Updated heavy-duty sample to be able to build it.

sandbox/heavyduty/pom.xml

@@ -8,24 +8,20 @@
     <dependencies>
         <dependency>
             <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-core</artifactId>
+            <artifactId>spring-security-web</artifactId>
             <version>${spring.security.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-taglibs</artifactId>
+            <artifactId>spring-security-ldap</artifactId>
             <version>${spring.security.version}</version>
         </dependency>
         <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>org.springframework.core</artifactId>
-            <version>${spring.version}</version>
-        </dependency>                
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>org.springframework.context</artifactId>
-            <version>${spring.version}</version>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>${spring.security.version}</version>
         </dependency>
+
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>org.springframework.web</artifactId>
@@ -40,60 +36,62 @@
             <groupId>org.springframework</groupId>
             <artifactId>org.springframework.jdbc</artifactId>
             <scope>runtime</scope>
-            <version>${spring.version}</version>    
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>org.springframework.orm</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+<!--
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-taglibs</artifactId>
+            <version>${spring.security.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
-            <artifactId>spring-orm</artifactId>
+            <artifactId>org.springframework.context</artifactId>
             <version>${spring.version}</version>
-        </dependency>        
+        </dependency>
+
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>org.springframework.aop</artifactId>
             <scope>runtime</scope>
             <version>${spring.version}</version>
         </dependency>
+-->
         <dependency>
             <groupId>org.freemarker</groupId>
             <artifactId>freemarker</artifactId>
             <scope>runtime</scope>
             <version>2.3.12</version>
-        </dependency>        
-	    <dependency>
-	      <groupId>hsqldb</groupId>
-	      <artifactId>hsqldb</artifactId>
-	      <version>1.8.0.7</version>
-	      <scope>compile</scope>
-	    </dependency>
-	    <dependency>
-	      <groupId>org.hibernate</groupId>
-	      <artifactId>hibernate-entitymanager</artifactId>
-	      <version>3.3.2.GA</version>
-	      <scope>compile</scope>
-	    </dependency>
-	    <dependency>
-	      <groupId>net.sf.ehcache</groupId>
-	      <artifactId>ehcache</artifactId>
-	      <version>1.3.0</version>
-	      <scope>compile</scope>
-	    </dependency>
-	    <dependency>
-	        <groupId>org.aspectj</groupId>
-    		<artifactId>aspectjweaver</artifactId>
-	    	<optional>true</optional>
-		    <version>1.5.4</version>
-	    </dependency>	    
-	    <dependency>
-	        <groupId>org.aspectj</groupId>
-	    	<artifactId>aspectjrt</artifactId>
-		    <version>1.5.4</version>
-	    </dependency>
+        </dependency>
+        <dependency>
+          <groupId>hsqldb</groupId>
+          <artifactId>hsqldb</artifactId>
+          <version>1.8.0.7</version>
+          <scope>compile</scope>
+        </dependency>
+        <dependency>
+          <groupId>org.hibernate</groupId>
+          <artifactId>hibernate-entitymanager</artifactId>
+          <version>3.3.2.GA</version>
+          <scope>compile</scope>
+        </dependency>
+        <dependency>
+          <groupId>net.sf.ehcache</groupId>
+          <artifactId>ehcache</artifactId>
+          <version>1.4.1</version>
+          <scope>compile</scope>
+        </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>servlet-api</artifactId>
             <scope>provided</scope>
             <version>2.4</version>
-        </dependency>        
+        </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>jstl</artifactId>
@@ -104,7 +102,7 @@
             <groupId>taglibs</groupId>
             <artifactId>standard</artifactId>
             <scope>runtime</scope>
-            <version>1.1.2</version>            
+            <version>1.1.2</version>
         </dependency>
         <dependency>
             <groupId>org.apache.directory.server</groupId>
@@ -123,18 +121,18 @@
             <artifactId>slf4j-log4j12</artifactId>
             <version>1.4.3</version>
             <scope>runtime</scope>
-        </dependency>       
+        </dependency>
         <dependency>
             <groupId>org.springframework.ldap</groupId>
             <artifactId>spring-ldap</artifactId>
             <version>1.2.1</version>
-        </dependency>        
+        </dependency>
         <dependency>
             <groupId>log4j</groupId>
             <artifactId>log4j</artifactId>
             <scope>runtime</scope>
             <version>1.2.14</version>
-        </dependency>        
+        </dependency>
     </dependencies>
 
     <build>
@@ -155,7 +153,7 @@
                     <downloadSources>true</downloadSources>
                     <wtpversion>2.0</wtpversion>
                 </configuration>
-            </plugin>            
+            </plugin>
             <plugin>
                 <groupId>org.mortbay.jetty</groupId>
                 <artifactId>maven-jetty-plugin</artifactId>
@@ -183,8 +181,8 @@
             </plugin>
         </plugins>
     </build>
-    <properties>        
-        <spring.version>2.5.6</spring.version>
+    <properties>
+        <spring.version>3.0.0.M2</spring.version>
         <spring.security.version>3.0.0.CI-SNAPSHOT</spring.security.version>
     </properties>
 

sandbox/heavyduty/src/main/java/bigbank/BankDaoStub.java

@@ -5,8 +5,8 @@ import java.util.Map;
 
 public class BankDaoStub implements BankDao {
     private long id = 0;
-    private Map accounts = new HashMap();
-    
+    private Map<Long, Account> accounts = new HashMap<Long, Account>();
+
     public void createOrUpdateAccount(Account account) {
         if (account.getId() == -1) {
             id++;

sandbox/heavyduty/src/main/java/bigbank/BankService.java

@@ -1,15 +1,15 @@
 package bigbank;
 
-import org.springframework.security.annotation.Secured;
+import org.springframework.security.access.annotation.Secured;
 
 public interface BankService {
-    
+
     @Secured("IS_AUTHENTICATED_ANONYMOUSLY")
     public Account readAccount(Long id);
-        
+
     @Secured("IS_AUTHENTICATED_ANONYMOUSLY")
     public Account[] findAccounts();
-    
+
     @Secured("ROLE_TELLER")
     public Account post(Account account, double amount);
 }

sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyAuthenticationProcessingFilter.java

@@ -1,11 +1,11 @@
 package heavyduty.security.ui;
 
-import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
 
 public class HeavyDutyAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
-    
-    
 
-    
-    
+
+
+
+
 }

sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyEntryPoint.java

@@ -1,9 +1,9 @@
 package heavyduty.security.ui;
 
-import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
+import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
 
 public class HeavyDutyEntryPoint extends AuthenticationProcessingFilterEntryPoint {
 
-    
-    
+
+
 }

sandbox/heavyduty/src/main/java/heavyduty/web/TestMultiActionController.java

@@ -18,33 +18,33 @@ import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
  */
 public class TestMultiActionController extends MultiActionController {
     public static final String VIEW_NAME = "multi-action-test";
-    
+
     public String login(HttpServletRequest request, HttpServletResponse response) {
         return "login";
     }
-        
+
     public void step1(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         String[] x = request.getParameterValues("x");
         logger.info("x= " + (x == null ? "null" : Arrays.asList(x)));
         String[] y = request.getParameterValues("y");
-        logger.info("y = " + (y == null ? "null" : Arrays.asList(y)));        
+        logger.info("y = " + (y == null ? "null" : Arrays.asList(y)));
         request.getRequestDispatcher("/testMulti.htm?action=step1xtra&x=5&x=5").forward(request, response);
     }
 
     public ModelAndView step1xtra(HttpServletRequest request, HttpServletResponse response) throws ServletRequestBindingException {
         logger.info("x = " + Arrays.asList(request.getParameterValues("x")));
         return createView("step2");
-    }    
-    
+    }
+
     public ModelAndView step2(HttpServletRequest request, HttpServletResponse response) throws ServletRequestBindingException {
         return createView("step1");
     }
-    
+
     private ModelAndView createView(String name) {
-        Map model = new HashMap();
+        Map<String, String> model = new HashMap<String, String>();
         model.put("nextAction", name);
         return new ModelAndView(VIEW_NAME, model);
     }
-    
+
 }
 

sandbox/heavyduty/src/main/java/sample/TestVoter.java

@@ -1,12 +1,11 @@
 package sample;
 
-import java.lang.annotation.Annotation;
 import java.util.List;
 
 import org.aopalliance.intercept.MethodInvocation;
-import org.springframework.security.Authentication;
-import org.springframework.security.ConfigAttribute;
-import org.springframework.security.vote.AccessDecisionVoter;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.vote.AccessDecisionVoter;
+import org.springframework.security.core.Authentication;
 
 public class TestVoter implements AccessDecisionVoter {
 
@@ -14,14 +13,14 @@ public class TestVoter implements AccessDecisionVoter {
         return true;
     }
 
-    public boolean supports(Class clazz) {
+    public boolean supports(Class<?> clazz) {
         return MethodInvocation.class.isAssignableFrom(clazz);
     }
 
     public int vote(Authentication authentication, Object object, List<ConfigAttribute> config) {
         MethodInvocation mi = (MethodInvocation) object;
 
-        Annotation[][] annotations = mi.getMethod().getParameterAnnotations();
+        mi.getMethod().getParameterAnnotations();
 
 
         return ACCESS_GRANTED;

sandbox/heavyduty/src/main/java/sample/dao/impl/GenericDAOImpl.java

@@ -24,7 +24,7 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
 
     /**
      * Minimal constructor
-     * 
+     *
      * @param t
      *            type POJO hibernate
      */
@@ -34,12 +34,11 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
 
     /**
      * read data
-     * 
+     *
      * @param id
      *            data id
      * @return data
      */
-    @SuppressWarnings("unchecked")
     public T read(PK id) {
         if (id == null) {
             throw new IllegalArgumentException("Id cannot be null or empty");
@@ -54,7 +53,7 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
 
     /**
      * persist data
-     * 
+     *
      * @param transientInstance
      *            data to persist
      * @see sido.common.dao.GenericDAO#persist(T)
@@ -68,9 +67,9 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
     }
 
     /**
-     * 
+     *
      * attach clean
-     * 
+     *
      * @param instance
      *            data to attach
      * @see sido.common.dao.GenericDAO#refresh(T)
@@ -85,7 +84,7 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
 
     /**
      * delete
-     * 
+     *
      * @param persistentInstance
      *            data to delete
      * @see sido.common.dao.GenericDAO#delete(T)
@@ -100,13 +99,12 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
 
     /**
      * merge
-     * 
+     *
      * @param detachedInstance
      *            data to merge
      * @return the merged data
      * @see sido.common.dao.GenericDAO#merge(T)
      */
-    @SuppressWarnings("unchecked")
     public T merge(T detachedInstance) {
         if (LOG.isDebugEnabled()) {
             LOG.debug("merging instance of "
@@ -123,4 +121,4 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
     }
 
 
-}
+}

sandbox/heavyduty/src/main/java/sample/service/UserService.java

@@ -1,16 +1,16 @@
 package sample.service;
 
-import org.springframework.security.userdetails.UserDetails;
-import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
 
 public interface UserService extends UserDetailsService {
-    
+
     /**
      * Register a new User in database
      * @param username
      */
     public UserDetails register(String username, String password);
-    
-    
-    
+
+
+
 }

sandbox/heavyduty/src/main/java/sample/service/impl/UserServiceImpl.java

@@ -1,18 +1,16 @@
 /**
- * 
+ *
  */
 package sample.service.impl;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.AuthenticationException;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
-import org.springframework.security.userdetails.UserDetails;
-import org.springframework.security.userdetails.UsernameNotFoundException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Component;
-import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import sample.dao.UserDAO;
@@ -21,7 +19,7 @@ import sample.service.UserService;
 
 /**
  * @author A207119
- * 
+ *
  */
 @Component
 @Transactional
@@ -39,9 +37,9 @@ public class UserServiceImpl implements UserService {
         try {
             User user = userDAO.findByUsername(username);
 
-            return new org.springframework.security.userdetails.User(user
+            return new org.springframework.security.core.userdetails.User(user
                     .getUsername(), user.getPassword(), true, true, true, true,
-                    new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER") });
+                    AuthorityUtils.createAuthorityList("ROLE_USER"));
         } catch (Exception e) {
             LOG.error(e.getMessage(), e);
             throw new UsernameNotFoundException("No matching account", e);
@@ -51,9 +49,9 @@ public class UserServiceImpl implements UserService {
     public UserDetails register(String username, String password) {
         User user = new User(username, password);
         userDAO.persist(user);
-        return new org.springframework.security.userdetails.User(user
+        return new org.springframework.security.core.userdetails.User(user
                 .getUsername(), user.getPassword(), true, true, true, true,
-                new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER") });
+                AuthorityUtils.createAuthorityList("ROLE_USER"));
 
     }
 

sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml

@@ -12,33 +12,33 @@
     xmlns:aop="http://www.springframework.org/schema/aop"
     xmlns:context="http://www.springframework.org/schema/context"
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
-						http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
+                        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
                         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
 
     <!--b:import resource="appContext-misc.xml"/-->
-	<context:component-scan base-package='sample'/>
-    
-	<global-method-security secured-annotations="enabled" access-decision-manager-ref="methodAccessMgr">
-		<protect-pointcut expression="execution(* sample.service.UserService+.*(..))"
-					access="ROLE_LOGGEDIN" />
-	</global-method-security>
-	
-	<aop:aspectj-autoproxy/>
-	
-	<b:bean id="methodAccessMgr" class="org.springframework.security.vote.AffirmativeBased">
-	   <b:property name="decisionVoters">
-	       <b:list>
-	           <b:bean class="sample.TestVoter"/>
-	       </b:list>
-	   </b:property>
-	</b:bean>
-    
+    <context:component-scan base-package='sample'/>
+
+    <global-method-security secured-annotations="enabled" access-decision-manager-ref="methodAccessMgr">
+        <protect-pointcut expression="execution(* sample.service.UserService+.*(..))"
+                    access="ROLE_LOGGEDIN" />
+    </global-method-security>
+
+    <aop:aspectj-autoproxy/>
+
+    <b:bean id="methodAccessMgr" class="org.springframework.security.access.vote.AffirmativeBased">
+       <b:property name="decisionVoters">
+           <b:list>
+               <b:bean class="sample.TestVoter"/>
+           </b:list>
+       </b:property>
+    </b:bean>
+
     <http>
         <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
         <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
-        <intercept-url pattern="/testMulti.htm*" access="IS_AUTHENTICATED_FULLY" />        
-		<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
+        <intercept-url pattern="/testMulti.htm*" access="IS_AUTHENTICATED_FULLY" />
+        <!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
         <intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
         <intercept-url pattern="/post.html" access="ROLE_TELLER" />
         -->
@@ -57,25 +57,25 @@
 
         <!-- Uncomment to limit the number of sessions a user can have -->
         <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" session-registry-ref='sessionRegistry'/>
-        
+
     </http>
 
     <authentication-manager alias="authenticationManager" />
-    
-    <b:bean id='tokenRepo' class='org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl'/>    
-    
+
+    <b:bean id='tokenRepo' class='org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl'/>
+
     <!-- Traditional Session Control Beans -->
-<!--     
+<!--
     <b:bean id='sessionControlFilter' class="org.springframework.security.concurrent.ConcurrentSessionFilter">
         <custom-filter position="CONCURRENT_SESSION_FILTER"/>
         <b:property name="sessionRegistry" ref='sessionRegistry'/>
     </b:bean>
-    
+
     <b:bean id='sessionController' class="org.springframework.security.concurrent.ConcurrentSessionControllerImpl">
         <b:property name='sessionRegistry' ref='sessionRegistry'/>
     </b:bean>
- -->    
-    <b:bean id='sessionRegistry' class="org.springframework.security.concurrent.SessionRegistryImpl"/>
+ -->
+    <b:bean id='sessionRegistry' class="org.springframework.security.authentication.concurrent.SessionRegistryImpl"/>
 <!--
     <b:bean id="customAuthFilter" class="heavyduty.security.ui.HeavyDutyAuthenticationProcessingFilter">
         <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
@@ -86,45 +86,45 @@
     <b:bean id="customEntryPoint" class="heavyduty.security.ui.HeavyDutyEntryPoint">
         <b:property name="loginFormUrl" value="/login.jsp"/>
     </b:bean>
--->    
-<!--     
+-->
+<!--
     <b:bean id="loginPageGenerator" class="org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter">
         <custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
         <b:constructor-arg ref="customAuthFilter"/>
     </b:bean>
  -->
-    
-	<authentication-provider user-service-ref="daoUserService">
-	    <password-encoder hash="md5" />
-	</authentication-provider>
+
+    <authentication-provider user-service-ref="daoUserService">
+        <password-encoder hash="md5" />
+    </authentication-provider>
 
     <authentication-provider>
         <password-encoder hash="md5"/>
         <user-service>
             <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
-	        <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
+            <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
             <user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
             <user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
-	    </user-service>
-	</authentication-provider>
-	
-	<ldap-server id="ldapServer"/>
+        </user-service>
+    </authentication-provider>
+
+    <ldap-server id="ldapServer"/>
 
     <!-- b:bean id="mbeanServer" class="org.springframework.jmx.support.MBeanServerFactoryBean"/ -->
 
-	<b:bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
-	    <b:property name="beans">
-	      <b:map>
-	        <b:entry key="bean:name=ldapContextSource" value-ref="ldapServer"/>
-	      </b:map>
-	    </b:property>
-	    <b:property name="assembler">
-	      <b:bean class="org.springframework.jmx.export.assembler.MethodNameBasedMBeanInfoAssembler">
-	        <b:property name="managedMethods" value="setPassword,setUserDn,getUrls,setUrl,setUrls,setPooled,isPooled,setBase,getBaseLdapPathAsString"/>
-	      </b:bean>
-	    </b:property>	    
-	    <!-- b:property name="server" ref="mbeanServer"/-->
-	</b:bean>
-	
-
-</b:beans>
+    <b:bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
+        <b:property name="beans">
+          <b:map>
+            <b:entry key="bean:name=ldapContextSource" value-ref="ldapServer"/>
+          </b:map>
+        </b:property>
+        <b:property name="assembler">
+          <b:bean class="org.springframework.jmx.export.assembler.MethodNameBasedMBeanInfoAssembler">
+            <b:property name="managedMethods" value="setPassword,setUserDn,getUrls,setUrl,setUrls,setPooled,isPooled,setBase,getBaseLdapPathAsString"/>
+          </b:bean>
+        </b:property>
+        <!-- b:property name="server" ref="mbeanServer"/-->
+    </b:bean>
+
+
+</b:beans>

sandbox/heavyduty/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml

@@ -18,35 +18,35 @@
 
 <beans>
 
-	<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
-		<property name="filterInvocationDefinitionSource">
-			<value><![CDATA[
-				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-				PATTERN_TYPE_APACHE_ANT
-				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
-			]]></value>
-		</property>
-	</bean>
-
-	<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
-
-	<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
-		<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
-		<constructor-arg>
-			<list>
-				<ref bean="rememberMeServices"/>
-				<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
-			</list>
-		</constructor-arg>
-	</bean>
-
-	<bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
-		<property name="authenticationManager" ref="authenticationManager"/>
-		<property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
-		<property name="defaultTargetUrl" value="/"/>
-		<property name="filterProcessesUrl" value="/j_spring_security_check"/>
-		<property name="rememberMeServices" ref="rememberMeServices"/>
-	</bean>
+    <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
+        <property name="filterInvocationDefinitionSource">
+            <value><![CDATA[
+                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+                PATTERN_TYPE_APACHE_ANT
+                /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
+            ]]></value>
+        </property>
+    </bean>
+
+    <bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
+
+    <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
+        <constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
+        <constructor-arg>
+            <list>
+                <ref bean="rememberMeServices"/>
+                <bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
+            </list>
+        </constructor-arg>
+    </bean>
+
+    <bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
+        <property name="authenticationManager" ref="authenticationManager"/>
+        <property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
+        <property name="defaultTargetUrl" value="/"/>
+        <property name="filterProcessesUrl" value="/j_spring_security_check"/>
+        <property name="rememberMeServices" ref="rememberMeServices"/>
+    </bean>
 
     <bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
         <property name="authenticationManager"><ref local="authenticationManager"/></property>
@@ -57,105 +57,105 @@
         <property name="realmName"><value>My Realm</value></property>
     </bean>
 
-	<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
-
-	<bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
-		<property name="authenticationManager" ref="authenticationManager"/>
-		<property name="rememberMeServices" ref="rememberMeServices"/>
-	</bean>
-
-	<bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
-		<property name="key" value="changeThis"/>
-		<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
-	</bean>
-
-	<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
-		<property name="authenticationEntryPoint">
-			<bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
-				<property name="loginFormUrl" value="/acegilogin.jsp"/>
-				<property name="forceHttps" value="false"/>
-			</bean>
-		</property>
-		<property name="accessDeniedHandler">
-			<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
-				<property name="errorPage" value="/accessDenied.jsp"/>
-			</bean>
-		</property>
-	</bean>
-
-	<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
-		<property name="allowIfAllAbstainDecisions" value="false"/>
-		<property name="decisionVoters">
-			<list>
-				<bean class="org.springframework.security.vote.RoleVoter"/>
-				<bean class="org.springframework.security.vote.AuthenticatedVoter"/>
-			</list>
-		</property>
-	</bean>
-
-	<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
-		<property name="authenticationManager" ref="authenticationManager"/>
-		<property name="accessDecisionManager" ref="accessDecisionManager"/>
-		<property name="objectDefinitionSource">
-			<value><![CDATA[
-				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-				PATTERN_TYPE_APACHE_ANT
-				/secure/extreme/**=ROLE_SUPERVISOR
-				/secure/**=IS_AUTHENTICATED_REMEMBERED
-				/**=IS_AUTHENTICATED_ANONYMOUSLY
-			]]></value>
-		</property>
-	</bean>
-
-	<bean id="rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
-		<property name="userDetailsService" ref="userDetailsService"/>
-		<property name="key" value="changeThis"/>
-	</bean>
-
-	<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
-		<property name="providers">
-			<list>
-				<ref local="daoAuthenticationProvider"/>
-				<bean class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
-					<property name="key" value="changeThis"/>
-				</bean>
-				<bean class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
-					<property name="key" value="changeThis"/>
-				</bean>
-			</list>
-		</property>
-	</bean>
-
-	<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
-		<property name="userDetailsService" ref="userDetailsService"/>
-	</bean>
-
-	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
-	<bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
-		<property name="userProperties">
-			<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
-				<property name="location" value="/WEB-INF/users.properties"/>
-			</bean>
-		</property>
-	</bean>
-
-	<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
-	<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
-
-	<bean id="daacc" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>
-
-	<bean id="attributes" class="org.springframework.security.annotation.SecurityAnnotationAttributes"/>
-
-	<bean id="objectDefinitionSource" class="org.springframework.security.intercept.method.MethodDefinitionAttributes">
-		<property name="attributes"><ref local="attributes"/></property>
-	</bean>
-
-	<bean id="securityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
-		<property name="authenticationManager"><ref local="authenticationManager"/></property>
-		<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
-		<property name="objectDefinitionSource">
-			<ref local="objectDefinitionSource"/>
-		</property>
-	</bean>
-
-</beans>
+    <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
+
+    <bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
+        <property name="authenticationManager" ref="authenticationManager"/>
+        <property name="rememberMeServices" ref="rememberMeServices"/>
+    </bean>
+
+    <bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
+        <property name="key" value="changeThis"/>
+        <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
+    </bean>
+
+    <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
+        <property name="authenticationEntryPoint">
+            <bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+                <property name="loginFormUrl" value="/acegilogin.jsp"/>
+                <property name="forceHttps" value="false"/>
+            </bean>
+        </property>
+        <property name="accessDeniedHandler">
+            <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
+                <property name="errorPage" value="/accessDenied.jsp"/>
+            </bean>
+        </property>
+    </bean>
+
+    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+        <property name="allowIfAllAbstainDecisions" value="false"/>
+        <property name="decisionVoters">
+            <list>
+                <bean class="org.springframework.security.access.vote.RoleVoter"/>
+                <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
+            </list>
+        </property>
+    </bean>
+
+    <bean id="filterInvocationInterceptor" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
+        <property name="authenticationManager" ref="authenticationManager"/>
+        <property name="accessDecisionManager" ref="accessDecisionManager"/>
+        <property name="objectDefinitionSource">
+            <value><![CDATA[
+                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+                PATTERN_TYPE_APACHE_ANT
+                /secure/extreme/**=ROLE_SUPERVISOR
+                /secure/**=IS_AUTHENTICATED_REMEMBERED
+                /**=IS_AUTHENTICATED_ANONYMOUSLY
+            ]]></value>
+        </property>
+    </bean>
+
+    <bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
+        <property name="userDetailsService" ref="userDetailsService"/>
+        <property name="key" value="changeThis"/>
+    </bean>
+
+    <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
+        <property name="providers">
+            <list>
+                <ref local="daoAuthenticationProvider"/>
+                <bean class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
+                    <property name="key" value="changeThis"/>
+                </bean>
+                <bean class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationProvider">
+                    <property name="key" value="changeThis"/>
+                </bean>
+            </list>
+        </property>
+    </bean>
+
+    <bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
+        <property name="userDetailsService" ref="userDetailsService"/>
+    </bean>
+
+    <!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
+    <bean id="userDetailsService" class="org.springframework.security.core.userdetails.memory.InMemoryDaoImpl">
+        <property name="userProperties">
+            <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+                <property name="location" value="/WEB-INF/users.properties"/>
+            </bean>
+        </property>
+    </bean>
+
+    <!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
+    <bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
+
+    <bean id="daacc" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>
+
+    <bean id="attributes" class="org.springframework.security.access.annotation.SecurityAnnotationAttributes"/>
+
+    <bean id="securityMetadataSource" class="org.springframework.security.access.intercept.method.MethodDefinitionAttributes">
+        <property name="attributes"><ref local="attributes"/></property>
+    </bean>
+
+    <bean id="securityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
+        <property name="authenticationManager"><ref local="authenticationManager"/></property>
+        <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
+        <property name="securityMetadataSource">
+            <ref local="securityMetadataSource"/>
+        </property>
+    </bean>
+
+</beans>

sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml

@@ -62,7 +62,7 @@
       - context. Optional unless concurrent session control is being used.
       -->
     <listener>
-        <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
+        <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
     </listener>
 
   <!--