Refactor strings to static fields. To facilitate unit testing, package

protected visibility was adopted for all element names, attribute names, 
and attribute default values. A public access modifier was used for all 
bean IDs assigned to bean definitions created by the 
BeanDefinitionParsers.

core/src/main/java/org/springframework/security/config/AnonymousBeanDefinitionParser.java

@@ -16,29 +16,29 @@ import org.w3c.dom.Element;
  * @version $Id: RememberMeBeanDefinitionParser.java 2231 2007-11-07 13:29:15Z luke_t $
  */
 public class AnonymousBeanDefinitionParser implements BeanDefinitionParser {
-    protected final Log logger = LogFactory.getLog(getClass());
-
-    public static final String DEFAULT_ANONYMOUS_FILTER_ID = "_anonymousProcessingFilter";
-    public static final String DEFAULT_ANONYMOUS_AUTHENTICATION_PROVIDER_ID = "_anonymousAuthenticationProvider";
+    static final String ATT_KEY = "key";
+	static final String ATT_USERNAME = "username";
+	static final String ATT_GRANTED_AUTHORITY = "grantedAuthority";
+	protected final Log logger = LogFactory.getLog(getClass());
 
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         BeanDefinition filter = new RootBeanDefinition(AnonymousProcessingFilter.class);
 
-        String grantedAuthority = element.getAttribute("grantedAuthority");
-        String username         = element.getAttribute("username");
-        String key              = element.getAttribute("key");
+        String grantedAuthority = element.getAttribute(ATT_GRANTED_AUTHORITY);
+        String username         = element.getAttribute(ATT_USERNAME);
+        String key              = element.getAttribute(ATT_KEY);
 
         filter.getPropertyValues().addPropertyValue("userAttribute", username + "," + grantedAuthority);
-        filter.getPropertyValues().addPropertyValue("key", key);
+        filter.getPropertyValues().addPropertyValue(ATT_KEY, key);
 
         BeanDefinition authManager = ConfigUtils.registerProviderManagerIfNecessary(parserContext);
         BeanDefinition provider = new RootBeanDefinition(AnonymousAuthenticationProvider.class);
-        provider.getPropertyValues().addPropertyValue("key", key);
+        provider.getPropertyValues().addPropertyValue(ATT_KEY, key);
 
         ManagedList authMgrProviderList = (ManagedList) authManager.getPropertyValues().getPropertyValue("providers").getValue();
         authMgrProviderList.add(provider);
 
-        parserContext.getRegistry().registerBeanDefinition(DEFAULT_ANONYMOUS_FILTER_ID, filter);
+        parserContext.getRegistry().registerBeanDefinition(BeanIds.ANONYMOUS_PROCESSING_FILTER, filter);
 
         return null;
     }

core/src/main/java/org/springframework/security/config/BasicAuthenticationBeanDefinitionParser.java

@@ -14,29 +14,30 @@ import org.w3c.dom.Element;
  * registers them in the application context.
  *
  * @author Luke Taylor
+ * @author Ben Alex
  * @version $Id$
  */
 public class BasicAuthenticationBeanDefinitionParser implements BeanDefinitionParser {
-    public static final String DEFAULT_BASIC_AUTH_FILTER_ID = "_basicAuthenticationFilter";
-    public static final String DEFAULT_BASIC_AUTH_ENTRY_POINT_ID = "_basicAuthenticationEntryPoint";
+    static final String ATT_REALM = "realm";
 
-
-    public BeanDefinition parse(Element elt, ParserContext parserContext) {
+	public BeanDefinition parse(Element elt, ParserContext parserContext) {
         BeanDefinitionBuilder filterBuilder =
                 BeanDefinitionBuilder.rootBeanDefinition(BasicProcessingFilter.class);
         RootBeanDefinition entryPoint = new RootBeanDefinition(BasicProcessingFilterEntryPoint.class);
 
-        String realm = elt.getAttribute("realm");
+        String realm = elt.getAttribute(ATT_REALM);
 
         entryPoint.getPropertyValues().addPropertyValue("realmName", realm);
 
         filterBuilder.addPropertyValue("authenticationEntryPoint", entryPoint);
+        
+        // TODO: Remove autowiring approach from here.
         // Detect auth manager
         filterBuilder.setAutowireMode(RootBeanDefinition.AUTOWIRE_BY_TYPE);
 
-        parserContext.getRegistry().registerBeanDefinition(DEFAULT_BASIC_AUTH_FILTER_ID,
+        parserContext.getRegistry().registerBeanDefinition(BeanIds.BASIC_AUTHENTICATION_FILTER,
                 filterBuilder.getBeanDefinition());
-        parserContext.getRegistry().registerBeanDefinition(DEFAULT_BASIC_AUTH_ENTRY_POINT_ID, entryPoint);
+        parserContext.getRegistry().registerBeanDefinition(BeanIds.BASIC_AUTHENTICATION_ENTRY_POINT, entryPoint);
 
         return null;
     }

core/src/main/java/org/springframework/security/config/BeanIds.java

@@ -6,8 +6,35 @@ package org.springframework.security.config;
  * @author Ben Alex
  * @version $Id$
  */
-class BeanIds {
+public class BeanIds {
 
-	static final String JDBC_USER_DETAILS_MANAGER = "_jdbcUserDetailsManager";
+	/** Package protected as end users shouldn't really be using this BFPP directly */
+	static final String INTERCEPT_METHODS_BEAN_FACTORY_POST_PROCESSOR = "_interceptMethodsBeanfactoryPP";
 
+	public static final String JDBC_USER_DETAILS_MANAGER = "_jdbcUserDetailsManager";
+	public static final String USER_DETAILS_SERVICE = "_userDetailsService";
+	public static final String ANONYMOUS_PROCESSING_FILTER = "_anonymousProcessingFilter";
+	public static final String ANONYMOUS_AUTHENTICATION_PROVIDER = "_anonymousAuthenticationProvider";
+	public static final String BASIC_AUTHENTICATION_FILTER = "_basicAuthenticationFilter";
+	public static final String BASIC_AUTHENTICATION_ENTRY_POINT = "_basicAuthenticationEntryPoint";
+	public static final String SESSION_REGISTRY = "_sessionRegistry";
+	public static final String CONCURRENT_SESSION_FILTER = "_concurrentSessionFilter";
+	public static final String CONCURRENT_SESSION_CONTROLLER = "_concurrentSessionController";
+	public static final String ACCESS_MANAGER = "_accessManager";
+	public static final String AUTHENTICATION_MANAGER = "_authenticationManager";
+	public static final String FORM_LOGIN_FILTER = "_formLoginFilter";
+	public static final String FORM_LOGIN_ENTRY_POINT = "_formLoginEntryPoint";
+	public static final String FILTER_CHAIN_PROXY = "_filterChainProxy";
+	public static final String HTTP_SESSION_CONTEXT_INTEGRATION_FILTER = "_httpSessionContextIntegrationFilter";
+	public static final String LOGOUT_FILTER = "_logoutFilter";
+	public static final String EXCEPTION_TRANSLATION_FILTER = "_exceptionTranslationFilter";
+	public static final String FILTER_SECURITY_INTERCEPTOR = "_filterSecurityInterceptor";
+	public static final String CHANNEL_PROCESSING_FILTER = "_channelProcessingFilter";
+	public static final String CHANNEL_DECISION_MANAGER = "_channelDecisionManager";
+	public static final String REMEMBER_ME_FILTER = "_rememberMeFilter";
+	public static final String REMEMBER_ME_SERVICES = "_rememberMeServices";
+	public static final String DEFAULT_LOGIN_PAGE_GENERATING_FILTER = "_defaultLoginPageFilter";
+
+	
+	
 }

core/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java

@@ -23,10 +23,6 @@ import org.w3c.dom.Element;
  * @version $Id$
  */
 public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionParser {
-    static final String DEFAULT_SESSION_REGISTRY_ID = "_sessionRegistry";
-    static final String DEFAULT_CONCURRENT_SESSION_FILTER_ID = "_concurrentSessionFilter";
-    static final String DEFAULT_SESSION_CONTROLLER_ID = "_concurrentSessionController";
-
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         BeanDefinitionRegistry beanRegistry = parserContext.getRegistry();
 
@@ -35,8 +31,8 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar
                 BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionFilter.class);
         BeanDefinitionBuilder controllerBuilder
                 = BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionControllerImpl.class);
-        controllerBuilder.addPropertyValue("sessionRegistry", new RuntimeBeanReference(DEFAULT_SESSION_REGISTRY_ID));
-        filterBuilder.addPropertyValue("sessionRegistry", new RuntimeBeanReference(DEFAULT_SESSION_REGISTRY_ID));
+        controllerBuilder.addPropertyValue("sessionRegistry", new RuntimeBeanReference(BeanIds.SESSION_REGISTRY));
+        filterBuilder.addPropertyValue("sessionRegistry", new RuntimeBeanReference(BeanIds.SESSION_REGISTRY));
 
         String expiryUrl = element.getAttribute("expiryUrl");
 
@@ -57,9 +53,9 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar
         }
 
         BeanDefinition controller = controllerBuilder.getBeanDefinition();
-        beanRegistry.registerBeanDefinition(DEFAULT_SESSION_REGISTRY_ID, sessionRegistry);
-        beanRegistry.registerBeanDefinition(DEFAULT_SESSION_CONTROLLER_ID, controller);
-        beanRegistry.registerBeanDefinition(DEFAULT_CONCURRENT_SESSION_FILTER_ID, filterBuilder.getBeanDefinition());
+        beanRegistry.registerBeanDefinition(BeanIds.SESSION_REGISTRY, sessionRegistry);
+        beanRegistry.registerBeanDefinition(BeanIds.CONCURRENT_SESSION_CONTROLLER, controller);
+        beanRegistry.registerBeanDefinition(BeanIds.CONCURRENT_SESSION_FILTER, filterBuilder.getBeanDefinition());
 
         BeanDefinition providerManager = ConfigUtils.registerProviderManagerIfNecessary(parserContext);
 

core/src/main/java/org/springframework/security/config/ConfigUtils.java

@@ -23,12 +23,10 @@ import java.util.Map;
  * Utitily methods used internally by the Spring Security namespace configuration code.
  *
  * @author Luke Taylor
+ * @author Ben Alex
  * @version $Id$
  */
 public abstract class ConfigUtils {
-    public static final String DEFAULT_ACCESS_MANAGER_ID = "_accessManager";
-    public static final String DEFAULT_AUTH_MANAGER_ID = "_authenticationManager";
-
     static void registerAccessManagerIfNecessary(ConfigurableListableBeanFactory bf) {
         if (bf.getBeanNamesForType(AccessDecisionManager.class).length > 0) {
             return;
@@ -39,13 +37,13 @@ public abstract class ConfigUtils {
 
         BeanDefinitionRegistry registry = (BeanDefinitionRegistry)bf;
 
-        if (!registry.containsBeanDefinition(DEFAULT_ACCESS_MANAGER_ID)) {
+        if (!registry.containsBeanDefinition(BeanIds.ACCESS_MANAGER)) {
             BeanDefinitionBuilder accessMgrBuilder = BeanDefinitionBuilder.rootBeanDefinition(AffirmativeBased.class);
             accessMgrBuilder.addPropertyValue("decisionVoters",
                             Arrays.asList(new Object[] {new RoleVoter(), new AuthenticatedVoter()}));
             BeanDefinition accessMgr = accessMgrBuilder.getBeanDefinition();
 
-            registry.registerBeanDefinition(DEFAULT_ACCESS_MANAGER_ID, accessMgr);
+            registry.registerBeanDefinition(BeanIds.ACCESS_MANAGER, accessMgr);
         }
     }
 
@@ -56,13 +54,13 @@ public abstract class ConfigUtils {
      * authentication manager.
      */
     static BeanDefinition registerProviderManagerIfNecessary(ParserContext parserContext) {
-        if(parserContext.getRegistry().containsBeanDefinition(DEFAULT_AUTH_MANAGER_ID)) {
-            return parserContext.getRegistry().getBeanDefinition(DEFAULT_AUTH_MANAGER_ID);
+        if(parserContext.getRegistry().containsBeanDefinition(BeanIds.AUTHENTICATION_MANAGER)) {
+            return parserContext.getRegistry().getBeanDefinition(BeanIds.AUTHENTICATION_MANAGER);
         }
 
         BeanDefinition authManager = new RootBeanDefinition(ProviderManager.class);
         authManager.getPropertyValues().addPropertyValue("providers", new ManagedList());
-        parserContext.getRegistry().registerBeanDefinition(DEFAULT_AUTH_MANAGER_ID, authManager);
+        parserContext.getRegistry().registerBeanDefinition(BeanIds.AUTHENTICATION_MANAGER, authManager);
 
         return authManager;
     }

core/src/main/java/org/springframework/security/config/Elements.java

@@ -8,8 +8,22 @@ package org.springframework.security.config;
  */
 class Elements {
 
-	static final String ELT_USER_SERVICE = "user-service";
-	static final String ELT_JDBC_USER_SERVICE = "jdbc-user-service";
-	static final String ELT_CUSTOM_USER_SERVICE = "custom-user-service";
+	public static final String USER_SERVICE = "user-service";
+	public static final String JDBC_USER_SERVICE = "jdbc-user-service";
+	public static final String CUSTOM_USER_SERVICE = "custom-user-service";
+	public static final String FILTER_CHAIN_MAP = "filter-chain-map";
+	public static final String INTERCEPT_METHODS = "intercept-methods";
+	public static final String AUTHENTICATION_PROVIDER = "authentication-provider";
+	public static final String REPOSITORY = "repository";
+	public static final String HTTP = "http";
+	public static final String LDAP = "ldap";
+	public static final String PROTECT = "protect";
+	public static final String CONCURRENT_SESSIONS = "concurrent-session-control";
+	public static final String LOGOUT = "logout";
+	public static final String FORM_LOGIN = "form-login";
+	public static final String BASIC_AUTH = "http-basic";
+	public static final String REMEMBER_ME = "remember-me";
+	public static final String ANONYMOUS = "anonymous";
+	public static final String FILTER_CHAIN = "filter-chain";
 
 }

core/src/main/java/org/springframework/security/config/FilterChainMapBeanDefinitionDecorator.java

@@ -23,29 +23,27 @@ import java.util.*;
  * @version $Id$
  */
 class FilterChainMapBeanDefinitionDecorator implements BeanDefinitionDecorator {
-    public static final String FILTER_CHAIN_ELT_NAME = "filter-chain";
-
     public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder holder, ParserContext parserContext) {
         BeanDefinition filterChainProxy = holder.getBeanDefinition();
 
         Map filterChainMap = new LinkedHashMap();
         Element elt = (Element)node;
 
-        String pathType = elt.getAttribute(HttpSecurityBeanDefinitionParser.PATTERN_TYPE_ATTRIBUTE);
+        String pathType = elt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_PATTERN_TYPE);
 
-        if (HttpSecurityBeanDefinitionParser.PATTERN_TYPE_REGEX.equals(pathType)) {
+        if (HttpSecurityBeanDefinitionParser.ATT_PATTERN_TYPE_REGEX.equals(pathType)) {
             filterChainProxy.getPropertyValues().addPropertyValue("matcher", new RegexUrlPathMatcher());
         }
 
-        Iterator filterChainElts = DomUtils.getChildElementsByTagName(elt, FILTER_CHAIN_ELT_NAME).iterator();
+        Iterator filterChainElts = DomUtils.getChildElementsByTagName(elt, Elements.FILTER_CHAIN).iterator();
 
         while (filterChainElts.hasNext()) {
             Element chain = (Element) filterChainElts.next();
-            String path = chain.getAttribute(HttpSecurityBeanDefinitionParser.PATH_PATTERN_ATTRIBUTE);
-            Assert.hasText(path, "The attribute '" + HttpSecurityBeanDefinitionParser.PATH_PATTERN_ATTRIBUTE +
+            String path = chain.getAttribute(HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN);
+            Assert.hasText(path, "The attribute '" + HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN +
                     "' must not be empty");
-            String filters = chain.getAttribute(HttpSecurityBeanDefinitionParser.FILTERS_ATTRIBUTE);
-            Assert.hasText(filters, "The attribute '" + HttpSecurityBeanDefinitionParser.FILTERS_ATTRIBUTE +
+            String filters = chain.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS);
+            Assert.hasText(filters, "The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS +
                     "'must not be empty");
 
             if (filters.equals(HttpSecurityBeanDefinitionParser.NO_FILTERS_VALUE)) {

core/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java

@@ -17,21 +17,23 @@ import org.apache.commons.logging.LogFactory;
 
 /**
  * @author Luke Taylor
+ * @author Ben Alex
  * @version $Id$
  */
 public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
     protected final Log logger = LogFactory.getLog(getClass());
 
-    public static final String DEFAULT_FORM_LOGIN_FILTER_ID = "_formLoginFilter";
-    public static final String DEFAULT_FORM_LOGIN_ENTRY_POINT_ID = "_formLoginEntryPoint";
+    static final String ATT_LOGIN_URL = "loginUrl";
+    static final String DEF_LOGIN_URL = "/j_spring_security_check";
+    
+    static final String ATT_LOGIN_PAGE = "loginPage";
+    static final String DEF_LOGIN_PAGE = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL;
 
-    private static final String LOGIN_URL_ATTRIBUTE = "loginUrl";
-    private static final String LOGIN_PAGE_ATTRIBUTE = "loginPage";
+    static final String ATT_FORM_LOGIN_TARGET_URL = "defaultTargetUrl";
+    static final String DEF_FORM_LOGIN_TARGET_URL = "/";
 
-    private static final String FORM_LOGIN_TARGET_URL_ATTRIBUTE = "defaultTargetUrl";
-    private static final String DEFAULT_FORM_LOGIN_TARGET_URL = "/";
-
-    private static final String FORM_LOGIN_AUTH_FAILURE_URL_ATTRIBUTE = "defaultTargetUrl";
+    static final String ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = "authenticationFailureUrl";
+    static final String DEF_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL + "?" + DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME;
 
     public BeanDefinition parse(Element elt, ParserContext parserContext) {
         ConfigUtils.registerProviderManagerIfNecessary(parserContext);
@@ -39,28 +41,28 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
         BeanDefinition filterBean = createFilterBean(elt);
 
         filterBean.getPropertyValues().addPropertyValue("authenticationManager",
-                new RuntimeBeanReference(ConfigUtils.DEFAULT_AUTH_MANAGER_ID));
+                new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
 
         BeanDefinitionBuilder entryPointBuilder =
                 BeanDefinitionBuilder.rootBeanDefinition(AuthenticationProcessingFilterEntryPoint.class);
 
-        String loginPage = elt.getAttribute(LOGIN_PAGE_ATTRIBUTE);
+        String loginPage = elt.getAttribute(ATT_LOGIN_PAGE);
 
         // If no login page has been defined, add in the default page generator.
         if (!StringUtils.hasText(loginPage)) {
             logger.info("No login page configured in form-login element. The default internal one will be used. Use" +
                     "the 'loginPage' attribute to specify the URL of the login page.");
-            loginPage = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL;
+            loginPage = DEF_LOGIN_PAGE;
             RootBeanDefinition loginPageFilter = new RootBeanDefinition(DefaultLoginPageGeneratingFilter.class);
             loginPageFilter.getConstructorArgumentValues().addGenericArgumentValue(
-                    new RuntimeBeanReference(DEFAULT_FORM_LOGIN_FILTER_ID));
-            parserContext.getRegistry().registerBeanDefinition("_springSecurityLoginPageFilter", loginPageFilter);
+                    new RuntimeBeanReference(BeanIds.FORM_LOGIN_FILTER));
+            parserContext.getRegistry().registerBeanDefinition(BeanIds.DEFAULT_LOGIN_PAGE_GENERATING_FILTER, loginPageFilter);
         }
 
         entryPointBuilder.addPropertyValue("loginFormUrl", loginPage);
 
-        parserContext.getRegistry().registerBeanDefinition(DEFAULT_FORM_LOGIN_FILTER_ID, filterBean);
-        parserContext.getRegistry().registerBeanDefinition(DEFAULT_FORM_LOGIN_ENTRY_POINT_ID,
+        parserContext.getRegistry().registerBeanDefinition(BeanIds.FORM_LOGIN_FILTER, filterBean);
+        parserContext.getRegistry().registerBeanDefinition(BeanIds.FORM_LOGIN_ENTRY_POINT,
                 entryPointBuilder.getBeanDefinition());
 
         return null;
@@ -70,24 +72,26 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
         BeanDefinitionBuilder filterBuilder =
                 BeanDefinitionBuilder.rootBeanDefinition(AuthenticationProcessingFilter.class);
 
-        String loginUrl = elt.getAttribute(LOGIN_URL_ATTRIBUTE);
+        String loginUrl = elt.getAttribute(ATT_LOGIN_URL);
 
-        if (StringUtils.hasText(loginUrl)) {
-            filterBuilder.addPropertyValue("filterProcessesUrl", loginUrl);
+        if (!StringUtils.hasText(loginUrl)) {
+        	loginUrl = DEF_LOGIN_URL;
         }
 
-        String defaultTargetUrl = elt.getAttribute(FORM_LOGIN_TARGET_URL_ATTRIBUTE);
+        filterBuilder.addPropertyValue("filterProcessesUrl", loginUrl);
+
+        String defaultTargetUrl = elt.getAttribute(ATT_FORM_LOGIN_TARGET_URL);
 
         if (!StringUtils.hasText(defaultTargetUrl)) {
-            defaultTargetUrl = DEFAULT_FORM_LOGIN_TARGET_URL;
+            defaultTargetUrl = DEF_FORM_LOGIN_TARGET_URL;
         }
 
         filterBuilder.addPropertyValue("defaultTargetUrl", defaultTargetUrl);
 
-        String authenticationFailureUrl = elt.getAttribute(FORM_LOGIN_AUTH_FAILURE_URL_ATTRIBUTE);
+        String authenticationFailureUrl = elt.getAttribute(ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL);
 
         if (!StringUtils.hasText(authenticationFailureUrl)) {
-            authenticationFailureUrl = DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL + "?" + DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME;
+            authenticationFailureUrl = DEF_FORM_LOGIN_AUTHENTICATION_FAILURE_URL;
         }
 
         filterBuilder.addPropertyValue("authenticationFailureUrl", authenticationFailureUrl);

core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java

@@ -38,38 +38,21 @@ import java.util.Map;
 /**
  * Sets up HTTP security: filter stack and protected URLs.
  *
- *
  * @author Luke Taylor
  * @author Ben Alex
  * @version $Id$
  */
 public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
-    public static final String DEFAULT_FILTER_CHAIN_PROXY_ID = "_filterChainProxy";
-
-    public static final String DEFAULT_HTTP_SESSION_FILTER_ID = "_httpSessionContextIntegrationFilter";
-    public static final String DEFAULT_LOGOUT_FILTER_ID = "_logoutFilter";
-    public static final String DEFAULT_EXCEPTION_TRANSLATION_FILTER_ID = "_exceptionTranslationFilter";
-    public static final String DEFAULT_FILTER_SECURITY_INTERCEPTOR_ID = "_filterSecurityInterceptor";
-    public static final String DEFAULT_CHANNEL_PROCESSING_FILTER_ID = "_channelProcessingFilter";
-    public static final String DEFAULT_CHANNEL_DECISION_MANAGER_ID = "_channelDecisionManager";
-
-    public static final String CONCURRENT_SESSIONS_ELEMENT = "concurrent-session-control";
-    public static final String LOGOUT_ELEMENT = "logout";
-    public static final String FORM_LOGIN_ELEMENT = "form-login";
-    public static final String BASIC_AUTH_ELEMENT = "http-basic";
-    public static final String REMEMBER_ME_ELEMENT = "remember-me";
-    public static final String ANONYMOUS_ELEMENT = "anonymous";
-
-    static final String PATH_PATTERN_ATTRIBUTE = "pattern";
-    static final String PATTERN_TYPE_ATTRIBUTE = "pathType";
-    static final String PATTERN_TYPE_REGEX = "regex";
+    static final String ATT_PATH_PATTERN = "pattern";
+    static final String ATT_PATTERN_TYPE = "pathType";
+    static final String ATT_PATTERN_TYPE_REGEX = "regex";
 
-    static final String FILTERS_ATTRIBUTE = "filters";
+    static final String ATT_FILTERS = "filters";
     static final String NO_FILTERS_VALUE = "none";
 
-    private static final String ACCESS_CONFIG_ATTRIBUTE = "access";
-    private static final String REQUIRES_CHANNEL_ATTRIBUTE = "requiresChannel";
+    static final String ATT_ACCESS_CONFIG = "access";
+    static final String ATT_REQUIRES_CHANNEL = "requiresChannel";
 
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         RootBeanDefinition filterChainProxy = new RootBeanDefinition(FilterChainProxy.class);
@@ -92,12 +75,12 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
         Map filterChainMap =  new LinkedHashMap();
 
-        String patternType = element.getAttribute(PATTERN_TYPE_ATTRIBUTE);
+        String patternType = element.getAttribute(ATT_PATTERN_TYPE);
 
         FilterInvocationDefinitionMap interceptorFilterInvDefSource = new PathBasedFilterInvocationDefinitionMap();
         FilterInvocationDefinitionMap channelFilterInvDefSource = new PathBasedFilterInvocationDefinitionMap();
 
-        if (patternType.equals(PATTERN_TYPE_REGEX)) {
+        if (patternType.equals(ATT_PATTERN_TYPE_REGEX)) {
             filterChainProxy.getPropertyValues().addPropertyValue("matcher", new RegexUrlPathMatcher());
             interceptorFilterInvDefSource = new RegExpBasedFilterInvocationDefinitionMap();
             channelFilterInvDefSource = new RegExpBasedFilterInvocationDefinitionMap();
@@ -120,7 +103,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
             // At least one channel requirement has been specified
             RootBeanDefinition channelFilter = new RootBeanDefinition(ChannelProcessingFilter.class);
             channelFilter.getPropertyValues().addPropertyValue("channelDecisionManager",
-                    new RuntimeBeanReference(DEFAULT_CHANNEL_DECISION_MANAGER_ID));
+                    new RuntimeBeanReference(BeanIds.CHANNEL_DECISION_MANAGER));
 
             channelFilter.getPropertyValues().addPropertyValue("filterInvocationDefinitionSource",
                     channelFilterInvDefSource);
@@ -130,17 +113,17 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
             channelProcessors.add(new InsecureChannelProcessor());
             channelDecisionManager.getPropertyValues().addPropertyValue("channelProcessors", channelProcessors);
 
-            registry.registerBeanDefinition(DEFAULT_CHANNEL_PROCESSING_FILTER_ID, channelFilter);
-            registry.registerBeanDefinition(DEFAULT_CHANNEL_DECISION_MANAGER_ID, channelDecisionManager);
+            registry.registerBeanDefinition(BeanIds.CHANNEL_PROCESSING_FILTER, channelFilter);
+            registry.registerBeanDefinition(BeanIds.CHANNEL_DECISION_MANAGER, channelDecisionManager);
         }
 
-        Element sessionControlElt = DomUtils.getChildElementByTagName(element, CONCURRENT_SESSIONS_ELEMENT);
+        Element sessionControlElt = DomUtils.getChildElementByTagName(element, Elements.CONCURRENT_SESSIONS);
 
         if (sessionControlElt != null) {
             new ConcurrentSessionsBeanDefinitionParser().parse(sessionControlElt, parserContext);
         }
 
-        Element anonymousElt = DomUtils.getChildElementByTagName(element, ANONYMOUS_ELEMENT);
+        Element anonymousElt = DomUtils.getChildElementByTagName(element, Elements.ANONYMOUS);
         
         if (anonymousElt != null) {
             new AnonymousBeanDefinitionParser().parse(anonymousElt, parserContext);
@@ -149,35 +132,35 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
         // Parse remember me before logout as RememberMeServices is also a LogoutHandler implementation.
 
 
-        Element rememberMeElt = DomUtils.getChildElementByTagName(element, REMEMBER_ME_ELEMENT);
+        Element rememberMeElt = DomUtils.getChildElementByTagName(element, Elements.REMEMBER_ME);
 
         if (rememberMeElt != null) {
             new RememberMeBeanDefinitionParser().parse(rememberMeElt, parserContext);
         }
 
-        Element logoutElt = DomUtils.getChildElementByTagName(element, LOGOUT_ELEMENT);
+        Element logoutElt = DomUtils.getChildElementByTagName(element, Elements.LOGOUT);
 
         if (logoutElt != null) {
             new LogoutBeanDefinitionParser().parse(logoutElt, parserContext);
         }
 
-        Element formLoginElt = DomUtils.getChildElementByTagName(element, FORM_LOGIN_ELEMENT);
+        Element formLoginElt = DomUtils.getChildElementByTagName(element, Elements.FORM_LOGIN);
 
         if (formLoginElt != null) {
             new FormLoginBeanDefinitionParser().parse(formLoginElt, parserContext);
         }
 
-        Element basicAuthElt = DomUtils.getChildElementByTagName(element, BASIC_AUTH_ELEMENT);
+        Element basicAuthElt = DomUtils.getChildElementByTagName(element, Elements.BASIC_AUTH);
 
         if (basicAuthElt != null) {
             new BasicAuthenticationBeanDefinitionParser().parse(basicAuthElt, parserContext);
         }
 
-        registry.registerBeanDefinition(DEFAULT_FILTER_CHAIN_PROXY_ID, filterChainProxy);
-        registry.registerBeanDefinition(DEFAULT_HTTP_SESSION_FILTER_ID, httpSCIF);
-        registry.registerBeanDefinition(DEFAULT_EXCEPTION_TRANSLATION_FILTER_ID,
+        registry.registerBeanDefinition(BeanIds.FILTER_CHAIN_PROXY, filterChainProxy);
+        registry.registerBeanDefinition(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER, httpSCIF);
+        registry.registerBeanDefinition(BeanIds.EXCEPTION_TRANSLATION_FILTER,
                 exceptionTranslationFilterBuilder.getBeanDefinition());
-        registry.registerBeanDefinition(DEFAULT_FILTER_SECURITY_INTERCEPTOR_ID,
+        registry.registerBeanDefinition(BeanIds.FILTER_SECURITY_INTERCEPTOR,
                 filterSecurityInterceptorBuilder.getBeanDefinition());
 
 
@@ -205,11 +188,11 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
         while (urlEltsIterator.hasNext()) {
             Element urlElt = (Element) urlEltsIterator.next();
 
-            String path = urlElt.getAttribute(PATH_PATTERN_ATTRIBUTE);
+            String path = urlElt.getAttribute(ATT_PATH_PATTERN);
 
             Assert.hasText(path, "path attribute cannot be empty or null");
 
-            String access = urlElt.getAttribute(ACCESS_CONFIG_ATTRIBUTE);
+            String access = urlElt.getAttribute(ATT_ACCESS_CONFIG);
 
             // Convert the comma-separated list of access attributes to a ConfigAttributeDefinition
             if (StringUtils.hasText(access)) {
@@ -217,7 +200,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
                 interceptorFilterInvDefSource.addSecureUrl(path, (ConfigAttributeDefinition) editor.getValue());
             }
 
-            String requiredChannel = urlElt.getAttribute(REQUIRES_CHANNEL_ATTRIBUTE);
+            String requiredChannel = urlElt.getAttribute(ATT_REQUIRES_CHANNEL);
 
             if (StringUtils.hasText(requiredChannel)) {
                 String channelConfigAttribute = null;
@@ -234,7 +217,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
                 channelFilterInvDefSource.addSecureUrl(path, (ConfigAttributeDefinition) editor.getValue());
             }
 
-            String filters = urlElt.getAttribute(FILTERS_ATTRIBUTE);
+            String filters = urlElt.getAttribute(ATT_FILTERS);
 
             if (StringUtils.hasText(filters)) {
                 if (!filters.equals(NO_FILTERS_VALUE)) {

core/src/main/java/org/springframework/security/config/HttpSecurityConfigPostProcessor.java

@@ -38,7 +38,7 @@ public class HttpSecurityConfigPostProcessor implements BeanFactoryPostProcessor
     public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
         ConfigUtils.registerAccessManagerIfNecessary(beanFactory);
         BeanDefinition securityInterceptor =
-                beanFactory.getBeanDefinition(HttpSecurityBeanDefinitionParser.DEFAULT_FILTER_SECURITY_INTERCEPTOR_ID);
+                beanFactory.getBeanDefinition(BeanIds.FILTER_SECURITY_INTERCEPTOR);
 
         ConfigUtils.configureSecurityInterceptor(beanFactory, securityInterceptor);
 
@@ -54,7 +54,7 @@ public class HttpSecurityConfigPostProcessor implements BeanFactoryPostProcessor
     private void configureRememberMeSerices(ConfigurableListableBeanFactory beanFactory) {
         try {
             BeanDefinition rememberMeServices =
-                    beanFactory.getBeanDefinition(RememberMeBeanDefinitionParser.DEFAULT_REMEMBER_ME_SERVICES_ID);
+                    beanFactory.getBeanDefinition(BeanIds.REMEMBER_ME_SERVICES);
             rememberMeServices.getPropertyValues().addPropertyValue("userDetailsService",
                     ConfigUtils.getUserDetailsService(beanFactory));
         } catch (NoSuchBeanDefinitionException e) {
@@ -101,14 +101,14 @@ public class HttpSecurityConfigPostProcessor implements BeanFactoryPostProcessor
         logger.info("Selecting AuthenticationEntryPoint for use in ExceptionTranslationFilter");
 
         BeanDefinition etf =
-                beanFactory.getBeanDefinition(HttpSecurityBeanDefinitionParser.DEFAULT_EXCEPTION_TRANSLATION_FILTER_ID);
+                beanFactory.getBeanDefinition(BeanIds.EXCEPTION_TRANSLATION_FILTER);
         Map entryPointMap = beanFactory.getBeansOfType(AuthenticationEntryPoint.class);
         List entryPoints = new ArrayList(entryPointMap.values());
 
         Assert.isTrue(entryPoints.size() > 0, "No AuthenticationEntryPoint instances defined");
 
         AuthenticationEntryPoint mainEntryPoint = (AuthenticationEntryPoint)
-                entryPointMap.get(FormLoginBeanDefinitionParser.DEFAULT_FORM_LOGIN_ENTRY_POINT_ID);
+                entryPointMap.get(BeanIds.FORM_LOGIN_ENTRY_POINT);
 
         if (mainEntryPoint == null) {
             throw new SecurityConfigurationException("Failed to resolve authentication entry point");
@@ -121,7 +121,7 @@ public class HttpSecurityConfigPostProcessor implements BeanFactoryPostProcessor
 
     private void configureFilterChain(ConfigurableListableBeanFactory beanFactory) {
         FilterChainProxy filterChainProxy =
-                (FilterChainProxy) beanFactory.getBean(HttpSecurityBeanDefinitionParser.DEFAULT_FILTER_CHAIN_PROXY_ID);
+                (FilterChainProxy) beanFactory.getBean(BeanIds.FILTER_CHAIN_PROXY);
         // Set the default match
         List defaultFilterChain = orderFilters(beanFactory);
 
@@ -139,7 +139,7 @@ public class HttpSecurityConfigPostProcessor implements BeanFactoryPostProcessor
         if (!sessionFilters.isEmpty()) {
             logger.info("Concurrent session filter in use, setting 'forceEagerSessionCreation' to true");
             HttpSessionContextIntegrationFilter scif = (HttpSessionContextIntegrationFilter)
-                    beanFactory.getBean(HttpSecurityBeanDefinitionParser.DEFAULT_HTTP_SESSION_FILTER_ID);
+                    beanFactory.getBean(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER);
             scif.setForceEagerSessionCreation(true);
         }
     }

core/src/main/java/org/springframework/security/config/InterceptMethodsBeanDefinitionDecorator.java

@@ -26,11 +26,11 @@ import java.util.List;
 
 /**
  * @author Luke Taylor
+ * @author Ben Alex
+ * 
  * @version $Id$
  */
 public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDecorator {
-    private static final String POST_PROCESSOR_ID = "_interceptMethodsBeanfactoryPP";
-
     private BeanDefinitionDecorator delegate = new InternalInterceptMethodsBeanDefinitionDecorator();
 
     public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder definition, ParserContext parserContext) {
@@ -40,11 +40,11 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe
     }
 
     private void registerPostProcessorIfNecessary(BeanDefinitionRegistry registry) {
-        if (registry.containsBeanDefinition(POST_PROCESSOR_ID)) {
+        if (registry.containsBeanDefinition(BeanIds.INTERCEPT_METHODS_BEAN_FACTORY_POST_PROCESSOR)) {
             return;
         }
 
-        registry.registerBeanDefinition(POST_PROCESSOR_ID,
+        registry.registerBeanDefinition(BeanIds.INTERCEPT_METHODS_BEAN_FACTORY_POST_PROCESSOR,
                 new RootBeanDefinition(MethodSecurityConfigPostProcessor.class));
     }
 
@@ -71,7 +71,10 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe
  * post processor,
  */
 class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractInterceptorDrivenBeanDefinitionDecorator {
-    private Log logger = LogFactory.getLog(getClass());
+    static final String ATT_CLASS = "class";
+	static final String ATT_METHOD = "method";
+	static final String ATT_ACCESS = "access";
+	private Log logger = LogFactory.getLog(getClass());
 
     protected BeanDefinition createInterceptorDefinition(Node node) {
         Element interceptMethodsElt = (Element)node;
@@ -79,7 +82,7 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
 
         Element beanNode = (Element)interceptMethodsElt.getParentNode();
         // Get the class from the parent bean...
-        String targetClassName = beanNode.getAttribute("class");
+        String targetClassName = beanNode.getAttribute(ATT_CLASS);
         Class targetClass;
 
         try {
@@ -89,19 +92,19 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
         }
 
         // Parse the included methods
-        List methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, "protect");
+        List methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, Elements.PROTECT);
         MethodDefinitionMap methodMap = new MethodDefinitionMap();
         ConfigAttributeEditor attributeEditor = new ConfigAttributeEditor();
 
         for (Iterator i = methods.iterator(); i.hasNext();) {
             Element protectmethodElt = (Element) i.next();
-            String accessConfig = protectmethodElt.getAttribute("access");
+            String accessConfig = protectmethodElt.getAttribute(ATT_ACCESS);
             attributeEditor.setAsText(accessConfig);
 
 // TODO: We want to use just the method names, but MethodDefinitionMap won't work that way.            
 //            methodMap.addSecureMethod(targetClass, protectmethodElt.getAttribute("method"),
 //                    (ConfigAttributeDefinition) attributeEditor.getValue());
-            methodMap.addSecureMethod(protectmethodElt.getAttribute("method"), 
+            methodMap.addSecureMethod(protectmethodElt.getAttribute(ATT_METHOD), 
                     (ConfigAttributeDefinition) attributeEditor.getValue());
         }
 

core/src/main/java/org/springframework/security/config/LogoutBeanDefinitionParser.java

@@ -15,34 +15,37 @@ import org.w3c.dom.Element;
 
 /**
  * @author Luke Taylor
+ * @author Ben Alex
  * @version $Id$
  */
 public class LogoutBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
-    public static final String DEFAULT_LOGOUT_SUCCESS_URL = "/";
+    static final String ATT_LOGOUT_SUCCESS_URL = "logoutSuccessUrl";
+	static final String ATT_LOGOUT_URL = "logoutUrl";
+	public static final String DEF_LOGOUT_SUCCESS_URL = "/";
 
     protected Class getBeanClass(Element element) {
         return LogoutFilter.class;
     }
 
     protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
-        String logoutUrl = element.getAttribute("logoutUrl");
+        String logoutUrl = element.getAttribute(ATT_LOGOUT_URL);
 
         if (StringUtils.hasText(logoutUrl)) {
             builder.addPropertyValue("filterProcessesUrl", logoutUrl);
         }
 
-        String logoutSuccessUrl = element.getAttribute("logoutSuccessUrl");
+        String logoutSuccessUrl = element.getAttribute(ATT_LOGOUT_SUCCESS_URL);
 
         if (!StringUtils.hasText(logoutSuccessUrl)) {
-            logoutSuccessUrl = DEFAULT_LOGOUT_SUCCESS_URL;
+            logoutSuccessUrl = DEF_LOGOUT_SUCCESS_URL;
         }
 
         builder.addConstructorArg(logoutSuccessUrl);
         ManagedList handlers = new ManagedList();
         handlers.add(new SecurityContextLogoutHandler());
 
-        if (parserContext.getRegistry().containsBeanDefinition(RememberMeBeanDefinitionParser.DEFAULT_REMEMBER_ME_SERVICES_ID)) {
-            handlers.add(new RuntimeBeanReference(RememberMeBeanDefinitionParser.DEFAULT_REMEMBER_ME_SERVICES_ID));
+        if (parserContext.getRegistry().containsBeanDefinition(BeanIds.REMEMBER_ME_SERVICES)) {
+            handlers.add(new RuntimeBeanReference(BeanIds.REMEMBER_ME_SERVICES));
         }
 
         builder.addConstructorArg(handlers);
@@ -56,6 +59,6 @@ public class LogoutBeanDefinitionParser extends AbstractSingleBeanDefinitionPars
             return id;
         }
 
-        return HttpSecurityBeanDefinitionParser.DEFAULT_LOGOUT_FILTER_ID;
+        return BeanIds.LOGOUT_FILTER;
     }
 }

core/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java

@@ -18,24 +18,25 @@ import org.w3c.dom.Element;
 
 /**
  * @author Luke Taylor
+ * @author Ben Alex
  * @version $Id$
  */
 public class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
-    protected final Log logger = LogFactory.getLog(getClass());
-
-    public static final String DEFAULT_REMEMBER_ME_FILTER_ID = "_rememberMeFilter";
-    public static final String DEFAULT_REMEMBER_ME_SERVICES_ID = "_rememberMeServices";
+    static final String ATT_KEY = "key";
+	static final String ATT_DATA_SOURCE = "dataSource";
+	static final String ATT_TOKEN_REPOSITORY = "tokenRepository";
+	protected final Log logger = LogFactory.getLog(getClass());
 
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         BeanDefinition filter = new RootBeanDefinition(RememberMeProcessingFilter.class);
         BeanDefinition services = new RootBeanDefinition(PersistentTokenBasedRememberMeServices.class);
 
         filter.getPropertyValues().addPropertyValue("authenticationManager",
-                new RuntimeBeanReference(ConfigUtils.DEFAULT_AUTH_MANAGER_ID));
+                new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
 
-        String tokenRepository = element.getAttribute("tokenRepository");
-        String dataSource      = element.getAttribute("dataSource");
-        String key             = element.getAttribute("key");
+        String tokenRepository = element.getAttribute(ATT_TOKEN_REPOSITORY);
+        String dataSource      = element.getAttribute(ATT_DATA_SOURCE);
+        String key             = element.getAttribute(ATT_KEY);
 
         boolean dataSourceSet = StringUtils.hasText(dataSource);
         boolean tokenRepoSet = StringUtils.hasText(tokenRepository);
@@ -53,10 +54,10 @@ public class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
                 tokenRepo = new RuntimeBeanReference(tokenRepository);
             } else {
                 tokenRepo = new RootBeanDefinition(JdbcTokenRepositoryImpl.class);
-                ((BeanDefinition)tokenRepo).getPropertyValues().addPropertyValue("dataSource",
+                ((BeanDefinition)tokenRepo).getPropertyValues().addPropertyValue(ATT_DATA_SOURCE,
                         new RuntimeBeanReference(dataSource));
             }
-            services.getPropertyValues().addPropertyValue("tokenRepository", tokenRepo);
+            services.getPropertyValues().addPropertyValue(ATT_TOKEN_REPOSITORY, tokenRepo);
         } else {
             isPersistent = false;
             services = new RootBeanDefinition(TokenBasedRememberMeServices.class);
@@ -67,20 +68,20 @@ public class RememberMeBeanDefinitionParser implements BeanDefinitionParser {
                     "will be ignored.");
         }
 
-        services.getPropertyValues().addPropertyValue("key", key);
+        services.getPropertyValues().addPropertyValue(ATT_KEY, key);
 
         BeanDefinition authManager = ConfigUtils.registerProviderManagerIfNecessary(parserContext);
         BeanDefinition provider = new RootBeanDefinition(RememberMeAuthenticationProvider.class);
-        provider.getPropertyValues().addPropertyValue("key", key);
+        provider.getPropertyValues().addPropertyValue(ATT_KEY, key);
 
         ManagedList providers = (ManagedList) authManager.getPropertyValues().getPropertyValue("providers").getValue();
         providers.add(provider);
 
         filter.getPropertyValues().addPropertyValue("rememberMeServices",
-                new RuntimeBeanReference(DEFAULT_REMEMBER_ME_SERVICES_ID));
+                new RuntimeBeanReference(BeanIds.REMEMBER_ME_SERVICES));
 
-        parserContext.getRegistry().registerBeanDefinition(DEFAULT_REMEMBER_ME_SERVICES_ID, services);
-        parserContext.getRegistry().registerBeanDefinition(DEFAULT_REMEMBER_ME_FILTER_ID, filter);
+        parserContext.getRegistry().registerBeanDefinition(BeanIds.REMEMBER_ME_SERVICES, services);
+        parserContext.getRegistry().registerBeanDefinition(BeanIds.REMEMBER_ME_FILTER, filter);
 
         return null;
     }

core/src/main/java/org/springframework/security/config/RepositoryBeanDefinitionParser.java

@@ -21,10 +21,10 @@ import org.w3c.dom.Element;
  */
 class RepositoryBeanDefinitionParser implements BeanDefinitionParser {
 
-	private static final String ATT_CREATE_PROVIDER = "createProvider";
-	private static final String DEF_CREATE_PROVIDER = "true";
-	private static final String ATT_DATA_SOURCE = "dataSource";
-	private static final String ATT_ID = "id";
+	static final String ATT_CREATE_PROVIDER = "createProvider";
+	static final String ATT_DATA_SOURCE = "dataSource";
+	static final String ATT_ID = "id";
+	static final String DEF_CREATE_PROVIDER = "true";
 	
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         boolean createProvider = true;
@@ -37,9 +37,9 @@ class RepositoryBeanDefinitionParser implements BeanDefinitionParser {
             ConfigUtils.registerProviderManagerIfNecessary(parserContext);
     	}
 
-        Element userServiceElt = DomUtils.getChildElementByTagName(element, Elements.ELT_USER_SERVICE);
-        Element jdbcUserServiceElt = DomUtils.getChildElementByTagName(element, Elements.ELT_JDBC_USER_SERVICE);
-        Element customUserServiceElt = DomUtils.getChildElementByTagName(element, Elements.ELT_CUSTOM_USER_SERVICE);
+        Element userServiceElt = DomUtils.getChildElementByTagName(element, Elements.USER_SERVICE);
+        Element jdbcUserServiceElt = DomUtils.getChildElementByTagName(element, Elements.JDBC_USER_SERVICE);
+        Element customUserServiceElt = DomUtils.getChildElementByTagName(element, Elements.CUSTOM_USER_SERVICE);
 
         if (userServiceElt != null) {
             BeanDefinition userDetailsService = new UserServiceBeanDefinitionParser().parse(userServiceElt, parserContext);

core/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java

@@ -6,17 +6,18 @@ import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
  * Registers the bean definition parsers for the "security" namespace (http://www.springframework.org/schema/security).
  *
  * @author Luke Taylor
+ * @author Ben Alex
  * @version $Id$
  */
 public class SecurityNamespaceHandler extends NamespaceHandlerSupport {    
 
     public void init() {
-        registerBeanDefinitionParser("ldap", new LdapBeanDefinitionParser());
-        registerBeanDefinitionParser("http", new HttpSecurityBeanDefinitionParser());
-        registerBeanDefinitionParser("user-service", new UserServiceBeanDefinitionParser());
-        registerBeanDefinitionParser("repository", new RepositoryBeanDefinitionParser());
-        //registerBeanDefinitionParser("authentication-provider", new AuthenticationProviderBeanDefinitionParser());
-        registerBeanDefinitionDecorator("intercept-methods", new InterceptMethodsBeanDefinitionDecorator());
-        registerBeanDefinitionDecorator("filter-chain-map", new FilterChainMapBeanDefinitionDecorator());        
+        registerBeanDefinitionParser(Elements.LDAP, new LdapBeanDefinitionParser());
+        registerBeanDefinitionParser(Elements.HTTP, new HttpSecurityBeanDefinitionParser());
+        registerBeanDefinitionParser(Elements.USER_SERVICE, new UserServiceBeanDefinitionParser());
+        registerBeanDefinitionParser(Elements.REPOSITORY, new RepositoryBeanDefinitionParser());
+        registerBeanDefinitionParser(Elements.AUTHENTICATION_PROVIDER, new AuthenticationProviderBeanDefinitionParser());
+        registerBeanDefinitionDecorator(Elements.INTERCEPT_METHODS, new InterceptMethodsBeanDefinitionDecorator());
+        registerBeanDefinitionDecorator(Elements.FILTER_CHAIN_MAP, new FilterChainMapBeanDefinitionDecorator());        
     }
 }

core/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java

@@ -18,28 +18,31 @@ import java.util.Iterator;
 
 /**
  * @author Luke Taylor
+ * @author Ben Alex
  * @version $Id$
  */
 public class UserServiceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
 
-    public static final String DEFAULT_ID = "_userDetailsService";
+    static final String ATT_PASSWORD = "password";
+	static final String ATT_NAME = "name";
+	static final String ELT_USER = "user";
+	static final String ATT_AUTHORITIES = "authorities";
 
-    protected Class getBeanClass(Element element) {
+	protected Class getBeanClass(Element element) {
         return InMemoryDaoImpl.class;
     }
 
-
     protected void doParse(Element element, BeanDefinitionBuilder builder) {
-        List userElts = DomUtils.getChildElementsByTagName(element, "user");
+        List userElts = DomUtils.getChildElementsByTagName(element, ELT_USER);
         UserMap users = new UserMap();
 
         for (Iterator i = userElts.iterator(); i.hasNext();) {
             Element userElt = (Element) i.next();
-            String userName = userElt.getAttribute("name");
-            String password = userElt.getAttribute("password");
+            String userName = userElt.getAttribute(ATT_NAME);
+            String password = userElt.getAttribute(ATT_PASSWORD);
 
             users.addUser(new User(userName, password, true, true, true, true,
-                    AuthorityUtils.commaSeparatedStringToAuthorityArray(userElt.getAttribute("authorities"))));
+                    AuthorityUtils.commaSeparatedStringToAuthorityArray(userElt.getAttribute(ATT_AUTHORITIES))));
         }
 
         builder.addPropertyValue("userMap", users);
@@ -54,6 +57,6 @@ public class UserServiceBeanDefinitionParser extends AbstractSingleBeanDefinitio
 
         // TODO: Check for duplicate using default id here.
 
-        return DEFAULT_ID;
+        return BeanIds.USER_DETAILS_SERVICE;
     }
 }

core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc

@@ -102,11 +102,17 @@ form-login =
     ## Sets up a form login configuration
     element form-login {form-login.attlist, empty}    
 form-login.attlist &=
-    ## The URL that the form is submitted to
-    [ a:defaultValue = "/j_spring_security_check" ] attribute loginUrl {xsd:string}?   
+    ## The URL that the login form is posted to. If unspecified, it defaults to /j_spring_security_check.
+    attribute loginUrl {xsd:string}?   
+form-login.attlist &=
+    ## The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application.
+    attribute defaultTargetUrl {xsd:string}?   
 form-login.attlist &=
     ## The URL for the login page. If no login URL is specified, Spring Security will automatically create a login URL at /spring_security_login and a corresponding filter to render that login URL when requested.
     attribute loginPage {xsd:string}?   
+form-login.attlist &=
+    ## The URL for the login failure page. If no login failure URL is specified, Spring Security will automatically create a failure login URL at /spring_security_login?login_error and a corresponding filter to render that login failure URL when requested.
+    attribute authenticationFailureUrl {xsd:string}?   
 
 filter-chain-map = 
     ## Used to explicitly configure a FilterChainProxy instance with a FilterChainMap

core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd

@@ -214,9 +214,14 @@
     </xs:complexType>
   </xs:element>
   <xs:attributeGroup name="form-login.attlist">
-    <xs:attribute name="loginUrl" default="/j_spring_security_check" type="xs:string">
+    <xs:attribute name="loginUrl" type="xs:string">
       <xs:annotation>
-        <xs:documentation>The URL that the form is submitted to</xs:documentation>
+        <xs:documentation>The URL that the login form is posted to. If unspecified, it defaults to /j_spring_security_check.</xs:documentation>
+      </xs:annotation>
+    </xs:attribute>
+    <xs:attribute name="defaultTargetUrl" type="xs:string">
+      <xs:annotation>
+        <xs:documentation>The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application.</xs:documentation>
       </xs:annotation>
     </xs:attribute>
     <xs:attribute name="loginPage" type="xs:string">
@@ -224,6 +229,11 @@
         <xs:documentation>The URL for the login page. If no login URL is specified, Spring Security will automatically create a login URL at /spring_security_login and a corresponding filter to render that login URL when requested.</xs:documentation>
       </xs:annotation>
     </xs:attribute>
+    <xs:attribute name="authenticationFailureUrl" type="xs:string">
+      <xs:annotation>
+        <xs:documentation>The URL for the login failure page. If no login failure URL is specified, Spring Security will automatically create a failure login URL at /spring_security_login?login_error and a corresponding filter to render that login failure URL when requested.</xs:documentation>
+      </xs:annotation>
+    </xs:attribute>
   </xs:attributeGroup>
   <xs:element name="filter-chain-map">
     <xs:annotation>

core/src/test/java/org/springframework/security/config/CustomUserDetailsTests.java

@@ -38,7 +38,7 @@ public class CustomUserDetailsTests {
     
     @Test
     public void testProviderManagerSetup() {
-    	ProviderManager manager = (ProviderManager) appContext.getBean(ConfigUtils.DEFAULT_AUTH_MANAGER_ID);
+    	ProviderManager manager = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
     	List providers = manager.getProviders();
     	assertTrue(providers.size() == 1);
     	assertTrue(providers.iterator().next() instanceof DaoAuthenticationProvider);

core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java

@@ -44,7 +44,7 @@ public class HttpSecurityBeanDefinitionParserTests {
     @Test
     public void filterChainProxyShouldReturnEmptyFilterListForUnprotectedUrl() {
         FilterChainProxy filterChainProxy =
-                (FilterChainProxy) appContext.getBean(HttpSecurityBeanDefinitionParser.DEFAULT_FILTER_CHAIN_PROXY_ID);
+                (FilterChainProxy) appContext.getBean(BeanIds.FILTER_CHAIN_PROXY);
 
         List filters = filterChainProxy.getFilters("/unprotected");
 
@@ -54,7 +54,7 @@ public class HttpSecurityBeanDefinitionParserTests {
     @Test
     public void filterChainProxyShouldReturnCorrectFilterListForProtectedUrl() {
         FilterChainProxy filterChainProxy =
-                (FilterChainProxy) appContext.getBean(HttpSecurityBeanDefinitionParser.DEFAULT_FILTER_CHAIN_PROXY_ID);
+                (FilterChainProxy) appContext.getBean(BeanIds.FILTER_CHAIN_PROXY);
 
         List filterList = filterChainProxy.getFilters("/someurl");
 

core/src/test/java/org/springframework/security/config/JdbcUserDetailsTests.java

@@ -39,7 +39,7 @@ public class JdbcUserDetailsTests {
     
     @Test
     public void testProviderManagerSetup() {
-    	ProviderManager manager = (ProviderManager) appContext.getBean(ConfigUtils.DEFAULT_AUTH_MANAGER_ID);
+    	ProviderManager manager = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
     	List providers = manager.getProviders();
     	assertTrue(providers.size() == 1);
     	assertTrue(providers.iterator().next() instanceof DaoAuthenticationProvider);