SEC-2915: XML spaces->tabs

acl/pom.xml

@@ -8,161 +8,161 @@
   <description>spring-security-acl</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>aopalliance</groupId>
-      <artifactId>aopalliance</artifactId>
-      <version>1.0</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-aop</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-core</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>commons-logging</artifactId>
-          <groupId>commons-logging</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-tx</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>net.sf.ehcache</groupId>
-      <artifactId>ehcache</artifactId>
-      <version>2.9.0</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hsqldb</groupId>
-      <artifactId>hsqldb</artifactId>
-      <version>2.3.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context-support</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>aopalliance</groupId>
+	  <artifactId>aopalliance</artifactId>
+	  <version>1.0</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-aop</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-core</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>commons-logging</artifactId>
+		  <groupId>commons-logging</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-tx</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>net.sf.ehcache</groupId>
+	  <artifactId>ehcache</artifactId>
+	  <version>2.9.0</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hsqldb</groupId>
+	  <artifactId>hsqldb</artifactId>
+	  <version>2.3.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context-support</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

acl/src/test/resources/logback-test.xml

@@ -1,14 +1,14 @@
 <configuration>
   <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-    <encoder>
-      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-    </encoder>
+	<encoder>
+	  <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+	</encoder>
   </appender>
 
   <logger name="org.springframework.security" level="${sec.log.level}:-WARN"/>
 
   <root level="${root.level}:-WARN">
-    <appender-ref ref="STDOUT" />
+	<appender-ref ref="STDOUT" />
   </root>
 
 </configuration>

aspects/pom.xml

@@ -8,137 +8,137 @@
   <description>spring-security-aspects</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-core</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>commons-logging</artifactId>
-          <groupId>commons-logging</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.aspectj</groupId>
-      <artifactId>aspectjrt</artifactId>
-      <version>1.8.4</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>aopalliance</groupId>
-      <artifactId>aopalliance</artifactId>
-      <version>1.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-aop</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-core</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>commons-logging</artifactId>
+		  <groupId>commons-logging</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.aspectj</groupId>
+	  <artifactId>aspectjrt</artifactId>
+	  <version>1.8.4</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>aopalliance</groupId>
+	  <artifactId>aopalliance</artifactId>
+	  <version>1.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-aop</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

aspects/src/main/resources/META-INF/aop.xml

@@ -1,18 +1,18 @@
 <?xml version="1.0"?>
 
-    <!--
-        AspectJ load-time weaving config file to install common Spring
-        aspects.
-    -->
+	<!--
+		AspectJ load-time weaving config file to install common Spring
+		aspects.
+	-->
 <aspectj>
 
-    <!--
+	<!--
   <weaver options="-showWeaveInfo"/>
   -->
 
-    <aspects>
-        <aspect
-            name="org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect" />
-    </aspects>
+	<aspects>
+		<aspect
+			name="org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect" />
+	</aspects>
 
 </aspectj>

cas/pom.xml

@@ -8,149 +8,149 @@
   <description>spring-security-cas</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>org.jasig.cas.client</groupId>
-      <artifactId>cas-client-core</artifactId>
-      <version>3.3.3</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-core</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>commons-logging</artifactId>
-          <groupId>commons-logging</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-web</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>net.sf.ehcache</groupId>
-      <artifactId>ehcache</artifactId>
-      <version>2.9.0</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>org.jasig.cas.client</groupId>
+	  <artifactId>cas-client-core</artifactId>
+	  <version>3.3.3</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-core</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>commons-logging</artifactId>
+		  <groupId>commons-logging</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-web</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>net.sf.ehcache</groupId>
+	  <artifactId>ehcache</artifactId>
+	  <version>2.9.0</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

config/pom.xml

@@ -8,410 +8,410 @@
   <description>spring-security-config</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>aopalliance</groupId>
-      <artifactId>aopalliance</artifactId>
-      <version>1.0</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-aop</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-core</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>commons-logging</artifactId>
-          <groupId>commons-logging</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.aspectj</groupId>
-      <artifactId>aspectjweaver</artifactId>
-      <version>1.8.4</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-ldap</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-messaging</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-openid</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-tx</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-web</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-websocket</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib-nodep</artifactId>
-      <version>3.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.annotation</groupId>
-      <artifactId>jsr250-api</artifactId>
-      <version>1.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>ldapsdk</groupId>
-      <artifactId>ldapsdk</artifactId>
-      <version>4.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-core</artifactId>
-      <version>1.5.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-core-entry</artifactId>
-      <version>1.5.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-protocol-ldap</artifactId>
-      <version>1.5.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-protocol-shared</artifactId>
-      <version>1.5.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-server-jndi</artifactId>
-      <version>1.5.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.shared</groupId>
-      <artifactId>shared-ldap</artifactId>
-      <version>0.9.15</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.codehaus.groovy</groupId>
-      <artifactId>groovy-all</artifactId>
-      <version>2.3.8</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.eclipse.persistence</groupId>
-      <artifactId>javax.persistence</artifactId>
-      <version>2.0.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-entitymanager</artifactId>
-      <version>4.1.0.Final</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-entitymanager</artifactId>
-      <version>3.6.10.Final</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hsqldb</groupId>
-      <artifactId>hsqldb</artifactId>
-      <version>2.3.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.openid4java</groupId>
-      <artifactId>openid4java-nodeps</artifactId>
-      <version>0.9.6</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>guice</artifactId>
-          <groupId>com.google.code.guice</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-api-mockito</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-api-support</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-core</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-module-junit4</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-module-junit4-common</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-reflect</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-core</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-spring</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.data</groupId>
-      <artifactId>spring-data-jpa</artifactId>
-      <version>1.7.1.RELEASE</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>aspectjrt</artifactId>
-          <groupId>org.aspectj</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.ldap</groupId>
-      <artifactId>spring-ldap-core</artifactId>
-      <version>2.0.2.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-aspects</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-cas</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-expression</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-orm</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>aopalliance</groupId>
+	  <artifactId>aopalliance</artifactId>
+	  <version>1.0</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-aop</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-core</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>commons-logging</artifactId>
+		  <groupId>commons-logging</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.aspectj</groupId>
+	  <artifactId>aspectjweaver</artifactId>
+	  <version>1.8.4</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-ldap</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-messaging</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-openid</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-tx</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-web</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-websocket</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>cglib</groupId>
+	  <artifactId>cglib-nodep</artifactId>
+	  <version>3.1</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.annotation</groupId>
+	  <artifactId>jsr250-api</artifactId>
+	  <version>1.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ldapsdk</groupId>
+	  <artifactId>ldapsdk</artifactId>
+	  <version>4.1</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-core</artifactId>
+	  <version>1.5.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-core-entry</artifactId>
+	  <version>1.5.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-protocol-ldap</artifactId>
+	  <version>1.5.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-protocol-shared</artifactId>
+	  <version>1.5.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-server-jndi</artifactId>
+	  <version>1.5.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.shared</groupId>
+	  <artifactId>shared-ldap</artifactId>
+	  <version>0.9.15</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.codehaus.groovy</groupId>
+	  <artifactId>groovy-all</artifactId>
+	  <version>2.3.8</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.eclipse.persistence</groupId>
+	  <artifactId>javax.persistence</artifactId>
+	  <version>2.0.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-entitymanager</artifactId>
+	  <version>4.1.0.Final</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-entitymanager</artifactId>
+	  <version>3.6.10.Final</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hsqldb</groupId>
+	  <artifactId>hsqldb</artifactId>
+	  <version>2.3.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.openid4java</groupId>
+	  <artifactId>openid4java-nodeps</artifactId>
+	  <version>0.9.6</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>guice</artifactId>
+		  <groupId>com.google.code.guice</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-api-mockito</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-api-support</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-core</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-module-junit4</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-module-junit4-common</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-reflect</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-core</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-spring</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.data</groupId>
+	  <artifactId>spring-data-jpa</artifactId>
+	  <version>1.7.1.RELEASE</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>aspectjrt</artifactId>
+		  <groupId>org.aspectj</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.ldap</groupId>
+	  <artifactId>spring-ldap-core</artifactId>
+	  <version>2.0.2.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-aspects</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-cas</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-expression</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-orm</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

config/src/integration-test/resources/logback-test.xml

@@ -1,8 +1,8 @@
 <configuration>
   <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-    <encoder>
-      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-    </encoder>
+	<encoder>
+	  <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+	</encoder>
   </appender>
 
   <logger name="org.springframework.security" level="${sec.log.level}:-WARN"/>
@@ -13,7 +13,7 @@
   <logger name="org.apache.mina" level="WARN"/>
 
   <root level="${root.level}:-WARN">
-    <appender-ref ref="STDOUT" />
+	<appender-ref ref="STDOUT" />
   </root>
 
 </configuration>

config/src/main/resources/org/springframework/security/config/catalog.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0"?>
 <!DOCTYPE catalog PUBLIC "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN" "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd">
 <catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">
-    <system systemId="http://www.springframework.org/schema/security/spring-security-2.0.xsd" uri="spring-security-2.0.xsd"/>
+	<system systemId="http://www.springframework.org/schema/security/spring-security-2.0.xsd" uri="spring-security-2.0.xsd"/>
 </catalog>

config/src/test/resources/logback-test.xml

@@ -1,8 +1,8 @@
 <configuration>
   <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-    <encoder>
-      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-    </encoder>
+	<encoder>
+	  <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+	</encoder>
   </appender>
 
   <logger name="org.springframework.security" level="${sec.log.level}:-WARN"/>
@@ -10,7 +10,7 @@
   <logger name="org.apache.directory" level="ERROR"/>
 
   <root level="${root.level}:-WARN">
-    <appender-ref ref="STDOUT" />
+	<appender-ref ref="STDOUT" />
   </root>
 
 </configuration>

config/src/test/resources/org/springframework/security/config/method-security.xml

@@ -1,42 +1,42 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <b:beans xmlns="http://www.springframework.org/schema/security"
-    xmlns:b="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:tx="http://www.springframework.org/schema/tx"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
-        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
-
-    <tx:annotation-driven />
-
-    <b:bean name="transactionManager" class="org.springframework.security.config.MockTransactionManager" />
-
-    <b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>
-
-    <b:bean id="transactionalTarget" class="org.springframework.security.config.TransactionalTestBusinessBean">
-        <intercept-methods>
-            <protect method="*" access="ROLE_USER" />
-        </intercept-methods>
-    </b:bean>
-
-
-    <b:bean id="target" class="org.springframework.security.config.TestBusinessBeanImpl">
-        <!-- This will add a security interceptor to the bean -->
-        <intercept-methods>
-            <protect method="org.springframework.security.config.TestBusinessBean.set*" access="${admin.role}" />
-            <protect method="get*" access="${admin.role},ROLE_USER" />
-            <protect method="doSomething" access="ROLE_USER" />
-        </intercept-methods>
-    </b:bean>
-
-    <authentication-manager>
-        <authentication-provider>
-            <user-service>
-                <user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" />
-                <user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" />
-            </user-service>
-        </authentication-provider>
-    </authentication-manager>
+	xmlns:b="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
+		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+
+	<tx:annotation-driven />
+
+	<b:bean name="transactionManager" class="org.springframework.security.config.MockTransactionManager" />
+
+	<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>
+
+	<b:bean id="transactionalTarget" class="org.springframework.security.config.TransactionalTestBusinessBean">
+		<intercept-methods>
+			<protect method="*" access="ROLE_USER" />
+		</intercept-methods>
+	</b:bean>
+
+
+	<b:bean id="target" class="org.springframework.security.config.TestBusinessBeanImpl">
+		<!-- This will add a security interceptor to the bean -->
+		<intercept-methods>
+			<protect method="org.springframework.security.config.TestBusinessBean.set*" access="${admin.role}" />
+			<protect method="get*" access="${admin.role},ROLE_USER" />
+			<protect method="doSomething" access="ROLE_USER" />
+		</intercept-methods>
+	</b:bean>
+
+	<authentication-manager>
+		<authentication-provider>
+			<user-service>
+				<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" />
+				<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" />
+			</user-service>
+		</authentication-provider>
+	</authentication-manager>
 
 </b:beans>

config/src/test/resources/org/springframework/security/config/method/sec2136/sec2136.xml

@@ -1,55 +1,55 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:jpa="http://www.springframework.org/schema/data/jpa"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xmlns:jdbc="http://www.springframework.org/schema/jdbc"
-    xmlns:security="http://www.springframework.org/schema/security"
-    xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
-        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
-        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
-        http://www.springframework.org/schema/data/jpa http://www.springframework.org/schema/data/jpa/spring-jpa.xsd
-        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:jpa="http://www.springframework.org/schema/data/jpa"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:jdbc="http://www.springframework.org/schema/jdbc"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
+		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+		http://www.springframework.org/schema/data/jpa http://www.springframework.org/schema/data/jpa/spring-jpa.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 
-    <context:annotation-config />
+	<context:annotation-config />
 
-    <bean id="entityManagerFactory"
-          class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
-        <property name="dataSource" ref="dataSource" />
-        <property name="packagesToScan" value="entity" />
-        <property name="jpaVendorAdapter">
-            <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
-                <property name="showSql" value="true" />
-                <property name="generateDdl" value="false" />
-                <property name="databasePlatform" value="org.hibernate.dialect.HSQLDialect" />
-            </bean>
-        </property>
-        <property name="jpaProperties">
-            <props>
-                <prop key="hibernate.hbm2ddl.auto">create-drop</prop>
-                <prop key="hibernate.id.new_generator_mappings">true</prop>
-                <prop key="hibernate.cache.use_second_level_cache">false</prop>
-            </props>
-        </property>
-    </bean>
+	<bean id="entityManagerFactory"
+		  class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+		<property name="dataSource" ref="dataSource" />
+		<property name="packagesToScan" value="entity" />
+		<property name="jpaVendorAdapter">
+			<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
+				<property name="showSql" value="true" />
+				<property name="generateDdl" value="false" />
+				<property name="databasePlatform" value="org.hibernate.dialect.HSQLDialect" />
+			</bean>
+		</property>
+		<property name="jpaProperties">
+			<props>
+				<prop key="hibernate.hbm2ddl.auto">create-drop</prop>
+				<prop key="hibernate.id.new_generator_mappings">true</prop>
+				<prop key="hibernate.cache.use_second_level_cache">false</prop>
+			</props>
+		</property>
+	</bean>
 
-    <!-- DataSource Configuration -->
-    <jdbc:embedded-database id="dataSource"/>
+	<!-- DataSource Configuration -->
+	<jdbc:embedded-database id="dataSource"/>
 
-    <!-- Transaction Configuration -->
-    <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
-        <property name="entityManagerFactory" ref="entityManagerFactory" />
-    </bean>
+	<!-- Transaction Configuration -->
+	<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
+		<property name="entityManagerFactory" ref="entityManagerFactory" />
+	</bean>
 
-    <security:global-method-security pre-post-annotations="enabled">
-        <security:expression-handler ref="methodExpressionHandler"/>
-    </security:global-method-security>
+	<security:global-method-security pre-post-annotations="enabled">
+		<security:expression-handler ref="methodExpressionHandler"/>
+	</security:global-method-security>
 
-    <bean id="methodExpressionHandler"
-        class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
-        <property name="permissionEvaluator" ref="jpaPermEvaluator"/>
-    </bean>
+	<bean id="methodExpressionHandler"
+		class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
+		<property name="permissionEvaluator" ref="jpaPermEvaluator"/>
+	</bean>
 
-    <!-- Must be lazy init or inner bean to prevent eager loading of singletons -->
-    <bean id="jpaPermEvaluator" class="org.springframework.security.config.method.sec2136.JpaPermissionEvaluator" autowire="byType" lazy-init="true"/>
+	<!-- Must be lazy init or inner bean to prevent eager loading of singletons -->
+	<bean id="jpaPermEvaluator" class="org.springframework.security.config.method.sec2136.JpaPermissionEvaluator" autowire="byType" lazy-init="true"/>
 </beans>

config/src/test/resources/org/springframework/security/config/method/sec2499/child.xml

@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <b:beans xmlns:b="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns="http://www.springframework.org/schema/security"
-    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
-        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns="http://www.springframework.org/schema/security"
+	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
 
-    <global-method-security pre-post-annotations="enabled">
-        <expression-handler ref="expressionHandler"/>
-    </global-method-security>
+	<global-method-security pre-post-annotations="enabled">
+		<expression-handler ref="expressionHandler"/>
+	</global-method-security>
 
 </b:beans>

config/src/test/resources/org/springframework/security/config/method/sec2499/parent.xml

@@ -1,9 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
 
-    <bean id="expressionHandler"
-        class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler"/>
+	<bean id="expressionHandler"
+		class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler"/>
 
 </beans>

config/src/test/resources/org/springframework/security/util/filtertest-valid.xml

@@ -7,7 +7,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ *	   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -18,163 +18,163 @@
  *
 -->
 <beans default-lazy-init="true" xmlns="http://www.springframework.org/schema/beans"
-    xmlns:sec="http://www.springframework.org/schema/security"
-    xmlns:util="http://www.springframework.org/schema/util"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
-        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
-
-    <bean id="mockFilter" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"/>
-
-    <bean id="mockFilter2" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"/>
-
-    <!-- These are just here so we have filters of a specific type to check the ordering is as expected -->
-    <bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
-
-    <bean id="apf" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
-       <property name="authenticationManager" ref="authenticationManager"/>
-    </bean>
-
-    <sec:authentication-manager alias="authenticationManager">
-        <sec:authentication-provider>
-            <sec:user-service>
-                <sec:user name="jemima" password="password" authorities="A"/>
-            </sec:user-service>
-        </sec:authentication-provider>
-    </sec:authentication-manager>
-
-    <bean id="mockNotAFilter" class="org.springframework.security.web.util.matcher.AnyRequestMatcher"/>
-
-    <bean id="fooMatcher" class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
-        <constructor-arg value="/foo/**"/>
-    </bean>
-
-    <bean id="filterChain" class="org.springframework.security.web.FilterChainProxy">
-        <constructor-arg>
-           <list>
-               <sec:filter-chain request-matcher-ref="fooMatcher" filters="mockFilter"/>
-               <sec:filter-chain pattern="/some/other/path/**" filters="mockFilter"/>
-               <sec:filter-chain pattern="/do/not/filter" filters="none"/>
-           </list>
-        </constructor-arg>
-    </bean>
+	xmlns:sec="http://www.springframework.org/schema/security"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
+		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+
+	<bean id="mockFilter" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"/>
+
+	<bean id="mockFilter2" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"/>
+
+	<!-- These are just here so we have filters of a specific type to check the ordering is as expected -->
+	<bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
+
+	<bean id="apf" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
+	   <property name="authenticationManager" ref="authenticationManager"/>
+	</bean>
+
+	<sec:authentication-manager alias="authenticationManager">
+		<sec:authentication-provider>
+			<sec:user-service>
+				<sec:user name="jemima" password="password" authorities="A"/>
+			</sec:user-service>
+		</sec:authentication-provider>
+	</sec:authentication-manager>
+
+	<bean id="mockNotAFilter" class="org.springframework.security.web.util.matcher.AnyRequestMatcher"/>
+
+	<bean id="fooMatcher" class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
+		<constructor-arg value="/foo/**"/>
+	</bean>
+
+	<bean id="filterChain" class="org.springframework.security.web.FilterChainProxy">
+		<constructor-arg>
+		   <list>
+			   <sec:filter-chain request-matcher-ref="fooMatcher" filters="mockFilter"/>
+			   <sec:filter-chain pattern="/some/other/path/**" filters="mockFilter"/>
+			   <sec:filter-chain pattern="/do/not/filter" filters="none"/>
+		   </list>
+		</constructor-arg>
+	</bean>
 
 <!-- TODO: Refactor to replace the above (SEC-1034: 'new' is now the only valid syntax) -->
-    <bean id="newFilterChainProxy" class="org.springframework.security.web.FilterChainProxy">
-        <constructor-arg>
-           <util:list>
-                <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
-                <sec:filter-chain pattern="/some/other/path/**"
-                    filters="
-                    sif,
-                    mockFilter,
-                    mockFilter2"
-                    />
-                <sec:filter-chain pattern="/do/not/filter" filters="none"/>
-                <sec:filter-chain pattern="/**" filters="sif,apf,mockFilter"/>
-           </util:list>
-        </constructor-arg>
-    </bean>
-
-    <bean id="newFilterChainProxyNoDefaultPath" class="org.springframework.security.web.FilterChainProxy">
-        <constructor-arg>
-           <util:list>
-                <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
-                <sec:filter-chain pattern="/*.bar" filters="mockFilter,mockFilter2"/>
-           </util:list>
-        </constructor-arg>
-    </bean>
-
-    <bean id="newFilterChainProxyWrongPathOrder" class="org.springframework.security.web.FilterChainProxy">
-        <constructor-arg>
-           <util:list>
-            <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
-            <sec:filter-chain pattern="/**" filters="
-                                sif,
-                                apf,
-                                mockFilter"/>
-            <sec:filter-chain pattern="/some/other/path/**" filters="sif,mockFilter,mockFilter2"/>
-           </util:list>
-        </constructor-arg>
-        <property name="filterChainValidator" ref="fcv" />
-    </bean>
-
-    <bean id="fcv" class="org.springframework.security.config.http.DefaultFilterChainValidator" />
-
-    <bean id="newFilterChainProxyRegex" class="org.springframework.security.web.FilterChainProxy">
-        <sec:filter-chain-map request-matcher="regex">
-            <sec:filter-chain pattern="\A/foo/.*\Z" filters="mockFilter"/>
-            <sec:filter-chain pattern="\A/s[oO]me/other/path/.*\Z" filters="sif,mockFilter,mockFilter2"/>
-            <sec:filter-chain pattern="\A/do/not/filter\Z" filters="none"/>
-            <sec:filter-chain pattern="\A/.*\Z" filters="sif,apf,mockFilter"/>
-        </sec:filter-chain-map>
-    </bean>
-
-    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" />
-
-    <bean id="sec1235FilterChainProxy" class="org.springframework.security.web.FilterChainProxy">
-        <constructor-arg>
-           <util:list>
-                <sec:filter-chain pattern="${sec1235.pattern1}*" filters="sif,apf,mockFilter"/>
-                <sec:filter-chain pattern="${sec1235.pattern2}" filters="mockFilter2"/>
-                <sec:filter-chain pattern="/**" filters="sif"/>
-           </util:list>
-        </constructor-arg>
-    </bean>
-
-    <bean id="newFilterChainProxyNonNamespace" class="org.springframework.security.web.FilterChainProxy">
-        <constructor-arg>
-            <list>
-                <bean class="org.springframework.security.web.DefaultSecurityFilterChain">
-                    <constructor-arg ref="fooMatcher"/>
-                    <constructor-arg>
-                        <list>
-                          <ref local="mockFilter"/>
-                        </list>
-                    </constructor-arg>
-                </bean>
-                <bean class="org.springframework.security.web.DefaultSecurityFilterChain">
-                    <constructor-arg>
-                        <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
-                            <constructor-arg value="/some/other/path/**"/>
-                        </bean>
-                    </constructor-arg>
-                    <constructor-arg>
-                        <list>
-                            <ref local="sif"/>
-                            <ref local="mockFilter"/>
-                            <ref local="mockFilter2"/>
-                        </list>
-                    </constructor-arg>
-                </bean>
-                <bean class="org.springframework.security.web.DefaultSecurityFilterChain">
-                    <constructor-arg>
-                        <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
-                            <constructor-arg value="/do/not/filter*"/>
-                        </bean>
-                    </constructor-arg>
-                    <constructor-arg>
-                        <list />
-                    </constructor-arg>
-                </bean>
-                <bean class="org.springframework.security.web.DefaultSecurityFilterChain">
-                    <constructor-arg>
-                        <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
-                            <constructor-arg value="/**"/>
-                        </bean>
-                    </constructor-arg>
-                    <constructor-arg>
-                        <list>
-                          <ref local="sif"/>
-                          <ref local="apf"/>
-                          <ref local="mockFilter"/>
-                        </list>
-                    </constructor-arg>
-                </bean>
-            </list>
-        </constructor-arg>
-    </bean>
+	<bean id="newFilterChainProxy" class="org.springframework.security.web.FilterChainProxy">
+		<constructor-arg>
+		   <util:list>
+				<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
+				<sec:filter-chain pattern="/some/other/path/**"
+					filters="
+					sif,
+					mockFilter,
+					mockFilter2"
+					/>
+				<sec:filter-chain pattern="/do/not/filter" filters="none"/>
+				<sec:filter-chain pattern="/**" filters="sif,apf,mockFilter"/>
+		   </util:list>
+		</constructor-arg>
+	</bean>
+
+	<bean id="newFilterChainProxyNoDefaultPath" class="org.springframework.security.web.FilterChainProxy">
+		<constructor-arg>
+		   <util:list>
+				<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
+				<sec:filter-chain pattern="/*.bar" filters="mockFilter,mockFilter2"/>
+		   </util:list>
+		</constructor-arg>
+	</bean>
+
+	<bean id="newFilterChainProxyWrongPathOrder" class="org.springframework.security.web.FilterChainProxy">
+		<constructor-arg>
+		   <util:list>
+			<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
+			<sec:filter-chain pattern="/**" filters="
+								sif,
+								apf,
+								mockFilter"/>
+			<sec:filter-chain pattern="/some/other/path/**" filters="sif,mockFilter,mockFilter2"/>
+		   </util:list>
+		</constructor-arg>
+		<property name="filterChainValidator" ref="fcv" />
+	</bean>
+
+	<bean id="fcv" class="org.springframework.security.config.http.DefaultFilterChainValidator" />
+
+	<bean id="newFilterChainProxyRegex" class="org.springframework.security.web.FilterChainProxy">
+		<sec:filter-chain-map request-matcher="regex">
+			<sec:filter-chain pattern="\A/foo/.*\Z" filters="mockFilter"/>
+			<sec:filter-chain pattern="\A/s[oO]me/other/path/.*\Z" filters="sif,mockFilter,mockFilter2"/>
+			<sec:filter-chain pattern="\A/do/not/filter\Z" filters="none"/>
+			<sec:filter-chain pattern="\A/.*\Z" filters="sif,apf,mockFilter"/>
+		</sec:filter-chain-map>
+	</bean>
+
+	<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" />
+
+	<bean id="sec1235FilterChainProxy" class="org.springframework.security.web.FilterChainProxy">
+		<constructor-arg>
+		   <util:list>
+				<sec:filter-chain pattern="${sec1235.pattern1}*" filters="sif,apf,mockFilter"/>
+				<sec:filter-chain pattern="${sec1235.pattern2}" filters="mockFilter2"/>
+				<sec:filter-chain pattern="/**" filters="sif"/>
+		   </util:list>
+		</constructor-arg>
+	</bean>
+
+	<bean id="newFilterChainProxyNonNamespace" class="org.springframework.security.web.FilterChainProxy">
+		<constructor-arg>
+			<list>
+				<bean class="org.springframework.security.web.DefaultSecurityFilterChain">
+					<constructor-arg ref="fooMatcher"/>
+					<constructor-arg>
+						<list>
+						  <ref local="mockFilter"/>
+						</list>
+					</constructor-arg>
+				</bean>
+				<bean class="org.springframework.security.web.DefaultSecurityFilterChain">
+					<constructor-arg>
+						<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
+							<constructor-arg value="/some/other/path/**"/>
+						</bean>
+					</constructor-arg>
+					<constructor-arg>
+						<list>
+							<ref local="sif"/>
+							<ref local="mockFilter"/>
+							<ref local="mockFilter2"/>
+						</list>
+					</constructor-arg>
+				</bean>
+				<bean class="org.springframework.security.web.DefaultSecurityFilterChain">
+					<constructor-arg>
+						<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
+							<constructor-arg value="/do/not/filter*"/>
+						</bean>
+					</constructor-arg>
+					<constructor-arg>
+						<list />
+					</constructor-arg>
+				</bean>
+				<bean class="org.springframework.security.web.DefaultSecurityFilterChain">
+					<constructor-arg>
+						<bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
+							<constructor-arg value="/**"/>
+						</bean>
+					</constructor-arg>
+					<constructor-arg>
+						<list>
+						  <ref local="sif"/>
+						  <ref local="apf"/>
+						  <ref local="mockFilter"/>
+						</list>
+					</constructor-arg>
+				</bean>
+			</list>
+		</constructor-arg>
+	</bean>
 
 </beans>

core/pom.xml

@@ -8,285 +8,285 @@
   <description>spring-security-core</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>aopalliance</groupId>
-      <artifactId>aopalliance</artifactId>
-      <version>1.0</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-aop</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-core</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>commons-logging</artifactId>
-          <groupId>commons-logging</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-expression</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.annotation</groupId>
-      <artifactId>jsr250-api</artifactId>
-      <version>1.0</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>net.sf.ehcache</groupId>
-      <artifactId>ehcache</artifactId>
-      <version>2.9.0</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.aspectj</groupId>
-      <artifactId>aspectjrt</artifactId>
-      <version>1.8.4</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-tx</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-collections</groupId>
-      <artifactId>commons-collections</artifactId>
-      <version>3.2.1</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.hsqldb</groupId>
-      <artifactId>hsqldb</artifactId>
-      <version>2.3.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-api-mockito</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-api-support</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-core</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-module-junit4</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-module-junit4-common</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-reflect</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
+	<dependency>
+	  <groupId>aopalliance</groupId>
+	  <artifactId>aopalliance</artifactId>
+	  <version>1.0</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-aop</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-core</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>commons-logging</artifactId>
+		  <groupId>commons-logging</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-expression</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.annotation</groupId>
+	  <artifactId>jsr250-api</artifactId>
+	  <version>1.0</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>net.sf.ehcache</groupId>
+	  <artifactId>ehcache</artifactId>
+	  <version>2.9.0</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.aspectj</groupId>
+	  <artifactId>aspectjrt</artifactId>
+	  <version>1.8.4</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-tx</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-collections</groupId>
+	  <artifactId>commons-collections</artifactId>
+	  <version>3.2.1</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.hsqldb</groupId>
+	  <artifactId>hsqldb</artifactId>
+	  <version>2.3.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-api-mockito</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-api-support</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-core</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-module-junit4</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-module-junit4-common</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-reflect</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

core/src/site/site.xml

@@ -2,10 +2,10 @@
 
 <project name="Spring Security Core">
 
-    <body>
-        <menu ref="parent"/>
-        <menu ref="reports"/>
-    </body>
+	<body>
+		<menu ref="parent"/>
+		<menu ref="reports"/>
+	</body>
 
 </project>
 

core/src/test/resources/logback-test.xml

@@ -1,14 +1,14 @@
 <configuration>
   <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-    <encoder>
-      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-    </encoder>
+	<encoder>
+	  <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+	</encoder>
   </appender>
 
   <logger name="org.springframework.security" level="${sec.log.level}:-WARN"/>
 
   <root level="${root.level}:-WARN">
-    <appender-ref ref="STDOUT" />
+	<appender-ref ref="STDOUT" />
   </root>
 
 </configuration>

core/src/test/resources/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.xml

@@ -4,26 +4,26 @@
 
 <beans>
 
-    <bean id="eventCheck" class="org.springframework.security.authentication.jaas.JaasEventCheck"/>
+	<bean id="eventCheck" class="org.springframework.security.authentication.jaas.JaasEventCheck"/>
 
-    <bean id="jaasAuthenticationProvider" class="org.springframework.security.authentication.jaas.JaasAuthenticationProvider">
-        <property name="loginContextName">
-            <value>JAASTest</value>
-        </property>
-        <property name="loginConfig">
-            <value>classpath:org/springframework/security/authentication/jaas/login.conf</value>
-        </property>
-        <property name="callbackHandlers">
-            <list>
-                <bean class="org.springframework.security.authentication.jaas.TestCallbackHandler"/>
-                <bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler"/>
-                <bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler"/>
-            </list>
-        </property>
-        <property name="authorityGranters">
-            <list>
-                <bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/>
-            </list>
-        </property>
-    </bean>
+	<bean id="jaasAuthenticationProvider" class="org.springframework.security.authentication.jaas.JaasAuthenticationProvider">
+		<property name="loginContextName">
+			<value>JAASTest</value>
+		</property>
+		<property name="loginConfig">
+			<value>classpath:org/springframework/security/authentication/jaas/login.conf</value>
+		</property>
+		<property name="callbackHandlers">
+			<list>
+				<bean class="org.springframework.security.authentication.jaas.TestCallbackHandler"/>
+				<bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler"/>
+				<bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler"/>
+			</list>
+		</property>
+		<property name="authorityGranters">
+			<list>
+				<bean class="org.springframework.security.authentication.jaas.TestAuthorityGranter"/>
+			</list>
+		</property>
+	</bean>
 </beans>

crypto/pom.xml

@@ -8,88 +8,88 @@
   <description>spring-security-crypto</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

data/pom.xml

@@ -8,112 +8,112 @@
   <description>spring-security-data</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>org.springframework.data</groupId>
-      <artifactId>spring-data-commons</artifactId>
-      <version>1.9.1.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-core</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>commons-logging</artifactId>
-          <groupId>commons-logging</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>org.springframework.data</groupId>
+	  <artifactId>spring-data-commons</artifactId>
+	  <version>1.9.1.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-core</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>commons-logging</artifactId>
+		  <groupId>commons-logging</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

docs/articles/src/docbook/codebase-structure.xml

@@ -1,213 +1,213 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <?oxygen RNGSchema="http://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng" type="xml"?>
 <article xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink"
-    version="5.0">
-    <info>
-        <title>The Spring Security 3.0 Codebase</title>
-        <subtitle>Why have the packages changed in Spring Security 3.0?</subtitle>
-        <author>
-            <personname>Luke Taylor</personname>
-            <affiliation><orgname>SpringSource</orgname></affiliation></author>
-        <abstract>
-            <para>A quick introduction to the code modules and package structure of the Spring
-                Security 3.0 codebase.</para>
-        </abstract>
-    </info>
-    <sect1>
-        <title>Introduction</title>
-        <para>In versions prior to 3.0, most of Spring Security's code was contained in the
-                <filename>spring-security-core</filename> jar<footnote>
-                <para>There was also an additional <filename>spring-security-core-tiger</filename>
-                    jar which contained the Java 5 specific code. In Spring Security 3.0, Java 5 is
-                    the minimum supported platform, so this code is now part of the core.</para>
-            </footnote>. Over the years, as more features have been added, it has become more
-            difficult to track the dependencies both within the codebase itself and also on third
-            party libraries. For example, it's hard for a user to determine which of the listed
-            dependencies in the core Maven <filename>pom.xml</filename> are required for a
-            particular set of features within the framework.</para>
-        <para>In addition, the original package structure and class names have been around since the
-            framework's origins as Acegi Security in 2004, when only a few basic authentication
-            mechanisms were supported. As the amount of code has increased and the feature set has
-            expanded, this package structure has begun to show its age.</para>
-        <figure xml:id="structure-2.0.4">
-            <title>Spring Security 2.0.4 Package Structure</title>
-            <mediaobject>
-                <imageobject>
-                    <imagedata fileref="images/spring-security-2.0.4.png" scale="80" align="center"
-                    />
-                </imageobject>
-            </mediaobject>
-        </figure>
-        <para>
-            <xref linkend="structure-2.0.4"/> shows the high-level package diagram of the core,
-            core-tiger, cas-client and acl jars in the 2.0.4 release, as produced by the
-            Structure101 tool<footnote>
-                <para>Structure101 is an excellent tool for analyzing your own code or for
-                    understanding someone else's. It is developed by <link
-                        xlink:href="http://www.headwaysoftware.com">Headway Software</link>. </para>
-            </footnote>. You don't have to be an expert in code structure to realise that there is a
-            bit of a problem here. There are a lot of circular references and no clear overall
-            dependency structure within the packages. There are also some issues with packages being
-            split across jar boundaries, which can cause problems with OSGi, for example.<footnote>
-                <para>For more information on how to structure a large codebase, Juergen Hoeller's
-                        <quote>Organization of Large Code Bases</quote> is an excellent overview of
-                    the topic where he shares some of the insights gained from maintaining the
-                    Spring Framework through multiple versions. You can find him discussing the
-                    topic in an online interview <link
-                        xlink:href="http://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller"
-                        >transcript</link> and an <link
-                        xlink:href="http://www.infoq.com/presentations/code-organization-large-projects"
-                        >InfoQ video</link>. </para>
-            </footnote>. This fragility in the code structure would likely have caused a maintenance
-            overhead as Spring Security evolved, so the decision was made to restructure the code
-            for the 3.0 release to give us a stable base for future development. </para>
-        <para>Let's take a look at how things are now organised.</para>
-    </sect1>
-    <sect1>
-        <title>Spring Security 3.0</title>
-        <sect2>
-            <title>Project Jars</title>
-            <para>The first thing we did was split the core out into several jars. The
-                    <filename>spring-security-core</filename> jar now contains only basic
-                authentication and access-control code and is much cleaner. It has no dependencies
-                on LDAP or the servlet API, for example, and there are now separate jars for
-                web-specific code and for LDAP. We've also split out the namespace parsing code out
-                int a separate jar, as it depends on most of the other jars and doesn't expose any
-                public APIs that you are likely to use directly in your application. You only need
-                to use it if you are using Spring Security namespace configuration in your
-                application context XML files. The main project jars are shown in the following
-                    table.<table xml:id="jar-files-3.0">
-                    <title>Spring Security Jars</title>
-                    <tgroup cols="3" align="left">
-                        <colspec colnum="1" colname="c1" colwidth="0.59*"/>
-                        <colspec colnum="2" colname="c2" colwidth="0.92*"/>
-                        <colspec colnum="3" colname="c3" colwidth="0.88*"/>
-                        <colspec colnum="4" colname="c4" colwidth="1.61*"/>
-                        <thead>
-                            <row>
-                                <entry align="center">Jar Name</entry>
-                                <entry align="center">Description</entry>
-                                <entry align="center">When to use</entry>
-                                <entry align="center">Root Package(s)</entry>
-                            </row>
-                        </thead>
-                        <tbody>
-                            <row>
-                                <entry valign="middle">spring-security-core</entry>
-                                <entry>Core authentication and access-contol classes and interfaces.
-                                    Remoting support and basic provisioning APIs.</entry>
-                                <entry>Required by any application which uses Spring Security.
-                                    Supports standalone applications, remote clients, method
-                                    (service layer) security and JDBC user provisioning.</entry>
-                                <entry>
-                                    <literal>org.springframework.security.core</literal>,
-                                        <literal>org.springframework.security.access</literal>,
-                                        <literal>org.springframework.security.authentication</literal>,
-                                        <literal>org.springframework.security.provisioning</literal>,
-                                        <literal>org.springframework.security.remoting</literal>
-                                </entry>
-                            </row>
-                            <row>
-                                <entry valign="middle">spring-security-web</entry>
-                                <entry>Filters and other web-security infrastructure and related
-                                    code. Anything with a servlet API dependency.</entry>
-                                <entry>If you require Spring Security web authentication services
-                                    and URL-based access-control</entry>
-                                <entry><literal>org.springframework.security.web</literal></entry>
-                            </row>
-                            <row>
-                                <entry valign="middle">spring-security-config</entry>
-                                <entry>Namespace parsing code.</entry>
-                                <entry>If you are using the Spring Security XML namespace.</entry>
-                                <entry><literal>org.springframework.security.config</literal></entry>
-                            </row>
-                            <row>
-                                <entry valign="middle">spring-security-ldap</entry>
-                                <entry>LDAP authentication and provisioning code.</entry>
-                                <entry>If you need to use LDAP authentication or manage LDAP user
-                                    entries.</entry>
-                                <entry><literal>org.springframework.security.ldap</literal></entry>
-                            </row>
-                            <row>
-                                <entry valign="middle">spring-security-acl</entry>
-                                <entry>Domain object ACL implementation.</entry>
-                                <entry>If you need to apply security to specific domain object
-                                    instances within your application.</entry>
-                                <entry><literal>org.springframework.security.acls</literal></entry>
-                            </row>
-                            <row>
-                                <entry valign="middle">spring-security-cas-client</entry>
-                                <entry>Spring Security's CAS client integration.</entry>
-                                <entry>If you want to use Spring Security web authentication with a
-                                    CAS single sign-on server.</entry>
-                                <entry><literal>org.springframework.security.cas</literal></entry>
-                            </row>
-                            <row>
-                                <entry valign="middle">spring-security-openid</entry>
-                                <entry>OpenID web authentication support.</entry>
-                                <entry>If you need to authenticate users against an external OpenID
-                                    server.</entry>
-                                <entry><literal>org.springframework.security.openid</literal></entry>
-                            </row>
-                        </tbody>
-                    </tgroup>
-                </table></para>
-            <para>There is now a clearer separation of concerns at the jar level. For example, you
-                only need the web jar (and its transitive dependencies) if you are writing a web
-                application. This also makes the code easier to navigate and understand. The
-                dependencies between the 3.0 jars which now make up the same code set of code we
-                looked at for version 2.0.4 are shown in <xref linkend="jar-deps-3.0"/>. <figure
-                    xml:id="jar-deps-3.0">
-                    <title>Inter-Jar Dependencies</title>
-                    <mediaobject>
-                        <imageobject>
-                            <imagedata fileref="images/spring-security-3.0.0.M2-jars.png"
-                                align="center"/>
-                        </imageobject>
-                    </mediaobject>
-                </figure></para>
-        </sect2>
-        <sect2>
-            <title>Package Structure</title>
-            <para>The package layout in 3.0 is show in <xref linkend="structure-3.0"/>. As you can
-                see, there are no longer any circular references and the structure is much clearer.
-                The <filename>core</filename> package and sub packages contain the basic classes and
-                interfaces which are used throughout the framework and the other two main packages
-                within the core jar are <filename>authentication</filename> and
-                    <filename>access</filename>. The <filename>access</filename> package containst
-                access-control/authorization code such as the
-                    <interfacename>AccessDecisionManager</interfacename> and related voter-based
-                implementations, the interception and method security infrastructure, annotation
-                classes and support for Spring Security 3.0's expression-based access control. The
-                    <filename>authentication</filename> package contains the
-                    <interfacename>AuthenticationManager</interfacename> and related classes (such
-                as authentication exception classes), the simple DAO-based authentication provider
-                and password-encoders. <figure xml:id="structure-3.0">
-                    <title>Spring Security 3.0.0.M1 Package Structure</title>
-                    <mediaobject>
-                        <imageobject>
-                            <imagedata fileref="images/spring-security-3.0.0.M1.png" align="center"
-                            />
-                        </imageobject>
-                    </mediaobject>
-                </figure></para>
-        </sect2>
-    </sect1>
-    <sect1>
-        <title>How will these changes affect you?</title>
-        <para>If you are developing a new application then obviously you won't be affected, other
-            than by starting out with new package names. But what if you are upgrading an existing
-            application or another framework to use Spring Security 3.0. The first thing is that you
-            will obviously need to update build paths and dependency lists to take account of the
-            new jar modules, but the divisions there are straightforward (see the table above). How
-            much the package restructuring will affect you will depend on how much you use the
-            framework classes directly or in explicit bean configurations (if you are only using the
-            namespace for configuration then it will hide the changes from you). Your IDE should be
-            able to help with changing imports and finding out where classes have moved to (a simple
-                <command>Ctrl-Shift-T</command>or <command>Ctrl-Shift-O</command> in Eclipse can do
-            wonders).</para>
-        <para>There are other changes in 3.0 that will affect some users who want to upgrade but for
-            the most part, the underlying architecture is unchanged.</para>
-        <para>We hope you enjoy using Spring Security 3.0.</para>
-    </sect1>
+	version="5.0">
+	<info>
+		<title>The Spring Security 3.0 Codebase</title>
+		<subtitle>Why have the packages changed in Spring Security 3.0?</subtitle>
+		<author>
+			<personname>Luke Taylor</personname>
+			<affiliation><orgname>SpringSource</orgname></affiliation></author>
+		<abstract>
+			<para>A quick introduction to the code modules and package structure of the Spring
+				Security 3.0 codebase.</para>
+		</abstract>
+	</info>
+	<sect1>
+		<title>Introduction</title>
+		<para>In versions prior to 3.0, most of Spring Security's code was contained in the
+				<filename>spring-security-core</filename> jar<footnote>
+				<para>There was also an additional <filename>spring-security-core-tiger</filename>
+					jar which contained the Java 5 specific code. In Spring Security 3.0, Java 5 is
+					the minimum supported platform, so this code is now part of the core.</para>
+			</footnote>. Over the years, as more features have been added, it has become more
+			difficult to track the dependencies both within the codebase itself and also on third
+			party libraries. For example, it's hard for a user to determine which of the listed
+			dependencies in the core Maven <filename>pom.xml</filename> are required for a
+			particular set of features within the framework.</para>
+		<para>In addition, the original package structure and class names have been around since the
+			framework's origins as Acegi Security in 2004, when only a few basic authentication
+			mechanisms were supported. As the amount of code has increased and the feature set has
+			expanded, this package structure has begun to show its age.</para>
+		<figure xml:id="structure-2.0.4">
+			<title>Spring Security 2.0.4 Package Structure</title>
+			<mediaobject>
+				<imageobject>
+					<imagedata fileref="images/spring-security-2.0.4.png" scale="80" align="center"
+					/>
+				</imageobject>
+			</mediaobject>
+		</figure>
+		<para>
+			<xref linkend="structure-2.0.4"/> shows the high-level package diagram of the core,
+			core-tiger, cas-client and acl jars in the 2.0.4 release, as produced by the
+			Structure101 tool<footnote>
+				<para>Structure101 is an excellent tool for analyzing your own code or for
+					understanding someone else's. It is developed by <link
+						xlink:href="http://www.headwaysoftware.com">Headway Software</link>. </para>
+			</footnote>. You don't have to be an expert in code structure to realise that there is a
+			bit of a problem here. There are a lot of circular references and no clear overall
+			dependency structure within the packages. There are also some issues with packages being
+			split across jar boundaries, which can cause problems with OSGi, for example.<footnote>
+				<para>For more information on how to structure a large codebase, Juergen Hoeller's
+						<quote>Organization of Large Code Bases</quote> is an excellent overview of
+					the topic where he shares some of the insights gained from maintaining the
+					Spring Framework through multiple versions. You can find him discussing the
+					topic in an online interview <link
+						xlink:href="http://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller"
+						>transcript</link> and an <link
+						xlink:href="http://www.infoq.com/presentations/code-organization-large-projects"
+						>InfoQ video</link>. </para>
+			</footnote>. This fragility in the code structure would likely have caused a maintenance
+			overhead as Spring Security evolved, so the decision was made to restructure the code
+			for the 3.0 release to give us a stable base for future development. </para>
+		<para>Let's take a look at how things are now organised.</para>
+	</sect1>
+	<sect1>
+		<title>Spring Security 3.0</title>
+		<sect2>
+			<title>Project Jars</title>
+			<para>The first thing we did was split the core out into several jars. The
+					<filename>spring-security-core</filename> jar now contains only basic
+				authentication and access-control code and is much cleaner. It has no dependencies
+				on LDAP or the servlet API, for example, and there are now separate jars for
+				web-specific code and for LDAP. We've also split out the namespace parsing code out
+				int a separate jar, as it depends on most of the other jars and doesn't expose any
+				public APIs that you are likely to use directly in your application. You only need
+				to use it if you are using Spring Security namespace configuration in your
+				application context XML files. The main project jars are shown in the following
+					table.<table xml:id="jar-files-3.0">
+					<title>Spring Security Jars</title>
+					<tgroup cols="3" align="left">
+						<colspec colnum="1" colname="c1" colwidth="0.59*"/>
+						<colspec colnum="2" colname="c2" colwidth="0.92*"/>
+						<colspec colnum="3" colname="c3" colwidth="0.88*"/>
+						<colspec colnum="4" colname="c4" colwidth="1.61*"/>
+						<thead>
+							<row>
+								<entry align="center">Jar Name</entry>
+								<entry align="center">Description</entry>
+								<entry align="center">When to use</entry>
+								<entry align="center">Root Package(s)</entry>
+							</row>
+						</thead>
+						<tbody>
+							<row>
+								<entry valign="middle">spring-security-core</entry>
+								<entry>Core authentication and access-contol classes and interfaces.
+									Remoting support and basic provisioning APIs.</entry>
+								<entry>Required by any application which uses Spring Security.
+									Supports standalone applications, remote clients, method
+									(service layer) security and JDBC user provisioning.</entry>
+								<entry>
+									<literal>org.springframework.security.core</literal>,
+										<literal>org.springframework.security.access</literal>,
+										<literal>org.springframework.security.authentication</literal>,
+										<literal>org.springframework.security.provisioning</literal>,
+										<literal>org.springframework.security.remoting</literal>
+								</entry>
+							</row>
+							<row>
+								<entry valign="middle">spring-security-web</entry>
+								<entry>Filters and other web-security infrastructure and related
+									code. Anything with a servlet API dependency.</entry>
+								<entry>If you require Spring Security web authentication services
+									and URL-based access-control</entry>
+								<entry><literal>org.springframework.security.web</literal></entry>
+							</row>
+							<row>
+								<entry valign="middle">spring-security-config</entry>
+								<entry>Namespace parsing code.</entry>
+								<entry>If you are using the Spring Security XML namespace.</entry>
+								<entry><literal>org.springframework.security.config</literal></entry>
+							</row>
+							<row>
+								<entry valign="middle">spring-security-ldap</entry>
+								<entry>LDAP authentication and provisioning code.</entry>
+								<entry>If you need to use LDAP authentication or manage LDAP user
+									entries.</entry>
+								<entry><literal>org.springframework.security.ldap</literal></entry>
+							</row>
+							<row>
+								<entry valign="middle">spring-security-acl</entry>
+								<entry>Domain object ACL implementation.</entry>
+								<entry>If you need to apply security to specific domain object
+									instances within your application.</entry>
+								<entry><literal>org.springframework.security.acls</literal></entry>
+							</row>
+							<row>
+								<entry valign="middle">spring-security-cas-client</entry>
+								<entry>Spring Security's CAS client integration.</entry>
+								<entry>If you want to use Spring Security web authentication with a
+									CAS single sign-on server.</entry>
+								<entry><literal>org.springframework.security.cas</literal></entry>
+							</row>
+							<row>
+								<entry valign="middle">spring-security-openid</entry>
+								<entry>OpenID web authentication support.</entry>
+								<entry>If you need to authenticate users against an external OpenID
+									server.</entry>
+								<entry><literal>org.springframework.security.openid</literal></entry>
+							</row>
+						</tbody>
+					</tgroup>
+				</table></para>
+			<para>There is now a clearer separation of concerns at the jar level. For example, you
+				only need the web jar (and its transitive dependencies) if you are writing a web
+				application. This also makes the code easier to navigate and understand. The
+				dependencies between the 3.0 jars which now make up the same code set of code we
+				looked at for version 2.0.4 are shown in <xref linkend="jar-deps-3.0"/>. <figure
+					xml:id="jar-deps-3.0">
+					<title>Inter-Jar Dependencies</title>
+					<mediaobject>
+						<imageobject>
+							<imagedata fileref="images/spring-security-3.0.0.M2-jars.png"
+								align="center"/>
+						</imageobject>
+					</mediaobject>
+				</figure></para>
+		</sect2>
+		<sect2>
+			<title>Package Structure</title>
+			<para>The package layout in 3.0 is show in <xref linkend="structure-3.0"/>. As you can
+				see, there are no longer any circular references and the structure is much clearer.
+				The <filename>core</filename> package and sub packages contain the basic classes and
+				interfaces which are used throughout the framework and the other two main packages
+				within the core jar are <filename>authentication</filename> and
+					<filename>access</filename>. The <filename>access</filename> package containst
+				access-control/authorization code such as the
+					<interfacename>AccessDecisionManager</interfacename> and related voter-based
+				implementations, the interception and method security infrastructure, annotation
+				classes and support for Spring Security 3.0's expression-based access control. The
+					<filename>authentication</filename> package contains the
+					<interfacename>AuthenticationManager</interfacename> and related classes (such
+				as authentication exception classes), the simple DAO-based authentication provider
+				and password-encoders. <figure xml:id="structure-3.0">
+					<title>Spring Security 3.0.0.M1 Package Structure</title>
+					<mediaobject>
+						<imageobject>
+							<imagedata fileref="images/spring-security-3.0.0.M1.png" align="center"
+							/>
+						</imageobject>
+					</mediaobject>
+				</figure></para>
+		</sect2>
+	</sect1>
+	<sect1>
+		<title>How will these changes affect you?</title>
+		<para>If you are developing a new application then obviously you won't be affected, other
+			than by starting out with new package names. But what if you are upgrading an existing
+			application or another framework to use Spring Security 3.0. The first thing is that you
+			will obviously need to update build paths and dependency lists to take account of the
+			new jar modules, but the divisions there are straightforward (see the table above). How
+			much the package restructuring will affect you will depend on how much you use the
+			framework classes directly or in explicit bean configurations (if you are only using the
+			namespace for configuration then it will hide the changes from you). Your IDE should be
+			able to help with changing imports and finding out where classes have moved to (a simple
+				<command>Ctrl-Shift-T</command>or <command>Ctrl-Shift-O</command> in Eclipse can do
+			wonders).</para>
+		<para>There are other changes in 3.0 that will affect some users who want to upgrade but for
+			the most part, the underlying architecture is unchanged.</para>
+		<para>We hope you enjoy using Spring Security 3.0.</para>
+	</sect1>
 </article>

docs/faq/src/docbook/faq.xml

@@ -1,952 +1,952 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <?oxygen RNGSchema="http://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng" type="xml"?>
 <article class="faq" xml:id="spring-security-faq" xmlns="http://docbook.org/ns/docbook"
-    xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
-    <info>
-        <title>Frequently Answered Questions (FAQ)</title>
-    </info>
-    <section>
-        <title>General Questions</title>
-        <qandaset>
-            <qandadiv>
-                <qandaentry xml:id="faq-other-concerns">
-                    <question>
-                        <para>Will Spring Security take care of all my application security
-                            requirements?</para>
-                    </question>
-                    <answer>
-                        <para> Spring Security provides you with a very flexible framework for your
-                            authentication and authorization requirements, but there are many other
-                            considerations for building a secure application that are outside its
-                            scope. Web applications are vulnerable to all kinds of attacks which you
-                            should be familiar with, preferably before you start development so you
-                            can design and code with them in mind from the beginning. Check out the
-                            <link xlink:href="http://www.owasp.org/">OWASP web site</link> for
-                            information on the major issues facing web application developers and
-                            the countermeasures you can use against them.</para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-web-xml">
-                    <question>
-                        <para>Why not just use web.xml security?</para>
-                    </question>
-                    <answer>
-                        <para>Let's assume you're developing an enterprise application based on
-                            Spring. There are four security concerns you typically need to address:
-                            authentication, web request security, service layer security (i.e. your
-                            methods that implement business logic), and domain object instance
-                            security (i.e. different domain objects have different permissions).
-                            With these typical requirements in mind: <orderedlist>
-                            <listitem>
-                                <para><emphasis>Authentication</emphasis>: The servlet specification
-                                    provides an approach to authentication. However, you will need
-                                    to configure the container to perform authentication which
-                                    typically requires editing of container-specific "realm"
-                                    settings. This makes a non-portable configuration, and if you
-                                    need to write an actual Java class to implement the container's
-                                    authentication interface, it becomes even more non-portable.
-                                    With Spring Security you achieve complete portability - right
-                                    down to the WAR level. Also, Spring Security offers a choice of
-                                    production-proven authentication providers and mechanisms,
-                                    meaning you can switch your authentication approaches at
-                                    deployment time. This is particularly valuable for software
-                                    vendors writing products that need to work in an unknown target
-                                    environment.</para>
-                            </listitem>
-                            <listitem>
-                                <para><emphasis>Web request security:</emphasis> The servlet
-                                    specification provides an approach to secure your request URIs.
-                                    However, these URIs can only be expressed in the servlet
-                                    specification's own limited URI path format. Spring Security
-                                    provides a far more comprehensive approach. For instance, you
-                                    can use Ant paths or regular expressions, you can consider parts
-                                    of the URI other than simply the requested page (e.g. you can
-                                    consider HTTP GET parameters) and you can implement your own
-                                    runtime source of configuration data. This means your web
-                                    request security can be dynamically changed during the actual
-                                    execution of your webapp.</para>
-                            </listitem>
-                            <listitem>
-                                <para><emphasis>Service layer and domain object security:</emphasis>
-                                    The absence of support in the servlet specification for services
-                                    layer security or domain object instance security represent
-                                    serious limitations for multi-tiered applications. Typically
-                                    developers either ignore these requirements, or implement
-                                    security logic within their MVC controller code (or even worse,
-                                    inside the views). There are serious disadvantages with this
-                                    approach: <orderedlist>
-                                    <listitem>
-                                        <para><emphasis>Separation of concerns:</emphasis>
-                                            Authorization is a crosscutting concern and should be
-                                            implemented as such. MVC controllers or views
-                                            implementing authorization code makes it more difficult
-                                            to test both the controller and authorization logic,
-                                            more difficult to debug, and will often lead to code
-                                            duplication.</para>
-                                    </listitem>
-                                    <listitem>
-                                        <para><emphasis>Support for rich clients and web
-                                            services:</emphasis> If an additional client type must
-                                            ultimately be supported, any authorization code embedded
-                                            within the web layer is non-reusable. It should be
-                                            considered that Spring remoting exporters only export
-                                            service layer beans (not MVC controllers). As such
-                                            authorization logic needs to be located in the services
-                                            layer to support a multitude of client types.</para>
-                                    </listitem>
-                                    <listitem>
-                                        <para><emphasis>Layering issues:</emphasis> An MVC
-                                            controller or view is simply the incorrect architectural
-                                            layer to implement authorization decisions concerning
-                                            services layer methods or domain object instances.
-                                            Whilst the Principal may be passed to the services layer
-                                            to enable it to make the authorization decision, doing
-                                            so would introduce an additional argument on every
-                                            services layer method. A more elegant approach is to use
-                                            a ThreadLocal to hold the Principal, although this would
-                                            likely increase development time to a point where it
-                                            would become more economical (on a cost-benefit basis)
-                                            to simply use a dedicated security framework.</para>
-                                    </listitem>
-                                    <listitem>
-                                        <para><emphasis>Authorisation code quality:</emphasis> It is
-                                            often said of web frameworks that they "make it easier
-                                            to do the right things, and harder to do the wrong
-                                            things". Security frameworks are the same, because they
-                                            are designed in an abstract manner for a wide range of
-                                            purposes. Writing your own authorization code from
-                                            scratch does not provide the "design check" a framework
-                                            would offer, and in-house authorization code will
-                                            typically lack the improvements that emerge from
-                                            widespread deployment, peer review and new versions.
-                                        </para>
-                                    </listitem>
-                                    </orderedlist></para>
-                            </listitem>
-                            </orderedlist></para>
-                        <para> For simple applications, servlet specification security may just be
-                            enough. Although when considered within the context of web container
-                            portability, configuration requirements, limited web request security
-                            flexibility, and non-existent services layer and domain object instance
-                            security, it becomes clear why developers often look to alternative
-                            solutions. </para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-requirements">
-                    <question>
-                        <para>What Java and Spring Framework versions are required?</para>
-                    </question>
-                    <answer>
-                        <para> Spring Security 3.0 and 3.1 require at least JDK 1.5 and also
-                            require Spring 3.0.3 as a minimum. Ideally you should be using the latest
-                            release versions to avoid problems.
-                        </para>
-                        <para> Spring Security 2.0.x requires a minimum JDK version of 1.4 and is
-                            built against Spring 2.0.x. It should also be compatible with
-                            applications using Spring 2.5.x. </para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-start-simple">
-                    <question>
-                        <para> I'm new to Spring Security and I need to build an application that
-                            supports CAS single sign-on over HTTPS, while allowing Basic
-                            authentication locally for certain URLs, authenticating against multiple
-                            back end user information sources (LDAP and JDBC). I've copied some
-                            configuration files I found but it doesn't work. What could be wrong? </para>
-                        <para>Or subsititute an alternative complex scenario...</para>
-                    </question>
-                    <answer>
-                        <para> Realistically, you need an understanding of the technolgies you are
-                            intending to use before you can successfully build applications with
-                            them. Security is complicated. Setting up a simple configuration using a
-                            login form and some hard-coded users using Spring Security's namespace
-                            is reasonably straightforward. Moving to using a backed JDBC database is
-                            also easy enough. But if you try and jump straight to a complicated
-                            deployment scenario like this you will almost certainly be frustrated.
-                            There is a big jump in the learning curve required to set up systems
-                            like CAS, configure LDAP servers and install SSL certificates properly.
-                            So you need to take things one step at a time. </para>
-                        <para> From a Spring Security perspective, the first thing you should do is
-                            follow the <quote>Getting Started</quote> guide on the web site. This
-                            will take you through a series of steps to get up and running and get
-                            some idea of how the framework operates. If you are using other
-                            technologies which you aren't familiar with then you should do some
-                            research and try to make sure you can use them in isolation before
-                            combining them in a complex system. </para>
-                    </answer>
-                </qandaentry>
-            </qandadiv>
-        </qandaset>
-    </section>
-    <section>
-        <title>Common Problems</title>
-        <qandaset>
-            <qandadiv>
-                <title>Authentication</title>
-                <qandaentry xml:id="faq-bad-credentials">
-                    <question>
-                        <para>When I try to log in, I get an error message that says "Bad
-                            Credentials". What's wrong?</para>
-                    </question>
-                    <answer>
-                        <para>This means that authentication has failed. It doesn't say why, as it
-                            is good practice to avoid giving details which might help an attacker
-                            guess account names or passwords.</para>
-                        <para>This also means that if you ask this question in the forum, you will
-                            not get an answer unless you provide additional information. As with any
-                            issue you should check the output from the debug log, note any exception
-                            stacktraces and related messages. Step through the code in a debugger to
-                            see where the authentication fails and why. Write a test case which
-                            exercises your authentication configuration outside of the application.
-                            More often than not, the failure is due to a difference in the password
-                            data stored in a database and that entered by the user. If you are using
-                            hashed passwords, make sure the value stored in your database is
-                            <emphasis>exactly</emphasis> the same as the value produced by the
-                            <interfacename>PasswordEncoder</interfacename> configured in your
-                            application.</para>
-                    </answer>
-                </qandaentry>
+	xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
+	<info>
+		<title>Frequently Answered Questions (FAQ)</title>
+	</info>
+	<section>
+		<title>General Questions</title>
+		<qandaset>
+			<qandadiv>
+				<qandaentry xml:id="faq-other-concerns">
+					<question>
+						<para>Will Spring Security take care of all my application security
+							requirements?</para>
+					</question>
+					<answer>
+						<para> Spring Security provides you with a very flexible framework for your
+							authentication and authorization requirements, but there are many other
+							considerations for building a secure application that are outside its
+							scope. Web applications are vulnerable to all kinds of attacks which you
+							should be familiar with, preferably before you start development so you
+							can design and code with them in mind from the beginning. Check out the
+							<link xlink:href="http://www.owasp.org/">OWASP web site</link> for
+							information on the major issues facing web application developers and
+							the countermeasures you can use against them.</para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-web-xml">
+					<question>
+						<para>Why not just use web.xml security?</para>
+					</question>
+					<answer>
+						<para>Let's assume you're developing an enterprise application based on
+							Spring. There are four security concerns you typically need to address:
+							authentication, web request security, service layer security (i.e. your
+							methods that implement business logic), and domain object instance
+							security (i.e. different domain objects have different permissions).
+							With these typical requirements in mind: <orderedlist>
+							<listitem>
+								<para><emphasis>Authentication</emphasis>: The servlet specification
+									provides an approach to authentication. However, you will need
+									to configure the container to perform authentication which
+									typically requires editing of container-specific "realm"
+									settings. This makes a non-portable configuration, and if you
+									need to write an actual Java class to implement the container's
+									authentication interface, it becomes even more non-portable.
+									With Spring Security you achieve complete portability - right
+									down to the WAR level. Also, Spring Security offers a choice of
+									production-proven authentication providers and mechanisms,
+									meaning you can switch your authentication approaches at
+									deployment time. This is particularly valuable for software
+									vendors writing products that need to work in an unknown target
+									environment.</para>
+							</listitem>
+							<listitem>
+								<para><emphasis>Web request security:</emphasis> The servlet
+									specification provides an approach to secure your request URIs.
+									However, these URIs can only be expressed in the servlet
+									specification's own limited URI path format. Spring Security
+									provides a far more comprehensive approach. For instance, you
+									can use Ant paths or regular expressions, you can consider parts
+									of the URI other than simply the requested page (e.g. you can
+									consider HTTP GET parameters) and you can implement your own
+									runtime source of configuration data. This means your web
+									request security can be dynamically changed during the actual
+									execution of your webapp.</para>
+							</listitem>
+							<listitem>
+								<para><emphasis>Service layer and domain object security:</emphasis>
+									The absence of support in the servlet specification for services
+									layer security or domain object instance security represent
+									serious limitations for multi-tiered applications. Typically
+									developers either ignore these requirements, or implement
+									security logic within their MVC controller code (or even worse,
+									inside the views). There are serious disadvantages with this
+									approach: <orderedlist>
+									<listitem>
+										<para><emphasis>Separation of concerns:</emphasis>
+											Authorization is a crosscutting concern and should be
+											implemented as such. MVC controllers or views
+											implementing authorization code makes it more difficult
+											to test both the controller and authorization logic,
+											more difficult to debug, and will often lead to code
+											duplication.</para>
+									</listitem>
+									<listitem>
+										<para><emphasis>Support for rich clients and web
+											services:</emphasis> If an additional client type must
+											ultimately be supported, any authorization code embedded
+											within the web layer is non-reusable. It should be
+											considered that Spring remoting exporters only export
+											service layer beans (not MVC controllers). As such
+											authorization logic needs to be located in the services
+											layer to support a multitude of client types.</para>
+									</listitem>
+									<listitem>
+										<para><emphasis>Layering issues:</emphasis> An MVC
+											controller or view is simply the incorrect architectural
+											layer to implement authorization decisions concerning
+											services layer methods or domain object instances.
+											Whilst the Principal may be passed to the services layer
+											to enable it to make the authorization decision, doing
+											so would introduce an additional argument on every
+											services layer method. A more elegant approach is to use
+											a ThreadLocal to hold the Principal, although this would
+											likely increase development time to a point where it
+											would become more economical (on a cost-benefit basis)
+											to simply use a dedicated security framework.</para>
+									</listitem>
+									<listitem>
+										<para><emphasis>Authorisation code quality:</emphasis> It is
+											often said of web frameworks that they "make it easier
+											to do the right things, and harder to do the wrong
+											things". Security frameworks are the same, because they
+											are designed in an abstract manner for a wide range of
+											purposes. Writing your own authorization code from
+											scratch does not provide the "design check" a framework
+											would offer, and in-house authorization code will
+											typically lack the improvements that emerge from
+											widespread deployment, peer review and new versions.
+										</para>
+									</listitem>
+									</orderedlist></para>
+							</listitem>
+							</orderedlist></para>
+						<para> For simple applications, servlet specification security may just be
+							enough. Although when considered within the context of web container
+							portability, configuration requirements, limited web request security
+							flexibility, and non-existent services layer and domain object instance
+							security, it becomes clear why developers often look to alternative
+							solutions. </para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-requirements">
+					<question>
+						<para>What Java and Spring Framework versions are required?</para>
+					</question>
+					<answer>
+						<para> Spring Security 3.0 and 3.1 require at least JDK 1.5 and also
+							require Spring 3.0.3 as a minimum. Ideally you should be using the latest
+							release versions to avoid problems.
+						</para>
+						<para> Spring Security 2.0.x requires a minimum JDK version of 1.4 and is
+							built against Spring 2.0.x. It should also be compatible with
+							applications using Spring 2.5.x. </para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-start-simple">
+					<question>
+						<para> I'm new to Spring Security and I need to build an application that
+							supports CAS single sign-on over HTTPS, while allowing Basic
+							authentication locally for certain URLs, authenticating against multiple
+							back end user information sources (LDAP and JDBC). I've copied some
+							configuration files I found but it doesn't work. What could be wrong? </para>
+						<para>Or subsititute an alternative complex scenario...</para>
+					</question>
+					<answer>
+						<para> Realistically, you need an understanding of the technolgies you are
+							intending to use before you can successfully build applications with
+							them. Security is complicated. Setting up a simple configuration using a
+							login form and some hard-coded users using Spring Security's namespace
+							is reasonably straightforward. Moving to using a backed JDBC database is
+							also easy enough. But if you try and jump straight to a complicated
+							deployment scenario like this you will almost certainly be frustrated.
+							There is a big jump in the learning curve required to set up systems
+							like CAS, configure LDAP servers and install SSL certificates properly.
+							So you need to take things one step at a time. </para>
+						<para> From a Spring Security perspective, the first thing you should do is
+							follow the <quote>Getting Started</quote> guide on the web site. This
+							will take you through a series of steps to get up and running and get
+							some idea of how the framework operates. If you are using other
+							technologies which you aren't familiar with then you should do some
+							research and try to make sure you can use them in isolation before
+							combining them in a complex system. </para>
+					</answer>
+				</qandaentry>
+			</qandadiv>
+		</qandaset>
+	</section>
+	<section>
+		<title>Common Problems</title>
+		<qandaset>
+			<qandadiv>
+				<title>Authentication</title>
+				<qandaentry xml:id="faq-bad-credentials">
+					<question>
+						<para>When I try to log in, I get an error message that says "Bad
+							Credentials". What's wrong?</para>
+					</question>
+					<answer>
+						<para>This means that authentication has failed. It doesn't say why, as it
+							is good practice to avoid giving details which might help an attacker
+							guess account names or passwords.</para>
+						<para>This also means that if you ask this question in the forum, you will
+							not get an answer unless you provide additional information. As with any
+							issue you should check the output from the debug log, note any exception
+							stacktraces and related messages. Step through the code in a debugger to
+							see where the authentication fails and why. Write a test case which
+							exercises your authentication configuration outside of the application.
+							More often than not, the failure is due to a difference in the password
+							data stored in a database and that entered by the user. If you are using
+							hashed passwords, make sure the value stored in your database is
+							<emphasis>exactly</emphasis> the same as the value produced by the
+							<interfacename>PasswordEncoder</interfacename> configured in your
+							application.</para>
+					</answer>
+				</qandaentry>
 
-                <qandaentry xml:id="faq-login-loop">
-                    <question>
-                        <para>My application goes into an "endless loop" when I try to login, what's
-                            going on?</para>
-                    </question>
-                    <answer>
-                        <para>A common user problem with infinite loop and redirecting to the login
-                            page is caused by accidently configuring the login page as a "secured"
-                            resource. Make sure your configuration allows anonymous access to the
-                            login page, either by excluding it from the security filter chain or
-                            marking it as requiring ROLE_ANONYMOUS.</para>
-                        <para>If your AccessDecisionManager includes an AuthenticatedVoter, you can
-                            use the attribute "IS_AUTHENTICATED_ANONYMOUSLY". This is automatically
-                            available if you are using the standard namespace configuration setup. </para>
-                        <para> From Spring Security 2.0.1 onwards, when you are using
-                            namespace-based configuration, a check will be made on loading the
-                            application context and a warning message logged if your login page
-                            appears to be protected. </para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-anon-access-denied">
-                    <question>
-                        <para>I get an exception with the message "Access is denied (user is
-                            anonymous);". What's wrong?</para>
-                    </question>
-                    <answer>
-                        <para> This is a debug level message which occurs the first time an
-                            anonymous user attempts to access a protected resource.
-                            <programlisting>
-    DEBUG [ExceptionTranslationFilter] - Access is denied (user is anonymous); redirecting to authentication entry point
-    org.springframework.security.AccessDeniedException: Access is denied
-    at org.springframework.security.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
-    at org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:262)
-                </programlisting>
-                            It is normal and shouldn't be anything to worry about. </para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-cached-secure-page">
-                    <question>
-                        <para>Why can I still see a secured page even after I've logged out of my
-                            application?</para>
-                    </question>
-                    <answer>
-                        <para>The most common reason for this is that your browser has cached the
-                            page and you are seeing a copy which is being retrieved from the
-                            browsers cache. Verify this by checking whether the browser is actually
-                            sending the request (check your server access logs, the debug log or use
-                            a suitable browser debugging plugin such as <quote>Tamper Data</quote>
-                            for Firefox). This has nothing to do with Spring Security and you should
-                            configure your application or server to set the appropriate
-                            <literal>Cache-Control</literal> response headers. Note that SSL
-                            requests are never cached.</para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="auth-exception-credentials-not-found">
-                    <question>
-                        <para>I get an exception with the message "An Authentication object was not
-                            found in the SecurityContext". What's wrong?</para>
-                    </question>
-                    <answer>
-                        <para> This is a another debug level message which occurs the first time an
-                            anonymous user attempts to access a protected resource, but when you do
-                            not have an <classname>AnonymousAuthenticationFilter</classname> in your
-                            filter chain configuration.
-                            <programlisting>
-    DEBUG [ExceptionTranslationFilter] - Authentication exception occurred; redirecting to authentication entry point
-    org.springframework.security.AuthenticationCredentialsNotFoundException:
-                   An Authentication object was not found in the SecurityContext
-    at org.springframework.security.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:342)
-    at org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:254)
-                </programlisting>
-                            It is normal and shouldn't be anything to worry about. </para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-ldap-authentication">
-                    <question><para>I can't get LDAP authentication to work. What's wrong with my configuration?</para></question>
-                    <answer>
-                        <para>
-                            Note that the permissions for an LDAP directory often do not allow you to read the password
-                            for a user. Hence it is often not possible to use the <link linkend="faq-what-is-userdetailservice"><interfacename>UserDetailsService</interfacename>
-                            approach</link> where Spring Security compares the stored password with the one submitted by the user.
-                            The most common approach is to use LDAP <quote>bind</quote>, which is one of the operations
-                            supported by <link xlink:href="http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol">the LDAP protocol</link>.
-                            With this approach, Spring Security validates the password by attempting to authenticate to the directory
-                            as the user.
-                        </para>
-                        <para>The most common problem with LDAP authentication is a lack of knowledge of the
-                            directory server tree structure and configuration. This will be different in different
-                            companies, so you have to find it out yourself. Before adding a Spring Security LDAP
-                            configuration to an application, it's a good idea to write a simple test using standard
-                            Java LDAP code (without Spring Security involved), and make sure you can
-                            get that to work first. For example, to authenticate a user, you could use
-                            the following code:
-                            <programlisting language="java"><![CDATA[
-    @Test
-    public void ldapAuthenticationIsSuccessful() throws Exception {
-        Hashtable<String,String> env = new Hashtable<String,String>();
-        env.put(Context.SECURITY_AUTHENTICATION, "simple");
-        env.put(Context.SECURITY_PRINCIPAL, "cn=joe,ou=users,dc=mycompany,dc=com");
-        env.put(Context.PROVIDER_URL, "ldap://mycompany.com:389/dc=mycompany,dc=com");
-        env.put(Context.SECURITY_CREDENTIALS, "joespassword");
-        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+				<qandaentry xml:id="faq-login-loop">
+					<question>
+						<para>My application goes into an "endless loop" when I try to login, what's
+							going on?</para>
+					</question>
+					<answer>
+						<para>A common user problem with infinite loop and redirecting to the login
+							page is caused by accidently configuring the login page as a "secured"
+							resource. Make sure your configuration allows anonymous access to the
+							login page, either by excluding it from the security filter chain or
+							marking it as requiring ROLE_ANONYMOUS.</para>
+						<para>If your AccessDecisionManager includes an AuthenticatedVoter, you can
+							use the attribute "IS_AUTHENTICATED_ANONYMOUSLY". This is automatically
+							available if you are using the standard namespace configuration setup. </para>
+						<para> From Spring Security 2.0.1 onwards, when you are using
+							namespace-based configuration, a check will be made on loading the
+							application context and a warning message logged if your login page
+							appears to be protected. </para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-anon-access-denied">
+					<question>
+						<para>I get an exception with the message "Access is denied (user is
+							anonymous);". What's wrong?</para>
+					</question>
+					<answer>
+						<para> This is a debug level message which occurs the first time an
+							anonymous user attempts to access a protected resource.
+							<programlisting>
+	DEBUG [ExceptionTranslationFilter] - Access is denied (user is anonymous); redirecting to authentication entry point
+	org.springframework.security.AccessDeniedException: Access is denied
+	at org.springframework.security.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
+	at org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:262)
+				</programlisting>
+							It is normal and shouldn't be anything to worry about. </para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-cached-secure-page">
+					<question>
+						<para>Why can I still see a secured page even after I've logged out of my
+							application?</para>
+					</question>
+					<answer>
+						<para>The most common reason for this is that your browser has cached the
+							page and you are seeing a copy which is being retrieved from the
+							browsers cache. Verify this by checking whether the browser is actually
+							sending the request (check your server access logs, the debug log or use
+							a suitable browser debugging plugin such as <quote>Tamper Data</quote>
+							for Firefox). This has nothing to do with Spring Security and you should
+							configure your application or server to set the appropriate
+							<literal>Cache-Control</literal> response headers. Note that SSL
+							requests are never cached.</para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="auth-exception-credentials-not-found">
+					<question>
+						<para>I get an exception with the message "An Authentication object was not
+							found in the SecurityContext". What's wrong?</para>
+					</question>
+					<answer>
+						<para> This is a another debug level message which occurs the first time an
+							anonymous user attempts to access a protected resource, but when you do
+							not have an <classname>AnonymousAuthenticationFilter</classname> in your
+							filter chain configuration.
+							<programlisting>
+	DEBUG [ExceptionTranslationFilter] - Authentication exception occurred; redirecting to authentication entry point
+	org.springframework.security.AuthenticationCredentialsNotFoundException:
+				   An Authentication object was not found in the SecurityContext
+	at org.springframework.security.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:342)
+	at org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:254)
+				</programlisting>
+							It is normal and shouldn't be anything to worry about. </para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-ldap-authentication">
+					<question><para>I can't get LDAP authentication to work. What's wrong with my configuration?</para></question>
+					<answer>
+						<para>
+							Note that the permissions for an LDAP directory often do not allow you to read the password
+							for a user. Hence it is often not possible to use the <link linkend="faq-what-is-userdetailservice"><interfacename>UserDetailsService</interfacename>
+							approach</link> where Spring Security compares the stored password with the one submitted by the user.
+							The most common approach is to use LDAP <quote>bind</quote>, which is one of the operations
+							supported by <link xlink:href="http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol">the LDAP protocol</link>.
+							With this approach, Spring Security validates the password by attempting to authenticate to the directory
+							as the user.
+						</para>
+						<para>The most common problem with LDAP authentication is a lack of knowledge of the
+							directory server tree structure and configuration. This will be different in different
+							companies, so you have to find it out yourself. Before adding a Spring Security LDAP
+							configuration to an application, it's a good idea to write a simple test using standard
+							Java LDAP code (without Spring Security involved), and make sure you can
+							get that to work first. For example, to authenticate a user, you could use
+							the following code:
+							<programlisting language="java"><![CDATA[
+	@Test
+	public void ldapAuthenticationIsSuccessful() throws Exception {
+		Hashtable<String,String> env = new Hashtable<String,String>();
+		env.put(Context.SECURITY_AUTHENTICATION, "simple");
+		env.put(Context.SECURITY_PRINCIPAL, "cn=joe,ou=users,dc=mycompany,dc=com");
+		env.put(Context.PROVIDER_URL, "ldap://mycompany.com:389/dc=mycompany,dc=com");
+		env.put(Context.SECURITY_CREDENTIALS, "joespassword");
+		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
 
-        InitialLdapContext ctx = new InitialLdapContext(env, null);
+		InitialLdapContext ctx = new InitialLdapContext(env, null);
 
-    }
-    ]]></programlisting>
-                        </para>
-                    </answer>
-                </qandaentry>
+	}
+	]]></programlisting>
+						</para>
+					</answer>
+				</qandaentry>
 
-            </qandadiv>
-            <qandadiv xml:id="faq-session-management">
-                <title>Session Management</title>
-                <para> Session management issues are a common source of forum questions. If you are
-                    developing Java web applications, you should understand how the session is
-                    maintained between the servlet container and the user's browser. You should also
-                    understand the difference between secure and non-secure cookies and the
-                    implications of using HTTP/HTTPS and switching between the two. Spring Security
-                    has nothing to do with maintaining the session or providing session identifiers.
-                    This is entirely handled by the servlet container. </para>
+			</qandadiv>
+			<qandadiv xml:id="faq-session-management">
+				<title>Session Management</title>
+				<para> Session management issues are a common source of forum questions. If you are
+					developing Java web applications, you should understand how the session is
+					maintained between the servlet container and the user's browser. You should also
+					understand the difference between secure and non-secure cookies and the
+					implications of using HTTP/HTTPS and switching between the two. Spring Security
+					has nothing to do with maintaining the session or providing session identifiers.
+					This is entirely handled by the servlet container. </para>
 
-                <qandaentry xml:id="faq-concurrent-session-same-browser">
-                    <question>
-                        <para>I'm using Spring Security's concurrent session control to prevent
-                            users from logging in more than once at a time. When I open another
-                            browser window after logging in, it doesn't stop me from logging in
-                            again. Why can I log in more than once? </para>
-                    </question>
-                    <answer>
-                        <para>Browsers generally maintain a single session per browser instance. You
-                            cannot have two separate sessions at once. So if you log in again in
-                            another window or tab you are just reauthenticating in the same session.
-                            The server doesn't know anything about tabs, windows or browser
-                            instances. All it sees are HTTP requests and it ties those to a
-                            particular session according to the value of the the JSESSIONID cookie
-                            that they contain. When a user authenticates during a session, Spring
-                            Security's concurrent session control checks the number of
-                            <emphasis>other authenticated sessions</emphasis> that they have. If
-                            they are already authenticated with the same session, then
-                            re-authenticating will have no effect. </para>
-                    </answer>
-                </qandaentry>
+				<qandaentry xml:id="faq-concurrent-session-same-browser">
+					<question>
+						<para>I'm using Spring Security's concurrent session control to prevent
+							users from logging in more than once at a time. When I open another
+							browser window after logging in, it doesn't stop me from logging in
+							again. Why can I log in more than once? </para>
+					</question>
+					<answer>
+						<para>Browsers generally maintain a single session per browser instance. You
+							cannot have two separate sessions at once. So if you log in again in
+							another window or tab you are just reauthenticating in the same session.
+							The server doesn't know anything about tabs, windows or browser
+							instances. All it sees are HTTP requests and it ties those to a
+							particular session according to the value of the the JSESSIONID cookie
+							that they contain. When a user authenticates during a session, Spring
+							Security's concurrent session control checks the number of
+							<emphasis>other authenticated sessions</emphasis> that they have. If
+							they are already authenticated with the same session, then
+							re-authenticating will have no effect. </para>
+					</answer>
+				</qandaentry>
 
-                <qandaentry xml:id="faq-new-session-on-authentication">
-                    <question>
-                        <para>Why does the session Id change when I authenticate through Spring
-                            Security?</para>
-                    </question>
-                    <answer>
-                        <para>With the default configuration, Spring Security changes the session ID
-                            when the user authenticates. If you're using a Servlet 3.1 or newer
-                            container, the session ID is simply changed. If you're using an older
-                            container, Spring Security invalidates the existing session, creates a
-                            new session, and transfers the session data to the new session. Changing
-                            the session identifier in this manner prevents
-                            <quote>session-fixation</quote> attacks. You can find more about this
-                            online and in the reference manual. </para>
-                    </answer>
-                </qandaentry>
+				<qandaentry xml:id="faq-new-session-on-authentication">
+					<question>
+						<para>Why does the session Id change when I authenticate through Spring
+							Security?</para>
+					</question>
+					<answer>
+						<para>With the default configuration, Spring Security changes the session ID
+							when the user authenticates. If you're using a Servlet 3.1 or newer
+							container, the session ID is simply changed. If you're using an older
+							container, Spring Security invalidates the existing session, creates a
+							new session, and transfers the session data to the new session. Changing
+							the session identifier in this manner prevents
+							<quote>session-fixation</quote> attacks. You can find more about this
+							online and in the reference manual. </para>
+					</answer>
+				</qandaentry>
 
-                <qandaentry xml:id="faq-tomcat-https-session">
-                    <question>
-                        <para> I'm using Tomcat (or some other servlet container) and have enabled
-                            HTTPS for my login page, switching back to HTTP afterwards. It doesn't
-                            work - I just end up back at the login page after authenticating.
-                        </para>
-                    </question>
-                    <answer>
-                        <para> This happens because sessions created under HTTPS, for which the
-                            session cookie is marked as <quote>secure</quote>, cannot subsequently
-                            be used under HTTP. The browser will not send the cookie back to the
-                            server and any session state will be lost (including the security
-                            context information). Starting a session in HTTP first should work as
-                            the session cookie won't be marked as secure. However, Spring
-                            Security's <link
-                            xlink:href="http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-session-fixation"
-                            >Session Fixation Protection</link> can interfere with this because
-                            it results in a new session ID cookie being sent back to the user's
-                            browser, usually with the secure flag. To get around this, you can
-                            disable session fixation protection, but in newer Servlet containers
-                            you can also configure session cookies to never use the secure flag.
-                            Note that switching between HTTP and HTTPS
-                            is not a good idea in general, as any application which uses HTTP at all
-                            is vulnerable to man-in-the-middle attacks. To be truly secure, the user
-                            should begin accessing your site in HTTPS and continue using it until
-                            they log out. Even clicking on an HTTPS link from a page accessed over
-                            HTTP is potentially risky. If you need more convincing, check out a tool
-                            like <link xlink:href="http://www.thoughtcrime.org/software/sslstrip/"
-                            >sslstrip</link>. </para>
-                    </answer>
-                </qandaentry>
+				<qandaentry xml:id="faq-tomcat-https-session">
+					<question>
+						<para> I'm using Tomcat (or some other servlet container) and have enabled
+							HTTPS for my login page, switching back to HTTP afterwards. It doesn't
+							work - I just end up back at the login page after authenticating.
+						</para>
+					</question>
+					<answer>
+						<para> This happens because sessions created under HTTPS, for which the
+							session cookie is marked as <quote>secure</quote>, cannot subsequently
+							be used under HTTP. The browser will not send the cookie back to the
+							server and any session state will be lost (including the security
+							context information). Starting a session in HTTP first should work as
+							the session cookie won't be marked as secure. However, Spring
+							Security's <link
+							xlink:href="http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-session-fixation"
+							>Session Fixation Protection</link> can interfere with this because
+							it results in a new session ID cookie being sent back to the user's
+							browser, usually with the secure flag. To get around this, you can
+							disable session fixation protection, but in newer Servlet containers
+							you can also configure session cookies to never use the secure flag.
+							Note that switching between HTTP and HTTPS
+							is not a good idea in general, as any application which uses HTTP at all
+							is vulnerable to man-in-the-middle attacks. To be truly secure, the user
+							should begin accessing your site in HTTPS and continue using it until
+							they log out. Even clicking on an HTTPS link from a page accessed over
+							HTTP is potentially risky. If you need more convincing, check out a tool
+							like <link xlink:href="http://www.thoughtcrime.org/software/sslstrip/"
+							>sslstrip</link>. </para>
+					</answer>
+				</qandaentry>
 
-                <qandaentry>
-                    <question>
-                        <para>I'm not switching between HTTP and HTTPS but my session is still
-                            getting lost</para>
-                    </question>
-                    <answer>
-                        <para>Sessions are maintained either by exchanging a session cookie or by
-                            adding the a <literal>jsessionid</literal> parameter to URLs (this
-                            happens automatically if you are using JSTL to output URLs, or if you
-                            call <literal>HttpServletResponse.encodeUrl</literal> on URLs (before a
-                            redirect, for example). If clients have cookies disabled, and you are
-                            not rewriting URLs to include the <literal>jsessionid</literal>, then
-                            the session will be lost. Note that the use of cookies is preferred for
-                            security reasons, as it does not expose the session information in the
-                            URL. </para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-session-listener-missing">
-                    <question>
-                        <para>I'm trying to use the concurrent session-control support but it won't
-                            let me log back in, even if I'm sure I've logged out and haven't
-                            exceeded the allowed sessions. </para>
-                    </question>
-                    <answer>
-                        <para>Make sure you have added the listener to your web.xml file. It is
-                            essential to make sure that the Spring Security session registry is
-                            notified when a session is destroyed. Without it, the session
-                            information will not be removed from the registry.</para>
-                        <programlisting language="xml"><![CDATA[
-    <listener>
-        <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
-    </listener> ]]>
-            </programlisting>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-unwanted-session-creation">
-                    <question>
-                        <para>Spring Security is creating a session somewhere, even though I've
-                            configured it not to, by setting the <literal>create-session</literal>
-                            attribute to <literal>never</literal>. </para>
-                    </question>
-                    <answer>
-                        <para>This usually means that the user's application is creating a session
-                            somewhere, but that they aren't aware of it. The most common culprit is
-                            a JSP. Many people aren't aware that JSPs create sessions by default. To
-                            prevent a JSP from creating a session, add the directive <literal>&lt;%@
-                            page session="false" %&gt;</literal> to the top of the page. </para>
-                        <para> If you are having trouble working out where a session is being
-                            created, you can add some debugging code to track down the location(s).
-                            One way to do this would be to add a
-                            <literal>javax.servlet.http.HttpSessionListener</literal> to your
-                            application, which calls <literal>Thread.dumpStack()</literal> in the
-                            <literal>sessionCreated</literal> method. </para>
-                    </answer>
-                </qandaentry>
-            </qandadiv>
-            <qandadiv>
-                <title>Miscellaneous</title>
-                <qandaentry xml:id="faq-no-security-on-forward">
-                    <question>
-                        <para> I'm forwarding a request to another URL using the RequestDispatcher,
-                            but my security constraints aren't being applied. </para>
-                    </question>
-                    <answer>
-                        <para> Filters are not applied by default to forwards or includes. If you
-                            really want the security filters to be applied to forwards and/or
-                            includes, then you have to configure these explicitly in your web.xml
-                            using the &lt;dispatcher&gt; element, a child element of
-                            &lt;filter-mapping&gt;. </para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-method-security-in-web-context">
-                    <question>
-                        <para>I have added Spring Security's &lt;global-method-security&gt; element
-                            to my application context but if I add security annotations to my Spring
-                            MVC controller beans (Struts actions etc.) then they don't seem to have
-                            an effect.</para>
-                    </question>
-                    <answer>
-                        <para> In a Spring web application, the application context which holds the
-                            Spring MVC beans for the dispatcher servlet is often separate from the
-                            main application context. It is often defined in a file called
-                            <literal>myapp-servlet.xml</literal>, where <quote>myapp</quote> is the
-                            name assigned to the Spring <classname>DispatcherServlet</classname> in
-                            <filename>web.xml</filename>. An application can have multiple
-                            <classname>DispatcherServlet</classname>s, each with its own isolated
-                            application context. The beans in these <quote>child</quote> contexts
-                            are not visible to the rest of the application. The
-                            <quote>parent</quote> application context is loaded by the
-                            <classname>ContextLoaderListener</classname> you define in your
-                            <filename>web.xml</filename> and is visible to all the child contexts.
-                            This parent context is usually where you define your security
-                            configuration, including the
-                            <literal>&lt;global-method-security&gt;</literal> element). As a result
-                            any security constraints applied to methods in these web beans will not
-                            be enforced, since the beans cannot be seen from the
-                            <classname>DispatcherServlet</classname> context. You need to either
-                            move the <literal>&lt;global-method-security&gt;</literal> declaration
-                            to the web context or moved the beans you want secured into the main
-                            application context. </para>
-                        <para>Generally we would recommend applying method security at the service
-                            layer rather than on individual web controllers.</para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-no-filters-no-context">
-                    <question>
-                        <para>I have a user who has definitely been authenticated, but when I try to
-                            access the <classname>SecurityContextHolder</classname> during some
-                            requests, the <interfacename>Authentication</interfacename> is null. Why
-                            can't I see the user information? </para>
-                    </question>
-                    <answer>
-                        <para>If you have excluded the request from the security filter chain using
-                            the attribute <literal>filters='none'</literal> in the
-                            <literal>&lt;intercept-url></literal> element that matches the URL
-                            pattern, then the <classname>SecurityContextHolder</classname> will not
-                            be populated for that request. Check the debug log to see whether the
-                            request is passing through the filter chain. (You are reading the debug
-                            log, right?).</para>
-                    </answer>
-                </qandaentry>
-            </qandadiv>
-        </qandaset>
-    </section>
-    <section>
-        <title>Spring Security Architecture Questions</title>
-        <qandaset>
-            <qandadiv>
-                <qandaentry xml:id="faq-where-is-class-x">
-                    <question>
-                        <para>How do I know which package class X is in?</para>
-                    </question>
-                    <answer>
-                        <para>The best way of locating classes is by installing the Spring Security
-                            source in your IDE. The distribution includes source jars for each of
-                            the modules the project is divided up into. Add these to your project
-                            source path and you can navigate directly to Spring Security classes
-                            (<command>Ctrl-Shift-T</command> in Eclipse). This also makes debugging
-                            easier and allows you to troubleshoot exceptions by looking directly at
-                            the code where they occur to see what's going on there. </para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-namespace-to-bean-mapping">
-                    <question>
-                        <para>How do the namespace elements map to conventional bean
-                            configurations?</para>
-                    </question>
-                    <answer>
-                        <para>There is a general overview of what beans are created by the namespace
-                            in the namespace appendix of the reference guide. There is also a
-                            detailed blog article called <quote>Behind the Spring Security
-                            Namespace</quote> on <link
-                            xlink:href="http://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/"
-                            >blog.springsource.com</link>. If want to know the full details then the
-                            code is in the <filename>spring-security-config</filename> module within
-                            the Spring Security 3.0 distribution. You should probably read the
-                            chapters on namespace parsing in the standard Spring Framework reference
-                            documentation first.</para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-role-prefix">
-                    <question>
-                        <para>What does <quote>ROLE_</quote> mean and why do I need it on my role
-                            names?</para>
-                    </question>
-                    <answer>
-                        <para>Spring Security has a voter-based architecture which means that an
-                            access decision is made by a series of
-                            <interfacename>AccessDecisionVoter</interfacename>s. The voters act on
-                            the <quote>configuration attributes</quote> which are specified for a
-                            secured resource (such as a method invocation). With this approach, not
-                            all attributes may be relevant to all voters and a voter needs to know
-                            when it should ignore an attribute (abstain) and when it should vote to
-                            grant or deny access based on the attribute value. The most common voter
-                            is the <classname>RoleVoter</classname> which by default votes whenever
-                            it finds an attribute with the <quote>ROLE_</quote> prefix. It makes a
-                            simple comparison of the attribute (such as <quote>ROLE_USER</quote>)
-                            with the names of the authorities which the current user has been
-                            assigned. If it finds a match (they have an authority called
-                            <quote>ROLE_USER</quote>), it votes to grant access, otherwise it votes
-                            to deny access. </para>
-                        <para> The prefix can be changed by setting the
-                            <literal>rolePrefix</literal> property of
-                            <classname>RoleVoter</classname>. If you only need to use roles in your
-                            application and have no need for other custom voters, then you can set
-                            the prefix to a blank string, in which case the
-                            <classname>RoleVoter</classname> will treat all attributes as roles.
-                        </para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-what-dependencies">
-                    <question>
-                        <para>How do I know which dependencies to add to my application to work with
-                            Spring Security?</para>
-                    </question>
-                    <answer>
-                        <para>It will depend on what features you are using and what type of
-                            application you are developing. With Spring Security 3.0, the project
-                            jars are divided into clearly distinct areas of functionality, so it is
-                            straightforward to work out which Spring Security jars you need from
-                            your application requirements. All applications will need the
-                            <filename>spring-security-core</filename> jar. If you're developing a
-                            web application, you need the <filename>spring-security-web</filename>
-                            jar. If you're using security namespace configuration you need the
-                            <filename>spring-security-config</filename> jar, for LDAP support you
-                            need the <filename>spring-security-ldap</filename> jar and so on. </para>
-                        <para> For third-party jars the situation isn't always quite so obvious. A
-                            good starting point is to copy those from one of the pre-built sample
-                            applications WEB-INF/lib directories. For a basic application, you can
-                            start with the tutorial sample. If you want to use LDAP, with an
-                            embedded test server, then use the LDAP sample as a starting point. The
-                            reference manual also includes
-                            <link xlink:href="http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#appendix-dependencies">an appendix</link> listing the first-level
-                            dependencies for each Spring Security module with some information on
-                            whether they are optional and what they are required for. </para>
-                        <para> If you are building your project with maven, then adding the
-                            appropriate Spring Security modules as dependencies to your pom.xml will
-                            automatically pull in the core jars that the framework requires. Any
-                            which are marked as "optional" in the Spring Security POM files will
-                            have to be added to your own pom.xml file if you need them. </para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-apacheds-deps">
-                    <question><para>What dependencies are needed to run an embedded ApacheDS LDAP server?</para></question>
-                    <answer><para>If you are using Maven, you need to add the folowing to your pom dependencies:<programlisting><![CDATA[
-        <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-core</artifactId>
-            <version>1.5.5</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-server-jndi</artifactId>
-            <version>1.5.5</version>
-            <scope>runtime</scope>
-        </dependency>
+				<qandaentry>
+					<question>
+						<para>I'm not switching between HTTP and HTTPS but my session is still
+							getting lost</para>
+					</question>
+					<answer>
+						<para>Sessions are maintained either by exchanging a session cookie or by
+							adding the a <literal>jsessionid</literal> parameter to URLs (this
+							happens automatically if you are using JSTL to output URLs, or if you
+							call <literal>HttpServletResponse.encodeUrl</literal> on URLs (before a
+							redirect, for example). If clients have cookies disabled, and you are
+							not rewriting URLs to include the <literal>jsessionid</literal>, then
+							the session will be lost. Note that the use of cookies is preferred for
+							security reasons, as it does not expose the session information in the
+							URL. </para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-session-listener-missing">
+					<question>
+						<para>I'm trying to use the concurrent session-control support but it won't
+							let me log back in, even if I'm sure I've logged out and haven't
+							exceeded the allowed sessions. </para>
+					</question>
+					<answer>
+						<para>Make sure you have added the listener to your web.xml file. It is
+							essential to make sure that the Spring Security session registry is
+							notified when a session is destroyed. Without it, the session
+							information will not be removed from the registry.</para>
+						<programlisting language="xml"><![CDATA[
+	<listener>
+		<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
+	</listener> ]]>
+			</programlisting>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-unwanted-session-creation">
+					<question>
+						<para>Spring Security is creating a session somewhere, even though I've
+							configured it not to, by setting the <literal>create-session</literal>
+							attribute to <literal>never</literal>. </para>
+					</question>
+					<answer>
+						<para>This usually means that the user's application is creating a session
+							somewhere, but that they aren't aware of it. The most common culprit is
+							a JSP. Many people aren't aware that JSPs create sessions by default. To
+							prevent a JSP from creating a session, add the directive <literal>&lt;%@
+							page session="false" %&gt;</literal> to the top of the page. </para>
+						<para> If you are having trouble working out where a session is being
+							created, you can add some debugging code to track down the location(s).
+							One way to do this would be to add a
+							<literal>javax.servlet.http.HttpSessionListener</literal> to your
+							application, which calls <literal>Thread.dumpStack()</literal> in the
+							<literal>sessionCreated</literal> method. </para>
+					</answer>
+				</qandaentry>
+			</qandadiv>
+			<qandadiv>
+				<title>Miscellaneous</title>
+				<qandaentry xml:id="faq-no-security-on-forward">
+					<question>
+						<para> I'm forwarding a request to another URL using the RequestDispatcher,
+							but my security constraints aren't being applied. </para>
+					</question>
+					<answer>
+						<para> Filters are not applied by default to forwards or includes. If you
+							really want the security filters to be applied to forwards and/or
+							includes, then you have to configure these explicitly in your web.xml
+							using the &lt;dispatcher&gt; element, a child element of
+							&lt;filter-mapping&gt;. </para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-method-security-in-web-context">
+					<question>
+						<para>I have added Spring Security's &lt;global-method-security&gt; element
+							to my application context but if I add security annotations to my Spring
+							MVC controller beans (Struts actions etc.) then they don't seem to have
+							an effect.</para>
+					</question>
+					<answer>
+						<para> In a Spring web application, the application context which holds the
+							Spring MVC beans for the dispatcher servlet is often separate from the
+							main application context. It is often defined in a file called
+							<literal>myapp-servlet.xml</literal>, where <quote>myapp</quote> is the
+							name assigned to the Spring <classname>DispatcherServlet</classname> in
+							<filename>web.xml</filename>. An application can have multiple
+							<classname>DispatcherServlet</classname>s, each with its own isolated
+							application context. The beans in these <quote>child</quote> contexts
+							are not visible to the rest of the application. The
+							<quote>parent</quote> application context is loaded by the
+							<classname>ContextLoaderListener</classname> you define in your
+							<filename>web.xml</filename> and is visible to all the child contexts.
+							This parent context is usually where you define your security
+							configuration, including the
+							<literal>&lt;global-method-security&gt;</literal> element). As a result
+							any security constraints applied to methods in these web beans will not
+							be enforced, since the beans cannot be seen from the
+							<classname>DispatcherServlet</classname> context. You need to either
+							move the <literal>&lt;global-method-security&gt;</literal> declaration
+							to the web context or moved the beans you want secured into the main
+							application context. </para>
+						<para>Generally we would recommend applying method security at the service
+							layer rather than on individual web controllers.</para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-no-filters-no-context">
+					<question>
+						<para>I have a user who has definitely been authenticated, but when I try to
+							access the <classname>SecurityContextHolder</classname> during some
+							requests, the <interfacename>Authentication</interfacename> is null. Why
+							can't I see the user information? </para>
+					</question>
+					<answer>
+						<para>If you have excluded the request from the security filter chain using
+							the attribute <literal>filters='none'</literal> in the
+							<literal>&lt;intercept-url></literal> element that matches the URL
+							pattern, then the <classname>SecurityContextHolder</classname> will not
+							be populated for that request. Check the debug log to see whether the
+							request is passing through the filter chain. (You are reading the debug
+							log, right?).</para>
+					</answer>
+				</qandaentry>
+			</qandadiv>
+		</qandaset>
+	</section>
+	<section>
+		<title>Spring Security Architecture Questions</title>
+		<qandaset>
+			<qandadiv>
+				<qandaentry xml:id="faq-where-is-class-x">
+					<question>
+						<para>How do I know which package class X is in?</para>
+					</question>
+					<answer>
+						<para>The best way of locating classes is by installing the Spring Security
+							source in your IDE. The distribution includes source jars for each of
+							the modules the project is divided up into. Add these to your project
+							source path and you can navigate directly to Spring Security classes
+							(<command>Ctrl-Shift-T</command> in Eclipse). This also makes debugging
+							easier and allows you to troubleshoot exceptions by looking directly at
+							the code where they occur to see what's going on there. </para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-namespace-to-bean-mapping">
+					<question>
+						<para>How do the namespace elements map to conventional bean
+							configurations?</para>
+					</question>
+					<answer>
+						<para>There is a general overview of what beans are created by the namespace
+							in the namespace appendix of the reference guide. There is also a
+							detailed blog article called <quote>Behind the Spring Security
+							Namespace</quote> on <link
+							xlink:href="http://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/"
+							>blog.springsource.com</link>. If want to know the full details then the
+							code is in the <filename>spring-security-config</filename> module within
+							the Spring Security 3.0 distribution. You should probably read the
+							chapters on namespace parsing in the standard Spring Framework reference
+							documentation first.</para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-role-prefix">
+					<question>
+						<para>What does <quote>ROLE_</quote> mean and why do I need it on my role
+							names?</para>
+					</question>
+					<answer>
+						<para>Spring Security has a voter-based architecture which means that an
+							access decision is made by a series of
+							<interfacename>AccessDecisionVoter</interfacename>s. The voters act on
+							the <quote>configuration attributes</quote> which are specified for a
+							secured resource (such as a method invocation). With this approach, not
+							all attributes may be relevant to all voters and a voter needs to know
+							when it should ignore an attribute (abstain) and when it should vote to
+							grant or deny access based on the attribute value. The most common voter
+							is the <classname>RoleVoter</classname> which by default votes whenever
+							it finds an attribute with the <quote>ROLE_</quote> prefix. It makes a
+							simple comparison of the attribute (such as <quote>ROLE_USER</quote>)
+							with the names of the authorities which the current user has been
+							assigned. If it finds a match (they have an authority called
+							<quote>ROLE_USER</quote>), it votes to grant access, otherwise it votes
+							to deny access. </para>
+						<para> The prefix can be changed by setting the
+							<literal>rolePrefix</literal> property of
+							<classname>RoleVoter</classname>. If you only need to use roles in your
+							application and have no need for other custom voters, then you can set
+							the prefix to a blank string, in which case the
+							<classname>RoleVoter</classname> will treat all attributes as roles.
+						</para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-what-dependencies">
+					<question>
+						<para>How do I know which dependencies to add to my application to work with
+							Spring Security?</para>
+					</question>
+					<answer>
+						<para>It will depend on what features you are using and what type of
+							application you are developing. With Spring Security 3.0, the project
+							jars are divided into clearly distinct areas of functionality, so it is
+							straightforward to work out which Spring Security jars you need from
+							your application requirements. All applications will need the
+							<filename>spring-security-core</filename> jar. If you're developing a
+							web application, you need the <filename>spring-security-web</filename>
+							jar. If you're using security namespace configuration you need the
+							<filename>spring-security-config</filename> jar, for LDAP support you
+							need the <filename>spring-security-ldap</filename> jar and so on. </para>
+						<para> For third-party jars the situation isn't always quite so obvious. A
+							good starting point is to copy those from one of the pre-built sample
+							applications WEB-INF/lib directories. For a basic application, you can
+							start with the tutorial sample. If you want to use LDAP, with an
+							embedded test server, then use the LDAP sample as a starting point. The
+							reference manual also includes
+							<link xlink:href="http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#appendix-dependencies">an appendix</link> listing the first-level
+							dependencies for each Spring Security module with some information on
+							whether they are optional and what they are required for. </para>
+						<para> If you are building your project with maven, then adding the
+							appropriate Spring Security modules as dependencies to your pom.xml will
+							automatically pull in the core jars that the framework requires. Any
+							which are marked as "optional" in the Spring Security POM files will
+							have to be added to your own pom.xml file if you need them. </para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-apacheds-deps">
+					<question><para>What dependencies are needed to run an embedded ApacheDS LDAP server?</para></question>
+					<answer><para>If you are using Maven, you need to add the folowing to your pom dependencies:<programlisting><![CDATA[
+		<dependency>
+			<groupId>org.apache.directory.server</groupId>
+			<artifactId>apacheds-core</artifactId>
+			<version>1.5.5</version>
+			<scope>runtime</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.directory.server</groupId>
+			<artifactId>apacheds-server-jndi</artifactId>
+			<version>1.5.5</version>
+			<scope>runtime</scope>
+		</dependency>
 ]]></programlisting>. The other required jars should be pulled in transitively.
-                    </para></answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-what-is-userdetailservice">
-                    <question>
-                        <para>What is a <interfacename>UserDetailsService</interfacename> and do I need
-                            one?</para>
-                    </question>
-                    <answer>
-                        <para><interfacename>UserDetailsService</interfacename> is a DAO interface
-                            for loading data that is specific to a user account. It has no other
-                            function other to load that data for use by other components within the
-                            framework. It is not responsible for authenticating the user.
-                            Authenticating a user with a username/password combination is most
-                            commonly performed by the
-                            <classname>DaoAuthenticationProvider</classname>, which is injected with
-                            a <interfacename>UserDetailsService</interfacename> to allow it to load
-                            the password (and other data) for a user in order to compare it with the
-                            submitted value. Note that if you are using LDAP,
-                            <link linkend="faq-ldap-authentication">this approach may not work</link>.</para>
-                        <para> If you want to customize the authentication process then you should
-                            implement <interfacename>AuthenticationProvider</interfacename>
-                            yourself. See this <link
-                            xlink:href="http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/"
-                            > blog article</link> for an example integrating Spring Security
-                            authentication with Google App Engine. </para>
-                    </answer>
-                </qandaentry>
-            </qandadiv>
-        </qandaset>
-    </section>
-    <section>
-        <title>Common <quote>Howto</quote> Requests</title>
-        <qandaset>
-            <qandadiv>
-                <qandaentry xml:id="faq-extra-login-fields">
-                    <question>
-                        <para>I need to login in with more information than just the username. How
-                            do I add support for extra login fields (e.g. a company name)?</para>
-                    </question>
-                    <answer>
-                        <para>This question comes up repeatedly in the Spring Security forum so you
-                            will find more information there by searching the archives (or through
-                            google).</para>
-                        <para> The submitted login information is processed by an instance of
-                            <classname>UsernamePasswordAuthenticationFilter</classname>. You will
-                            need to customize this class to handle the extra data field(s). One
-                            option is to use your own customized authentication token class (rather
-                            than the standard
-                            <classname>UsernamePasswordAuthenticationToken</classname>), another is
-                            simply to concatenate the extra fields with the username (for example,
-                            using a ":" as the separator) and pass them in the username property of
-                            <classname>UsernamePasswordAuthenticationToken</classname>. </para>
-                        <para> You will also need to customize the actual authentication process. If
-                            you are using a custom authentication token class, for example, you will
-                            have to write an <classname>AuthenticationProvider</classname> to handle
-                            it (or extend the standard
-                            <classname>DaoAuthenticationProvider</classname>). If you have
-                            concatenated the fields, you can implement your own
-                            <interfacename>UserDetailsService</interfacename> which splits them up
-                            and loads the appropriate user data for authentication. </para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-matching-url-fragments">
-                    <question>
-                        <para>How do I apply different <literal>intercept-url</literal> constraints
-                            where only the fragment value of the requested URLs differs (e.g.
-                            <literal>/foo#bar</literal> and <literal>/foo#blah</literal>?</para>
-                    </question>
-                    <answer>
-                        <para>You can't do this, since the fragment is not transmitted from the
-                            browser to the server. The URLs above are identical from the server's
-                            perspective. This is a common question from GWT users.</para>
-                    </answer>
-                </qandaentry>
+					</para></answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-what-is-userdetailservice">
+					<question>
+						<para>What is a <interfacename>UserDetailsService</interfacename> and do I need
+							one?</para>
+					</question>
+					<answer>
+						<para><interfacename>UserDetailsService</interfacename> is a DAO interface
+							for loading data that is specific to a user account. It has no other
+							function other to load that data for use by other components within the
+							framework. It is not responsible for authenticating the user.
+							Authenticating a user with a username/password combination is most
+							commonly performed by the
+							<classname>DaoAuthenticationProvider</classname>, which is injected with
+							a <interfacename>UserDetailsService</interfacename> to allow it to load
+							the password (and other data) for a user in order to compare it with the
+							submitted value. Note that if you are using LDAP,
+							<link linkend="faq-ldap-authentication">this approach may not work</link>.</para>
+						<para> If you want to customize the authentication process then you should
+							implement <interfacename>AuthenticationProvider</interfacename>
+							yourself. See this <link
+							xlink:href="http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/"
+							> blog article</link> for an example integrating Spring Security
+							authentication with Google App Engine. </para>
+					</answer>
+				</qandaentry>
+			</qandadiv>
+		</qandaset>
+	</section>
+	<section>
+		<title>Common <quote>Howto</quote> Requests</title>
+		<qandaset>
+			<qandadiv>
+				<qandaentry xml:id="faq-extra-login-fields">
+					<question>
+						<para>I need to login in with more information than just the username. How
+							do I add support for extra login fields (e.g. a company name)?</para>
+					</question>
+					<answer>
+						<para>This question comes up repeatedly in the Spring Security forum so you
+							will find more information there by searching the archives (or through
+							google).</para>
+						<para> The submitted login information is processed by an instance of
+							<classname>UsernamePasswordAuthenticationFilter</classname>. You will
+							need to customize this class to handle the extra data field(s). One
+							option is to use your own customized authentication token class (rather
+							than the standard
+							<classname>UsernamePasswordAuthenticationToken</classname>), another is
+							simply to concatenate the extra fields with the username (for example,
+							using a ":" as the separator) and pass them in the username property of
+							<classname>UsernamePasswordAuthenticationToken</classname>. </para>
+						<para> You will also need to customize the actual authentication process. If
+							you are using a custom authentication token class, for example, you will
+							have to write an <classname>AuthenticationProvider</classname> to handle
+							it (or extend the standard
+							<classname>DaoAuthenticationProvider</classname>). If you have
+							concatenated the fields, you can implement your own
+							<interfacename>UserDetailsService</interfacename> which splits them up
+							and loads the appropriate user data for authentication. </para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-matching-url-fragments">
+					<question>
+						<para>How do I apply different <literal>intercept-url</literal> constraints
+							where only the fragment value of the requested URLs differs (e.g.
+							<literal>/foo#bar</literal> and <literal>/foo#blah</literal>?</para>
+					</question>
+					<answer>
+						<para>You can't do this, since the fragment is not transmitted from the
+							browser to the server. The URLs above are identical from the server's
+							perspective. This is a common question from GWT users.</para>
+					</answer>
+				</qandaentry>
 
-                <qandaentry xml:id="faq-request-details-in-user-service">
-                    <question>
-                        <para>How do I access the user's IP Address (or other web-request data) in a
-                            <interfacename>UserDetailsService</interfacename>?</para>
-                    </question>
-                    <answer>
-                        <para> Obviously you can't (without resorting to something like thread-local
-                            variables) since the only information supplied to the interface is the
-                            username. Instead of implementing
-                            <interfacename>UserDetailsService</interfacename>, you should implement
-                            <interfacename>AuthenticationProvider</interfacename> directly and
-                            extract the information from the supplied
-                            <interfacename>Authentication</interfacename> token. </para>
-                        <para> In a standard web setup, the <methodname>getDetails()</methodname>
-                            method on the <interfacename>Authentication</interfacename> object will
-                            return an instance of <classname>WebAuthenticationDetails</classname>.
-                            If you need additional information, you can inject a custom
-                            <interfacename>AuthenticationDetailsSource</interfacename> into the
-                            authentication filter you are using. If you are using the namespace, for
-                            example with the <literal>&lt;form-login&gt;</literal> element, then you
-                            should remove this element and replace it with a
-                            <literal>&lt;custom-filter&gt;</literal> declaration pointing to an
-                            explicitly configured
-                            <classname>UsernamePasswordAuthenticationFilter</classname>. </para>
-                    </answer>
-                </qandaentry>
+				<qandaentry xml:id="faq-request-details-in-user-service">
+					<question>
+						<para>How do I access the user's IP Address (or other web-request data) in a
+							<interfacename>UserDetailsService</interfacename>?</para>
+					</question>
+					<answer>
+						<para> Obviously you can't (without resorting to something like thread-local
+							variables) since the only information supplied to the interface is the
+							username. Instead of implementing
+							<interfacename>UserDetailsService</interfacename>, you should implement
+							<interfacename>AuthenticationProvider</interfacename> directly and
+							extract the information from the supplied
+							<interfacename>Authentication</interfacename> token. </para>
+						<para> In a standard web setup, the <methodname>getDetails()</methodname>
+							method on the <interfacename>Authentication</interfacename> object will
+							return an instance of <classname>WebAuthenticationDetails</classname>.
+							If you need additional information, you can inject a custom
+							<interfacename>AuthenticationDetailsSource</interfacename> into the
+							authentication filter you are using. If you are using the namespace, for
+							example with the <literal>&lt;form-login&gt;</literal> element, then you
+							should remove this element and replace it with a
+							<literal>&lt;custom-filter&gt;</literal> declaration pointing to an
+							explicitly configured
+							<classname>UsernamePasswordAuthenticationFilter</classname>. </para>
+					</answer>
+				</qandaentry>
 
-                <qandaentry xml:id="faq-access-session-from-user-service">
-                    <question>
-                        <para>How do I access the <interfacename>HttpSession</interfacename> from a
-                            <interfacename>UserDetailsService</interfacename>?</para>
-                    </question>
-                    <answer>
-                        <para>You can't, since the <interfacename>UserDetailsService</interfacename>
-                            has no awareness of the servlet API. If you want to store custom user
-                            data, then you should customize the
-                            <interfacename>UserDetails</interfacename> object which is returned.
-                            This can then be accessed at any point, via the thread-local
-                            <classname>SecurityContextHolder</classname>. A call to
-                            <literal>SecurityContextHolder.getContext().getAuthentication().getPrincipal()</literal>
-                            will return this custom object. </para>
-                        <para> If you really need to access the session, then it must be done by
-                            customizing the web tier. </para>
-                    </answer>
-                </qandaentry>
+				<qandaentry xml:id="faq-access-session-from-user-service">
+					<question>
+						<para>How do I access the <interfacename>HttpSession</interfacename> from a
+							<interfacename>UserDetailsService</interfacename>?</para>
+					</question>
+					<answer>
+						<para>You can't, since the <interfacename>UserDetailsService</interfacename>
+							has no awareness of the servlet API. If you want to store custom user
+							data, then you should customize the
+							<interfacename>UserDetails</interfacename> object which is returned.
+							This can then be accessed at any point, via the thread-local
+							<classname>SecurityContextHolder</classname>. A call to
+							<literal>SecurityContextHolder.getContext().getAuthentication().getPrincipal()</literal>
+							will return this custom object. </para>
+						<para> If you really need to access the session, then it must be done by
+							customizing the web tier. </para>
+					</answer>
+				</qandaentry>
 
-                <qandaentry xml:id="faq-password-in-user-service">
-                    <question>
-                        <para>How do I access the user's password in a
-                            <interfacename>UserDetailsService</interfacename>?</para>
-                    </question>
-                    <answer>
-                        <para>You can't (and shouldn't). You are probably misunderstanding its purpose.
-                            See <quote><link linkend="faq-what-is-userdetailservice">What is a UserDetailsService?</link></quote>
-                            above.
-                        </para>
-                    </answer>
-                </qandaentry>
+				<qandaentry xml:id="faq-password-in-user-service">
+					<question>
+						<para>How do I access the user's password in a
+							<interfacename>UserDetailsService</interfacename>?</para>
+					</question>
+					<answer>
+						<para>You can't (and shouldn't). You are probably misunderstanding its purpose.
+							See <quote><link linkend="faq-what-is-userdetailservice">What is a UserDetailsService?</link></quote>
+							above.
+						</para>
+					</answer>
+				</qandaentry>
 
-                <qandaentry xml:id="faq-dynamic-url-metadata">
-                    <question>
-                        <para>How do I define the secured URLs within an application
-                            dynamically?</para>
-                    </question>
-                    <answer>
-                        <para>People often ask about how to store the mapping between secured URLs
-                            and security metadata attributes in a database, rather than in the
-                            application context. </para>
-                        <para> The first thing you should ask yourself is if you really need to do
-                            this. If an application requires securing, then it also requires that
-                            the security be tested thoroughly based on a defined policy. It may
-                            require auditing and acceptance testing before being rolled out into a
-                            production environment. A security-conscious organization should be
-                            aware that the benefits of their diligent testing process could be wiped
-                            out instantly by allowing the security settings to be modified at
-                            runtime by changing a row or two in a configuration database. If you
-                            have taken this into account (perhaps using multiple layers of security
-                            within your application) then Spring Security allows you to fully
-                            customize the source of security metadata. You can make it fully dynamic
-                            if you choose. </para>
-                        <para> Both method and web security are protected by subclasses of
-                            <classname>AbstractSecurityInterceptor</classname> which is configured
-                            with a <interfacename>SecurityMetadataSource</interfacename> from which
-                            it obtains the metadata for a particular method or filter invocation.
-                            For web security, the interceptor class is
-                            <classname>FilterSecurityInterceptor</classname> and it uses the marker
-                            interface
-                            <interfacename>FilterInvocationSecurityMetadataSource</interfacename>.
-                            The <quote>secured object</quote> type it operates on is a
-                            <classname>FilterInvocation</classname>. The default implementation
-                            which is used (both in the namespace <literal>&lt;http&gt;</literal> and
-                            when configuring the interceptor explicitly, stores the list of URL
-                            patterns and their corresponding list of <quote>configuration
-                            attributes</quote> (instances of
-                            <interfacename>ConfigAttribute</interfacename>) in an in-memory map. </para>
-                        <para> To load the data from an alternative source, you must be using an
-                            explicitly declared security filter chain (typically Spring Security's
-                            <classname>FilterChainProxy</classname>) in order to customize the
-                            <classname>FilterSecurityInterceptor</classname> bean. You can't use the
-                            namespace. You would then implement
-                            <interfacename>FilterInvocationSecurityMetadataSource</interfacename> to
-                            load the data as you please for a particular
-                            <classname>FilterInvocation</classname><footnote>
-                            <para>The <classname>FilterInvocation</classname> object contains the
-                                <classname>HttpServletRequest</classname>, so you can obtain the URL
-                                or any other relevant information on which to base your decision on
-                                what the list of returned attributes will contain.</para>
-                            </footnote>. A very basic outline would look something like this: <programlisting language="java"><![CDATA[
+				<qandaentry xml:id="faq-dynamic-url-metadata">
+					<question>
+						<para>How do I define the secured URLs within an application
+							dynamically?</para>
+					</question>
+					<answer>
+						<para>People often ask about how to store the mapping between secured URLs
+							and security metadata attributes in a database, rather than in the
+							application context. </para>
+						<para> The first thing you should ask yourself is if you really need to do
+							this. If an application requires securing, then it also requires that
+							the security be tested thoroughly based on a defined policy. It may
+							require auditing and acceptance testing before being rolled out into a
+							production environment. A security-conscious organization should be
+							aware that the benefits of their diligent testing process could be wiped
+							out instantly by allowing the security settings to be modified at
+							runtime by changing a row or two in a configuration database. If you
+							have taken this into account (perhaps using multiple layers of security
+							within your application) then Spring Security allows you to fully
+							customize the source of security metadata. You can make it fully dynamic
+							if you choose. </para>
+						<para> Both method and web security are protected by subclasses of
+							<classname>AbstractSecurityInterceptor</classname> which is configured
+							with a <interfacename>SecurityMetadataSource</interfacename> from which
+							it obtains the metadata for a particular method or filter invocation.
+							For web security, the interceptor class is
+							<classname>FilterSecurityInterceptor</classname> and it uses the marker
+							interface
+							<interfacename>FilterInvocationSecurityMetadataSource</interfacename>.
+							The <quote>secured object</quote> type it operates on is a
+							<classname>FilterInvocation</classname>. The default implementation
+							which is used (both in the namespace <literal>&lt;http&gt;</literal> and
+							when configuring the interceptor explicitly, stores the list of URL
+							patterns and their corresponding list of <quote>configuration
+							attributes</quote> (instances of
+							<interfacename>ConfigAttribute</interfacename>) in an in-memory map. </para>
+						<para> To load the data from an alternative source, you must be using an
+							explicitly declared security filter chain (typically Spring Security's
+							<classname>FilterChainProxy</classname>) in order to customize the
+							<classname>FilterSecurityInterceptor</classname> bean. You can't use the
+							namespace. You would then implement
+							<interfacename>FilterInvocationSecurityMetadataSource</interfacename> to
+							load the data as you please for a particular
+							<classname>FilterInvocation</classname><footnote>
+							<para>The <classname>FilterInvocation</classname> object contains the
+								<classname>HttpServletRequest</classname>, so you can obtain the URL
+								or any other relevant information on which to base your decision on
+								what the list of returned attributes will contain.</para>
+							</footnote>. A very basic outline would look something like this: <programlisting language="java"><![CDATA[
   public class MyFilterSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
 
-    public List<ConfigAttribute> getAttributes(Object object) {
-      FilterInvocation fi = (FilterInvocation) object;
-        String url = fi.getRequestUrl();
-        String httpMethod = fi.getRequest().getMethod();
-        List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>();
+	public List<ConfigAttribute> getAttributes(Object object) {
+	  FilterInvocation fi = (FilterInvocation) object;
+		String url = fi.getRequestUrl();
+		String httpMethod = fi.getRequest().getMethod();
+		List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>();
 
-        // Lookup your database (or other source) using this information and populate the
-        // list of attributes
+		// Lookup your database (or other source) using this information and populate the
+		// list of attributes
 
-        return attributes;
-    }
+		return attributes;
+	}
 
-    public Collection<ConfigAttribute> getAllConfigAttributes() {
-      return null;
-    }
+	public Collection<ConfigAttribute> getAllConfigAttributes() {
+	  return null;
+	}
 
-    public boolean supports(Class<?> clazz) {
-      return FilterInvocation.class.isAssignableFrom(clazz);
-    }
+	public boolean supports(Class<?> clazz) {
+	  return FilterInvocation.class.isAssignableFrom(clazz);
+	}
   }
   ]]></programlisting> For more information, look at the code for
-                            <classname>DefaultFilterInvocationSecurityMetadataSource</classname>.
-                        </para>
-                    </answer>
-                </qandaentry>
+							<classname>DefaultFilterInvocationSecurityMetadataSource</classname>.
+						</para>
+					</answer>
+				</qandaentry>
 
-                <qandaentry xml:id="faq-ldap-authorities">
-                    <question>
-                        <para>How do I authenticate against LDAP but load user roles from a
-                            database?</para>
-                    </question>
-                    <answer>
-                        <para> The <classname>LdapAuthenticationProvider</classname> bean (which handles
-                            normal LDAP authentication in Spring Security) is configured with two
-                            separate strategy interfaces, one which performs the authenticatation
-                            and one which loads the user authorities, called
-                            <interfacename>LdapAuthenticator</interfacename> and
-                            <interfacename>LdapAuthoritiesPopulator</interfacename> respectively.
-                            The <classname>DefaultLdapAuthoritiesPopulator</classname> loads the
-                            user authorities from the LDAP directory and has various configuration
-                            parameters to allow you to specify how these should be retrieved. </para>
-                        <para> To use JDBC instead, you can implement the interface yourself, using
-                            whatever SQL is appropriate for your schema: <programlisting language="java"><![CDATA[
+				<qandaentry xml:id="faq-ldap-authorities">
+					<question>
+						<para>How do I authenticate against LDAP but load user roles from a
+							database?</para>
+					</question>
+					<answer>
+						<para> The <classname>LdapAuthenticationProvider</classname> bean (which handles
+							normal LDAP authentication in Spring Security) is configured with two
+							separate strategy interfaces, one which performs the authenticatation
+							and one which loads the user authorities, called
+							<interfacename>LdapAuthenticator</interfacename> and
+							<interfacename>LdapAuthoritiesPopulator</interfacename> respectively.
+							The <classname>DefaultLdapAuthoritiesPopulator</classname> loads the
+							user authorities from the LDAP directory and has various configuration
+							parameters to allow you to specify how these should be retrieved. </para>
+						<para> To use JDBC instead, you can implement the interface yourself, using
+							whatever SQL is appropriate for your schema: <programlisting language="java"><![CDATA[
   public class MyAuthoritiesPopulator implements LdapAuthoritiesPopulator {
-    @Autowired
-    JdbcTemplate template;
+	@Autowired
+	JdbcTemplate template;
 
-    List<GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
-      List<GrantedAuthority> = template.query("select role from roles where username = ?",
-                                                   new String[] {username},
-                                                   new RowMapper<GrantedAuthority>() {
-        /**
-         *  We're assuming here that you're using the standard convention of using the role
-         *  prefix "ROLE_" to mark attributes which are supported by Spring Security's RoleVoter.
-         */
-        public GrantedAuthority mapRow(ResultSet rs, int rowNum) throws SQLException {
-          return new GrantedAuthorityImpl("ROLE_" + rs.getString(1);
-        }
-      }
-    }
+	List<GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
+	  List<GrantedAuthority> = template.query("select role from roles where username = ?",
+												   new String[] {username},
+												   new RowMapper<GrantedAuthority>() {
+		/**
+		 *	We're assuming here that you're using the standard convention of using the role
+		 *	prefix "ROLE_" to mark attributes which are supported by Spring Security's RoleVoter.
+		 */
+		public GrantedAuthority mapRow(ResultSet rs, int rowNum) throws SQLException {
+		  return new GrantedAuthorityImpl("ROLE_" + rs.getString(1);
+		}
+	  }
+	}
   }
   ]]></programlisting> You would then add a bean of this type to your application context and inject
-                            it into the <code>LdapAuthenticationProvider</code>. This is covered in
-                            the section on configuring LDAP using explicit Spring beans in the LDAP
-                            chapter of the reference manual. Note that you can't use the namespace
-                            for configuration in this case. You should also consult the Javadoc for
-                            the relevant classes and interfaces. </para>
-                    </answer>
-                </qandaentry>
-                <qandaentry xml:id="faq-namespace-post-processor">
-                    <question>
-                        <para>I want to modify the property of a bean that is created by the
-                            namespace, but there is nothing in the schema to support it. What can I
-                            do short of abandoning namespace use?</para>
-                    </question>
-                    <answer>
-                        <para>The namespace functionality is intentionally limited, so it doesn't
-                            cover everything that you can do with plain beans. If you want to do
-                            something simple, like modify a bean, or inject a different dependency,
-                            you can do this by adding a
-                            <interfacename>BeanPostProcessor</interfacename> to your configuration.
-                            More information can be found in the <link
-                            xlink:href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html#beans-factory-extension-bpp"
-                            >Spring Reference Manual</link>. In order to do this, you need to know a
-                            bit about which beans are created, so you should also read the blog
-                            article in the above question on <link
-                            linkend="faq-namespace-to-bean-mapping">how the namespace maps to
-                            Spring beans</link>. </para>
-                        <para> Normally, you would add the functionality you require to the
-                            <methodname>postProcessBeforeInitialization</methodname> method of
-                            <interfacename>BeanPostProcessor</interfacename>. Let's say that you
-                            want to customize the
-                            <interfacename>AuthenticationDetailsSource</interfacename> used by the
-                            <classname>UsernamePasswordAuthenticationFilter</classname>, (created by
-                            the <literal>form-login</literal> element). You want to extract a
-                            particular header called <literal>CUSTOM_HEADER</literal>from the
-                            request and make use of it while authenticating the user. The processor
-                            class would look like this: <programlisting language="java"><![CDATA[
+							it into the <code>LdapAuthenticationProvider</code>. This is covered in
+							the section on configuring LDAP using explicit Spring beans in the LDAP
+							chapter of the reference manual. Note that you can't use the namespace
+							for configuration in this case. You should also consult the Javadoc for
+							the relevant classes and interfaces. </para>
+					</answer>
+				</qandaentry>
+				<qandaentry xml:id="faq-namespace-post-processor">
+					<question>
+						<para>I want to modify the property of a bean that is created by the
+							namespace, but there is nothing in the schema to support it. What can I
+							do short of abandoning namespace use?</para>
+					</question>
+					<answer>
+						<para>The namespace functionality is intentionally limited, so it doesn't
+							cover everything that you can do with plain beans. If you want to do
+							something simple, like modify a bean, or inject a different dependency,
+							you can do this by adding a
+							<interfacename>BeanPostProcessor</interfacename> to your configuration.
+							More information can be found in the <link
+							xlink:href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html#beans-factory-extension-bpp"
+							>Spring Reference Manual</link>. In order to do this, you need to know a
+							bit about which beans are created, so you should also read the blog
+							article in the above question on <link
+							linkend="faq-namespace-to-bean-mapping">how the namespace maps to
+							Spring beans</link>. </para>
+						<para> Normally, you would add the functionality you require to the
+							<methodname>postProcessBeforeInitialization</methodname> method of
+							<interfacename>BeanPostProcessor</interfacename>. Let's say that you
+							want to customize the
+							<interfacename>AuthenticationDetailsSource</interfacename> used by the
+							<classname>UsernamePasswordAuthenticationFilter</classname>, (created by
+							the <literal>form-login</literal> element). You want to extract a
+							particular header called <literal>CUSTOM_HEADER</literal>from the
+							request and make use of it while authenticating the user. The processor
+							class would look like this: <programlisting language="java"><![CDATA[
 public class BeanPostProcessor implements BeanPostProcessor {
 
-    public Object postProcessAfterInitialization(Object bean, String name) {
-        if (bean instanceof UsernamePasswordAuthenticationFilter) {
-            System.out.println("********* Post-processing " + name);
-            ((UsernamePasswordAuthenticationFilter)bean).setAuthenticationDetailsSource(
-                    new AuthenticationDetailsSource() {
-                        public Object buildDetails(Object context) {
-                            return ((HttpServletRequest)context).getHeader("CUSTOM_HEADER");
-                        }
-                    });
-        }
-        return bean;
-    }
+	public Object postProcessAfterInitialization(Object bean, String name) {
+		if (bean instanceof UsernamePasswordAuthenticationFilter) {
+			System.out.println("********* Post-processing " + name);
+			((UsernamePasswordAuthenticationFilter)bean).setAuthenticationDetailsSource(
+					new AuthenticationDetailsSource() {
+						public Object buildDetails(Object context) {
+							return ((HttpServletRequest)context).getHeader("CUSTOM_HEADER");
+						}
+					});
+		}
+		return bean;
+	}
 
-    public Object postProcessBeforeInitialization(Object bean, String name) {
-        return bean;
-    }
+	public Object postProcessBeforeInitialization(Object bean, String name) {
+		return bean;
+	}
 }
 ]]></programlisting> You would then register this bean in your application context. Spring will
-                            automatically invoke it on the beans defined in the application context.
-                        </para>
-                    </answer>
-                </qandaentry>
+							automatically invoke it on the beans defined in the application context.
+						</para>
+					</answer>
+				</qandaentry>
 
-            </qandadiv>
-        </qandaset>
-    </section>
+			</qandadiv>
+		</qandaset>
+	</section>
 </article>

itest/context/pom.xml

@@ -8,160 +8,160 @@
   <description>itest-context</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>aopalliance</groupId>
-      <artifactId>aopalliance</artifactId>
-      <version>1.0</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.python</groupId>
-      <artifactId>jython</artifactId>
-      <version>2.5.0</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-aop</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-tx</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.aspectj</groupId>
-      <artifactId>aspectjweaver</artifactId>
-      <version>1.8.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-web</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>aopalliance</groupId>
+	  <artifactId>aopalliance</artifactId>
+	  <version>1.0</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.python</groupId>
+	  <artifactId>jython</artifactId>
+	  <version>2.5.0</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-aop</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-tx</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.aspectj</groupId>
+	  <artifactId>aspectjweaver</artifactId>
+	  <version>1.8.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-web</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

itest/context/src/integration-test/resources/filter-chain-performance-app-context.xml

@@ -5,99 +5,99 @@
   -->
 
 <beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:sec="http://www.springframework.org/schema/security"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
-
-    <bean id="fcpMinimalStack" class="org.springframework.security.web.FilterChainProxy">
-        <sec:filter-chain-map request-matcher="ant">
-            <sec:filter-chain pattern="/**" filters="scpf,preAuthFilter,etf,fsi"/>
-        </sec:filter-chain-map>
-    </bean>
-
-    <bean id="fcpFullStack" class="org.springframework.security.web.FilterChainProxy">
-        <sec:filter-chain-map request-matcher="ant">
-            <sec:filter-chain pattern="/**" filters="scpf,preAuthFilter,apf,basicPf,logoutFilter,scharf,etf,fsi"/>
-        </sec:filter-chain-map>
-    </bean>
-
-    <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
-        <constructor-arg>
-            <list>
-               <bean class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
-                   <property name="userDetailsService" ref="userService"/>
-               </bean>
-            </list>
-        </constructor-arg>
-    </bean>
-
-    <sec:user-service id="userService">
-        <sec:user name="bob" password="bobspassword" authorities="ROLE_0,ROLE_1"/>
-    </sec:user-service>
-
-    <bean id="scpf" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
-
-    <bean id="apf" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
-        <property name="authenticationManager" ref="authenticationManager"/>
-    </bean>
-
-    <bean id="basicPf" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
-        <constructor-arg ref="authenticationManager"/>
-    </bean>
-
-    <bean id="preAuthFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
-        <property name="authenticationManager" ref="authenticationManager"/>
-        <property name="exceptionIfHeaderMissing" value="false" />
-    </bean>
-
-    <bean id="scharf" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter" />
-
-    <bean id="preAuthenticatedProcessingFilterEntryPoint"
-            class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
-
-    <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
-        <constructor-arg value="/"/>
-        <constructor-arg>
-            <list>
-                <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
-            </list>
-        </constructor-arg>
-    </bean>
-
-    <bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter">
-        <constructor-arg ref="preAuthenticatedProcessingFilterEntryPoint"/>
-    </bean>
-
-    <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
-        <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/>
-    </bean>
-
-    <bean id="preAuthenticatedUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
-        <property name="userDetailsService" ref="userService"/>
-    </bean>
-
-    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
-        <constructor-arg>
-            <list>
-                <bean class="org.springframework.security.access.vote.RoleVoter"/>
-            </list>
-        </constructor-arg>
-        <property name="allowIfAllAbstainDecisions" value="false"/>
-    </bean>
-
-    <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
-        <property name="authenticationManager" ref="authenticationManager"/>
-        <property name="accessDecisionManager" ref="accessDecisionManager"/>
-        <property name="securityMetadataSource">
-            <sec:filter-security-metadata-source use-expressions="false">
-                <sec:intercept-url pattern="/secure/extreme/**" access="ROLE_2"/>
-                <sec:intercept-url pattern="/secure/**" access="ROLE_1"/>
-                <sec:intercept-url pattern="/**" access="ROLE_0"/>
-            </sec:filter-security-metadata-source>
-        </property>
-    </bean>
-
-    <bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
+	xmlns:sec="http://www.springframework.org/schema/security"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+
+	<bean id="fcpMinimalStack" class="org.springframework.security.web.FilterChainProxy">
+		<sec:filter-chain-map request-matcher="ant">
+			<sec:filter-chain pattern="/**" filters="scpf,preAuthFilter,etf,fsi"/>
+		</sec:filter-chain-map>
+	</bean>
+
+	<bean id="fcpFullStack" class="org.springframework.security.web.FilterChainProxy">
+		<sec:filter-chain-map request-matcher="ant">
+			<sec:filter-chain pattern="/**" filters="scpf,preAuthFilter,apf,basicPf,logoutFilter,scharf,etf,fsi"/>
+		</sec:filter-chain-map>
+	</bean>
+
+	<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
+		<constructor-arg>
+			<list>
+			   <bean class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
+				   <property name="userDetailsService" ref="userService"/>
+			   </bean>
+			</list>
+		</constructor-arg>
+	</bean>
+
+	<sec:user-service id="userService">
+		<sec:user name="bob" password="bobspassword" authorities="ROLE_0,ROLE_1"/>
+	</sec:user-service>
+
+	<bean id="scpf" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
+
+	<bean id="apf" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
+		<property name="authenticationManager" ref="authenticationManager"/>
+	</bean>
+
+	<bean id="basicPf" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
+		<constructor-arg ref="authenticationManager"/>
+	</bean>
+
+	<bean id="preAuthFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
+		<property name="authenticationManager" ref="authenticationManager"/>
+		<property name="exceptionIfHeaderMissing" value="false" />
+	</bean>
+
+	<bean id="scharf" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter" />
+
+	<bean id="preAuthenticatedProcessingFilterEntryPoint"
+			class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
+
+	<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
+		<constructor-arg value="/"/>
+		<constructor-arg>
+			<list>
+				<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
+			</list>
+		</constructor-arg>
+	</bean>
+
+	<bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter">
+		<constructor-arg ref="preAuthenticatedProcessingFilterEntryPoint"/>
+	</bean>
+
+	<bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
+		<property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/>
+	</bean>
+
+	<bean id="preAuthenticatedUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
+		<property name="userDetailsService" ref="userService"/>
+	</bean>
+
+	<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+		<constructor-arg>
+			<list>
+				<bean class="org.springframework.security.access.vote.RoleVoter"/>
+			</list>
+		</constructor-arg>
+		<property name="allowIfAllAbstainDecisions" value="false"/>
+	</bean>
+
+	<bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
+		<property name="authenticationManager" ref="authenticationManager"/>
+		<property name="accessDecisionManager" ref="accessDecisionManager"/>
+		<property name="securityMetadataSource">
+			<sec:filter-security-metadata-source use-expressions="false">
+				<sec:intercept-url pattern="/secure/extreme/**" access="ROLE_2"/>
+				<sec:intercept-url pattern="/secure/**" access="ROLE_1"/>
+				<sec:intercept-url pattern="/**" access="ROLE_0"/>
+			</sec:filter-security-metadata-source>
+		</property>
+	</bean>
+
+	<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
 
 </beans>

itest/context/src/integration-test/resources/http-extra-fsi-app-context.xml

@@ -5,46 +5,46 @@
   -->
 
 <beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:sec="http://www.springframework.org/schema/security"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+	xmlns:sec="http://www.springframework.org/schema/security"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 
-    <sec:http>
-        <!-- Slip in a bean property name EL test -->
-        <sec:intercept-url pattern="/**" access="@fsi.getAccessDecisionManager() eq @accessDecisionManager" />
-        <sec:form-login />
-        <sec:custom-filter ref="fsi" after="FILTER_SECURITY_INTERCEPTOR " />
-        <sec:csrf disabled="true"/>
-    </sec:http>
+	<sec:http>
+		<!-- Slip in a bean property name EL test -->
+		<sec:intercept-url pattern="/**" access="@fsi.getAccessDecisionManager() eq @accessDecisionManager" />
+		<sec:form-login />
+		<sec:custom-filter ref="fsi" after="FILTER_SECURITY_INTERCEPTOR " />
+		<sec:csrf disabled="true"/>
+	</sec:http>
 
-    <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
-        <property name="authenticationManager" ref="authenticationManager"/>
-        <property name="accessDecisionManager" ref="accessDecisionManager"/>
-        <property name="securityMetadataSource">
-            <sec:filter-security-metadata-source use-expressions="false">
-                <sec:intercept-url pattern="/secure/extreme/**" access="ROLE_2"/>
-                <sec:intercept-url pattern="/secure/**" access="ROLE_1"/>
-            </sec:filter-security-metadata-source>
-        </property>
-        <property name="observeOncePerRequest" value="false" />
-    </bean>
+	<bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
+		<property name="authenticationManager" ref="authenticationManager"/>
+		<property name="accessDecisionManager" ref="accessDecisionManager"/>
+		<property name="securityMetadataSource">
+			<sec:filter-security-metadata-source use-expressions="false">
+				<sec:intercept-url pattern="/secure/extreme/**" access="ROLE_2"/>
+				<sec:intercept-url pattern="/secure/**" access="ROLE_1"/>
+			</sec:filter-security-metadata-source>
+		</property>
+		<property name="observeOncePerRequest" value="false" />
+	</bean>
 
-    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
-        <constructor-arg>
-            <list>
-                <bean class="org.springframework.security.access.vote.RoleVoter"/>
-            </list>
-        </constructor-arg>
-        <property name="allowIfAllAbstainDecisions" value="false"/>
-    </bean>
+	<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+		<constructor-arg>
+			<list>
+				<bean class="org.springframework.security.access.vote.RoleVoter"/>
+			</list>
+		</constructor-arg>
+		<property name="allowIfAllAbstainDecisions" value="false"/>
+	</bean>
 
-    <sec:authentication-manager alias="authenticationManager">
-        <sec:authentication-provider>
-            <sec:user-service id="userService">
-                <sec:user name="notused" password="notused" authorities="ROLE_0,ROLE_1"/>
-            </sec:user-service>
-        </sec:authentication-provider>
-    </sec:authentication-manager>
+	<sec:authentication-manager alias="authenticationManager">
+		<sec:authentication-provider>
+			<sec:user-service id="userService">
+				<sec:user name="notused" password="notused" authorities="ROLE_0,ROLE_1"/>
+			</sec:user-service>
+		</sec:authentication-provider>
+	</sec:authentication-manager>
 
 </beans>

itest/context/src/integration-test/resources/http-path-param-stripping-app-context.xml

@@ -5,28 +5,28 @@
   -->
 
 <b:beans xmlns="http://www.springframework.org/schema/security"
-    xmlns:b="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+	xmlns:b="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 
-    <http pattern="/secured/**" use-expressions="false">
-        <intercept-url pattern="/secured/*user.html" access="ROLE_USER" />
-        <intercept-url pattern="/secured/admin.html" access="ROLE_ADMIN" />
-        <intercept-url pattern="/secured/user/**" access="ROLE_USER" />
-        <intercept-url pattern="/secured/admin/*" access="ROLE_ADMIN" />
-        <intercept-url pattern="/**" access="ROLE_NO_ACCESS" />
-        <form-login />
-    </http>
+	<http pattern="/secured/**" use-expressions="false">
+		<intercept-url pattern="/secured/*user.html" access="ROLE_USER" />
+		<intercept-url pattern="/secured/admin.html" access="ROLE_ADMIN" />
+		<intercept-url pattern="/secured/user/**" access="ROLE_USER" />
+		<intercept-url pattern="/secured/admin/*" access="ROLE_ADMIN" />
+		<intercept-url pattern="/**" access="ROLE_NO_ACCESS" />
+		<form-login />
+	</http>
 
-    <http pattern="/**" security="none" />
+	<http pattern="/**" security="none" />
 
-    <authentication-manager alias="authenticationManager">
-        <authentication-provider>
-            <user-service id="userService">
-                <user name="notused" password="notused" authorities="ROLE_0,ROLE_1"/>
-            </user-service>
-        </authentication-provider>
-    </authentication-manager>
+	<authentication-manager alias="authenticationManager">
+		<authentication-provider>
+			<user-service id="userService">
+				<user name="notused" password="notused" authorities="ROLE_0,ROLE_1"/>
+			</user-service>
+		</authentication-provider>
+	</authentication-manager>
 
 </b:beans>

itest/context/src/integration-test/resources/multi-sec-annotation-app-context.xml

@@ -1,26 +1,26 @@
 <b:beans xmlns="http://www.springframework.org/schema/security"
-    xmlns:b="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:aop="http://www.springframework.org/schema/aop"
-    xmlns:tx="http://www.springframework.org/schema/tx"
-    xmlns:security="http://www.springframework.org/schema/security"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
-        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+	xmlns:b="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xsi:schemaLocation="
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+		http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
+		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 
-    <global-method-security pre-post-annotations="enabled" secured-annotations="enabled" />
+	<global-method-security pre-post-annotations="enabled" secured-annotations="enabled" />
 
-    <b:bean class="org.springframework.security.integration.multiannotation.MultiAnnotationServiceImpl"/>
-    <b:bean class="org.springframework.security.integration.multiannotation.PreAuthorizeServiceImpl"/>
-    <b:bean class="org.springframework.security.integration.multiannotation.SecuredServiceImpl"/>
+	<b:bean class="org.springframework.security.integration.multiannotation.MultiAnnotationServiceImpl"/>
+	<b:bean class="org.springframework.security.integration.multiannotation.PreAuthorizeServiceImpl"/>
+	<b:bean class="org.springframework.security.integration.multiannotation.SecuredServiceImpl"/>
 
-    <authentication-manager>
-        <authentication-provider>
-            <user-service>
-                <user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B"/>
-            </user-service>
-        </authentication-provider>
-    </authentication-manager>
+	<authentication-manager>
+		<authentication-provider>
+			<user-service>
+				<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B"/>
+			</user-service>
+		</authentication-provider>
+	</authentication-manager>
 
 </b:beans>

itest/context/src/integration-test/resources/protect-pointcut-performance-app-context.xml

@@ -1,26 +1,26 @@
 <beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:sec="http://www.springframework.org/schema/security"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+	xmlns:sec="http://www.springframework.org/schema/security"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 
-    <sec:global-method-security>
-        <sec:protect-pointcut expression="execution(* org.springframework.security.core.session.SessionRegistry.refreshLastRequest(..))" access="ROLE_ADMIN" />
-        <sec:protect-pointcut expression="execution(* org.springframework.security.core.session.SessionRegistry.registerNewSession(..))" access="ROLE_ADMIN" />
-        <sec:protect-pointcut expression="execution(* org.springframework.security.core.session.SessionRegistry.removeSessionInformation(..))" access="ROLE_ADMIN" />
-        <sec:protect-pointcut expression="execution(* org.springframework.security.core.session.SessionRegistry.get*(..))" access="ROLE_ADMIN" />
-    </sec:global-method-security>
+	<sec:global-method-security>
+		<sec:protect-pointcut expression="execution(* org.springframework.security.core.session.SessionRegistry.refreshLastRequest(..))" access="ROLE_ADMIN" />
+		<sec:protect-pointcut expression="execution(* org.springframework.security.core.session.SessionRegistry.registerNewSession(..))" access="ROLE_ADMIN" />
+		<sec:protect-pointcut expression="execution(* org.springframework.security.core.session.SessionRegistry.removeSessionInformation(..))" access="ROLE_ADMIN" />
+		<sec:protect-pointcut expression="execution(* org.springframework.security.core.session.SessionRegistry.get*(..))" access="ROLE_ADMIN" />
+	</sec:global-method-security>
 
-    <bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
+	<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
 
-    <bean id="sessionRegistryPrototype" class="org.springframework.security.core.session.SessionRegistryImpl" scope="prototype"/>
+	<bean id="sessionRegistryPrototype" class="org.springframework.security.core.session.SessionRegistryImpl" scope="prototype"/>
 
-    <sec:authentication-manager alias="authenticationManager">
-        <sec:authentication-provider>
-            <sec:user-service id="userService">
-                <sec:user name="notused" password="notused" authorities="ROLE_0,ROLE_1"/>
-            </sec:user-service>
-        </sec:authentication-provider>
-    </sec:authentication-manager>
+	<sec:authentication-manager alias="authenticationManager">
+		<sec:authentication-provider>
+			<sec:user-service id="userService">
+				<sec:user name="notused" password="notused" authorities="ROLE_0,ROLE_1"/>
+			</sec:user-service>
+		</sec:authentication-provider>
+	</sec:authentication-manager>
 
 </beans>

itest/context/src/integration-test/resources/python-method-access-app-context.xml

@@ -1,34 +1,34 @@
 <b:beans xmlns="http://www.springframework.org/schema/security"
-    xmlns:b="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:aop="http://www.springframework.org/schema/aop"
-    xmlns:tx="http://www.springframework.org/schema/tx"
-    xmlns:security="http://www.springframework.org/schema/security"
-    xsi:schemaLocation="
-        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
-        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+	xmlns:b="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xsi:schemaLocation="
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+		http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
+		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 
-    <global-method-security pre-post-annotations="enabled">
-        <pre-post-annotation-handling>
-            <invocation-attribute-factory ref="attributeFactory"/>
-            <pre-invocation-advice ref="preAdvice"/>
-            <post-invocation-advice ref="postAdvice"/>
-        </pre-post-annotation-handling>
-    </global-method-security>
+	<global-method-security pre-post-annotations="enabled">
+		<pre-post-annotation-handling>
+			<invocation-attribute-factory ref="attributeFactory"/>
+			<pre-invocation-advice ref="preAdvice"/>
+			<post-invocation-advice ref="postAdvice"/>
+		</pre-post-annotation-handling>
+	</global-method-security>
 
-    <b:bean id="attributeFactory" class="org.springframework.security.integration.python.PythonInterpreterPrePostInvocationAttributeFactory"/>
-    <b:bean id="preAdvice" class="org.springframework.security.integration.python.PythonInterpreterPreInvocationAdvice"/>
-    <b:bean id="postAdvice" class="org.springframework.security.integration.python.PythonInterpreterPostInvocationAdvice"/>
+	<b:bean id="attributeFactory" class="org.springframework.security.integration.python.PythonInterpreterPrePostInvocationAttributeFactory"/>
+	<b:bean id="preAdvice" class="org.springframework.security.integration.python.PythonInterpreterPreInvocationAdvice"/>
+	<b:bean id="postAdvice" class="org.springframework.security.integration.python.PythonInterpreterPostInvocationAdvice"/>
 
-    <b:bean id="service" class="org.springframework.security.integration.python.TestServiceImpl"/>
+	<b:bean id="service" class="org.springframework.security.integration.python.TestServiceImpl"/>
 
-    <authentication-manager>
-        <authentication-provider>
-            <user-service>
-                <user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B"/>
-            </user-service>
-        </authentication-provider>
-    </authentication-manager>
+	<authentication-manager>
+		<authentication-provider>
+			<user-service>
+				<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B"/>
+			</user-service>
+		</authentication-provider>
+	</authentication-manager>
 
 </b:beans>

itest/web/pom.xml

@@ -8,207 +8,207 @@
   <description>itest-web</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-web</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>net.sourceforge.jwebunit</groupId>
-      <artifactId>jwebunit-core</artifactId>
-      <version>2.2</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>regexp</artifactId>
-          <groupId>regexp</groupId>
-        </exclusion>
-        <exclusion>
-          <artifactId>servlet-api</artifactId>
-          <groupId>javax.servlet</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>net.sourceforge.jwebunit</groupId>
-      <artifactId>jwebunit-htmlunit-plugin</artifactId>
-      <version>2.2</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>servlet-api</artifactId>
-          <groupId>javax.servlet</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mortbay.jetty</groupId>
-      <artifactId>jetty</artifactId>
-      <version>6.1.26</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>servlet-api</artifactId>
-          <groupId>org.mortbay.jetty</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.mortbay.jetty</groupId>
-      <artifactId>jetty-util</artifactId>
-      <version>6.1.26</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mortbay.jetty</groupId>
-      <artifactId>jsp-2.1-jetty</artifactId>
-      <version>6.1.26</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-ldap</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-taglibs</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.testng</groupId>
-      <artifactId>testng</artifactId>
-      <version>5.11</version>
-      <classifier>jdk15</classifier>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-web</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>net.sourceforge.jwebunit</groupId>
+	  <artifactId>jwebunit-core</artifactId>
+	  <version>2.2</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>regexp</artifactId>
+		  <groupId>regexp</groupId>
+		</exclusion>
+		<exclusion>
+		  <artifactId>servlet-api</artifactId>
+		  <groupId>javax.servlet</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>net.sourceforge.jwebunit</groupId>
+	  <artifactId>jwebunit-htmlunit-plugin</artifactId>
+	  <version>2.2</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>servlet-api</artifactId>
+		  <groupId>javax.servlet</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mortbay.jetty</groupId>
+	  <artifactId>jetty</artifactId>
+	  <version>6.1.26</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>servlet-api</artifactId>
+		  <groupId>org.mortbay.jetty</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.mortbay.jetty</groupId>
+	  <artifactId>jetty-util</artifactId>
+	  <version>6.1.26</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mortbay.jetty</groupId>
+	  <artifactId>jsp-2.1-jetty</artifactId>
+	  <version>6.1.26</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-ldap</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-taglibs</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.testng</groupId>
+	  <artifactId>testng</artifactId>
+	  <version>5.11</version>
+	  <classifier>jdk15</classifier>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

itest/web/src/main/webapp/WEB-INF/http-security.xml

@@ -1,36 +1,36 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <beans:beans xmlns="http://www.springframework.org/schema/security"
-    xmlns:beans="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+	xmlns:beans="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 
-    <!--
-       Http App Context to test form login, remember-me and concurrent session control.
-       Needs to be supplemented with authentication provider(s)
-    -->
-    <http pattern="/login.jsp" security="none" />
+	<!--
+	   Http App Context to test form login, remember-me and concurrent session control.
+	   Needs to be supplemented with authentication provider(s)
+	-->
+	<http pattern="/login.jsp" security="none" />
 
-    <http>
-        <intercept-url pattern="/secure/**" access="hasAnyRole('ROLE_DEVELOPER','ROLE_USER')" />
-        <intercept-url pattern="/**" access="hasAnyRole('ROLE_DEVELOPER','ROLE_USER')" />
+	<http>
+		<intercept-url pattern="/secure/**" access="hasAnyRole('ROLE_DEVELOPER','ROLE_USER')" />
+		<intercept-url pattern="/**" access="hasAnyRole('ROLE_DEVELOPER','ROLE_USER')" />
 
-        <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=true"/>
-        <http-basic/>
+		<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=true"/>
+		<http-basic/>
 
-        <!-- Default logout configuration -->
-        <logout logout-url="/logout"/>
+		<!-- Default logout configuration -->
+		<logout logout-url="/logout"/>
 
-        <session-management>
-            <concurrency-control max-sessions="1" />
-        </session-management>
+		<session-management>
+			<concurrency-control max-sessions="1" />
+		</session-management>
 
-        <remember-me key="doesntmatter" token-repository-ref="tokenRepo"/>
+		<remember-me key="doesntmatter" token-repository-ref="tokenRepo"/>
 
-        <csrf disabled="true"/>
-    </http>
+		<csrf disabled="true"/>
+	</http>
 
-    <beans:bean name="tokenRepo" class="org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl"/>
+	<beans:bean name="tokenRepo" class="org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl"/>
 
 </beans:beans>

itest/web/src/main/webapp/WEB-INF/ldap-provider.xml

@@ -6,17 +6,17 @@
   -->
 
 <beans:beans xmlns="http://www.springframework.org/schema/security"
-    xmlns:beans="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+	xmlns:beans="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 
-    <ldap-server ldif="classpath*:test-server.ldif"/>
+	<ldap-server ldif="classpath*:test-server.ldif"/>
 
-    <authentication-manager alias="authenticationManager">
-        <ldap-authentication-provider user-search-filter="(uid={0})" group-role-attribute="ou" />
-    </authentication-manager>
+	<authentication-manager alias="authenticationManager">
+		<ldap-authentication-provider user-search-filter="(uid={0})" group-role-attribute="ou" />
+	</authentication-manager>
 
-    <ldap-user-service user-search-filter="(uid={0})" group-role-attribute="ou"/>
+	<ldap-user-service user-search-filter="(uid={0})" group-role-attribute="ou"/>
 
 </beans:beans>

itest/web/src/main/webapp/WEB-INF/testapp-servlet.xml

@@ -1,8 +1,8 @@
 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-        xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context"
-        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
+		xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context"
+		xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+				http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
 
-    <context:component-scan base-package="org.springframework.security.itest.web"/>
-    <context:annotation-config />
+	<context:component-scan base-package="org.springframework.security.itest.web"/>
+	<context:annotation-config />
 </beans>

itest/web/src/main/webapp/WEB-INF/web.xml

@@ -4,18 +4,18 @@
 <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
 http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
 
-    <display-name>Integration Tests Webapp</display-name>
+	<display-name>Integration Tests Webapp</display-name>
 
-    <filter>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-    </filter>
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
 
-    <filter-mapping>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <url-pattern>/*</url-pattern>
-    </filter-mapping>
+	<filter-mapping>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
 
-    <!-- Don't add a context loader listener or config location. These are set programmatically -->
+	<!-- Don't add a context loader listener or config location. These are set programmatically -->
 
 </web-app>

ldap/pom.xml

@@ -8,207 +8,207 @@
   <description>spring-security-ldap</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>org.springframework.ldap</groupId>
-      <artifactId>spring-ldap-core</artifactId>
-      <version>2.0.2.RELEASE</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>spring-beans</artifactId>
-          <groupId>org.springframework</groupId>
-        </exclusion>
-        <exclusion>
-          <artifactId>spring-core</artifactId>
-          <groupId>org.springframework</groupId>
-        </exclusion>
-        <exclusion>
-          <artifactId>spring-data-commons</artifactId>
-          <groupId>org.springframework.data</groupId>
-        </exclusion>
-        <exclusion>
-          <artifactId>commons-logging</artifactId>
-          <groupId>commons-logging</groupId>
-        </exclusion>
-        <exclusion>
-          <artifactId>spring-tx</artifactId>
-          <groupId>org.springframework</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-core</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>commons-logging</artifactId>
-          <groupId>commons-logging</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-tx</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>ldapsdk</groupId>
-      <artifactId>ldapsdk</artifactId>
-      <version>4.1</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-core</artifactId>
-      <version>1.5.5</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-core-entry</artifactId>
-      <version>1.5.5</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-protocol-ldap</artifactId>
-      <version>1.5.5</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-protocol-shared</artifactId>
-      <version>1.5.5</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-server-jndi</artifactId>
-      <version>1.5.5</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.shared</groupId>
-      <artifactId>shared-ldap</artifactId>
-      <version>0.9.15</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>org.springframework.ldap</groupId>
+	  <artifactId>spring-ldap-core</artifactId>
+	  <version>2.0.2.RELEASE</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>spring-beans</artifactId>
+		  <groupId>org.springframework</groupId>
+		</exclusion>
+		<exclusion>
+		  <artifactId>spring-core</artifactId>
+		  <groupId>org.springframework</groupId>
+		</exclusion>
+		<exclusion>
+		  <artifactId>spring-data-commons</artifactId>
+		  <groupId>org.springframework.data</groupId>
+		</exclusion>
+		<exclusion>
+		  <artifactId>commons-logging</artifactId>
+		  <groupId>commons-logging</groupId>
+		</exclusion>
+		<exclusion>
+		  <artifactId>spring-tx</artifactId>
+		  <groupId>org.springframework</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-core</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>commons-logging</artifactId>
+		  <groupId>commons-logging</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-tx</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>ldapsdk</groupId>
+	  <artifactId>ldapsdk</artifactId>
+	  <version>4.1</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-core</artifactId>
+	  <version>1.5.5</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-core-entry</artifactId>
+	  <version>1.5.5</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-protocol-ldap</artifactId>
+	  <version>1.5.5</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-protocol-shared</artifactId>
+	  <version>1.5.5</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-server-jndi</artifactId>
+	  <version>1.5.5</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.shared</groupId>
+	  <artifactId>shared-ldap</artifactId>
+	  <version>0.9.15</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

ldap/src/integration-test/resources/logback-test.xml

@@ -1,8 +1,8 @@
 <configuration>
   <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-    <encoder>
-      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-    </encoder>
+	<encoder>
+	  <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+	</encoder>
   </appender>
 
   <logger name="org.springframework.security" level="${sec.log.level}:-WARN"/>
@@ -12,7 +12,7 @@
   <logger name="org.apache.mina" level="WARN"/>
 
   <root level="${root.level}:-WARN">
-    <appender-ref ref="STDOUT" />
+	<appender-ref ref="STDOUT" />
   </root>
 
 </configuration>

messaging/pom.xml

@@ -8,241 +8,241 @@
   <description>spring-security-messaging</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>aopalliance</groupId>
-      <artifactId>aopalliance</artifactId>
-      <version>1.0</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-core</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>commons-logging</artifactId>
-          <groupId>commons-logging</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-expression</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-messaging</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-websocket</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-codec</groupId>
-      <artifactId>commons-codec</artifactId>
-      <version>1.10</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.codehaus.groovy</groupId>
-      <artifactId>groovy-all</artifactId>
-      <version>2.3.8</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hsqldb</groupId>
-      <artifactId>hsqldb</artifactId>
-      <version>2.3.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-api-mockito</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>mockito-all</artifactId>
-          <groupId>org.mockito</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-api-support</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-core</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-module-junit4</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-module-junit4-common</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.powermock</groupId>
-      <artifactId>powermock-reflect</artifactId>
-      <version>1.6.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-core</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-spring</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>aopalliance</groupId>
+	  <artifactId>aopalliance</artifactId>
+	  <version>1.0</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-core</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>commons-logging</artifactId>
+		  <groupId>commons-logging</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-expression</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-messaging</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-websocket</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-codec</groupId>
+	  <artifactId>commons-codec</artifactId>
+	  <version>1.10</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.codehaus.groovy</groupId>
+	  <artifactId>groovy-all</artifactId>
+	  <version>2.3.8</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hsqldb</groupId>
+	  <artifactId>hsqldb</artifactId>
+	  <version>2.3.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-api-mockito</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>mockito-all</artifactId>
+		  <groupId>org.mockito</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-api-support</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-core</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-module-junit4</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-module-junit4-common</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.powermock</groupId>
+	  <artifactId>powermock-reflect</artifactId>
+	  <version>1.6.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-core</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-spring</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

openid/pom.xml

@@ -8,172 +8,172 @@
   <description>spring-security-openid</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>com.google.inject</groupId>
-      <artifactId>guice</artifactId>
-      <version>2.0</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.openid4java</groupId>
-      <artifactId>openid4java-nodeps</artifactId>
-      <version>0.9.6</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>guice</artifactId>
-          <groupId>com.google.code.guice</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-aop</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-core</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>commons-logging</artifactId>
-          <groupId>commons-logging</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-web</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>net.sourceforge.nekohtml</groupId>
-      <artifactId>nekohtml</artifactId>
-      <version>1.9.20</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.httpcomponents</groupId>
-      <artifactId>httpclient</artifactId>
-      <version>4.2.3</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>com.google.inject</groupId>
+	  <artifactId>guice</artifactId>
+	  <version>2.0</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.openid4java</groupId>
+	  <artifactId>openid4java-nodeps</artifactId>
+	  <version>0.9.6</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>guice</artifactId>
+		  <groupId>com.google.code.guice</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-aop</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-core</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>commons-logging</artifactId>
+		  <groupId>commons-logging</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-web</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>net.sourceforge.nekohtml</groupId>
+	  <artifactId>nekohtml</artifactId>
+	  <version>1.9.20</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.httpcomponents</groupId>
+	  <artifactId>httpclient</artifactId>
+	  <version>4.2.3</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

remoting/pom.xml

@@ -8,130 +8,130 @@
   <description>spring-security-remoting</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>aopalliance</groupId>
-      <artifactId>aopalliance</artifactId>
-      <version>1.0</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-core</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>commons-logging</artifactId>
-          <groupId>commons-logging</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-web</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>aopalliance</groupId>
+	  <artifactId>aopalliance</artifactId>
+	  <version>1.0</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-core</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>commons-logging</artifactId>
+		  <groupId>commons-logging</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-web</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/aspectj-jc/pom.xml

@@ -8,113 +8,113 @@
   <description>spring-security-samples-aspectj-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.aspectj</groupId>
-      <artifactId>aspectjrt</artifactId>
-      <version>1.8.4</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-aspects</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.aspectj</groupId>
+	  <artifactId>aspectjrt</artifactId>
+	  <version>1.8.4</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-aspects</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/aspectj-jc/src/test/resources/logback-test.xml

@@ -1,14 +1,14 @@
 <configuration>
   <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-    <encoder>
-      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-    </encoder>
+	<encoder>
+	  <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+	</encoder>
   </appender>
 
   <logger name="org.springframework.security" level="${sec.log.level}:-WARN"/>
 
   <root level="${root.level}:-WARN">
-    <appender-ref ref="STDOUT" />
+	<appender-ref ref="STDOUT" />
   </root>
 
 </configuration>

samples/aspectj-xml/pom.xml

@@ -8,113 +8,113 @@
   <description>spring-security-samples-aspectj-xml</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.aspectj</groupId>
-      <artifactId>aspectjrt</artifactId>
-      <version>1.8.4</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-aspects</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.aspectj</groupId>
+	  <artifactId>aspectjrt</artifactId>
+	  <version>1.8.4</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-aspects</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/cas/sample-xml/pom.xml

@@ -9,206 +9,206 @@
   <description>spring-security-samples-cassample-xml</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>org.jasig.cas.client</groupId>
-      <artifactId>cas-client-core</artifactId>
-      <version>3.3.3</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-cas</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>net.sf.ehcache</groupId>
-      <artifactId>ehcache</artifactId>
-      <version>2.9.0</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context-support</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-httpclient</groupId>
-      <artifactId>commons-httpclient</artifactId>
-      <version>3.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.codehaus.groovy</groupId>
-      <artifactId>groovy</artifactId>
-      <version>2.3.8</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.eclipse.jetty</groupId>
-      <artifactId>jetty-server</artifactId>
-      <version>8.1.9.v20130131</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.eclipse.jetty</groupId>
-      <artifactId>jetty-servlet</artifactId>
-      <version>8.1.9.v20130131</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.gebish</groupId>
-      <artifactId>geb-spock</artifactId>
-      <version>0.10.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.seleniumhq.selenium</groupId>
-      <artifactId>selenium-htmlunit-driver</artifactId>
-      <version>2.44.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-core</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-spring</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>org.jasig.cas.client</groupId>
+	  <artifactId>cas-client-core</artifactId>
+	  <version>3.3.3</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-cas</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>net.sf.ehcache</groupId>
+	  <artifactId>ehcache</artifactId>
+	  <version>2.9.0</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context-support</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-httpclient</groupId>
+	  <artifactId>commons-httpclient</artifactId>
+	  <version>3.1</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.codehaus.groovy</groupId>
+	  <artifactId>groovy</artifactId>
+	  <version>2.3.8</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.eclipse.jetty</groupId>
+	  <artifactId>jetty-server</artifactId>
+	  <version>8.1.9.v20130131</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.eclipse.jetty</groupId>
+	  <artifactId>jetty-servlet</artifactId>
+	  <version>8.1.9.v20130131</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.gebish</groupId>
+	  <artifactId>geb-spock</artifactId>
+	  <version>0.10.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.seleniumhq.selenium</groupId>
+	  <artifactId>selenium-htmlunit-driver</artifactId>
+	  <version>2.44.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-core</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-spring</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/spring-security-samples-cassample-xml</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/spring-security-samples-cassample-xml</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/cas/sample-xml/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -1,124 +1,124 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <b:beans xmlns:b="http://www.springframework.org/schema/beans"
-    xmlns="http://www.springframework.org/schema/security"
-    xmlns:p="http://www.springframework.org/schema/p"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xmlns:util="http://www.springframework.org/schema/util"
-    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
-        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
-        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
+	xmlns="http://www.springframework.org/schema/security"
+	xmlns:p="http://www.springframework.org/schema/p"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:util="http://www.springframework.org/schema/util"
+	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
 
-    <http entry-point-ref="casEntryPoint">
-        <intercept-url pattern="/" access="permitAll"/>
-        <intercept-url pattern="/index.jsp" access="permitAll"/>
-        <intercept-url pattern="/cas-logout.jsp" access="permitAll"/>
-        <intercept-url pattern="/casfailed.jsp" access="permitAll"/>
+	<http entry-point-ref="casEntryPoint">
+		<intercept-url pattern="/" access="permitAll"/>
+		<intercept-url pattern="/index.jsp" access="permitAll"/>
+		<intercept-url pattern="/cas-logout.jsp" access="permitAll"/>
+		<intercept-url pattern="/casfailed.jsp" access="permitAll"/>
 
-        <intercept-url pattern="/secure/extreme/**"
-            access="hasRole('ROLE_SUPERVISOR')" />
-        <intercept-url pattern="/secure/**" access="hasRole('ROLE_USER')" />
-        <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
-        <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
-        <custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
-        <custom-filter ref="casFilter" position="CAS_FILTER" />
-        <logout logout-success-url="/cas-logout.jsp"/>
-        <csrf disabled="true"/>
-    </http>
+		<intercept-url pattern="/secure/extreme/**"
+			access="hasRole('ROLE_SUPERVISOR')" />
+		<intercept-url pattern="/secure/**" access="hasRole('ROLE_USER')" />
+		<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
+		<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
+		<custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
+		<custom-filter ref="casFilter" position="CAS_FILTER" />
+		<logout logout-success-url="/cas-logout.jsp"/>
+		<csrf disabled="true"/>
+	</http>
 
-    <authentication-manager alias="authManager">
-        <authentication-provider ref="casAuthProvider" />
-    </authentication-manager>
+	<authentication-manager alias="authManager">
+		<authentication-provider ref="casAuthProvider" />
+	</authentication-manager>
 
-    <user-service id="userService">
-        <user name="rod" password="rod" authorities="ROLE_SUPERVISOR,ROLE_USER" />
-        <user name="dianne" password="dianne" authorities="ROLE_USER" />
-        <user name="scott" password="scott" authorities="ROLE_USER" />
-    </user-service>
+	<user-service id="userService">
+		<user name="rod" password="rod" authorities="ROLE_SUPERVISOR,ROLE_USER" />
+		<user name="dianne" password="dianne" authorities="ROLE_USER" />
+		<user name="scott" password="scott" authorities="ROLE_USER" />
+	</user-service>
 
-    <!-- This filter handles a Single Logout Request from the CAS Server -->
-    <b:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
-    <!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->
-    <b:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"
-        p:filterProcessesUrl="/logout/cas">
-        <b:constructor-arg value="https://${cas.server.host}/cas/logout"/>
-        <b:constructor-arg>
-            <b:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
-        </b:constructor-arg>
-    </b:bean>
+	<!-- This filter handles a Single Logout Request from the CAS Server -->
+	<b:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
+	<!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->
+	<b:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"
+		p:filterProcessesUrl="/logout/cas">
+		<b:constructor-arg value="https://${cas.server.host}/cas/logout"/>
+		<b:constructor-arg>
+			<b:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
+		</b:constructor-arg>
+	</b:bean>
 
-    <b:bean id="serviceProperties"
-        class="org.springframework.security.cas.ServiceProperties"
-        p:service="https://${cas.service.host}/cas-sample/login/cas"
-        p:authenticateAllArtifacts="true"/>
-    <b:bean id="casEntryPoint"
-        class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
-        p:serviceProperties-ref="serviceProperties" p:loginUrl="https://${cas.server.host}/cas/login" />
-    <b:bean id="casFilter"
-        class="org.springframework.security.cas.web.CasAuthenticationFilter"
-        p:authenticationManager-ref="authManager"
-        p:serviceProperties-ref="serviceProperties"
-        p:proxyGrantingTicketStorage-ref="pgtStorage"
-        p:proxyReceptorUrl="/login/cas/proxyreceptor">
-        <b:property name="authenticationDetailsSource">
-            <b:bean class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource">
-                <b:constructor-arg ref="serviceProperties"/>
-            </b:bean>
-        </b:property>
-        <b:property name="authenticationFailureHandler">
-            <b:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
-                p:defaultFailureUrl="/casfailed.jsp"/>
-        </b:property>
-    </b:bean>
-    <!--
-        NOTE: In a real application you should not use an in memory implementation. You will also want
-              to ensure to clean up expired tickets by calling ProxyGrantingTicketStorage.cleanup()
-     -->
-    <b:bean id="pgtStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/>
-    <b:bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
-        p:serviceProperties-ref="serviceProperties"
-        p:key="casAuthProviderKey">
-        <b:property name="authenticationUserDetailsService">
-            <b:bean
-                class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
-                <b:constructor-arg ref="userService" />
-            </b:bean>
-        </b:property>
-        <b:property name="ticketValidator">
-            <b:bean
-                class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"
-                p:acceptAnyProxy="true"
-                p:proxyCallbackUrl="https://${cas.service.host}/cas-sample/login/cas/proxyreceptor"
-                p:proxyGrantingTicketStorage-ref="pgtStorage">
-                <b:constructor-arg value="https://${cas.server.host}/cas" />
-            </b:bean>
-        </b:property>
-        <b:property name="statelessTicketCache">
-            <b:bean class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
-                <b:property name="cache">
-                    <b:bean id="ehcache" class="net.sf.ehcache.Cache"
-                      init-method="initialise"
-                      destroy-method="dispose">
-                        <b:constructor-arg value="casTickets"/>
-                        <b:constructor-arg value="50"/>
-                        <b:constructor-arg value="true"/>
-                        <b:constructor-arg value="false"/>
-                        <b:constructor-arg value="3600"/>
-                        <b:constructor-arg value="900"/>
-                        <b:property name="cacheManager">
-                            <b:bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
-                        </b:property>
-                    </b:bean>
-                </b:property>
-            </b:bean>
-        </b:property>
-    </b:bean>
+	<b:bean id="serviceProperties"
+		class="org.springframework.security.cas.ServiceProperties"
+		p:service="https://${cas.service.host}/cas-sample/login/cas"
+		p:authenticateAllArtifacts="true"/>
+	<b:bean id="casEntryPoint"
+		class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
+		p:serviceProperties-ref="serviceProperties" p:loginUrl="https://${cas.server.host}/cas/login" />
+	<b:bean id="casFilter"
+		class="org.springframework.security.cas.web.CasAuthenticationFilter"
+		p:authenticationManager-ref="authManager"
+		p:serviceProperties-ref="serviceProperties"
+		p:proxyGrantingTicketStorage-ref="pgtStorage"
+		p:proxyReceptorUrl="/login/cas/proxyreceptor">
+		<b:property name="authenticationDetailsSource">
+			<b:bean class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource">
+				<b:constructor-arg ref="serviceProperties"/>
+			</b:bean>
+		</b:property>
+		<b:property name="authenticationFailureHandler">
+			<b:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
+				p:defaultFailureUrl="/casfailed.jsp"/>
+		</b:property>
+	</b:bean>
+	<!--
+		NOTE: In a real application you should not use an in memory implementation. You will also want
+			  to ensure to clean up expired tickets by calling ProxyGrantingTicketStorage.cleanup()
+	 -->
+	<b:bean id="pgtStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/>
+	<b:bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
+		p:serviceProperties-ref="serviceProperties"
+		p:key="casAuthProviderKey">
+		<b:property name="authenticationUserDetailsService">
+			<b:bean
+				class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
+				<b:constructor-arg ref="userService" />
+			</b:bean>
+		</b:property>
+		<b:property name="ticketValidator">
+			<b:bean
+				class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"
+				p:acceptAnyProxy="true"
+				p:proxyCallbackUrl="https://${cas.service.host}/cas-sample/login/cas/proxyreceptor"
+				p:proxyGrantingTicketStorage-ref="pgtStorage">
+				<b:constructor-arg value="https://${cas.server.host}/cas" />
+			</b:bean>
+		</b:property>
+		<b:property name="statelessTicketCache">
+			<b:bean class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
+				<b:property name="cache">
+					<b:bean id="ehcache" class="net.sf.ehcache.Cache"
+					  init-method="initialise"
+					  destroy-method="dispose">
+						<b:constructor-arg value="casTickets"/>
+						<b:constructor-arg value="50"/>
+						<b:constructor-arg value="true"/>
+						<b:constructor-arg value="false"/>
+						<b:constructor-arg value="3600"/>
+						<b:constructor-arg value="900"/>
+						<b:property name="cacheManager">
+							<b:bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
+						</b:property>
+					</b:bean>
+				</b:property>
+			</b:bean>
+		</b:property>
+	</b:bean>
 
-    <!-- Configuration for the environment can be overriden by system properties -->
-    <context:property-placeholder system-properties-mode="OVERRIDE" properties-ref="environment"/>
-    <util:properties id="environment">
-        <b:prop key="cas.service.host">localhost:8443</b:prop>
-        <b:prop key="cas.server.host">localhost:9443</b:prop>
-    </util:properties>
+	<!-- Configuration for the environment can be overriden by system properties -->
+	<context:property-placeholder system-properties-mode="OVERRIDE" properties-ref="environment"/>
+	<util:properties id="environment">
+		<b:prop key="cas.service.host">localhost:8443</b:prop>
+		<b:prop key="cas.server.host">localhost:9443</b:prop>
+	</util:properties>
 </b:beans>

samples/cas/sample-xml/src/main/webapp/WEB-INF/web.xml

@@ -5,81 +5,81 @@
   -->
 
 <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
-    <display-name>Spring Security CAS Demo Application</display-name>
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+	<display-name>Spring Security CAS Demo Application</display-name>
 
-    <!--
-      - Location of the XML file that defines the root application context
-      - Applied by ContextLoaderListener.
-      -->
-    <context-param>
-        <param-name>contextConfigLocation</param-name>
-        <param-value>
-            /WEB-INF/applicationContext-security.xml
-        </param-value>
-    </context-param>
+	<!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+			/WEB-INF/applicationContext-security.xml
+		</param-value>
+	</context-param>
 
-    <context-param>
-        <param-name>webAppRootKey</param-name>
-        <param-value>cas.root</param-value>
-    </context-param>
+	<context-param>
+		<param-name>webAppRootKey</param-name>
+		<param-value>cas.root</param-value>
+	</context-param>
 
-    <!--
-        Include the character encoding Filter as per JASIG recommenation when doing Single Sign Out
-        https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out
-    -->
-    <filter>
-        <filter-name>characterEncodingFilter</filter-name>
-        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
-        <init-param>
-            <param-name>encoding</param-name>
-            <param-value>UTF-8</param-value>
-        </init-param>
-    </filter>
-    <filter>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-    </filter>
+	<!--
+		Include the character encoding Filter as per JASIG recommenation when doing Single Sign Out
+		https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out
+	-->
+	<filter>
+		<filter-name>characterEncodingFilter</filter-name>
+		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
+		<init-param>
+			<param-name>encoding</param-name>
+			<param-value>UTF-8</param-value>
+		</init-param>
+	</filter>
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
 
-    <filter-mapping>
-        <filter-name>characterEncodingFilter</filter-name>
-        <url-pattern>/*</url-pattern>
-    </filter-mapping>
-    <filter-mapping>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <url-pattern>/*</url-pattern>
-    </filter-mapping>
+	<filter-mapping>
+		<filter-name>characterEncodingFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+	<filter-mapping>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
 
-    <!--
-        Included to support Single Logout. Note that the SingleSignOutFilter is included in the
-        springSecurityFilterChain. However, it could also be placed as the first filter-mapping
-        in the web.xml
-    -->
-    <listener>
-        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
-    </listener>
+	<!--
+		Included to support Single Logout. Note that the SingleSignOutFilter is included in the
+		springSecurityFilterChain. However, it could also be placed as the first filter-mapping
+		in the web.xml
+	-->
+	<listener>
+		<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
+	</listener>
 
-    <!--
-      - Loads the root application context of this web app at startup.
-      - The application context is then available via
-      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
-    -->
-    <listener>
-        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-    </listener>
+	<!--
+	  - Loads the root application context of this web app at startup.
+	  - The application context is then available via
+	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+	-->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
 
-    <servlet>
-        <servlet-name>ptSampleServlet</servlet-name>
-        <servlet-class>org.springframework.security.samples.cas.web.ProxyTicketSampleServlet</servlet-class>
-    </servlet>
+	<servlet>
+		<servlet-name>ptSampleServlet</servlet-name>
+		<servlet-class>org.springframework.security.samples.cas.web.ProxyTicketSampleServlet</servlet-class>
+	</servlet>
 
-    <servlet-mapping>
-        <servlet-name>ptSampleServlet</servlet-name>
-        <url-pattern>/secure/ptSample</url-pattern>
-    </servlet-mapping>
-    <error-page>
-        <error-code>403</error-code>
-        <location>/403.jsp</location>
-    </error-page>
+	<servlet-mapping>
+		<servlet-name>ptSampleServlet</servlet-name>
+		<url-pattern>/secure/ptSample</url-pattern>
+	</servlet-mapping>
+	<error-page>
+		<error-code>403</error-code>
+		<location>/403.jsp</location>
+	</error-page>
 </web-app>

samples/cas/server/pom.xml

@@ -9,98 +9,98 @@
   <description>spring-security-samples-casserver</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/spring-security-samples-casserver</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/spring-security-samples-casserver</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/cas/server/src/main/webapp/WEB-INF/spring-configuration/applicationContext.xml

@@ -1,22 +1,22 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 
-    Licensed to Jasig under one or more contributor license
-    agreements. See the NOTICE file distributed with this work
-    for additional information regarding copyright ownership.
-    Jasig licenses this file to you under the Apache License,
-    Version 2.0 (the "License"); you may not use this file
-    except in compliance with the License.  You may obtain a
-    copy of the License at the following location:
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
-    Unless required by applicable law or agreed to in writing,
-    software distributed under the License is distributed on an
-    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-    KIND, either express or implied.  See the License for the
-    specific language governing permissions and limitations
-    under the License.
+	Licensed to Jasig under one or more contributor license
+	agreements. See the NOTICE file distributed with this work
+	for additional information regarding copyright ownership.
+	Jasig licenses this file to you under the Apache License,
+	Version 2.0 (the "License"); you may not use this file
+	except in compliance with the License.	You may obtain a
+	copy of the License at the following location:
+
+	  http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing,
+	software distributed under the License is distributed on an
+	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+	KIND, either express or implied.  See the License for the
+	specific language governing permissions and limitations
+	under the License.
 
 -->
 <beans xmlns="http://www.springframework.org/schema/beans"
@@ -26,8 +26,8 @@
 	   xmlns:util="http://www.springframework.org/schema/util"
 	   xmlns:aop="http://www.springframework.org/schema/aop"
 	   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
-        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
+		http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
+		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
 	<description>
 		This is the main Spring configuration file with some of the main "core" classes defined. You shouldn't really
 		modify this unless you

samples/chat-jc/pom.xml

@@ -9,254 +9,254 @@
   <description>spring-security-samples-chat-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>com.fasterxml.jackson.core</groupId>
-      <artifactId>jackson-databind</artifactId>
-      <version>2.4.4</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.commons</groupId>
-      <artifactId>commons-pool2</artifactId>
-      <version>2.2</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate.javax.persistence</groupId>
-      <artifactId>hibernate-jpa-2.0-api</artifactId>
-      <version>1.0.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-entitymanager</artifactId>
-      <version>3.6.10.Final</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>javassist</artifactId>
-          <groupId>javassist</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hsqldb</groupId>
-      <artifactId>hsqldb</artifactId>
-      <version>2.3.2</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.data</groupId>
-      <artifactId>spring-data-jpa</artifactId>
-      <version>1.7.1.RELEASE</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>aspectjrt</artifactId>
-          <groupId>org.aspectj</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.data</groupId>
-      <artifactId>spring-data-redis</artifactId>
-      <version>1.4.1.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-data</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-messaging</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.session</groupId>
-      <artifactId>spring-session</artifactId>
-      <version>1.0.0.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-messaging</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-websocket</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.thymeleaf.extras</groupId>
-      <artifactId>thymeleaf-extras-tiles2-spring4</artifactId>
-      <version>2.1.1.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.thymeleaf</groupId>
-      <artifactId>thymeleaf-spring4</artifactId>
-      <version>1.2.7.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>redis.clients</groupId>
-      <artifactId>jedis</artifactId>
-      <version>2.4.2</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>redis.embedded</groupId>
-      <artifactId>embedded-redis</artifactId>
-      <version>0.2</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>com.fasterxml.jackson.core</groupId>
+	  <artifactId>jackson-databind</artifactId>
+	  <version>2.4.4</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.commons</groupId>
+	  <artifactId>commons-pool2</artifactId>
+	  <version>2.2</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate.javax.persistence</groupId>
+	  <artifactId>hibernate-jpa-2.0-api</artifactId>
+	  <version>1.0.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-entitymanager</artifactId>
+	  <version>3.6.10.Final</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>javassist</artifactId>
+		  <groupId>javassist</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hsqldb</groupId>
+	  <artifactId>hsqldb</artifactId>
+	  <version>2.3.2</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.data</groupId>
+	  <artifactId>spring-data-jpa</artifactId>
+	  <version>1.7.1.RELEASE</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>aspectjrt</artifactId>
+		  <groupId>org.aspectj</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.data</groupId>
+	  <artifactId>spring-data-redis</artifactId>
+	  <version>1.4.1.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-data</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-messaging</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.session</groupId>
+	  <artifactId>spring-session</artifactId>
+	  <version>1.0.0.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-messaging</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-websocket</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.thymeleaf.extras</groupId>
+	  <artifactId>thymeleaf-extras-tiles2-spring4</artifactId>
+	  <version>2.1.1.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.thymeleaf</groupId>
+	  <artifactId>thymeleaf-spring4</artifactId>
+	  <version>1.2.7.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>redis.clients</groupId>
+	  <artifactId>jedis</artifactId>
+	  <version>2.4.2</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>redis.embedded</groupId>
+	  <artifactId>embedded-redis</artifactId>
+	  <version>0.2</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/chat-jc/src/main/resources/tiles/tiles-def.xml

@@ -1,57 +1,57 @@
 <?xml version="1.0" encoding="ISO-8859-1" ?>
 <!DOCTYPE tiles-definitions PUBLIC
-       "-//Apache Software Foundation//DTD Tiles Configuration 2.1//EN"
-       "http://tiles.apache.org/dtds/tiles-config_2_1.dtd">
+	   "-//Apache Software Foundation//DTD Tiles Configuration 2.1//EN"
+	   "http://tiles.apache.org/dtds/tiles-config_2_1.dtd">
 <tiles-definitions>
 
   <definition name="messages/*"
-      template="layout">
-    <put-attribute name="content"
-        value="content/messages/{1}"/>
-    <put-attribute name="title"
-        value="title/messages/{1}"/>
-    <put-attribute name="head"
-        value="head/messages/{1}"/>
+	  template="layout">
+	<put-attribute name="content"
+		value="content/messages/{1}"/>
+	<put-attribute name="title"
+		value="title/messages/{1}"/>
+	<put-attribute name="head"
+		value="head/messages/{1}"/>
   </definition>
 
   <definition name="content/messages/*"
-      template="messages/{1} :: content"/>
+	  template="messages/{1} :: content"/>
   <definition name="title/messages/*"
-      template="messages/{1} :: title"/>
+	  template="messages/{1} :: title"/>
   <definition name="head/messages/*"
-      template="messages/{1} :: /html/head/link"/>
+	  template="messages/{1} :: /html/head/link"/>
 
   <definition name="user/*"
-      template="layout">
-    <put-attribute name="content"
-        value="content/user/{1}"/>
-    <put-attribute name="title"
-        value="title/user/{1}"/>
-    <put-attribute name="head"
-        value="head/user/{1}"/>
+	  template="layout">
+	<put-attribute name="content"
+		value="content/user/{1}"/>
+	<put-attribute name="title"
+		value="title/user/{1}"/>
+	<put-attribute name="head"
+		value="head/user/{1}"/>
   </definition>
 
   <definition name="content/user/*"
-      template="user/{1} :: content"/>
+	  template="user/{1} :: content"/>
   <definition name="title/user/*"
-      template="user/{1} :: title"/>
+	  template="user/{1} :: title"/>
   <definition name="head/user/*"
-      template="user/{1} :: /html/head/link"/>
+	  template="user/{1} :: /html/head/link"/>
 
   <definition name="*"
-      template="layout">
-    <put-attribute name="content"
-        value="content/{1}"/>
-    <put-attribute name="title"
-        value="title/{1}"/>
-    <put-attribute name="head"
-        value="head/{1}"/>
+	  template="layout">
+	<put-attribute name="content"
+		value="content/{1}"/>
+	<put-attribute name="title"
+		value="title/{1}"/>
+	<put-attribute name="head"
+		value="head/{1}"/>
   </definition>
 
   <definition name="content/*"
-      template="{1} :: content"/>
+	  template="{1} :: content"/>
   <definition name="title/*"
-      template="{1} :: title"/>
+	  template="{1} :: title"/>
   <definition name="head/*"
-      template="{1} :: /html/head/link"/>
+	  template="{1} :: /html/head/link"/>
 </tiles-definitions>

samples/concurrency-jc/pom.xml

@@ -9,200 +9,200 @@
   <description>spring-security-samples-concurrency-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-samples-messages-jc</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib-nodep</artifactId>
-      <version>3.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>0.9.30</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>opensymphony</groupId>
-      <artifactId>sitemesh</artifactId>
-      <version>2.4.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jul-to-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>log4j-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-samples-messages-jc</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>cglib</groupId>
+	  <artifactId>cglib-nodep</artifactId>
+	  <version>3.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>0.9.30</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>opensymphony</groupId>
+	  <artifactId>sitemesh</artifactId>
+	  <version>2.4.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/contacts-xml/client/clientContext.xml

@@ -8,66 +8,66 @@
 
 <beans>
 
-    <!-- Resolves ${...} placeholders from client.properties -->
-    <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
-        <property name="location"><value>client.properties</value></property>
-    </bean>
+	<!-- Resolves ${...} placeholders from client.properties -->
+	<bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+		<property name="location"><value>client.properties</value></property>
+	</bean>
 
-    <!-- Proxy for the RMI-exported ContactManager -->
-    <!-- COMMENTED OUT BY DEFAULT TO AVOID CONFLICTS WITH APPLICATION SERVERS
-    <bean id="rmiProxy" class="org.springframework.remoting.rmi.RmiProxyFactoryBean">
-        <property name="serviceInterface">
-            <value>sample.contact.ContactManager</value>
-        </property>
-        <property name="serviceUrl">
-            <value>rmi://${serverName}:${rmiPort}/contactManager</value>
-        </property>
-        <property name="remoteInvocationFactory">
-            <ref local="remoteInvocationFactory"/>
-        </property>
-    </bean>
+	<!-- Proxy for the RMI-exported ContactManager -->
+	<!-- COMMENTED OUT BY DEFAULT TO AVOID CONFLICTS WITH APPLICATION SERVERS
+	<bean id="rmiProxy" class="org.springframework.remoting.rmi.RmiProxyFactoryBean">
+		<property name="serviceInterface">
+			<value>sample.contact.ContactManager</value>
+		</property>
+		<property name="serviceUrl">
+			<value>rmi://${serverName}:${rmiPort}/contactManager</value>
+		</property>
+		<property name="remoteInvocationFactory">
+			<ref local="remoteInvocationFactory"/>
+		</property>
+	</bean>
 
-    <bean id="remoteInvocationFactory" class="org.springframework.security.ui.rmi.ContextPropagatingRemoteInvocationFactory"/>
-    -->
+	<bean id="remoteInvocationFactory" class="org.springframework.security.ui.rmi.ContextPropagatingRemoteInvocationFactory"/>
+	-->
 
-    <!-- Proxy for the HTTP-invoker-exported ContactManager -->
-    <!-- Spring's HTTP invoker uses Java serialization via HTTP  -->
-    <bean id="httpInvokerProxy" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
-        <property name="serviceInterface">
-            <value>sample.contact.ContactManager</value>
-        </property>
-        <property name="serviceUrl">
-            <value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-httpinvoker</value>
-        </property>
-        <property name="httpInvokerRequestExecutor">
-            <ref local="httpInvokerRequestExecutor"/>
-        </property>
-    </bean>
+	<!-- Proxy for the HTTP-invoker-exported ContactManager -->
+	<!-- Spring's HTTP invoker uses Java serialization via HTTP	 -->
+	<bean id="httpInvokerProxy" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
+		<property name="serviceInterface">
+			<value>sample.contact.ContactManager</value>
+		</property>
+		<property name="serviceUrl">
+			<value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-httpinvoker</value>
+		</property>
+		<property name="httpInvokerRequestExecutor">
+			<ref local="httpInvokerRequestExecutor"/>
+		</property>
+	</bean>
 
-    <!-- Automatically propagates ContextHolder-managed Authentication principal
-         and credentials to a HTTP invoker BASIC authentication header -->
-    <bean id="httpInvokerRequestExecutor" class="org.springframework.security.core.context.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/>
+	<!-- Automatically propagates ContextHolder-managed Authentication principal
+		 and credentials to a HTTP invoker BASIC authentication header -->
+	<bean id="httpInvokerRequestExecutor" class="org.springframework.security.core.context.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/>
 
-    <!-- Proxy for the Hessian-exported ContactManager
-    <bean id="hessianProxy" class="org.springframework.remoting.caucho.HessianProxyFactoryBean">
-        <property name="serviceInterface">
-            <value>sample.contact.ContactManager</value>
-        </property>
-        <property name="serviceUrl">
-            <value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-hessian</value>
-        </property>
-    </bean>
-    -->
+	<!-- Proxy for the Hessian-exported ContactManager
+	<bean id="hessianProxy" class="org.springframework.remoting.caucho.HessianProxyFactoryBean">
+		<property name="serviceInterface">
+			<value>sample.contact.ContactManager</value>
+		</property>
+		<property name="serviceUrl">
+			<value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-hessian</value>
+		</property>
+	</bean>
+	-->
 
-    <!-- Proxy for the Burlap-exported ContactManager
-    <bean id="burlapProxy" class="org.springframework.remoting.caucho.BurlapProxyFactoryBean">
-        <property name="serviceInterface">
-            <value>sample.contact.ContactManager</value>
-        </property>
-        <property name="serviceUrl">
-            <value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-burlap</value>
-        </property>
-    </bean>
-    -->
+	<!-- Proxy for the Burlap-exported ContactManager
+	<bean id="burlapProxy" class="org.springframework.remoting.caucho.BurlapProxyFactoryBean">
+		<property name="serviceInterface">
+			<value>sample.contact.ContactManager</value>
+		</property>
+		<property name="serviceUrl">
+			<value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-burlap</value>
+		</property>
+	</bean>
+	-->
 
 </beans>

samples/contacts-xml/pom.xml

@@ -9,254 +9,254 @@
   <description>spring-security-samples-contacts-xml</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-acl</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-aop</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-tx</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-web</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>net.sf.ehcache</groupId>
-      <artifactId>ehcache</artifactId>
-      <version>2.9.0</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.taglibs</groupId>
-      <artifactId>taglibs-standard-jstlel</artifactId>
-      <version>1.2.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hsqldb</groupId>
-      <artifactId>hsqldb</artifactId>
-      <version>2.3.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-taglibs</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context-support</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-httpclient</groupId>
-      <artifactId>commons-httpclient</artifactId>
-      <version>3.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.codehaus.groovy</groupId>
-      <artifactId>groovy</artifactId>
-      <version>2.3.8</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.gebish</groupId>
-      <artifactId>geb-spock</artifactId>
-      <version>0.10.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.seleniumhq.selenium</groupId>
-      <artifactId>selenium-htmlunit-driver</artifactId>
-      <version>2.44.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-core</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-spring</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-acl</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-aop</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-tx</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-web</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>net.sf.ehcache</groupId>
+	  <artifactId>ehcache</artifactId>
+	  <version>2.9.0</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.taglibs</groupId>
+	  <artifactId>taglibs-standard-jstlel</artifactId>
+	  <version>1.2.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hsqldb</groupId>
+	  <artifactId>hsqldb</artifactId>
+	  <version>2.3.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-taglibs</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context-support</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-httpclient</groupId>
+	  <artifactId>commons-httpclient</artifactId>
+	  <version>3.1</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.codehaus.groovy</groupId>
+	  <artifactId>groovy</artifactId>
+	  <version>2.3.8</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.gebish</groupId>
+	  <artifactId>geb-spock</artifactId>
+	  <version>0.10.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.seleniumhq.selenium</groupId>
+	  <artifactId>selenium-htmlunit-driver</artifactId>
+	  <version>2.44.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-core</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-spring</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/contacts-xml/src/main/resources/applicationContext-common-authorization.xml

@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:security="http://www.springframework.org/schema/security"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
 
 <!--
   - Application context containing the ACL beans.
@@ -14,55 +14,55 @@
   <!-- ========= ACL SERVICE  DEFINITIONS ========= -->
 
   <bean id="aclCache" class="org.springframework.security.acls.domain.EhCacheBasedAclCache">
-    <constructor-arg>
-      <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
-        <property name="cacheManager">
-          <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
-        </property>
-        <property name="cacheName" value="aclCache"/>
-      </bean>
-    </constructor-arg>
-    <constructor-arg>
-        <bean class="org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy">
-            <constructor-arg>
-                <bean class="org.springframework.security.acls.domain.ConsoleAuditLogger"/>
-            </constructor-arg>
-        </bean>
-    </constructor-arg>
-    <constructor-arg>
-        <bean class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
-            <constructor-arg>
-                <list>
-                    <bean class="org.springframework.security.core.authority.SimpleGrantedAuthority">
-                        <constructor-arg value="ROLE_ACL_ADMIN"/>
-                    </bean>
-                </list>
-            </constructor-arg>
-        </bean>
-    </constructor-arg>
+	<constructor-arg>
+	  <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
+		<property name="cacheManager">
+		  <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
+		</property>
+		<property name="cacheName" value="aclCache"/>
+	  </bean>
+	</constructor-arg>
+	<constructor-arg>
+		<bean class="org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy">
+			<constructor-arg>
+				<bean class="org.springframework.security.acls.domain.ConsoleAuditLogger"/>
+			</constructor-arg>
+		</bean>
+	</constructor-arg>
+	<constructor-arg>
+		<bean class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
+			<constructor-arg>
+				<list>
+					<bean class="org.springframework.security.core.authority.SimpleGrantedAuthority">
+						<constructor-arg value="ROLE_ACL_ADMIN"/>
+					</bean>
+				</list>
+			</constructor-arg>
+		</bean>
+	</constructor-arg>
   </bean>
 
   <bean id="lookupStrategy" class="org.springframework.security.acls.jdbc.BasicLookupStrategy">
-    <constructor-arg ref="dataSource"/>
-    <constructor-arg ref="aclCache"/>
-    <constructor-arg>
-        <bean class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
-            <constructor-arg>
-                <bean class="org.springframework.security.core.authority.SimpleGrantedAuthority">
-                    <constructor-arg value="ROLE_ADMINISTRATOR"/>
-                </bean>
-            </constructor-arg>
-        </bean>
-    </constructor-arg>
-    <constructor-arg>
-      <bean class="org.springframework.security.acls.domain.ConsoleAuditLogger"/>
-    </constructor-arg>
+	<constructor-arg ref="dataSource"/>
+	<constructor-arg ref="aclCache"/>
+	<constructor-arg>
+		<bean class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
+			<constructor-arg>
+				<bean class="org.springframework.security.core.authority.SimpleGrantedAuthority">
+					<constructor-arg value="ROLE_ADMINISTRATOR"/>
+				</bean>
+			</constructor-arg>
+		</bean>
+	</constructor-arg>
+	<constructor-arg>
+	  <bean class="org.springframework.security.acls.domain.ConsoleAuditLogger"/>
+	</constructor-arg>
   </bean>
 
   <bean id="aclService" class="org.springframework.security.acls.jdbc.JdbcMutableAclService">
-    <constructor-arg ref="dataSource"/>
-    <constructor-arg ref="lookupStrategy"/>
-    <constructor-arg ref="aclCache"/>
+	<constructor-arg ref="dataSource"/>
+	<constructor-arg ref="lookupStrategy"/>
+	<constructor-arg ref="aclCache"/>
   </bean>
 
 </beans>

samples/contacts-xml/src/main/resources/applicationContext-common-business.xml

@@ -8,42 +8,42 @@
   -->
 
 <beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:tx="http://www.springframework.org/schema/tx"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
-
-    <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
-        <property name="basename" value="classpath:org/springframework/security/messages"/>
-    </bean>
-
-    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
-        <property name="driverClassName" value="org.hsqldb.jdbcDriver"/>
-        <property name="url" value="jdbc:hsqldb:mem:test"/>
-        <!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
-        <property name="username" value="sa"/>
-        <property name="password" value=""/>
-    </bean>
-
-    <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
-        <property name="dataSource" ref="dataSource"/>
-    </bean>
-
-    <tx:annotation-driven transaction-manager="transactionManager" />
-
-    <bean id="dataSourcePopulator" class="sample.contact.DataSourcePopulator">
-        <property name="dataSource" ref="dataSource"/>
-        <property name="mutableAclService" ref="aclService"/>
-        <property name="platformTransactionManager" ref="transactionManager"/>
-    </bean>
-
-    <bean id="contactManager" class="sample.contact.ContactManagerBackend">
-       <property name="contactDao">
-            <bean class="sample.contact.ContactDaoSpring">
-               <property name="dataSource" ref="dataSource"/>
-            </bean>
-        </property>
-        <property name="mutableAclService" ref="aclService"/>
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+						http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+	<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
+		<property name="basename" value="classpath:org/springframework/security/messages"/>
+	</bean>
+
+	<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
+		<property name="driverClassName" value="org.hsqldb.jdbcDriver"/>
+		<property name="url" value="jdbc:hsqldb:mem:test"/>
+		<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
+		<property name="username" value="sa"/>
+		<property name="password" value=""/>
+	</bean>
+
+	<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
+		<property name="dataSource" ref="dataSource"/>
+	</bean>
+
+	<tx:annotation-driven transaction-manager="transactionManager" />
+
+	<bean id="dataSourcePopulator" class="sample.contact.DataSourcePopulator">
+		<property name="dataSource" ref="dataSource"/>
+		<property name="mutableAclService" ref="aclService"/>
+		<property name="platformTransactionManager" ref="transactionManager"/>
+	</bean>
+
+	<bean id="contactManager" class="sample.contact.ContactManagerBackend">
+	   <property name="contactDao">
+			<bean class="sample.contact.ContactDaoSpring">
+			   <property name="dataSource" ref="dataSource"/>
+			</bean>
+		</property>
+		<property name="mutableAclService" ref="aclService"/>
    </bean>
 
 </beans>

samples/contacts-xml/src/main/webapp/WEB-INF/web.xml

@@ -6,94 +6,94 @@
   -->
 
 <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
-    <display-name>Contacts Sample Application</display-name>
-
-    <!--
-      - Location of the XML file that defines the root application context
-      - Applied by ContextLoaderListener.
-      -->
-    <context-param>
-        <param-name>contextConfigLocation</param-name>
-        <param-value>
-            classpath:applicationContext-common-business.xml
-            classpath:applicationContext-common-authorization.xml
-            classpath:applicationContext-security.xml
-        </param-value>
-    </context-param>
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+	<display-name>Contacts Sample Application</display-name>
+
+	<!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+			classpath:applicationContext-common-business.xml
+			classpath:applicationContext-common-authorization.xml
+			classpath:applicationContext-security.xml
+		</param-value>
+	</context-param>
 
    <!-- Nothing below here needs to be modified -->
 
-    <context-param>
-        <param-name>webAppRootKey</param-name>
-        <param-value>contacts.root</param-value>
-    </context-param>
-
-    <filter>
-        <filter-name>localizationFilter</filter-name>
-        <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
-    </filter>
-
-    <filter>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-    </filter>
-
-    <filter-mapping>
-        <filter-name>localizationFilter</filter-name>
-        <url-pattern>/*</url-pattern>
-    </filter-mapping>
-
-    <filter-mapping>
-      <filter-name>springSecurityFilterChain</filter-name>
-      <url-pattern>/*</url-pattern>
-    </filter-mapping>
-
-    <!--
-      - Loads the root application context of this web app at startup.
-      - The application context is then available via
-      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
-    -->
-    <listener>
-        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-    </listener>
+	<context-param>
+		<param-name>webAppRootKey</param-name>
+		<param-value>contacts.root</param-value>
+	</context-param>
+
+	<filter>
+		<filter-name>localizationFilter</filter-name>
+		<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
+	</filter>
+
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
+
+	<filter-mapping>
+		<filter-name>localizationFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<filter-mapping>
+	  <filter-name>springSecurityFilterChain</filter-name>
+	  <url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<!--
+	  - Loads the root application context of this web app at startup.
+	  - The application context is then available via
+	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+	-->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
 
   <!--
-    - Provides core MVC application controller. See contacts-servlet.xml.
-    -->
-    <servlet>
-        <servlet-name>contacts</servlet-name>
-        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
-        <load-on-startup>1</load-on-startup>
-    </servlet>
+	- Provides core MVC application controller. See contacts-servlet.xml.
+	-->
+	<servlet>
+		<servlet-name>contacts</servlet-name>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<load-on-startup>1</load-on-startup>
+	</servlet>
 
   <!--
-    - Provides web services endpoint. See remoting-servlet.xml.
-    -->
-    <servlet>
-        <servlet-name>remoting</servlet-name>
-        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
-        <load-on-startup>2</load-on-startup>
-    </servlet>
-
-    <servlet-mapping>
-        <servlet-name>contacts</servlet-name>
-        <url-pattern>*.htm</url-pattern>
-     </servlet-mapping>
-
-    <servlet-mapping>
-        <servlet-name>remoting</servlet-name>
-        <url-pattern>/remoting/*</url-pattern>
-    </servlet-mapping>
-
-     <welcome-file-list>
-        <welcome-file>index.jsp</welcome-file>
-    </welcome-file-list>
-
-    <error-page>
-        <error-code>403</error-code>
-        <location>/error.html</location>
-    </error-page>
+	- Provides web services endpoint. See remoting-servlet.xml.
+	-->
+	<servlet>
+		<servlet-name>remoting</servlet-name>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<load-on-startup>2</load-on-startup>
+	</servlet>
+
+	<servlet-mapping>
+		<servlet-name>contacts</servlet-name>
+		<url-pattern>*.htm</url-pattern>
+	 </servlet-mapping>
+
+	<servlet-mapping>
+		<servlet-name>remoting</servlet-name>
+		<url-pattern>/remoting/*</url-pattern>
+	</servlet-mapping>
+
+	 <welcome-file-list>
+		<welcome-file>index.jsp</welcome-file>
+	</welcome-file-list>
+
+	<error-page>
+		<error-code>403</error-code>
+		<location>/error.html</location>
+	</error-page>
 
 </web-app>

samples/data-jc/pom.xml

@@ -8,136 +8,136 @@
   <description>spring-security-samples-data-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate.javax.persistence</groupId>
-      <artifactId>hibernate-jpa-2.0-api</artifactId>
-      <version>1.0.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-entitymanager</artifactId>
-      <version>3.6.10.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hsqldb</groupId>
-      <artifactId>hsqldb</artifactId>
-      <version>2.3.2</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.data</groupId>
-      <artifactId>spring-data-jpa</artifactId>
-      <version>1.7.1.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-data</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate.javax.persistence</groupId>
+	  <artifactId>hibernate-jpa-2.0-api</artifactId>
+	  <version>1.0.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-entitymanager</artifactId>
+	  <version>3.6.10.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hsqldb</groupId>
+	  <artifactId>hsqldb</artifactId>
+	  <version>2.3.2</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.data</groupId>
+	  <artifactId>spring-data-jpa</artifactId>
+	  <version>1.7.1.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-data</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/dms-xml/pom.xml

@@ -8,149 +8,149 @@
   <description>spring-security-samples-dms-xml</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-acl</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-tx</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>net.sf.ehcache</groupId>
-      <artifactId>ehcache</artifactId>
-      <version>2.9.0</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>org.hsqldb</groupId>
-      <artifactId>hsqldb</artifactId>
-      <version>2.3.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context-support</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-acl</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-tx</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>net.sf.ehcache</groupId>
+	  <artifactId>ehcache</artifactId>
+	  <version>2.9.0</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>org.hsqldb</groupId>
+	  <artifactId>hsqldb</artifactId>
+	  <version>2.3.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context-support</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/dms-xml/src/test/resources/logback-test.xml

@@ -1,14 +1,14 @@
 <configuration>
   <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-    <encoder>
-      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-    </encoder>
+	<encoder>
+	  <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+	</encoder>
   </appender>
 
   <logger name="org.springframework.security" level="${sec.log.level}:-WARN"/>
 
   <root level="${root.level}:-WARN">
-    <appender-ref ref="STDOUT" />
+	<appender-ref ref="STDOUT" />
   </root>
 
 </configuration>

samples/form-jc/pom.xml

@@ -9,248 +9,248 @@
   <description>spring-security-samples-form-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-samples-messages-jc</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib-nodep</artifactId>
-      <version>3.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>0.9.30</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>opensymphony</groupId>
-      <artifactId>sitemesh</artifactId>
-      <version>2.4.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-httpclient</groupId>
-      <artifactId>commons-httpclient</artifactId>
-      <version>3.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.codehaus.groovy</groupId>
-      <artifactId>groovy</artifactId>
-      <version>2.3.8</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.gebish</groupId>
-      <artifactId>geb-spock</artifactId>
-      <version>0.10.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.seleniumhq.selenium</groupId>
-      <artifactId>selenium-htmlunit-driver</artifactId>
-      <version>2.44.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-core</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-spring</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jul-to-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>log4j-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-samples-messages-jc</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>cglib</groupId>
+	  <artifactId>cglib-nodep</artifactId>
+	  <version>3.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>0.9.30</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>opensymphony</groupId>
+	  <artifactId>sitemesh</artifactId>
+	  <version>2.4.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-httpclient</groupId>
+	  <artifactId>commons-httpclient</artifactId>
+	  <version>3.1</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.codehaus.groovy</groupId>
+	  <artifactId>groovy</artifactId>
+	  <version>2.3.8</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.gebish</groupId>
+	  <artifactId>geb-spock</artifactId>
+	  <version>0.10.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.seleniumhq.selenium</groupId>
+	  <artifactId>selenium-htmlunit-driver</artifactId>
+	  <version>2.44.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-core</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-spring</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/gae-xml/pom.xml

@@ -9,206 +9,206 @@
   <description>spring-security-samples-gae-xml</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>com.google.appengine</groupId>
-      <artifactId>appengine-api-1.0-sdk</artifactId>
-      <version>1.4.2</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context-support</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-web</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-jdk14</artifactId>
-      <version>1.7.7</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-taglibs</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>com.google.appengine</groupId>
-      <artifactId>appengine-api-labs</artifactId>
-      <version>1.4.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>com.google.appengine</groupId>
-      <artifactId>appengine-api-stubs</artifactId>
-      <version>1.4.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>com.google.appengine</groupId>
-      <artifactId>appengine-testing</artifactId>
-      <version>1.4.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>com.google.appengine</groupId>
+	  <artifactId>appengine-api-1.0-sdk</artifactId>
+	  <version>1.4.2</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context-support</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-web</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-jdk14</artifactId>
+	  <version>1.7.7</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-taglibs</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>com.google.appengine</groupId>
+	  <artifactId>appengine-api-labs</artifactId>
+	  <version>1.4.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>com.google.appengine</groupId>
+	  <artifactId>appengine-api-stubs</artifactId>
+	  <version>1.4.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>com.google.appengine</groupId>
+	  <artifactId>appengine-testing</artifactId>
+	  <version>1.4.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/spring-security-samples-gae-xml</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/spring-security-samples-gae-xml</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/gae-xml/src/main/webapp/WEB-INF/web.xml

@@ -1,46 +1,46 @@
 <?xml version="1.0" encoding="utf-8"?>
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
-    xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
-    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
-
-    <context-param>
-        <param-name>contextConfigLocation</param-name>
-        <param-value>
-            /WEB-INF/applicationContext-security.xml
-        </param-value>
-    </context-param>
-
-    <filter>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-    </filter>
-
-    <filter-mapping>
-      <filter-name>springSecurityFilterChain</filter-name>
-      <url-pattern>/*</url-pattern>
-    </filter-mapping>
-
-    <listener>
-        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-    </listener>
-
-    <servlet>
-        <servlet-name>gae</servlet-name>
-        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
-        <init-param>
-            <param-name>contextConfigLocation</param-name>
-            <param-value>/WEB-INF/gae-servlet.xml</param-value>
-        </init-param>
-    </servlet>
-
-    <servlet-mapping>
-        <servlet-name>gae</servlet-name>
-        <url-pattern>/</url-pattern>
-    </servlet-mapping>
-
-    <servlet-mapping>
-        <servlet-name>gae</servlet-name>
-        <url-pattern>*.htm</url-pattern>
-    </servlet-mapping>
+	xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
+
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+			/WEB-INF/applicationContext-security.xml
+		</param-value>
+	</context-param>
+
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
+
+	<filter-mapping>
+	  <filter-name>springSecurityFilterChain</filter-name>
+	  <url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+
+	<servlet>
+		<servlet-name>gae</servlet-name>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<init-param>
+			<param-name>contextConfigLocation</param-name>
+			<param-value>/WEB-INF/gae-servlet.xml</param-value>
+		</init-param>
+	</servlet>
+
+	<servlet-mapping>
+		<servlet-name>gae</servlet-name>
+		<url-pattern>/</url-pattern>
+	</servlet-mapping>
+
+	<servlet-mapping>
+		<servlet-name>gae</servlet-name>
+		<url-pattern>*.htm</url-pattern>
+	</servlet-mapping>
 
 </web-app>

samples/hellojs-jc/pom.xml

@@ -9,206 +9,206 @@
   <description>spring-security-samples-hellojs-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>com.fasterxml.jackson.core</groupId>
-      <artifactId>jackson-databind</artifactId>
-      <version>2.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-samples-messages-jc</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib-nodep</artifactId>
-      <version>3.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>0.9.30</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>opensymphony</groupId>
-      <artifactId>sitemesh</artifactId>
-      <version>2.4.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>com.fasterxml.jackson.core</groupId>
+	  <artifactId>jackson-databind</artifactId>
+	  <version>2.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jul-to-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>log4j-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-samples-messages-jc</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>cglib</groupId>
+	  <artifactId>cglib-nodep</artifactId>
+	  <version>3.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>0.9.30</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>opensymphony</groupId>
+	  <artifactId>sitemesh</artifactId>
+	  <version>2.4.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/hellomvc-jc/pom.xml

@@ -9,206 +9,206 @@
   <description>spring-security-samples-hellomvc-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-samples-messages-jc</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib-nodep</artifactId>
-      <version>3.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>0.9.30</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>opensymphony</groupId>
-      <artifactId>sitemesh</artifactId>
-      <version>2.4.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-test</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jul-to-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>log4j-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-samples-messages-jc</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>cglib</groupId>
+	  <artifactId>cglib-nodep</artifactId>
+	  <version>3.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>0.9.30</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>opensymphony</groupId>
+	  <artifactId>sitemesh</artifactId>
+	  <version>2.4.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-test</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/helloworld-jc/pom.xml

@@ -9,182 +9,182 @@
   <description>spring-security-samples-helloworld-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.taglibs</groupId>
-      <artifactId>taglibs-standard-jstlel</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-httpclient</groupId>
-      <artifactId>commons-httpclient</artifactId>
-      <version>3.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.codehaus.groovy</groupId>
-      <artifactId>groovy</artifactId>
-      <version>2.3.8</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.gebish</groupId>
-      <artifactId>geb-spock</artifactId>
-      <version>0.10.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.seleniumhq.selenium</groupId>
-      <artifactId>selenium-htmlunit-driver</artifactId>
-      <version>2.44.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-core</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-spring</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.taglibs</groupId>
+	  <artifactId>taglibs-standard-jstlel</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-httpclient</groupId>
+	  <artifactId>commons-httpclient</artifactId>
+	  <version>3.1</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.codehaus.groovy</groupId>
+	  <artifactId>groovy</artifactId>
+	  <version>2.3.8</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.gebish</groupId>
+	  <artifactId>geb-spock</artifactId>
+	  <version>0.10.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.seleniumhq.selenium</groupId>
+	  <artifactId>selenium-htmlunit-driver</artifactId>
+	  <version>2.44.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-core</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-spring</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/helloworld-xml/pom.xml

@@ -9,182 +9,182 @@
   <description>spring-security-samples-helloworld-xml</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.taglibs</groupId>
-      <artifactId>taglibs-standard-jstlel</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-httpclient</groupId>
-      <artifactId>commons-httpclient</artifactId>
-      <version>3.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.codehaus.groovy</groupId>
-      <artifactId>groovy</artifactId>
-      <version>2.3.8</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.gebish</groupId>
-      <artifactId>geb-spock</artifactId>
-      <version>0.10.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.seleniumhq.selenium</groupId>
-      <artifactId>selenium-htmlunit-driver</artifactId>
-      <version>2.44.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-core</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-spring</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.taglibs</groupId>
+	  <artifactId>taglibs-standard-jstlel</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-httpclient</groupId>
+	  <artifactId>commons-httpclient</artifactId>
+	  <version>3.1</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.codehaus.groovy</groupId>
+	  <artifactId>groovy</artifactId>
+	  <version>2.3.8</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.gebish</groupId>
+	  <artifactId>geb-spock</artifactId>
+	  <version>0.10.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.seleniumhq.selenium</groupId>
+	  <artifactId>selenium-htmlunit-driver</artifactId>
+	  <version>2.44.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-core</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-spring</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/inmemory-jc/pom.xml

@@ -9,206 +9,206 @@
   <description>spring-security-samples-inmemory-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-samples-messages-jc</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib-nodep</artifactId>
-      <version>3.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>0.9.30</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>opensymphony</groupId>
-      <artifactId>sitemesh</artifactId>
-      <version>2.4.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-test</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jul-to-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>log4j-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-samples-messages-jc</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>cglib</groupId>
+	  <artifactId>cglib-nodep</artifactId>
+	  <version>3.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>0.9.30</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>opensymphony</groupId>
+	  <artifactId>sitemesh</artifactId>
+	  <version>2.4.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-test</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/insecure/pom.xml

@@ -9,170 +9,170 @@
   <description>spring-security-samples-insecure</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.taglibs</groupId>
-      <artifactId>taglibs-standard-jstlel</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-httpclient</groupId>
-      <artifactId>commons-httpclient</artifactId>
-      <version>3.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.codehaus.groovy</groupId>
-      <artifactId>groovy</artifactId>
-      <version>2.3.8</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.gebish</groupId>
-      <artifactId>geb-spock</artifactId>
-      <version>0.10.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.seleniumhq.selenium</groupId>
-      <artifactId>selenium-htmlunit-driver</artifactId>
-      <version>2.44.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-core</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-spring</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.taglibs</groupId>
+	  <artifactId>taglibs-standard-jstlel</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-httpclient</groupId>
+	  <artifactId>commons-httpclient</artifactId>
+	  <version>3.1</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.codehaus.groovy</groupId>
+	  <artifactId>groovy</artifactId>
+	  <version>2.3.8</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.gebish</groupId>
+	  <artifactId>geb-spock</artifactId>
+	  <version>0.10.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.seleniumhq.selenium</groupId>
+	  <artifactId>selenium-htmlunit-driver</artifactId>
+	  <version>2.44.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-core</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-spring</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/insecuremvc/pom.xml

@@ -9,182 +9,182 @@
   <description>spring-security-samples-insecuremvc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-samples-messages-jc</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib-nodep</artifactId>
-      <version>3.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>0.9.30</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>opensymphony</groupId>
-      <artifactId>sitemesh</artifactId>
-      <version>2.4.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jul-to-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>log4j-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-samples-messages-jc</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>cglib</groupId>
+	  <artifactId>cglib-nodep</artifactId>
+	  <version>3.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>0.9.30</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>opensymphony</groupId>
+	  <artifactId>sitemesh</artifactId>
+	  <version>2.4.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/jaas-xml/pom.xml

@@ -9,212 +9,212 @@
   <description>spring-security-samples-jaas-xml</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-web</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.taglibs</groupId>
-      <artifactId>taglibs-standard-jstlel</artifactId>
-      <version>1.2.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-taglibs</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context-support</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-httpclient</groupId>
-      <artifactId>commons-httpclient</artifactId>
-      <version>3.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.codehaus.groovy</groupId>
-      <artifactId>groovy</artifactId>
-      <version>2.3.8</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.gebish</groupId>
-      <artifactId>geb-spock</artifactId>
-      <version>0.10.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.seleniumhq.selenium</groupId>
-      <artifactId>selenium-htmlunit-driver</artifactId>
-      <version>2.44.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-core</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-spring</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-web</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.taglibs</groupId>
+	  <artifactId>taglibs-standard-jstlel</artifactId>
+	  <version>1.2.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-taglibs</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context-support</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-httpclient</groupId>
+	  <artifactId>commons-httpclient</artifactId>
+	  <version>3.1</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.codehaus.groovy</groupId>
+	  <artifactId>groovy</artifactId>
+	  <version>2.3.8</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.gebish</groupId>
+	  <artifactId>geb-spock</artifactId>
+	  <version>0.10.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.seleniumhq.selenium</groupId>
+	  <artifactId>selenium-htmlunit-driver</artifactId>
+	  <version>2.44.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-core</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-spring</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/jaas-xml/src/main/webapp/WEB-INF/web.xml

@@ -6,58 +6,58 @@
   -->
 
 <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
-    <display-name>JAAS Sample Application</display-name>
-
-    <!--
-      - Location of the XML file that defines the root application context
-      - Applied by ContextLoaderListener.
-      -->
-    <context-param>
-        <param-name>contextConfigLocation</param-name>
-        <param-value>
-           classpath:applicationContext-security.xml
-        </param-value>
-    </context-param>
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+	<display-name>JAAS Sample Application</display-name>
+
+	<!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+		   classpath:applicationContext-security.xml
+		</param-value>
+	</context-param>
 
    <!-- Nothing below here needs to be modified -->
 
-    <context-param>
-        <param-name>webAppRootKey</param-name>
-        <param-value>jaas.root</param-value>
-    </context-param>
-
-    <filter>
-        <filter-name>localizationFilter</filter-name>
-        <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
-    </filter>
-
-    <filter>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-    </filter>
-
-    <filter-mapping>
-        <filter-name>localizationFilter</filter-name>
-        <url-pattern>/*</url-pattern>
-    </filter-mapping>
-
-    <filter-mapping>
-      <filter-name>springSecurityFilterChain</filter-name>
-      <url-pattern>/*</url-pattern>
-    </filter-mapping>
-
-    <!--
-      - Loads the root application context of this web app at startup.
-      - The application context is then available via
-      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
-    -->
-    <listener>
-        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-    </listener>
-
-     <welcome-file-list>
-        <welcome-file>index.jsp</welcome-file>
-    </welcome-file-list>
+	<context-param>
+		<param-name>webAppRootKey</param-name>
+		<param-value>jaas.root</param-value>
+	</context-param>
+
+	<filter>
+		<filter-name>localizationFilter</filter-name>
+		<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
+	</filter>
+
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
+
+	<filter-mapping>
+		<filter-name>localizationFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<filter-mapping>
+	  <filter-name>springSecurityFilterChain</filter-name>
+	  <url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<!--
+	  - Loads the root application context of this web app at startup.
+	  - The application context is then available via
+	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+	-->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+
+	 <welcome-file-list>
+		<welcome-file>index.jsp</welcome-file>
+	</welcome-file-list>
 </web-app>

samples/jdbc-jc/pom.xml

@@ -9,248 +9,248 @@
   <description>spring-security-samples-jdbc-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-samples-messages-jc</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib-nodep</artifactId>
-      <version>3.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>0.9.30</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>opensymphony</groupId>
-      <artifactId>sitemesh</artifactId>
-      <version>2.4.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-httpclient</groupId>
-      <artifactId>commons-httpclient</artifactId>
-      <version>3.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.codehaus.groovy</groupId>
-      <artifactId>groovy</artifactId>
-      <version>2.3.8</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.gebish</groupId>
-      <artifactId>geb-spock</artifactId>
-      <version>0.10.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.seleniumhq.selenium</groupId>
-      <artifactId>selenium-htmlunit-driver</artifactId>
-      <version>2.44.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-core</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-spring</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jul-to-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>log4j-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-samples-messages-jc</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>cglib</groupId>
+	  <artifactId>cglib-nodep</artifactId>
+	  <version>3.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>0.9.30</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>opensymphony</groupId>
+	  <artifactId>sitemesh</artifactId>
+	  <version>2.4.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-httpclient</groupId>
+	  <artifactId>commons-httpclient</artifactId>
+	  <version>3.1</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.codehaus.groovy</groupId>
+	  <artifactId>groovy</artifactId>
+	  <version>2.3.8</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.gebish</groupId>
+	  <artifactId>geb-spock</artifactId>
+	  <version>0.10.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.seleniumhq.selenium</groupId>
+	  <artifactId>selenium-htmlunit-driver</artifactId>
+	  <version>2.44.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-core</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-spring</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/ldap-jc/pom.xml

@@ -9,290 +9,290 @@
   <description>spring-security-samples-ldap-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-core</artifactId>
-      <version>1.5.5</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-core-entry</artifactId>
-      <version>1.5.5</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-protocol-ldap</artifactId>
-      <version>1.5.5</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-protocol-shared</artifactId>
-      <version>1.5.5</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-server-jndi</artifactId>
-      <version>1.5.5</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.shared</groupId>
-      <artifactId>shared-ldap</artifactId>
-      <version>0.9.15</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-ldap</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-samples-messages-jc</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib-nodep</artifactId>
-      <version>3.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>0.9.30</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>opensymphony</groupId>
-      <artifactId>sitemesh</artifactId>
-      <version>2.4.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-httpclient</groupId>
-      <artifactId>commons-httpclient</artifactId>
-      <version>3.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.codehaus.groovy</groupId>
-      <artifactId>groovy</artifactId>
-      <version>2.3.8</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.gebish</groupId>
-      <artifactId>geb-spock</artifactId>
-      <version>0.10.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.seleniumhq.selenium</groupId>
-      <artifactId>selenium-htmlunit-driver</artifactId>
-      <version>2.44.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-core</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-spring</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-core</artifactId>
+	  <version>1.5.5</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-core-entry</artifactId>
+	  <version>1.5.5</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-protocol-ldap</artifactId>
+	  <version>1.5.5</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-protocol-shared</artifactId>
+	  <version>1.5.5</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-server-jndi</artifactId>
+	  <version>1.5.5</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.shared</groupId>
+	  <artifactId>shared-ldap</artifactId>
+	  <version>0.9.15</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jul-to-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>log4j-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-ldap</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-samples-messages-jc</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>cglib</groupId>
+	  <artifactId>cglib-nodep</artifactId>
+	  <version>3.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>0.9.30</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>opensymphony</groupId>
+	  <artifactId>sitemesh</artifactId>
+	  <version>2.4.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-httpclient</groupId>
+	  <artifactId>commons-httpclient</artifactId>
+	  <version>3.1</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.codehaus.groovy</groupId>
+	  <artifactId>groovy</artifactId>
+	  <version>2.3.8</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.gebish</groupId>
+	  <artifactId>geb-spock</artifactId>
+	  <version>0.10.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.seleniumhq.selenium</groupId>
+	  <artifactId>selenium-htmlunit-driver</artifactId>
+	  <version>2.44.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-core</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-spring</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/ldap-xml/pom.xml

@@ -9,218 +9,218 @@
   <description>spring-security-samples-ldap-xml</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.taglibs</groupId>
-      <artifactId>taglibs-standard-jstlel</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-taglibs</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-core</artifactId>
-      <version>1.5.5</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-core-entry</artifactId>
-      <version>1.5.5</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-protocol-ldap</artifactId>
-      <version>1.5.5</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-protocol-shared</artifactId>
-      <version>1.5.5</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-server-jndi</artifactId>
-      <version>1.5.5</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.shared</groupId>
-      <artifactId>shared-ldap</artifactId>
-      <version>0.9.15</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-ldap</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-httpclient</groupId>
-      <artifactId>commons-httpclient</artifactId>
-      <version>3.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.codehaus.groovy</groupId>
-      <artifactId>groovy</artifactId>
-      <version>2.3.8</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.gebish</groupId>
-      <artifactId>geb-spock</artifactId>
-      <version>0.10.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.seleniumhq.selenium</groupId>
-      <artifactId>selenium-htmlunit-driver</artifactId>
-      <version>2.44.0</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-core</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.spockframework</groupId>
-      <artifactId>spock-spring</artifactId>
-      <version>0.7-groovy-2.0</version>
-      <scope>test</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>junit-dep</artifactId>
-          <groupId>junit</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.taglibs</groupId>
+	  <artifactId>taglibs-standard-jstlel</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-taglibs</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-core</artifactId>
+	  <version>1.5.5</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-core-entry</artifactId>
+	  <version>1.5.5</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-protocol-ldap</artifactId>
+	  <version>1.5.5</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-protocol-shared</artifactId>
+	  <version>1.5.5</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.server</groupId>
+	  <artifactId>apacheds-server-jndi</artifactId>
+	  <version>1.5.5</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.directory.shared</groupId>
+	  <artifactId>shared-ldap</artifactId>
+	  <version>0.9.15</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-ldap</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-httpclient</groupId>
+	  <artifactId>commons-httpclient</artifactId>
+	  <version>3.1</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.codehaus.groovy</groupId>
+	  <artifactId>groovy</artifactId>
+	  <version>2.3.8</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.gebish</groupId>
+	  <artifactId>geb-spock</artifactId>
+	  <version>0.10.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.seleniumhq.selenium</groupId>
+	  <artifactId>selenium-htmlunit-driver</artifactId>
+	  <version>2.44.0</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-core</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.spockframework</groupId>
+	  <artifactId>spock-spring</artifactId>
+	  <version>0.7-groovy-2.0</version>
+	  <scope>test</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>junit-dep</artifactId>
+		  <groupId>junit</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/ldap-xml/src/main/webapp/WEB-INF/web.xml

@@ -1,44 +1,44 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
-
-    <display-name>Spring Security LDAP Demo Application</display-name>
-
-    <!--
-      - Location of the XML file that defines the root application context
-      - Applied by ContextLoaderListener.
-      -->
-    <context-param>
-        <param-name>contextConfigLocation</param-name>
-        <param-value>
-            /WEB-INF/applicationContext-security.xml
-        </param-value>
-    </context-param>
-
-    <context-param>
-        <param-name>webAppRootKey</param-name>
-        <param-value>ldap.root</param-value>
-    </context-param>
-
-    <filter>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-    </filter>
-
-    <filter-mapping>
-        <filter-name>springSecurityFilterChain</filter-name>
-      <url-pattern>/*</url-pattern>
-    </filter-mapping>
-
-    <!--
-      - Loads the root application context of this web app at startup.
-      - The application context is then available via
-      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
-    -->
-    <listener>
-        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-    </listener>
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+
+	<display-name>Spring Security LDAP Demo Application</display-name>
+
+	<!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+			/WEB-INF/applicationContext-security.xml
+		</param-value>
+	</context-param>
+
+	<context-param>
+		<param-name>webAppRootKey</param-name>
+		<param-value>ldap.root</param-value>
+	</context-param>
+
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
+
+	<filter-mapping>
+		<filter-name>springSecurityFilterChain</filter-name>
+	  <url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<!--
+	  - Loads the root application context of this web app at startup.
+	  - The application context is then available via
+	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+	-->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
 
 </web-app>

samples/messages-jc/pom.xml

@@ -8,220 +8,220 @@
   <description>spring-security-samples-messages-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate.javax.persistence</groupId>
-      <artifactId>hibernate-jpa-2.0-api</artifactId>
-      <version>1.0.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-entitymanager</artifactId>
-      <version>3.6.10.Final</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>javassist</artifactId>
-          <groupId>javassist</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hsqldb</groupId>
-      <artifactId>hsqldb</artifactId>
-      <version>2.3.2</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.data</groupId>
-      <artifactId>spring-data-jpa</artifactId>
-      <version>1.7.1.RELEASE</version>
-      <scope>compile</scope>
-      <exclusions>
-        <exclusion>
-          <artifactId>aspectjrt</artifactId>
-          <groupId>org.aspectj</groupId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-aop</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-aspects</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-core</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-instrument</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-orm</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-tx</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.thymeleaf.extras</groupId>
-      <artifactId>thymeleaf-extras-tiles2-spring4</artifactId>
-      <version>2.1.1.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.thymeleaf</groupId>
-      <artifactId>thymeleaf-spring4</artifactId>
-      <version>1.2.7.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate.javax.persistence</groupId>
+	  <artifactId>hibernate-jpa-2.0-api</artifactId>
+	  <version>1.0.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-entitymanager</artifactId>
+	  <version>3.6.10.Final</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>javassist</artifactId>
+		  <groupId>javassist</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hsqldb</groupId>
+	  <artifactId>hsqldb</artifactId>
+	  <version>2.3.2</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.data</groupId>
+	  <artifactId>spring-data-jpa</artifactId>
+	  <version>1.7.1.RELEASE</version>
+	  <scope>compile</scope>
+	  <exclusions>
+		<exclusion>
+		  <artifactId>aspectjrt</artifactId>
+		  <groupId>org.aspectj</groupId>
+		</exclusion>
+	  </exclusions>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-aop</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-aspects</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-core</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-instrument</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-orm</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-tx</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.thymeleaf.extras</groupId>
+	  <artifactId>thymeleaf-extras-tiles2-spring4</artifactId>
+	  <version>2.1.1.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.thymeleaf</groupId>
+	  <artifactId>thymeleaf-spring4</artifactId>
+	  <version>1.2.7.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/openid-jc/pom.xml

@@ -9,212 +9,212 @@
   <description>spring-security-samples-openid-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-openid</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-samples-messages-jc</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib-nodep</artifactId>
-      <version>3.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>0.9.30</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>net.sourceforge.nekohtml</groupId>
-      <artifactId>nekohtml</artifactId>
-      <version>1.9.10</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>opensymphony</groupId>
-      <artifactId>sitemesh</artifactId>
-      <version>2.4.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jul-to-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>log4j-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-openid</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-samples-messages-jc</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>cglib</groupId>
+	  <artifactId>cglib-nodep</artifactId>
+	  <version>3.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>0.9.30</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>net.sourceforge.nekohtml</groupId>
+	  <artifactId>nekohtml</artifactId>
+	  <version>1.9.10</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>opensymphony</groupId>
+	  <artifactId>sitemesh</artifactId>
+	  <version>2.4.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/openid-xml/pom.xml

@@ -9,140 +9,140 @@
   <description>spring-security-samples-openid-xml</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-openid</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.taglibs</groupId>
-      <artifactId>taglibs-standard-jstlel</artifactId>
-      <version>1.2.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-taglibs</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-openid</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.taglibs</groupId>
+	  <artifactId>taglibs-standard-jstlel</artifactId>
+	  <version>1.2.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-taglibs</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/spring-security-samples-openid-xml</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/spring-security-samples-openid-xml</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/openid-xml/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -1,63 +1,63 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <!--
-  -  Namespace-based OpenID configuration
+  -	 Namespace-based OpenID configuration
   -->
 
 <b:beans xmlns="http://www.springframework.org/schema/security"
-    xmlns:b="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
-
-    <http pattern="/openidlogin.jsp*" security="none" />
-    <http pattern="/images/*" security="none" />
-    <http pattern="/css/*" security="none" />
-    <http pattern="/js/*" security="none" />
-
-    <http>
-        <intercept-url pattern="/**" access="authenticated"/>
-        <logout/>
-        <openid-login login-page="/openidlogin.jsp" user-service-ref="registeringUserService"
-                authentication-failure-url="/openidlogin.jsp?login_error=true">
-            <attribute-exchange identifier-match="https://www.google.com/.*">
-                <openid-attribute name="email" type="http://axschema.org/contact/email" required="true" count="1"/>
-                <openid-attribute name="firstname" type="http://axschema.org/namePerson/first" required="true" />
-                <openid-attribute name="lastname" type="http://axschema.org/namePerson/last" required="true" />
-            </attribute-exchange>
-            <attribute-exchange identifier-match=".*yahoo.com.*">
-                <openid-attribute name="email" type="http://axschema.org/contact/email" required="true"/>
-                <openid-attribute name="fullname" type="http://axschema.org/namePerson" required="true" />
-            </attribute-exchange>
-            <attribute-exchange identifier-match=".*myopenid.com.*">
-                <openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>
-                <openid-attribute name="fullname" type="http://schema.openid.net/namePerson" required="true" />
-            </attribute-exchange>
-        </openid-login>
-        <remember-me token-repository-ref="tokenRepo"/>
-    </http>
-
-    <b:bean id="tokenRepo"
-            class="org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl" />
-
-    <authentication-manager alias="authenticationManager"/>
+	xmlns:b="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+
+	<http pattern="/openidlogin.jsp*" security="none" />
+	<http pattern="/images/*" security="none" />
+	<http pattern="/css/*" security="none" />
+	<http pattern="/js/*" security="none" />
+
+	<http>
+		<intercept-url pattern="/**" access="authenticated"/>
+		<logout/>
+		<openid-login login-page="/openidlogin.jsp" user-service-ref="registeringUserService"
+				authentication-failure-url="/openidlogin.jsp?login_error=true">
+			<attribute-exchange identifier-match="https://www.google.com/.*">
+				<openid-attribute name="email" type="http://axschema.org/contact/email" required="true" count="1"/>
+				<openid-attribute name="firstname" type="http://axschema.org/namePerson/first" required="true" />
+				<openid-attribute name="lastname" type="http://axschema.org/namePerson/last" required="true" />
+			</attribute-exchange>
+			<attribute-exchange identifier-match=".*yahoo.com.*">
+				<openid-attribute name="email" type="http://axschema.org/contact/email" required="true"/>
+				<openid-attribute name="fullname" type="http://axschema.org/namePerson" required="true" />
+			</attribute-exchange>
+			<attribute-exchange identifier-match=".*myopenid.com.*">
+				<openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>
+				<openid-attribute name="fullname" type="http://schema.openid.net/namePerson" required="true" />
+			</attribute-exchange>
+		</openid-login>
+		<remember-me token-repository-ref="tokenRepo"/>
+	</http>
+
+	<b:bean id="tokenRepo"
+			class="org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl" />
+
+	<authentication-manager alias="authenticationManager"/>
 
 <!--
-    A custom UserDetailsService which will allow any user to authenticate and "register" their IDs in an internal map
-    for use if they return to the site. This is the most common usage pattern for sites which use OpenID.
+	A custom UserDetailsService which will allow any user to authenticate and "register" their IDs in an internal map
+	for use if they return to the site. This is the most common usage pattern for sites which use OpenID.
  -->
-    <b:bean id="registeringUserService" class="org.springframework.security.samples.openid.CustomUserDetailsService" />
+	<b:bean id="registeringUserService" class="org.springframework.security.samples.openid.CustomUserDetailsService" />
 
 <!--
-    A namespace-based UserDetailsService which will reject users who are not already defined.
-    This can be used as an alternative.
+	A namespace-based UserDetailsService which will reject users who are not already defined.
+	This can be used as an alternative.
  -->
 <!--
-    <user-service id="userService">
-        <user name="http://luke.taylor.myopenid.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
-        <user name="http://luke.taylor.openid.cn/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
-        <user name="http://raykrueger.blogspot.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
-        <user name="http://spring.security.test.myopenid.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
-    </user-service>
+	<user-service id="userService">
+		<user name="http://luke.taylor.myopenid.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
+		<user name="http://luke.taylor.openid.cn/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
+		<user name="http://raykrueger.blogspot.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
+		<user name="http://spring.security.test.myopenid.com/" authorities="ROLE_SUPERVISOR,ROLE_USER" />
+	</user-service>
  -->
 </b:beans>

samples/openid-xml/src/main/webapp/WEB-INF/web.xml

@@ -1,44 +1,44 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
-
-    <display-name>Spring Security OpenID Demo Application</display-name>
-
-    <!--
-      - Location of the XML file that defines the root application context
-      - Applied by ContextLoaderListener.
-      -->
-    <context-param>
-        <param-name>contextConfigLocation</param-name>
-        <param-value>
-            /WEB-INF/applicationContext-security.xml
-        </param-value>
-    </context-param>
-
-    <context-param>
-        <param-name>webAppRootKey</param-name>
-        <param-value>openid.root</param-value>
-    </context-param>
-
-    <filter>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-    </filter>
-
-    <filter-mapping>
-      <filter-name>springSecurityFilterChain</filter-name>
-      <url-pattern>/*</url-pattern>
-    </filter-mapping>
-
-    <!--
-      - Loads the root application context of this web app at startup.
-      - The application context is then available via
-      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
-    -->
-    <listener>
-        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-    </listener>
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+
+	<display-name>Spring Security OpenID Demo Application</display-name>
+
+	<!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+			/WEB-INF/applicationContext-security.xml
+		</param-value>
+	</context-param>
+
+	<context-param>
+		<param-name>webAppRootKey</param-name>
+		<param-value>openid.root</param-value>
+	</context-param>
+
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
+
+	<filter-mapping>
+	  <filter-name>springSecurityFilterChain</filter-name>
+	  <url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<!--
+	  - Loads the root application context of this web app at startup.
+	  - The application context is then available via
+	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+	-->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
 
 </web-app>

samples/preauth-jc/pom.xml

@@ -9,200 +9,200 @@
   <description>spring-security-samples-preauth-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-samples-messages-jc</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib-nodep</artifactId>
-      <version>3.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>0.9.30</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>opensymphony</groupId>
-      <artifactId>sitemesh</artifactId>
-      <version>2.4.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jul-to-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>log4j-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-samples-messages-jc</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>cglib</groupId>
+	  <artifactId>cglib-nodep</artifactId>
+	  <version>3.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>0.9.30</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>opensymphony</groupId>
+	  <artifactId>sitemesh</artifactId>
+	  <version>2.4.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/preauth-jc/src/main/webapp/WEB-INF/web.xml

@@ -1,35 +1,35 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
 
-    <login-config>
-        <auth-method>FORM</auth-method>
-        <form-login-config>
-            <form-login-page>/login</form-login-page>
-            <form-error-page>/login?error</form-error-page>
-        </form-login-config>
-    </login-config>
+	<login-config>
+		<auth-method>FORM</auth-method>
+		<form-login-config>
+			<form-login-page>/login</form-login-page>
+			<form-error-page>/login?error</form-error-page>
+		</form-login-config>
+	</login-config>
 
-    <security-role>
-        <role-name>ROLE_USER</role-name>
-    </security-role>
-    <security-constraint>
-        <web-resource-collection>
-        <web-resource-name>Public</web-resource-name>
-            <description>Matches unconstrained pages</description>
-            <url-pattern>/login</url-pattern>
-            <url-pattern>/logout</url-pattern>
-            <url-pattern>/resources/*</url-pattern>
-        </web-resource-collection>
-    </security-constraint>
-    <security-constraint>
-        <web-resource-collection>
-            <web-resource-name>Secured Areas</web-resource-name>
-            <url-pattern>/*</url-pattern>
-        </web-resource-collection>
-        <auth-constraint>
-            <role-name>ROLE_USER</role-name>
-        </auth-constraint>
-    </security-constraint>
+	<security-role>
+		<role-name>ROLE_USER</role-name>
+	</security-role>
+	<security-constraint>
+		<web-resource-collection>
+		<web-resource-name>Public</web-resource-name>
+			<description>Matches unconstrained pages</description>
+			<url-pattern>/login</url-pattern>
+			<url-pattern>/logout</url-pattern>
+			<url-pattern>/resources/*</url-pattern>
+		</web-resource-collection>
+	</security-constraint>
+	<security-constraint>
+		<web-resource-collection>
+			<web-resource-name>Secured Areas</web-resource-name>
+			<url-pattern>/*</url-pattern>
+		</web-resource-collection>
+		<auth-constraint>
+			<role-name>ROLE_USER</role-name>
+		</auth-constraint>
+	</security-constraint>
 </web-app>

samples/preauth-xml/pom.xml

@@ -9,110 +9,110 @@
   <description>spring-security-samples-preauth-xml</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/preauth-xml/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -6,85 +6,85 @@
   -->
 
 <beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:sec="http://www.springframework.org/schema/security"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
-
-    <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
-        <sec:filter-chain-map request-matcher="ant">
-            <sec:filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fsi"/>
-        </sec:filter-chain-map>
-    </bean>
-
-    <bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
-
-    <sec:authentication-manager alias="authenticationManager">
-        <sec:authentication-provider ref='preAuthenticatedAuthenticationProvider'/>
-    </sec:authentication-manager>
-
-    <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
-        <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/>
-    </bean>
-
-    <bean id="preAuthenticatedUserDetailsService"
-            class="org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
-
-    <bean id="j2eePreAuthFilter" class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
-        <property name="authenticationManager" ref="authenticationManager"/>
-        <property name="authenticationDetailsSource">
-            <bean class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
-                <property name="mappableRolesRetriever">
-                    <bean class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever" />
-                </property>
-                <property name="userRoles2GrantedAuthoritiesMapper">
-                    <bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
-                        <property name="convertAttributeToUpperCase" value="true"/>
-                    </bean>
-                </property>
-            </bean>
-        </property>
-    </bean>
-
-    <bean id="preAuthenticatedProcessingFilterEntryPoint"
-            class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
-
-    <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
-        <constructor-arg value="/"/>
-        <constructor-arg>
-            <list>
-                <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
-            </list>
-        </constructor-arg>
-    </bean>
-
-    <bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter">
-        <constructor-arg ref="preAuthenticatedProcessingFilterEntryPoint"/>
-    </bean>
-
-    <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
-        <constructor-arg>
-            <list>
-                <ref bean="roleVoter"/>
-            </list>
-        </constructor-arg>
-        <property name="allowIfAllAbstainDecisions" value="false"/>
-    </bean>
-
-    <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
-        <property name="authenticationManager" ref="authenticationManager"/>
-        <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
-        <property name="securityMetadataSource">
-            <sec:filter-security-metadata-source>
-                <sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
-                <sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
-                <sec:intercept-url pattern="/**" access="ROLE_USER"/>
-            </sec:filter-security-metadata-source>
-        </property>
-    </bean>
-
-    <bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
-
-    <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"/>
+	xmlns:sec="http://www.springframework.org/schema/security"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+
+	<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
+		<sec:filter-chain-map request-matcher="ant">
+			<sec:filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fsi"/>
+		</sec:filter-chain-map>
+	</bean>
+
+	<bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
+
+	<sec:authentication-manager alias="authenticationManager">
+		<sec:authentication-provider ref='preAuthenticatedAuthenticationProvider'/>
+	</sec:authentication-manager>
+
+	<bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
+		<property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/>
+	</bean>
+
+	<bean id="preAuthenticatedUserDetailsService"
+			class="org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
+
+	<bean id="j2eePreAuthFilter" class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
+		<property name="authenticationManager" ref="authenticationManager"/>
+		<property name="authenticationDetailsSource">
+			<bean class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
+				<property name="mappableRolesRetriever">
+					<bean class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever" />
+				</property>
+				<property name="userRoles2GrantedAuthoritiesMapper">
+					<bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
+						<property name="convertAttributeToUpperCase" value="true"/>
+					</bean>
+				</property>
+			</bean>
+		</property>
+	</bean>
+
+	<bean id="preAuthenticatedProcessingFilterEntryPoint"
+			class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
+
+	<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
+		<constructor-arg value="/"/>
+		<constructor-arg>
+			<list>
+				<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
+			</list>
+		</constructor-arg>
+	</bean>
+
+	<bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter">
+		<constructor-arg ref="preAuthenticatedProcessingFilterEntryPoint"/>
+	</bean>
+
+	<bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+		<constructor-arg>
+			<list>
+				<ref bean="roleVoter"/>
+			</list>
+		</constructor-arg>
+		<property name="allowIfAllAbstainDecisions" value="false"/>
+	</bean>
+
+	<bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
+		<property name="authenticationManager" ref="authenticationManager"/>
+		<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
+		<property name="securityMetadataSource">
+			<sec:filter-security-metadata-source>
+				<sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
+				<sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
+				<sec:intercept-url pattern="/**" access="ROLE_USER"/>
+			</sec:filter-security-metadata-source>
+		</property>
+	</bean>
+
+	<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
+
+	<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"/>
 
 </beans>

samples/preauth-xml/src/main/webapp/WEB-INF/web.xml

@@ -1,60 +1,60 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
-
-    <display-name>Spring Security Preauthentication Demo Application</display-name>
-
-    <!--
-      - Location of the XML file that defines the root application context
-      - Applied by ContextLoaderListener.
-      -->
-    <context-param>
-        <param-name>contextConfigLocation</param-name>
-        <param-value>
-            /WEB-INF/applicationContext-security.xml
-        </param-value>
-    </context-param>
-
-    <filter>
-        <filter-name>filterChainProxy</filter-name>
-        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-    </filter>
-
-    <filter-mapping>
-      <filter-name>filterChainProxy</filter-name>
-      <url-pattern>/*</url-pattern>
-    </filter-mapping>
-
-    <!--
-      - Loads the root application context of this web app at startup.
-      - The application context is then available via
-      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
-    -->
-    <listener>
-        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-    </listener>
-
-    <login-config>
-        <auth-method>BASIC</auth-method>
-        <realm-name>Preauth Realm</realm-name>
-    </login-config>
-
-    <security-role>
-        <role-name>ROLE_USER</role-name>
-    </security-role>
-    <security-role>
-        <role-name>ROLE_SUPERVISOR</role-name>
-    </security-role>
-    <security-constraint>
-        <web-resource-collection>
-            <web-resource-name>All areas</web-resource-name>
-            <url-pattern>/*</url-pattern>
-        </web-resource-collection>
-        <auth-constraint>
-            <role-name>ROLE_USER</role-name>
-        </auth-constraint>
-    </security-constraint>
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+
+	<display-name>Spring Security Preauthentication Demo Application</display-name>
+
+	<!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+			/WEB-INF/applicationContext-security.xml
+		</param-value>
+	</context-param>
+
+	<filter>
+		<filter-name>filterChainProxy</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
+
+	<filter-mapping>
+	  <filter-name>filterChainProxy</filter-name>
+	  <url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<!--
+	  - Loads the root application context of this web app at startup.
+	  - The application context is then available via
+	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+	-->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+
+	<login-config>
+		<auth-method>BASIC</auth-method>
+		<realm-name>Preauth Realm</realm-name>
+	</login-config>
+
+	<security-role>
+		<role-name>ROLE_USER</role-name>
+	</security-role>
+	<security-role>
+		<role-name>ROLE_SUPERVISOR</role-name>
+	</security-role>
+	<security-constraint>
+		<web-resource-collection>
+			<web-resource-name>All areas</web-resource-name>
+			<url-pattern>/*</url-pattern>
+		</web-resource-collection>
+		<auth-constraint>
+			<role-name>ROLE_USER</role-name>
+		</auth-constraint>
+	</security-constraint>
 
 </web-app>

samples/rememberme-jc/pom.xml

@@ -9,200 +9,200 @@
   <description>spring-security-samples-rememberme-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-samples-messages-jc</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib-nodep</artifactId>
-      <version>3.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>0.9.30</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>opensymphony</groupId>
-      <artifactId>sitemesh</artifactId>
-      <version>2.4.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jul-to-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>log4j-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-samples-messages-jc</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>cglib</groupId>
+	  <artifactId>cglib-nodep</artifactId>
+	  <version>3.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>0.9.30</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>opensymphony</groupId>
+	  <artifactId>sitemesh</artifactId>
+	  <version>2.4.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/servletapi-xml/pom.xml

@@ -9,170 +9,170 @@
   <description>spring-security-samples-servletapi-xml</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-web</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.taglibs</groupId>
-      <artifactId>taglibs-standard-jstlel</artifactId>
-      <version>1.2.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-taglibs</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context-support</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-web</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.taglibs</groupId>
+	  <artifactId>taglibs-standard-jstlel</artifactId>
+	  <version>1.2.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-taglibs</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-context-support</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/spring-security-samples-servletapi-xml</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/spring-security-samples-servletapi-xml</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/servletapi-xml/src/main/resources/applicationContext-security.xml

@@ -5,19 +5,19 @@
   xmlns:p="http://www.springframework.org/schema/p"
   xmlns:util="http://www.springframework.org/schema/util"
   xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
-    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
+	http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+	http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
 
   <http auto-config="true">
-    <intercept-url pattern="/**" access="permitAll"/>
+	<intercept-url pattern="/**" access="permitAll"/>
   </http>
 
   <authentication-manager>
-    <authentication-provider>
-      <user-service>
-        <user name="user" password="password" authorities="ROLE_USER" />
-        <user name="admin" password="password" authorities="ROLE_USER,ROLE_ADMIN"/>
-      </user-service>
-    </authentication-provider>
+	<authentication-provider>
+	  <user-service>
+		<user name="user" password="password" authorities="ROLE_USER" />
+		<user name="admin" password="password" authorities="ROLE_USER,ROLE_ADMIN"/>
+	  </user-service>
+	</authentication-provider>
   </authentication-manager>
 </b:beans>

samples/servletapi-xml/src/main/webapp/WEB-INF/web.xml

@@ -1,57 +1,57 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app xmlns="http://java.sun.com/xml/ns/javaee"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-      version="3.0">
+	  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	  version="3.0">
 
-    <!--
-      - Location of the XML file that defines the root application context
-      - Applied by ContextLoaderListener.
-      -->
-    <context-param>
-        <param-name>contextConfigLocation</param-name>
-        <param-value>
-           classpath:applicationContext-security.xml
-        </param-value>
-    </context-param>
+	<!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+		   classpath:applicationContext-security.xml
+		</param-value>
+	</context-param>
 
    <!-- Nothing below here needs to be modified -->
 
-    <context-param>
-        <param-name>webAppRootKey</param-name>
-        <param-value>servletapi.root</param-value>
-    </context-param>
+	<context-param>
+		<param-name>webAppRootKey</param-name>
+		<param-value>servletapi.root</param-value>
+	</context-param>
 
-    <filter>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-        <async-supported>true</async-supported>
-    </filter>
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+		<async-supported>true</async-supported>
+	</filter>
 
-    <filter-mapping>
-      <filter-name>springSecurityFilterChain</filter-name>
-      <url-pattern>/*</url-pattern>
-      <dispatcher>REQUEST</dispatcher>
-      <dispatcher>ASYNC</dispatcher>
-    </filter-mapping>
+	<filter-mapping>
+	  <filter-name>springSecurityFilterChain</filter-name>
+	  <url-pattern>/*</url-pattern>
+	  <dispatcher>REQUEST</dispatcher>
+	  <dispatcher>ASYNC</dispatcher>
+	</filter-mapping>
 
-    <!--
-      - Loads the root application context of this web app at startup.
-      - The application context is then available via
-      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
-    -->
-    <listener>
-        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-    </listener>
+	<!--
+	  - Loads the root application context of this web app at startup.
+	  - The application context is then available via
+	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+	-->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
 
-    <servlet>
-      <servlet-name>spring</servlet-name>
-      <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
-      <load-on-startup>1</load-on-startup>
-      <async-supported>true</async-supported>
-    </servlet>
-    <servlet-mapping>
-      <servlet-name>spring</servlet-name>
-      <url-pattern>/</url-pattern>
-    </servlet-mapping>
+	<servlet>
+	  <servlet-name>spring</servlet-name>
+	  <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+	  <load-on-startup>1</load-on-startup>
+	  <async-supported>true</async-supported>
+	</servlet>
+	<servlet-mapping>
+	  <servlet-name>spring</servlet-name>
+	  <url-pattern>/</url-pattern>
+	</servlet-mapping>
 </web-app>

samples/tutorial-xml/pom.xml

@@ -9,170 +9,170 @@
   <description>spring-security-samples-tutorial-xml</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-beans</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-web</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-core</artifactId>
-      <version>1.1.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.taglibs</groupId>
-      <artifactId>taglibs-standard-jstlel</artifactId>
-      <version>1.2.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-taglibs</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-beans</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-web</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-core</artifactId>
+	  <version>1.1.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.apache.taglibs</groupId>
+	  <artifactId>taglibs-standard-jstlel</artifactId>
+	  <version>1.2.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-taglibs</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/tutorial-xml/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -6,59 +6,59 @@
   -->
 
 <beans:beans xmlns="http://www.springframework.org/schema/security"
-    xmlns:beans="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+	xmlns:beans="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 
-    <debug />
+	<debug />
 
-    <global-method-security pre-post-annotations="enabled" />
+	<global-method-security pre-post-annotations="enabled" />
 
-    <http pattern="/static/**" security="none"/>
-    <http pattern="/loggedout.jsp" security="none"/>
+	<http pattern="/static/**" security="none"/>
+	<http pattern="/loggedout.jsp" security="none"/>
 
-    <http>
-        <intercept-url pattern="/secure/extreme/**" access="hasRole('supervisor')"/>
-        <intercept-url pattern="/secure/**" access="isAuthenticated()" />
-        <!--
-             Allow all other requests. In a real application you should
-             adopt a whitelisting approach where access is not allowed by default
-          -->
-        <intercept-url pattern="/**" access="permitAll" />
-        <form-login />
-        <logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID"/>
-        <remember-me />
+	<http>
+		<intercept-url pattern="/secure/extreme/**" access="hasRole('supervisor')"/>
+		<intercept-url pattern="/secure/**" access="isAuthenticated()" />
+		<!--
+			 Allow all other requests. In a real application you should
+			 adopt a whitelisting approach where access is not allowed by default
+		  -->
+		<intercept-url pattern="/**" access="permitAll" />
+		<form-login />
+		<logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID"/>
+		<remember-me />
 <!--
-    Uncomment to enable X509 client authentication support
-        <x509 />
+	Uncomment to enable X509 client authentication support
+		<x509 />
 -->
-        <!-- Uncomment to limit the number of sessions a user can have -->
-        <session-management invalid-session-url="/timeout.jsp">
-            <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
-        </session-management>
+		<!-- Uncomment to limit the number of sessions a user can have -->
+		<session-management invalid-session-url="/timeout.jsp">
+			<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
+		</session-management>
 
-    </http>
+	</http>
 
-    <!--
-    Usernames/Passwords are
-        rod/koala
-        dianne/emu
-        scott/wombat
-        peter/opal
-    -->
-    <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
+	<!--
+	Usernames/Passwords are
+		rod/koala
+		dianne/emu
+		scott/wombat
+		peter/opal
+	-->
+	<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
 
-    <authentication-manager>
-        <authentication-provider>
-            <password-encoder ref="encoder"/>
-            <user-service>
-                <user name="rod" password="$2a$10$75pBjapg4Nl8Pzd.3JRnUe7PDJmk9qBGwNEJDAlA3V.dEJxcDKn5O" authorities="supervisor, user, teller" />
-                <user name="dianne" password="$2a$04$bCMEyxrdF/7sgfUiUJ6Ose2vh9DAMaVBldS1Bw2fhi1jgutZrr9zm" authorities="user,teller" />
-                <user name="scott" password="$2a$06$eChwvzAu3TSexnC3ynw4LOSw1qiEbtNItNeYv5uI40w1i3paoSfLu" authorities="user" />
-                <user name="peter" password="$2a$04$8.H8bCMROLF4CIgd7IpeQ.tcBXLP5w8iplO0n.kCIkISwrIgX28Ii" authorities="user" />
-            </user-service>
-        </authentication-provider>
-    </authentication-manager>
+	<authentication-manager>
+		<authentication-provider>
+			<password-encoder ref="encoder"/>
+			<user-service>
+				<user name="rod" password="$2a$10$75pBjapg4Nl8Pzd.3JRnUe7PDJmk9qBGwNEJDAlA3V.dEJxcDKn5O" authorities="supervisor, user, teller" />
+				<user name="dianne" password="$2a$04$bCMEyxrdF/7sgfUiUJ6Ose2vh9DAMaVBldS1Bw2fhi1jgutZrr9zm" authorities="user,teller" />
+				<user name="scott" password="$2a$06$eChwvzAu3TSexnC3ynw4LOSw1qiEbtNItNeYv5uI40w1i3paoSfLu" authorities="user" />
+				<user name="peter" password="$2a$04$8.H8bCMROLF4CIgd7IpeQ.tcBXLP5w8iplO0n.kCIkISwrIgX28Ii" authorities="user" />
+			</user-service>
+		</authentication-provider>
+	</authentication-manager>
 
 </beans:beans>

samples/tutorial-xml/src/main/webapp/WEB-INF/web.xml

@@ -5,69 +5,69 @@
   -->
 
 <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
 
-    <display-name>Spring Security Tutorial Application</display-name>
+	<display-name>Spring Security Tutorial Application</display-name>
 
-    <!--
-      - Location of the XML file that defines the root application context
-      - Applied by ContextLoaderListener.
-      -->
-    <context-param>
-        <param-name>contextConfigLocation</param-name>
-        <param-value>
-            classpath:applicationContext-business.xml
-            /WEB-INF/applicationContext-security.xml
-        </param-value>
-    </context-param>
+	<!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+			classpath:applicationContext-business.xml
+			/WEB-INF/applicationContext-security.xml
+		</param-value>
+	</context-param>
 
-    <context-param>
-        <param-name>webAppRootKey</param-name>
-        <param-value>tutorial.root</param-value>
-    </context-param>
+	<context-param>
+		<param-name>webAppRootKey</param-name>
+		<param-value>tutorial.root</param-value>
+	</context-param>
 
-    <filter>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-    </filter>
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
 
-    <filter-mapping>
-      <filter-name>springSecurityFilterChain</filter-name>
-      <url-pattern>/*</url-pattern>
-    </filter-mapping>
+	<filter-mapping>
+	  <filter-name>springSecurityFilterChain</filter-name>
+	  <url-pattern>/*</url-pattern>
+	</filter-mapping>
 
-    <!--
-      - Loads the root application context of this web app at startup.
-    -->
-    <listener>
-        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-    </listener>
+	<!--
+	  - Loads the root application context of this web app at startup.
+	-->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
 
-    <!--
-      - Publishes events for session creation and destruction through the application
-      - context. Optional unless concurrent session control is being used.
-      -->
-    <listener>
-      <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
-    </listener>
+	<!--
+	  - Publishes events for session creation and destruction through the application
+	  - context. Optional unless concurrent session control is being used.
+	  -->
+	<listener>
+	  <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
+	</listener>
 
   <!--
-    - Provides core MVC application controller. See bank-servlet.xml.
-    -->
-    <servlet>
-        <servlet-name>bank</servlet-name>
-        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
-        <load-on-startup>1</load-on-startup>
-    </servlet>
+	- Provides core MVC application controller. See bank-servlet.xml.
+	-->
+	<servlet>
+		<servlet-name>bank</servlet-name>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<load-on-startup>1</load-on-startup>
+	</servlet>
 
-    <servlet-mapping>
-        <servlet-name>bank</servlet-name>
-        <url-pattern>*.html</url-pattern>
-     </servlet-mapping>
+	<servlet-mapping>
+		<servlet-name>bank</servlet-name>
+		<url-pattern>*.html</url-pattern>
+	 </servlet-mapping>
 
-     <welcome-file-list>
-        <welcome-file>index.jsp</welcome-file>
-    </welcome-file-list>
+	 <welcome-file-list>
+		<welcome-file>index.jsp</welcome-file>
+	</welcome-file-list>
 
 </web-app>

samples/x509-jc/pom.xml

@@ -9,200 +9,200 @@
   <description>spring-security-samples-x509-jc</description>
   <url>http://spring.io/spring-security</url>
   <organization>
-    <name>spring.io</name>
-    <url>http://spring.io/</url>
+	<name>spring.io</name>
+	<url>http://spring.io/</url>
   </organization>
   <licenses>
-    <license>
-      <name>The Apache Software License, Version 2.0</name>
-      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-      <distribution>repo</distribution>
-    </license>
+	<license>
+	  <name>The Apache Software License, Version 2.0</name>
+	  <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+	  <distribution>repo</distribution>
+	</license>
   </licenses>
   <developers>
-    <developer>
-      <id>rwinch</id>
-      <name>Rob Winch</name>
-      <email>rwinch@gopivotal.com</email>
-    </developer>
+	<developer>
+	  <id>rwinch</id>
+	  <name>Rob Winch</name>
+	  <email>rwinch@gopivotal.com</email>
+	</developer>
   </developers>
   <scm>
-    <connection>scm:git:git://github.com/spring-projects/spring-security</connection>
-    <developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
-    <url>https://github.com/spring-projects/spring-security</url>
+	<connection>scm:git:git://github.com/spring-projects/spring-security</connection>
+	<developerConnection>scm:git:git://github.com/spring-projects/spring-security</developerConnection>
+	<url>https://github.com/spring-projects/spring-security</url>
   </scm>
   <repositories>
-    <repository>
-      <id>spring-snasphot</id>
-      <url>https://repo.spring.io/snapshot</url>
-    </repository>
+	<repository>
+	  <id>spring-snasphot</id>
+	  <url>https://repo.spring.io/snapshot</url>
+	</repository>
   </repositories>
   <dependencies>
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>javax.servlet.jsp.jstl-api</artifactId>
-      <version>1.2.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.validation</groupId>
-      <artifactId>validation-api</artifactId>
-      <version>1.0.0.GA</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.2.0.Final</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-      <version>1.7.7</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-config</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-core</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-samples-messages-jc</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-web</artifactId>
-      <version>4.0.0.CI-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-jdbc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-webmvc</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.2</version>
-      <scope>compile</scope>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet.jsp</groupId>
-      <artifactId>jsp-api</artifactId>
-      <version>2.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>3.0.1</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib-nodep</artifactId>
-      <version>3.1</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>0.9.30</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>opensymphony</groupId>
-      <artifactId>sitemesh</artifactId>
-      <version>2.4.2</version>
-      <scope>runtime</scope>
-    </dependency>
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.1.2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.easytesting</groupId>
-      <artifactId>fest-assert</artifactId>
-      <version>1.4</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>4.1.5.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp.jstl</groupId>
+	  <artifactId>javax.servlet.jsp.jstl-api</artifactId>
+	  <version>1.2.1</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.validation</groupId>
+	  <artifactId>validation-api</artifactId>
+	  <version>1.0.0.GA</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.hibernate</groupId>
+	  <artifactId>hibernate-validator</artifactId>
+	  <version>4.2.0.Final</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jcl-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>jul-to-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>log4j-over-slf4j</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.slf4j</groupId>
+	  <artifactId>slf4j-api</artifactId>
+	  <version>1.7.7</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-config</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-core</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-samples-messages-jc</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework.security</groupId>
+	  <artifactId>spring-security-web</artifactId>
+	  <version>4.0.0.CI-SNAPSHOT</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-jdbc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-webmvc</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>compile</scope>
+	</dependency>
+	<dependency>
+	  <groupId>commons-logging</groupId>
+	  <artifactId>commons-logging</artifactId>
+	  <version>1.2</version>
+	  <scope>compile</scope>
+	  <optional>true</optional>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet.jsp</groupId>
+	  <artifactId>jsp-api</artifactId>
+	  <version>2.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>javax.servlet</groupId>
+	  <artifactId>javax.servlet-api</artifactId>
+	  <version>3.0.1</version>
+	  <scope>provided</scope>
+	</dependency>
+	<dependency>
+	  <groupId>cglib</groupId>
+	  <artifactId>cglib-nodep</artifactId>
+	  <version>3.1</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>0.9.30</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>opensymphony</groupId>
+	  <artifactId>sitemesh</artifactId>
+	  <version>2.4.2</version>
+	  <scope>runtime</scope>
+	</dependency>
+	<dependency>
+	  <groupId>ch.qos.logback</groupId>
+	  <artifactId>logback-classic</artifactId>
+	  <version>1.1.2</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>junit</groupId>
+	  <artifactId>junit</artifactId>
+	  <version>4.11</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.easytesting</groupId>
+	  <artifactId>fest-assert</artifactId>
+	  <version>1.4</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.mockito</groupId>
+	  <artifactId>mockito-core</artifactId>
+	  <version>1.9.5</version>
+	  <scope>test</scope>
+	</dependency>
+	<dependency>
+	  <groupId>org.springframework</groupId>
+	  <artifactId>spring-test</artifactId>
+	  <version>4.1.5.RELEASE</version>
+	  <scope>test</scope>
+	</dependency>
   </dependencies>
   <properties>
-    <m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
+	<m2eclipse.wtp.contextRoot>/sample</m2eclipse.wtp.contextRoot>
   </properties>
   <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.7</source>
-          <target>1.7</target>
-        </configuration>
-      </plugin>
-      <plugin>
-        <artifactId>maven-war-plugin</artifactId>
-        <version>2.3</version>
-        <configuration>
-          <failOnMissingWebXml>false</failOnMissingWebXml>
-        </configuration>
-      </plugin>
-    </plugins>
+	<plugins>
+	  <plugin>
+		<artifactId>maven-compiler-plugin</artifactId>
+		<configuration>
+		  <source>1.7</source>
+		  <target>1.7</target>
+		</configuration>
+	  </plugin>
+	  <plugin>
+		<artifactId>maven-war-plugin</artifactId>
+		<version>2.3</version>
+		<configuration>
+		  <failOnMissingWebXml>false</failOnMissingWebXml>
+		</configuration>
+	  </plugin>
+	</plugins>
   </build>
 </project>

samples/x509-jc/src/etc/server.xml

@@ -5,9 +5,9 @@
   this work for additional information regarding copyright ownership.
   The ASF licenses this file to You under the Apache License, Version 2.0
   (the "License"); you may not use this file except in compliance with
-  the License.  You may obtain a copy of the License at
+  the License.	You may obtain a copy of the License at
 
-      http://www.apache.org/licenses/LICENSE-2.0
+	  http://www.apache.org/licenses/LICENSE-2.0
 
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
@@ -15,32 +15,32 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 --><Server port="8006" shutdown="SHUTDOWN">
-    <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
-    <Listener className="org.apache.catalina.core.JasperListener"/>
-    <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
-    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
-    <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
+	<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
+	<Listener className="org.apache.catalina.core.JasperListener"/>
+	<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
+	<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
+	<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
 
-    <GlobalNamingResources>
-       <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
-    </GlobalNamingResources>
+	<GlobalNamingResources>
+	   <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
+	</GlobalNamingResources>
 
-    <Service name="Catalina">
-        <Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
+	<Service name="Catalina">
+		<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
 
-        <Connector SSLEnabled="true" clientAuth="true" keystoreFile="${basedir}/samples/x509-jc/src/etc/server.jks" keystorePass="password" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS" trustStorePass="password" truststoreFile="${basedir}/samples/x509-jc/src/etc/server.jks"/>
+		<Connector SSLEnabled="true" clientAuth="true" keystoreFile="${basedir}/samples/x509-jc/src/etc/server.jks" keystorePass="password" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS" trustStorePass="password" truststoreFile="${basedir}/samples/x509-jc/src/etc/server.jks"/>
 
-        <Connector port="8010" protocol="AJP/1.3" redirectPort="8443"/>
+		<Connector port="8010" protocol="AJP/1.3" redirectPort="8443"/>
 
 
-        <Engine defaultHost="localhost" name="Catalina">
-            <Realm className="org.apache.catalina.realm.LockOutRealm">
-                <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
-            </Realm>
+		<Engine defaultHost="localhost" name="Catalina">
+			<Realm className="org.apache.catalina.realm.LockOutRealm">
+				<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
+			</Realm>
 
-            <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
-                <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log." suffix=".txt"/>
-            <Context docBase="spring-security-samples-x509-jc-3.2.x" path="/sample" reloadable="true" source="org.eclipse.jst.j2ee.server:spring-security-samples-x509-jc-3.2.x"/></Host>
-        </Engine>
-    </Service>
+			<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
+				<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log." suffix=".txt"/>
+			<Context docBase="spring-security-samples-x509-jc-3.2.x" path="/sample" reloadable="true" source="org.eclipse.jst.j2ee.server:spring-security-samples-x509-jc-3.2.x"/></Host>
+		</Engine>
+	</Service>
 </Server>

samples/x509-jc/src/main/webapp/WEB-INF/decorators.xml

@@ -1,5 +1,5 @@
 <decorators defaultdir="/WEB-INF/decorators">
-    <decorator name="main" page="main.jsp">
-          <pattern>/*</pattern>
-    </decorator>
+	<decorator name="main" page="main.jsp">
+		  <pattern>/*</pattern>
+	</decorator>
 </decorators>

sandbox/heavyduty/jetty-jmx.xml

@@ -3,52 +3,52 @@
 
 
 <!-- =============================================================== -->
-<!-- Configure the JVM JMX Server                                    -->
-<!-- this configuration file should be used in combination with      -->
-<!-- other configuration files.  e.g.                                -->
-<!--    java -jar start.jar etc/jetty-jmx.xml etc/jetty.xml          -->
-<!-- See jetty-jmx-mx4j.xml for a non JVM server solution            -->
+<!-- Configure the JVM JMX Server									 -->
+<!-- this configuration file should be used in combination with		 -->
+<!-- other configuration files.	 e.g.								 -->
+<!--	java -jar start.jar etc/jetty-jmx.xml etc/jetty.xml			 -->
+<!-- See jetty-jmx-mx4j.xml for a non JVM server solution			 -->
 <!-- =============================================================== -->
 <Configure id="Server" class="org.mortbay.jetty.Server">
 
-    <!-- =========================================================== -->
-    <!-- Initialize platform mbean server                            -->
-    <!-- =========================================================== -->
-    <!-- Create an MBeanServer or use the jdk 1.5 platformMBeanServer -->
-    <Call id="MBeanServer" class="java.lang.management.ManagementFactory" name="getPlatformMBeanServer"/>
-
-    <!-- =========================================================== -->
-    <!-- Initialize mx4j mbean server                                -->
-    <!-- =========================================================== -->
-    <!-- replace platform config with
-    <Call id="MBeanServer" class="javax.management.MBeanServerFactory" name="createMBeanServer"/>
-    -->
-
-    <!-- initialize the Jetty MBean container -->
-    <Get id="Container" name="container">
-      <Call name="addEventListener">
-        <Arg>
-          <New class="org.mortbay.management.MBeanContainer">
-            <Arg><Ref id="MBeanServer"/></Arg>
-            <!-- Set name="managementPort">8082</Set -->
-            <Call name="start" />
-          </New>
-        </Arg>
-      </Call>
-    </Get>
-
-    <!-- optionally add a remote JMX connector
-    <Call id="jmxConnector" class="javax.management.remote.JMXConnectorServerFactory" name="newJMXConnectorServer">
-      <Arg>
-        <New  class="javax.management.remote.JMXServiceURL">
-          <Arg>service:jmx:rmi:///jndi/rmi:///jettymbeanserver</Arg>
-        </New>
-      </Arg>
-      <Arg/>
-      <Arg><Ref id="MBeanServer"/></Arg>
-      <Call name="start"/>
-    </Call>
-    -->
+	<!-- =========================================================== -->
+	<!-- Initialize platform mbean server							 -->
+	<!-- =========================================================== -->
+	<!-- Create an MBeanServer or use the jdk 1.5 platformMBeanServer -->
+	<Call id="MBeanServer" class="java.lang.management.ManagementFactory" name="getPlatformMBeanServer"/>
+
+	<!-- =========================================================== -->
+	<!-- Initialize mx4j mbean server								 -->
+	<!-- =========================================================== -->
+	<!-- replace platform config with
+	<Call id="MBeanServer" class="javax.management.MBeanServerFactory" name="createMBeanServer"/>
+	-->
+
+	<!-- initialize the Jetty MBean container -->
+	<Get id="Container" name="container">
+	  <Call name="addEventListener">
+		<Arg>
+		  <New class="org.mortbay.management.MBeanContainer">
+			<Arg><Ref id="MBeanServer"/></Arg>
+			<!-- Set name="managementPort">8082</Set -->
+			<Call name="start" />
+		  </New>
+		</Arg>
+	  </Call>
+	</Get>
+
+	<!-- optionally add a remote JMX connector
+	<Call id="jmxConnector" class="javax.management.remote.JMXConnectorServerFactory" name="newJMXConnectorServer">
+	  <Arg>
+		<New  class="javax.management.remote.JMXServiceURL">
+		  <Arg>service:jmx:rmi:///jndi/rmi:///jettymbeanserver</Arg>
+		</New>
+	  </Arg>
+	  <Arg/>
+	  <Arg><Ref id="MBeanServer"/></Arg>
+	  <Call name="start"/>
+	</Call>
+	-->
 
 </Configure>
 

sandbox/heavyduty/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml

@@ -17,144 +17,144 @@
 
 <beans>
 
-    <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
-        <property name="filterInvocationDefinitionSource">
-            <value><![CDATA[
-                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-                PATTERN_TYPE_APACHE_ANT
-                /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
-            ]]></value>
-        </property>
-    </bean>
-
-    <bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
-
-    <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
-        <constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
-        <constructor-arg>
-            <list>
-                <ref bean="rememberMeServices"/>
-                <bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
-            </list>
-        </constructor-arg>
-    </bean>
-
-    <bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
-        <property name="authenticationManager" ref="authenticationManager"/>
-        <property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
-        <property name="defaultTargetUrl" value="/"/>
-        <property name="filterProcessesUrl" value="/login"/>
-        <property name="rememberMeServices" ref="rememberMeServices"/>
-    </bean>
-
-    <bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
-        <property name="authenticationManager"><ref local="authenticationManager"/></property>
-        <property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
-    </bean>
-
-    <bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
-        <property name="realmName"><value>My Realm</value></property>
-    </bean>
-
-    <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
-
-    <bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
-        <property name="authenticationManager" ref="authenticationManager"/>
-        <property name="rememberMeServices" ref="rememberMeServices"/>
-    </bean>
-
-    <bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
-        <property name="key" value="changeThis"/>
-        <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
-    </bean>
-
-    <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
-        <property name="authenticationEntryPoint">
-            <bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
-                <property name="loginFormUrl" value="/acegilogin.jsp"/>
-                <property name="forceHttps" value="false"/>
-            </bean>
-        </property>
-        <property name="accessDeniedHandler">
-            <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
-                <property name="errorPage" value="/accessDenied.jsp"/>
-            </bean>
-        </property>
-    </bean>
-
-    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
-        <property name="allowIfAllAbstainDecisions" value="false"/>
-        <property name="decisionVoters">
-            <list>
-                <bean class="org.springframework.security.access.vote.RoleVoter"/>
-                <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
-            </list>
-        </property>
-    </bean>
-
-    <bean id="filterInvocationInterceptor" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
-        <property name="authenticationManager" ref="authenticationManager"/>
-        <property name="accessDecisionManager" ref="accessDecisionManager"/>
-        <property name="objectDefinitionSource">
-            <value><![CDATA[
-                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-                PATTERN_TYPE_APACHE_ANT
-                /secure/extreme/**=ROLE_SUPERVISOR
-                /secure/**=IS_AUTHENTICATED_REMEMBERED
-                /**=IS_AUTHENTICATED_ANONYMOUSLY
-            ]]></value>
-        </property>
-    </bean>
-
-    <bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
-        <property name="userDetailsService" ref="userDetailsService"/>
-        <property name="key" value="changeThis"/>
-    </bean>
-
-    <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
-        <property name="providers">
-            <list>
-                <ref local="daoAuthenticationProvider"/>
-                <bean class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
-                    <property name="key" value="changeThis"/>
-                </bean>
-                <bean class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationProvider">
-                    <property name="key" value="changeThis"/>
-                </bean>
-            </list>
-        </property>
-    </bean>
-
-    <bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
-        <property name="userDetailsService" ref="userDetailsService"/>
-    </bean>
-
-    <!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
-    <bean id="userDetailsService" class="org.springframework.security.core.userdetails.memory.InMemoryDaoImpl">
-        <property name="userProperties">
-            <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
-                <property name="location" value="/WEB-INF/users.properties"/>
-            </bean>
-        </property>
-    </bean>
-
-    <!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
-    <bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
-
-    <bean id="daacc" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>
-
-    <bean id="attributes" class="org.springframework.security.access.annotation.SecurityAnnotationAttributes"/>
-
-    <bean id="securityMetadataSource" class="org.springframework.security.access.intercept.method.MethodDefinitionAttributes">
-        <property name="attributes"><ref local="attributes"/></property>
-    </bean>
-
-    <bean id="securityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
-        <property name="authenticationManager"><ref local="authenticationManager"/></property>
-        <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
-        <property name="securityMetadataSource">
-            <ref local="securityMetadataSource"/>
-        </property>
-    </bean>
+	<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
+		<property name="filterInvocationDefinitionSource">
+			<value><![CDATA[
+				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+				PATTERN_TYPE_APACHE_ANT
+				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
+			]]></value>
+		</property>
+	</bean>
+
+	<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
+
+	<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
+		<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
+		<constructor-arg>
+			<list>
+				<ref bean="rememberMeServices"/>
+				<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
+			</list>
+		</constructor-arg>
+	</bean>
+
+	<bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
+		<property name="authenticationManager" ref="authenticationManager"/>
+		<property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
+		<property name="defaultTargetUrl" value="/"/>
+		<property name="filterProcessesUrl" value="/login"/>
+		<property name="rememberMeServices" ref="rememberMeServices"/>
+	</bean>
+
+	<bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
+		<property name="authenticationManager"><ref local="authenticationManager"/></property>
+		<property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
+	</bean>
+
+	<bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
+		<property name="realmName"><value>My Realm</value></property>
+	</bean>
+
+	<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
+
+	<bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
+		<property name="authenticationManager" ref="authenticationManager"/>
+		<property name="rememberMeServices" ref="rememberMeServices"/>
+	</bean>
+
+	<bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
+		<property name="key" value="changeThis"/>
+		<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
+	</bean>
+
+	<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
+		<property name="authenticationEntryPoint">
+			<bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+				<property name="loginFormUrl" value="/acegilogin.jsp"/>
+				<property name="forceHttps" value="false"/>
+			</bean>
+		</property>
+		<property name="accessDeniedHandler">
+			<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
+				<property name="errorPage" value="/accessDenied.jsp"/>
+			</bean>
+		</property>
+	</bean>
+
+	<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+		<property name="allowIfAllAbstainDecisions" value="false"/>
+		<property name="decisionVoters">
+			<list>
+				<bean class="org.springframework.security.access.vote.RoleVoter"/>
+				<bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
+			</list>
+		</property>
+	</bean>
+
+	<bean id="filterInvocationInterceptor" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
+		<property name="authenticationManager" ref="authenticationManager"/>
+		<property name="accessDecisionManager" ref="accessDecisionManager"/>
+		<property name="objectDefinitionSource">
+			<value><![CDATA[
+				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+				PATTERN_TYPE_APACHE_ANT
+				/secure/extreme/**=ROLE_SUPERVISOR
+				/secure/**=IS_AUTHENTICATED_REMEMBERED
+				/**=IS_AUTHENTICATED_ANONYMOUSLY
+			]]></value>
+		</property>
+	</bean>
+
+	<bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
+		<property name="userDetailsService" ref="userDetailsService"/>
+		<property name="key" value="changeThis"/>
+	</bean>
+
+	<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
+		<property name="providers">
+			<list>
+				<ref local="daoAuthenticationProvider"/>
+				<bean class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
+					<property name="key" value="changeThis"/>
+				</bean>
+				<bean class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationProvider">
+					<property name="key" value="changeThis"/>
+				</bean>
+			</list>
+		</property>
+	</bean>
+
+	<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
+		<property name="userDetailsService" ref="userDetailsService"/>
+	</bean>
+
+	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
+	<bean id="userDetailsService" class="org.springframework.security.core.userdetails.memory.InMemoryDaoImpl">
+		<property name="userProperties">
+			<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+				<property name="location" value="/WEB-INF/users.properties"/>
+			</bean>
+		</property>
+	</bean>
+
+	<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
+	<bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
+
+	<bean id="daacc" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>
+
+	<bean id="attributes" class="org.springframework.security.access.annotation.SecurityAnnotationAttributes"/>
+
+	<bean id="securityMetadataSource" class="org.springframework.security.access.intercept.method.MethodDefinitionAttributes">
+		<property name="attributes"><ref local="attributes"/></property>
+	</bean>
+
+	<bean id="securityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
+		<property name="authenticationManager"><ref local="authenticationManager"/></property>
+		<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
+		<property name="securityMetadataSource">
+			<ref local="securityMetadataSource"/>
+		</property>
+	</bean>
 
 </beans>

sandbox/heavyduty/src/main/webapp/WEB-INF/classes/META-INF/persistence.xml

@@ -5,20 +5,20 @@ http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
   version="1.0">
 
   <persistence-unit name="SAMPLE" transaction-type="RESOURCE_LOCAL">
-    <provider>org.hibernate.ejb.HibernatePersistence</provider>
-    <class>sample.domain.User</class>
-    <properties>
-      <property name="hibernate.archive.autodetection" value="class" />
-      <property name="hibernate.format_sql" value="true" />
-      <property name="hibernate.dialect" value="org.hibernate.dialect.HSQLDialect" />
-      <!-- property name="hibernate.cache.provider_class"
-        value="org.hibernate.cache.EHCacheProvider" />
-      <property name="hibernate.cache.use_second_level_cache" value="true" />
-      <property name="hibernate.cache.use_query_cache" value="true" / -->
-      <property name="hibernate.max_fetch_depth" value="3" />
-      <property name="hibernate.default_batch_fetch_size" value="8" />
-      <property name="hibernate.generate_statistics" value="true" />
-    </properties>
+	<provider>org.hibernate.ejb.HibernatePersistence</provider>
+	<class>sample.domain.User</class>
+	<properties>
+	  <property name="hibernate.archive.autodetection" value="class" />
+	  <property name="hibernate.format_sql" value="true" />
+	  <property name="hibernate.dialect" value="org.hibernate.dialect.HSQLDialect" />
+	  <!-- property name="hibernate.cache.provider_class"
+		value="org.hibernate.cache.EHCacheProvider" />
+	  <property name="hibernate.cache.use_second_level_cache" value="true" />
+	  <property name="hibernate.cache.use_query_cache" value="true" / -->
+	  <property name="hibernate.max_fetch_depth" value="3" />
+	  <property name="hibernate.default_batch_fetch_size" value="8" />
+	  <property name="hibernate.generate_statistics" value="true" />
+	</properties>
   </persistence-unit>
 
 </persistence>

sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml

@@ -8,78 +8,78 @@
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
 
-    <display-name>Spring Security Tutorial Application</display-name>
+	<display-name>Spring Security Tutorial Application</display-name>
 
-    <!--
-      - Location of the XML file that defines the root application context
-      - Applied by ContextLoaderListener.
-      -->
-    <context-param>
-        <param-name>contextConfigLocation</param-name>
-        <param-value>
-            classpath:applicationContext-business.xml
-            /WEB-INF/appContext-persistence.xml
-            /WEB-INF/appContext-security.xml
-        </param-value>
-    </context-param>
+	<!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+			classpath:applicationContext-business.xml
+			/WEB-INF/appContext-persistence.xml
+			/WEB-INF/appContext-security.xml
+		</param-value>
+	</context-param>
 
-    <context-param>
-        <param-name>log4jConfigLocation</param-name>
-        <param-value>/WEB-INF/classes/log4j.properties</param-value>
-    </context-param>
+	<context-param>
+		<param-name>log4jConfigLocation</param-name>
+		<param-value>/WEB-INF/classes/log4j.properties</param-value>
+	</context-param>
 
-    <context-param>
-        <param-name>webAppRootKey</param-name>
-        <param-value>heavyduty.root</param-value>
-    </context-param>
+	<context-param>
+		<param-name>webAppRootKey</param-name>
+		<param-value>heavyduty.root</param-value>
+	</context-param>
 
-    <filter>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-    </filter>
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
 
-    <filter-mapping>
-      <filter-name>springSecurityFilterChain</filter-name>
-      <url-pattern>/*</url-pattern>
-    </filter-mapping>
+	<filter-mapping>
+	  <filter-name>springSecurityFilterChain</filter-name>
+	  <url-pattern>/*</url-pattern>
+	</filter-mapping>
 
-    <listener>
-        <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
-    </listener>
+	<listener>
+		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
+	</listener>
 
-    <!--
-      - Loads the root application context of this web app at startup.
-      - The application context is then available via
-      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
-    -->
-    <listener>
-        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-    </listener>
+	<!--
+	  - Loads the root application context of this web app at startup.
+	  - The application context is then available via
+	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+	-->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
 
-    <!--
-      - Publishes events for session creation and destruction through the application
-      - context. Optional unless concurrent session control is being used.
-      -->
-    <listener>
-        <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
-    </listener>
+	<!--
+	  - Publishes events for session creation and destruction through the application
+	  - context. Optional unless concurrent session control is being used.
+	  -->
+	<listener>
+		<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
+	</listener>
 
   <!--
-    - Provides core MVC application controller.
-    -->
-    <servlet>
-        <servlet-name>heavyduty</servlet-name>
-        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
-        <load-on-startup>1</load-on-startup>
-    </servlet>
+	- Provides core MVC application controller.
+	-->
+	<servlet>
+		<servlet-name>heavyduty</servlet-name>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<load-on-startup>1</load-on-startup>
+	</servlet>
 
-    <servlet-mapping>
-        <servlet-name>heavyduty</servlet-name>
-        <url-pattern>*.htm</url-pattern>
-     </servlet-mapping>
+	<servlet-mapping>
+		<servlet-name>heavyduty</servlet-name>
+		<url-pattern>*.htm</url-pattern>
+	 </servlet-mapping>
 
-     <welcome-file-list>
-        <welcome-file>index.jsp</welcome-file>
-    </welcome-file-list>
+	 <welcome-file-list>
+		<welcome-file>index.jsp</welcome-file>
+	</welcome-file-list>
 
 </web-app>

sandbox/webflow/src/main/webapp/WEB-INF/secure.xml

@@ -1,19 +1,19 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <flow xmlns="http://www.springframework.org/schema/webflow"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
+	  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	  xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
 
-    <secured attributes="ROLE_USER" />
+	<secured attributes="ROLE_USER" />
 
-    <input name="x"/>
+	<input name="x"/>
 
-    <view-state id="form">
-        <transition on="submit" to="finish" />
-    </view-state>
+	<view-state id="form">
+		<transition on="submit" to="finish" />
+	</view-state>
 
-    <end-state id="finish">
-        <output name="x"/>
-    </end-state>
+	<end-state id="finish">
+		<output name="x"/>
+	</end-state>
 
 
 </flow>

sandbox/webflow/src/main/webapp/WEB-INF/web.xml

@@ -8,67 +8,67 @@
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
 
-    <display-name>Spring Security Tutorial Application</display-name>
+	<display-name>Spring Security Tutorial Application</display-name>
 
-    <!--
-      - Location of the XML file that defines the root application context
-      - Applied by ContextLoaderListener.
-      -->
-    <context-param>
-        <param-name>contextConfigLocation</param-name>
-        <param-value>
-            /WEB-INF/security-config.xml
-        </param-value>
-    </context-param>
+	<!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+			/WEB-INF/security-config.xml
+		</param-value>
+	</context-param>
 
-    <context-param>
-        <param-name>log4jConfigLocation</param-name>
-        <param-value>/WEB-INF/classes/log4j.properties</param-value>
-    </context-param>
+	<context-param>
+		<param-name>log4jConfigLocation</param-name>
+		<param-value>/WEB-INF/classes/log4j.properties</param-value>
+	</context-param>
 
-    <filter>
-        <filter-name>springSecurityFilterChain</filter-name>
-        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-    </filter>
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
 
-    <filter-mapping>
-      <filter-name>springSecurityFilterChain</filter-name>
-      <url-pattern>/*</url-pattern>
-    </filter-mapping>
+	<filter-mapping>
+	  <filter-name>springSecurityFilterChain</filter-name>
+	  <url-pattern>/*</url-pattern>
+	</filter-mapping>
 
-    <!--
-      - Loads the root application context of this web app at startup.
-      - The application context is then available via
-      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
-    -->
-    <listener>
-        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-    </listener>
+	<!--
+	  - Loads the root application context of this web app at startup.
+	  - The application context is then available via
+	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+	-->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
 
-    <!--
-      - Publishes events for session creation and destruction through the application
-      - context. Optional unless concurrent session control is being used.
-      -->
-    <listener>
-      <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
-    </listener>
+	<!--
+	  - Publishes events for session creation and destruction through the application
+	  - context. Optional unless concurrent session control is being used.
+	  -->
+	<listener>
+	  <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
+	</listener>
 
-    <listener>
-        <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
-    </listener>
+	<listener>
+		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
+	</listener>
 
   <!--
-    - Provides core MVC application controller. See contacts-servlet.xml.
-    -->
-    <servlet>
-        <servlet-name>webflow</servlet-name>
-        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
-        <load-on-startup>1</load-on-startup>
-    </servlet>
+	- Provides core MVC application controller. See contacts-servlet.xml.
+	-->
+	<servlet>
+		<servlet-name>webflow</servlet-name>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<load-on-startup>1</load-on-startup>
+	</servlet>
 
-    <servlet-mapping>
-        <servlet-name>webflow</servlet-name>
-        <url-pattern>/app/*</url-pattern>
-     </servlet-mapping>
+	<servlet-mapping>
+		<servlet-name>webflow</servlet-name>
+		<url-pattern>/app/*</url-pattern>
+	 </servlet-mapping>
 
 </web-app>