Minor portlet-related changes suggested by John Lewis: Javadoc and default values of booleans.

core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java

@@ -117,7 +117,7 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
     /** 
      * If true, causes the provider to throw a BadCredentialsException if the presented authentication 
      * request is invalid (contains a null principal or credentials). Otherwise it will just return 
-     * null.  
+     * null. Defaults to false.
      */    
     public void setThrowExceptionWhenTokenRejected(boolean throwExceptionWhenTokenRejected) {
         this.throwExceptionWhenTokenRejected = throwExceptionWhenTokenRejected;

portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingFilterEntryPoint.java

@@ -1,36 +0,0 @@
-/*
- * Copyright 2005-2007 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.ui.portlet;
-
-import org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint;
-
-/**
- * <p>In the case of relying on Portlet authentication to access Servlet resources
- * (such as embedded images or AJAX calls), the authentication should already
- * be in place by the time the security enforcement takes place.
- * So, if this class is ever called, then portlet-based authentication has
- * already failed.  Therefore the <code>commence</code> method in this case will
- * always return <code>HttpServletResponse.SC_FORBIDDEN</code> (HTTP 403 error).
- *
- * @see org.springframework.security.ui.ExceptionTranslationFilter
- * @author John A. Lewis
- * @since 2.0
- * @version $Id$
- */
-public class PortletProcessingFilterEntryPoint extends PreAuthenticatedProcessingFilterEntryPoint {
-
-}

portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingInterceptor.java

@@ -95,7 +95,7 @@ public class PortletProcessingInterceptor implements HandlerInterceptor, Initial
 	
 	private AuthenticationDetailsSource authenticationDetailsSource;
 	
-	private boolean useAuthTypeAsCredentials = true;
+	private boolean useAuthTypeAsCredentials = false;
 
 	public PortletProcessingInterceptor() {
 	    authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
@@ -311,7 +311,9 @@ public class PortletProcessingInterceptor implements HandlerInterceptor, Initial
     }
 
     /**
-     *  
+     * It true, the "authType" proerty of the <tt>PortletRequest</tt> will be used as the credentials.
+     * Defaults to false.
+     * 
      * @param useAuthTypeAsCredentials
      */
 	public void setUseAuthTypeAsCredentials(boolean useAuthTypeAsCredentials) {