Remove configuration from sandbox; this support exists in 2.0 trunk.

sandbox/spring-security-config/.classpath

@@ -1,47 +0,0 @@
-<classpath>
-  <classpathentry kind="src" path="src/main/java"/>
-  <classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
-  <classpathentry kind="src" path="src/test/java" output="target/test-classes"/>
-  <classpathentry kind="src" path="src/test/resources" output="target/test-classes" excluding="**/*.java"/>
-  <classpathentry kind="output" path="target/classes"/>
-  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
-  <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core-shared/1.0.0/apacheds-core-shared-1.0.0.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-context/2.0.4/spring-context-2.0.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar" sourcepath="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/commons-attributes/commons-attributes-api/2.1/commons-attributes-api-2.1.jar" sourcepath="M2_REPO/commons-attributes/commons-attributes-api/2.1/commons-attributes-api-2.1-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar" sourcepath="M2_REPO/junit/junit/3.8.1/junit-3.8.1-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/cas/casclient/2.0.11/casclient-2.0.11.jar"/>
-  <classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.4/hsqldb-1.8.0.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/qdox/qdox/1.5/qdox-1.5.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-ldap/0.9.5.3/shared-ldap-0.9.5.3.jar"/>
-  <classpathentry kind="var" path="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6.jar" sourcepath="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1.jar" sourcepath="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core/1.0.0/apacheds-core-1.0.0.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-asn1/0.9.5.3/shared-asn1-0.9.5.3.jar"/>
-  <classpathentry kind="var" path="M2_REPO/javax/servlet/jsp-api/2.0/jsp-api-2.0.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-web/2.0.4/spring-web-2.0.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-support/2.0.4/spring-support-2.0.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-dao/2.0.4/spring-dao-2.0.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9.jar" sourcepath="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/commons-attributes/commons-attributes-compiler/2.1/commons-attributes-compiler-2.1.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-remoting/2.0.4/spring-remoting-2.0.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar" sourcepath="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-mock/2.0.4/spring-mock-2.0.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/jdbm/jdbm/1.0/jdbm-1.0.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-aop/2.0.4/spring-aop-2.0.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1.jar" sourcepath="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-jdbc/2.0.4/spring-jdbc-2.0.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1.jar" sourcepath="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/2.0.4/spring-beans-2.0.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/oro/oro/2.0.8/oro-2.0.8.jar" sourcepath="M2_REPO/oro/oro/2.0.8/oro-2.0.8-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/2.0.4/spring-core-2.0.4.jar"/>
-  <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/aspectj/aspectjrt/1.2/aspectjrt-1.2.jar"/>
-  <classpathentry kind="var" path="M2_REPO/ant/ant/1.5/ant-1.5.jar"/>
-  <classpathentry kind="var" path="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar" sourcepath="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4.jar" sourcepath="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4-sources.jar"/>
-  <classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT-sources.jar"/>
-</classpath>

sandbox/spring-security-config/.project

@@ -1,19 +0,0 @@
-<projectDescription>
-  <name>spring-security-config</name>
-  <comment>Acegi Security System for Spring</comment>
-  <projects/>
-  <buildSpec>
-    <buildCommand>
-      <name>org.eclipse.jdt.core.javabuilder</name>
-    </buildCommand>
-    <buildCommand>
-      <name>org.eclipse.wst.validation.validationbuilder</name>
-    </buildCommand>
-  </buildSpec>
-  <natures>
-    <nature>org.eclipse.wst.common.project.facet.core.nature</nature>
-    <nature>org.eclipse.jdt.core.javanature</nature>
-    <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
-    <nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
-  </natures>
-</projectDescription>

sandbox/spring-security-config/.settings/.component

@@ -1,6 +0,0 @@
-<project-modules id="moduleCoreId">
-  <wb-module deploy-name="spring-security-config">
-    <wb-resource deploy-path="/" source-path="src/main/java"/>
-    <wb-resource deploy-path="/" source-path="src/main/resources"/>
-  </wb-module>
-</project-modules>

sandbox/spring-security-config/.settings/org.eclipse.jdt.core.prefs

@@ -1,7 +0,0 @@
-#Sun Jun 17 10:48:58 EST 2007
-eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
-org.eclipse.jdt.core.compiler.compliance=1.5
-org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
-org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
-org.eclipse.jdt.core.compiler.source=1.5

sandbox/spring-security-config/.settings/org.eclipse.wst.common.project.facet.core.xml

@@ -1,6 +0,0 @@
-<faceted-project>
-  <fixed facet="jst.java"/>
-  <fixed facet="jst.utility"/>
-  <installed facet="jst.utility" version="1.0"/>
-  <installed facet="jst.java" version="5.0"/>
-</faceted-project>

sandbox/spring-security-config/basicauth/BasicProcessingFilter.java

@@ -1,239 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.acegisecurity.ui.basicauth;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.ui.AuthenticationDetailsSource;
-import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
-import org.acegisecurity.ui.AuthenticationEntryPoint;
-import org.acegisecurity.ui.rememberme.RememberMeServices;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.core.Ordered;
-import org.springframework.util.Assert;
-
-
-/**
- * Processes a HTTP request's BASIC authorization headers, putting the result into the
- * <code>SecurityContextHolder</code>.<p>For a detailed background on what this filter is designed to process,
- * refer to <A HREF="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</A>. Any realm name presented in
- * the HTTP request is ignored.</p>
- *  <p>In summary, this filter is responsible for processing any request that has a HTTP request header of
- * <code>Authorization</code> with an authentication scheme of <code>Basic</code> and a Base64-encoded
- * <code>username:password</code> token. For example, to authenticate user "Aladdin" with password "open sesame" the
- * following header would be presented:</p>
- *  <p><code>Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==</code>.</p>
- *  <p>This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as
- * Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).</p>
- *  <P>If authentication is successful, the resulting {@link Authentication} object will be placed into the
- * <code>SecurityContextHolder</code>.</p>
- *  <p>If authentication fails and <code>ignoreFailure</code> is <code>false</code> (the default), an {@link
- * AuthenticationEntryPoint} implementation is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
- * which will prompt the user to authenticate again via BASIC authentication.</p>
- *  <p>Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
- * transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
- * provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
- * org.acegisecurity.ui.digestauth.DigestProcessingFilter}.</p>
- *  <p>Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
- * details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
- * they will be authenticated using the remember-me mechanism.</p>
- *  <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
- * org.acegisecurity.util.FilterToBeanProxy}.</p>
- *
- * @author Ben Alex
- * @version $Id: BasicProcessingFilter.java 1783 2007-02-23 19:21:44Z luke_t $
- */
-public class BasicProcessingFilter implements Filter, InitializingBean, Ordered {
-    //~ Static fields/initializers =====================================================================================
-
-	private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
-
-    //~ Instance fields ================================================================================================
-
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
-    private AuthenticationEntryPoint authenticationEntryPoint;
-    private AuthenticationManager authenticationManager;
-    private RememberMeServices rememberMeServices;
-    private boolean ignoreFailure = false;
-    private int order;
-
-    //~ Methods ========================================================================================================
-
-    public void afterPropertiesSet() throws Exception {
-        Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
-        Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
-    }
-
-    public void destroy() {}
-
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-            throws IOException, ServletException {
-
-        if (!(request instanceof HttpServletRequest)) {
-            throw new ServletException("Can only process HttpServletRequest");
-        }
-
-        if (!(response instanceof HttpServletResponse)) {
-            throw new ServletException("Can only process HttpServletResponse");
-        }
-
-        HttpServletRequest httpRequest = (HttpServletRequest) request;
-        HttpServletResponse httpResponse = (HttpServletResponse) response;
-
-        String header = httpRequest.getHeader("Authorization");
-
-        if (logger.isDebugEnabled()) {
-            logger.debug("Authorization header: " + header);
-        }
-
-        if ((header != null) && header.startsWith("Basic ")) {
-            String base64Token = header.substring(6);
-            String token = new String(Base64.decodeBase64(base64Token.getBytes()));
-
-            String username = "";
-            String password = "";
-            int delim = token.indexOf(":");
-
-            if (delim != -1) {
-                username = token.substring(0, delim);
-                password = token.substring(delim + 1);
-            }
-
-            if (authenticationIsRequired(username)) {
-                UsernamePasswordAuthenticationToken authRequest =
-                        new UsernamePasswordAuthenticationToken(username, password);
-                authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
-
-                Authentication authResult;
-
-                try {
-                    authResult = authenticationManager.authenticate(authRequest);
-                } catch (AuthenticationException failed) {
-                    // Authentication failed
-                    if (logger.isDebugEnabled()) {
-                        logger.debug("Authentication request for user: " + username + " failed: " + failed.toString());
-                    }
-
-                    SecurityContextHolder.getContext().setAuthentication(null);
-
-                    if (rememberMeServices != null) {
-                        rememberMeServices.loginFail(httpRequest, httpResponse);
-                    }
-
-                    if (ignoreFailure) {
-                        chain.doFilter(request, response);
-                    } else {
-                        authenticationEntryPoint.commence(request, response, failed);
-                    }
-
-                    return;
-                }
-
-                // Authentication success
-                if (logger.isDebugEnabled()) {
-                    logger.debug("Authentication success: " + authResult.toString());
-                }
-
-                SecurityContextHolder.getContext().setAuthentication(authResult);
-
-                if (rememberMeServices != null) {
-                    rememberMeServices.loginSuccess(httpRequest, httpResponse, authResult);
-                }
-            }
-        }
-
-        chain.doFilter(request, response);
-    }
-
-    private boolean authenticationIsRequired(String username) {
-        // Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated
-        // (see SEC-53)
-        Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
-
-        if(existingAuth == null || !existingAuth.isAuthenticated()) {
-            return true;
-        }
-
-        // Limit username comparison to providers which use usernames (ie UsernamePasswordAuthenticationToken)
-        // (see SEC-348)
-
-        if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
-            return true;
-        }
-
-        return false;
-    }
-
-    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
-        return authenticationEntryPoint;
-    }
-
-    public AuthenticationManager getAuthenticationManager() {
-        return authenticationManager;
-    }
-
-    public void init(FilterConfig arg0) throws ServletException {}
-
-    public boolean isIgnoreFailure() {
-        return ignoreFailure;
-    }
-
-    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
-        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
-        this.authenticationDetailsSource = authenticationDetailsSource;
-    }
-
-    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
-        this.authenticationEntryPoint = authenticationEntryPoint;
-    }
-
-    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
-        this.authenticationManager = authenticationManager;
-    }
-
-    public void setIgnoreFailure(boolean ignoreFailure) {
-        this.ignoreFailure = ignoreFailure;
-    }
-
-    public void setRememberMeServices(RememberMeServices rememberMeServices) {
-        this.rememberMeServices = rememberMeServices;
-    }
-
-	public int getOrder() {
-		return order;
-	}
-
-	public void setOrder(int order) {
-		this.order = order;
-	}
-}

sandbox/spring-security-config/basicauth/BasicProcessingFilterEntryPoint.java

@@ -1,102 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.acegisecurity.ui.basicauth;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
-
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.ui.AuthenticationEntryPoint;
-import org.acegisecurity.util.OrderedUtils;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-import org.springframework.core.Ordered;
-import org.springframework.util.Assert;
-
-/**
- * Used by the <code>SecurityEnforcementFilter</code> to commence
- * authentication via the {@link BasicProcessingFilter}.
- * <P>
- * Once a user agent is authenticated using BASIC authentication, logout
- * requires that the browser be closed or an unauthorized (401) header be sent.
- * The simplest way of achieving the latter is to call the
- * {@link #commence(ServletRequest, ServletResponse, AuthenticationException)}
- * method below. This will indicate to the browser its credentials are no longer
- * authorized, causing it to prompt the user to login again.
- * </p>
- * 
- * @author Ben Alex
- * @version $Id: BasicProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z
- * vishalpuri $
- */
-public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered,
-		ApplicationContextAware {
-	// ~ Static fields/initializers
-	// =====================================================================================
-	private static final int DEFAULT_ORDER = Integer.MAX_VALUE;
-
-	// ~ Instance fields
-	// ================================================================================================
-
-	private String realmName;
-
-	private int order = DEFAULT_ORDER;
-
-	private ApplicationContext applicationContext;
-
-	// ~ Methods
-	// ========================================================================================================
-
-	public int getOrder() {
-		return order;
-	}
-
-	public void setOrder(int order) {
-		this.order = order;
-	}
-
-	public void afterPropertiesSet() throws Exception {
-		Assert.hasText(realmName, "realmName must be specified");
-		if (order == DEFAULT_ORDER) {
-			OrderedUtils.copyOrderFromOtherClass(BasicProcessingFilter.class, applicationContext, this, true);
-		}
-	}
-
-	public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
-			throws IOException, ServletException {
-		HttpServletResponse httpResponse = (HttpServletResponse) response;
-		httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
-		httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
-	}
-
-	public String getRealmName() {
-		return realmName;
-	}
-
-	public void setRealmName(String realmName) {
-		this.realmName = realmName;
-	}
-
-	public void setApplicationContext(ApplicationContext applicationContext) {
-		this.applicationContext = applicationContext;
-	}
-}

sandbox/spring-security-config/basicauth/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Authenticates HTTP BASIC authentication requests.
-</body>
-</html>

sandbox/spring-security-config/pom.xml

@@ -1,169 +0,0 @@
-<?xml version="1.0"?>
-<project>
-	<parent>
-		<artifactId>acegi-security-sandbox</artifactId>
-		<groupId>org.acegisecurity</groupId>
-		<version>1.0.6-SNAPSHOT</version>
-	</parent>
-	<modelVersion>4.0.0</modelVersion>
-	<groupId>org.acegisecurity</groupId>
-	<artifactId>spring-security-config</artifactId>
-	<name>spring-security-config</name>
-	<version>2.0.0-SNAPSHOT</version>
-	<url>http://maven.apache.org</url>
-	<dependencies>
-		<dependency>
-			<groupId>org.acegisecurity</groupId>
-			<artifactId>acegi-security-tiger</artifactId>
-			<version>1.0.6-SNAPSHOT</version>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-remoting</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-jdbc</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-support</artifactId>
-			<scope>runtime</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-mock</artifactId>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>net.sf.ehcache</groupId>
-			<artifactId>ehcache</artifactId>
-			<version>1.2.4</version>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>cas</groupId>
-			<artifactId>casclient</artifactId>
-			<version>2.0.11</version>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>commons-lang</groupId>
-			<artifactId>commons-lang</artifactId>
-			<version>2.1</version>
-		</dependency>
-		<dependency>
-			<groupId>commons-logging</groupId>
-			<artifactId>commons-logging</artifactId>
-			<version>1.0.4</version>
-		</dependency>
-		<dependency>
-			<groupId>commons-codec</groupId>
-			<artifactId>commons-codec</artifactId>
-			<version>1.3</version>
-		</dependency>
-		<dependency>
-			<groupId>oro</groupId>
-			<artifactId>oro</artifactId>
-			<version>2.0.8</version>
-		</dependency>
-		<dependency>
-			<groupId>commons-collections</groupId>
-			<artifactId>commons-collections</artifactId>
-			<version>3.1</version>
-		</dependency>
-		<dependency>
-			<groupId>commons-attributes</groupId>
-			<artifactId>commons-attributes-compiler</artifactId>
-			<version>2.1</version>
-		</dependency>
-		<dependency>
-			<groupId>commons-attributes</groupId>
-			<artifactId>commons-attributes-api</artifactId>
-			<version>2.1</version>
-		</dependency>
-		<dependency>
-			<groupId>commons-attributes</groupId>
-			<artifactId>commons-attributes-plugin</artifactId>
-			<version>2.1</version>
-			<type>plugin</type>
-		</dependency>
-
-		<dependency>
-			<groupId>aspectj</groupId>
-			<artifactId>aspectjrt</artifactId>
-			<version>1.2</version>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>javax.servlet</groupId>
-			<artifactId>jsp-api</artifactId>
-			<version>2.0</version>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>javax.servlet</groupId>
-			<artifactId>servlet-api</artifactId>
-			<version>2.4</version>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>taglibs</groupId>
-			<artifactId>standard</artifactId>
-			<version>1.0.6</version>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>hsqldb</groupId>
-			<artifactId>hsqldb</artifactId>
-			<version>1.8.0.4</version>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.directory.server</groupId>
-			<artifactId>apacheds-core</artifactId>
-			<version>1.0.0</version>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.slf4j</groupId>
-			<artifactId>slf4j-log4j12</artifactId>
-			<version>1.0.1</version>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>jmock</groupId>
-			<artifactId>jmock</artifactId>
-			<version>1.0.1</version>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>log4j</groupId>
-			<artifactId>log4j</artifactId>
-		</dependency>
-	</dependencies>
-	<build>
-		<plugins>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-compiler-plugin</artifactId>
-				<configuration>
-					<source>1.5</source>
-					<target>1.5</target>
-				</configuration>
-			</plugin>
-		</plugins>
-	</build>
-	<reporting>
-		<plugins>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-pmd-plugin</artifactId>
-				<configuration>
-					<targetJdk>1.5</targetJdk>
-				</configuration>
-			</plugin>
-		</plugins>
-	</reporting>
-
-</project>

sandbox/spring-security-config/src/main/java/org/acegisecurity/App.java

@@ -1,13 +0,0 @@
-package org.acegisecurity;
-
-/**
- * Hello world!
- *
- */
-public class App 
-{
-    public static void main( String[] args )
-    {
-        System.out.println( "Hello World!" );
-    }
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/BankService.java

@@ -1,50 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.acegisecurity;
-
-import org.acegisecurity.annotation.Secured;
-
-
-/**
- * <code>BankService</code> sample using Java 5 Annotations.
- *
- * @author Mark St.Godard
- * @version $Id: BankService.java 1496 2006-05-23 13:38:33Z benalex $
- * 
- * @see org.acegisecurity.annotation.Secured
- */
-@Secured({"ROLE_TELLER"})
-public interface BankService {
-    //~ Methods ========================================================================================================
-
-    /**
-     * Get the account balance.
-     *
-     * @param accountNumber The account number
-     *
-     * @return The balance
-     */
-    @Secured({"ROLE_PERMISSION_BALANCE"})
-    public float balance(String accountNumber);
-
-    /**
-     * List accounts
-     *
-     * @return The list of accounts
-     */
-    @Secured({"ROLE_PERMISSION_LIST"})
-    public String[] listAccounts();
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/BankServiceImpl.java

@@ -1,34 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.acegisecurity;
-
-/**
- * <code>BankService</code> sample implementation.
- *
- * @author Mark St.Godard
- * @version $Id: BankServiceImpl.java 1496 2006-05-23 13:38:33Z benalex $
- */
-public class BankServiceImpl implements BankService {
-    //~ Methods ========================================================================================================
-
-    public float balance(String accountNumber) {
-        return 42000000;
-    }
-
-    public String[] listAccounts() {
-        return new String[] {"1", "2", "3"};
-    }
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/Main.java

@@ -1,77 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.acegisecurity;
-
-import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
-
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.context.SecurityContextImpl;
-
-import org.acegisecurity.providers.TestingAuthenticationToken;
-
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-
-/**
- * 
-DOCUMENT ME!
- *
- * @author Mark St.Godard
- * @version $Id: Main.java 1496 2006-05-23 13:38:33Z benalex $
- */
-public class Main {
-    //~ Methods ========================================================================================================
-
-    /**
-     * This can be done in a web app by using a filter or <code>SpringMvcIntegrationInterceptor</code>.
-     */
-    private static void createSecureContext() {
-        TestingAuthenticationToken auth = new TestingAuthenticationToken("test", "test",
-                new GrantedAuthority[] {
-                    new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
-                });
-
-        SecurityContextHolder.getContext().setAuthentication(auth);
-    }
-
-    private static void destroySecureContext() {
-        SecurityContextHolder.setContext(new SecurityContextImpl());
-    }
-
-    public static void main(String[] args) throws Exception {
-        createSecureContext();
-
-        ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(
-                "org/acegisecurity/config/auto-config.xml");
-        BankService service = (BankService) context.getBean("bankService");
-
-        // will succeed
-        service.listAccounts();
-
-        // will fail
-        try {
-            System.out.println(
-                "We expect an AccessDeniedException now, as we do not hold the ROLE_PERMISSION_BALANCE granted authority, and we're using a unanimous access decision manager... ");
-            service.balance("1");
-        } catch (AccessDeniedException e) {
-            e.printStackTrace();
-        }
-
-        destroySecureContext();
-    }
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthenticationMechanismBeanDefinitionParser.java

@@ -1,145 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.acegisecurity.config;
-
-import org.acegisecurity.ldap.DefaultInitialDirContextFactory;
-import org.acegisecurity.providers.ProviderManager;
-import org.acegisecurity.providers.ldap.LdapAuthenticationProvider;
-import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator;
-import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
-import org.acegisecurity.util.BeanDefinitionParserUtils;
-import org.springframework.beans.factory.config.RuntimeBeanReference;
-import org.springframework.beans.factory.support.AbstractBeanDefinition;
-import org.springframework.beans.factory.support.ManagedList;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
-import org.springframework.beans.factory.xml.BeanDefinitionParser;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * * {@link BeanDefinitionParser} for the <code>authentication-mechanism</code>
- * tag, resolves to {@link org.acegisecurity.providers.ProviderManager} </br>
- * 
- * @author vpuri
- * @see {@link org.springframework.beans.factory.BeanFactory}
- * @see {@link org.acegisecurity.providers.ProviderManager}
- * 
- */
-public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDefinitionParser implements
-		BeanDefinitionParser {
-	// ~ Instance fields
-	// ================================================================================================
-
-	private static final String AUTHENTICATION_JDBC = "authentication-jdbc";
-
-	private static final String AUTHENTICATION_LDAP = "authentication-ldap";
-
-	private static final String REF = "ref";
-
-	// ~ Methods
-	// ========================================================================================================
-	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
-
-		ManagedList providers = new ManagedList();
-		Assert.notNull(parserContext, "ParserContext must not be null");
-		RootBeanDefinition authMechanismBeanDef = new RootBeanDefinition(ProviderManager.class);
-		NodeList childNodes = element.getChildNodes();
-
-		for (int i = 0, n = childNodes.getLength(); i < n; i++) {
-			Node node = childNodes.item(i);
-
-			if (node.getNodeType() == Node.ELEMENT_NODE) {
-				Element childElement = (Element) node;
-				// this.providerExists = true;
-
-				if (AUTHENTICATION_JDBC.equals(node.getLocalName())) {
-					String attribute = childElement.getAttribute(REF);
-					if (StringUtils.hasLength(attribute)) {
-						// create a beandefinition
-						providers.add(new RuntimeBeanReference(attribute));
-					}
-				}
-				else if (AUTHENTICATION_LDAP.equals(node.getLocalName())) {
-					providers.add(createLdapAuthencticationProviderBeanDefinition(childElement, parserContext));
-				}
-			}
-			authMechanismBeanDef.getPropertyValues().addPropertyValue("providers", providers);
-
-		}
-		return authMechanismBeanDef;
-	}
-
-	/**
-	 * Creates a default bean definition.
-	 * @return
-	 */
-	protected static RootBeanDefinition createAndRegisterBeanDefinitionWithDefaults(ParserContext parserContext) {
-		RootBeanDefinition beanDefinition = new RootBeanDefinition(ProviderManager.class);
-		ManagedList providers = new ManagedList();
-		// create authentication-repository (DaoAuthenticationProvider) and add
-		// that to list
-		RootBeanDefinition authRepo = AuthenticationRepositoryBeanDefinitionParser.createBeanDefinitionWithDefaults();
-		providers.add(authRepo);
-		beanDefinition.getPropertyValues().addPropertyValue("providers", providers);
-		parserContext.getReaderContext().registerWithGeneratedName(beanDefinition);
-		return beanDefinition;
-	}
-
-	protected static RootBeanDefinition createLdapAuthencticationProviderBeanDefinition(Element element,
-			ParserContext parserContext) {
-		// element ldap
-		RootBeanDefinition ldapAuthProvider = new RootBeanDefinition(LdapAuthenticationProvider.class);
-		RootBeanDefinition initialDirContextFactory = createInitialDirContextFactoryBeanDefinition(element);
-		RootBeanDefinition ldapAuthoritiesPopulator = new RootBeanDefinition(DefaultLdapAuthoritiesPopulator.class);
-
-		RootBeanDefinition bindAuthenticator = new RootBeanDefinition(BindAuthenticator.class);
-		Element property = DomUtils.getChildElementByTagName(element, "property");
-		Assert.notNull(property);
-		parserContext.getDelegate().parsePropertyElement(property, bindAuthenticator);
-		bindAuthenticator.getConstructorArgumentValues().addIndexedArgumentValue(0, initialDirContextFactory);
-
-		// LdapAuthenticator
-		ldapAuthProvider.getConstructorArgumentValues().addIndexedArgumentValue(0, bindAuthenticator);
-
-		ldapAuthoritiesPopulator.getConstructorArgumentValues().addIndexedArgumentValue(0, initialDirContextFactory);
-		BeanDefinitionParserUtils.setConstructorArgumentIfAvailable(1, element, "groupSearchBase", false,
-				ldapAuthoritiesPopulator);
-		BeanDefinitionParserUtils.setPropertyIfAvailable(element, "groupRoleAttribute", "groupRoleAttribute", false,
-				ldapAuthoritiesPopulator);
-
-		// LdapAuthoritiesPopulator
-		ldapAuthProvider.getConstructorArgumentValues().addIndexedArgumentValue(1, ldapAuthoritiesPopulator);
-
-		return ldapAuthProvider;
-
-	}
-
-	private static RootBeanDefinition createInitialDirContextFactoryBeanDefinition(Element element) {
-		RootBeanDefinition initialDirContextFactory = new RootBeanDefinition(DefaultInitialDirContextFactory.class);
-		BeanDefinitionParserUtils.setConstructorArgumentIfAvailable(0, element, "ldapUrl", false,
-				initialDirContextFactory);
-		BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerDn", "managerDn", false,
-				initialDirContextFactory);
-		BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerPassword", "managerPassword", false,
-				initialDirContextFactory);
-		return initialDirContextFactory;
-	}
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthenticationProcessingFilterBeanDefinitionParser.java

@@ -1,71 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
-import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
-import org.springframework.beans.factory.config.BeanDefinitionHolder;
-import org.springframework.beans.factory.support.AbstractBeanDefinition;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
-import org.springframework.beans.factory.xml.BeanDefinitionParser;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
-
-/**
- * @author vpuri
- * 
- */
-public class AuthenticationProcessingFilterBeanDefinitionParser extends AbstractBeanDefinitionParser implements
-		BeanDefinitionParser {
-
-	// ~ Instance fields
-	// ================================================================================================
-
-	private static final String AUTHENTICATION_URL = "authenticationUrl";
-
-	private static final String ERROR_FORM_URL = "errorFormUrl";
-
-	private static final String DEFAULT_TARGET_URL = "defaultTargetUrl";
-
-	// ~ Methods
-	// ================================================================================================
-
-	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
-
-		RootBeanDefinition definition = new RootBeanDefinition(AuthenticationProcessingFilter.class);
-
-		setPropertyIfAvailable(element, AUTHENTICATION_URL, "filterProcessesUrl", definition);
-		setPropertyIfAvailable(element, ERROR_FORM_URL, "authenticationFailureUrl", definition);
-		setPropertyIfAvailable(element, DEFAULT_TARGET_URL, "defaultTargetUrl", definition);
-
-		return definition;
-	}
-
-	private void setPropertyIfAvailable(Element element, String attribute, String property,
-			RootBeanDefinition definition) {
-		String propertyValue = element.getAttribute(attribute);
-		if (StringUtils.hasText(propertyValue)) {
-			definition.getPropertyValues().addPropertyValue(property, propertyValue);
-		}
-	}
-
-	protected static RootBeanDefinition createBeandefinitionWithDefaults(ParserContext parserContext, RootBeanDefinition authenticationManager, RootBeanDefinition rememberMeServices) {
-		RootBeanDefinition definition = new RootBeanDefinition(AuthenticationProcessingFilter.class);
-		definition.getPropertyValues().addPropertyValue("authenticationManager",authenticationManager);
-		definition.getPropertyValues().addPropertyValue("rememberMeServices",rememberMeServices);
-//		RootBeanDefinition beanDefinition = AuthenticationMechanismBeanDefinitionParser.createAndRegisterBeanDefinitionWithDefaults(parserContext);
-//		definition.getPropertyValues().addPropertyValue("authenticationManager",
-//				parserContext.getReaderContext().getRegistry().getBeanDefinition(beanDefinition.getBeanClassName()));
-//		definition.getPropertyValues().addPropertyValue("rememberMeServices",
-//				RememberMeServicesBeanDefinitionParser.createAndRegisterBeanDefintionWithDefaults(parserContext));
-		/* TODO: There should not be any defaults for these urls ?!?! */
-		definition.getPropertyValues().addPropertyValue("authenticationFailureUrl", "/acegilogin.jsp?login_error=1");
-		definition.getPropertyValues().addPropertyValue("defaultTargetUrl", "/");
-		
-		return definition;
-	}
-
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthenticationProviderOrderResolver.java

@@ -1,43 +0,0 @@
-package org.acegisecurity.config;
-
-import java.util.Collections;
-
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.providers.AuthenticationProvider;
-import org.springframework.beans.BeansException;
-import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.beans.factory.support.ManagedList;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.core.OrderComparator;
-
-public class AuthenticationProviderOrderResolver implements BeanFactoryPostProcessor {
-	
-	/**
-	 * 
-	 */
-	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
-		// retrieve all the AuthenticationProvider instances
-		ManagedList providers = retrieveAllAuthenticationProviders(beanFactory);
-		String[] names = beanFactory.getBeanNamesForType(AuthenticationManager.class);
-		RootBeanDefinition definition = (RootBeanDefinition)beanFactory.getBeanDefinition(names[0]);
-		definition.getPropertyValues().addPropertyValue("providers",providers);
-	}
-	/**
-	 * 
-	 * @param beanFactory
-	 * @return
-	 */
-	private ManagedList retrieveAllAuthenticationProviders(ConfigurableListableBeanFactory beanFactory) {
-		String[] m = beanFactory.getBeanNamesForType(AuthenticationProvider.class);
-		ManagedList l = new ManagedList();
-		for(int i=0;i<m.length;i++){
-			RootBeanDefinition def = (RootBeanDefinition)beanFactory.getBeanDefinition(m[i]);
-			l.add(def);
-		}
-		Collections.sort(l, new OrderComparator());
-		return l;
-	}
-
-	
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthenticationRepositoryBeanDefinitionParser.java

@@ -1,193 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
-import org.acegisecurity.providers.dao.salt.ReflectionSaltSource;
-import org.acegisecurity.providers.dao.salt.SystemWideSaltSource;
-import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
-import org.springframework.beans.factory.config.BeanDefinitionHolder;
-import org.springframework.beans.factory.config.RuntimeBeanReference;
-import org.springframework.beans.factory.support.AbstractBeanDefinition;
-import org.springframework.beans.factory.support.ManagedList;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * @author vpuri
- * 
- */
-public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser {
-
-	// ~ Static fields
-	// =====================================================================================
-
-	private static final String REPOSITORY_BEAN_REF = "repositoryBeanRef";
-
-	private static final String USER_DETAILS_SERVICE = "userDetailsService";
-
-	private static final String SALT_SOURCE_ELEMENT = "salt-source";
-
-	private static final String SALT_SOURCE_REF = "saltSourceBeanRef";
-
-	private static final String SYSTEM_WIDE_SALT_SOURCE = "system-wide";
-
-	private static final String REFLECTION_SALT_SOURCE = "reflection";
-
-	private static final String PASSWORD_ENCODER_ELEMENT = "password-encoder";
-
-	private static final String PASSWORD_ENCODER_REF = "encoderBeanRef";
-
-	private static final String PASSWORD_ENCODER = "encoder";
-
-	// ~ Method
-	// ================================================================================================
-
-	public AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
-		Assert.notNull(parserContext, "ParserContext must not be null");
-
-		RootBeanDefinition repositoryBeanDef = new RootBeanDefinition(DaoAuthenticationProvider.class);
-
-		// check if saltSource is defined
-		Element saltSourceEle = DomUtils.getChildElementByTagName(element, SALT_SOURCE_ELEMENT);
-		setSaltSourceProperty(repositoryBeanDef, saltSourceEle);
-
-		Element passwordEncoderEle = DomUtils.getChildElementByTagName(element, PASSWORD_ENCODER_ELEMENT);
-		setPasswordEncoderProperty(repositoryBeanDef, passwordEncoderEle);
-
-		// if repositoryBeanRef is specified use its referred bean
-		String userDetailsRef = element.getAttribute(REPOSITORY_BEAN_REF);
-		if (StringUtils.hasLength(userDetailsRef)) {
-			repositoryBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE,
-					new RuntimeBeanReference(userDetailsRef));
-		}
-		return repositoryBeanDef;
-	}
-
-	/**
-	 * 
-	 * @param repositoryBeanDef
-	 * @param element
-	 */
-	private void setSaltSourceProperty(RootBeanDefinition repositoryBeanDef, Element element) {
-		if (element != null) {
-			setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "saltSource", element
-					.getAttribute(SALT_SOURCE_REF));
-		}
-	}
-
-	/**
-	 * 
-	 * @param repositoryBeanDef
-	 * @param element
-	 */
-	private void setPasswordEncoderProperty(RootBeanDefinition repositoryBeanDef, Element element) {
-		if (element != null) {
-			setBeanReferenceOrInnerBeanDefinitions(repositoryBeanDef, element, "passwordEncoder", element
-					.getAttribute(PASSWORD_ENCODER_REF));
-		}
-	}
-
-	/**
-	 * 
-	 * @param repositoryBeanDef
-	 * @param element
-	 * @param property
-	 * @param reference
-	 */
-	private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element,
-			String property, String reference) {
-		// check for encoderBeanRef attribute
-		if (StringUtils.hasLength(reference)) {
-			repositoryBeanDef.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(reference));
-		}
-		else {
-			doSetInnerBeanDefinitions(repositoryBeanDef, element, property);
-		}
-	}
-
-	/**
-	 * 
-	 * @param repositoryBeanDef
-	 * @param element
-	 * @param property
-	 */
-	private void doSetInnerBeanDefinitions(RootBeanDefinition repositoryBeanDef, Element element, String property) {
-		NodeList children = element.getChildNodes();
-		for (int i = 0, n = children.getLength(); i < n; i++) {
-			Node node = children.item(i);
-
-			if (node.getNodeType() == Node.ELEMENT_NODE) {
-				Element childElement = (Element) node;
-				RootBeanDefinition innerBeanDefinition = null;
-
-				if (SYSTEM_WIDE_SALT_SOURCE.equals(node.getLocalName())) {
-					innerBeanDefinition = createSystemWideSaltSource(childElement);
-					repositoryBeanDef.getPropertyValues().addPropertyValue(property, innerBeanDefinition);
-				}
-				else if (REFLECTION_SALT_SOURCE.equals(node.getLocalName())) {
-					innerBeanDefinition = createReflectionSaltSource(childElement);
-					repositoryBeanDef.getPropertyValues().addPropertyValue(property, innerBeanDefinition);
-				}
-				if (PASSWORD_ENCODER.equals(node.getLocalName())) {
-					RootBeanDefinition passwordEncoderInnerBeanDefinition = createPasswordEncoder(childElement);
-					repositoryBeanDef.getPropertyValues()
-							.addPropertyValue(property, passwordEncoderInnerBeanDefinition);
-				}
-			}
-		}
-	}
-
-	/**
-	 * 
-	 * @param childElement
-	 * @return
-	 */
-	private RootBeanDefinition createPasswordEncoder(Element childElement) {
-		String attributeValue = childElement.getAttribute("method");
-		RootBeanDefinition definition = null;
-		// TODO: add other encoders support
-		if (attributeValue.equals("md5")) {
-			definition = new RootBeanDefinition(Md5PasswordEncoder.class);
-		}
-		return definition;
-	}
-
-	/**
-	 * 
-	 * @param saltSourceTypeElement
-	 * @return
-	 */
-	private RootBeanDefinition createReflectionSaltSource(Element saltSourceTypeElement) {
-		RootBeanDefinition definition = new RootBeanDefinition(ReflectionSaltSource.class);
-		definition.getPropertyValues().addPropertyValue("userPropertyToUse",
-				saltSourceTypeElement.getAttribute("userPropertyToUse"));
-		return definition;
-	}
-
-	/**
-	 * 
-	 * @param saltSourceTypeElement
-	 * @return
-	 */
-	private RootBeanDefinition createSystemWideSaltSource(Element saltSourceTypeElement) {
-		RootBeanDefinition definition = new RootBeanDefinition(SystemWideSaltSource.class);
-		definition.getPropertyValues().addPropertyValue("systemWideSalt",
-				saltSourceTypeElement.getAttribute("systemWideSalt"));
-		return definition;
-	}
-
-	protected static RootBeanDefinition createBeanDefinitionWithDefaults() {
-		RootBeanDefinition repositoryBeanDef = new RootBeanDefinition(DaoAuthenticationProvider.class);
-		return repositoryBeanDef;
-	}
-
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthorizationManagerBeanDefinitionParser.java

@@ -1,84 +0,0 @@
-package org.acegisecurity.config;
-
-import org.acegisecurity.AccessDecisionManager;
-import org.acegisecurity.vote.AffirmativeBased;
-import org.acegisecurity.vote.AuthenticatedVoter;
-import org.acegisecurity.vote.ConsensusBased;
-import org.acegisecurity.vote.RoleVoter;
-import org.acegisecurity.vote.UnanimousBased;
-import org.springframework.beans.factory.support.AbstractBeanDefinition;
-import org.springframework.beans.factory.support.ManagedList;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
-import org.springframework.beans.factory.xml.BeanDefinitionParser;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.util.StringUtils;
-import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-public class AuthorizationManagerBeanDefinitionParser extends AbstractBeanDefinitionParser implements
-		BeanDefinitionParser {
-	// ~ static initializers
-	// ================================================================================================
-
-	public static final String ROLE_VOTER_ELE = "role-voter";
-
-	public static final String AUTHENTICATED_VOTER_ELE = "authenticated-voter";
-
-	public static final String STRATEGY_ATTRIBUTE = "strategy";
-
-	// ~ Method
-	// ================================================================================================
-
-	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
-		return createBeanDefinition(element, parserContext);
-	}
-
-	private RootBeanDefinition createBeanDefinition(Element element, ParserContext parserContext) {
-		ManagedList decisionVoters = new ManagedList();
-
-		Element roleVoterEle = DomUtils.getChildElementByTagName(element, ROLE_VOTER_ELE);
-		Element authVoterEle = DomUtils.getChildElementByTagName(element, AUTHENTICATED_VOTER_ELE);
-		
-		if(roleVoterEle!=null && roleVoterEle.getLocalName().equals(ROLE_VOTER_ELE)) {
-			decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
-		} 
-		if (authVoterEle!=null && authVoterEle.getLocalName().equals(AUTHENTICATED_VOTER_ELE)) {
-			decisionVoters.add(new RootBeanDefinition(AuthenticatedVoter.class));
-		}
-		
-		String strategy = element.getAttribute(STRATEGY_ATTRIBUTE);
-		if (StringUtils.hasLength(strategy)) {
-			if (strategy.equals("affirmative")) {
-				return createAccessDecisionManager(AffirmativeBased.class, decisionVoters);
-			}
-			else if (strategy.equals("consensus")) {
-				return createAccessDecisionManager(ConsensusBased.class, decisionVoters);
-			}
-			else if (strategy.equals("unanimous")) {
-				return createAccessDecisionManager(UnanimousBased.class, decisionVoters);
-			}
-		}
-		else {
-			return createAccessDecisionManagerAffirmativeBased();
-		}
-		return null;
-	}
-
-	protected static RootBeanDefinition createAccessDecisionManagerAffirmativeBased() {
-		ManagedList decisionVoters = new ManagedList();
-		decisionVoters.add(new RootBeanDefinition(AuthenticatedVoter.class));
-		decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
-		return createAccessDecisionManager(AffirmativeBased.class, decisionVoters);
-	}
-
-	protected static RootBeanDefinition createAccessDecisionManager(Class clazz, ManagedList decisionVoters) {
-		RootBeanDefinition accessDecisionManager = new RootBeanDefinition(clazz);
-		accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
-		accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
-		return accessDecisionManager;
-	}
-
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthorizationMethodBeanDefinitionParser.java

@@ -1,217 +0,0 @@
-package org.acegisecurity.config;
-
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.acegisecurity.annotation.SecurityAnnotationAttributes;
-import org.acegisecurity.intercept.method.MethodDefinitionAttributes;
-import org.acegisecurity.intercept.method.MethodDefinitionMap;
-import org.acegisecurity.intercept.method.MethodDefinitionSource;
-import org.acegisecurity.intercept.method.MethodDefinitionSourceMapping;
-import org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
-import org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor;
-import org.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor;
-import org.acegisecurity.runas.RunAsManagerImpl;
-import org.acegisecurity.util.BeanDefinitionParserUtils;
-import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
-import org.springframework.beans.factory.BeanDefinitionStoreException;
-import org.springframework.beans.factory.config.RuntimeBeanReference;
-import org.springframework.beans.factory.support.AbstractBeanDefinition;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
-import org.springframework.beans.factory.xml.BeanDefinitionParser;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.metadata.commons.CommonsAttributes;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
-
-/**
- * 
- * @author Vishal Puri
- * 
- */
-
-public class AuthorizationMethodBeanDefinitionParser extends AbstractBeanDefinitionParser implements
-		BeanDefinitionParser {
-	// ~ static initializers
-	// ================================================================================================
-
-	public static final String ASPECTJ_ATTRIBUTE = "aspectj";
-
-	public static final String SPRING_AOP_ATTRIBUTE = "springAop";
-
-	public static final String SOURCE_ATTRIBUTE = "source";
-
-	public static final String SOURCE_BEAN_REF = "sourceBeanId";
-
-	public static final String ATTRIBUTE = "attribute";
-
-	private static final String CONFIGURATION_ATTRIBUTE = "configuration-attribute";
-
-	private static final String TYPE_ATTRIBUTE = "type";
-
-	// ~ Method
-	// ================================================================================================
-
-	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
-		// <security:authorization-joinpoint aspectj="false|true"
-		// springAop="true|false">
-		// one attribute allowed, aspectj or springAop
-		Assert.isTrue(!(element.hasAttribute(SPRING_AOP_ATTRIBUTE) && element.hasAttribute(ASPECTJ_ATTRIBUTE)),
-				"only one attribute (springAop or aspectj) is allowed");
-
-		Element urlMappingEle = DomUtils.getChildElementByTagName(element, "url-mapping");
-
-		String sourceBeanId = urlMappingEle.getAttribute(SOURCE_BEAN_REF);
-		boolean isSourceBeanIdDefined = StringUtils.hasLength(sourceBeanId);
-
-		if (!isValidConfiguration(urlMappingEle, isSourceBeanIdDefined)) {
-			throw new IllegalArgumentException(
-					" 'custom' value provided by 'source' attribute need to be selected when referring to a bean by 'sourceBeanId' attribute ");
-		}
-
-		if ((element.hasAttribute(ASPECTJ_ATTRIBUTE)) && element.getAttribute(ASPECTJ_ATTRIBUTE).equals("true")) {
-			// create AspectJSecurityInterceptor
-			if (isSourceBeanIdDefined)
-				return createMethodSecurityInterceptor(AspectJSecurityInterceptor.class, new RuntimeBeanReference(
-						sourceBeanId));
-
-			return createMethodSecurityInterceptor(AspectJSecurityInterceptor.class, createObjectDefinitionSource(
-					parserContext, urlMappingEle));
-		}
-		else if ((element.hasAttribute(SPRING_AOP_ATTRIBUTE))
-				&& element.getAttribute(SPRING_AOP_ATTRIBUTE).equals("true")) {
-			// create MethodSecurityInterceptor and
-			// MethodDefinitionSourceAdvisor
-			if (isSourceBeanIdDefined)
-				return createMethodSecurityInterceptor(MethodSecurityInterceptor.class, new RuntimeBeanReference(
-						sourceBeanId));
-
-			return createMethodSecurityInterceptor(MethodSecurityInterceptor.class, createObjectDefinitionSource(
-					parserContext, urlMappingEle));
-		}
-		return null;
-	}
-
-	/**
-	 * @param parserContext
-	 * @param firstChild
-	 * @param sourceValue
-	 * @throws BeanDefinitionStoreException
-	 */
-	private MethodDefinitionSource createObjectDefinitionSource(ParserContext parserContext, Element element)
-			throws BeanDefinitionStoreException {
-		String sourceValue = element.getAttribute(SOURCE_ATTRIBUTE);
-		if (sourceValue.equals("xml")) {
-			// create MethodDefinitionSourceEditor
-			Element methodPattern = DomUtils.getChildElementByTagName(element, "method-pattern");
-			String methodToProtect = methodPattern.getAttribute(TYPE_ATTRIBUTE);
-
-			MethodDefinitionSourceMapping mapping = new MethodDefinitionSourceMapping();
-			MethodDefinitionMap source = new MethodDefinitionMap();
-			List<MethodDefinitionSourceMapping> mappings = new ArrayList<MethodDefinitionSourceMapping>();
-
-			mapping.setMethodName(methodToProtect);
-
-			List configAttributes = DomUtils.getChildElementsByTagName(methodPattern, CONFIGURATION_ATTRIBUTE);
-
-			for (Iterator iter = configAttributes.iterator(); iter.hasNext();) {
-				Element configAttribute = (Element) iter.next();
-				String configAttributeValue = configAttribute.getAttribute(ATTRIBUTE);
-				mapping.addConfigAttribute(configAttributeValue);
-			}
-			mappings.add(mapping);
-			source.setMappings(mappings);
-			return source;
-		}
-		else if (sourceValue.equals("annotations")) {
-			BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
-					DefaultAdvisorAutoProxyCreator.class));
-
-			MethodDefinitionAttributes source = new MethodDefinitionAttributes();
-			SecurityAnnotationAttributes attributes = new SecurityAnnotationAttributes();
-			source.setAttributes(attributes);
-			return source;
-		}
-		else if (sourceValue.equals("attributes")) {
-			// create CommonsAttributes
-			CommonsAttributes attributes = new CommonsAttributes();
-			// objectDefinitionSource and inject attributes
-			MethodDefinitionAttributes source = new MethodDefinitionAttributes();
-			source.setAttributes(attributes);
-
-			// register DefaultAdvisorAutoProxyCreator with parseContext
-			BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
-					DefaultAdvisorAutoProxyCreator.class));
-
-			// register MethodDefinitionSourceAdvisor autowire="constructor"
-			registerMethodDefinitionSourceAdvisor(parserContext);
-			return source;
-		}
-		return null;
-	}
-
-	/**
-	 * @param parserContext
-	 * @throws BeanDefinitionStoreException
-	 */
-	private void registerMethodDefinitionSourceAdvisor(ParserContext parserContext) throws BeanDefinitionStoreException {
-		RootBeanDefinition methodSecurityAdvisor = new RootBeanDefinition(MethodDefinitionSourceAdvisor.class);
-		methodSecurityAdvisor.setAutowireMode(AbstractBeanDefinition.AUTOWIRE_CONSTRUCTOR);
-		BeanDefinitionParserUtils.registerBeanDefinition(parserContext, methodSecurityAdvisor);
-	}
-
-	/**
-	 * Creates BeanDefinition for MethodSecurityInterceptor
-	 * MethodSecurityInterceptor autodetects 'authenticationManager' and
-	 * 'accessDecisionManager'
-	 * @param name
-	 * 
-	 * @return
-	 */
-	private RootBeanDefinition createMethodSecurityInterceptor(Class interceptorType, Object object) {
-		Assert.notNull(object, "objectDefinitionSource required");
-		RootBeanDefinition securityInterceptor = new RootBeanDefinition(interceptorType);
-		if (RuntimeBeanReference.class.isAssignableFrom(object.getClass())) {
-			RuntimeBeanReference source = (RuntimeBeanReference) object;
-			securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", source);
-		}
-		else if (MethodDefinitionSource.class.isAssignableFrom(object.getClass())) {
-			MethodDefinitionSource source = (MethodDefinitionSource) object;
-			securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", source);
-		}
-		securityInterceptor.getPropertyValues().addPropertyValue("validateConfigAttributes", Boolean.FALSE);
-		RootBeanDefinition runAsManager = createRunAsManager();
-		securityInterceptor.getPropertyValues().addPropertyValue("runAsManager", runAsManager);
-		return securityInterceptor;
-	}
-
-	private RootBeanDefinition createRunAsManager() {
-		RootBeanDefinition runAsManager = new RootBeanDefinition(RunAsManagerImpl.class);
-		runAsManager.getPropertyValues().addPropertyValue("key", "my_run_as_password");
-		return runAsManager;
-	}
-
-	/**
-	 * Checks if 'custom' option is picked for 'source' attribute when
-	 * 'sourceBeanId' attribute is provided.
-	 * <p>
-	 * The valid configuration example:<br/> &lt;security:url-mapping
-	 * source="custom" sourceBeanId="referenceToObjectDefinitionSource"/&gt;
-	 * </p>
-	 * @param urlMappingElement
-	 * @return boolean Returns 'true' if configuration is accepted otherwise
-	 * returns 'false'
-	 */
-	private boolean isValidConfiguration(Element urlMappingElement, boolean isRefDefined) {
-		Assert.notNull(urlMappingElement, "invalid tag - expected 'url-mapping' ");
-		Assert.isTrue(urlMappingElement.getLocalName().equals("url-mapping"), "invalid tag - expected 'url-mapping' ");
-		if (isRefDefined && (urlMappingElement.getAttribute(SOURCE_ATTRIBUTE).compareTo("custom") != 0)) {
-			return false;
-		}
-		return true;
-	}
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AutoConfigBeanDefinitionParser.java

@@ -1,243 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.acegisecurity.annotation.SecurityAnnotationAttributes;
-import org.acegisecurity.intercept.method.MethodDefinitionAttributes;
-import org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
-import org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor;
-import org.acegisecurity.intercept.web.FilterInvocationDefinitionDecorator;
-import org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceMapping;
-import org.acegisecurity.intercept.web.FilterSecurityInterceptor;
-import org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap;
-import org.acegisecurity.runas.RunAsManagerImpl;
-import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
-import org.acegisecurity.util.BeanDefinitionParserUtils;
-import org.acegisecurity.vote.AffirmativeBased;
-import org.acegisecurity.vote.AuthenticatedVoter;
-import org.acegisecurity.vote.RoleVoter;
-import org.acegisecurity.vote.UnanimousBased;
-import org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter;
-import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.support.ManagedList;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.BeanDefinitionParser;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
-
-/**
- * Parses 'autoconfig' tag and creates all the required
- * <code>BeanDefinition</code>s with their default configurations. It also
- * resolves their dependencies and wire them together.
- * 
- * @author Vishal Puri
- * 
- */
-public class AutoConfigBeanDefinitionParser implements BeanDefinitionParser {
-
-	// ~ instance fields
-	// ================================================================================================
-
-	private RootBeanDefinition authenticationManager;
-
-	private RootBeanDefinition rememberMeServices;
-
-	private ManagedList decisionVoters = new ManagedList();
-
-	// ~ Method
-	// ================================================================================================
-
-	public BeanDefinition parse(Element element, ParserContext parserContext) {
-		// authentication manager
-		this.authenticationManager = AuthenticationMechanismBeanDefinitionParser
-				.createAndRegisterBeanDefinitionWithDefaults(parserContext);
-		// remembermeServices
-		this.rememberMeServices = RememberMeServicesBeanDefinitionParser
-				.createAndRegisterBeanDefintionWithDefaults(parserContext);
-		// flters
-		createAndRegisterBeanDefinitionForHttpSessionContextIntegrationFilter(parserContext);
-		createAndRegisterBeanDefinitionForLogoutFilter(parserContext, rememberMeServices);
-		createAndRegisterBeanDefinitionForAuthenticationProcessingFilter(parserContext, authenticationManager,
-				rememberMeServices);
-		createAndRegisterBeanDefinitionForRememberMeProcessingFilter(parserContext, authenticationManager);
-		createAndRegisterBeanDefinitionForExceptionTranslationFilter(parserContext);
-		createAndRegisterBeanDefintionForSecurityContextHolderAwareRequestFilter(parserContext);
-
-		// method interceptor
-		createAndRegisterBeanDefinitinoForMethodDefinitionSourceAdvisor(parserContext, authenticationManager);
-		createAndRegisterDefaultAdvisorAutoProxyCreator(parserContext);
-
-		// filter security interceptor
-		createAndRegisterBeanDefinitionForFilterSecurityInterceptor(parserContext, authenticationManager);
-
-		// create userDetailsService
-		return null;
-	}
-
-	private void createAndRegisterBeanDefintionForSecurityContextHolderAwareRequestFilter(ParserContext parserContext) {
-		RootBeanDefinition beanDefinition = new RootBeanDefinition(SecurityContextHolderAwareRequestFilter.class);
-		BeanDefinitionParserUtils.registerBeanDefinition(parserContext, beanDefinition);
-	}
-
-	/**
-	 * Creates <code>FilterSecurityInterceptor</code> bean definition and
-	 * register it with the <code>ParserContext</code>
-	 * 
-	 * @param parserContext To register the bean definition with
-	 * @param authenticationManager The <code>AuthenticationManager</code> to
-	 * set as a property in the bean definition
-	 */
-	private void createAndRegisterBeanDefinitionForFilterSecurityInterceptor(ParserContext parserContext,
-			RootBeanDefinition authenticationManager) {
-		RootBeanDefinition filterInvocationInterceptor = new RootBeanDefinition(FilterSecurityInterceptor.class);
-		filterInvocationInterceptor.getPropertyValues()
-				.addPropertyValue("authenticationManager", authenticationManager);
-		RootBeanDefinition accessDecisionManager = createAccessDecisionManagerAffirmativeBased();
-		filterInvocationInterceptor.getPropertyValues()
-				.addPropertyValue("accessDecisionManager", accessDecisionManager);
-
-		FilterInvocationDefinitionDecorator source = new FilterInvocationDefinitionDecorator();
-		source.setDecorated(new PathBasedFilterInvocationDefinitionMap());
-
-		FilterInvocationDefinitionSourceMapping mapping = new FilterInvocationDefinitionSourceMapping();
-
-		String url1 = "/acegilogin.jsp";
-		String value1 = "IS_AUTHENTICATED_ANONYMOUSLY";
-
-		String url2 = "/**";
-		String value2 = "IS_AUTHENTICATED_REMEMBERED";
-
-		mapping.setUrl(url1);
-		mapping.addConfigAttribute(value1);
-
-		mapping.setUrl(url2);
-		mapping.addConfigAttribute(value2);
-
-		List mappings = new ArrayList();
-		mappings.add(mapping);
-		source.setMappings(mappings);
-		filterInvocationInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource",
-				source.getDecorated());
-		BeanDefinitionParserUtils.registerBeanDefinition(parserContext, filterInvocationInterceptor);
-	}
-
-	private RootBeanDefinition createAccessDecisionManagerAffirmativeBased() {
-		RootBeanDefinition accessDecisionManager = new RootBeanDefinition(AffirmativeBased.class);
-		accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
-		RootBeanDefinition authenticatedVoter = new RootBeanDefinition(AuthenticatedVoter.class);
-		this.decisionVoters.add(authenticatedVoter);
-		accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
-		return accessDecisionManager;
-	}
-
-	private void createAndRegisterDefaultAdvisorAutoProxyCreator(ParserContext parserContext) {
-		BeanDefinitionParserUtils.registerBeanDefinition(parserContext, new RootBeanDefinition(
-				DefaultAdvisorAutoProxyCreator.class));
-	}
-
-	private void createAndRegisterBeanDefinitinoForMethodDefinitionSourceAdvisor(ParserContext parserContext,
-			RootBeanDefinition authenticationManager) {
-		RootBeanDefinition methodSecurityAdvisor = new RootBeanDefinition(MethodDefinitionSourceAdvisor.class);
-
-		RootBeanDefinition securityInterceptor = createMethodSecurityInterceptor(authenticationManager);
-		methodSecurityAdvisor.getConstructorArgumentValues().addIndexedArgumentValue(0, securityInterceptor);
-		BeanDefinitionParserUtils.registerBeanDefinition(parserContext, methodSecurityAdvisor);
-
-	}
-
-	private RootBeanDefinition createAccessDecisionManagerUnanimousBased() {
-		RootBeanDefinition accessDecisionManager = new RootBeanDefinition(UnanimousBased.class);
-		accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
-		decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
-		accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
-		return accessDecisionManager;
-	}
-
-	private RootBeanDefinition createMethodSecurityInterceptor(RootBeanDefinition authenticationManager) {
-		RootBeanDefinition securityInterceptor = new RootBeanDefinition(MethodSecurityInterceptor.class);
-		securityInterceptor.getPropertyValues().addPropertyValue("authenticationManager", authenticationManager);
-		RootBeanDefinition accessDecisionManager = createAccessDecisionManagerUnanimousBased();
-		securityInterceptor.getPropertyValues().addPropertyValue("accessDecisionManager", accessDecisionManager);
-		securityInterceptor.getPropertyValues().addPropertyValue("validateConfigAttributes", Boolean.FALSE);
-		RootBeanDefinition runAsManager = createRunAsManager();
-		securityInterceptor.getPropertyValues().addPropertyValue("runAsManager", runAsManager);
-		RootBeanDefinition objectDefinitionSource = createMethodDefinitionAttributes();
-		securityInterceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", objectDefinitionSource);
-		return securityInterceptor;
-	}
-
-	private RootBeanDefinition createMethodDefinitionAttributes() {
-		RootBeanDefinition objectDefinitionSource = new RootBeanDefinition(MethodDefinitionAttributes.class);
-		RootBeanDefinition attributes = createSecurityAnnotationAttributes();
-		objectDefinitionSource.getPropertyValues().addPropertyValue("attributes", attributes);
-		return objectDefinitionSource;
-	}
-
-	private RootBeanDefinition createSecurityAnnotationAttributes() {
-		return new RootBeanDefinition(SecurityAnnotationAttributes.class);
-	}
-
-	private RootBeanDefinition createRunAsManager() {
-		RootBeanDefinition runAsManager = new RootBeanDefinition(RunAsManagerImpl.class);
-		runAsManager.getPropertyValues().addPropertyValue("key", "my_run_as_password");
-		return runAsManager;
-	}
-
-	private void createAndRegisterBeanDefinitionForExceptionTranslationFilter(ParserContext parserContext) {
-		BeanDefinitionParserUtils.registerBeanDefinition(parserContext, ExceptionTranslationFilterBeanDefinitionParser
-				.createBeanDefinitionWithDefaults());
-	}
-
-	private void createAndRegisterBeanDefinitionForRememberMeProcessingFilter(ParserContext parserContext,
-			RootBeanDefinition authenticationManager) {
-		BeanDefinitionParserUtils.registerBeanDefinition(parserContext, RememberMeFilterBeanDefinitionParser
-				.createBeanDefinitionWithDefaults(parserContext, authenticationManager));
-	}
-
-	private void createAndRegisterBeanDefinitionForAuthenticationProcessingFilter(ParserContext parserContext,
-			RootBeanDefinition authenticationManager, RootBeanDefinition rememberMeServices) {
-		RootBeanDefinition defintion = AuthenticationProcessingFilterBeanDefinitionParser
-				.createBeandefinitionWithDefaults(parserContext, authenticationManager, rememberMeServices);
-		BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
-	}
-
-	private void createAndRegisterBeanDefinitionForLogoutFilter(ParserContext parserContext,
-			RootBeanDefinition rememberMeServices) {
-		RootBeanDefinition defintion = LogoutFilterBeanDefinitionParser
-				.createBeanDefinitionWithDefaults(rememberMeServices);
-		BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
-	}
-
-	private void createAndRegisterBeanDefinitionForHttpSessionContextIntegrationFilter(ParserContext parserContext) {
-		RootBeanDefinition defintion = ContextIntegrationBeanDefinitionParser.createBeanDefinitionWithDefaults();
-		BeanDefinitionParserUtils.registerBeanDefinition(parserContext, defintion);
-		// retrieveBeanDefinition(parserContext, o)
-	}
-
-	/**
-	 * Returns a <code>BeanDefinition</code> of the specified type.
-	 * 
-	 * @param parserContext
-	 * @param type
-	 * @return
-	 */
-	private RootBeanDefinition retrieveBeanDefinition(ParserContext parserContext, Class type) {
-		String[] names = parserContext.getRegistry().getBeanDefinitionNames();
-		for (String name : names) {
-			BeanDefinition beanDefinition = parserContext.getRegistry().getBeanDefinition(name);
-			if (type.isInstance(beanDefinition)) {
-				return (RootBeanDefinition) beanDefinition;
-			}
-		}
-		return null;
-	}
-
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/ContextIntegrationBeanDefinitionParser.java

@@ -1,91 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.support.BeanDefinitionBuilder;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.core.Conventions;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-
-/**
- * 
- * @author vpuri
- * 
- */
-public class ContextIntegrationBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
-
-	// ~ Static fields/initializers
-	// =====================================================================================
-
-	private static final String HTTP_SESSION_CONTEXT_INTEGRATION = "session-context-integration";
-
-	private static final String SESSION_CREATION = "sessionCreation";
-
-	private static final String IF_REQUIRED = "ifRequired";
-
-	private static final String ALWAYS = "always";
-
-	private static final String NEVER = "never";
-
-	private static final String ALLOW_SESSION_CREATION = "allowSessionCreation";
-
-	// ~ Methods
-	// ========================================================================================================
-
-	protected Class getBeanClass(Element element) {
-		return HttpSessionContextIntegrationFilter.class;
-	}
-
-	protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
-
-		NamedNodeMap attributes = element.getAttributes();
-
-		for (int x = 0; x < attributes.getLength(); x++) {
-			Attr attribute = (Attr) attributes.item(x);
-			String attributeName = attribute.getLocalName();
-			if (!ID_ATTRIBUTE.equals(attributeName)) {
-				if (attributeName.equals(SESSION_CREATION)) {
-					String sessionCreation = element.getAttribute(SESSION_CREATION);
-					createBeanDefinition(builder, sessionCreation);
-				}
-				else {
-					String propertyName = Conventions.attributeNameToPropertyName(attributeName);
-					Assert
-							.state(StringUtils.hasText(propertyName),
-									"Illegal property name returned from 'extractPropertyName(String)': cannot be null or empty.");
-					builder.addPropertyValue(propertyName, attribute.getValue());
-				}
-			}
-		}
-	}
-
-	private void createBeanDefinition(BeanDefinitionBuilder builder, String attribute) {
-		if (attribute.equals(IF_REQUIRED)) {
-			builder.addPropertyValue(ALLOW_SESSION_CREATION, Boolean.TRUE);
-		}
-		else if (attribute.equals(ALWAYS)) {
-			builder.addPropertyValue(ALLOW_SESSION_CREATION, Boolean.TRUE);
-		}
-		else if (attribute.equals(NEVER)) {
-			builder.addPropertyValue(ALLOW_SESSION_CREATION, Boolean.FALSE);
-		}
-		else {
-			createBeanDefinitionWithDefaults();
-		}
-	}
-
-	protected static RootBeanDefinition createBeanDefinitionWithDefaults() {
-		RootBeanDefinition definition = new RootBeanDefinition(HttpSessionContextIntegrationFilter.class);
-		definition.getPropertyValues().addPropertyValue(ALLOW_SESSION_CREATION, Boolean.TRUE);
-		return definition;
-	}
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/ExceptionTranslationFilterBeanDefinitionParser.java

@@ -1,183 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import org.acegisecurity.ui.AccessDeniedHandlerImpl;
-import org.acegisecurity.ui.ExceptionTranslationFilter;
-import org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;
-import org.springframework.beans.factory.config.RuntimeBeanReference;
-import org.springframework.beans.factory.support.AbstractBeanDefinition;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.util.StringUtils;
-import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
-
-/**
- * <p>
- * This class parses the <security:exception-translation /> tag and creates the
- * bean defintion for <code>ExceptionTranslationFilter</code>.</br> The
- * '&lt;security:access-denied .. /&gt;' tag is optional and if not specified
- * <code>ExceptionTranslationFilter</code> <br/> will autodetect the instance
- * of <code>AccessDeniedHandler</code>; alternately if there are > 1 such
- * handlers, <br/>we can nominate the one to use via 'accessDeniedBeanRef'.
- * </p>
- * 
- * <p>
- * The 'entryPointBeanRef' and 'accessDeniedBeanRef' can be specified as
- * attributes or inner bean definitions. <br/> See following sample showing both
- * ways.
- * </p>
- * 
- * <p>
- * Sample: <d1>
- * <dt> &lt;security:exception-translation id="exceptionTranslationFilter"&gt;
- * </dt>
- * <dd> &lt;security:entry-point
- * entryPointBeanRef="authenticationProcessingFilterEntryPoint" /&gt; </dd>
- * <dd> &lt;security:access-denied accessDeniedBeanRef="theBeanToUse" /&gt;
- * </dd>
- * <dt>&lt;/security:exception-translation&gt;</dt>
- * </d1> or <d1>
- * <dt> &lt;security:exception-translation id="exceptionTranslationFilter"
- * entryPointBeanRef="ref" accessDeniedBeanRef="ref" /&gt;</dt>
- * </d1>
- * </p>
- * 
- * @author Vishal Puri
- * @version
- * @see {@link org.acegisecurity.ui.ExceptionTranslationFilter}
- * @see {@link org.acegisecurity.ui.AccessDeniedHandler}
- */
-public class ExceptionTranslationFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
-
-	// ~ Static fields
-	// =====================================================================================
-
-	private static final String ACCESS_DENIED = "access-denied";
-
-	private static final String ACCESS_DENIED_REF = "accessDeniedBeanRef";
-
-	private static final String ACCESS_DENIED_URL = "accessDeniedUrl";
-
-	private static final String ENTRY_POINT = "entry-point";
-
-	private static final String ENTRY_POINT_REF = "entryPointBeanRef";
-
-	private static final String LOGIN_FORM_URL = "loginFormUrl";
-
-	private static final String LOGIN_FORM_URL_VALUE = "/acegilogin.jsp";
-
-	// ~ Method
-	// ================================================================================================
-
-	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
-
-		RootBeanDefinition exceptionFilterDef = new RootBeanDefinition(ExceptionTranslationFilter.class);
-
-		// add handler
-		Element accessDeniedElement = DomUtils.getChildElementByTagName(element, ACCESS_DENIED);
-		setAccessDeniedHandlerProperty(parserContext, exceptionFilterDef, accessDeniedElement);
-
-		Element entryPointElement = DomUtils.getChildElementByTagName(element, ENTRY_POINT);
-		setEntryPointProperty(exceptionFilterDef, entryPointElement);
-
-		return exceptionFilterDef;
-	}
-
-	private void setEntryPointProperty(RootBeanDefinition exceptionFilterDef, Element entryPointElement) {
-		if (entryPointElement != null) {
-			setBeanReferenceOrInnerBeanDefinitions(exceptionFilterDef, entryPointElement, "authenticationEntryPoint",
-					entryPointElement.getAttribute(ENTRY_POINT_REF));
-		}
-	}
-
-	/**
-	 * Resolves are reference to 'accessDeniedHandler' property.
-	 * @param parserContext
-	 * @param exceptionFilterDef The ExceptionFilter BeanDefinition
-	 * @param accessDeniedElement The inner tag for accessDeniedHandler
-	 * property.
-	 */
-	private void setAccessDeniedHandlerProperty(ParserContext parserContext, RootBeanDefinition exceptionFilterDef,
-			Element accessDeniedElement) {
-		if (accessDeniedElement != null) {
-			setBeanReferenceOrInnerBeanDefinitions(exceptionFilterDef, accessDeniedElement, "accessDeniedHandler",
-					accessDeniedElement.getAttribute(ACCESS_DENIED_REF));
-		}
-	}
-
-	/**
-	 * Add property if it's specified as an attribute or inner tag.
-	 * 
-	 * @param exceptionFilterDef The ExceptionFilter BeanDefinition
-	 * @param element The inner bean element
-	 * @param property The property to add
-	 * @param beanRef The bean reference to resolve.
-	 */
-	private void setBeanReferenceOrInnerBeanDefinitions(RootBeanDefinition exceptionFilterDef, Element element,
-			String property, String beanRef) {
-		// check for encoderBeanRef attribute
-		if (StringUtils.hasLength(beanRef)) {
-			exceptionFilterDef.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(beanRef));
-		}
-		else {
-			doSetInnerBeanDefinitions(exceptionFilterDef, element, property);
-		}
-	}
-
-	/**
-	 * Add property specified as an inner bean definition.
-	 * @param exceptionFilterDef The ExceptionFilter BeanDefinition
-	 * @param element The inner bean element
-	 * @param property The property to add
-	 */
-	private void doSetInnerBeanDefinitions(RootBeanDefinition exceptionFilterDef, Element accessDeniedElement,
-			String property) {
-		RootBeanDefinition accessDeniedHandlerBeanDef = new RootBeanDefinition(AccessDeniedHandlerImpl.class);
-		setPropertyIfAvailable(accessDeniedElement, ACCESS_DENIED_URL, "errorPage", accessDeniedHandlerBeanDef);
-		exceptionFilterDef.getPropertyValues().addPropertyValue(property, accessDeniedHandlerBeanDef);
-
-	}
-
-	/**
-	 * @param element
-	 * @param attribute
-	 * @param property
-	 * @param definition
-	 */
-	private void setPropertyIfAvailable(Element element, String attribute, String property,
-			RootBeanDefinition definition) {
-		String propertyValue = element.getAttribute(attribute);
-		if (StringUtils.hasText(propertyValue)) {
-			definition.getPropertyValues().addPropertyValue(property, propertyValue);
-		}
-	}
-
-	/**
-	 * Creates <code>BeanDefintion</code> for
-	 * <code>ExceptionTranslationFilter</code> with it's default properties.
-	 * @return beanDefinition The bean defintion configured with default
-	 * properties
-	 */
-	protected static RootBeanDefinition createBeanDefinitionWithDefaults() {
-		RootBeanDefinition beanDefinition = new RootBeanDefinition(ExceptionTranslationFilter.class);
-		beanDefinition.getPropertyValues().addPropertyValue("authenticationEntryPoint",
-				createBeanDefintionForAuthenticationProcessingFilterEntryPoint());
-		return beanDefinition;
-	}
-
-	/**
-	 * Creates <code>BeanDefintion</code> for
-	 * <code>AuthenticationProcessingFilterEntryPoint</code> with it's default
-	 * properties.
-	 * @return beanDefinition The bean defintion configured with default
-	 */
-	protected static RootBeanDefinition createBeanDefintionForAuthenticationProcessingFilterEntryPoint() {
-		RootBeanDefinition beanDefinition = new RootBeanDefinition(AuthenticationProcessingFilterEntryPoint.class);
-		beanDefinition.getPropertyValues().addPropertyValue(LOGIN_FORM_URL, LOGIN_FORM_URL_VALUE);
-		return beanDefinition;
-	}
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/FilterSecurityInterceptorBeanDefinitionParser.java

@@ -1,163 +0,0 @@
-package org.acegisecurity.config;
-
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.acegisecurity.AccessDecisionManager;
-import org.acegisecurity.intercept.web.FilterInvocationDefinitionDecorator;
-import org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceMapping;
-import org.acegisecurity.intercept.web.FilterSecurityInterceptor;
-import org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap;
-import org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap;
-import org.acegisecurity.util.BeanDefinitionParserUtils;
-import org.springframework.beans.factory.support.AbstractBeanDefinition;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.util.Assert;
-import org.springframework.util.xml.DomUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-
-/**
- * @author Vishal Puri
- * 
- */
-public class FilterSecurityInterceptorBeanDefinitionParser extends AbstractBeanDefinitionParser {
-	// ~ static initializers
-	// ================================================================================================
-
-	private static final String OBJECT_DEFINITION_SOURCE_PROPERTY = "objectDefinitionSource";
-
-	private static final String OBJECT_DEFINITION_SOURCE_REF_ATTRIBUTE = "sourceBeanId";
-
-	private static final String PATH_ATTRIBUTE = "path";
-
-	private static final String REG_EX_ATTRIBUTE = "regularExpression";
-
-	private static final String CONFIGURATION_ATTRIB_ATTRIBUTE = "attribute";
-
-	// ~ Methods
-	// ================================================================================================
-
-	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
-		return createBeanDefinitionForFilterSecurityInterceptor(element, parserContext);
-	}
-
-	protected static RootBeanDefinition createBeanDefinitionForFilterSecurityInterceptor(Element element,
-			ParserContext parserContext) {
-		RootBeanDefinition filterInvocationInterceptor = new RootBeanDefinition(FilterSecurityInterceptor.class);
-
-		RootBeanDefinition accessDecisionManager = AuthorizationManagerBeanDefinitionParser
-				.createAccessDecisionManagerAffirmativeBased();
-		filterInvocationInterceptor.getPropertyValues()
-				.addPropertyValue("accessDecisionManager", accessDecisionManager);
-
-		FilterInvocationDefinitionDecorator source = new FilterInvocationDefinitionDecorator();
-		FilterInvocationDefinitionSourceMapping mapping = new FilterInvocationDefinitionSourceMapping();
-		List<FilterInvocationDefinitionSourceMapping> mappings = new ArrayList<FilterInvocationDefinitionSourceMapping>();
-
-		Element firstChild = DomUtils.getChildElementByTagName(element, "url-mapping");
-		// if 'url-mapping' element is defined
-		if (firstChild != null) {
-
-			if (BeanDefinitionParserUtils.setPropertyIfAvailable(firstChild, OBJECT_DEFINITION_SOURCE_REF_ATTRIBUTE,
-					OBJECT_DEFINITION_SOURCE_PROPERTY, true/* RuntimeBeanReference */, filterInvocationInterceptor)) {
-				return filterInvocationInterceptor;
-			}
-
-			// get 'uri-pattern' or 'path' attribute. not both can be specified
-			// together
-			List uriPatternElements = DomUtils.getChildElementsByTagName(firstChild, "uri-pattern");
-			boolean patternToMatchCreated = false;
-
-			Node patternAttribute = null;
-
-			String url = "";
-
-			boolean isPathFound = false;
-			for (Iterator it = uriPatternElements.iterator(); it.hasNext();) {
-				Element uriPattern = (Element) it.next();
-
-				/* path or pattern - only one attribute is allowed */
-				NamedNodeMap map = uriPattern.getAttributes();
-
-				Assert.isTrue(map.getLength() == 1,
-						"only 'path' or 'regularExperssion' attribute allowed with 'uri-pattern' tag");
-
-				// check if typecreated variable is false then create a type and
-				// store it somewhere and set typecreated variable to true
-				if (!patternToMatchCreated) {
-					// should only be one attribute "path" or
-					// "regularExpression"
-					patternAttribute = map.item(0);
-					// set this variable to true
-					patternToMatchCreated = true;
-					// get the attributes and set the decoratd type
-					// appropriately
-					if (uriPattern.hasAttribute(PATH_ATTRIBUTE)) {
-						isPathFound = true;
-						url = uriPattern.getAttribute(PATH_ATTRIBUTE);
-						source.setDecorated(new PathBasedFilterInvocationDefinitionMap());
-					}
-					else if (uriPattern.hasAttribute(REG_EX_ATTRIBUTE)) {
-						url = uriPattern.getAttribute(REG_EX_ATTRIBUTE);
-						source.setDecorated(new RegExpBasedFilterInvocationDefinitionMap());
-					}
-				}
-				else {
-					// type created already so check if it matches with the
-					// current element
-					// if it matches get the one attribute "path" or
-					// "regularExpression" and apply as property
-					uriPattern.getAttribute(patternAttribute.getLocalName());
-					Assert
-							.hasLength(uriPattern.getAttribute(patternAttribute.getLocalName()),
-									" ALL uri-pattern tags in the url-mapping must be of the same  type (ie cannot mix a regular expression and Ant Path)");
-
-					if (isPathFound) {
-						url = uriPattern.getAttribute(PATH_ATTRIBUTE);
-					}
-					else {
-						url = uriPattern.getAttribute(REG_EX_ATTRIBUTE);
-					}
-
-				}
-				mapping.setUrl(url);
-				// get child elements 'configuration-attribute'
-				List configAttributes = DomUtils.getChildElementsByTagName(uriPattern, "configuration-attribute");
-
-				for (Iterator iter = configAttributes.iterator(); iter.hasNext();) {
-					Element configAttribute = (Element) iter.next();
-					String configAttributeValue = configAttribute.getAttribute(CONFIGURATION_ATTRIB_ATTRIBUTE);
-					mapping.addConfigAttribute(configAttributeValue);
-				}
-
-			}
-
-		}
-		// default properties
-		else {
-			String url1 = "/acegilogin.jsp";
-			String value1 = "IS_AUTHENTICATED_ANONYMOUSLY";
-
-			String url2 = "/**";
-			String value2 = "IS_AUTHENTICATED_REMEMBERED";
-
-			mapping.setUrl(url1);
-			mapping.addConfigAttribute(value1);
-
-			mapping.setUrl(url2);
-			mapping.addConfigAttribute(value2);
-		}
-
-		mappings.add(mapping);
-		source.setMappings(mappings);
-		filterInvocationInterceptor.getPropertyValues().addPropertyValue(OBJECT_DEFINITION_SOURCE_PROPERTY,
-				source.getDecorated());
-		return filterInvocationInterceptor;
-	}
-
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/LogoutFilterBeanDefinitionParser.java

@@ -1,108 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import org.acegisecurity.ui.logout.LogoutFilter;
-import org.acegisecurity.ui.logout.SecurityContextLogoutHandler;
-import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.support.AbstractBeanDefinition;
-import org.springframework.beans.factory.support.ManagedList;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
-
-/**
- * @author vpuri
- * @since
- */
-public class LogoutFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
-
-	// ~ Instance fields
-	// ================================================================================================
-	private static final String REDIRECT_AFTER_LOGOUT_URL = "redirectAfterLogoutUrl";
-
-	private static final String LOGOUT_URL = "logoutUrl";
-
-	private static final String REDIRECT_AFTER_LOGOUT_URL_VALUE = "/";
-
-	// ~ Methods
-	// ================================================================================================
-
-	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
-
-		// add the properties
-		RootBeanDefinition definition = new RootBeanDefinition(LogoutFilter.class);
-		doCreateBeanDefinition(definition, element, parserContext, false);
-		return definition;
-	}
-
-	/**
-	 * 
-	 * @param definition
-	 * @param element
-	 * @param parserContext
-	 * @param isAutoconfig
-	 * @see {@link AutoConfigBeanDefinitionParser}
-	 */
-	private void doCreateBeanDefinition(RootBeanDefinition definition, Element element, ParserContext parserContext,
-			boolean isAutoconfig) {
-
-		setConstructorArgumentIfAvailable(0, element, REDIRECT_AFTER_LOGOUT_URL, "logoutSuccessUrl", definition);
-		setPropertyIfAvailable(element, LOGOUT_URL, "filterProcessesUrl", definition);
-		/* TODO: Move this logic to LogoutFilter itlself */
-		// register BFPP to check if LogoutFilter does not have setHandlers
-		// populated, introspect app ctx for LogoutHandlers, using Ordered
-		// (if
-		// present, otherwise assume Integer.MAX_VALUE)
-		RootBeanDefinition bfpp = new RootBeanDefinition(LogoutHandlerOrderResolver.class);
-		parserContext.getReaderContext().registerWithGeneratedName(bfpp);
-
-	}
-
-	private void setConstructorArgumentIfAvailable(int index, Element element, String attribute, String property,
-			RootBeanDefinition definition) {
-		String propertyValue = element.getAttribute(attribute);
-		if (StringUtils.hasText(propertyValue)) {
-			addConstructorArgument(index, definition, propertyValue);
-		}
-	}
-
-	private void addConstructorArgument(int index, RootBeanDefinition definition, String propertyValue) {
-		definition.getConstructorArgumentValues().addIndexedArgumentValue(index, propertyValue);
-	}
-
-	private void setPropertyIfAvailable(Element element, String attribute, String property,
-			RootBeanDefinition definition) {
-		String propertyValue = element.getAttribute(attribute);
-		if (StringUtils.hasText(propertyValue)) {
-			definition.getPropertyValues().addPropertyValue(property, propertyValue);
-		}
-	}
-
-	/**
-	 * Creates <code>BeanDefintion</code> as required by 'autoconfig' tag
-	 * 
-	 * @param definition The BeanDefinition for Logoutfilter
-	 * @param element
-	 * @param parserContext
-	 * @param isAutoconfig
-	 * @return definition
-	 */
-	protected static RootBeanDefinition createBeanDefinitionWithDefaults(RootBeanDefinition rememberMeServices) {
-		RootBeanDefinition definition = new RootBeanDefinition(LogoutFilter.class);
-		definition.getConstructorArgumentValues().addIndexedArgumentValue(0, REDIRECT_AFTER_LOGOUT_URL_VALUE);
-		// create BeanDefinitions for LogoutHandlers
-		// (TokenBasedRememberMeServices) and (SecuritycontextLogoutHandler)
-		ManagedList handlers = new ManagedList();
-		//RootBeanDefinition rememberMeServices = RememberMeServicesBeanDefinitionParser.doCreateBeanDefintionWithDefaults();
-		handlers.add(rememberMeServices);
-		handlers.add(new RootBeanDefinition(SecurityContextLogoutHandler.class));
-		definition.getConstructorArgumentValues().addIndexedArgumentValue(1, handlers);
-		return definition;
-	}
-
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/LogoutHandlerOrderResolver.java

@@ -1,95 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import java.util.Collections;
-import java.util.List;
-
-import org.acegisecurity.ui.logout.LogoutFilter;
-import org.acegisecurity.ui.logout.LogoutHandler;
-import org.acegisecurity.ui.logout.SecurityContextLogoutHandler;
-import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
-import org.springframework.beans.BeansException;
-import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
-import org.springframework.beans.factory.support.ManagedList;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.core.OrderComparator;
-import org.springframework.core.Ordered;
-
-/**
- * @author vpuri
- * @since
- */
-public class LogoutHandlerOrderResolver implements BeanFactoryPostProcessor {
-
-	// ~ Methods
-	// ================================================================================================
-
-	public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
-		// If LogoutFilter does not have setHandlers populated, introspect app
-		// ctx for LogoutHandlers, using Ordered (if present, otherwise assume
-		// Integer.MAX_VALUE)
-		String[] names = beanFactory.getBeanNamesForType(LogoutFilter.class);
-		RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[0]);
-		ValueHolder holder = getHandlersIfConfigured(beanFactory, definition);
-		if (holder == null) {
-			// intropect the appcontext for registerd LogoutHandler
-			List logoutHandlers = retrieveAllLogoutHandlers(beanFactory);
-			definition.getConstructorArgumentValues().addIndexedArgumentValue(1, logoutHandlers);
-		}
-	}
-
-	/**
-	 * 
-	 * @param beanFactory
-	 * @param definition
-	 * @return
-	 */
-	private ValueHolder getHandlersIfConfigured(ConfigurableListableBeanFactory beanFactory,
-			RootBeanDefinition definition) {
-		// there should be only one LogoutFilter
-		return definition.getConstructorArgumentValues().getArgumentValue(1, null);
-
-	}
-
-	/**
-	 * 
-	 * @param beanFactory
-	 * @return
-	 */
-	private List retrieveAllLogoutHandlers(ConfigurableListableBeanFactory beanFactory) {
-		String[] names = beanFactory.getBeanNamesForType(LogoutHandler.class);
-		ManagedList list = new ManagedList();
-
-		for (int i = 0, n = names.length; i < n; i++) {
-			RootBeanDefinition definition = (RootBeanDefinition) beanFactory.getBeanDefinition(names[i]);
-
-			if (definition.hasBeanClass()) {
-				if (Ordered.class.isAssignableFrom(definition.getBeanClass())) {
-					definition.getPropertyValues().addPropertyValue("order",
-							Integer.valueOf(getOrder(definition.getBeanClass())));
-				}
-				else {
-					definition.getPropertyValues().addPropertyValue("order", Integer.valueOf(Integer.MAX_VALUE));
-				}
-			}
-			list.add(definition);
-		}
-		Collections.sort(list, new OrderComparator());
-		return list;
-	}
-
-	private int getOrder(Class clazz) {
-		if (clazz.getName().equals(TokenBasedRememberMeServices.class.getName())) {
-			return 100;
-		}
-		if (clazz.getName().equals(SecurityContextLogoutHandler.class.getName())) {
-			return 200;
-		}
-		return Integer.MAX_VALUE;
-	}
-
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/PrincipalRepositoryBeanDefinitionParser.java

@@ -1,247 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.userdetails.User;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.jdbc.JdbcDaoImpl;
-import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
-import org.acegisecurity.userdetails.memory.UserAttribute;
-import org.acegisecurity.userdetails.memory.UserMap;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.beans.factory.config.PropertiesFactoryBean;
-import org.springframework.beans.factory.config.RuntimeBeanReference;
-import org.springframework.beans.factory.support.AbstractBeanDefinition;
-import org.springframework.beans.factory.support.BeanDefinitionBuilder;
-import org.springframework.beans.factory.support.ManagedList;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
-import org.springframework.beans.factory.xml.BeanDefinitionParser;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * @author vpuri
- * 
- */
-public class PrincipalRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser implements
-		BeanDefinitionParser {
-
-	// ~ Static fields/initializers
-	// =====================================================================================
-
-	private static final Log logger = LogFactory.getLog(PrincipalRepositoryBeanDefinitionParser.class);
-
-	// ~ Instance fields
-	// ================================================================================================
-	private static final String JDBC = "jdbc";
-
-	private static final String DATASOURCE_REF = "dataSourceBeanRef";
-
-	private static final String DATASOURCE = "dataSource";
-
-	private static final String JDBCTEMPLATE_REF = "jdbcTemplateBeanRef";
-
-	private static final String JDBCTEMPLATE = "jdbcTemplate";
-
-	private static final String AUTHORITIES_BY_USERNAME_QUERY = "authoritiesByUsernameQuery";
-
-	private static final String ROLE_PREFIX = "rolePrefix";
-
-	private static final String USERNAME_BASED_PRIMARY_KEY = "usernameBasedPrimaryKey";
-
-	private static final String PROPERTIES = "properties";
-
-	private static final String RESOURCE = "resource";
-
-	private static final String USER_PROPERTIES = "userProperties";
-
-	private static final String USER_DEFINITION = "user-definition";
-
-	private static final Object GRANTED_AUTHORITY = "granted-authority";
-
-	private static final String USERNAME = "username";
-
-	private static final String PASSWORD = "password";
-
-	private static final String ENABLED = "enabled";
-
-	private static final String GRANTED_AUTHORITY_REF = "granted-authority-ref";
-
-	private static final String AUTHORITY = "authority";
-
-	private static final String AUTHORITY_BEAN_REF = "authorityBeanRef";
-
-	// ~ Method
-	// ================================================================================================
-	/**
-	 * 
-	 */
-
-	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
-		NodeList userDetailsServiceChildren = element.getChildNodes();
-		RootBeanDefinition userDetailsServiceDefinition = null;
-		for (int i = 0, n = userDetailsServiceChildren.getLength(); i < n; i++) {
-			Node userDetailsService = userDetailsServiceChildren.item(i);
-
-			if (JDBC.equals(userDetailsService.getLocalName()) && userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
-				Element ele = (Element) userDetailsService;
-				userDetailsServiceDefinition = parseUserDetailsServiceJdbcDefinition(ele);
-				userDetailsServiceDefinition.setSource(parserContext.extractSource(element));
-			}
-			if (PROPERTIES.equals(userDetailsService.getLocalName())
-					&& userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
-				Element ele = (Element) userDetailsService;
-
-				userDetailsServiceDefinition = new RootBeanDefinition(InMemoryDaoImpl.class);
-				userDetailsServiceDefinition.getPropertyValues().addPropertyValue(USER_PROPERTIES,
-						new RuntimeBeanReference(createPropertiesBeanDefinition(ele, parserContext)));
-				userDetailsServiceDefinition.setSource(parserContext.extractSource(element));
-			}
-			if (USER_DEFINITION.equals(userDetailsService.getLocalName())
-					&& userDetailsService.getNodeType() == Node.ELEMENT_NODE) {
-				Element ele = (Element) userDetailsService;
-
-				// create a UserMap which interns uses UserMapEditor
-				userDetailsServiceDefinition = createUserDefinition(ele, parserContext);
-			}
-		}
-		return userDetailsServiceDefinition;
-	}
-
-	private RootBeanDefinition createUserDefinition(Element ele, ParserContext parserContext) {
-		RootBeanDefinition definition = new RootBeanDefinition(InMemoryDaoImpl.class);
-
-		UserAttribute userAttribute = new UserAttribute();
-		UserMap userMap = new UserMap();
-
-		setPassword(ele, userAttribute);
-		setEnabled(ele, userAttribute);
-		setAuthorities(ele, userAttribute);
-
-		UserDetails user = new User(ele.getAttribute(USERNAME), userAttribute.getPassword(), userAttribute.isEnabled(),
-				true, true, true, userAttribute.getAuthorities());
-		userMap.addUser(user);
-		definition.getPropertyValues().addPropertyValue("userMap", userMap);
-		return definition;
-	}
-
-	private String createPropertiesBeanDefinition(Element ele, ParserContext parserContext) {
-		// properties element
-		RootBeanDefinition defintion = new RootBeanDefinition(PropertiesFactoryBean.class);
-		String propertyValue = ele.getAttribute(RESOURCE);
-		defintion.getPropertyValues().addPropertyValue("location", propertyValue);
-		defintion.setSource(parserContext.extractSource(ele));
-		return parserContext.getReaderContext().registerWithGeneratedName(defintion);
-	}
-	
-	protected static RootBeanDefinition createSampleUsersUsingProperties() {
-		// properties element
-		RootBeanDefinition defintion = new RootBeanDefinition(PropertiesFactoryBean.class);
-		String location = "classpath:org/acegisecurity/config/user.properties";
-		defintion.getPropertyValues().addPropertyValue("location", location);
-		return defintion;
-	}
-	
-
-	/**
-	 * 
-	 * @param elementToParse
-	 * @return
-	 */
-	private RootBeanDefinition parseUserDetailsServiceJdbcDefinition(Element elementToParse) {
-		// parse attributes
-		RootBeanDefinition definition = new RootBeanDefinition(JdbcDaoImpl.class);
-		setPropertyIfAvailable(elementToParse, DATASOURCE_REF, DATASOURCE, definition);
-		setPropertyIfAvailable(elementToParse, JDBCTEMPLATE_REF, JDBCTEMPLATE, definition);
-		setPropertyIfAvailable(elementToParse, AUTHORITIES_BY_USERNAME_QUERY, AUTHORITIES_BY_USERNAME_QUERY, definition);
-		setPropertyIfAvailable(elementToParse, ROLE_PREFIX, ROLE_PREFIX, definition);
-		setPropertyIfAvailable(elementToParse, USERNAME_BASED_PRIMARY_KEY, USERNAME_BASED_PRIMARY_KEY, definition);
-		return definition;
-	}
-
-	protected void doParseProperties(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
-		Properties parsedProps = parserContext.getDelegate().parsePropsElement(element);
-		builder.addPropertyValue(PROPERTIES, parsedProps);
-	}
-
-	/**
-	 * 
-	 * @param element
-	 * @param attribute
-	 * @param property
-	 * @param definition
-	 */
-	private void setPropertyIfAvailable(Element element, String attribute, String property,
-			RootBeanDefinition definition) {
-		String propertyValue = element.getAttribute(attribute);
-		if (StringUtils.hasText(propertyValue)) {
-			if (propertyValue.equals(DATASOURCE_REF) || propertyValue.equals(JDBCTEMPLATE_REF)) {
-				definition.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(propertyValue));
-			}
-			else {
-				definition.getPropertyValues().addPropertyValue(property, propertyValue);
-			}
-		}
-	}
-
-	private void setPassword(Element element, UserAttribute userAttribute) {
-		String propertyValue = element.getAttribute(PASSWORD);
-		if (StringUtils.hasText(propertyValue)) {
-			userAttribute.setPassword(propertyValue);
-		}
-	}
-
-	private void setEnabled(Element element, UserAttribute userAttribute) {
-		String propertyValue = element.getAttribute(ENABLED);
-		if (StringUtils.hasText(propertyValue)) {
-			if (propertyValue.equals("true")) {
-				userAttribute.setEnabled(true);
-			}
-			else {
-				userAttribute.setEnabled(false);
-			}
-		}
-	}
-
-	private void setAuthorities(Element ele, UserAttribute userAttribute) {
-		// get authorities
-		NodeList childNodes = ele.getChildNodes();
-
-		ManagedList authorities = new ManagedList();
-
-		for (int i = 0, n = childNodes.getLength(); i < n; i++) {
-			Node authorityNode = childNodes.item(i);
-
-			if (GRANTED_AUTHORITY.equals(authorityNode.getLocalName())
-					&& authorityNode.getNodeType() == Element.ELEMENT_NODE) {
-				Element propertyValue = (Element) authorityNode;
-				authorities.add(new GrantedAuthorityImpl(propertyValue.getAttribute(AUTHORITY)));
-			}
-
-			if (GRANTED_AUTHORITY_REF.equals(authorityNode.getLocalName())
-					&& authorityNode.getNodeType() == Element.ELEMENT_NODE) {
-				Element propertyValue = (Element) authorityNode;
-				String attribute = propertyValue.getAttribute(AUTHORITY_BEAN_REF);
-				if (StringUtils.hasLength(attribute)) {
-					authorities.add(new RuntimeBeanReference(attribute));
-				}
-			}
-		}
-		userAttribute.setAuthorities(authorities);
-	}
-
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/RememberMeFilterBeanDefinitionParser.java

@@ -1,46 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
-import org.springframework.beans.factory.config.RuntimeBeanReference;
-import org.springframework.beans.factory.support.AbstractBeanDefinition;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
-
-/**
- * @author vpuri
- *
- *@since
- */
-public class RememberMeFilterBeanDefinitionParser extends AbstractBeanDefinitionParser  {
-
-	private static final String REMEMBER_ME_SERVICES_REF = "rememberMeServicesBeanRef";
-	
-	private static final String REMEMBER_ME_SERVICES = "rememberMeServices";
-
-	
-	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
-		Assert.notNull(parserContext, "ParserContext must not be null");
-		
-		RootBeanDefinition rememberMeFilterBeanDef = new RootBeanDefinition(RememberMeProcessingFilter.class);
-		// check if rememberMeServicesBeanRef is defined and if it's specified use its referred bean
-		String rememberMeServicesRef = element.getAttribute(REMEMBER_ME_SERVICES_REF);
-		if (StringUtils.hasLength(rememberMeServicesRef)) {
-			rememberMeFilterBeanDef.getPropertyValues().addPropertyValue(REMEMBER_ME_SERVICES,
-					new RuntimeBeanReference(rememberMeServicesRef));
-		} 
-		return rememberMeFilterBeanDef;
-	}
-	
-	protected static RootBeanDefinition createBeanDefinitionWithDefaults(ParserContext parserContext, RootBeanDefinition authenticationManager) {
-		RootBeanDefinition definition= new RootBeanDefinition(RememberMeProcessingFilter.class);
-		definition.getPropertyValues().addPropertyValue("authenticationManager",authenticationManager);
-		return definition;
-	}
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/RememberMeServicesBeanDefinitionParser.java

@@ -1,82 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
-import org.springframework.beans.factory.config.RuntimeBeanReference;
-import org.springframework.beans.factory.support.AbstractBeanDefinition;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
-import org.springframework.beans.factory.xml.BeanDefinitionParser;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
-
-/**
- * Parses
- * @author vpuri
- * 
- */
-public class RememberMeServicesBeanDefinitionParser extends AbstractBeanDefinitionParser implements
-		BeanDefinitionParser {
-
-	private static final String PRINCIPAL_REPOSITORY_BEAN_REF = "principalRepositoryBeanRef";
-
-	private static final String USER_DETAILS_SERVICE_PROPERTY = "userDetailsService";
-
-	/*
-	 * key is optional; if unspecified, pick a rnd int and use for all
-	 * unspecified key properties for acegi beans
-	 */
-	private static final String KEY = "key";
-
-	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
-		RootBeanDefinition rememberMeServicesBeanDef = createBeanDefinition(element, parserContext);
-		return rememberMeServicesBeanDef;
-	}
-
-	private  RootBeanDefinition createBeanDefinition(Element element, ParserContext parserContext) {
-		Assert.notNull(parserContext, "ParserContext must not be null");
-
-		RootBeanDefinition rememberMeServicesBeanDef = new RootBeanDefinition(TokenBasedRememberMeServices.class);
-
-		String keyValue = "";
-		String rememberMeServicesRef = "";
-
-		if (element != null) {
-			keyValue = element.getAttribute(KEY);
-
-			if (StringUtils.hasLength(keyValue)) {
-				rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(KEY, keyValue);
-			}
-			else {
-				/*
-				 * TODO: pick a rnd int and apply it whenver required in
-				 * applicationcontext
-				 */
-				
-			}
-
-			// check if rememberMeServicesBeanRef is defined and if it's
-			// specified
-			// use its referred bean
-			rememberMeServicesRef = element.getAttribute(PRINCIPAL_REPOSITORY_BEAN_REF);
-			if (StringUtils.hasLength(rememberMeServicesRef)) {
-				rememberMeServicesBeanDef.getPropertyValues().addPropertyValue(USER_DETAILS_SERVICE_PROPERTY,
-						new RuntimeBeanReference(rememberMeServicesRef));
-			}
-		}
-
-		return rememberMeServicesBeanDef;
-	}
-	
-	protected static RootBeanDefinition createAndRegisterBeanDefintionWithDefaults(ParserContext parserContext){
-		RootBeanDefinition beanDefinition = new RootBeanDefinition(TokenBasedRememberMeServices.class);
-		beanDefinition.getPropertyValues().addPropertyValue(KEY, "key");
-		parserContext.getReaderContext().registerWithGeneratedName(beanDefinition);
-		return beanDefinition;
-	}
-
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/SecurityAutoDetectNamepsaceHandler.java

@@ -1,21 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
-
-/**
- * @author Vishal Puri
- *
- */
-public class SecurityAutoDetectNamepsaceHandler extends NamespaceHandlerSupport {
-
-	/* (non-Javadoc)
-	 * @see org.springframework.beans.factory.xml.NamespaceHandler#init()
-	 */
-	public void init() {
-		registerBeanDefinitionParser("autoconfig", new AutoConfigBeanDefinitionParser());
-	}
-
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/SecurityNamespaceHandler.java

@@ -1,37 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import org.springframework.beans.factory.xml.BeanDefinitionParser;
-import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
-
-/**
- * {@link org.springframework.beans.factory.xml.NamespaceHandler} for the '<code>security</code>' namespace.
- * @author vpuri
- * 
- * @since 
- */
-public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
-
-	/**
-	 * Register the {@link BeanDefinitionParser BeanDefinitionParsers} for the
-	 * '<code>context-integration</code>', ' and '<code></code>' elements.
-	 */
-	public void init() {
-		registerBeanDefinitionParser("principal-repository", new PrincipalRepositoryBeanDefinitionParser());
-		registerBeanDefinitionParser("session-context-integration", new ContextIntegrationBeanDefinitionParser());
-		registerBeanDefinitionParser("authentication-repository", new AuthenticationRepositoryBeanDefinitionParser());
-		registerBeanDefinitionParser("authentication-mechanism", new AuthenticationMechanismBeanDefinitionParser());
-		registerBeanDefinitionParser("authentication-remember-me-services", new RememberMeServicesBeanDefinitionParser());
-		registerBeanDefinitionParser("authentication-remember-me-filter", new RememberMeFilterBeanDefinitionParser());
-		registerBeanDefinitionParser("logout-support", new LogoutFilterBeanDefinitionParser());
-		registerBeanDefinitionParser("exception-translation", new ExceptionTranslationFilterBeanDefinitionParser());
-		registerBeanDefinitionParser("authentication-form", new AuthenticationProcessingFilterBeanDefinitionParser());
-		registerBeanDefinitionParser("authorization-manager", new AuthorizationManagerBeanDefinitionParser());
-		registerBeanDefinitionParser("authorization-http-url", new FilterSecurityInterceptorBeanDefinitionParser());
-		registerBeanDefinitionParser("authorization-joinpoint", new AuthorizationMethodBeanDefinitionParser());
-		registerBeanDefinitionParser("autoconfig", new AutoConfigBeanDefinitionParser());
-	}
-
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilter.java

@@ -1,239 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.acegisecurity.ui.basicauth;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.ui.AuthenticationDetailsSource;
-import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
-import org.acegisecurity.ui.AuthenticationEntryPoint;
-import org.acegisecurity.ui.rememberme.RememberMeServices;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.core.Ordered;
-import org.springframework.util.Assert;
-
-
-/**
- * Processes a HTTP request's BASIC authorization headers, putting the result into the
- * <code>SecurityContextHolder</code>.<p>For a detailed background on what this filter is designed to process,
- * refer to <A HREF="http://www.faqs.org/rfcs/rfc1945.html">RFC 1945, Section 11.1</A>. Any realm name presented in
- * the HTTP request is ignored.</p>
- *  <p>In summary, this filter is responsible for processing any request that has a HTTP request header of
- * <code>Authorization</code> with an authentication scheme of <code>Basic</code> and a Base64-encoded
- * <code>username:password</code> token. For example, to authenticate user "Aladdin" with password "open sesame" the
- * following header would be presented:</p>
- *  <p><code>Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==</code>.</p>
- *  <p>This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as
- * Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).</p>
- *  <P>If authentication is successful, the resulting {@link Authentication} object will be placed into the
- * <code>SecurityContextHolder</code>.</p>
- *  <p>If authentication fails and <code>ignoreFailure</code> is <code>false</code> (the default), an {@link
- * AuthenticationEntryPoint} implementation is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
- * which will prompt the user to authenticate again via BASIC authentication.</p>
- *  <p>Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
- * transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
- * provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
- * org.acegisecurity.ui.digestauth.DigestProcessingFilter}.</p>
- *  <p>Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
- * details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
- * they will be authenticated using the remember-me mechanism.</p>
- *  <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
- * org.acegisecurity.util.FilterToBeanProxy}.</p>
- *
- * @author Ben Alex
- * @version $Id: BasicProcessingFilter.java 1783 2007-02-23 19:21:44Z luke_t $
- */
-public class BasicProcessingFilter implements Filter, InitializingBean, Ordered {
-    //~ Static fields/initializers =====================================================================================
-
-	private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
-
-    //~ Instance fields ================================================================================================
-
-    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
-    private AuthenticationEntryPoint authenticationEntryPoint;
-    private AuthenticationManager authenticationManager;
-    private RememberMeServices rememberMeServices;
-    private boolean ignoreFailure = false;
-    private int order;
-
-    //~ Methods ========================================================================================================
-
-    public void afterPropertiesSet() throws Exception {
-        Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
-        Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
-    }
-
-    public void destroy() {}
-
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-            throws IOException, ServletException {
-
-        if (!(request instanceof HttpServletRequest)) {
-            throw new ServletException("Can only process HttpServletRequest");
-        }
-
-        if (!(response instanceof HttpServletResponse)) {
-            throw new ServletException("Can only process HttpServletResponse");
-        }
-
-        HttpServletRequest httpRequest = (HttpServletRequest) request;
-        HttpServletResponse httpResponse = (HttpServletResponse) response;
-
-        String header = httpRequest.getHeader("Authorization");
-
-        if (logger.isDebugEnabled()) {
-            logger.debug("Authorization header: " + header);
-        }
-
-        if ((header != null) && header.startsWith("Basic ")) {
-            String base64Token = header.substring(6);
-            String token = new String(Base64.decodeBase64(base64Token.getBytes()));
-
-            String username = "";
-            String password = "";
-            int delim = token.indexOf(":");
-
-            if (delim != -1) {
-                username = token.substring(0, delim);
-                password = token.substring(delim + 1);
-            }
-
-            if (authenticationIsRequired(username)) {
-                UsernamePasswordAuthenticationToken authRequest =
-                        new UsernamePasswordAuthenticationToken(username, password);
-                authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
-
-                Authentication authResult;
-
-                try {
-                    authResult = authenticationManager.authenticate(authRequest);
-                } catch (AuthenticationException failed) {
-                    // Authentication failed
-                    if (logger.isDebugEnabled()) {
-                        logger.debug("Authentication request for user: " + username + " failed: " + failed.toString());
-                    }
-
-                    SecurityContextHolder.getContext().setAuthentication(null);
-
-                    if (rememberMeServices != null) {
-                        rememberMeServices.loginFail(httpRequest, httpResponse);
-                    }
-
-                    if (ignoreFailure) {
-                        chain.doFilter(request, response);
-                    } else {
-                        authenticationEntryPoint.commence(request, response, failed);
-                    }
-
-                    return;
-                }
-
-                // Authentication success
-                if (logger.isDebugEnabled()) {
-                    logger.debug("Authentication success: " + authResult.toString());
-                }
-
-                SecurityContextHolder.getContext().setAuthentication(authResult);
-
-                if (rememberMeServices != null) {
-                    rememberMeServices.loginSuccess(httpRequest, httpResponse, authResult);
-                }
-            }
-        }
-
-        chain.doFilter(request, response);
-    }
-
-    private boolean authenticationIsRequired(String username) {
-        // Only reauthenticate if username doesn't match SecurityContextHolder and user isn't authenticated
-        // (see SEC-53)
-        Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
-
-        if(existingAuth == null || !existingAuth.isAuthenticated()) {
-            return true;
-        }
-
-        // Limit username comparison to providers which use usernames (ie UsernamePasswordAuthenticationToken)
-        // (see SEC-348)
-
-        if (existingAuth instanceof UsernamePasswordAuthenticationToken && !existingAuth.getName().equals(username)) {
-            return true;
-        }
-
-        return false;
-    }
-
-    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
-        return authenticationEntryPoint;
-    }
-
-    public AuthenticationManager getAuthenticationManager() {
-        return authenticationManager;
-    }
-
-    public void init(FilterConfig arg0) throws ServletException {}
-
-    public boolean isIgnoreFailure() {
-        return ignoreFailure;
-    }
-
-    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
-        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
-        this.authenticationDetailsSource = authenticationDetailsSource;
-    }
-
-    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
-        this.authenticationEntryPoint = authenticationEntryPoint;
-    }
-
-    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
-        this.authenticationManager = authenticationManager;
-    }
-
-    public void setIgnoreFailure(boolean ignoreFailure) {
-        this.ignoreFailure = ignoreFailure;
-    }
-
-    public void setRememberMeServices(RememberMeServices rememberMeServices) {
-        this.rememberMeServices = rememberMeServices;
-    }
-
-	public int getOrder() {
-		return order;
-	}
-
-	public void setOrder(int order) {
-		this.order = order;
-	}
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilterEntryPoint.java

@@ -1,89 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.acegisecurity.ui.basicauth;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
-
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.ui.AuthenticationEntryPoint;
-import org.acegisecurity.util.OrderedUtils;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-import org.springframework.core.Ordered;
-import org.springframework.util.Assert;
-
-
-/**
- * Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
- * BasicProcessingFilter}.<P>Once a user agent is authenticated using BASIC authentication, logout requires that
- * the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call
- * the {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} method below. This will indicate to
- * the browser its credentials are no longer authorized, causing it to prompt the user to login again.</p>
- *
- * @author Ben Alex
- * @version $Id: BasicProcessingFilterEntryPoint.java 1822 2007-05-17 12:20:16Z vishalpuri $
- */
-public class BasicProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean, Ordered, ApplicationContextAware {
-    //~ Instance fields ================================================================================================
-
-	private static final int DEFAULT_ORDER = Integer.MAX_VALUE;
-    private String realmName;
-    private int order = DEFAULT_ORDER;
-    private ApplicationContext applicationContext;
-
-    //~ Methods ========================================================================================================
-
-    public int getOrder() {
-		return order;
-	}
-
-	public void setOrder(int order) {
-		this.order = order;
-	}
-
-	public void afterPropertiesSet() throws Exception {
-		Assert.hasText(realmName, "realmName must be specified");
-		if (order == DEFAULT_ORDER) {
-			OrderedUtils.copyOrderFromOtherClass(BasicProcessingFilter.class, applicationContext, this, true);
-		}
-    }
-
-    public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
-        throws IOException, ServletException {
-        HttpServletResponse httpResponse = (HttpServletResponse) response;
-        httpResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
-        httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
-    }
-
-    public String getRealmName() {
-        return realmName;
-    }
-
-    public void setRealmName(String realmName) {
-        this.realmName = realmName;
-    }
-
-	public void setApplicationContext(ApplicationContext applicationContext) {
-		this.applicationContext = applicationContext;
-	}
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/ui/basicauth/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Authenticates HTTP BASIC authentication requests.
-</body>
-</html>

sandbox/spring-security-config/src/main/java/org/acegisecurity/util/BeanDefinitionParserUtils.java

@@ -1,88 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.util;
-
-import org.springframework.beans.factory.config.RuntimeBeanNameReference;
-import org.springframework.beans.factory.config.RuntimeBeanReference;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
-
-/**
- * The convenience methods for the parsing of bean definition xml file.
- * 
- * @author Vishal Puri
- * 
- */
-public class BeanDefinitionParserUtils {
-	// ~ Constructor
-	// ================================================================================================
-
-	/**
-	 * Prevents instantiation
-	 */
-	private BeanDefinitionParserUtils() {
-	}
-
-	// ~ Method
-	// ================================================================================================
-
-	public static void setConstructorArgumentIfAvailable(int index, Element element, String attribute,
-			boolean isRunTimeBeanReference, RootBeanDefinition definition) {
-		String propertyValue = element.getAttribute(attribute);
-		if (StringUtils.hasText(propertyValue)) {
-			if (!isRunTimeBeanReference) {
-				definition.getConstructorArgumentValues().addIndexedArgumentValue(index, propertyValue);
-			}
-			else {
-				definition.getConstructorArgumentValues().addIndexedArgumentValue(index,
-						new RuntimeBeanNameReference(propertyValue));
-			}
-		}
-	}
-
-	/**
-	 * <p>
-	 * Configure a <code>BeanDefinition</code>with the property value
-	 * retrieved from xml attribute. If the attribute is like a standard spring
-	 * 'ref' attribute as indicated by 'isRunTimeBeanReference', the property
-	 * will be resolved as a reference to the spring bean.
-	 * </p>
-	 * 
-	 * @param element The parent element.
-	 * @param attribute The child attribute.
-	 * @param property The configuration property for the BeanDefinition
-	 * @param isRunTimeBeanReference Indicates if the property is like a
-	 * standard spring 'ref' attribute.
-	 * @param definition The BeanDefinition to configure with the property
-	 * provided.
-	 * @return boolean To indicate if BeanDefinition was configured with a
-	 * property.
-	 */
-	public static boolean setPropertyIfAvailable(Element element, String attribute, String property,
-			boolean isRunTimeBeanReference, RootBeanDefinition definition) {
-		String propertyValue = element.getAttribute(attribute);
-		if (StringUtils.hasText(propertyValue)) {
-			if (!isRunTimeBeanReference) {
-				definition.getPropertyValues().addPropertyValue(property, propertyValue);
-				return true;
-			}
-			else {
-				definition.getPropertyValues().addPropertyValue(property, new RuntimeBeanReference(propertyValue));
-				return true;
-			}
-		}
-		return false;
-	}
-	
-	/**
-	 * @param parserContext
-	 * @param defintion
-	 */
-	public static  void registerBeanDefinition(ParserContext parserContext, RootBeanDefinition defintion) {
-		parserContext.getRegistry().registerBeanDefinition(
-				parserContext.getReaderContext().generateBeanName(defintion), defintion);
-	}
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/util/OrderedUtils.java

@@ -1,66 +0,0 @@
-package org.acegisecurity.util;
-
-import java.lang.reflect.Method;
-import java.util.Map;
-
-import org.springframework.context.ApplicationContext;
-import org.springframework.core.Ordered;
-import org.springframework.util.Assert;
-import org.springframework.util.ReflectionUtils;
-
-/**
- * Proivdes common logic for manipulating classes implementing the Spring
- * {@link Ordered} interface.
- * 
- * @author Ben Alex
- * @author Vishal Puri
- */
-public abstract class OrderedUtils {
-	/**
-	 * Introspects the application context for a single instance of <code>sourceClass</code>. If found, the order from the source
-	 * class instance is copied into the <code>destinationObject</code>. If more than one instance of <code>sourceClass</code>
-	 * is found, the method throws <code>IllegalStateException</code>.
-	 * 
-	 * <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
-	 * mutation of the order property.
-	 * 
-	 * @param sourceClass to locate in the application context (must be assignable to Ordered)
-	 * @param applicationContext to locate the class
-	 * @param destinationObject to copy the order into (must provide public setOrder(int) method)
-	 * @param skipIfMoreThanOneCandidateSourceClassInstance if the application context provides more than one potential source, skip modifications (if false, the first located matching source will be used)
-	 * @return whether or not the destination class was updated
-	 */
-	public static boolean copyOrderFromOtherClass(Class sourceClass, ApplicationContext applicationContext, Object destinationObject, boolean skipIfMoreThanOneCandidateSourceClassInstance) {
-		Assert.notNull(sourceClass, "Source class required");
-		Assert.notNull(applicationContext, "ApplicationContext required");
-		Assert.notNull(destinationObject, "Destination object required");
-		Assert.isAssignable(Ordered.class, sourceClass, "Source class " + sourceClass + " must be assignable to Ordered");
-		Map map = applicationContext.getBeansOfType(sourceClass);
-		if (map.size() == 0) {
-			return false;
-		} else if (map.size() > 1 && skipIfMoreThanOneCandidateSourceClassInstance) {
-			return false;
-		} else {
-			copyOrderFromOtherObject((Ordered)map.values().iterator().next(), destinationObject);
-			return true;
-		}
-	}
-	
-	/**
-	 * Copies the order property from the <code>sourceObject</code> into the <code>destinationObject</code>.
-	 * 
-	 * <p>The <code>destinationObject</code> is required to provide a public <code>setOrder(int)</code> method to permit
-	 * mutation of the order property.
-	 * 
-	 * @param sourceObject to copy the order from
-	 * @param destinationObject to copy the order into (must provide public setOrder(int) method)
-	 */
-	public static void copyOrderFromOtherObject(Ordered sourceObject, Object destinationObject) {
-		Assert.notNull(sourceObject, "Source object required");
-		Assert.notNull(destinationObject, "Destination object required");
-		Method m = ReflectionUtils.findMethod(destinationObject.getClass(), "setOrder", new Class[] {int.class});
-		Assert.notNull(m, "Method setOrder(int) not found on " + destinationObject.getClass());
-		ReflectionUtils.invokeMethod(m, destinationObject, new Object[] { Integer.valueOf((sourceObject.getOrder()))});
-	}
-	
-}

sandbox/spring-security-config/src/main/java/org/acegisecurity/util/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-General utility classes used throughout the Acegi Security System.
-</body>
-</html>

sandbox/spring-security-config/src/main/resources/org/acegisecurity/config/inmemory-users.properties

@@ -1,4 +0,0 @@
-angelina=black,ROLE_ADMIN
-brad=grey,ROLE_TELLER,ROLE_PERMISSION_LIST
-paris=pink,ROLE_TELLER
-bono=sunny,ROLE_PERMISSION_LIST

sandbox/spring-security-config/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd

@@ -1,686 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-
-<xsd:schema xmlns="http://www.springframework.org/schema/security"
-	xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-	targetNamespace="http://www.springframework.org/schema/security"
-	xmlns:beans="http://www.springframework.org/schema/beans"
-	elementFormDefault="qualified" attributeFormDefault="unqualified">
-
-	<xsd:import namespace="http://www.springframework.org/schema/beans" />
-
-	<xsd:element name="autoconfig" />
-
-	<xsd:element name="session-context-integration">
-		<xsd:complexType>
-			<xsd:attribute name="id" type="xsd:ID">
-				<xsd:annotation>
-					<xsd:documentation>
-						<![CDATA[
-	The unique identifier for a bean.
-				]]>
-					</xsd:documentation>
-				</xsd:annotation>
-			</xsd:attribute>
-
-			<xsd:attribute name="sessionCreation"
-				default="ifRequired">
-				<xsd:annotation>
-					<xsd:documentation>
-						<![CDATA[
-	Indicates if this filter can create a HttpSession if
-	needed (sessions are always created sparingly, but setting this value to
-	false will prohibit sessions from ever being created).
-	Defaults to true. Do not set to false if
-	you have set forceEagerSessionCreation to true ,
-	as the properties would be in conflict.
-							]]>
-					</xsd:documentation>
-				</xsd:annotation>
-				<xsd:simpleType>
-					<xsd:restriction base="xsd:string">
-						<xsd:enumeration value="ifRequired" />
-						<xsd:enumeration value="never" />
-						<xsd:enumeration value="always" />
-					</xsd:restriction>
-				</xsd:simpleType>
-			</xsd:attribute>
-
-			<xsd:attribute name="forceEagerSessionCreation"
-				default="false" type="defaultable-boolean" use="optional">
-				<xsd:annotation>
-					<xsd:documentation>
-						<![CDATA[
-	Indicates if this filter is required to create a 'HttpSession'
-	for every request before proceeding through the filter chain, even if the
-	'HttpSession' would not ordinarily have been created. By
-	default this is 'false', which is entirely appropriate for
-	most circumstances as you do not want a 'HttpSession'
-	created unless the filter actually needs one. It is envisaged the main
-	situation in which this property would be set to 'true' is
-	if using other filters that depend on a 'HttpSession'
-	already existing, such as those which need to obtain a session ID. This
-	is only required in specialised cases, so leave it set to
-	'false' unless you have an actual requirement and are
-	conscious of the session creation overhead.
-							]]>
-					</xsd:documentation>
-				</xsd:annotation>
-			</xsd:attribute>
-			<xsd:attribute name="cloneFromHttpSession" default="false"
-				type="defaultable-boolean" use="optional">
-				<xsd:annotation>
-					<xsd:documentation>
-						<![CDATA[
-	Indicates whether the <code>SecurityContext</code> will be cloned from
-	the HttpSession. The default is to simply reference (ie
-    the default is 'false'. The default may cause issues if
- 	concurrent threads need to have a different security identity from other
-	threads being concurrently processed that share the same
-	<code>HttpSession</code>. In most normal environments this does not
-	represent an issue, as changes to the security identity in one thread is
-	allowed to affect the security identitiy in other threads associated with
-	the same 'HttpSession'.
-							]]>
-					</xsd:documentation>
-				</xsd:annotation>
-			</xsd:attribute>
-		</xsd:complexType>
-	</xsd:element>
-
-	<xsd:element name="authentication-remember-me-filter"
-		type="RememberMeFilter">
-		<xsd:annotation>
-			<xsd:documentation
-				source="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
-				<![CDATA[
-	makes the filter, but does little else, as it auto-detects everything
-				]]>
-			</xsd:documentation>
-		</xsd:annotation>
-	</xsd:element>
-
-	<xsd:complexType name="RememberMeFilter">
-		<xsd:attribute name="id" type="xsd:ID">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	The unique identifier for a bean.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-		<xsd:attribute name="rememberMeServicesBeanRef"
-			type="xsd:string" use="optional" />
-	</xsd:complexType>
-
-	<xsd:element name="authentication-remember-me-services"
-		type="RememberMeServices" />
-
-	<xsd:complexType name="RememberMeServices">
-		<xsd:attribute name="id" type="xsd:ID">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	The unique identifier for a bean.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-		<xsd:attribute name="key" type="xsd:string" use="optional" />
-		<xsd:attribute name="principalRepositoryBeanRef"
-			type="xsd:string" use="optional" />
-	</xsd:complexType>
-
-	<!-- Logout Filter -->
-	<xsd:element name="logout-support">
-		<xsd:complexType>
-			<!-- Write other attributes -->
-			<xsd:attribute name="id" type="xsd:ID">
-				<xsd:annotation>
-					<xsd:documentation>
-						<![CDATA[
-	The unique identifier for a bean.
-				]]>
-					</xsd:documentation>
-				</xsd:annotation>
-			</xsd:attribute>
-			<xsd:attribute name="redirectAfterLogoutUrl"
-				type="xsd:string" default="/" />
-			<xsd:attribute name="logoutUrl" type="xsd:string"
-				default="/logout" />
-			<xsd:anyAttribute namespace="##other" processContents="lax" />
-		</xsd:complexType>
-	</xsd:element>
-
-
-	<!-- Exception Translation Filter -->
-	<xsd:element name="exception-translation"
-		type="ExceptionTranslation" />
-
-	<xsd:complexType name="ExceptionTranslation">
-		<xsd:all>
-			<xsd:element ref="entry-point" maxOccurs="1" />
-			<xsd:element ref="access-denied" maxOccurs="1"
-				minOccurs="0" />
-		</xsd:all>
-		<xsd:attribute name="id" type="xsd:ID">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	The unique identifier for a bean.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-	</xsd:complexType>
-
-	<xsd:element name="entry-point">
-		<xsd:complexType>
-			<xsd:attribute name="entryPointBeanRef" type="xsd:string" />
-		</xsd:complexType>
-	</xsd:element>
-
-	<xsd:element name="access-denied">
-		<xsd:complexType>
-			<xsd:attribute name="accessDeniedUrl" type="xsd:string"
-				use="optional" />
-			<xsd:attribute name="accessDeniedBeanRef" type="xsd:string"
-				use="optional" />
-		</xsd:complexType>
-	</xsd:element>
-
-	<!-- AuthenticationProcessigFilter -->
-	<xsd:element name="authentication-form"
-		type="AuthenticationProcessingFilter" />
-
-	<xsd:complexType name="AuthenticationProcessingFilter">
-		<xsd:attribute name="id" type="xsd:ID">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	The unique identifier for a bean.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-		<xsd:attribute name="authenticationUrl" type="xsd:string"
-			use="required">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	The URL destination that this filter intercepts and processes (usually something like
-     /login) 
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-		<xsd:attribute name="defaultTargetUrl" type="xsd:string"
-			use="required">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	Where to redirect the browser to if authentication is successful but ACEGI_SAVED_REQUEST_KEY is
-     null
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-		<xsd:attribute name="errorFormUrl" type="xsd:string"
-			use="required">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	Where to redirect the browser to if authentication fails.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-	</xsd:complexType>
-
-
-
-	<xsd:element name="authentication-mechanism"
-		type="AuthenticationManager">
-		<xsd:annotation>
-			<xsd:documentation
-				source="org.acegisecurity.providers.ProviderManager">
-				<![CDATA[
-				Resolves to 'org.acegisecurity.providers.ProviderManager'
-				]]>
-			</xsd:documentation>
-		</xsd:annotation>
-	</xsd:element>
-
-	<xsd:complexType name="AuthenticationManager">
-		<xsd:sequence>
-			<xsd:element ref="authentication-jdbc" minOccurs="0"
-				maxOccurs="1" />
-			<xsd:element ref="authentication-ldap" minOccurs="0"
-				maxOccurs="1" />
-		</xsd:sequence>
-		<xsd:attribute name="id" type="xsd:ID">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	The unique identifier for a bean.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-	</xsd:complexType>
-
-	<xsd:element name="authentication-jdbc">
-		<xsd:annotation>
-			<xsd:documentation
-				source="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
-				<![CDATA[
-				if not specified will be auto-tetected from the ApplicationContext and tried in order 
-				]]>
-			</xsd:documentation>
-		</xsd:annotation>
-		<xsd:complexType>
-			<xsd:attribute name="ref" type="xsd:string" />
-		</xsd:complexType>
-	</xsd:element>
-
-	<xsd:element name="authentication-ldap">
-		<xsd:annotation>
-			<xsd:documentation
-				source="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
-				<![CDATA[
-				if not specified will be auto-tetected from the ApplicationContext and tried in order 
-				]]>
-			</xsd:documentation>
-		</xsd:annotation>
-
-		<xsd:complexType>
-
-			<xsd:sequence>
-				<xsd:element name="property">
-					<xsd:complexType>
-						<xsd:complexContent>
-							<xsd:extension base="beans:propertyType"></xsd:extension>
-						</xsd:complexContent>
-					</xsd:complexType>
-				</xsd:element>
-			</xsd:sequence>
-
-			<xsd:attribute name="ldapUrl" type="xsd:string">
-				<xsd:annotation>
-					<xsd:documentation>
-						<![CDATA[
-	The LDAP url of the server (and root context) to connect to.
-					]]>
-					</xsd:documentation>
-				</xsd:annotation>
-			</xsd:attribute>
-			<xsd:attribute name="managerDn" type="xsd:string">
-				<xsd:annotation>
-					<xsd:documentation>
-						<![CDATA[
-	The LDAP url of the server (and root context) to connect to.
-					]]>
-					</xsd:documentation>
-				</xsd:annotation>
-			</xsd:attribute>
-			<xsd:attribute name="managerPassword" type="xsd:string">
-				<xsd:annotation>
-					<xsd:documentation>
-						<![CDATA[
-	The manager user's password.
-					]]>
-					</xsd:documentation>
-				</xsd:annotation>
-			</xsd:attribute>
-			<xsd:attribute name="groupSearchBase" type="xsd:string">
-				<xsd:annotation>
-					<xsd:documentation>
-						<![CDATA[
-	
-					]]>
-					</xsd:documentation>
-				</xsd:annotation>
-			</xsd:attribute>
-			<xsd:attribute name="groupRoleAttribute"
-				type="xsd:string">
-				<xsd:annotation>
-					<xsd:documentation>
-						<![CDATA[
-	
-					]]>
-					</xsd:documentation>
-				</xsd:annotation>
-			</xsd:attribute>
-		</xsd:complexType>
-	</xsd:element>
-
-
-
-	<xsd:element name="principal-repository" type="PrincipalRepository" />
-
-	<xsd:complexType name="PrincipalRepository">
-		<xsd:choice>
-			<xsd:element ref="jdbc" minOccurs="0" maxOccurs="1" />
-			<xsd:element ref="ldap" minOccurs="0" maxOccurs="1" />
-			<xsd:element ref="properties" minOccurs="0" maxOccurs="1" />
-			<xsd:element ref="user-definition" minOccurs="0"
-				maxOccurs="unbounded" />
-		</xsd:choice>
-		<xsd:attribute name="id" type="xsd:ID">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	The unique identifier for a bean.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-	</xsd:complexType>
-
-	<xsd:element name="jdbc">
-		<xsd:complexType>
-			<xsd:attribute name="dataSourceBeanRef" type="xsd:string" />
-			<xsd:attribute name="authoritiesByUsernameQuery"
-				type="xsd:string" use="optional" />
-			<xsd:attribute name="jdbcTemplateBeanRef" type="xsd:string"
-				use="optional" />
-			<xsd:attribute name="rolePrefix" type="xsd:string"
-				use="optional" />
-			<xsd:attribute name="usernameBasedPrimaryKey"
-				type="xsd:boolean" use="optional" />
-			<xsd:attribute name="usersByUsernameQuery" type="xsd:string"
-				use="optional" />
-		</xsd:complexType>
-	</xsd:element>
-
-
-	<xsd:element name="ldap">
-		<xsd:complexType>
-			<xsd:attribute name="not-yet-defined" type="xsd:string" />
-		</xsd:complexType>
-	</xsd:element>
-
-	<xsd:element name="properties">
-		<xsd:complexType>
-			<xsd:attribute name="resource" type="xsd:string" />
-		</xsd:complexType>
-	</xsd:element>
-
-	<xsd:element name="user-definition">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="granted-authority" minOccurs="0"
-					maxOccurs="unbounded">
-					<xsd:complexType>
-						<xsd:attribute name="authority"
-							type="xsd:string" use="required" />
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="granted-authority-ref" minOccurs="0"
-					maxOccurs="unbounded">
-					<xsd:complexType>
-						<xsd:attribute name="authorityBeanRef"
-							type="xsd:string" use="required" />
-					</xsd:complexType>
-				</xsd:element>
-			</xsd:sequence>
-			<xsd:attribute name="username" type="xsd:string"
-				use="required" />
-			<xsd:attribute name="password" type="xsd:string" />
-			<xsd:attribute name="enabled" type="xsd:boolean" />
-			<xsd:anyAttribute namespace="##local"
-				processContents="strict" />
-		</xsd:complexType>
-	</xsd:element>
-
-
-	<xsd:element name="authentication-repository"
-		type="AuthenticationRepositoryType" />
-
-	<xsd:complexType name="AuthenticationRepositoryType">
-		<xsd:sequence>
-			<xsd:element name="salt-source" type="SaltSource"
-				minOccurs="0" maxOccurs="1" />
-			<xsd:element name="password-encoder" type="PasswordEncoder"
-				minOccurs="0" maxOccurs="1" />
-		</xsd:sequence>
-		<xsd:attributeGroup ref="AuthenticationRepositoryAttributes" />
-	</xsd:complexType>
-
-	<!-- <security:salt-source source="systemwide|reflection" salt="salt"/> -->
-	<xsd:complexType name="SaltSource">
-		<xsd:sequence>
-			<xsd:choice minOccurs="0" maxOccurs="1">
-				<xsd:element name="system-wide">
-					<xsd:complexType>
-						<xsd:attribute name="systemWideSalt"
-							type="xsd:string" />
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="reflection">
-					<xsd:complexType>
-						<xsd:attribute name="userPropertyToUse"
-							type="xsd:string" />
-					</xsd:complexType>
-				</xsd:element>
-			</xsd:choice>
-		</xsd:sequence>
-		<xsd:attribute name="saltSourceBeanRef" type="xsd:string"
-			use="optional" />
-	</xsd:complexType>
-
-	<xsd:complexType name="PasswordEncoder">
-		<xsd:sequence>
-			<xsd:choice minOccurs="0" maxOccurs="1">
-				<xsd:element name="encoder">
-					<xsd:complexType>
-						<xsd:attribute name="method" type="encoders" />
-					</xsd:complexType>
-				</xsd:element>
-			</xsd:choice>
-		</xsd:sequence>
-		<xsd:attribute name="encoderBeanRef" type="xsd:string"
-			use="optional" />
-	</xsd:complexType>
-
-	<xsd:attributeGroup name="AuthenticationRepositoryAttributes">
-		<xsd:attribute name="id" type="xsd:ID">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	The unique identifier for a bean.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-		<xsd:attribute name="repositoryBeanRef" type="xsd:string">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	Reference of a bean.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-	</xsd:attributeGroup>
-
-	<xsd:element name="authorization-http-url"
-		type="AuthorizationHttpUrlType">
-		<xsd:annotation>
-			<xsd:documentation>
-				<![CDATA[
-				Specify security:uri-patterns in order of processing; each pattern must specify EITHER a 
-				regularExpression OR a path, but not both and ALL patterns in the url-mapping MUST be of the 
-				SAME type (ie cannot mix a regular expression and Ant Path) - exception will be thrown if tried
-				]]>
-			</xsd:documentation>
-		</xsd:annotation>
-	</xsd:element>
-
-	<xsd:complexType name="AuthorizationHttpUrlType">
-		<xsd:sequence minOccurs="1" maxOccurs="1">
-			<xsd:element name="url-mapping" type="UrlMappingType"></xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="id" type="xsd:ID">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	The unique identifier for a bean.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-	</xsd:complexType>
-
-	<xsd:complexType name="UrlMappingType">
-		<xsd:sequence minOccurs="1" maxOccurs="unbounded">
-			<xsd:element name="uri-pattern" type="UriPatternType" />
-		</xsd:sequence>
-		<xsd:attribute name="source" type="xsd:string" default="xml" />
-		<xsd:attribute name="sourceBeanId" type="xsd:string">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	Reference to an external ObjectDefinitionSource.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-	</xsd:complexType>
-
-	<xsd:complexType name="UriPatternType">
-		<xsd:sequence minOccurs="1" maxOccurs="unbounded">
-			<xsd:element name="configuration-attribute"
-				type="ConfigurationAttributeType" />
-		</xsd:sequence>
-		<xsd:attribute name="path" type="xsd:string" use="optional" />
-		<xsd:attribute name="regularExpression" type="xsd:string"
-			use="optional" />
-	</xsd:complexType>
-
-	<xsd:complexType name="ConfigurationAttributeType">
-		<xsd:attribute name="attribute" type="xsd:string" />
-	</xsd:complexType>
-
-	<xsd:element name="authorization-manager"
-		type="AuthorizationManagerType" />
-
-	<xsd:complexType name="AuthorizationManagerType">
-		<xsd:sequence>
-			<xsd:element name="role-voter" type="xsd:string"
-				minOccurs="0" maxOccurs="1" />
-			<xsd:element name="authenticated-voter" type="xsd:string"
-				minOccurs="0" maxOccurs="1" />
-		</xsd:sequence>
-		<xsd:attribute name="id" type="xsd:ID">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	The unique identifier for a bean.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-		<xsd:attribute name="strategy" type="response"
-			default="affirmative" />
-	</xsd:complexType>
-
-	<!-- Authorization JointPoint -->
-	<xsd:element name="authorization-joinpoint"
-		type="AuthorizationJointPointType">
-		<xsd:annotation>
-			<xsd:documentation>
-				<![CDATA[
-				
-				]]>
-			</xsd:documentation>
-		</xsd:annotation>
-	</xsd:element>
-
-	<xsd:complexType name="AuthorizationJointPointType">
-		<xsd:sequence minOccurs="1" maxOccurs="1">
-			<xsd:element name="url-mapping"
-				type="JointPointMappingType">
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="id" type="xsd:ID">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	The unique identifier for a bean.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-		<xsd:attribute name="springAop" type="xsd:boolean"
-			use="optional" />
-		<xsd:attribute name="aspectj" type="xsd:boolean" use="optional" />
-	</xsd:complexType>
-
-	<xsd:complexType name="JointPointMappingType">
-		<xsd:sequence minOccurs="1" maxOccurs="unbounded">
-			<xsd:element name="method-pattern" type="MethodPatternType" />
-		</xsd:sequence>
-		<xsd:attribute name="source" type="MethodInterceptorType"
-			default="xml" />
-		<xsd:attribute name="sourceBeanId" type="xsd:string">
-			<xsd:annotation>
-				<xsd:documentation>
-					<![CDATA[
-	Reference to an external ObjectDefinitionSource.
-				]]>
-				</xsd:documentation>
-			</xsd:annotation>
-		</xsd:attribute>
-	</xsd:complexType>
-
-	<xsd:complexType name="MethodPatternType">
-		<xsd:sequence minOccurs="1" maxOccurs="unbounded">
-			<xsd:element name="configuration-attribute"
-				type="ConfigurationAttributeType" />
-		</xsd:sequence>
-		<xsd:attribute name="type" type="xsd:string" />
-	</xsd:complexType>
-
-	<xsd:simpleType name="response">
-		<xsd:restriction base="xsd:NMTOKEN">
-			<xsd:enumeration value="consensus" />
-			<xsd:enumeration value="unanimous" />
-			<xsd:enumeration value="affirmative" />
-		</xsd:restriction>
-	</xsd:simpleType>
-
-	<xsd:simpleType name="MethodInterceptorType">
-		<xsd:restriction base="xsd:NMTOKEN">
-			<xsd:enumeration value="xml" />
-			<xsd:enumeration value="attributes" />
-			<xsd:enumeration value="annotations" />
-			<xsd:enumeration value="custom" />
-		</xsd:restriction>
-	</xsd:simpleType>
-
-	<!-- simple internal types -->
-	<xsd:simpleType name="defaultable-boolean">
-		<xsd:restriction base="xsd:NMTOKEN">
-			<xsd:enumeration value="true" />
-			<xsd:enumeration value="false" />
-		</xsd:restriction>
-	</xsd:simpleType>
-
-
-
-	<xsd:simpleType name="encoders">
-		<xsd:restriction base="xsd:NMTOKEN">
-			<xsd:enumeration value="md5" />
-			<xsd:enumeration value="md5Hex" />
-			<xsd:enumeration value="sha" />
-			<xsd:enumeration value="shaHex" />
-			<xsd:enumeration value="custom" />
-		</xsd:restriction>
-	</xsd:simpleType>
-
-
-
-
-
-</xsd:schema>

sandbox/spring-security-config/src/test/java/org/acegisecurity/AppTest.java

@@ -1,38 +0,0 @@
-package org.acegisecurity;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-/**
- * Unit test for simple App.
- */
-public class AppTest 
-    extends TestCase
-{
-    /**
-     * Create the test case
-     *
-     * @param testName name of the test case
-     */
-    public AppTest( String testName )
-    {
-        super( testName );
-    }
-
-    /**
-     * @return the suite of tests being tested
-     */
-    public static Test suite()
-    {
-        return new TestSuite( AppTest.class );
-    }
-
-    /**
-     * Rigourous Test :-)
-     */
-    public void testApp()
-    {
-        assertTrue( true );
-    }
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/BankTests.java

@@ -1,99 +0,0 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.acegisecurity;
-
-import junit.framework.TestCase;
-
-import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
-
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.context.SecurityContextImpl;
-
-import org.acegisecurity.providers.TestingAuthenticationToken;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-
-
-
-/**
- * Tests security objects.
- *
- * @author Ben Alex
- * @version $Id: BankTests.java 1496 2006-05-23 13:38:33Z benalex $
- */
-public class BankTests extends TestCase {
-    //~ Instance fields ================================================================================================
-
-    private BankService service;
-    private ClassPathXmlApplicationContext ctx;
-
-    //~ Constructors ===================================================================================================
-
-    public BankTests() {
-        super();
-    }
-
-    public BankTests(String arg0) {
-        super(arg0);
-    }
-
-    //~ Methods ========================================================================================================
-
-    private static void createSecureContext() {
-        UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("test", "test",
-                new GrantedAuthority[] {
-                    new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
-                });
-
-        SecurityContextHolder.getContext().setAuthentication(auth);
-    }
-
-    private static void destroySecureContext() {
-        SecurityContextHolder.setContext(new SecurityContextImpl());
-    }
-
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(BankTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-        ctx = new ClassPathXmlApplicationContext("org/acegisecurity/config/auto-config.xml");
-        service = (BankService) ctx.getBean("bankService");
-    }
-
-    public void testDeniedAccess() throws Exception {
-        createSecureContext();
-
-        try {
-            service.balance("1");
-            fail("Should have thrown AccessDeniedException");
-        } catch (AccessDeniedException expected) {
-            assertTrue(true);
-        }
-        destroySecureContext();
-    }
-
-    public void testListAccounts() throws Exception {
-        createSecureContext();
-        service.listAccounts();
-        destroySecureContext();
-    }
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/AuthenticationMechanismNamespaceTests.java

@@ -1,25 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import org.acegisecurity.providers.ProviderManager;
-import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-import junit.framework.TestCase;
-
-/**
- * @author vpuri
- * 
- */
-public class AuthenticationMechanismNamespaceTests extends TestCase {
-	public void testParserDefaults() {
-		ApplicationContext context = new ClassPathXmlApplicationContext(
-				"org/acegisecurity/config/remember-me-defaults.xml");
-		ProviderManager mgr = (ProviderManager) context.getBean("authenticationManager");
-		assertEquals(1, mgr.getProviders().size());
-		assertTrue(mgr.getProviders().get(0) instanceof DaoAuthenticationProvider);
-	}
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/AuthenticationProcessingFilterNamespaceTests.java

@@ -1,25 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-import junit.framework.TestCase;
-
-/**
- * @author vpuri
- *
- */
-public class AuthenticationProcessingFilterNamespaceTests extends TestCase {
-	
-	public void testAuthenticationFilterBeanDefinition() {
-		ApplicationContext context = new ClassPathXmlApplicationContext(
-		"org/acegisecurity/config/authentication-form-filter.xml");
-ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context
-		.getAutowireCapableBeanFactory();
-	}
-
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/AuthenticationRepositoryParserTest.java

@@ -1,120 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import junit.framework.TestCase;
-
-import org.acegisecurity.providers.AuthenticationProvider;
-import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
-import org.acegisecurity.providers.dao.SaltSource;
-import org.acegisecurity.providers.encoding.Md5PasswordEncoder;
-import org.acegisecurity.providers.encoding.PasswordEncoder;
-import org.acegisecurity.providers.encoding.PlaintextPasswordEncoder;
-import org.acegisecurity.userdetails.jdbc.JdbcDaoImpl;
-import org.springframework.beans.PropertyValue;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.beans.factory.config.RuntimeBeanReference;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-import org.springframework.util.Assert;
-
-/**
- * @author vpuri
- * 
- */
-public class AuthenticationRepositoryParserTest extends TestCase {
-
-	public void testAuthenticationRepositoryDefaultWithAutoUserdetails() {
-		ApplicationContext context = new ClassPathXmlApplicationContext(
-				"org/acegisecurity/config/authentication-dao-defaults.xml");
-		ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
-				.getAutowireCapableBeanFactory();
-
-		String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
-		assertEquals(1, names.length);
-
-		// check bean class
-		RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
-		assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
-
-		DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
-		Assert.isAssignable(JdbcDaoImpl.class, provider.getUserDetailsService().getClass());
-
-	}
-
-	public void testCollaboratorsAsInnerBeans() {
-		ApplicationContext context = new ClassPathXmlApplicationContext(
-				"org/acegisecurity/config/authentication-innerbeans.xml");
-		ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
-				.getAutowireCapableBeanFactory();
-		// get the main bean definition, there should be only one
-		String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
-		assertEquals(1, names.length);
-		RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
-		assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
-
-		// get the 2 inner beans
-		PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
-		assertEquals("saltSource", saltSourceBean.getName());
-
-		// get the BeanDefinition
-		RootBeanDefinition saltsourceDef = (RootBeanDefinition) saltSourceBean.getValue();
-		Assert.isAssignable(SaltSource.class, saltsourceDef.getBeanClass());
-
-		PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
-		assertEquals("passwordEncoder", encoder.getName());
-
-		// get the BeanDefinition
-		RootBeanDefinition encoderDef = (RootBeanDefinition) encoder.getValue();
-		Assert.isAssignable(PasswordEncoder.class, encoderDef.getBeanClass());
-
-		assertEquals("incorrect bean class name", encoderDef.getBeanClassName(), Md5PasswordEncoder.class.getName());
-	}
-
-	public void testCollaboratorsAsBeanRef() {
-		ApplicationContext context = new ClassPathXmlApplicationContext(
-				"org/acegisecurity/config/authentication-beanRef-attributes.xml");
-		ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
-				.getAutowireCapableBeanFactory();
-		// get the main bean definition, there should be only one
-		String[] names = clbf.getBeanNamesForType(AuthenticationProvider.class);
-		assertEquals(1, names.length);
-		RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
-		assertEquals(DaoAuthenticationProvider.class, definition.getBeanClass());
-
-		// get the referred collaborators
-
-		PropertyValue userDetailsBean = definition.getPropertyValues().getPropertyValue("userDetailsService");
-		assertEquals("userDetailsService", userDetailsBean.getName());
-
-		PropertyValue saltSourceBean = definition.getPropertyValues().getPropertyValue("saltSource");
-		assertEquals("saltSource", saltSourceBean.getName());
-
-		// get the BeanDefinition
-		RuntimeBeanReference saltsourceDef = (RuntimeBeanReference) saltSourceBean.getValue();
-		assertEquals("refToSaltSource", saltsourceDef.getBeanName());
-
-		PropertyValue encoder = definition.getPropertyValues().getPropertyValue("passwordEncoder");
-		assertEquals("passwordEncoder", encoder.getName());
-
-		// get the BeanDefinition
-		RuntimeBeanReference encoderDef = (RuntimeBeanReference) encoder.getValue();
-		assertEquals("refToPasswordEncoder", encoderDef.getBeanName());
-
-		DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
-		assertTrue(provider.getPasswordEncoder() instanceof PasswordEncoder);
-		assertEquals(Md5PasswordEncoder.class, provider.getPasswordEncoder().getClass());
-	}
-
-	public void testAutodetectionOfUserDetailsService() {
-		ApplicationContext context = new ClassPathXmlApplicationContext(
-				"org/acegisecurity/config/authentication-defaults.xml");
-		DaoAuthenticationProvider provider = (DaoAuthenticationProvider) context.getBean("authenticationRepository");
-		assertNotNull(provider.getUserDetailsService());
-		assertNull(provider.getSaltSource());
-		assertEquals(PlaintextPasswordEncoder.class, provider.getPasswordEncoder().getClass());
-
-	}
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/AuthorizationManagerBeanDefinitionParserTests.java

@@ -1,31 +0,0 @@
-package org.acegisecurity.config;
-
-import java.util.List;
-
-import junit.framework.TestCase;
-
-import org.acegisecurity.AccessDecisionManager;
-import org.acegisecurity.vote.AuthenticatedVoter;
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.beans.factory.support.ManagedList;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-public class AuthorizationManagerBeanDefinitionParserTests extends TestCase {
-
-	public void testParsingBeanDefinition() {
-		ApplicationContext context = new ClassPathXmlApplicationContext(
-				"org/acegisecurity/config/authorization-manager.xml");
-		ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
-		String[] beanNames = bf.getBeanNamesForType(AccessDecisionManager.class);
-		assertEquals(1, beanNames.length);
-		BeanDefinition def = (RootBeanDefinition) bf.getBeanDefinition(beanNames[0]);
-		assertNotNull(def);
-		List decisionVoters = (ManagedList) def.getPropertyValues().getPropertyValue("decisionVoters").getValue();
-		assertEquals(2, decisionVoters.size());
-		assertEquals("org.acegisecurity.vote.RoleVoter", ((BeanDefinition) decisionVoters.get(0)).getBeanClassName());
-		assertEquals("org.acegisecurity.vote.AuthenticatedVoter", ((BeanDefinition) decisionVoters.get(1)).getBeanClassName());
-	}
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/AutoConfigBeanDefinitionParserTests.java

@@ -1,105 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import java.lang.reflect.Field;
-import java.util.Map;
-
-import junit.framework.TestCase;
-
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
-import org.acegisecurity.intercept.method.MethodDefinitionSource;
-import org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor;
-import org.acegisecurity.ui.logout.LogoutFilter;
-import org.acegisecurity.ui.logout.LogoutHandler;
-import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
-import org.acegisecurity.ui.rememberme.RememberMeServices;
-import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-import org.springframework.util.ReflectionUtils;
-
-/**
- * @author Vishal Puri
- * 
- */
-public class AutoConfigBeanDefinitionParserTests extends TestCase {
-
-	private ApplicationContext context;
-
-	private ConfigurableListableBeanFactory bf;
-
-	// ~ Methods
-	// ========================================================================================================
-
-	public void setUp() {
-		this.context = new ClassPathXmlApplicationContext("org/acegisecurity/config/auto-config.xml");
-		this.bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
-	}
-
-	public void testContextBeanDefinitionCreated() {
-		String[] names = bf.getBeanNamesForType(HttpSessionContextIntegrationFilter.class);
-		assertEquals(1, names.length);
-		HttpSessionContextIntegrationFilter filter = (HttpSessionContextIntegrationFilter) bf.getBean(names[0]);
-		// check properties
-		// get the bean
-		assertTrue(filter.isAllowSessionCreation());
-		assertFalse(filter.isForceEagerSessionCreation());
-		assertFalse(filter.isCloneFromHttpSession());
-	}
-
-	public void testLogoutFilterDefinitionCreatedWithDefaults() throws Exception {
-		String[] names = bf.getBeanNamesForType(LogoutFilter.class);
-		assertEquals(1, names.length);
-		LogoutFilter filter = (LogoutFilter) context.getBean(names[0]);
-		assertNotNull(filter);
-		Field logoutSuccessUrl = makeAccessibleAndGetFieldByName(filter.getClass().getDeclaredFields(),
-				"logoutSuccessUrl");
-		String value = (String) logoutSuccessUrl.get(filter);
-		assertEquals("/", value);
-		Field handlers = makeAccessibleAndGetFieldByName(filter.getClass().getDeclaredFields(), "handlers");
-		assertNotNull(handlers);
-		LogoutHandler[] handlersArray = (LogoutHandler[]) handlers.get(filter);
-		assertEquals(2, handlersArray.length);
-	}
-
-	public void testExceptionTranslationFilterCreatedwithDefaults() throws Exception {
-		Map map = bf.getBeansOfType(AuthenticationProcessingFilter.class);
-		AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) map.values().iterator().next();
-		AuthenticationManager authMgr = filter.getAuthenticationManager();
-		assertNotNull(authMgr);
-		RememberMeServices remMeServices = filter.getRememberMeServices();
-		assertNotNull(remMeServices);
-		assertEquals("/acegilogin.jsp?login_error=1", filter.getAuthenticationFailureUrl());
-		assertEquals("/", filter.getDefaultTargetUrl());
-	}
-
-	public void testRememberMePRocessingFilterCreatedWithDefaults() {
-		Map map = bf.getBeansOfType(RememberMeProcessingFilter.class);
-		RememberMeProcessingFilter filter = (RememberMeProcessingFilter) map.values().iterator().next();
-	}
-
-	public void testMethodDefinitionSourceAdvisorCreatedWithDefaults() throws Exception {
-		Map map = bf.getBeansOfType(MethodDefinitionSourceAdvisor.class);
-		assertEquals(1, map.size());
-		MethodDefinitionSourceAdvisor advisor = (MethodDefinitionSourceAdvisor) map.values().iterator().next();
-		Field transactionAttributeSource = makeAccessibleAndGetFieldByName(advisor.getClass().getDeclaredFields(), "transactionAttributeSource");
-		assertNotNull(transactionAttributeSource);
-		assertTrue(transactionAttributeSource.get(advisor) instanceof MethodDefinitionSource);
-	}
-
-	private Field makeAccessibleAndGetFieldByName(Field[] declaredFields, String name) {
-		Field field = null;
-		for (int i = 0, n = declaredFields.length; i < n; i++) {
-			ReflectionUtils.makeAccessible(declaredFields[i]);
-			if (declaredFields[i].getName().equals(name)) {
-				return declaredFields[i];
-			}
-		}
-		return field;
-	}
-
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/ExceptionTranslationParserTests.java

@@ -1,79 +0,0 @@
-package org.acegisecurity.config;
-
-import java.beans.FeatureDescriptor;
-import java.lang.reflect.Field;
-import java.util.Arrays;
-
-import javax.servlet.Filter;
-
-import junit.framework.TestCase;
-
-import org.acegisecurity.ui.AccessDeniedHandler;
-import org.acegisecurity.ui.AccessDeniedHandlerImpl;
-import org.acegisecurity.ui.ExceptionTranslationFilter;
-import org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;
-import org.springframework.beans.PropertyValue;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.beans.factory.config.RuntimeBeanReference;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-import org.springframework.util.ReflectionUtils;
-
-public class ExceptionTranslationParserTests extends TestCase {
-
-	public void testParsingBeanReferences() {
-		ApplicationContext context = new ClassPathXmlApplicationContext(
-				"org/acegisecurity/config/exception-translation-beanref.xml");
-		ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context
-				.getAutowireCapableBeanFactory();
-		String[] beanNames = factory.getBeanNamesForType(ExceptionTranslationFilter.class);
-		assertEquals(1, beanNames.length);
-		RootBeanDefinition def = (RootBeanDefinition) factory.getBeanDefinition(beanNames[0]);
-		assertEquals(ExceptionTranslationFilter.class.getName(), def.getBeanClassName());
-		// check collaborators
-		PropertyValue accessDeniedHandler = def.getPropertyValues().getPropertyValue("accessDeniedHandler");
-		assertNotNull(accessDeniedHandler);
-		assertEquals(accessDeniedHandler.getValue(), new RuntimeBeanReference("theBeanToUse"));
-		PropertyValue entryPoint = def.getPropertyValues().getPropertyValue("authenticationEntryPoint");
-		assertNotNull(entryPoint);
-		assertEquals(entryPoint.getValue(), new RuntimeBeanReference("authenticationProcessingFilterEntryPoint"));
-	}
-
-	public void testRuntimeBeanDependencies() {
-		ApplicationContext context = new ClassPathXmlApplicationContext(
-				"org/acegisecurity/config/exception-translation-beanref.xml");
-		ExceptionTranslationFilter filter = (ExceptionTranslationFilter) context.getBean("exceptionTranslationFilter");
-		AuthenticationProcessingFilterEntryPoint entryPoint = (AuthenticationProcessingFilterEntryPoint) filter
-				.getAuthenticationEntryPoint();
-		assertEquals("/acegilogin.jsp", entryPoint.getLoginFormUrl());
-		assertFalse(entryPoint.getForceHttps());
-
-	}
-
-	public void testAutoDetectionOfDefaultDependencies() throws Exception {
-		ApplicationContext context = new ClassPathXmlApplicationContext(
-				"org/acegisecurity/config/exception-translation-autodetect-handler.xml");
-		ExceptionTranslationFilter filter = (ExceptionTranslationFilter) context.getBean("exceptionTranslationFilter");
-		Field field = makeAccessibleAndGetFieldByName(filter.getClass().getDeclaredFields(), "accessDeniedHandler");
-		assertTrue(field.get(filter) instanceof AccessDeniedHandler);
-		AccessDeniedHandlerImpl accessDeniedHandler = (AccessDeniedHandlerImpl) field
-				.get(filter);
-		Field f = makeAccessibleAndGetFieldByName(accessDeniedHandler.getClass().getDeclaredFields(), "errorPage");
-		assertEquals("errorPage",f.getName());
-		String value = (String) f.get(accessDeniedHandler);
-		assertEquals("/accessDenied.jsp", value);
-	}
-
-	private Field makeAccessibleAndGetFieldByName(Field[] fields, String name) {
-		Field field = null;
-		for (int i = 0, n = fields.length; i < n; i++) {
-			ReflectionUtils.makeAccessible(fields[i]);
-			if (fields[i].getName().equals(name)) {
-				return fields[i];
-			}
-		}
-		return field;
-	}
-
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/FilterSecurityInterceptorBeanDefinitionParserTests.java

@@ -1,35 +0,0 @@
-package org.acegisecurity.config;
-
-import junit.framework.TestCase;
-
-import org.acegisecurity.AccessDecisionManager;
-import org.acegisecurity.intercept.web.FilterSecurityInterceptor;
-import org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap;
-import org.acegisecurity.vote.AffirmativeBased;
-import org.springframework.beans.PropertyValue;
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-/**
- * @author Vishal Puri
- */
-public class FilterSecurityInterceptorBeanDefinitionParserTests extends TestCase {
-
-	public void testParsingBeanDefinition() {
-		ApplicationContext context = new ClassPathXmlApplicationContext(
-				"org/acegisecurity/config/authorization-http-config.xml");
-		ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
-		String[] beanNames = bf.getBeanNamesForType(FilterSecurityInterceptor.class);
-		assertEquals(1, beanNames.length);
-		BeanDefinition def = bf.getBeanDefinition(beanNames[0]);
-		assertEquals(2, def.getPropertyValues().size());
-		PropertyValue objectDefinitionSource = def.getPropertyValues().getPropertyValue("objectDefinitionSource");
-		assertTrue(objectDefinitionSource.getValue() instanceof RegExpBasedFilterInvocationDefinitionMap);
-		PropertyValue accessDecisionManager = def.getPropertyValues().getPropertyValue("accessDecisionManager");
-		BeanDefinition definition = (RootBeanDefinition) accessDecisionManager.getValue() ;
-		assertEquals("org.acegisecurity.vote.AffirmativeBased" , definition.getBeanClassName());
-	}
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/HttpSessionContextIntegrationParserTest.java

@@ -1,44 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import javax.servlet.Filter;
-
-import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-
-import junit.framework.TestCase;
-
-/**
- * @author vpuri
- *
- */
-public class HttpSessionContextIntegrationParserTest extends TestCase {
-	
-	public void testApplicationContext() {
-		ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/session-context-integration-defaults.xml");
-		ConfigurableListableBeanFactory clbf = 
-			(ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
-		
-		String[] names = clbf.getBeanNamesForType(Filter.class);
-		assertEquals(1, names.length);
-		
-		// check bean name
-		RootBeanDefinition definition = (RootBeanDefinition)clbf.getBeanDefinition(names[0]);
-		assertEquals(HttpSessionContextIntegrationFilter.class, definition.getBeanClass());
-		
-		// check properties
-		//get the bean
-		HttpSessionContextIntegrationFilter filter = (HttpSessionContextIntegrationFilter)context.getBean("httpSessionContextIntegrationFilter");
-		assertFalse(filter.isAllowSessionCreation());
-		assertNotNull(definition.getPropertyValues().getPropertyValue("allowSessionCreation"));
-		assertFalse(filter.isForceEagerSessionCreation());
-		assertFalse(filter.isCloneFromHttpSession());
-	}
-
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/LdapAuthenticationProviderBeanDefinitionParserTests.java

@@ -1,52 +0,0 @@
-package org.acegisecurity.config;
-
-import junit.framework.TestCase;
-
-import org.acegisecurity.ldap.InitialDirContextFactory;
-import org.acegisecurity.providers.ldap.LdapAuthenticationProvider;
-import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator;
-import org.springframework.beans.PropertyValue;
-import org.springframework.beans.PropertyValues;
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
-import org.springframework.beans.factory.support.ManagedList;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-/**
- * @author Vishal Puri
- * 
- */
-public class LdapAuthenticationProviderBeanDefinitionParserTests extends TestCase {
-
-	public void testBeanDefinitionCreation() {
-		ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/ldap-config.xml");
-		ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
-		BeanDefinition def = (RootBeanDefinition) bf.getBeanDefinition("authenticationManager");
-		assertNotNull(def);
-		PropertyValues values = def.getPropertyValues();
-		PropertyValue value = values.getPropertyValue("providers");
-		assertNotNull(value);
-		ManagedList list = (ManagedList) value.getValue();
-		assertEquals(1, list.size());
-
-		RootBeanDefinition definition = (RootBeanDefinition) list.get(0);
-		assertEquals(LdapAuthenticationProvider.class, definition.getBeanClass());
-
-		assertEquals(2, definition.getConstructorArgumentValues().getArgumentCount());
-
-		ValueHolder holder = definition.getConstructorArgumentValues().getArgumentValue(0, BindAuthenticator.class);
-		assertNotNull(holder.getConvertedValue() instanceof BindAuthenticator);
-		RootBeanDefinition authenticatorDefinition = (RootBeanDefinition) holder.getValue();
-		assertEquals(1, authenticatorDefinition.getConstructorArgumentValues().getArgumentCount());
-
-		RootBeanDefinition initialContextDir = (RootBeanDefinition) authenticatorDefinition
-				.getConstructorArgumentValues().getArgumentValue(0, InitialDirContextFactory.class).getValue();
-		assertEquals("cn=manager,dc=acegisecurity,dc=org", initialContextDir.getPropertyValues().getPropertyValue(
-				"managerDn").getValue());
-		assertEquals("ldap://monkeymachine:389/dc=acegisecurity,dc=org", initialContextDir.getConstructorArgumentValues()
-				.getArgumentValue(0, String.class).getValue());
-	}
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/LogoutFilterBeanDefinitionParserTests.java

@@ -1,29 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import java.util.Map;
-
-import junit.framework.TestCase;
-
-import org.acegisecurity.ui.logout.LogoutHandler;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-/**
- * @author vpuri
- * 
- */
-public class LogoutFilterBeanDefinitionParserTests extends TestCase {
-
-	public void testLogoutFilter() {
-		ApplicationContext context = new ClassPathXmlApplicationContext(
-				"org/acegisecurity/config/logout-filter-with-handlers.xml");
-		ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
-		Map m = bf.getBeansOfType(LogoutHandler.class);
-		assertEquals(2, m.size());
-	}
-
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/NamespaceTests.java

@@ -1,22 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import junit.framework.TestCase;
-
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-/**
- * @author vpuri
- *
- */
-public class NamespaceTests extends TestCase {
-	
-		
-	public void testPass() {
-		ApplicationContext c = new ClassPathXmlApplicationContext("org/acegisecurity/config/applicationContext-acegi-security.xml");
-	}
-
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/PrincipalRepositoryNamespaceTests.java

@@ -1,65 +0,0 @@
-package org.acegisecurity.config;
-
-import junit.framework.TestCase;
-
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.userdetails.User;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
-import org.acegisecurity.userdetails.memory.UserMap;
-import org.springframework.beans.PropertyValue;
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-/**
- * @author Vishal Puri
- * 
- */
-public class PrincipalRepositoryNamespaceTests extends TestCase {
-
-	public void testParserWithUserDefinition() {
-		ApplicationContext context = new ClassPathXmlApplicationContext(
-				"org/acegisecurity/config/principal-repository-user-map.xml");
-
-		ConfigurableListableBeanFactory clbf = (ConfigurableListableBeanFactory) context
-				.getAutowireCapableBeanFactory();
-
-		String[] names = clbf.getBeanNamesForType(UserDetailsService.class);
-		assertEquals(1, names.length);
-
-		RootBeanDefinition definition = (RootBeanDefinition) clbf.getBeanDefinition(names[0]);
-		assertEquals(InMemoryDaoImpl.class, definition.getBeanClass());
-
-		UserMap map = new UserMap();
-
-		GrantedAuthority[] authotities = { new GrantedAuthorityImpl("ROLE_YO"), new GrantedAuthorityImpl("ROLE_YOYO") };
-
-		User user = new User("vishal", "nottellingya", true, true, true, true, authotities);
-
-		map.addUser(user);
-
-		assertPropertyValues(map, definition, "userMap");
-
-	}
-
-	private void assertPropertyValues(UserMap assertionValue, RootBeanDefinition definition, String property) {
-		PropertyValue propertyValue = definition.getPropertyValues().getPropertyValue(property);
-		assertNotNull(propertyValue);
-		assertTrue(propertyValue.getValue() instanceof UserMap);
-		UserMap users = (UserMap) propertyValue.getValue();
-		assertTrue(assertionValue.getUserCount() == users.getUserCount());
-		assertEquals(assertionValue.getUser("vishal"), users.getUser("vishal"));
-		assertTrue(users.getUser("vishal").isEnabled());
-		assertTrue(users.getUser("vishal").isAccountNonExpired());
-		assertTrue(users.getUser("vishal").isAccountNonLocked());
-		assertTrue(users.getUser("vishal").isCredentialsNonExpired());
-		assertEquals(2, users.getUser("vishal").getAuthorities().length);
-		assertEquals(new GrantedAuthorityImpl("ROLE_YO"), users.getUser("vishal").getAuthorities()[0]);
-		assertEquals(new GrantedAuthorityImpl("ROLE_YOYO"), users.getUser("vishal").getAuthorities()[1]);
-	}
-
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/RememberMeBeanDefinitionParserTest.java

@@ -1,19 +0,0 @@
-package org.acegisecurity.config;
-
-import junit.framework.TestCase;
-
-import org.acegisecurity.providers.ProviderManager;
-import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-
-//TODO: fix test name
-public class RememberMeBeanDefinitionParserTest extends TestCase {
-	
-	public void testParserDefaults() {
-		ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/remember-me-defaults.xml");
-		ProviderManager mgr = (ProviderManager)context.getBean("authenticationManager");
-		assertEquals(1, mgr.getProviders().size());
-		assertTrue(mgr.getProviders().get(0) instanceof DaoAuthenticationProvider);
-	}
-}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/RememberMeServicesBeanDefinitionParserTests.java

@@ -1,56 +0,0 @@
-/**
- * 
- */
-package org.acegisecurity.config;
-
-import java.lang.reflect.Field;
-import java.util.Map;
-
-import junit.framework.TestCase;
-
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
-import org.acegisecurity.ui.rememberme.RememberMeServices;
-import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.springframework.beans.PropertyValue;
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.beans.factory.support.RootBeanDefinition;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-import org.springframework.util.ReflectionUtils;
-
-/**
- * @author Vishal Puri
- *
- */
-public class RememberMeServicesBeanDefinitionParserTests extends TestCase {
-	
-	public void testFilterConfiguration() {
-		ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/remember-me-defaults.xml");
-		ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory)context.getAutowireCapableBeanFactory();
-		String[] names = bf.getBeanNamesForType(RememberMeProcessingFilter.class);
-		assertEquals(1, names.length);
-		RootBeanDefinition definition = (RootBeanDefinition)bf.getBeanDefinition(names[0]);
-		assertEquals(definition.getBeanClass(), RememberMeProcessingFilter.class);
-	}
-	
-	public void testRuntimeAutoDetectionOfDependencies() throws Exception {
-		ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/remember-me-autodetect.xml");
-		ConfigurableListableBeanFactory factory = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
-		Map map = factory.getBeansOfType(RememberMeProcessingFilter.class);
-		RememberMeProcessingFilter filter = (RememberMeProcessingFilter)map.values().iterator().next();
-		RememberMeServices services = filter.getRememberMeServices();
-		assertNotNull(services);
-		TokenBasedRememberMeServices rememberMeServices = (TokenBasedRememberMeServices)services;
-		UserDetailsService ud = rememberMeServices.getUserDetailsService();
-		assertNotNull(ud);
-		Field field = filter.getClass().getDeclaredField("authenticationManager");
-		ReflectionUtils.makeAccessible(field);
-		Object obj = field.get(filter);
-		assertNotNull("authentication manager should not have been null", obj);
-		assertTrue(obj instanceof AuthenticationManager);
-	}
-
-}

sandbox/spring-security-config/src/test/resources/log4j.properties

@@ -1,12 +0,0 @@
-# Logging
-#
-
-
-log4j.rootCategory=WARN, stdout
-
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=%d %p %c - %m%n
-
-log4j.category.org.acegisecurity=DEBUG
-log4j.category.org.springframework=INFO

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/applicationContext-acegi-security.xml

@@ -1,174 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!--
-		- A simple "base bones" Acegi Security configuration.
-		-
-		- The sample includes the "popular" features that people tend to use.
-		- Specifically, form authentication, remember-me, and anonymous processing.
-		- Other features aren't setup, as these can be added later by inserting
-		- the relevant XML fragments as specified in the Reference Guide.
-		-
-		- To assist new users, the filters specified in the FilterChainProxy are
-		- declared in the application context in the same order. Collaborators
-		- required by those filters are placed at the end of the file.
-		-
-		- $Id: applicationContext-acegi-security.xml 1833 2007-05-17 23:06:46Z vishalpuri $
-	-->
-
-
-	<bean id="filterChainProxy"
-		class="org.acegisecurity.util.FilterChainProxy">
-		<property name="filterInvocationDefinitionSource">
-			<value>
-				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-				PATTERN_TYPE_APACHE_ANT
-				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
-			</value>
-		</property>
-	</bean>
-
-	<!-- sessionCreation defaults to ifRequired(true) always(true) never(false) . -->
-	<security:session-context-integration
-		id="httpSessionContextIntegrationFilter" sessionCreation="ifRequired" />
-
-
-	<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
-	<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
-	<security:logout-support id="logoutFilter"
-		redirectAfterLogoutUrl="/index.jsp" logoutUrl="/j_acegi_logout" />
-
-	<security:authentication-remember-me-services
-		id="rememberMeServices" key="someValue" />
-
-
-	<bean id="securityContextLogoutHandler"
-		class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
-
-	<!--  the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
-	<security:authentication-form id="authenticationProcessingFilter"
-		authenticationUrl="/j_acegi_security_check" defaultTargetUrl="/"
-		errorFormUrl="/acegilogin.jsp?login_error=1" />
-
-	<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order  -->
-	<security:authentication-mechanism id="authenticationManager">
-		<security:authentication-jdbc ref="daoAuthenticationProvider" />
-	</security:authentication-mechanism>
-
-
-	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
-	<security:principal-repository id="userDetailsService">
-		<security:properties
-			resource="classpath:org/acegisecurity/config/user.properties" />
-	</security:principal-repository>
-
-	<!-- dao authentication provider "authenticationRepository" -->
-	<security:authentication-repository id="daoAuthenticationProvider" />
-
-
-	<bean id="securityContextHolderAwareRequestFilter"
-		class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
-
-	<!-- makes the filter, but does little else, as it auto-detects everything -->
-	<security:authentication-remember-me-filter
-		id="rememberMeProcessingFilter" />
-
-	<bean id="anonymousProcessingFilter"
-		class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
-		<property name="key" value="changeThis" />
-		<property name="userAttribute"
-			value="anonymousUser,ROLE_ANONYMOUS" />
-	</bean>
-
-	<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it; 
-		alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
-		other props; i do not mind if you move the access denied stuff to a sub-element -->
-	<security:exception-translation id="exceptionTranslationFilter">
-		<security:entry-point
-			entryPointBeanRef="authenticationEntryPoint" />
-	</security:exception-translation>
-
-
-	<bean id="authenticationEntryPoint"
-		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
-		<property name="loginFormUrl" value="/acegilogin.jsp" />
-		<property name="forceHttps" value="false" />
-	</bean>
-
-
-	<bean id="accessDeniedHandler"
-		class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
-		<property name="errorPage" value="/accessDenied.jsp" />
-	</bean>
-
-
-	<bean id="filterInvocationInterceptor"
-		class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
-		<property name="authenticationManager"
-			ref="authenticationManager" />
-		<property name="accessDecisionManager">
-			<bean class="org.acegisecurity.vote.AffirmativeBased">
-				<property name="allowIfAllAbstainDecisions"
-					value="false" />
-				<property name="decisionVoters">
-					<list>
-						<bean class="org.acegisecurity.vote.RoleVoter" />
-						<bean
-							class="org.acegisecurity.vote.AuthenticatedVoter" />
-					</list>
-				</property>
-			</bean>
-		</property>
-		<property name="objectDefinitionSource">
-			<value>
-				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-				PATTERN_TYPE_APACHE_ANT
-				/acegilogin.jsp=IS_AUTHENTICATED_ANONYMOUSLY
-				/**=IS_AUTHENTICATED_REMEMBERED
-
-			</value>
-		</property>
-	</bean>
-
-
-	<!--<bean id="authenticationManager"
-		class="org.acegisecurity.providers.ProviderManager">
-		<property name="providers">
-		<list>
-		<ref local="daoAuthenticationProvider" />
-		<bean
-		class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
-		<property name="key" value="changeThis" />
-		</bean>
-		<bean
-		class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
-		<property name="key" value="changeThis" />
-		</bean>
-		</list>
-		</property>
-		</bean>-->
-
-	<bean id="userCache"
-		class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
-		<property name="cache">
-			<bean
-				class="org.springframework.cache.ehcache.EhCacheFactoryBean">
-				<property name="cacheManager">
-					<bean
-						class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
-				</property>
-				<property name="cacheName" value="userCache" />
-			</bean>
-		</property>
-	</bean>
-
-	<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
-	<bean id="loggerListener"
-		class="org.acegisecurity.event.authentication.LoggerListener" />
-
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authentication-basic-filter.xml

@@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- AuthenticationEntryPoints handled across the system via Ordered interface; every Acegi entry point has an order; the highest order wins and
-		is used as the entry point by ExceptionTranslationFilter; for things like BasicAuthenticationfilter, they're smart enough to know they need a
-		BasicAuthenticationProcessingFilterEntryPoint, so they use that one; here we have an entryPointOrder to say when we make the BasicEntryPoint,
-		we will call setOrder(2) such that this app effectively will use somehing with a higher order as the app-wide default -->
-	<security:authentication-basic id="id"
-		realmName="Spring Security Application" entryPointOrder="2" />
-
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authentication-beanRef-attributes.xml

@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<security:authentication-repository id="authenticationRepository" repositoryBeanRef="refToUserDetailsService">
-		<security:salt-source saltSourceBeanRef="refToSaltSource"/>
-		<security:password-encoder encoderBeanRef="refToPasswordEncoder"/>		
-	</security:authentication-repository>
-
-	<bean id="refToUserDetailsService"
-		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
-		<property name="dataSource">
-			<ref bean="dataSource" />
-		</property>
-	</bean>
-
-	<bean id="dataSource"
-		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
-		<property name="driverClassName">
-			<value>org.hsqldb.jdbcDriver</value>
-		</property>
-		<property name="url">
-			<value>jdbc:hsqldb:mem:test</value>
-			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
-		</property>
-		<property name="username">
-			<value>sa</value>
-		</property>
-		<property name="password">
-			<value></value>
-		</property>
-	</bean>
-	
-	<bean id="refToSaltSource"
-		class="org.acegisecurity.providers.dao.salt.SystemWideSaltSource">
-		<property name="systemWideSalt">
-			<value>12345</value>
-		</property>
-	</bean>
-
-	<bean id="refToPasswordEncoder"
-		class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
-	
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authentication-dao-defaults.xml

@@ -1,54 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- Case 1: defaults (userDetailsService mandatory)-->
-	<!--  autocreate userDetailsService with dataSource(search in ctx) injected -->
-
-	<security:authentication-repository id="authenticationRepository">
-		<security:password-encoder encoderBeanRef="passwordEncoder" />
-	</security:authentication-repository>
-
-	<bean id="userDetailsService"
-		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
-		<property name="dataSource">
-			<ref bean="dataSource" />
-		</property>
-	</bean>
-
-	<bean id="dataSource"
-		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
-		<property name="driverClassName">
-			<value>org.hsqldb.jdbcDriver</value>
-		</property>
-		<property name="url">
-			<value>jdbc:hsqldb:mem:test</value>
-			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
-		</property>
-		<property name="username">
-			<value>sa</value>
-		</property>
-		<property name="password">
-			<value></value>
-		</property>
-	</bean>
-
-	<bean id="saltSource"
-		class="org.acegisecurity.providers.dao.salt.SystemWideSaltSource">
-		<property name="systemWideSalt">
-			<value>12345</value>
-		</property>
-	</bean>
-
-	<bean id="passwordEncoder"
-		class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authentication-defaults.xml

@@ -1,40 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<security:authentication-repository id="authenticationRepository"/>
-
-	<bean id="userDetailsService"
-		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
-		<property name="dataSource">
-			<ref bean="dataSource" />
-		</property>
-	</bean>
-
-	<bean id="dataSource"
-		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
-		<property name="driverClassName">
-			<value>org.hsqldb.jdbcDriver</value>
-		</property>
-		<property name="url">
-			<value>jdbc:hsqldb:mem:test</value>
-			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
-		</property>
-		<property name="username">
-			<value>sa</value>
-		</property>
-		<property name="password">
-			<value></value>
-		</property>
-	</bean>
-	
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authentication-form-filter.xml

@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-
-	<!--  the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
-	<security:authentication-form id="authenticationProcessinFilter"
-		authenticationUrl="/login" defaultTargetUrl="/login.html"
-		errorFormUrl="error.html" />
-
-	<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order  -->
-	<security:authentication-mechanism id="authenticationManager">
-		<security:authentication-jdbc ref="authenticationRepository"/>
-	</security:authentication-mechanism>
-
-	<!-- dao authentication provider -->
-	<security:authentication-repository id="authenticationRepository" repositoryBeanRef="userDetailsService"/>
-
-	<security:authentication-remember-me-services
-		id="rememberMeServices" key="someValue" />
-
-	<bean id="userDetailsService"
-		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
-		<property name="dataSource">
-			<ref bean="dataSource" />
-		</property>
-	</bean>
-
-	<bean id="dataSource"
-		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
-		<property name="driverClassName">
-			<value>org.hsqldb.jdbcDriver</value>
-		</property>
-		<property name="url">
-			<value>jdbc:hsqldb:mem:test</value>
-			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
-		</property>
-		<property name="username">
-			<value>sa</value>
-		</property>
-		<property name="password">
-			<value></value>
-		</property>
-	</bean>
-
-
-</beans>
-

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authentication-innerbeans.xml

@@ -1,50 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- Case 1: defaults (userDetailsService mandatory)-->
-	<!--  autocreate userDetailsService with dataSource(search in ctx) injected -->
-
-	<security:authentication-repository id="authenticationRepository">
-		<security:salt-source>
-			<security:system-wide systemWideSalt="12345" />
-		</security:salt-source>
-		<security:password-encoder>
-			<security:encoder method="md5" />
-		</security:password-encoder>
-	</security:authentication-repository>
-
-	<bean id="AnyBeanIdAsThisBeanWillBeAutoDetectedAndInjectedInauthenticationRepositoryUsingAutoWireByType"
-		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
-		<property name="dataSource">
-			<ref bean="dataSource" />
-		</property>
-	</bean>
-
-	<bean id="dataSource"
-		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
-		<property name="driverClassName">
-			<value>org.hsqldb.jdbcDriver</value>
-		</property>
-		<property name="url">
-			<value>jdbc:hsqldb:mem:test</value>
-			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
-		</property>
-		<property name="username">
-			<value>sa</value>
-		</property>
-		<property name="password">
-			<value></value>
-		</property>
-	</bean>
-	
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authorization-http-config.xml

@@ -1,59 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- ensure element name is not overlapping with portlet or spring web flow or tapestry URI patterns, 
-		as this filter is incompatible with them -->
-
-	<import resource="remember-me-defaults.xml" />
-
-	<security:authorization-http-url id="authorizationhttp">
-		<security:url-mapping source="xml">
-			<!-- Specify security:uri-patterns in order of processing; each pattern must specify EITHER a 
-				regularExpression OR a path, but not both and ALL patterns in the url-mapping MUST be of the 
-				SAME type (ie cannot mix a regular expression and Ant Path) - give exception if tried -->
-			<security:uri-pattern regularExpression="/**">
-				<security:configuration-attribute attribute="ROLE_A" />
-				<security:configuration-attribute attribute="ROLE_B" />
-			</security:uri-pattern>
-			<security:uri-pattern regularExpression="whatever">
-				<security:configuration-attribute attribute="ROLE_A" />
-			</security:uri-pattern>
-		</security:url-mapping>
-	</security:authorization-http-url>
-
-
-
-	<!--<bean id="filterInvocationInterceptor"
-		class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
-		<property name="authenticationManager"
-		ref="authenticationManager" />
-		<property name="accessDecisionManager">
-		<bean class="org.acegisecurity.vote.AffirmativeBased">
-		<property name="allowIfAllAbstainDecisions"
-		value="false" />
-		<property name="decisionVoters">
-		<list>
-		<bean class="org.acegisecurity.vote.RoleVoter" />
-		<bean
-		class="org.acegisecurity.vote.AuthenticatedVoter" />
-		</list>
-		</property>
-		</bean>
-		</property>
-		<property name="objectDefinitionSource">
-		<value>
-		CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-		PATTERN_TYPE_APACHE_ANT
-		/acegilogin.jsp=IS_AUTHENTICATED_ANONYMOUSLY
-		/**=IS_AUTHENTICATED_REMEMBERED
-		
-		</value>
-		</property>
-		</bean>
-	-->
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authorization-manager.xml

@@ -1,21 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-
-	<!-- 
-		creates a bean definition for an AccessDecisionManager; strategy defaults to 
-		AffirmativeBased; superclass AbstractAccessDecisionManager requires refactoring 
-		so if no setProvider(List) given, it introspects app ctx for all AccessDecisionVoters
-		and uses their Ordered interface to apply them; if one doesn't implement Ordered, 
-		assume it is Integer.MAX_VALUE 
-	-->
-	<security:authorization-manager id="id" strategy="affirmative">
-		<security:role-voter />
-		<security:authenticated-voter />
-	</security:authorization-manager>
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authorization-method-annotations.xml

@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- 
-		the source refers to use of the relevant concete ObjectDefinitionSource; 
-		user can alternately specify their own instance and refer to it
-		via the sourceBeanId property; in that case they must specify "custom"; 
-		if unspecified, it means it's described as nested elements using the
-		security:method-pattern element, and you will therefore create it via 
-		the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
-		For aspectj and springAop, that means create a MethodSecurityInterceptor and 
-		AspectJSecurityInterceptor bean definition respectively (in the case of
-		springAop, also create a MethodDefinitionSourceAdvisor); defaults to 
-		springAop=true, aspectJ=false 
-	-->
-	<import resource="remember-me-defaults.xml" />
-	<import resource="authorization-manager.xml"/>
-
-	<security:authorization-joinpoint id="methodInterceptor"
-		springAop="true" >
-		<security:url-mapping source="annotations">
-			<security:method-pattern
-				type="org.acegisecurity.BankServiceImpl.listAccounts">
-				<security:configuration-attribute attribute="ROLE_A" />
-				<security:configuration-attribute attribute="ROLE_B" />
-			</security:method-pattern>
-		</security:url-mapping>
-	</security:authorization-joinpoint>
-
-
-
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authorization-method-aspectj.xml

@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- 
-		the source refers to use of the relevant concete ObjectDefinitionSource; 
-		user can alternately specify their own instance and refer to it
-		via the sourceBeanId property; in that case they must specify "custom"; 
-		if unspecified, it means it's described as nested elements using the
-		security:method-pattern element, and you will therefore create it via 
-		the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
-		For aspectj and springAop, that means create a MethodSecurityInterceptor and 
-		AspectJSecurityInterceptor bean definition respectively (in the case of
-		springAop, also create a MethodDefinitionSourceAdvisor); defaults to 
-		springAop=true, aspectJ=false 
-	-->
-	<import resource="remember-me-defaults.xml" />
-	<import resource="authorization-manager.xml"/>
-
-	<security:authorization-joinpoint id="methodInterceptor"
-		aspectj="true" >
-		<security:url-mapping source="annotations">
-			<security:method-pattern
-				type="org.acegisecurity.BankServiceImpl.listAccounts">
-				<security:configuration-attribute attribute="ROLE_A" />
-				<security:configuration-attribute attribute="ROLE_B" />
-			</security:method-pattern>
-		</security:url-mapping>
-	</security:authorization-joinpoint>
-
-
-
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authorization-method-attributes.xml

@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- 
-		the source refers to use of the relevant concete ObjectDefinitionSource; 
-		user can alternately specify their own instance and refer to it
-		via the sourceBeanId property; in that case they must specify "custom"; 
-		if unspecified, it means it's described as nested elements using the
-		security:method-pattern element, and you will therefore create it via 
-		the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
-		For aspectj and springAop, that means create a MethodSecurityInterceptor and 
-		AspectJSecurityInterceptor bean definition respectively (in the case of
-		springAop, also create a MethodDefinitionSourceAdvisor); defaults to 
-		springAop=true, aspectJ=false 
-	-->
-	<import resource="remember-me-defaults.xml" />
-	<import resource="authorization-manager.xml"/>
-
-	<security:authorization-joinpoint id="methodInterceptor"
-		springAop="true" >
-		<security:url-mapping source="attributes">
-			<security:method-pattern
-				type="org.acegisecurity.BankServiceImpl.listAccounts">
-				<security:configuration-attribute attribute="ROLE_A" />
-				<security:configuration-attribute attribute="ROLE_B" />
-			</security:method-pattern>
-		</security:url-mapping>
-	</security:authorization-joinpoint>
-
-
-
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authorization-method.xml

@@ -1,56 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- 
-		the source refers to use of the relevant concete ObjectDefinitionSource; 
-		user can alternately specify their own instance and refer to it
-		via the sourceBeanId property; in that case they must specify "custom"; 
-		if unspecified, it means it's described as nested elements using the
-		security:method-pattern element, and you will therefore create it via 
-		the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
-		For aspectj and springAop, that means create a MethodSecurityInterceptor and 
-		AspectJSecurityInterceptor bean definition respectively (in the case of
-		springAop, also create a MethodDefinitionSourceAdvisor); defaults to 
-		springAop=true, aspectJ=false 
-	-->
-	<import resource="remember-me-defaults.xml" />
-	<import resource="authorization-manager.xml"/>
-
-	<security:authorization-joinpoint id="methodInterceptor"
-		springAop="true" >
-		<security:url-mapping source="xml">
-			<security:method-pattern
-				type="org.acegisecurity.BankServiceImpl.listAccounts">
-				<security:configuration-attribute attribute="ROLE_A" />
-			</security:method-pattern>
-		</security:url-mapping>
-	</security:authorization-joinpoint>
-
-
-	<!-- 
-		<bean id="methodSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
-		<property name="validateConfigAttributes"><value>true</value></property>
-		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
-		<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
-		<property name="runAsManager"><ref bean="runAsManager"/></property>
-		<property name="afterInvocationManager"><ref bean="afterInvocationManager"/></property>
-		<property name="objectDefinitionSource">
-		<value>
-		org.acegisecurity.context.BankManager.delete*=ROLE_SUPERVISOR,RUN_AS_SERVER
-		org.acegisecurity.context.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR,BANKSECURITY_CUSTOMER,RUN_AS_SERVER
-		</value>
-		</property>
-		</bean> 
-	-->
-
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/auto-config.xml

@@ -1,32 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- 
-		<security:autodetect>
-		really behind the scenes will create an annotations-based
-		MethodSecurityInterceptor with the MethodDefinitionSourceAdvisor that
-		automatically detects annotated interfaces. So basically edit the
-		Clinic interface and pop @Secured("ROLE_SUPERVISOR") onto the storeVisit
-		method, re-run the app, and prove to the users that only users with
-		ROLE_SUPERVISOR in their properties file are now able to store a visit
-		to the clinic.
-	-->
-	<security:autoconfig/>
-	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
-	<security:principal-repository id="userDetailsService">
-		<security:properties
-			resource="classpath:org/acegisecurity/config/user.properties" />
-	</security:principal-repository>
-	
-	<bean id="bankService" class="org.acegisecurity.BankServiceImpl"/>
-	
-	
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/exception-translation-autodetect-handler.xml

@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-
-	<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it; 
-		alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
-		other props; i do not mind if you move the access denied stuff to a sub-element -->
-	<security:exception-translation id="exceptionTranslationFilter">
-		<security:entry-point
-			entryPointBeanRef="authenticationProcessingFilterEntryPoint" />
-		<!--<security:access-denied accessDeniedBeanRef="theBeanToUse" />-->
-	</security:exception-translation>
-
-	<bean id="theBeanToUse"
-		class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
-		<property name="errorPage" value="/accessDenied.jsp" />
-	</bean>
-
-	<!--<bean id="anotherBeanToUse"
-		class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
-		<property name="errorPage" value="/accessDenied.jsp" />
-		</bean>-->
-		
-	<bean id="authenticationProcessingFilterEntryPoint"
-		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
-		<property name="loginFormUrl">
-			<value>/acegilogin.jsp</value>
-		</property>
-		<property name="forceHttps">
-			<value>false</value>
-		</property>
-	</bean>
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/exception-translation-beanref.xml

@@ -1,38 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-
-	<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it; 
-		alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
-		other props; i do not mind if you move the access denied stuff to a sub-element -->
-	<security:exception-translation id="exceptionTranslationFilter">
-		<security:entry-point
-			entryPointBeanRef="authenticationProcessingFilterEntryPoint" />
-			<security:access-denied accessDeniedBeanRef="theBeanToUse" />
-	</security:exception-translation>
-
-	<bean id="theBeanToUse"
-		class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
-		<property name="errorPage" value="/accessDenied.jsp" />
-	</bean>
-
-	<bean id="authenticationProcessingFilterEntryPoint"
-		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
-		<property name="loginFormUrl">
-			<value>/acegilogin.jsp</value>
-		</property>
-		<property name="forceHttps">
-			<value>false</value>
-		</property>
-	</bean>
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/ldap-config.xml

@@ -1,73 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:beans="http://www.springframework.org/schema/beans"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd  	
-	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order  -->
-	<security:authentication-mechanism id="authenticationManager">
-		<security:authentication-ldap 
-			ldapUrl="ldap://monkeymachine:389/dc=acegisecurity,dc=org"
-			managerDn="cn=manager,dc=acegisecurity,dc=org"
-			managerPassword="password" groupSearchBase="ou=groups"
-			groupRoleAttribute="ou">
-			<security:property name="userDnPatterns">
-				<list>
-					<value>uid={0},ou=people</value>
-				</list>
-			</security:property>
-		</security:authentication-ldap>
-	</security:authentication-mechanism>
-
-
-	<!--<bean id="initialDirContextFactory"
-		class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
-		<constructor-arg
-		value="ldap://monkeymachine:389/dc=acegisecurity,dc=org" />
-		<property name="managerDn">
-		<value>cn=manager,dc=acegisecurity,dc=org</value>
-		</property>
-		<property name="managerPassword">
-		<value>password</value>
-		</property>
-		</bean>
-		
-		<bean id="ldapAuthProvider"
-		class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
-		<constructor-arg>
-		<bean
-		class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
-		<constructor-arg>
-		<ref local="initialDirContextFactory" />
-		</constructor-arg>
-		<property name="userDnPatterns">
-		<list>
-		<value>uid={0},ou=people</value>
-		</list>
-		</property>
-		</bean>
-		</constructor-arg>
-		<constructor-arg>
-		<bean
-		class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
-		<constructor-arg>
-		<ref local="initialDirContextFactory" />
-		</constructor-arg>
-		<constructor-arg>
-		<value>ou=groups</value>
-		</constructor-arg>
-		<property name="groupRoleAttribute">
-		<value>ou</value>
-		</property>
-		</bean>
-		</constructor-arg>
-		</bean>
-	-->
-
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/logout-filter-with-handlers.xml

@@ -1,34 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
-	<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
-	<security:logout-support id="logoutFilter" logoutUrl="/logout" redirectAfterLogoutUrl="/"/>
-	
-	
-	
-	<security:authentication-remember-me-services
-		id="rememberMeServices" key="someValue" />
-
-	<bean id="SecurityContextLogoutHandler"
-		class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
-
-	<security:principal-repository id="userDetailsService">
-		<security:user-definition username="vishal"
-			password="nottellingya" enabled="true">
-			<security:granted-authority authority="ROLE_YO" />
-			<security:granted-authority authority="ROLE_YOYO" />
-			<!-- TODO: <security:granted-authority-ref authorityBeanRef="fooBarAuthority"/>-->
-		</security:user-definition>
-	</security:principal-repository>
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/principal-repository-jdbc.xml

@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- userDetailsService, This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
-		beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
-		If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
-		
-	<!--<security:security-autoconfig/>	-->
-	
-	<security:principal-repository id="userDetailsService">
-		<security:jdbc dataSourceBeanRef="dataSource"/>
-	</security:principal-repository>
-
-	<bean id="dataSource"
-		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
-		<property name="driverClassName">
-			<value>org.hsqldb.jdbcDriver</value>
-		</property>
-		<property name="url">
-			<value>jdbc:hsqldb:mem:test</value>
-			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
-		</property>
-		<property name="username">
-			<value>sa</value>
-		</property>
-		<property name="password">
-			<value></value>
-		</property>
-	</bean>
-	
-	<!--<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
-		<property name="dataSource" ref="dataSource"></property>
-	</bean>-->
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/principal-repository-properties.xml

@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- userDetailsService, This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
-		beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
-		If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
-		
-	<security:principal-repository id="userDetailsService">
-		<security:properties resource="classpath:org/acegisecurity/config/user.properties"/>
-	</security:principal-repository>
-	
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/principal-repository-user-map.xml

@@ -1,28 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- userDetailsService, This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
-		beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
-		If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
-		
-	<security:principal-repository id="userDetailsService">
-			<security:user-definition username="vishal" password="nottellingya" enabled="true">
-				<security:granted-authority authority="ROLE_YO"/>
-			    <security:granted-authority authority="ROLE_YOYO"/>
-			    <!-- TODO: <security:granted-authority-ref authorityBeanRef="fooBarAuthority"/>-->
-			</security:user-definition>
-	</security:principal-repository>
-	
-	<!-- TODO: <security:granted-authority id="fooBarAuthority" authority="ROLE_FOOBAR"/> -->
-	
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/remember-me-autodetect.xml

@@ -1,62 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- ======================== AUTHENTICATION ======================= -->
-
-	<!-- makes the filter, but does little else, as it auto-detects everything -->
-	<security:authentication-remember-me-filter id="rememberMeFilter" />
-
-	<!-- services should auto-detect UserDetails from app ctx if principalRepository was not specified; -->
-	<!-- key is optional; if unspecified, in the NamespaceHandler pick a rnd int and use for all unspecified key properties for acegi beans -->
-	<security:authentication-remember-me-services
-		id="rememberMeServices" key="someValue" />
-
-	<!-- The rules are:
-		AuthenticationManager interface is implemented by ProviderManager
-		So if you have any auto-detection, create a ProviderManager definition
-		If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
-		Every authentication mechanism OR provider must start with security:authentication-something
-		Use appropriate attrs and elements depending on provider or mechanism
-	-->
-	<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order  -->
-	<security:authentication-mechanism id="authenticationManager">
-		<security:authentication-jdbc ref="authenticationRepository" />
-	</security:authentication-mechanism>
-
-	<!-- dao authentication provider -->
-	<security:authentication-repository id="authenticationRepository" />
-
-	<bean id="userDetailsService"
-		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
-		<property name="dataSource">
-			<ref bean="dataSource" />
-		</property>
-	</bean>
-
-	<bean id="dataSource"
-		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
-		<property name="driverClassName">
-			<value>org.hsqldb.jdbcDriver</value>
-		</property>
-		<property name="url">
-			<value>jdbc:hsqldb:mem:test</value>
-			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
-		</property>
-		<property name="username">
-			<value>sa</value>
-		</property>
-		<property name="password">
-			<value></value>
-		</property>
-	</bean>
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/remember-me-defaults.xml

@@ -1,63 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- ======================== AUTHENTICATION ======================= -->
-	
-	<!-- makes the filter, but does little else, as it auto-detects everything -->
-	<security:authentication-remember-me-filter id="rememberMeFilter" />
-
-	<!-- services should auto-detect UserDetails from app ctx if principalRepository was not specified; -->
-	<!-- key is optional; if unspecified, in the NamespaceHandler pick a rnd int and use for all unspecified key properties for acegi beans -->
-	<security:authentication-remember-me-services
-		id="rememberMeServices" key="someValue"
-		principalRepositoryBeanRef="userDetailsService" />
-
-	<!-- The rules are:
-		AuthenticationManager interface is implemented by ProviderManager
-		So if you have any auto-detection, create a ProviderManager definition
-		If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
-		Every authentication mechanism OR provider must start with security:authentication-something
-		Use appropriate attrs and elements depending on provider or mechanism
-	-->
-	<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order  -->
-	<security:authentication-mechanism id="authenticationManager">
-		<security:authentication-jdbc ref="authenticationRepository" />
-	</security:authentication-mechanism>
-
-	<!-- dao authentication provider -->
-	<security:authentication-repository id="authenticationRepository" />
-
-	<bean id="userDetailsService"
-		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
-		<property name="dataSource">
-			<ref bean="dataSource" />
-		</property>
-	</bean>
-
-	<bean id="dataSource"
-		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
-		<property name="driverClassName">
-			<value>org.hsqldb.jdbcDriver</value>
-		</property>
-		<property name="url">
-			<value>jdbc:hsqldb:mem:test</value>
-			<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
-		</property>
-		<property name="username">
-			<value>sa</value>
-		</property>
-		<property name="password">
-			<value></value>
-		</property>
-	</bean>
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/security-autoconfig-autodetect.xml

@@ -1,21 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-
-	<!-- introspect all bean definitions for an explicit object of a "required" type, and if not found, add it. You can turn OFF ones you dont want added via attributes -->
-	<security:security-autoconfig exceptionTranslation="disable"
-		sessionContextIntegration="disable" logoutSupport="disable"
-		filterChain="disable" servletRequestEmulation="disabled"
-		anonyomousRoleGranter="disabled" />
-
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/security-namespaces.xml

@@ -1,186 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- introspect all bean definitions for an explicit object of a "required" type, and if not found, add it. You can turn OFF ones you dont want added via attributes -->
-	<security:security-autoconfig exceptionTranslation="disable"
-		sessionContextIntegration="disable" logoutSupport="disable"
-		filterChain="disable" servletRequestEmulation="disabled"
-		anonyomousRoleGranter="disabled" />
-
-	<!-- autodetect attribute is the default, and an exception is thrown if false, as the expectation is they will write their own legacy <beans> format
-		FilterChainProxy bean definition is dissatisfied with the auto approach. The auto approach simply creates a bean definition similar to that shown
-		below with the AUTODETECT_ALL_ORDERED_FILTERs. As suggested, this causes a runtime check of app ctx for all javax.servlet.Filter instances, and
-		for each that also implemented Ordered, these are automatically applied to the pattern shown (which is **/* in the case of autodetect=true).*-->
-	<security:filter-chain id="id" />
-	<bean id="dcdc" class="FilterChainProxy">
-		<property name="chainConfig">
-			<value>
-				**/*=AUTODETECT_ALL_ORDERED_FILTERS
-				**/*=filter1,filter2,filter3
-			</value>
-		</property>
-	</bean>
-	<!--  also provide an OrderedFilterAdapter, impls Filter and Ordered, and can be configured declaratively in Spring XML (eg SiteMesh), setOrder, setDelegate(Filter object) -->
-
-	<!-- creates a bean definition for an AccessDecisionManager; strategy defaults to AffirmativeBased; 
-		superclass AbstractAccessDecisionManager requires refactoring so if no setProvider(List) given, it introspects app ctx for all AccessDecisionVoters
-		and uses their Ordered interface to apply them; if one doesn't implement Ordered, assume it is Integer.MAX_VALUE -->
-	<security:authorization-manager id="id"
-		strategy="consensus|unanimous|affirmative" />
-
-
-	<!-- ======================== AUTHENTICATION ======================= -->
-
-	<!-- sessionCreation defaults to ifRequired. -->
-	<security:session-context-integration
-		id="httpSessionContextIntegrationFilter"
-		sessionCreation="never|ifRequired|always" />
-
-	<!-- The rules are:
-		AuthenticationManager interface is implemented by ProviderManager
-		So if you have any auto-detection, create a ProviderManager definition
-		If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
-		Every authentication mechanism OR provider must start with security:authentication-something
-		Use appropriate attrs and elements depending on provider or mechanism
-	-->
-	<security:authentication-repository id="id"
-		repositoryBeanRef="beanIdOfRepositoryIfUnspecifiedAutoDetectTheirUserDetailsInstance">
-		<security:salt-source
-			saltSourceBeanRef="beanRefOfAnExternalEncoder" />
-		<!--  or allow it to be written inline as an inner bean -->
-		<security:password-encoder
-			encoder="md5|md5Hex|sha|shaHex|custom"
-			encoderBeanRef="beanRefOfAnExternalEncoder" />
-		<!-- same story here, inner beans allowed -->
-	</security:authentication-repository>
-
-	<security:salt-source>
-		<security:system-wide systemWideSalt="12345" />
-		<security-reflection userPropertyToUse="sss" />
-	</security:salt-source>
-
-
-	<!--  the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
-	<security:authentication-form id="id" authenticationUrl="/login"
-		loginFormUrl="/login.html" errorFormUrl="error.html" />
-
-	<!-- AuthenticationEntryPoints handled across the system via Ordered interface; every Acegi entry point has an order; the highest order wins and
-		is used as the entry point by ExceptionTranslationFilter; for things like BasicAuthenticationfilter, they're smart enough to know they need a
-		BasicAuthenticationProcessingFilterEntryPoint, so they use that one; here we have an entryPointOrder to say when we make the BasicEntryPoint,
-		we will call setOrder(2) such that this app effectively will use somehing with a higher order as the app-wide default -->
-	<security:authentication-basic id="id"
-		realmName="Spring Security Application" entryPointOrder="2" />
-
-	<!-- This is used if they want an out-of-the-bx UserDetailsService; if they write their own, this goes away and they wire a legacy bean definition and then the various
-		beans depending on a UserDetailsService will auto-detect it at runtime OR provide a way of setUserDetailsService(UserDetailsService) if to specified explicitly.
-		If they fail to provide a repository, the security-autodetect will set one up for them with a few basic in-memory users and pwds -->
-	<security:principal-repository id="id">
-		<security:ldap
-			x="you can do the attributes and suitable nested elements" />
-		<security:jdbc
-			x="you can do the attributes and suitable nested elements" />
-		<security:properties
-			location="resourceStringToPropertiesFile">
-			<!-- if they specify a resource attrib, that means throw exception if they nest some user-definition data) -->
-			<security:user-definition username="ben"
-				password="nottellingYou" enabled="true"
-				it="more stuff if you want">
-				<security:granted-authority authority="ROLE_ANONYMOUS" />
-				<ref bean="fooBarAuthority" />
-			</security:user-definition>
-		</security:properties>
-	</security:principal-repository>
-
-	<!-- makes the filter, but does little else, as it auto-detects everything -->
-	<security:authentication-remember-me-filter id="id"
-		rememberMeServicesBeanRef="theId" />
-
-	<!-- services should auto-detect UserDetails from app ctx if principalRepository was not specified; key is handled in same way as discussed earlier -->
-	<security:authentication-remember-me-services id="id"
-		key="someValue" principalRepositoryBeanRef="jdbcDaoImpl" />
-
-	<!-- key is optional; if unspecified, in the NamespaceHandler pick a rnd int and use for all unspecified key properties for acegi beans -->
-	<security:anonymous-role-granter id="id" key="someValue">
-		<security:granted-authority authority="ROLE_ANONYMOUS" />
-		<ref bean="fooBarAuthority" />
-	</security:anonymous-role-granter>
-
-	<security:granted-authority id="fooBarAuthority"
-		authority="ROLE_FOOBAR" />
-
-	<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
-	<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
-	<security:logout-support id="logoutFilter"
-		redirectAfterLogoutUrl="/" logoutUrl="/logout" />
-
-
-	<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
-
-	<!--  channel security out of scope; they use existing bean definition format; the channel filter will auto-detect and use Ordered interface as discussed above -->
-
-	<!--  any kind of ACL support is out of scope; frankly it is too hard for 1.1.0 -->
-
-	<!-- ensure element name is not overlapping with portlet or spring web flow or tapestry URI patterns, 
-		as this filter is incompatible with them -->
-	<security:authorization-http-url>
-		<security:url-mapping
-			source="xml - the default and no other options"
-			sourceBeanId="referenceToTheirObjectDefinitionSource">
-			<!-- Specify security:uri-patterns in order of processing; each pattern must specify EITHER a 
-			regularExpression OR a path, but not both and ALL patterns in the url-mapping MUST be of the 
-			SAME type (ie cannot mix a regular expression and Ant Path) - give exception if tried -->
-			<security:uri-pattern path="/index.jsp"
-				regularExpression="whatever">
-				<security:configuration-attribute attribute="ROLE_A" />
-				<ref
-					bean="someExternalConfigurationAttributeThatIsATopLevelBean" />
-			</security:uri-pattern>
-			<security:uri-pattern path="/**"
-				regularExperssion="whatever">
-				<security:configuration-attribute attribute="ROLE_A" />
-				<ref
-					bean="someExternalConfigurationAttributeThatIsATopLevelBean" />
-			</security:uri-pattern>
-		</security:url-mapping>
-	</security:authorization-http-url>
-
-	<!-- the source refers to use of the relevant concete ObjectDefinitionSource; user can alternately specify their own instance and refer to it
-		via the sourceBeanId property; in that case they must specify "custom"; if unspecified, it means it's described as nested elements using the
-		security:method-pattern element, and you will therefore create it via the MethodDefinitionSourceEditor (that is what the default source=xml means, too)
-		For aspectj and springAop, that means create a MethodSecurityInterceptor and AspectJSecurityInterceptor bean definition respectively (in the case of
-		springAop, also create a MethodDefinitionSourceAdvisor); defaults to springAop=true, aspectJ=false -->
-	<security:authorization-joinpoint aspectj="false|true"
-		springAop="true|false">
-		<security:url-mapping source="custom|xml|attributes|annotations"
-			sourceBeanId="referenceToTheirObjectDefinitionSource">
-			<security:method-pattern
-				type="com.foo.Bar.whateverMethodNamePattern">
-				<security:configuration-attribute attribute="ROLE_A" />
-				<ref
-					bean="someExternalConfigurationAttributeThatIsATopLevelBean" />
-			</security:method-pattern>
-		</security:url-mapping>
-		<!-- if get time, do a new security:pointcut-pattern -->
-	</security:authorization-joinpoint>
-
-
-	<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it; 
-		alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
-		other props; i do not mind if you move the access denied stuff to a sub-element -->
-	<security:exception-translation id="id"
-		accessDeniedUrl="/accessDenied.jsp"
-		accessDeniedBeanRef="theBeanToUse">
-		<security:entry-point path="/acegilogin.jsp" https="boolean" />
-	</security:exception-translation>
-
-</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/session-context-integration-defaults.xml

@@ -1,63 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
-	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
-
-	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
-	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
-
-	<!-- ======================== AUTHENTICATION ======================= -->
-
-	<!-- sessionCreation defaults to ifRequired(true) always(true) never(false) . -->
-	<security:session-context-integration id="httpSessionContextIntegrationFilter" sessionCreation="never"	/>
-
-	<!-- The rules are:
-		AuthenticationManager interface is implemented by ProviderManager
-		So if you have any auto-detection, create a ProviderManager definition
-		If ProviderManager.setProvider(List) is never called, auto-detect all AuthenticationProviders from app ctx, using Ordered to resolve their order
-		Every authentication mechanism OR provider must start with security:authentication-something
-		Use appropriate attrs and elements depending on provider or mechanism
-	-->
-	
-	
-	<!-- Case 1 	
-	<security:authentication-repository id="id" repositoryBeanRef="userDetails">
-		<security:salt-source
-			saltSourceBeanRef="beanRefOfAnExternalEncoder" />
-		  or allow it to be written inline as an inner bean 
-		<security:password-encoder
-			encoder="md5|md5Hex|sha|shaHex|custom"
-			encoderBeanRef="beanRefOfAnExternalEncoder" />
-		 same story here, inner beans allowed 
-	</security:authentication-repository>
-	
-	<bean id="userDetails" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
-      <property name="dataSource"><ref bean="dataSource"/></property>
-    </bean>
-    
-     Case 2: autodetect userDetails
-    <security:authentication-repository id="id">
-		<security:salt-source
-			saltSourceBeanRef="beanRefOfAnExternalEncoder" />
-		  or allow it to be written inline as an inner bean 
-		<security:password-encoder
-			encoder="md5|md5Hex|sha|shaHex|custom"
-			encoderBeanRef="beanRefOfAnExternalEncoder" />
-		 same story here, inner beans allowed 
-	</security:authentication-repository>
-	
-	 Case 3: inner beans 
-	<security:authentication-repository id="id"
-		ref="userDetails">
-		<security:salt-source propertyName="propertyValue" />
-		  or allow it to be written inline as an inner bean 
-		<security:password-encoder encoder="md5" />
-		 same story here, inner beans allowed 
-	</security:authentication-repository>
---></beans>
-

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/user.properties

@@ -1,2 +0,0 @@
-vishal=ity,ROLE_ADMIN
-ity=vishal,ROLE_TELLER,ROLE_PERMISSION_LIST