInvocation(), null,
-                new UsernamePasswordAuthenticationToken("foo", "bar"));
-            fail("Should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
+        new AuthorizedEvent(new SimpleMethodInvocation(), null, new UsernamePasswordAuthenticationToken("foo", "bar"));
+    }
 
-        try {
-            new AuthorizedEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES, null);
-            fail("Should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
+    @Test(expected=IllegalArgumentException.class)
+    public void testRejectsNulls3() {
+        new AuthorizedEvent(new SimpleMethodInvocation(), SecurityConfig.createList("TEST"), null);
     }
 }

core/src/test/java/org/springframework/security/expression/support/MethodExpressionVoterTests.java

@@ -10,7 +10,7 @@ import java.util.List;
 import org.aopalliance.intercept.MethodInvocation;
 import org.junit.Before;
 import org.junit.Test;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
 import org.springframework.security.annotation.ExpressionProtectedBusinessServiceImpl;
 import org.springframework.security.providers.TestingAuthenticationToken;
 import org.springframework.security.util.SimpleMethodInvocation;
@@ -40,43 +40,53 @@ public class MethodExpressionVoterTests {
 
     @Test
     public void hasRoleExpressionAllowsUserWithRole() throws Exception {
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('blah')"));
-        assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs, cad));
+        assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs, createAttributes(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('blah')"))));
     }
 
     @Test
     public void hasRoleExpressionDeniesUserWithoutRole() throws Exception {
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('joedoesnt')"));
+        List<ConfigAttribute> cad = new ArrayList<ConfigAttribute>(1);
+        cad.add(new PreInvocationExpressionConfigAttribute(null, null, "hasRole('joedoesnt')"));
         assertEquals(AccessDecisionVoter.ACCESS_DENIED, am.vote(joe, miStringArgs, cad));
     }
 
     @Test
     public void matchingArgAgainstAuthenticationNameIsSuccessful() throws Exception {
-        // userName is an argument name of this method
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute(null, null, "(#userName == principal) and (principal == 'joe')"));
-        assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs, cad));
+        assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
+                am.vote(joe, miStringArgs, createAttributes(new PreInvocationExpressionConfigAttribute(null, null, "(#userName == principal) and (principal == 'joe')"))));
     }
 
     @Test
     public void accessIsGrantedIfNoPreAuthorizeAttributeIsUsed() throws Exception {
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someList", null));
-        assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miListArg, cad));
+        assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
+                am.vote(joe, miListArg, createAttributes(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someList", null))));
         // All objects should have been removed, because the expression is always false
         assertEquals(0, listArg.size());
     }
 
     @Test(expected=IllegalArgumentException.class)
     public void arraysCannotBePrefiltered() throws Exception {
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someArray", null));
-        am.vote(joe, miArrayArg, cad);
+        am.vote(joe, miArrayArg,
+                createAttributes(new PreInvocationExpressionConfigAttribute("(filterObject == 'jim')", "someArray", null)));
     }
 
     @Test
     public void listPreFilteringIsSuccessful() throws Exception {
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new PreInvocationExpressionConfigAttribute("(filterObject == 'joe' or filterObject == 'sam')", "someList", null));
-        am.vote(joe, miListArg, cad);
+        am.vote(joe, miListArg,
+                createAttributes(new PreInvocationExpressionConfigAttribute("(filterObject == 'joe' or filterObject == 'sam')", "someList", null)));
         assertEquals("joe and sam should still be in the list", 2, listArg.size());
         assertEquals("joe", listArg.get(0));
         assertEquals("sam", listArg.get(1));
     }
+
+    @Test
+    public void ruleDefinedInAClassMethodIsApplied() throws Exception {
+        assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, miStringArgs,
+                createAttributes(new PreInvocationExpressionConfigAttribute(null, null, "new org.springframework.security.expression.support.SecurityRules().isJoe(#userName)"))));
+    }
+
+    private List<ConfigAttribute> createAttributes(ConfigAttribute... attributes) {
+        return Arrays.asList(attributes);
+    }
+
 }

core/src/test/java/org/springframework/security/intercept/InterceptorStatusTokenTests.java

@@ -15,13 +15,17 @@
 
 package org.springframework.security.intercept;
 
-import junit.framework.TestCase;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
 
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.util.SimpleMethodInvocation;
+import java.util.List;
 
 import org.aopalliance.intercept.MethodInvocation;
+import org.junit.Test;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.SecurityConfig;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.util.SimpleMethodInvocation;
 
 
 /**
@@ -30,39 +34,17 @@ import org.aopalliance.intercept.MethodInvocation;
  * @author Ben Alex
  * @version $Id$
  */
-public class InterceptorStatusTokenTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public InterceptorStatusTokenTests() {
-        super();
-    }
-
-    public InterceptorStatusTokenTests(String arg0) {
-        super(arg0);
-    }
-
-    //~ Methods ========================================================================================================
-
-    public void testNoArgConstructorDoesntExist() {
-        Class clazz = InterceptorStatusToken.class;
-
-        try {
-            clazz.getDeclaredConstructor((Class[]) null);
-            fail("Should have thrown NoSuchMethodException");
-        } catch (NoSuchMethodException expected) {
-            assertTrue(true);
-        }
-    }
+public class InterceptorStatusTokenTests {
 
+    @Test
     public void testOperation() {
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO");
+        List<ConfigAttribute> attr = SecurityConfig.createList("FOO");
         MethodInvocation mi = new SimpleMethodInvocation();
-
         InterceptorStatusToken token = new InterceptorStatusToken(new UsernamePasswordAuthenticationToken("rod",
                     "koala"), true, attr, mi);
 
         assertTrue(token.isContextHolderRefreshRequired());
-        assertEquals(attr, token.getAttr());
+        assertEquals(attr, token.getAttributes());
         assertEquals(mi, token.getSecureObject());
         assertEquals("rod", token.getAuthentication().getPrincipal());
     }

core/src/test/java/org/springframework/security/intercept/method/MethodDefinitionSourceEditorTests.java

@@ -15,24 +15,21 @@
 
 package org.springframework.security.intercept.method;
 
+import java.lang.reflect.AccessibleObject;
+import java.lang.reflect.Method;
+import java.util.Iterator;
+import java.util.List;
+
 import junit.framework.TestCase;
 
+import org.aopalliance.intercept.MethodInvocation;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.ITargetObject;
 import org.springframework.security.MockJoinPoint;
 import org.springframework.security.OtherTargetObject;
 import org.springframework.security.SecurityConfig;
 import org.springframework.security.TargetObject;
 
-import org.aopalliance.intercept.MethodInvocation;
-
-import java.lang.reflect.AccessibleObject;
-import java.lang.reflect.Method;
-
-import java.util.Iterator;
-import java.util.List;
-
 
 /**
  * Tests {@link MethodDefinitionSourceEditor} and its associated {@link MapBasedMethodDefinitionSource}.
@@ -149,7 +146,7 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
             "org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY\r\norg.springframework.security.TargetObject.make*=ROLE_NINE,ROLE_SUPERVISOR");
 
         MapBasedMethodDefinitionSource map = (MapBasedMethodDefinitionSource) editor.getValue();
-        Iterator iter = map.getConfigAttributeDefinitions().iterator();
+        Iterator iter = map.getAllConfigAttributes().iterator();
         int counter = 0;
 
         while (iter.hasNext()) {

core/src/test/java/org/springframework/security/intercept/method/MockMethodDefinitionSource.java

@@ -15,18 +15,16 @@
 
 package org.springframework.security.intercept.method;
 
-import org.aopalliance.intercept.MethodInvocation;
-import org.aspectj.lang.JoinPoint;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.SecurityConfig;
-
 import java.lang.reflect.Method;
-
 import java.util.Collection;
 import java.util.List;
 import java.util.Vector;
 
+import org.aopalliance.intercept.MethodInvocation;
+import org.aspectj.lang.JoinPoint;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.SecurityConfig;
+
 
 /**
  *
@@ -64,7 +62,7 @@ public class MockMethodDefinitionSource implements MethodDefinitionSource {
 
     //~ Methods ========================================================================================================
 
-    public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
+    public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
         if (returnACollection) {
             return list;
         } else {

core/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorTests.java

@@ -15,8 +15,14 @@
 
 package org.springframework.security.intercept.method.aopalliance;
 
+import java.lang.reflect.Method;
+import java.util.Collection;
+import java.util.List;
+
 import junit.framework.TestCase;
 
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.security.AccessDecisionManager;
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.AfterInvocationManager;
@@ -24,7 +30,6 @@ import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.ITargetObject;
@@ -33,24 +38,12 @@ import org.springframework.security.MockAfterInvocationManager;
 import org.springframework.security.MockAuthenticationManager;
 import org.springframework.security.MockRunAsManager;
 import org.springframework.security.RunAsManager;
-
 import org.springframework.security.context.SecurityContextHolder;
-
 import org.springframework.security.intercept.method.MethodDefinitionSource;
 import org.springframework.security.intercept.method.MockMethodDefinitionSource;
-
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-
 import org.springframework.security.runas.RunAsManagerImpl;
 
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-import java.lang.reflect.Method;
-
-import java.util.Collection;
-import java.util.List;
-
 
 /**
  * Tests {@link MethodSecurityInterceptor}.
@@ -409,7 +402,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
     //~ Inner Classes ==================================================================================================
 
     private class MockAccessDecisionManagerWhichOnlySupportsStrings implements AccessDecisionManager {
-        public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
+        public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
             throws AccessDeniedException {
             throw new UnsupportedOperationException("mock method not implemented");
         }
@@ -428,7 +421,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
     }
 
     private class MockAfterInvocationManagerWhichOnlySupportsStrings implements AfterInvocationManager {
-        public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+        public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
             Object returnedObject) throws AccessDeniedException {
             throw new UnsupportedOperationException("mock method not implemented");
         }
@@ -447,7 +440,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
     }
 
     private class MockObjectDefinitionSourceWhichOnlySupportsStrings implements MethodDefinitionSource {
-        public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
+        public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
             return null;
         }
 
@@ -469,7 +462,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
     }
 
     private class MockRunAsManagerWhichOnlySupportsStrings implements RunAsManager {
-        public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+        public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
             throw new UnsupportedOperationException("mock method not implemented");
         }
 

core/src/test/java/org/springframework/security/intercept/web/AbstractFilterInvocationDefinitionSourceTests.java

@@ -1,102 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.intercept.web;
-
-import junit.framework.TestCase;
-
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-
-import java.io.IOException;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
-
-/**
- * Tests {@link DefaultFilterInvocationDefinitionSource}.
- *
- * @author Ben Alex
- * @version $Id$
- */
-public class AbstractFilterInvocationDefinitionSourceTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public AbstractFilterInvocationDefinitionSourceTests() {
-        super();
-    }
-
-    public AbstractFilterInvocationDefinitionSourceTests(String arg0) {
-        super(arg0);
-    }
-
-    //~ Methods ========================================================================================================
-
-    public void testDoesNotSupportAnotherObject() {
-        MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
-        assertFalse(mfis.supports(String.class));
-    }
-
-    public void testGetAttributesForANonFilterInvocation() {
-        MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
-
-        try {
-            mfis.getAttributes(new String());
-            fail("Should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-    }
-
-    public void testGetAttributesForANullObject() {
-        MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
-
-        try {
-            mfis.getAttributes(null);
-            fail("Should have thrown IllegalArgumentException");
-        } catch (IllegalArgumentException expected) {
-            assertTrue(true);
-        }
-    }
-
-    public void testGetAttributesForFilterInvocationSuccess() {
-        MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
-
-        try {
-            mfis.getAttributes(new FilterInvocation(new MockHttpServletRequest(null, null),
-                    new MockHttpServletResponse(), new MockFilterChain()));
-            fail("Should have thrown UnsupportedOperationException");
-        } catch (UnsupportedOperationException expected) {
-            assertTrue(true);
-        }
-    }
-
-    public void testSupportsFilterInvocation() {
-        MockFilterInvocationDefinitionSource mfis = new MockFilterInvocationDefinitionSource(false, true);
-        assertTrue(mfis.supports(FilterInvocation.class));
-    }
-
-    //~ Inner Classes ==================================================================================================
-
-    private class MockFilterChain implements FilterChain {
-        public void doFilter(ServletRequest arg0, ServletResponse arg1)
-            throws IOException, ServletException {
-            throw new UnsupportedOperationException("mock method not implemented");
-        }
-    }
-}

core/src/test/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSourceTests.java

@@ -16,7 +16,6 @@
 package org.springframework.security.intercept.web;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
@@ -30,7 +29,6 @@ import org.springframework.security.ConfigAttribute;
 import org.springframework.security.MockFilterChain;
 import org.springframework.security.SecurityConfig;
 import org.springframework.security.util.AntUrlPathMatcher;
-import org.springframework.security.util.InMemoryXmlApplicationContext;
 
 /**
  * Tests parts of {@link DefaultFilterInvocationDefinitionSource} not tested by {@link
@@ -136,14 +134,14 @@ public class DefaultFilterInvocationDefinitionSourceTests {
     @Test
     public void httpMethodSpecificUrlTakesPrecedence() {
         // Even though this is added before the method-specific def, the latter should match
-        List<? extends ConfigAttribute> allMethodDef = def;
-        map.addSecureUrl("/**", null, def);
+        List<ConfigAttribute> allMethodDef = def;
+        map.addSecureUrl("/**", null, allMethodDef);
 
-        List<? extends ConfigAttribute> postOnlyDef = SecurityConfig.createList("ROLE_TWO");
+        List<ConfigAttribute> postOnlyDef = SecurityConfig.createList("ROLE_TWO");
         map.addSecureUrl("/somepage**", "POST", postOnlyDef);
 
         FilterInvocation fi = createFilterInvocation("/somepage", "POST");
-        List<? extends ConfigAttribute> attrs = map.getAttributes(fi);
+        List<ConfigAttribute> attrs = map.getAttributes(fi);
         assertEquals(postOnlyDef, attrs);
     }
 
@@ -165,38 +163,6 @@ public class DefaultFilterInvocationDefinitionSourceTests {
         assertEquals(def, response);
     }
 
-    @Test
-    public void xmlMapConfigurationIsSuccessful() {
-        InMemoryXmlApplicationContext context = new InMemoryXmlApplicationContext(
-        "<b:bean id='fids' class='org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource'>" +
-        "    <b:constructor-arg>" +
-        "        <b:bean class='org.springframework.security.util.AntUrlPathMatcher'/>" +
-        "    </b:constructor-arg>" +
-        "    <b:constructor-arg>" +
-        "        <b:map>" +
-        "             <b:entry>" +
-        "               <b:key>" +
-        "                   <b:bean class='org.springframework.security.intercept.web.RequestKey'>" +
-        "                     <b:constructor-arg index='0' value='/**'/>" +
-        "                     <b:constructor-arg index='1' value='GET'/>" +
-        "                   </b:bean>" +
-        "               </b:key>" +
-        "               <b:bean class='org.springframework.security.ConfigAttributeDefinition'>" +
-        "                   <b:constructor-arg value='ROLE_A'/>" +
-        "               </b:bean>" +
-        "             </b:entry>" +
-        "        </b:map>" +
-        "    </b:constructor-arg>" +
-        "</b:bean>"
-        );
-
-        DefaultFilterInvocationDefinitionSource fids = (DefaultFilterInvocationDefinitionSource) context.getBean("fids");
-        List<? extends ConfigAttribute> cad = fids.lookupAttributes("/anything", "GET");
-        assertNotNull(cad);
-        assertEquals(1, cad.size());
-        context.close();
-    }
-
     private FilterInvocation createFilterInvocation(String path, String method) {
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setRequestURI(null);

core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorTests.java

@@ -146,7 +146,7 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
         editor.setAsText("\\A/secure/super.*\\Z=ROLE_WE_DONT_HAVE\r\n\\A/secure/.*\\Z=ROLE_SUPERVISOR,ROLE_TELLER");
 
         DefaultFilterInvocationDefinitionSource map = (DefaultFilterInvocationDefinitionSource) editor.getValue();
-        Iterator iter = map.getConfigAttributeDefinitions().iterator();
+        Iterator iter = map.getAllConfigAttributes().iterator();
         int counter = 0;
 
         while (iter.hasNext()) {

core/src/test/java/org/springframework/security/intercept/web/FilterSecurityInterceptorTests.java

@@ -15,38 +15,36 @@
 
 package org.springframework.security.intercept.web;
 
+import java.io.IOException;
+import java.util.Collection;
+import java.util.LinkedHashMap;
+import java.util.List;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
 import junit.framework.TestCase;
 
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.AccessDecisionManager;
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.MockAccessDecisionManager;
+import org.springframework.security.MockApplicationEventPublisher;
 import org.springframework.security.MockAuthenticationManager;
 import org.springframework.security.MockRunAsManager;
 import org.springframework.security.RunAsManager;
-import org.springframework.security.MockApplicationEventPublisher;
 import org.springframework.security.SecurityConfig;
-import org.springframework.security.util.AntUrlPathMatcher;
-import org.springframework.security.util.RegexUrlPathMatcher;
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-
-import java.io.IOException;
-
-import java.util.Collection;
-import java.util.LinkedHashMap;
-import java.util.List;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import org.springframework.security.util.AntUrlPathMatcher;
+import org.springframework.security.util.RegexUrlPathMatcher;
 
 
 /**
@@ -92,7 +90,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
                     return true;
                 }
 
-                public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
+                public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
                     throws AccessDeniedException {
                     throw new UnsupportedOperationException("mock method not implemented");
                 }
@@ -124,7 +122,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
                 }
 
                 public Authentication buildRunAs(Authentication authentication, Object object,
-                    ConfigAttributeDefinition config) {
+                        List<ConfigAttribute> config) {
                     throw new UnsupportedOperationException("mock method not implemented");
                 }
             });
@@ -221,9 +219,9 @@ public class FilterSecurityInterceptorTests extends TestCase {
 
     public void testNotLoadedFromApplicationContext() throws Exception {
         LinkedHashMap reqMap = new LinkedHashMap();
-        reqMap.put(new RequestKey("/secure/**", null), new ConfigAttributeDefinition(new String[] {"ROLE_USER"}));
+        reqMap.put(new RequestKey("/secure/**", null), SecurityConfig.createList("ROLE_USER"));
         DefaultFilterInvocationDefinitionSource fids
-                = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher());
+                = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(), reqMap);
 
         FilterSecurityInterceptor filter = new FilterSecurityInterceptor();
         filter.setObjectDefinitionSource(fids);
@@ -278,7 +276,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
             }
         }
 
-        public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
+        public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
             return null;
         }
 

core/src/test/java/org/springframework/security/intercept/web/MockFilterInvocationDefinitionSource.java

@@ -1,76 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.intercept.web;
-
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.util.AntUrlPathMatcher;
-
-import java.util.Collection;
-import java.util.List;
-import java.util.Vector;
-
-
-/**
- * Mock for {@link FilterInvocationDefinitionSource}
- *
- * @author Ben Alex
- * @version $Id$
- */
-public class MockFilterInvocationDefinitionSource extends DefaultFilterInvocationDefinitionSource {
-    //~ Instance fields ================================================================================================
-
-    private List list;
-    private boolean returnAnIterator;
-
-    //~ Constructors ===================================================================================================
-
-    public MockFilterInvocationDefinitionSource(boolean includeInvalidAttributes, boolean returnAnIteratorWhenRequested) {
-        super(new AntUrlPathMatcher()); // doesn't matter
-        returnAnIterator = returnAnIteratorWhenRequested;
-        list = new Vector();
-
-        ConfigAttributeDefinition def1 = new ConfigAttributeDefinition("MOCK_LOWER");
-        list.add(def1);
-
-        if (includeInvalidAttributes) {
-            ConfigAttributeDefinition def2 = new ConfigAttributeDefinition(new String[] {"MOCK_LOWER", "INVALID_ATTRIBUTE"});
-            list.add(def2);
-        }
-
-        ConfigAttributeDefinition def3 = new ConfigAttributeDefinition(new String[] {"MOCK_UPPER","RUN_AS"});
-        list.add(def3);
-
-        if (includeInvalidAttributes) {
-            ConfigAttributeDefinition def4 = new ConfigAttributeDefinition(new String[] {"MOCK_SOMETHING","ANOTHER_INVALID"});
-            list.add(def4);
-        }
-    }
-
-    //~ Methods ========================================================================================================
-
-    public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
-        if (returnAnIterator) {
-            return list;
-        } else {
-            return null;
-        }
-    }
-
-    public List<ConfigAttribute> lookupAttributes(String url, String method) {
-        throw new UnsupportedOperationException("mock method not implemented");
-    }
-}

core/src/test/java/org/springframework/security/runas/RunAsManagerImplTests.java

@@ -18,12 +18,10 @@ package org.springframework.security.runas;
 import junit.framework.TestCase;
 
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.RunAsManager;
 import org.springframework.security.SecurityConfig;
-
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 
 
@@ -34,46 +32,23 @@ import org.springframework.security.providers.UsernamePasswordAuthenticationToke
  * @version $Id$
  */
 public class RunAsManagerImplTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public RunAsManagerImplTests() {
-        super();
-    }
-
-    public RunAsManagerImplTests(String arg0) {
-        super(arg0);
-    }
-
-    //~ Methods ========================================================================================================
-
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(RunAsManagerImplTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
     public void testAlwaysSupportsClass() {
         RunAsManagerImpl runAs = new RunAsManagerImpl();
         assertTrue(runAs.supports(String.class));
     }
 
-    public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting()
-        throws Exception {
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition("SOMETHING_WE_IGNORE");
+    public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting() throws Exception {
         UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
 
         RunAsManagerImpl runAs = new RunAsManagerImpl();
         runAs.setKey("my_password");
 
-        Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), def);
+        Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("SOMETHING_WE_IGNORE"));
         assertEquals(null, resultingToken);
     }
 
     public void testRespectsRolePrefix() throws Exception {
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition("RUN_AS_SOMETHING");
         UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ONE"), new GrantedAuthorityImpl("TWO")});
 
@@ -81,7 +56,7 @@ public class RunAsManagerImplTests extends TestCase {
         runAs.setKey("my_password");
         runAs.setRolePrefix("FOOBAR_");
 
-        Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), def);
+        Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING"));
 
         if (!(resultingToken instanceof RunAsUserToken)) {
             fail("Should have returned a RunAsUserToken");
@@ -98,14 +73,13 @@ public class RunAsManagerImplTests extends TestCase {
     }
 
     public void testReturnsAdditionalGrantedAuthorities() throws Exception {
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition("RUN_AS_SOMETHING");
         UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
 
         RunAsManagerImpl runAs = new RunAsManagerImpl();
         runAs.setKey("my_password");
 
-        Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), def);
+        Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING"));
 
         if (!(resultingToken instanceof RunAsUserToken)) {
             fail("Should have returned a RunAsUserToken");

core/src/test/java/org/springframework/security/securechannel/ChannelDecisionManagerImplTests.java

@@ -18,7 +18,6 @@ package org.springframework.security.securechannel;
 import junit.framework.TestCase;
 
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.MockFilterChain;
 import org.springframework.security.SecurityConfig;
 
@@ -95,7 +94,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
         MockFilterChain chain = new MockFilterChain();
         FilterInvocation fi = new FilterInvocation(request, response, chain);
 
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition("xyz");
+        List<ConfigAttribute> cad = SecurityConfig.createList("xyz");
 
         cdm.decide(fi, cad);
         assertTrue(fi.getResponse().isCommitted());
@@ -114,9 +113,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
         MockFilterChain chain = new MockFilterChain();
         FilterInvocation fi = new FilterInvocation(request, response, chain);
 
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"abc", "ANY_CHANNEL"});
-
-        cdm.decide(fi, cad);
+        cdm.decide(fi, SecurityConfig.createList(new String[]{"abc", "ANY_CHANNEL"}));
         assertFalse(fi.getResponse().isCommitted());
     }
 
@@ -135,9 +132,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
         MockFilterChain chain = new MockFilterChain();
         FilterInvocation fi = new FilterInvocation(request, response, chain);
 
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT");
-
-        cdm.decide(fi, cad);
+        cdm.decide(fi, SecurityConfig.createList("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT"));
         assertFalse(fi.getResponse().isCommitted());
     }
 
@@ -192,9 +187,9 @@ public class ChannelDecisionManagerImplTests extends TestCase {
             this.failIfCalled = failIfCalled;
         }
 
-        public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
+        public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
                 throws IOException, ServletException {
-            Iterator iter = config.getConfigAttributes().iterator();
+            Iterator iter = config.iterator();
 
             if (failIfCalled) {
                 fail("Should not have called this channel processor: " + configAttribute);

core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java

@@ -18,7 +18,6 @@ package org.springframework.security.securechannel;
 import junit.framework.TestCase;
 
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.SecurityConfig;
 
 import org.springframework.security.intercept.web.FilterInvocation;
@@ -208,7 +207,7 @@ public class ChannelProcessingFilterTests extends TestCase {
             this.supportAttribute = supportAttribute;
         }
 
-        public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
+        public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
             throws IOException, ServletException {
             if (commitAResponse) {
                 invocation.getHttpResponse().sendRedirect("/redirected");
@@ -267,7 +266,7 @@ public class ChannelProcessingFilterTests extends TestCase {
             }
         }
 
-        public Collection<List<? extends ConfigAttribute>> getConfigAttributeDefinitions() {
+        public Collection<List<? extends ConfigAttribute>> getAllConfigAttributes() {
             if (!provideIterator) {
                 return null;
             }

core/src/test/java/org/springframework/security/securechannel/InsecureChannelProcessorTests.java

@@ -17,15 +17,12 @@ package org.springframework.security.securechannel;
 
 import junit.framework.TestCase;
 
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.MockFilterChain;
 import org.springframework.security.SecurityConfig;
-
 import org.springframework.security.intercept.web.FilterInvocation;
 
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-
 
 /**
  * Tests {@link InsecureChannelProcessor}.
@@ -34,19 +31,8 @@ import org.springframework.mock.web.MockHttpServletResponse;
  * @version $Id$
  */
 public class InsecureChannelProcessorTests extends TestCase {
-    //~ Methods ========================================================================================================
-
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(InsecureChannelProcessorTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
 
     public void testDecideDetectsAcceptableChannel() throws Exception {
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"});
-
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setQueryString("info=true");
         request.setServerName("localhost");
@@ -60,15 +46,13 @@ public class InsecureChannelProcessorTests extends TestCase {
         FilterInvocation fi = new FilterInvocation(request, response, chain);
 
         InsecureChannelProcessor processor = new InsecureChannelProcessor();
-        processor.decide(fi, cad);
+        processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"));
 
         assertFalse(fi.getResponse().isCommitted());
     }
 
     public void testDecideDetectsUnacceptableChannel()
         throws Exception {
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"});
-
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setQueryString("info=true");
         request.setServerName("localhost");
@@ -83,7 +67,7 @@ public class InsecureChannelProcessorTests extends TestCase {
         FilterInvocation fi = new FilterInvocation(request, response, chain);
 
         InsecureChannelProcessor processor = new InsecureChannelProcessor();
-        processor.decide(fi, cad);
+        processor.decide(fi, SecurityConfig.createList(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"}));
 
         assertTrue(fi.getResponse().isCommitted());
     }

core/src/test/java/org/springframework/security/securechannel/SecureChannelProcessorTests.java

@@ -17,15 +17,12 @@ package org.springframework.security.securechannel;
 
 import junit.framework.TestCase;
 
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.MockFilterChain;
 import org.springframework.security.SecurityConfig;
-
 import org.springframework.security.intercept.web.FilterInvocation;
 
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-
 
 /**
  * Tests {@link SecureChannelProcessor}.
@@ -37,8 +34,6 @@ public class SecureChannelProcessorTests extends TestCase {
     //~ Methods ========================================================================================================
 
     public void testDecideDetectsAcceptableChannel() throws Exception {
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"});
-
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setQueryString("info=true");
         request.setServerName("localhost");
@@ -53,14 +48,12 @@ public class SecureChannelProcessorTests extends TestCase {
         FilterInvocation fi = new FilterInvocation(request, response, chain);
 
         SecureChannelProcessor processor = new SecureChannelProcessor();
-        processor.decide(fi, cad);
+        processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"));
 
         assertFalse(fi.getResponse().isCommitted());
     }
 
     public void testDecideDetectsUnacceptableChannel() throws Exception {
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"});
-
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setQueryString("info=true");
         request.setServerName("localhost");
@@ -74,7 +67,7 @@ public class SecureChannelProcessorTests extends TestCase {
         FilterInvocation fi = new FilterInvocation(request, response, chain);
 
         SecureChannelProcessor processor = new SecureChannelProcessor();
-        processor.decide(fi, cad);
+        processor.decide(fi, SecurityConfig.createList(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"}));
 
         assertTrue(fi.getResponse().isCommitted());
     }

core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java

@@ -15,29 +15,26 @@
 
 package org.springframework.security.util;
 
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
-import org.springframework.security.MockFilterConfig;
-import org.springframework.security.SecurityConfig;
-import org.springframework.security.context.HttpSessionContextIntegrationFilter;
-import org.springframework.security.intercept.web.MockFilterInvocationDefinitionSource;
-import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
-import org.springframework.security.intercept.web.RequestKey;
-import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import java.util.List;
 
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
 import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.context.support.StaticApplicationContext;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-
-import org.junit.After;
-import static org.junit.Assert.*;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.util.LinkedHashMap;
-import java.util.List;
+import org.springframework.security.MockFilterConfig;
+import org.springframework.security.context.HttpSessionContextIntegrationFilter;
+import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
 
 /**
  * Tests {@link FilterChainProxy}.
@@ -63,31 +60,6 @@ public class FilterChainProxyTests {
         }
     }
 
-    @Test(expected=IllegalArgumentException.class)
-    public void testDetectsFilterInvocationDefinitionSourceThatDoesNotReturnAllConfigAttributes() throws Exception {
-        FilterChainProxy filterChainProxy = new FilterChainProxy();
-        filterChainProxy.setApplicationContext(new StaticApplicationContext());
-
-        filterChainProxy.setFilterInvocationDefinitionSource(new MockFilterInvocationDefinitionSource(false, false));
-        filterChainProxy.afterPropertiesSet();
-    }
-
-    @Test(expected=IllegalArgumentException.class)
-    public void testDetectsIfConfigAttributeDoesNotReturnValueForGetAttributeMethod() throws Exception {
-        FilterChainProxy filterChainProxy = new FilterChainProxy();
-        filterChainProxy.setApplicationContext(new StaticApplicationContext());
-
-        LinkedHashMap map = new LinkedHashMap();
-        map.put(new RequestKey("/**"), SecurityConfig.createList(null));
-        DefaultFilterInvocationDefinitionSource fids =
-                new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(), map);
-
-        filterChainProxy.setFilterInvocationDefinitionSource(fids);
-
-        filterChainProxy.afterPropertiesSet();
-        filterChainProxy.init(new MockFilterConfig());
-    }
-
     @Test(expected = IllegalArgumentException.class)
     public void testDetectsMissingFilterInvocationDefinitionSource() throws Exception {
         FilterChainProxy filterChainProxy = new FilterChainProxy();

core/src/test/java/org/springframework/security/vote/AbstractAccessDecisionManagerTests.java

@@ -20,7 +20,6 @@ import junit.framework.TestCase;
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.SecurityConfig;
 
 import java.util.List;
@@ -162,7 +161,7 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
     //~ Inner Classes ==================================================================================================
 
     private class MockDecisionManagerImpl extends AbstractAccessDecisionManager {
-        public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
+        public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
             throws AccessDeniedException {
             return;
         }
@@ -181,7 +180,7 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
             throw new UnsupportedOperationException("mock method not implemented");
         }
 
-        public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+        public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
             throw new UnsupportedOperationException("mock method not implemented");
         }
     }

core/src/test/java/org/springframework/security/vote/AffirmativeBasedTests.java

@@ -15,18 +15,18 @@
 
 package org.springframework.security.vote;
 
-import junit.framework.TestCase;
+import static org.junit.Assert.assertTrue;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.junit.Test;
 import org.springframework.security.AccessDeniedException;
-import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
-
+import org.springframework.security.SecurityConfig;
 import org.springframework.security.providers.TestingAuthenticationToken;
 
-import java.util.List;
-import java.util.Vector;
-
 
 /**
  * Tests {@link AffirmativeBased}.
@@ -34,29 +34,14 @@ import java.util.Vector;
  * @author Ben Alex
  * @version $Id$
  */
-public class AffirmativeBasedTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public AffirmativeBasedTests() {
-        super();
-    }
-
-    public AffirmativeBasedTests(String arg0) {
-        super(arg0);
-    }
-
-    //~ Methods ========================================================================================================
-
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(AffirmativeBasedTests.class);
-    }
+public class AffirmativeBasedTests {
 
     private AffirmativeBased makeDecisionManager() {
         AffirmativeBased decisionManager = new AffirmativeBased();
         RoleVoter roleVoter = new RoleVoter();
         DenyVoter denyForSureVoter = new DenyVoter();
         DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
-        List voters = new Vector();
+        List voters = new ArrayList();
         voters.add(roleVoter);
         voters.add(denyForSureVoter);
         voters.add(denyAgainForSureVoter);
@@ -70,85 +55,55 @@ public class AffirmativeBasedTests extends TestCase {
             new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl("ROLE_2")});
     }
 
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
-    public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess()
-        throws Exception {
+    @Test
+    public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess() throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         AffirmativeBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
-
-        mgr.decide(auth, new Object(), config);
-        assertTrue(true);
+        mgr.decide(auth, new Object(), SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"}));
     }
 
-    public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess()
-        throws Exception {
+    @Test
+    public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         AffirmativeBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
-
-        mgr.decide(auth, new Object(), config);
-        assertTrue(true);
+        mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_2"));
     }
 
-    public void testOneDenyVoteTwoAbstainVotesDeniesAccess()
-        throws Exception {
+    @Test(expected=AccessDeniedException.class)
+    public void testOneDenyVoteTwoAbstainVotesDeniesAccess() throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         AffirmativeBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
-
-        try {
-            mgr.decide(auth, new Object(), config);
-            fail("Should have thrown AccessDeniedException");
-        } catch (AccessDeniedException expected) {
-            assertTrue(true);
-        }
+        mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"));
     }
 
-    public void testThreeAbstainVotesDeniesAccessWithDefault()
-        throws Exception {
+    @Test(expected=AccessDeniedException.class)
+    public void testThreeAbstainVotesDeniesAccessWithDefault() throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         AffirmativeBased mgr = makeDecisionManager();
 
         assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-
-        try {
-            mgr.decide(auth, new Object(), config);
-            fail("Should have thrown AccessDeniedException");
-        } catch (AccessDeniedException expected) {
-            assertTrue(true);
-        }
+        mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
     }
 
-    public void testThreeAbstainVotesGrantsAccessWithoutDefault()
-        throws Exception {
+    @Test
+    public void testThreeAbstainVotesGrantsAccessWithoutDefault() throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         AffirmativeBased mgr = makeDecisionManager();
         mgr.setAllowIfAllAbstainDecisions(true);
         assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-
-        mgr.decide(auth, new Object(), config);
-        assertTrue(true);
+        mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
     }
 
-    public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess()
-        throws Exception {
+    @Test
+    public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         AffirmativeBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
-
-        mgr.decide(auth, new Object(), config);
-        assertTrue(true);
+        mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_1", "ROLE_2"));
     }
 }

core/src/test/java/org/springframework/security/vote/AuthenticatedVoterTests.java

@@ -15,14 +15,15 @@
 
 package org.springframework.security.vote;
 
+import java.util.List;
+
 import junit.framework.TestCase;
 
 import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.SecurityConfig;
-
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
 import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
@@ -35,17 +36,6 @@ import org.springframework.security.providers.rememberme.RememberMeAuthenticatio
  * @version $Id$
  */
 public class AuthenticatedVoterTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public AuthenticatedVoterTests() {
-        super();
-    }
-
-    public AuthenticatedVoterTests(String arg0) {
-        super(arg0);
-    }
-
-    //~ Methods ========================================================================================================
 
     private Authentication createAnonymous() {
         return new AnonymousAuthenticationToken("ignored", "ignored",
@@ -62,17 +52,9 @@ public class AuthenticatedVoterTests extends TestCase {
             new GrantedAuthority[] {new GrantedAuthorityImpl("ignored")});
     }
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(AuthenticatedVoterTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
     public void testAnonymousWorks() {
         AuthenticatedVoter voter = new AuthenticatedVoter();
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY);
+        List<ConfigAttribute> def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY);
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createAnonymous(), null, def));
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createRememberMe(), null, def));
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));
@@ -80,7 +62,7 @@ public class AuthenticatedVoterTests extends TestCase {
 
     public void testFullyWorks() {
         AuthenticatedVoter voter = new AuthenticatedVoter();
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_FULLY);
+        List<ConfigAttribute> def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_FULLY);
         assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createAnonymous(), null, def));
         assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createRememberMe(), null, def));
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));
@@ -88,7 +70,7 @@ public class AuthenticatedVoterTests extends TestCase {
 
     public void testRememberMeWorks() {
         AuthenticatedVoter voter = new AuthenticatedVoter();
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED);
+        List<ConfigAttribute> def = SecurityConfig.createList(AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED);
         assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createAnonymous(), null, def));
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createRememberMe(), null, def));
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));

core/src/test/java/org/springframework/security/vote/BasicAclEntryVoterTests.java

@@ -15,10 +15,15 @@
 
 package org.springframework.security.vote;
 
+import java.lang.reflect.Method;
+import java.util.List;
+
 import junit.framework.TestCase;
 
+import org.aopalliance.intercept.MethodInvocation;
+import org.aspectj.lang.JoinPoint;
 import org.springframework.security.AuthorizationServiceException;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
 import org.springframework.security.MockAclManager;
 import org.springframework.security.SecurityConfig;
 import org.springframework.security.acl.AclEntry;
@@ -27,10 +32,6 @@ import org.springframework.security.acl.basic.MockAclObjectIdentity;
 import org.springframework.security.acl.basic.SimpleAclEntry;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.util.SimpleMethodInvocation;
-import org.aopalliance.intercept.MethodInvocation;
-import org.aspectj.lang.JoinPoint;
-
-import java.lang.reflect.Method;
 
 /**
  * Tests {@link BasicAclEntryVoter}.
@@ -93,7 +94,7 @@ public class BasicAclEntryVoterTests extends TestCase {
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+        List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         MethodInvocation mi = getMethodInvocation(domainObject);
@@ -213,7 +214,7 @@ public class BasicAclEntryVoterTests extends TestCase {
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("A_DIFFERENT_ATTRIBUTE");
+        List<ConfigAttribute> attr = SecurityConfig.createList("A_DIFFERENT_ATTRIBUTE");
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         MethodInvocation mi = getMethodInvocation(domainObject);
@@ -245,7 +246,7 @@ public class BasicAclEntryVoterTests extends TestCase {
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+        List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         MethodInvocation mi = getMethodInvocation(domainObject);
@@ -276,7 +277,7 @@ public class BasicAclEntryVoterTests extends TestCase {
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+        List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         MethodInvocation mi = getMethodInvocation(domainObject);
@@ -307,7 +308,7 @@ public class BasicAclEntryVoterTests extends TestCase {
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+        List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         MethodInvocation mi = getMethodInvocation(domainObject);
@@ -342,7 +343,7 @@ public class BasicAclEntryVoterTests extends TestCase {
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+        List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         // (well actually it will access domainObject.getParent())
@@ -376,7 +377,7 @@ public class BasicAclEntryVoterTests extends TestCase {
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+        List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         // (well actually it will access domainObject.getParent())
@@ -413,7 +414,7 @@ public class BasicAclEntryVoterTests extends TestCase {
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
+        List<ConfigAttribute> attr = SecurityConfig.createList("FOO_ADMIN_OR_WRITE_ACCESS");
 
         // Setup a MockMethodInvocation that doesn't provide SomeDomainObject arg
         Class clazz = String.class;

core/src/test/java/org/springframework/security/vote/ConsensusBasedTests.java

@@ -15,15 +15,17 @@
 
 package org.springframework.security.vote;
 
+import static org.junit.Assert.*;
+
 import java.util.List;
 import java.util.Vector;
 
-import junit.framework.TestCase;
-
+import org.junit.Test;
 import org.springframework.security.AccessDeniedException;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.SecurityConfig;
 import org.springframework.security.providers.TestingAuthenticationToken;
 
 
@@ -33,98 +35,77 @@ import org.springframework.security.providers.TestingAuthenticationToken;
  * @author Ben Alex
  * @version $Id$
  */
-public class ConsensusBasedTests extends TestCase {
-
-    //~ Methods ================================================================
+public class ConsensusBasedTests {
 
+    @Test(expected=AccessDeniedException.class)
     public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccessWithoutDefault() throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
         mgr.setAllowIfEqualGrantedDeniedDecisions(false);
         assertTrue(!mgr.isAllowIfEqualGrantedDeniedDecisions()); // check changed
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
+        List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"});
 
-        try {
-            mgr.decide(auth, new Object(), config);
-            fail("Should have thrown AccessDeniedException");
-        } catch (AccessDeniedException expected) {
-            assertTrue(true);
-        }
+        mgr.decide(auth, new Object(), config);
     }
 
+    @Test
     public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccessWithDefault() throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
 
         assertTrue(mgr.isAllowIfEqualGrantedDeniedDecisions()); // check default
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
+        List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"});
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);
     }
 
+    @Test
     public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
-
-        mgr.decide(auth, new Object(), config);
+        mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_2"));
         assertTrue(true);
     }
 
+    @Test(expected=AccessDeniedException.class)
     public void testOneDenyVoteTwoAbstainVotesDeniesAccess() throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
-
-        try {
-            mgr.decide(auth, new Object(), config);
-            fail("Should have thrown AccessDeniedException");
-        } catch (AccessDeniedException expected) {
-            assertTrue(true);
-        }
+        mgr.decide(auth, new Object(), SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE"));
+        fail("Should have thrown AccessDeniedException");
     }
 
+    @Test(expected=AccessDeniedException.class)
     public void testThreeAbstainVotesDeniesAccessWithDefault() throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
 
         assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-
-        try {
-            mgr.decide(auth, new Object(), config);
-            fail("Should have thrown AccessDeniedException");
-        } catch (AccessDeniedException expected) {
-            assertTrue(true);
-        }
+        mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
     }
 
+    @Test
     public void testThreeAbstainVotesGrantsAccessWithoutDefault() throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
         mgr.setAllowIfAllAbstainDecisions(true);
         assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-
-        mgr.decide(auth, new Object(), config);
-        assertTrue(true);
+        mgr.decide(auth, new Object(), SecurityConfig.createList("IGNORED_BY_ALL"));
     }
 
+    @Test
     public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
-
-        mgr.decide(auth, new Object(), config);
-        assertTrue(true);
+        mgr.decide(auth, new Object(), SecurityConfig.createList(new String[]{"ROLE_1", "ROLE_2"}));
     }
 
     private ConsensusBased makeDecisionManager() {

core/src/test/java/org/springframework/security/vote/DenyAgainVoter.java

@@ -17,9 +17,9 @@ package org.springframework.security.vote;
 
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 
 import java.util.Iterator;
+import java.util.List;
 
 /**
  * Implementation of an {@link AccessDecisionVoter} for unit testing.
@@ -35,34 +35,34 @@ import java.util.Iterator;
  * @version $Id$
  */
 public class DenyAgainVoter implements AccessDecisionVoter {
-	// ~ Methods
-	// ========================================================================================================
+    // ~ Methods
+    // ========================================================================================================
 
-	public boolean supports(ConfigAttribute attribute) {
-		if ("DENY_AGAIN_FOR_SURE".equals(attribute.getAttribute())) {
-			return true;
-		}
-		else {
-			return false;
-		}
-	}
+    public boolean supports(ConfigAttribute attribute) {
+        if ("DENY_AGAIN_FOR_SURE".equals(attribute.getAttribute())) {
+            return true;
+        }
+        else {
+            return false;
+        }
+    }
 
-	public boolean supports(Class clazz) {
-		return true;
-	}
+    public boolean supports(Class clazz) {
+        return true;
+    }
 
-	public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
-		Iterator iter = config.getConfigAttributes().iterator();
+    public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
+        Iterator iter = attributes.iterator();
 
-		while (iter.hasNext()) {
-			ConfigAttribute attribute = (ConfigAttribute) iter.next();
+        while (iter.hasNext()) {
+            ConfigAttribute attribute = (ConfigAttribute) iter.next();
 
-			if (this.supports(attribute)) {
-				return ACCESS_DENIED;
-			}
-		}
+            if (this.supports(attribute)) {
+                return ACCESS_DENIED;
+            }
+        }
 
-		return ACCESS_ABSTAIN;
-	}
+        return ACCESS_ABSTAIN;
+    }
 
 }

core/src/test/java/org/springframework/security/vote/DenyVoter.java

@@ -17,9 +17,9 @@ package org.springframework.security.vote;
 
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.ConfigAttributeDefinition;
 
 import java.util.Iterator;
+import java.util.List;
 
 
 /**
@@ -45,8 +45,8 @@ public class DenyVoter implements AccessDecisionVoter {
         return true;
     }
 
-    public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
-        Iterator iter = config.getConfigAttributes().iterator();
+    public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
+        Iterator iter = attributes.iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();

core/src/test/java/org/springframework/security/vote/RoleHierarchyVoterTests.java

@@ -1,24 +1,23 @@
 package org.springframework.security.vote;
 
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
 
 import org.junit.Test;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.SecurityConfig;
 import org.springframework.security.providers.TestingAuthenticationToken;
 import org.springframework.security.userdetails.hierarchicalroles.RoleHierarchyImpl;
 
 public class RoleHierarchyVoterTests {
 
-	@Test
-	public void hierarchicalRoleIsIncludedInDecision() {
+    @Test
+    public void hierarchicalRoleIsIncludedInDecision() {
         RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
         roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B");
 
         // User has role A, role B is required
         TestingAuthenticationToken auth = new TestingAuthenticationToken("user", "password", "ROLE_A");
         RoleHierarchyVoter voter = new RoleHierarchyVoter(roleHierarchyImpl);
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_B");
-        
-        assertEquals(RoleHierarchyVoter.ACCESS_GRANTED, voter.vote(auth, new Object(), config)); 
-	}
+
+        assertEquals(RoleHierarchyVoter.ACCESS_GRANTED, voter.vote(auth, new Object(), SecurityConfig.createList("ROLE_B")));
+    }
 }

core/src/test/java/org/springframework/security/vote/UnanimousBasedTests.java

@@ -15,18 +15,18 @@
 
 package org.springframework.security.vote;
 
+import java.util.List;
+import java.util.Vector;
+
 import junit.framework.TestCase;
 
 import org.springframework.security.AccessDeniedException;
-import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.ConfigAttribute;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
-
+import org.springframework.security.SecurityConfig;
 import org.springframework.security.providers.TestingAuthenticationToken;
 
-import java.util.List;
-import java.util.Vector;
-
 
 /**
  * Tests {@link UnanimousBased}.
@@ -86,7 +86,7 @@ public class UnanimousBasedTests extends TestCase {
         TestingAuthenticationToken auth = makeTestToken();
         UnanimousBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
+        List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"ROLE_1", "DENY_FOR_SURE"});
 
         try {
             mgr.decide(auth, new Object(), config);
@@ -100,7 +100,7 @@ public class UnanimousBasedTests extends TestCase {
         TestingAuthenticationToken auth = makeTestToken();
         UnanimousBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
+        List<ConfigAttribute> config = SecurityConfig.createList("ROLE_2");
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);
@@ -110,7 +110,7 @@ public class UnanimousBasedTests extends TestCase {
         TestingAuthenticationToken auth = makeTestToken();
         UnanimousBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
+        List<ConfigAttribute> config = SecurityConfig.createList("ROLE_WE_DO_NOT_HAVE");
 
         try {
             mgr.decide(auth, new Object(), config);
@@ -124,7 +124,7 @@ public class UnanimousBasedTests extends TestCase {
         TestingAuthenticationToken auth = makeTestTokenWithFooBarPrefix();
         UnanimousBased mgr = makeDecisionManagerWithFooBarPrefix();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"FOOBAR_1", "FOOBAR_2"});
+        List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"FOOBAR_1", "FOOBAR_2"});
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);
@@ -136,7 +136,7 @@ public class UnanimousBasedTests extends TestCase {
 
         assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
+        List<ConfigAttribute> config = SecurityConfig.createList("IGNORED_BY_ALL");
 
         try {
             mgr.decide(auth, new Object(), config);
@@ -152,7 +152,7 @@ public class UnanimousBasedTests extends TestCase {
         mgr.setAllowIfAllAbstainDecisions(true);
         assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
+        List<ConfigAttribute> config = SecurityConfig.createList("IGNORED_BY_ALL");
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);
@@ -162,7 +162,7 @@ public class UnanimousBasedTests extends TestCase {
         TestingAuthenticationToken auth = makeTestToken();
         UnanimousBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
+        List<ConfigAttribute> config = SecurityConfig.createList(new String[]{"ROLE_1", "ROLE_2"});
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);

samples/tutorial/src/main/java/bigbank/Account.java

@@ -5,47 +5,53 @@ package bigbank;
  * encapsulate business logic (methods) and state in the domain object.
  * Nevertheless, this demo is intended to reflect what people usually do,
  * as opposed to what they ideally would be doing.
- * 
+ *
  * @author Ben Alex
  * @version $Id$
  */
 public class Account {
-	private long id = -1;
-	private String holder;
-	private double balance;
-	
-	public Account(String holder) {
-		super();
-		this.holder = holder;
-	}
-
-	public long getId() {
-		return id;
-	}
-
-	public void setId(long id) {
-		this.id = id;
-	}
-
-	public String getHolder() {
-		return holder;
-	}
-
-	public void setHolder(String holder) {
-		this.holder = holder;
-	}
-
-	public double getBalance() {
-		return balance;
-	}
-
-	public void setBalance(double balance) {
-		this.balance = balance;
-	}
-
-	public String toString() {
-		return "Account[id=" + id + ",balance=" + balance +",holder=" + holder + "]";
-	}
-
-	
+    private long id = -1;
+    private String holder;
+    private double balance;
+    private double overdraft = 500.00;
+
+    public Account(String holder) {
+        this.holder = holder;
+    }
+
+    public long getId() {
+        return id;
+    }
+
+    public void setId(long id) {
+        this.id = id;
+    }
+
+    public String getHolder() {
+        return holder;
+    }
+
+    public void setHolder(String holder) {
+        this.holder = holder;
+    }
+
+    public double getBalance() {
+        return balance;
+    }
+
+    public void setBalance(double balance) {
+        this.balance = balance;
+    }
+
+    public double getOverdraft() {
+        return overdraft;
+    }
+
+    public void setOverdraft(double overdraft) {
+        this.overdraft = overdraft;
+    }
+
+    public String toString() {
+        return "Account[id=" + id + ",balance=" + balance +",holder=" + holder + ", overdraft=" + overdraft + "]";
+    }
 }

samples/tutorial/src/main/java/bigbank/BankService.java

@@ -1,15 +1,16 @@
 package bigbank;
 
-import org.springframework.security.annotation.Secured;
+import org.springframework.security.expression.annotation.PreAuthorize;
+
 
 public interface BankService {
-	
-	@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
-	public Account readAccount(Long id);
-		
-	@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
-	public Account[] findAccounts();
-	
-	@Secured("ROLE_TELLER")
-	public Account post(Account account, double amount);
+
+    public Account readAccount(Long id);
+
+    public Account[] findAccounts();
+
+    @PreAuthorize(
+            "hasRole('ROLE_SUPERVISOR') or " +
+            "hasRole('ROLE_TELLER') and (#account.balance + #amount >= -#account.overdraft)" )
+    public Account post(Account account, double amount);
 }

samples/tutorial/src/main/java/bigbank/BankServiceImpl.java

@@ -4,37 +4,36 @@ import org.aspectj.lang.annotation.Pointcut;
 import org.springframework.util.Assert;
 
 public class BankServiceImpl implements BankService {
-	private BankDao bankDao;
-
-	// Not used unless you declare a <protect-pointcut>
-	@Pointcut("execution(* bigbank.BankServiceImpl.*(..))")
-	public void myPointcut() {}
-
-	public BankServiceImpl(BankDao bankDao) {
-		Assert.notNull(bankDao);
-		this.bankDao = bankDao;
-	}
-
-	public Account[] findAccounts() {
-		return this.bankDao.findAccounts();
-	}
-
-	public Account post(Account account, double amount) {
-		Assert.notNull(account);
-		Assert.notNull(account.getId());
-		
-		// We read account bank from DAO so it reflects the latest balance
-		Account a = bankDao.readAccount(account.getId());
-		if (account == null) {
-			throw new IllegalArgumentException("Couldn't find requested account");
-		}
-		
-		a.setBalance(a.getBalance() + amount);
-		bankDao.createOrUpdateAccount(a);
-		return a;
-	}
-
-	public Account readAccount(Long id) {
-		return bankDao.readAccount(id);
-	}
+    private BankDao bankDao;
+
+    // Not used unless you declare a <protect-pointcut>
+    @Pointcut("execution(* bigbank.BankServiceImpl.*(..))")
+    public void myPointcut() {}
+
+    public BankServiceImpl(BankDao bankDao) {
+        Assert.notNull(bankDao);
+        this.bankDao = bankDao;
+    }
+
+    public Account[] findAccounts() {
+        return this.bankDao.findAccounts();
+    }
+
+    public Account post(Account account, double amount) {
+        Assert.notNull(account);
+
+        // We read account bank from DAO so it reflects the latest balance
+        Account a = bankDao.readAccount(account.getId());
+        if (account == null) {
+            throw new IllegalArgumentException("Couldn't find requested account");
+        }
+
+        a.setBalance(a.getBalance() + amount);
+        bankDao.createOrUpdateAccount(a);
+        return a;
+    }
+
+    public Account readAccount(Long id) {
+        return bankDao.readAccount(id);
+    }
 }

samples/tutorial/src/main/resources/applicationContext-business.xml

@@ -3,22 +3,22 @@
 <beans xmlns="http://www.springframework.org/schema/beans"
     xmlns:security="http://www.springframework.org/schema/security"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
 
-	<bean id="bankDao" class="bigbank.BankDaoStub"/>
+    <bean id="bankDao" class="bigbank.BankDaoStub"/>
 
-	<bean id="seedData" class="bigbank.SeedData">
-		<property name="bankDao" ref="bankDao"/>
-	</bean>
+    <bean id="seedData" class="bigbank.SeedData">
+        <property name="bankDao" ref="bankDao"/>
+    </bean>
 
-	<bean id="bankService" class="bigbank.BankServiceImpl">
-		<constructor-arg ref="bankDao"/>
+    <bean id="bankService" class="bigbank.BankServiceImpl">
+        <constructor-arg ref="bankDao"/>
         <!-- This will add a security interceptor to the bean
         <security:intercept-methods>
             <security:protect method="bigbank.BankService.*" access="IS_AUTHENTICATED_REMEMBERED" />
             <security:protect method="bigbank.BankService.post" access="ROLE_TELLER" />
         </security:intercept-methods>  -->
-	</bean>
+    </bean>
 
-</beans>
+</beans>

samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -9,26 +9,26 @@
 <beans:beans xmlns="http://www.springframework.org/schema/security"
     xmlns:beans="http://www.springframework.org/schema/beans"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.5.xsd">
 
-	<global-method-security secured-annotations="enabled">
-		<!-- AspectJ pointcut expression that locates our "post" method and applies security that way
-		<protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
-		-->
-	</global-method-security>
+    <global-method-security spel-annotations="enabled">
+        <!-- AspectJ pointcut expression that locates our "post" method and applies security that way
+        <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
+        -->
+    </global-method-security>
 
     <http auto-config="true">
         <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
         <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
-		<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
+        <!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
         <intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
         <intercept-url pattern="/post.html" access="ROLE_TELLER" />
         -->
         <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
 <!--
     Uncomment to enable X509 client authentication support
-        <x509 /> 
+        <x509 />
 -->
 
         <!-- All of this is unnecessary if auto-config="true"
@@ -40,7 +40,7 @@
 
         <!-- Uncomment to limit the number of sessions a user can have
         <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
-		-->		
+        -->
     </http>
 
     <!--
@@ -54,10 +54,10 @@
         <password-encoder hash="md5"/>
         <user-service>
             <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
-	        <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
+            <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
             <user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
             <user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
-	    </user-service>
-	</authentication-provider>
+        </user-service>
+    </authentication-provider>
 
-</beans:beans>
+</beans:beans>

samples/tutorial/src/main/webapp/WEB-INF/jsp/listAccounts.jsp

@@ -24,4 +24,4 @@
   </td>
   </tr>
 </c:forEach>
-</table>
+</table>

src/docbkx/authorization-common.xml

@@ -61,7 +61,7 @@
       or web requests. A pre-invocation decision on whether the invocation is allowed to proceed is made by
       the <interfacename>AccessDecisionManager</interfacename>.
     </para>
-    
+
     <section>
       <title>The AccessDecisionManager</title>
     <para>The <interfacename>AccessDecisionManager</interfacename> is called by the
@@ -70,7 +70,7 @@
     <interfacename>AccessDecisionManager</interfacename> interface contains three
     methods:
       <programlisting>
- void decide(Authentication authentication, Object secureObject, ConfigAttributeDefinition config) throws AccessDeniedException;
+ void decide(Authentication authentication, Object secureObject, List&lt;ConfigAttribute&gt; config) throws AccessDeniedException;
  boolean supports(ConfigAttribute attribute);
  boolean supports(Class clazz);
       </programlisting>
@@ -124,7 +124,7 @@
     <para>The <interfacename>AccessDecisionVoter</interfacename> interface has three
     methods:
 <programlisting>
-int vote(Authentication authentication, Object object, ConfigAttributeDefinition config);
+int vote(Authentication authentication, Object object, List&lt;ConfigAttribute&gt; config);
 boolean supports(ConfigAttribute attribute);
 boolean supports(Class clazz);
 </programlisting>
@@ -168,9 +168,9 @@ boolean supports(Class clazz);
       <para>
         The most commonly used <interfacename>AccessDecisionVoter</interfacename>
       provided with Spring Security is the simple <classname>RoleVoter</classname>, which treats
-      configuration attributes as simple role names and votes to grant access if the user has been assigned 
+      configuration attributes as simple role names and votes to grant access if the user has been assigned
       that role.</para>
-      <para>It will vote if any ConfigAttribute begins with the prefix <literal>ROLE_</literal>. 
+      <para>It will vote if any ConfigAttribute begins with the prefix <literal>ROLE_</literal>.
         It will vote to grant access if there is a <interfacename>GrantedAuthority</interfacename> which returns a
       <literal>String</literal> representation (via the
       <literal>getAuthority()</literal> method) exactly equal to one or more
@@ -183,8 +183,8 @@ boolean supports(Class clazz);
       <literal>RoleVoter</literal> is case sensitive on comparisons as well
       as the <literal>ROLE_</literal> prefix.</para>
     </section>
-      
-<!--      
+
+<!--
 
     <para><literal>BasicAclEntryVoter</literal> is the other concrete
     voter included with Spring Security. It integrates with Spring
@@ -206,7 +206,7 @@ boolean supports(Class clazz);
   </property>
 </bean>
 
-<bean id="aclContactDeleteVoter" 
+<bean id="aclContactDeleteVoter"
     class="org.springframework.security.vote.BasicAclEntryVoter">
   <property name="processConfigAttribute" value="ACL_CONTACT_DELETE"/>
   <property name="processDomainObjectClass" value="sample.contact.Contact"/>
@@ -248,7 +248,7 @@ boolean supports(Class clazz);
         deprecated, and have all references to the replacement package limited
         to the chapter describing the new ACL implementation.</para>
       -->
-      
+
       <section>
         <title>Custom Voters</title>
     <para>It is also possible to implement a custom
@@ -288,7 +288,7 @@ boolean supports(Class clazz);
     <para><xref linkend="authz-after-invocation"/> illustrates Spring Security's
     <literal>AfterInvocationManager</literal> and its concrete
     implementations.
-      
+
     <figure xml:id="authz-after-invocation">
       <title>After Invocation Implementation</title>
       <mediaobject>
@@ -299,7 +299,7 @@ boolean supports(Class clazz);
           <imagedata  align="center" fileref="images/AfterInvocation.gif" format="GIF"/>
         </imageobject>
       </mediaobject>
-    
+
     </figure>
     </para>
 
@@ -455,7 +455,7 @@ boolean supports(Class clazz);
       <ref local="org.springframework.security.acl.basic.SimpleAclEntry.READ"/>
     </list>
   </property>
-</bean> 
+</bean>
 ]]>      </programlisting></para>
 
       <para>In the above example, the <literal>Contact</literal> will be
@@ -486,7 +486,7 @@ boolean supports(Class clazz);
       <ref local="org.springframework.security.acl.basic.SimpleAclEntry.READ"/>
     </list>
   </property>
-</bean> 
+</bean>
 ]]></programlisting>
         As you can imagine, the returned <literal>Object</literal>
       must be a <literal>Collection</literal> or array for this provider
@@ -501,7 +501,7 @@ boolean supports(Class clazz);
   </section>
 
   <section xml:id="authorization-taglibs"><info><title>Authorization Tag Libraries</title></info>
-    
+
 
     <para><literal>AuthorizeTag</literal> is used to include content if
     the current principal holds certain
@@ -592,4 +592,4 @@ boolean supports(Class clazz);
     works exactly the samae as
     <literal>AccessControlListTag</literal>.</para>
   </section>
-</chapter>
+</chapter>