SEC-1132: Created core and authentication packages within core module.

acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java

@@ -6,7 +6,6 @@ import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.security.Authentication;
 import org.springframework.security.access.expression.PermissionEvaluator;
 import org.springframework.security.acls.domain.BasePermission;
 import org.springframework.security.acls.objectidentity.ObjectIdentity;
@@ -16,6 +15,7 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityRetrievalS
 import org.springframework.security.acls.sid.Sid;
 import org.springframework.security.acls.sid.SidRetrievalStrategy;
 import org.springframework.security.acls.sid.SidRetrievalStrategyImpl;
+import org.springframework.security.core.Authentication;
 
 /**
  * Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular

acl/src/main/java/org/springframework/security/acls/AlreadyExistsException.java

@@ -14,7 +14,7 @@
  */
 package org.springframework.security.acls;
 
-import org.springframework.security.SpringSecurityException;
+import org.springframework.security.core.SpringSecurityException;
 
 
 /**

acl/src/main/java/org/springframework/security/acls/ChildrenExistException.java

@@ -14,7 +14,7 @@
  */
 package org.springframework.security.acls;
 
-import org.springframework.security.SpringSecurityException;
+import org.springframework.security.core.SpringSecurityException;
 
 
 /**

acl/src/main/java/org/springframework/security/acls/IdentityUnavailableException.java

@@ -14,7 +14,7 @@
  */
 package org.springframework.security.acls;
 
-import org.springframework.security.SpringSecurityException;
+import org.springframework.security.core.SpringSecurityException;
 
 
 /**

acl/src/main/java/org/springframework/security/acls/NotFoundException.java

@@ -14,7 +14,7 @@
  */
 package org.springframework.security.acls;
 
-import org.springframework.security.SpringSecurityException;
+import org.springframework.security.core.SpringSecurityException;
 
 
 /**

acl/src/main/java/org/springframework/security/acls/UnloadedSidException.java

@@ -14,7 +14,7 @@
  */
 package org.springframework.security.acls;
 
-import org.springframework.security.SpringSecurityException;
+import org.springframework.security.core.SpringSecurityException;
 
 
 /**

acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java

@@ -18,7 +18,6 @@ package org.springframework.security.acls.afterinvocation;
 import java.util.Arrays;
 import java.util.List;
 
-import org.springframework.security.Authentication;
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.intercept.AfterInvocationProvider;
@@ -33,6 +32,7 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityRetrievalS
 import org.springframework.security.acls.sid.Sid;
 import org.springframework.security.acls.sid.SidRetrievalStrategy;
 import org.springframework.security.acls.sid.SidRetrievalStrategyImpl;
+import org.springframework.security.core.Authentication;
 
 import org.springframework.util.Assert;
 

acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java

@@ -19,12 +19,12 @@ import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.security.Authentication;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AuthorizationServiceException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.acls.AclService;
 import org.springframework.security.acls.Permission;
+import org.springframework.security.core.Authentication;
 
 
 /**

acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java

@@ -21,12 +21,12 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
-import org.springframework.security.Authentication;
-import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.acls.AclService;
 import org.springframework.security.acls.Permission;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.SpringSecurityMessageSource;
 
 
 /**

acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java

@@ -18,15 +18,15 @@ package org.springframework.security.acls.domain;
 import java.util.Arrays;
 import java.util.List;
 
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.acls.Acl;
 import org.springframework.security.acls.sid.PrincipalSid;
 import org.springframework.security.acls.sid.Sid;
 import org.springframework.security.acls.sid.SidRetrievalStrategy;
 import org.springframework.security.acls.sid.SidRetrievalStrategyImpl;
-import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.util.Assert;
 
 

acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java

@@ -22,7 +22,6 @@ import javax.sql.DataSource;
 
 import org.springframework.dao.DataAccessException;
 import org.springframework.jdbc.core.BatchPreparedStatementSetter;
-import org.springframework.security.Authentication;
 import org.springframework.security.acls.AccessControlEntry;
 import org.springframework.security.acls.Acl;
 import org.springframework.security.acls.AlreadyExistsException;
@@ -36,7 +35,8 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
 import org.springframework.security.acls.sid.GrantedAuthoritySid;
 import org.springframework.security.acls.sid.PrincipalSid;
 import org.springframework.security.acls.sid.Sid;
-import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.transaction.support.TransactionSynchronizationManager;
 import org.springframework.util.Assert;
 

acl/src/main/java/org/springframework/security/acls/sid/GrantedAuthoritySid.java

@@ -14,7 +14,7 @@
  */
 package org.springframework.security.acls.sid;
 
-import org.springframework.security.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthority;
 
 import org.springframework.util.Assert;
 

acl/src/main/java/org/springframework/security/acls/sid/PrincipalSid.java

@@ -14,8 +14,8 @@
  */
 package org.springframework.security.acls.sid;
 
-import org.springframework.security.Authentication;
 
+import org.springframework.security.core.Authentication;
 import org.springframework.security.userdetails.UserDetails;
 
 import org.springframework.util.Assert;

acl/src/main/java/org/springframework/security/acls/sid/SidRetrievalStrategy.java

@@ -17,7 +17,7 @@ package org.springframework.security.acls.sid;
 
 import java.util.List;
 
-import org.springframework.security.Authentication;
+import org.springframework.security.core.Authentication;
 
 
 /**

acl/src/main/java/org/springframework/security/acls/sid/SidRetrievalStrategyImpl.java

@@ -18,8 +18,8 @@ package org.springframework.security.acls.sid;
 import java.util.ArrayList;
 import java.util.List;
 
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 
 /**
  * Basic implementation of {@link SidRetrievalStrategy} that creates a {@link Sid} for the principal, as well as

acl/src/main/java/org/springframework/security/acls/vote/AclEntryVoter.java

@@ -21,7 +21,6 @@ import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.security.Authentication;
 import org.springframework.security.access.AuthorizationServiceException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.vote.AbstractAclVoter;
@@ -35,6 +34,7 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityRetrievalS
 import org.springframework.security.acls.sid.Sid;
 import org.springframework.security.acls.sid.SidRetrievalStrategy;
 import org.springframework.security.acls.sid.SidRetrievalStrategyImpl;
+import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 

acl/src/main/resources/org/springframework/security/acls/jdbc/applicationContext-test.xml

@@ -37,13 +37,13 @@
     <bean id="aclAuthorizationStrategy" class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
         <constructor-arg>
             <list>
-                <bean class="org.springframework.security.GrantedAuthorityImpl">
+                <bean class="org.springframework.security.core.GrantedAuthorityImpl">
                     <constructor-arg value="ROLE_ADMINISTRATOR"/>
                 </bean>
-                <bean class="org.springframework.security.GrantedAuthorityImpl">
+                <bean class="org.springframework.security.core.GrantedAuthorityImpl">
                     <constructor-arg value="ROLE_ADMINISTRATOR"/>
                 </bean>
-                <bean class="org.springframework.security.GrantedAuthorityImpl">
+                <bean class="org.springframework.security.core.GrantedAuthorityImpl">
                     <constructor-arg value="ROLE_ADMINISTRATOR"/>
                 </bean>
             </list>

acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java

@@ -9,10 +9,10 @@ import org.jmock.Mockery;
 import org.jmock.integration.junit4.JUnit4Mockery;
 import org.junit.Before;
 import org.junit.Test;
-import org.springframework.security.Authentication;
 import org.springframework.security.acls.objectidentity.ObjectIdentity;
 import org.springframework.security.acls.objectidentity.ObjectIdentityRetrievalStrategy;
 import org.springframework.security.acls.sid.SidRetrievalStrategy;
+import org.springframework.security.core.Authentication;
 
 /**
  *

acl/src/test/java/org/springframework/security/acls/domain/AclImplTests.java

@@ -13,9 +13,6 @@ import org.jmock.Mockery;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.acls.AccessControlEntry;
 import org.springframework.security.acls.Acl;
 import org.springframework.security.acls.AlreadyExistsException;
@@ -32,8 +29,11 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
 import org.springframework.security.acls.sid.GrantedAuthoritySid;
 import org.springframework.security.acls.sid.PrincipalSid;
 import org.springframework.security.acls.sid.Sid;
-import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.TestingAuthenticationToken;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthorityImpl;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.util.FieldUtils;
 
 

acl/src/test/java/org/springframework/security/acls/domain/AclImplementationSecurityCheckTests.java

@@ -3,9 +3,6 @@ package org.springframework.security.acls.domain;
 import junit.framework.Assert;
 import junit.framework.TestCase;
 
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.acls.Acl;
 import org.springframework.security.acls.MutableAcl;
@@ -13,8 +10,11 @@ import org.springframework.security.acls.NotFoundException;
 import org.springframework.security.acls.objectidentity.ObjectIdentity;
 import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
 import org.springframework.security.acls.sid.PrincipalSid;
-import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.TestingAuthenticationToken;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthorityImpl;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
  * Test class for {@link AclAuthorizationStrategyImpl} and {@link AclImpl}

acl/src/test/java/org/springframework/security/acls/jdbc/AclPermissionInheritanceTests.java

@@ -11,8 +11,6 @@ import org.springframework.cache.ehcache.EhCacheManagerFactoryBean;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.jdbc.datasource.DataSourceTransactionManager;
 import org.springframework.jdbc.datasource.DriverManagerDataSource;
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.acls.MutableAcl;
 import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
 import org.springframework.security.acls.domain.AclImpl;
@@ -21,9 +19,11 @@ import org.springframework.security.acls.domain.ConsoleAuditLogger;
 import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
 import org.springframework.security.acls.sid.GrantedAuthoritySid;
 import org.springframework.security.acls.sid.PrincipalSid;
-import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.util.AuthorityUtils;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthorityUtils;
+import org.springframework.security.core.GrantedAuthorityImpl;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.transaction.TransactionStatus;
 import org.springframework.transaction.support.DefaultTransactionDefinition;
 

acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java

@@ -17,8 +17,6 @@ import org.junit.Test;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
 import org.springframework.jdbc.core.JdbcTemplate;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.TestDataSource;
 import org.springframework.security.acls.Acl;
 import org.springframework.security.acls.AuditableAccessControlEntry;
@@ -33,6 +31,8 @@ import org.springframework.security.acls.objectidentity.ObjectIdentity;
 import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
 import org.springframework.security.acls.sid.PrincipalSid;
 import org.springframework.security.acls.sid.Sid;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthorityImpl;
 import org.springframework.util.FileCopyUtils;
 
 /**

acl/src/test/java/org/springframework/security/acls/jdbc/EhCacheBasedAclCacheTests.java

@@ -20,9 +20,6 @@ import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.acls.MutableAcl;
 import org.springframework.security.acls.domain.AclAuthorizationStrategy;
 import org.springframework.security.acls.domain.AclAuthorizationStrategyImpl;
@@ -30,8 +27,11 @@ import org.springframework.security.acls.domain.AclImpl;
 import org.springframework.security.acls.domain.ConsoleAuditLogger;
 import org.springframework.security.acls.objectidentity.ObjectIdentity;
 import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
-import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.TestingAuthenticationToken;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthorityImpl;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.util.FieldUtils;
 
 /**

acl/src/test/java/org/springframework/security/acls/jdbc/JdbcAclServiceTests.java

@@ -29,7 +29,6 @@ import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.jdbc.core.JdbcTemplate;
-import org.springframework.security.Authentication;
 import org.springframework.security.acls.AccessControlEntry;
 import org.springframework.security.acls.Acl;
 import org.springframework.security.acls.AlreadyExistsException;
@@ -42,8 +41,9 @@ import org.springframework.security.acls.objectidentity.ObjectIdentity;
 import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
 import org.springframework.security.acls.sid.PrincipalSid;
 import org.springframework.security.acls.sid.Sid;
-import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.TestingAuthenticationToken;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.test.annotation.Rollback;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.AbstractTransactionalJUnit4SpringContextTests;

acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java

@@ -5,8 +5,8 @@ import java.util.List;
 import junit.framework.Assert;
 import junit.framework.TestCase;
 
-import org.springframework.security.Authentication;
-import org.springframework.security.providers.TestingAuthenticationToken;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
 
 /**
  * Tests for {@link SidRetrievalStrategyImpl}

acl/src/test/java/org/springframework/security/acls/sid/SidTests.java

@@ -3,13 +3,13 @@ package org.springframework.security.acls.sid;
 import junit.framework.Assert;
 import junit.framework.TestCase;
 
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.acls.sid.GrantedAuthoritySid;
 import org.springframework.security.acls.sid.PrincipalSid;
 import org.springframework.security.acls.sid.Sid;
-import org.springframework.security.providers.TestingAuthenticationToken;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthorityImpl;
 
 public class SidTests extends TestCase {
 

cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java

@@ -22,16 +22,16 @@ import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationException;
-import org.springframework.security.BadCredentialsException;
-import org.springframework.security.SpringSecurityMessageSource;
+import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.cas.ServiceProperties;
 import org.springframework.security.cas.authentication.cache.NullStatelessTicketCache;
 import org.springframework.security.cas.web.CasProcessingFilter;
-import org.springframework.security.providers.AccountStatusUserDetailsChecker;
-import org.springframework.security.providers.AuthenticationProvider;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsChecker;
 import org.springframework.security.userdetails.UserDetailsService;

cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java

@@ -16,9 +16,9 @@
 package org.springframework.security.cas.authentication;
 
 import org.jasig.cas.client.validation.Assertion;
-import org.springframework.security.GrantedAuthority;
 
-import org.springframework.security.providers.AbstractAuthenticationToken;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
 
 import org.springframework.security.userdetails.UserDetails;
 

cas/src/main/java/org/springframework/security/cas/web/CasProcessingFilter.java

@@ -20,11 +20,11 @@ import java.io.IOException;
 import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
 import org.jasig.cas.client.util.CommonUtils;
 import org.jasig.cas.client.validation.TicketValidator;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationException;
 
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.cas.ServiceProperties;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
 
 import org.springframework.security.web.FilterChainOrder;
 import org.springframework.security.web.authentication.AbstractProcessingFilter;

cas/src/main/java/org/springframework/security/cas/web/CasProcessingFilterEntryPoint.java

@@ -22,8 +22,8 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.jasig.cas.client.util.CommonUtils;
-import org.springframework.security.AuthenticationException;
 import org.springframework.security.cas.ServiceProperties;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;

cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java

@@ -15,25 +15,25 @@
 
 package org.springframework.security.cas.authentication;
 
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationException;
-import org.springframework.security.BadCredentialsException;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
 
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.cas.ServiceProperties;
 import org.springframework.security.cas.authentication.CasAuthenticationProvider;
 import org.springframework.security.cas.authentication.CasAuthenticationToken;
 import org.springframework.security.cas.authentication.StatelessTicketCache;
 import org.springframework.security.cas.web.CasProcessingFilter;
-import org.springframework.security.providers.TestingAuthenticationToken;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.AuthorityUtils;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthorityImpl;
 
 
 import org.springframework.security.userdetails.User;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;
-import org.springframework.security.util.AuthorityUtils;
 
 import java.util.HashMap;
 import java.util.Map;

cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java

@@ -21,12 +21,12 @@ import junit.framework.TestCase;
 
 import org.jasig.cas.client.validation.Assertion;
 import org.jasig.cas.client.validation.AssertionImpl;
-import org.springframework.security.GrantedAuthority;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.cas.authentication.CasAuthenticationToken;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.AuthorityUtils;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.userdetails.User;
 import org.springframework.security.userdetails.UserDetails;
-import org.springframework.security.util.AuthorityUtils;
 
 /**
  * Tests {@link CasAuthenticationToken}.

cas/src/test/java/org/springframework/security/cas/authentication/cache/AbstractStatelessTicketCacheTests.java

@@ -6,8 +6,8 @@ import java.util.List;
 import org.jasig.cas.client.validation.Assertion;
 import org.jasig.cas.client.validation.AssertionImpl;
 import org.springframework.security.cas.authentication.CasAuthenticationToken;
+import org.springframework.security.core.AuthorityUtils;
 import org.springframework.security.userdetails.User;
-import org.springframework.security.util.AuthorityUtils;
 
 /**
  *

cas/src/test/java/org/springframework/security/cas/web/CasProcessingFilterTests.java

@@ -17,10 +17,10 @@ package org.springframework.security.cas.web;
 
 import junit.framework.TestCase;
 
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationException;
 import org.springframework.security.MockAuthenticationManager;
 import org.springframework.security.cas.web.CasProcessingFilter;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;

config/src/main/java/org/springframework/security/config/AnonymousBeanDefinitionParser.java

@@ -8,7 +8,7 @@ import org.springframework.beans.factory.parsing.BeanComponentDefinition;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.providers.AnonymousAuthenticationProvider;
+import org.springframework.security.authentication.AnonymousAuthenticationProvider;
 import org.springframework.security.web.authentication.AnonymousProcessingFilter;
 import org.springframework.util.StringUtils;
 import org.w3c.dom.Element;

config/src/main/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParser.java

@@ -12,7 +12,7 @@ import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.core.Ordered;
-import org.springframework.security.providers.dao.DaoAuthenticationProvider;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;

config/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java

@@ -9,8 +9,8 @@ import org.springframework.beans.factory.support.BeanDefinitionRegistry;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
-import org.springframework.security.providers.ProviderManager;
+import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
 import org.springframework.security.web.concurrent.ConcurrentSessionFilter;
 import org.springframework.security.web.concurrent.SessionRegistryImpl;
 import org.springframework.util.StringUtils;

config/src/main/java/org/springframework/security/config/CustomAuthenticationProviderBeanDefinitionDecorator.java

@@ -6,7 +6,7 @@ import org.springframework.beans.factory.xml.ParserContext;
 import org.w3c.dom.Node;
 
 /**
- * Adds the decorated {@link org.springframework.security.providers.AuthenticationProvider} to the ProviderManager's
+ * Adds the decorated {@link org.springframework.security.authentication.AuthenticationProvider} to the ProviderManager's
  * list.
  *
  * @author Luke Taylor

config/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java

@@ -17,8 +17,8 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.core.OrderComparator;
 import org.springframework.core.Ordered;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.config.ConfigUtils.FilterChainList;
-import org.springframework.security.providers.AnonymousAuthenticationToken;
 import org.springframework.security.web.ExceptionTranslationFilter;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.SessionFixationProtectionFilter;

config/src/main/java/org/springframework/security/config/NamespaceAuthenticationManager.java

@@ -6,8 +6,8 @@ import java.util.List;
 
 import org.springframework.beans.factory.BeanFactory;
 import org.springframework.beans.factory.BeanFactoryAware;
-import org.springframework.security.providers.AuthenticationProvider;
-import org.springframework.security.providers.ProviderManager;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.ProviderManager;
 import org.springframework.util.Assert;
 
 /**

config/src/main/java/org/springframework/security/config/PasswordEncoderParser.java

@@ -11,13 +11,13 @@ import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.providers.encoding.BaseDigestPasswordEncoder;
-import org.springframework.security.providers.encoding.LdapShaPasswordEncoder;
-import org.springframework.security.providers.encoding.Md4PasswordEncoder;
-import org.springframework.security.providers.encoding.Md5PasswordEncoder;
-import org.springframework.security.providers.encoding.PasswordEncoder;
-import org.springframework.security.providers.encoding.PlaintextPasswordEncoder;
-import org.springframework.security.providers.encoding.ShaPasswordEncoder;
+import org.springframework.security.authentication.encoding.BaseDigestPasswordEncoder;
+import org.springframework.security.authentication.encoding.LdapShaPasswordEncoder;
+import org.springframework.security.authentication.encoding.Md4PasswordEncoder;
+import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
+import org.springframework.security.authentication.encoding.PasswordEncoder;
+import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder;
+import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;

config/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java

@@ -11,7 +11,7 @@ import org.springframework.security.web.authentication.rememberme.JdbcTokenRepos
 import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
 import org.springframework.security.web.authentication.rememberme.RememberMeProcessingFilter;
 import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
-import org.springframework.security.providers.RememberMeAuthenticationProvider;
+import org.springframework.security.authentication.RememberMeAuthenticationProvider;
 import org.springframework.util.StringUtils;
 import org.w3c.dom.Element;
 

config/src/main/java/org/springframework/security/config/RememberMeServicesInjectionBeanPostProcessor.java

@@ -10,7 +10,7 @@ import org.springframework.beans.factory.BeanFactoryAware;
 import org.springframework.beans.factory.ListableBeanFactory;
 import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.security.web.authentication.AbstractProcessingFilter;
-import org.springframework.security.web.authentication.rememberme.RememberMeServices;
+import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.www.BasicProcessingFilter;
 import org.springframework.util.Assert;
 

config/src/main/java/org/springframework/security/config/SaltSourceBeanDefinitionParser.java

@@ -5,8 +5,8 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.providers.dao.salt.ReflectionSaltSource;
-import org.springframework.security.providers.dao.salt.SystemWideSaltSource;
+import org.springframework.security.authentication.dao.salt.ReflectionSaltSource;
+import org.springframework.security.authentication.dao.salt.SystemWideSaltSource;
 import org.springframework.util.StringUtils;
 import org.w3c.dom.Element;
 

config/src/main/java/org/springframework/security/config/SecurityConfigurationException.java

@@ -1,6 +1,6 @@
 package org.springframework.security.config;
 
-import org.springframework.security.SpringSecurityException;
+import org.springframework.security.core.SpringSecurityException;
 
 
 /**

config/src/main/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessor.java

@@ -8,9 +8,9 @@ import org.springframework.beans.factory.BeanFactory;
 import org.springframework.beans.factory.BeanFactoryAware;
 import org.springframework.beans.factory.ListableBeanFactory;
 import org.springframework.beans.factory.config.BeanPostProcessor;
-import org.springframework.security.concurrent.ConcurrentSessionController;
-import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
-import org.springframework.security.concurrent.SessionRegistry;
+import org.springframework.security.authentication.concurrent.ConcurrentSessionController;
+import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
+import org.springframework.security.authentication.concurrent.SessionRegistry;
 import org.springframework.security.web.SessionFixationProtectionFilter;
 import org.springframework.security.web.authentication.AbstractProcessingFilter;
 

config/src/main/java/org/springframework/security/config/UserDetailsServiceInjectionBeanPostProcessor.java

@@ -12,7 +12,7 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider;
+import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationProvider;
 import org.springframework.security.userdetails.UserDetailsByNameServiceWrapper;
 import org.springframework.security.userdetails.UserDetailsService;
 import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;

config/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java

@@ -6,9 +6,9 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.beans.factory.BeanDefinitionStoreException;
+import org.springframework.security.core.AuthorityUtils;
 import org.springframework.security.userdetails.memory.UserMap;
 import org.springframework.security.userdetails.User;
-import org.springframework.security.util.AuthorityUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.xml.DomUtils;

config/src/main/java/org/springframework/security/config/X509BeanDefinitionParser.java

@@ -4,7 +4,7 @@ import org.springframework.security.userdetails.UserDetailsByNameServiceWrapper;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint;
 import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
 import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
-import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider;
+import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationProvider;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.beans.factory.config.BeanDefinition;

config/src/test/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParserTests.java

@@ -2,11 +2,11 @@ package org.springframework.security.config;
 
 import static org.junit.Assert.*;
 
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
-import org.springframework.security.providers.ProviderManager;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.providers.AuthenticationProvider;
-import org.springframework.security.providers.encoding.ShaPasswordEncoder;
 import org.springframework.security.util.FieldUtils;
 import org.springframework.context.support.AbstractXmlApplicationContext;
 
@@ -109,9 +109,9 @@ public class AuthenticationProviderBeanDefinitionParserTests {
                 "    </authentication-provider>" +
 
                 "    <b:bean id='customPasswordEncoder' " +
-                            "class='org.springframework.security.providers.encoding.Md5PasswordEncoder'/>" +
+                            "class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>" +
                 "    <b:bean id='saltSource' " +
-                "           class='org.springframework.security.providers.dao.salt.ReflectionSaltSource'>" +
+                "           class='org.springframework.security.authentication.dao.salt.ReflectionSaltSource'>" +
                 "         <b:property name='userPropertyToUse' value='username'/>" +
                 "    </b:bean>" +
                 "    <b:bean id='customUserService' " +

config/src/test/java/org/springframework/security/config/CustomAuthenticationProviderBeanDefinitionDecoratorTests.java

@@ -3,8 +3,8 @@ package org.springframework.security.config;
 import static org.junit.Assert.*;
 
 import org.junit.Test;
+import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
-import org.springframework.security.providers.ProviderManager;
 
 
 public class CustomAuthenticationProviderBeanDefinitionDecoratorTests {
@@ -12,7 +12,7 @@ public class CustomAuthenticationProviderBeanDefinitionDecoratorTests {
     @Test
     public void decoratedProviderParsesSuccessfully() {
         InMemoryXmlApplicationContext ctx = new InMemoryXmlApplicationContext(
-                "<b:bean class='org.springframework.security.providers.dao.DaoAuthenticationProvider'>" +
+                "<b:bean class='org.springframework.security.authentication.dao.DaoAuthenticationProvider'>" +
                 "  <custom-authentication-provider />" +
                 "  <b:property name='userDetailsService' ref='us'/>" +
                 "</b:bean>" + 
@@ -28,7 +28,7 @@ public class CustomAuthenticationProviderBeanDefinitionDecoratorTests {
     @Test
     public void decoratedBeanAndRegisteredProviderAreTheSameObject() {
         InMemoryXmlApplicationContext ctx = new InMemoryXmlApplicationContext(
-                "<b:bean id='myProvider' class='org.springframework.security.providers.dao.DaoAuthenticationProvider'>" +
+                "<b:bean id='myProvider' class='org.springframework.security.authentication.dao.DaoAuthenticationProvider'>" +
                 "  <custom-authentication-provider />" +
                 "  <b:property name='userDetailsService' ref='us'/>" +
                 "</b:bean>" + 

config/src/test/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParserTests.java

@@ -11,7 +11,6 @@ import org.junit.After;
 import org.junit.Test;
 import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
 import org.springframework.context.support.AbstractXmlApplicationContext;
-import org.springframework.security.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.annotation.BusinessService;
 import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource;
@@ -22,12 +21,13 @@ import org.springframework.security.access.expression.method.MethodExpressionAft
 import org.springframework.security.access.expression.method.MethodExpressionVoter;
 import org.springframework.security.access.intercept.AfterInvocationProviderManager;
 import org.springframework.security.access.vote.AffirmativeBased;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
-import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.TestingAuthenticationToken;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.userdetails.UserDetailsService;
-import org.springframework.security.util.AuthorityUtils;
 import org.springframework.security.util.FieldUtils;
 
 /**

config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java

@@ -23,21 +23,20 @@ import org.springframework.security.MockAuthenticationEntryPoint;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
-import org.springframework.security.concurrent.ConcurrentLoginException;
-import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.concurrent.ConcurrentLoginException;
+import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
-import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.openid.OpenIDAuthenticationProcessingFilter;
 import org.springframework.security.openid.OpenIDAuthenticationProvider;
-import org.springframework.security.providers.TestingAuthenticationToken;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.util.FieldUtils;
 import org.springframework.security.web.ExceptionTranslationFilter;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.PortMapperImpl;
 import org.springframework.security.web.SessionFixationProtectionFilter;
-import org.springframework.security.web.WebAuthenticationDetails;
 import org.springframework.security.web.authentication.AnonymousProcessingFilter;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
@@ -45,6 +44,7 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand
 import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
 import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
 import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
@@ -543,7 +543,7 @@ public class HttpSecurityBeanDefinitionParserTests {
                 "<http auto-config='true'>" +
                 "    <concurrent-session-control session-registry-alias='seshRegistry' expired-url='/expired'/>" +
                 "</http>" +
-                "<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" +
+                "<b:bean id='sc' class='org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl'>" +
                 "  <b:property name='sessionRegistry'>" +
                 "    <b:bean class='" + SessionRegistryImpl.class.getName() + "'/>" +
                 "  </b:property>" +

config/src/test/java/org/springframework/security/config/InterceptMethodsBeanDefinitionDecoratorTests.java

@@ -6,11 +6,11 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
-import org.springframework.security.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.util.AuthorityUtils;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
  * @author Luke Taylor

config/src/test/java/org/springframework/security/config/JdbcUserServiceBeanDefinitionParserTests.java

@@ -5,14 +5,14 @@ import static org.mockito.Mockito.*;
 
 import org.junit.After;
 import org.junit.Test;
-import org.springframework.security.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
-import org.springframework.security.providers.ProviderManager;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.providers.dao.DaoAuthenticationProvider;
+import org.springframework.security.core.AuthorityUtils;
 import org.springframework.security.provisioning.JdbcUserDetailsManager;
 import org.springframework.security.userdetails.UserDetails;
-import org.springframework.security.util.AuthorityUtils;
 import org.springframework.security.util.FieldUtils;
 import org.w3c.dom.Element;
 
@@ -22,7 +22,7 @@ import org.w3c.dom.Element;
  * @version $Id$
  */
 public class JdbcUserServiceBeanDefinitionParserTests {
-    private static String USER_CACHE_XML = "<b:bean id='userCache' class='org.springframework.security.providers.dao.MockUserCache'/>";
+    private static String USER_CACHE_XML = "<b:bean id='userCache' class='org.springframework.security.authentication.dao.MockUserCache'/>";
 
     private static String DATA_SOURCE =
             "    <b:bean id='populator' class='org.springframework.security.config.DataSourcePopulator'>" +

config/src/test/java/org/springframework/security/config/Jsr250AnnotationDrivenBeanDefinitionParserTests.java

@@ -3,13 +3,13 @@ package org.springframework.security.config;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
-import org.springframework.security.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.annotation.BusinessService;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
-import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.util.AuthorityUtils;
+import org.springframework.security.core.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
  * @author Luke Taylor

config/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java

@@ -5,17 +5,17 @@ import static org.springframework.security.config.LdapProviderBeanDefinitionPars
 
 import org.junit.After;
 import org.junit.Test;
-import org.springframework.security.Authentication;
+import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.SecurityConfigurationException;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.ldap.authentication.BindAuthenticator;
 import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
 import org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator;
 import org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;
-import org.springframework.security.providers.ProviderManager;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.util.FieldUtils;
 
 

config/src/test/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParserTests.java

@@ -8,8 +8,9 @@ import java.util.Set;
 
 import org.junit.After;
 import org.junit.Test;
-import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
+import org.springframework.security.core.AuthorityUtils;
+import org.springframework.security.core.GrantedAuthorityImpl;
 import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
 import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
 import org.springframework.security.ldap.userdetails.InetOrgPerson;
@@ -20,7 +21,6 @@ import org.springframework.security.ldap.userdetails.Person;
 import org.springframework.security.ldap.userdetails.PersonContextMapper;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;
-import org.springframework.security.util.AuthorityUtils;
 import org.w3c.dom.Element;
 
 /**

config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java

@@ -2,10 +2,10 @@ package org.springframework.security.config;
 
 import java.util.List;
 
-import org.springframework.security.Authentication;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.intercept.AfterInvocationProvider;
+import org.springframework.security.core.Authentication;
 
 public class MockAfterInvocationProvider implements AfterInvocationProvider {
 

config/src/test/java/org/springframework/security/config/SecuredAnnotationDrivenBeanDefinitionParserTests.java

@@ -3,13 +3,13 @@ package org.springframework.security.config;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
-import org.springframework.security.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.annotation.BusinessService;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
-import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.util.AuthorityUtils;
+import org.springframework.security.core.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
  * @author Ben Alex

config/src/test/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessorTests.java

@@ -5,11 +5,11 @@ import static org.junit.Assert.*;
 import org.junit.After;
 import org.junit.Test;
 import org.springframework.context.support.AbstractXmlApplicationContext;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationException;
-import org.springframework.security.concurrent.ConcurrentSessionController;
-import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
+import org.springframework.security.authentication.concurrent.ConcurrentSessionController;
+import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.util.FieldUtils;
 import org.springframework.security.web.concurrent.SessionRegistryImpl;
 

config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java

@@ -4,10 +4,10 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.context.support.AbstractXmlApplicationContext;
-import org.springframework.security.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.ITargetObject;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
-import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
  * Tests for SEC-428.

config/src/test/resources/org/springframework/security/util/filtertest-valid.xml

@@ -37,7 +37,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
        </property>
     </bean>
 
-    <bean id="mockNotAFilter" class="org.springframework.security.util.MockNotAFilter"/>
+    <bean id="mockNotAFilter" class="org.springframework.security.util.AntUrlPathMatcher"/>
 
     <bean id="filterChain" class="org.springframework.security.web.FilterChainProxy">
         <sec:filter-chain-map path-type="ant">

core/src/main/java/org/springframework/security/access/AccessDecisionManager.java

@@ -17,8 +17,8 @@ package org.springframework.security.access;
 
 import java.util.List;
 
-import org.springframework.security.Authentication;
-import org.springframework.security.InsufficientAuthenticationException;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
+import org.springframework.security.core.Authentication;
 
 /**
  * Makes a final access control (authorization) decision.

core/src/main/java/org/springframework/security/access/AccessDeniedException.java

@@ -15,8 +15,8 @@
 
 package org.springframework.security.access;
 
-import org.springframework.security.Authentication;
-import org.springframework.security.SpringSecurityException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.SpringSecurityException;
 
 /**
  * Thrown if an {@link Authentication} object does not hold a required authority.

core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java

@@ -2,10 +2,10 @@ package org.springframework.security.access.annotation;
 
 import java.util.List;
 
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.vote.AccessDecisionVoter;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 
 /**
  * Voter on JSR-250 configuration attributes.

core/src/main/java/org/springframework/security/access/authoritymapping/Attributes2GrantedAuthoritiesMapper.java

@@ -3,7 +3,7 @@ package org.springframework.security.access.authoritymapping;
 import java.util.Collection;
 import java.util.List;
 
-import org.springframework.security.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthority;
 
 /**
  * Interface to be implemented by classes that can map a list of security attributes (such as roles or

core/src/main/java/org/springframework/security/access/authoritymapping/MapBasedAttributes2GrantedAuthoritiesMapper.java

@@ -10,8 +10,8 @@ import java.util.Set;
 import java.util.StringTokenizer;
 
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthorityImpl;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 

core/src/main/java/org/springframework/security/access/authoritymapping/SimpleAttributes2GrantedAuthoritiesMapper.java

@@ -1,7 +1,7 @@
 package org.springframework.security.access.authoritymapping;
 
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthorityImpl;
 
 import java.util.ArrayList;
 import java.util.Collection;

core/src/main/java/org/springframework/security/access/AbstractAuthorizationEvent.java → core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.access;
+package org.springframework.security.access.event;
 
 import org.springframework.context.ApplicationEvent;
 

core/src/main/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEvent.java → core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java

@@ -13,11 +13,12 @@
  * limitations under the License.
  */
 
-package org.springframework.security.access;
+package org.springframework.security.access.event;
 
 import java.util.List;
 
-import org.springframework.security.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 
 
 /**

core/src/main/java/org/springframework/security/access/AuthorizationFailureEvent.java → core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java

@@ -13,11 +13,14 @@
  * limitations under the License.
  */
 
-package org.springframework.security.access;
+package org.springframework.security.access.event;
 
 import java.util.List;
 
-import org.springframework.security.Authentication;
+import org.springframework.security.access.AccessDecisionManager;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.core.Authentication;
 
 
 /**

core/src/main/java/org/springframework/security/access/AuthorizedEvent.java → core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java

@@ -13,11 +13,12 @@
  * limitations under the License.
  */
 
-package org.springframework.security.access;
+package org.springframework.security.access.event;
 
 import java.util.List;
 
-import org.springframework.security.Authentication;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.core.Authentication;
 
 
 /**

core/src/main/java/org/springframework/security/access/LoggerListener.java → core/src/main/java/org/springframework/security/access/event/LoggerListener.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.access;
+package org.springframework.security.access.event;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

core/src/main/java/org/springframework/security/access/PublicInvocationEvent.java → core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.access;
+package org.springframework.security.access.event;
 
 /**
  * Event that is generated whenever a public secure object is invoked.<p>A public secure object is a secure object

core/src/main/java/org/springframework/security/access/expression/MethodSecurityExpressionHandler.java

@@ -4,7 +4,7 @@ import org.aopalliance.intercept.MethodInvocation;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.expression.ExpressionParser;
-import org.springframework.security.Authentication;
+import org.springframework.security.core.Authentication;
 
 /**
  * Facade which isolates Spring Security's requirements for evaluation method-security expressions

core/src/main/java/org/springframework/security/access/expression/PermissionEvaluator.java

@@ -2,7 +2,7 @@ package org.springframework.security.access.expression;
 
 import java.io.Serializable;
 
-import org.springframework.security.Authentication;
+import org.springframework.security.core.Authentication;
 
 /**
  * Strategy used in expression evaluation to determine whether a user has a permission or permissions

core/src/main/java/org/springframework/security/access/expression/method/MethodExpressionAfterInvocationProvider.java

@@ -7,13 +7,13 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
-import org.springframework.security.Authentication;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.expression.ExpressionUtils;
 import org.springframework.security.access.expression.MethodSecurityExpressionHandler;
 import org.springframework.security.access.expression.support.DefaultMethodSecurityExpressionHandler;
 import org.springframework.security.access.intercept.AfterInvocationProvider;
+import org.springframework.security.core.Authentication;
 
 /**
  * AfterInvocationProvider which handles the @PostAuthorize and @PostFilter annotation expressions.

core/src/main/java/org/springframework/security/access/expression/method/MethodExpressionVoter.java

@@ -8,12 +8,12 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
-import org.springframework.security.Authentication;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.expression.ExpressionUtils;
 import org.springframework.security.access.expression.MethodSecurityExpressionHandler;
 import org.springframework.security.access.expression.support.DefaultMethodSecurityExpressionHandler;
 import org.springframework.security.access.vote.AccessDecisionVoter;
+import org.springframework.security.core.Authentication;
 
 /**
  * Voter which performs the actions for @PreFilter and @PostAuthorize annotations.

core/src/main/java/org/springframework/security/access/expression/support/DefaultMethodSecurityExpressionHandler.java

@@ -14,12 +14,12 @@ import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.expression.ExpressionParser;
 import org.springframework.expression.spel.antlr.SpelAntlrExpressionParser;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationTrustResolver;
-import org.springframework.security.AuthenticationTrustResolverImpl;
 import org.springframework.security.access.expression.ExpressionUtils;
 import org.springframework.security.access.expression.MethodSecurityExpressionHandler;
 import org.springframework.security.access.expression.PermissionEvaluator;
+import org.springframework.security.authentication.AuthenticationTrustResolver;
+import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
+import org.springframework.security.core.Authentication;
 
 /**
  * The standard implementation of <tt>SecurityExpressionHandler</tt>.

core/src/main/java/org/springframework/security/access/expression/support/DenyAllPermissionEvaluator.java

@@ -4,8 +4,8 @@ import java.io.Serializable;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.security.Authentication;
 import org.springframework.security.access.expression.PermissionEvaluator;
+import org.springframework.security.core.Authentication;
 
 /**
  * A null PermissionEvaluator which denies all access. Used by default for situations when permission

core/src/main/java/org/springframework/security/access/expression/support/MethodSecurityEvaluationContext.java

@@ -6,7 +6,7 @@ import org.aopalliance.intercept.MethodInvocation;
 import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
 import org.springframework.core.ParameterNameDiscoverer;
 import org.springframework.expression.spel.support.StandardEvaluationContext;
-import org.springframework.security.Authentication;
+import org.springframework.security.core.Authentication;
 import org.springframework.util.ClassUtils;
 
 /**

core/src/main/java/org/springframework/security/access/expression/support/MethodSecurityExpressionRoot.java

@@ -2,8 +2,8 @@ package org.springframework.security.access.expression.support;
 
 import java.io.Serializable;
 
-import org.springframework.security.Authentication;
 import org.springframework.security.access.expression.PermissionEvaluator;
+import org.springframework.security.core.Authentication;
 
 
 /**

core/src/main/java/org/springframework/security/access/expression/support/SecurityExpressionRoot.java

@@ -2,10 +2,10 @@ package org.springframework.security.access.expression.support;
 
 import java.util.Set;
 
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationTrustResolver;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.util.AuthorityUtils;
+import org.springframework.security.authentication.AuthenticationTrustResolver;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthorityUtils;
+import org.springframework.security.core.GrantedAuthority;
 
 
 /**

core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java

@@ -16,7 +16,7 @@ package org.springframework.security.access.hierarchicalroles;
 
 import java.util.List;
 
-import org.springframework.security.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthority;
 
 /**
  * The simple interface of a role hierarchy.

core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java

@@ -15,8 +15,8 @@
 package org.springframework.security.access.hierarchicalroles;
 
 
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthorityImpl;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 

core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsWrapper.java

@@ -16,7 +16,7 @@ package org.springframework.security.access.hierarchicalroles;
 
 import java.util.List;
 
-import org.springframework.security.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.userdetails.UserDetails;
 
 /**

core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java

@@ -29,18 +29,18 @@ import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationCredentialsNotFoundException;
-import org.springframework.security.AuthenticationManager;
-import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.access.AuthenticationCredentialsNotFoundEvent;
-import org.springframework.security.access.AuthorizationFailureEvent;
-import org.springframework.security.access.AuthorizedEvent;
 import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.PublicInvocationEvent;
-import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent;
+import org.springframework.security.access.event.AuthorizationFailureEvent;
+import org.springframework.security.access.event.AuthorizedEvent;
+import org.springframework.security.access.event.PublicInvocationEvent;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.SpringSecurityMessageSource;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.util.Assert;
 
 /**
@@ -55,7 +55,7 @@ import org.springframework.util.Assert;
  * <li>For an invocation that is secured (there is a list of <code>ConfigAttribute</code>s for the secure
  * object invocation):
  * <ol type="a">
- * <li>If either the {@link org.springframework.security.Authentication#isAuthenticated()}
+ * <li>If either the {@link org.springframework.security.core.Authentication#isAuthenticated()}
  * returns <code>false</code>, or the {@link #alwaysReauthenticate} is
  * <code>true</code>, authenticate the request against the configured {@link AuthenticationManager}.
  * When authenticated, replace the <code>Authentication</code> object on the
@@ -282,7 +282,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
 
     /**
      * Checks the current authentication token and passes it to the AuthenticationManager if
-     * {@link org.springframework.security.Authentication#isAuthenticated()} returns false or the property
+     * {@link org.springframework.security.core.Authentication#isAuthenticated()} returns false or the property
      * <tt>alwaysReauthenticate</tt> has been set to true.
      *
      * @return an authenticated <tt>Authentication</tt> object.

core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java

@@ -17,9 +17,9 @@ package org.springframework.security.access.intercept;
 
 import java.util.List;
 
-import org.springframework.security.Authentication;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.core.Authentication;
 
 /**
  * Reviews the <code>Object</code> returned from a secure object invocation,

core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProvider.java

@@ -17,9 +17,9 @@ package org.springframework.security.access.intercept;
 
 import java.util.List;
 
-import org.springframework.security.Authentication;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.core.Authentication;
 
 
 /**

core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java

@@ -21,9 +21,9 @@ import java.util.List;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.Authentication;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
 
 

core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java

@@ -17,8 +17,8 @@ package org.springframework.security.access.intercept;
 
 import java.util.List;
 
-import org.springframework.security.Authentication;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.core.Authentication;
 
 
 /**

core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java

@@ -17,8 +17,8 @@ package org.springframework.security.access.intercept;
 
 import java.util.List;
 
-import org.springframework.security.Authentication;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.core.Authentication;
 
 
 /**

core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java

@@ -15,12 +15,12 @@
 
 package org.springframework.security.access.intercept;
 
-import org.springframework.security.SpringSecurityMessageSource;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationException;
-import org.springframework.security.BadCredentialsException;
 
-import org.springframework.security.providers.AuthenticationProvider;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.SpringSecurityMessageSource;
 
 import org.springframework.beans.factory.InitializingBean;
 

core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java

@@ -17,8 +17,8 @@ package org.springframework.security.access.intercept;
 
 import java.util.List;
 
-import org.springframework.security.Authentication;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.core.Authentication;
 
 /**
  * Creates a new temporary {@link Authentication} object for the current secure
@@ -30,7 +30,7 @@ import org.springframework.security.access.ConfigAttribute;
  * object invocation only. The {@link
  * org.springframework.security.access.intercept.AbstractSecurityInterceptor} will replace
  * the <code>Authentication</code> object held in the
- * {@link org.springframework.security.context.SecurityContext SecurityContext}
+ * {@link org.springframework.security.core.context.SecurityContext SecurityContext}
  * for the duration of  the secure object callback only, returning it to
  * the original <code>Authentication</code> object when the callback ends.
  * </p>

core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java

@@ -19,10 +19,10 @@ import java.util.ArrayList;
 import java.util.List;
 
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.GrantedAuthorityImpl;
 import org.springframework.util.Assert;
 
 

core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java

@@ -18,14 +18,14 @@ package org.springframework.security.access.intercept;
 import java.util.Arrays;
 import java.util.List;
 
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
 
-import org.springframework.security.providers.AbstractAuthenticationToken;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 
 
 /**
- * An immutable {@link org.springframework.security.Authentication}  implementation that supports {@link RunAsManagerImpl}.
+ * An immutable {@link org.springframework.security.core.Authentication}  implementation that supports {@link RunAsManagerImpl}.
  *
  * @author Ben Alex
  * @version $Id$

core/src/main/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluator.java

@@ -21,10 +21,10 @@ import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.Authentication;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
+import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
 
 

core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java

@@ -20,10 +20,10 @@ import java.util.List;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;

core/src/main/java/org/springframework/security/access/vote/AccessDecisionVoter.java

@@ -17,8 +17,8 @@ package org.springframework.security.access.vote;
 
 import java.util.List;
 
-import org.springframework.security.Authentication;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.core.Authentication;
 
 
 /**