SEC-562: Changing constants and key names.

19 years ago · 18c8ba4ac2
34 changed files with 120 additions and 120 deletions
--- a/core/src/main/java/org/springframework/security/context/HttpSessionContextIntegrationFilter.java
+++ b/core/src/main/java/org/springframework/security/context/HttpSessionContextIntegrationFilter.java
@ -106,7 +106,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
    static final String FILTER_APPLIED = "__acegi_session_integration_filter_applied";
-    public static final String ACEGI_SECURITY_CONTEXT_KEY = "ACEGI_SECURITY_CONTEXT";
+    public static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
    //~ Instance fields ================================================================================================
@ -224,7 +224,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
            }
        } else {
            if (logger.isDebugEnabled()) {
-                logger.debug("Obtained a valid SecurityContext from ACEGI_SECURITY_CONTEXT to "
+                logger.debug("Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT to "
                        + "associate with SecurityContextHolder: '" + contextBeforeChainExecution + "'");
            }
        }
@ -293,11 +293,11 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
        // Session exists, so try to obtain a context from it.
-        Object contextFromSessionObject = httpSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY);
+        Object contextFromSessionObject = httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY);
        if (contextFromSessionObject == null) {
            if (logger.isDebugEnabled()) {
-                logger.debug("HttpSession returned null object for ACEGI_SECURITY_CONTEXT");
+                logger.debug("HttpSession returned null object for SPRING_SECURITY_CONTEXT");
            }
            return null;
@ -323,7 +323,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
        if (!(contextFromSessionObject instanceof SecurityContext)) {
            if (logger.isWarnEnabled()) {
-                logger.warn("ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
+                logger.warn("SPRING_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
                        + contextFromSessionObject
                        + "'; are you improperly modifying the HttpSession directly "
                        + "(you should always use SecurityContextHolder) or using the HttpSession attribute "
@ -405,7 +405,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
        // If HttpSession exists, store current SecurityContextHolder contents but only if
        // the SecurityContext has actually changed (see JIRA SEC-37)
        if (httpSession != null && securityContext.hashCode() != contextHashBeforeChainExecution) {
-            httpSession.setAttribute(ACEGI_SECURITY_CONTEXT_KEY, securityContext);
+            httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext);
            if (logger.isDebugEnabled()) {
                logger.debug("SecurityContext stored to HttpSession: '" + securityContext + "'");
--- a/core/src/main/java/org/springframework/security/providers/jaas/JaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/providers/jaas/JaasAuthenticationProvider.java
@ -321,7 +321,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
     */
    protected void handleLogout(HttpSessionDestroyedEvent event) {
        SecurityContext context = (SecurityContext)
-                event.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY);
+                event.getSession().getAttribute(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY);
        if (context == null) {
            log.debug("The destroyed session has no SecurityContext");
--- a/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
@ -71,7 +71,7 @@ import javax.servlet.http.HttpSession;
 * <p>
 * If authentication fails, the <code>AuthenticationException</code> will be
 * placed into the <code>HttpSession</code> with the attribute defined by
- * {@link #ACEGI_SECURITY_LAST_EXCEPTION_KEY}.
+ * {@link #SPRING_SECURITY_LAST_EXCEPTION_KEY}.
 * </p>
 * <p>
 * To use this filter, it is necessary to specify the following properties:
@ -79,7 +79,7 @@ import javax.servlet.http.HttpSession;
 * <ul>
 * <li><code>defaultTargetUrl</code> indicates the URL that should be used
 * for redirection if the <code>HttpSession</code> attribute named
- * {@link #ACEGI_SAVED_REQUEST_KEY} does not indicate the target URL once
+ * {@link #SPRING_SECURITY_SAVED_REQUEST_KEY} does not indicate the target URL once
 * authentication is completed successfully. eg: <code>/</code>. The
 * <code>defaultTargetUrl</code> will be treated as relative to the web-app's
 * context path, and should include the leading <code>/</code>.
@ -93,7 +93,7 @@ import javax.servlet.http.HttpSession;
 * <li><code>alwaysUseDefaultTargetUrl</code> causes successful
 * authentication to always redirect to the <code>defaultTargetUrl</code>,
 * even if the <code>HttpSession</code> attribute named {@link
- * #ACEGI_SAVED_REQUEST_KEY} defines the intended target URL.</li>
+ * # SPRING_SECURITY_SAVED_REQUEST_KEY} defines the intended target URL.</li>
 * </ul>
 * <p>
 * To configure this filter to redirect to specific pages as the result of
@ -143,9 +143,9 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 		MessageSourceAware {
 	//~ Static fields/initializers =====================================================================================
-	public static final String ACEGI_SAVED_REQUEST_KEY = "ACEGI_SAVED_REQUEST_KEY";
+	public static final String SPRING_SECURITY_SAVED_REQUEST_KEY = "SPRING_SECURITY_SAVED_REQUEST_KEY";
-	public static final String ACEGI_SECURITY_LAST_EXCEPTION_KEY = "ACEGI_SECURITY_LAST_EXCEPTION";
+	public static final String SPRING_SECURITY_LAST_EXCEPTION_KEY = "SPRING_SECURITY_LAST_EXCEPTION";
 	//~ Instance fields ================================================================================================
@ -168,7 +168,7 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 	/**
 	 * Where to redirect the browser to if authentication is successful but
-	 * ACEGI_SAVED_REQUEST_KEY is <code>null</code>
+	 * SPRING_SECURITY_SAVED_REQUEST_KEY is <code>null</code>
 	 */
 	private String defaultTargetUrl;
@ -349,7 +349,7 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 	}
 	public static String obtainFullRequestUrl(HttpServletRequest request) {
-		SavedRequest savedRequest = (SavedRequest) request.getSession().getAttribute(ACEGI_SAVED_REQUEST_KEY);
+		SavedRequest savedRequest = (SavedRequest) request.getSession().getAttribute(SPRING_SECURITY_SAVED_REQUEST_KEY);
 		return (savedRequest == null) ? null : savedRequest.getFullRequestUrl();
 	}
@ -575,7 +575,7 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 		}
 		try {
-			request.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY, failed);
+			request.getSession().setAttribute(SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
 		}
 		catch (Exception ignored) {
 		}
--- a/core/src/main/java/org/springframework/security/ui/AccessDeniedHandlerImpl.java
+++ b/core/src/main/java/org/springframework/security/ui/AccessDeniedHandlerImpl.java
@ -36,7 +36,7 @@ import javax.servlet.http.HttpServletResponse;
 * "forward" to the specified error page view. Being a "forward", the <code>SecurityContextHolder</code> will remain
 * populated. This is of benefit if the view (or a tag library or macro) wishes to access the
 * <code>SecurityContextHolder</code>. The request scope will also be populated with the exception itself, available
- * from the key {@link #ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY}.</p>
+ * from the key {@link #SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY}.</p>
 *
 * @author Ben Alex
 * @version $Id$
@ -44,7 +44,7 @@ import javax.servlet.http.HttpServletResponse;
 public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
    //~ Static fields/initializers =====================================================================================
-    public static final String ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY = "ACEGI_SECURITY_403_EXCEPTION";
+    public static final String SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY = "SPRING_SECURITY_403_EXCEPTION";
    protected static final Log logger = LogFactory.getLog(AccessDeniedHandlerImpl.class);
    //~ Instance fields ================================================================================================
@ -57,7 +57,7 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
        throws IOException, ServletException {
        if (errorPage != null) {
            // Put exception into request scope (perhaps of use to a view)
-            ((HttpServletRequest) request).setAttribute(ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY,
+            ((HttpServletRequest) request).setAttribute(SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY,
                accessDeniedException);
            // Perform RequestDispatcher "forward"
--- a/core/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java
@ -216,7 +216,7 @@ public class ExceptionTranslationFilter implements Filter, InitializingBean {
 		if (createSessionAllowed) {
 			// Store the HTTP request itself. Used by AbstractProcessingFilter
 			// for redirection after successful authentication (SEC-29)
-			httpRequest.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY, savedRequest);
+			httpRequest.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY, savedRequest);
 		}
 		// SEC-112: Clear the SecurityContextHolder's Authentication, as the
--- a/core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java
+++ b/core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java
@ -104,7 +104,7 @@ import org.springframework.web.bind.RequestUtils;
 public class TokenBasedRememberMeServices implements RememberMeServices, InitializingBean, LogoutHandler {
 	//~ Static fields/initializers =====================================================================================
-	public static final String ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY = "ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE";
+	public static final String SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY = "SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE";
 	public static final String DEFAULT_PARAMETER = "_acegi_security_remember_me";
@ -124,7 +124,7 @@ public class TokenBasedRememberMeServices implements RememberMeServices, Initial
 	private boolean alwaysRemember = false;
-	private String cookieName = ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY;
+	private String cookieName = SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY;
 	//~ Methods ========================================================================================================
--- a/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java
@ -104,7 +104,7 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
    // ~ Static fields/initializers
    // =============================================
-    public static final String ACEGI_SECURITY_SWITCH_USERNAME_KEY = "j_username";
+    public static final String SPRING_SECURITY_SWITCH_USERNAME_KEY = "j_username";
    public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR";
    //~ Instance fields ================================================================================================
@ -197,7 +197,7 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
        throws AuthenticationException {
        UsernamePasswordAuthenticationToken targetUserRequest = null;
-        String username = request.getParameter(ACEGI_SECURITY_SWITCH_USERNAME_KEY);
+        String username = request.getParameter(SPRING_SECURITY_SWITCH_USERNAME_KEY);
        if (username == null) {
            username = "";
--- a/core/src/main/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilter.java
@ -32,7 +32,7 @@ import javax.servlet.http.HttpServletRequest;
 * Processes an authentication form.
 * <p>Login forms must present two parameters to this filter: a username and
 * password. The default parameter names to use are contained in the
- * static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY} and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.
+ * static fields {@link #SPRING_SECURITY_FORM_USERNAME_KEY} and {@link #SPRING_SECURITY_FORM_PASSWORD_KEY}.
 * The parameter names can also be changed by setting the <tt>usernameParameter</tt> and <tt>passwordParameter</tt>
 * properties.
 * </p>
@ -47,12 +47,12 @@ import javax.servlet.http.HttpServletRequest;
 public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
    //~ Static fields/initializers =====================================================================================
-    public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "j_username";
+    public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";
-    public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
+    public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";
-    public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
+    public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SECURITY_SECURITY_LAST_USERNAME";
-    private String usernameParameter = ACEGI_SECURITY_FORM_USERNAME_KEY;
+    private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;
-    private String passwordParameter = ACEGI_SECURITY_FORM_PASSWORD_KEY;
+    private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;
    //~ Methods ========================================================================================================
@ -73,7 +73,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
        // Place the last username attempted into HttpSession for views
-        request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY, username);
+        request.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY, username);
        // Allow subclasses to set the "details" property
        setDetails(request, authRequest);
--- a/core/src/main/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilter.java
@ -39,8 +39,8 @@ import javax.servlet.http.HttpServletResponse;
 * next paragraph). This allows applications to optionally function even when their Siteminder infrastructure is
 * unavailable, as is often the case during development.</p>
 *  <P><B>Login forms</B> must present two <B>parameters</B> to this filter: a username and password. If not
- * specified, the parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY}
+ * specified, the parameter names to use are contained in the static fields {@link #SPRING_SECURITY_FORM_USERNAME_KEY}
- * and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p>
+ * and {@link #SPRING_SECURITY_FORM_PASSWORD_KEY}.</p>
 *  <P><B>Do not use this class directly.</B> Instead, configure <code>web.xml</code> to use the {@link
 * org.springframework.security.util.FilterToBeanProxy}.</p>
 */
@ -101,7 +101,7 @@ public class SiteminderAuthenticationProcessingFilter extends AuthenticationProc
            if ((formUsernameParameterKey != null) && (formUsernameParameterKey.length() > 0)) {
                username = request.getParameter(formUsernameParameterKey);
            } else {
-                username = request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
+                username = request.getParameter(SPRING_SECURITY_FORM_USERNAME_KEY);
            }
            password = obtainPassword(request);
@ -130,7 +130,7 @@ public class SiteminderAuthenticationProcessingFilter extends AuthenticationProc
        setDetails(request, authRequest);
        // Place the last username attempted into HttpSession for views
-        request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY, username);
+        request.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY, username);
        return this.getAuthenticationManager().authenticate(authRequest);
    }
@ -184,7 +184,7 @@ public class SiteminderAuthenticationProcessingFilter extends AuthenticationProc
        if ((formPasswordParameterKey != null) && (formPasswordParameterKey.length() > 0)) {
            return request.getParameter(formPasswordParameterKey);
        } else {
-            return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
+            return request.getParameter(SPRING_SECURITY_FORM_PASSWORD_KEY);
        }
    }
@ -209,7 +209,7 @@ public class SiteminderAuthenticationProcessingFilter extends AuthenticationProc
        //is present and user is not already authenticated.
        boolean bAuthenticated = false;
        SecurityContext context = (SecurityContext)
-                request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY);
+                request.getSession().getAttribute(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY);
        if (context != null) {
            Authentication auth = context.getAuthentication();
--- a/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilter.java
@ -206,6 +206,6 @@ public class X509ProcessingFilter implements Filter, InitializingBean, Applicati
            logger.debug("Updated SecurityContextHolder to contain null Authentication");
        }
-        request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY, failed);
+        request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
    }
 }
--- a/core/src/main/java/org/springframework/security/wrapper/SavedRequestAwareWrapper.java
+++ b/core/src/main/java/org/springframework/security/wrapper/SavedRequestAwareWrapper.java
@ -90,7 +90,7 @@ public class SavedRequestAwareWrapper extends SecurityContextHolderAwareRequestW
            return;
        }
-        SavedRequest saved = (SavedRequest) session.getAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY);
+        SavedRequest saved = (SavedRequest) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY);
        if ((saved != null) && saved.doesRequestMatch(request, portResolver)) {
            if (logger.isDebugEnabled()) {
@ -98,7 +98,7 @@ public class SavedRequestAwareWrapper extends SecurityContextHolderAwareRequestW
            }
            savedRequest = saved;
-            session.removeAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY);
+            session.removeAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY);
            formats[0] = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
            formats[1] = new SimpleDateFormat("EEEEEE, dd-MMM-yy HH:mm:ss zzz", Locale.US);
--- a/core/src/test/java/org/springframework/security/context/HttpSessionContextIntegrationFilterTests.java
+++ b/core/src/test/java/org/springframework/security/context/HttpSessionContextIntegrationFilterTests.java
@ -118,7 +118,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 		// Build a mock request
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.getSession().setAttribute(
-				HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY,
+				HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY,
 				sc);
 		MockHttpServletResponse response = new MockHttpServletResponse();
@ -170,7 +170,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 		// Build a mock request
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.getSession().setAttribute(
-				HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY,
+				HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY,
 				sc);
 		MockHttpServletResponse response = new MockHttpServletResponse();
@ -188,7 +188,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 		// Obtain new/update Authentication from HttpSession
 		SecurityContext context = (SecurityContext) request.getSession().getAttribute(
-						HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY);
+						HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY);
 		assertEquals(updatedPrincipal, ((SecurityContext) context).getAuthentication());
 	}
@ -214,7 +214,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 		// Obtain new/updated Authentication from HttpSession
 		SecurityContext context = (SecurityContext) request.getSession(false).getAttribute(
-						HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY);
+						HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY);
 		assertEquals(updatedPrincipal, ((SecurityContext) context).getAuthentication());
 	}
@ -268,7 +268,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 		// Build a mock request
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.getSession().setAttribute(
-				HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY,
+				HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY,
 				"NOT_A_CONTEXT_OBJECT");
 		MockHttpServletResponse response = new MockHttpServletResponse();
@ -284,7 +284,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 		// Obtain new/update Authentication from HttpSession
 		SecurityContext context = (SecurityContext) request.getSession().getAttribute(
-						HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY);
+						HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY);
 		assertEquals(updatedPrincipal, ((SecurityContext) context).getAuthentication());
 	}
@ -302,7 +302,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.getSession().setAttribute(
-				HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY,
+				HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY,
 				sc);
 		MockHttpServletResponse response = new MockHttpServletResponse();
--- a/core/src/test/java/org/springframework/security/providers/jaas/JaasAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/providers/jaas/JaasAuthenticationProviderTests.java
@ -214,7 +214,7 @@ public class JaasAuthenticationProviderTests extends TestCase {
        context.setAuthentication(token);
        MockHttpSession mockSession = new MockHttpSession();
-        mockSession.setAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY, context);
+        mockSession.setAttribute(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY, context);
        jaasProvider.onApplicationEvent(new HttpSessionDestroyedEvent(mockSession));
--- a/core/src/test/java/org/springframework/security/ui/AbstractProcessingFilterTests.java
+++ b/core/src/test/java/org/springframework/security/ui/AbstractProcessingFilterTests.java
@ -376,7 +376,7 @@ public class AbstractProcessingFilterTests extends TestCase {
        throws Exception {
        // Setup our HTTP request
        MockHttpServletRequest request = createMockRequest();
-        request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
+        request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
        // Setup our filter configuration
        MockFilterConfig config = new MockFilterConfig(null, null);
@ -402,7 +402,7 @@ public class AbstractProcessingFilterTests extends TestCase {
    public void testSuccessfulAuthenticationCausesRedirectToSessionSpecifiedUrl() throws Exception {
        // Setup our HTTP request
        MockHttpServletRequest request = createMockRequest();
-        request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
+        request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
        // Setup our filter configuration
        MockFilterConfig config = new MockFilterConfig(null, null);
--- a/core/src/test/java/org/springframework/security/ui/ExceptionTranslationFilterTests.java
+++ b/core/src/test/java/org/springframework/security/ui/ExceptionTranslationFilterTests.java
@ -128,7 +128,7 @@ public class ExceptionTranslationFilterTests extends TestCase {
 		filter.doFilter(request, response, chain);
 		assertEquals(403, response.getStatus());
 		assertEquals(AccessDeniedException.class, request.getAttribute(
-				AccessDeniedHandlerImpl.ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY).getClass());
+				AccessDeniedHandlerImpl.SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY).getClass());
 	}
 	public void testDoFilterWithNonHttpServletRequestDetected() throws Exception {
--- a/core/src/test/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServicesTests.java
+++ b/core/src/test/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServicesTests.java
@ -105,7 +105,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        assertNull(result);
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
        assertNull(returnedCookie); // shouldn't try to invalidate our cookie
    }
@ -126,7 +126,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        assertNull(result);
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
        assertNull(returnedCookie); // shouldn't try to invalidate our cookie
    }
@ -139,7 +139,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        services.setUserDetailsService(new MockAuthenticationDao(user, false));
       // services.afterPropertiesSet();
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                generateCorrectCookieContentForToken(System.currentTimeMillis() - 1000000, "someone", "password", "key"));
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setCookies(new Cookie[] {cookie});
@ -150,7 +150,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        assertNull(result);
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
        assertNotNull(returnedCookie);
        assertEquals(0, returnedCookie.getMaxAge());
    }
@ -165,7 +165,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        services.setUserDetailsService(new MockAuthenticationDao(user, false));
        //services.afterPropertiesSet();
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                new String(Base64.encodeBase64("x".getBytes())));
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setCookies(new Cookie[] {cookie});
@ -176,7 +176,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        assertNull(result);
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
        assertNotNull(returnedCookie);
        assertEquals(0, returnedCookie.getMaxAge());
    }
@ -190,7 +190,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        services.setUserDetailsService(new MockAuthenticationDao(user, false));
       //services.afterPropertiesSet();
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                "NOT_BASE_64_ENCODED");
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setCookies(new Cookie[] {cookie});
@ -201,7 +201,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        assertNull(result);
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
        assertNotNull(returnedCookie);
        assertEquals(0, returnedCookie.getMaxAge());
    }
@ -216,7 +216,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        services.setUserDetailsService(new MockAuthenticationDao(user, false));
        //services.afterPropertiesSet();
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password",
                    "WRONG_KEY"));
        MockHttpServletRequest request = new MockHttpServletRequest();
@ -228,7 +228,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        assertNull(result);
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
        assertNotNull(returnedCookie);
        assertEquals(0, returnedCookie.getMaxAge());
    }
@ -243,7 +243,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        services.setUserDetailsService(new MockAuthenticationDao(user, false));
        //services.afterPropertiesSet();
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                new String(Base64.encodeBase64("username:NOT_A_NUMBER:signature".getBytes())));
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setCookies(new Cookie[] {cookie});
@ -254,7 +254,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        assertNull(result);
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
        assertNotNull(returnedCookie);
        assertEquals(0, returnedCookie.getMaxAge());
    }
@ -265,7 +265,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        services.setUserDetailsService(new MockAuthenticationDao(null, true));
        //services.afterPropertiesSet();
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password", "key"));
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setCookies(new Cookie[] {cookie});
@ -276,7 +276,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        assertNull(result);
-        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie returnedCookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
        assertNotNull(returnedCookie);
        assertEquals(0, returnedCookie.getMaxAge());
    }
@ -290,7 +290,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        services.setUserDetailsService(new MockAuthenticationDao(user, false));
       // services.afterPropertiesSet();
-        Cookie cookie = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
+        Cookie cookie = new Cookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
                generateCorrectCookieContentForToken(System.currentTimeMillis() + 1000000, "someone", "password", "key"));
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setCookies(new Cookie[] {cookie});
@ -330,7 +330,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
        MockHttpServletResponse response = new MockHttpServletResponse();
        services.loginFail(request, response);
-        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
        assertNotNull(cookie);
        assertEquals(0, cookie.getMaxAge());
    }
@ -346,7 +346,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
            new TestingAuthenticationToken("someone", "password",
                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ABC")}));
-        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
        assertNull(cookie);
    }
@ -361,7 +361,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
            new TestingAuthenticationToken("someone", "password",
                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ABC")}));
-        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
        assertNotNull(cookie);
        assertEquals(services.getTokenValiditySeconds(), cookie.getMaxAge());
        assertTrue(Base64.isArrayByteBase64(cookie.getValue().getBytes()));
@ -381,7 +381,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
            new TestingAuthenticationToken(user, "ignored",
                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ABC")}));
-        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
+        Cookie cookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY);
        assertNotNull(cookie);
        assertEquals(services.getTokenValiditySeconds(), cookie.getMaxAge());
        assertTrue(Base64.isArrayByteBase64(cookie.getValue().getBytes()));
--- a/core/src/test/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilterTests.java
+++ b/core/src/test/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilterTests.java
@ -80,7 +80,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
        SecurityContextHolder.getContext().setAuthentication(auth);
        MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "user-that-doesnt-exist");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "user-that-doesnt-exist");
        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
@ -101,7 +101,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
        MockHttpServletRequest request = new MockHttpServletRequest();
        // this user is disabled
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "mcgarrett");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "mcgarrett");
        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
@ -124,7 +124,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
        MockHttpServletRequest request = new MockHttpServletRequest();
        // this user is disabled
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "wofat");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "wofat");
        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
@ -147,7 +147,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
        MockHttpServletRequest request = new MockHttpServletRequest();
        // this user is disabled
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "steve");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "steve");
        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
@ -167,7 +167,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
        SecurityContextHolder.getContext().setAuthentication(auth);
        MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
@ -183,7 +183,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
        MockHttpServletRequest request = new MockHttpServletRequest();
        String username = null;
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, username);
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, username);
        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
@ -304,7 +304,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
        SecurityContextHolder.getContext().setAuthentication(auth);
        MockHttpServletRequest request = createMockSwitchRequest();
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
        request.setRequestURI("/webapp/j_acegi_switch_user");
        MockHttpServletResponse response = new MockHttpServletResponse();
@ -351,7 +351,7 @@ public class SwitchUserProcessingFilterTests extends TestCase {
        // http request
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setRequestURI("/webapp/j_acegi_switch_user");
-        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
+        request.addParameter(SwitchUserProcessingFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
        // http response
        MockHttpServletResponse response = new MockHttpServletResponse();
--- a/core/src/test/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilterTests.java
+++ b/core/src/test/java/org/springframework/security/ui/webapp/AuthenticationProcessingFilterTests.java
@ -52,8 +52,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
    public void testNormalOperation() throws Exception {
        MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
+        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "marissa");
-        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
+        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
        filter.setAuthenticationManager(new MockAuthenticationManager(true));
@ -66,7 +66,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
    public void testNullPasswordHandledGracefully() throws Exception {
        MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
+        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "marissa");
        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
        filter.setAuthenticationManager(new MockAuthenticationManager(true));
@ -78,7 +78,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
    public void testNullUsernameHandledGracefully() throws Exception {
        MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
+        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
        filter.setAuthenticationManager(new MockAuthenticationManager(true));
@ -106,8 +106,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
    public void testSpacesAreTrimmedCorrectlyFromUsername() throws Exception {
        MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, " marissa ");
+        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, " marissa ");
-        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
+        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
        filter.setAuthenticationManager(new MockAuthenticationManager(true));
--- a/core/src/test/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilterTests.java
+++ b/core/src/test/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilterTests.java
@ -103,8 +103,8 @@ public class SiteminderAuthenticationProcessingFilterTests extends TestCase {
     */
    public void testFormNormalOperation() throws Exception {
        MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(SiteminderAuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
+        request.addParameter(SiteminderAuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "marissa");
-        request.addParameter(SiteminderAuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
+        request.addParameter(SiteminderAuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
        MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
@ -124,7 +124,7 @@ public class SiteminderAuthenticationProcessingFilterTests extends TestCase {
     */
    public void testFormNullPasswordHandledGracefully() throws Exception {
        MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(SiteminderAuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
+        request.addParameter(SiteminderAuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "marissa");
        MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
@ -143,7 +143,7 @@ public class SiteminderAuthenticationProcessingFilterTests extends TestCase {
     */
    public void testFormNullUsernameHandledGracefully() throws Exception {
        MockHttpServletRequest request = new MockHttpServletRequest();
-        request.addParameter(SiteminderAuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
+        request.addParameter(SiteminderAuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
        MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
--- a/core/src/test/java/org/springframework/security/ui/x509/X509ProcessingFilterTests.java
+++ b/core/src/test/java/org/springframework/security/ui/x509/X509ProcessingFilterTests.java
@ -82,7 +82,7 @@ public class X509ProcessingFilterTests extends TestCase {
        filter.doFilter(request, response, chain);
        Object lastException = request.getSession()
-                                      .getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY);
+                                      .getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
        assertNull("Authentication should be null", SecurityContextHolder.getContext().getAuthentication());
        assertTrue("BadCredentialsException should have been thrown", lastException instanceof BadCredentialsException);
--- a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
+++ b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
@ -426,7 +426,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
 		authRequest.setDetails(new WebAuthenticationDetails(request));
 		// Place the last username attempted into HttpSession for views
-		session.setAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_USERNAME_KEY, authRequest.getName());
+		session.setAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY, authRequest.getName());
 		// Backup the current authentication in case of an AuthenticationException
 		backupAuth = SecurityContextHolder.getContext().getAuthentication();
--- a/portlet/src/main/java/org/springframework/security/context/PortletSessionContextIntegrationInterceptor.java
+++ b/portlet/src/main/java/org/springframework/security/context/PortletSessionContextIntegrationInterceptor.java
@ -101,7 +101,7 @@ public class PortletSessionContextIntegrationInterceptor
 	protected static final Log logger = LogFactory.getLog(PortletSessionContextIntegrationInterceptor.class);
-	public static final String ACEGI_SECURITY_CONTEXT_KEY = HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY;
+	public static final String SPRING_SECURITY_CONTEXT_KEY = HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY;
 	private static final String SESSION_EXISTED = PortletSessionContextIntegrationInterceptor.class.getName() + ".SESSION_EXISTED";
 	private static final String CONTEXT_HASHCODE = PortletSessionContextIntegrationInterceptor.class.getName() + ".CONTEXT_HASHCODE";
@ -238,7 +238,7 @@ public class PortletSessionContextIntegrationInterceptor
 			portletSessionExistedAtStartOfRequest = true;
 			// attempt to retrieve the context from the session
-			Object contextFromSessionObject = portletSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY, portletSessionScope());
+			Object contextFromSessionObject = portletSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY, portletSessionScope());
 			// if we got a context then place it into the holder
 			if (contextFromSessionObject != null) {
@ -262,12 +262,12 @@ public class PortletSessionContextIntegrationInterceptor
 				// if what we got is a valid context then place it into the holder, otherwise create a new one
 				if (contextFromSessionObject instanceof SecurityContext) {
 					if (logger.isDebugEnabled())
-						logger.debug("Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and "
+						logger.debug("Obtained from SPRING_SECURITY_CONTEXT a valid SecurityContext and "
 								+ "set to SecurityContextHolder: '" + contextFromSessionObject + "'");
 					SecurityContextHolder.setContext((SecurityContext) contextFromSessionObject);
 				} else {
 					if (logger.isWarnEnabled())
-						logger.warn("ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
+						logger.warn("SPRING_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
 										+ contextFromSessionObject
 										+ "'; are you improperly modifying the PortletSession directly "
 										+ "(you should always use SecurityContextHolder) or using the PortletSession attribute "
@ -280,7 +280,7 @@ public class PortletSessionContextIntegrationInterceptor
 				// there was no context in the session, so create a new context and put it in the holder
 				if (logger.isDebugEnabled())
-					logger.debug("PortletSession returned null object for ACEGI_SECURITY_CONTEXT - new "
+					logger.debug("PortletSession returned null object for SPRING_SECURITY_CONTEXT - new "
 							+ "SecurityContext instance associated with SecurityContextHolder");
 				SecurityContextHolder.setContext(generateNewContext());
 			}
@ -354,7 +354,7 @@ public class PortletSessionContextIntegrationInterceptor
 		// if the session exists and the context has changes, then store the context back into the session
 		if ((portletSession != null)
 			&& (SecurityContextHolder.getContext().hashCode() != oldContextHashCode)) {
-			portletSession.setAttribute(ACEGI_SECURITY_CONTEXT_KEY,	SecurityContextHolder.getContext(), portletSessionScope());
+			portletSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,	SecurityContextHolder.getContext(), portletSessionScope());
 			if (logger.isDebugEnabled())
 				logger.debug("SecurityContext stored to PortletSession: '"
 					+ SecurityContextHolder.getContext() + "'");
--- a/portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingInterceptor.java
+++ b/portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingInterceptor.java
@ -55,7 +55,7 @@ import org.springframework.web.portlet.ModelAndView;
 * is guaranteed to have already been created by an earlier interceptor.  If authentication
 * fails, the <code>AuthenticationException</code> will be placed into the
 * <code>APPLICATION_SCOPE</code> of the <code>PortletSession</code> with the attribute defined
- * by {@link AbstractProcessingFilter#ACEGI_SECURITY_LAST_EXCEPTION_KEY}.</p>
+ * by {@link AbstractProcessingFilter#SPRING_SECURITY_LAST_EXCEPTION_KEY}.</p>
 *
 *  <p>Some portals do not properly provide the identity of the current user via the
 * <code>getRemoteUser()</code> or <code>getUserPrincipal()</code> methods of the
@ -170,7 +170,7 @@ public class PortletProcessingInterceptor implements
 					logger.debug("Authentication failed - updating ContextHolder to contain null Authentication");
 				ctx.setAuthentication(null);
 				request.getPortletSession().setAttribute(
-						AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY,
+						AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY,
 						failed, PortletSession.APPLICATION_SCOPE);
 				onUnsuccessfulAuthentication(request, response, failed);
 			}
--- a/portlet/src/test/java/org/springframework/security/context/PortletSessionContextIntegrationInterceptorTests.java
+++ b/portlet/src/test/java/org/springframework/security/context/PortletSessionContextIntegrationInterceptorTests.java
@ -108,7 +108,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		MockRenderRequest request = PortletTestUtils.createRenderRequest();
 		MockRenderResponse response = PortletTestUtils.createRenderResponse();
 		request.getPortletSession().setAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				sc, PortletSession.APPLICATION_SCOPE);
 		// Prepare interceptor
@ -145,7 +145,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		MockActionRequest request = PortletTestUtils.createActionRequest();
 		MockActionResponse response = PortletTestUtils.createActionResponse();
 		request.getPortletSession().setAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				sc, PortletSession.APPLICATION_SCOPE);
 		// Prepare interceptor
@ -178,7 +178,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		MockActionRequest request = PortletTestUtils.createActionRequest();
 		MockActionResponse response = PortletTestUtils.createActionResponse();
 		request.getPortletSession().setAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				sc, PortletSession.APPLICATION_SCOPE);
 		// Prepare interceptor
@ -209,7 +209,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		// Verify the new principal is stored in the session
 		sc = (SecurityContext)request.getPortletSession().getAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				PortletSession.APPLICATION_SCOPE);
 		assertEquals(baselinePrincipal, sc.getAuthentication());
 	}
@ -232,7 +232,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		// Verify Authentication is in the PortletSession
 		SecurityContext sc = (SecurityContext)request.getPortletSession(false).
-				getAttribute(PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE);
+				getAttribute(PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE);
 		assertEquals(principal, ((SecurityContext)sc).getAuthentication());
 	}
@ -280,7 +280,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		MockActionRequest request = PortletTestUtils.createActionRequest();
 		MockActionResponse response = PortletTestUtils.createActionResponse();
 		request.getPortletSession().setAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				"NOT_A_CONTEXT_OBJECT", PortletSession.APPLICATION_SCOPE);
 		// Prepare the interceptor
@ -295,7 +295,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		// Verify Authentication is in the PortletSession
 		SecurityContext sc = (SecurityContext)request.getPortletSession(false).
-				getAttribute(PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE);
+				getAttribute(PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE);
 		assertEquals(principal, ((SecurityContext)sc).getAuthentication());
 	}
@ -334,7 +334,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		MockActionRequest request = PortletTestUtils.createActionRequest();
 		MockActionResponse response = PortletTestUtils.createActionResponse();
 		request.getPortletSession().setAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				sc, PortletSession.PORTLET_SCOPE);
 		// Prepare interceptor
@ -363,7 +363,7 @@ public class PortletSessionContextIntegrationInterceptorTests extends TestCase {
 		// Verify the new principal is stored in the session
 		sc = (SecurityContext)request.getPortletSession().getAttribute(
-				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,
+				PortletSessionContextIntegrationInterceptor.SPRING_SECURITY_CONTEXT_KEY,
 				PortletSession.PORTLET_SCOPE);
 		assertEquals(baselinePrincipal, sc.getAuthentication());
 	}
--- a/portlet/src/test/java/org/springframework/security/ui/portlet/PortletProcessingInterceptorTests.java
+++ b/portlet/src/test/java/org/springframework/security/ui/portlet/PortletProcessingInterceptorTests.java
@ -149,7 +149,7 @@ public class PortletProcessingInterceptorTests extends TestCase {
 		// Verify that proper exception was thrown
 		assertTrue(request.getPortletSession().getAttribute(
-					AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY,
+					AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY,
 					PortletSession.APPLICATION_SCOPE)
 					instanceof BadCredentialsException);
 	}
--- a/samples/contacts/src/main/webapp/accessDenied.jsp
+++ b/samples/contacts/src/main/webapp/accessDenied.jsp
@ -6,7 +6,7 @@
 <p>
-<%= request.getAttribute(AccessDeniedHandlerImpl.ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)%>
+<%= request.getAttribute(AccessDeniedHandlerImpl.SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)%>
 <p>
--- a/samples/contacts/src/main/webapp/acegilogin.jsp
+++ b/samples/contacts/src/main/webapp/acegilogin.jsp
@ -28,13 +28,13 @@
    <c:if test="${not empty param.login_error}">
      <font color="red">
        Your login attempt was not successful, try again.<BR><BR>
-        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
+        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
      </font>
    </c:if>
    <form action="<c:url value='j_acegi_security_check'/>" method="POST">
      <table>
-        <tr><td>User:</td><td><input type='text' name='j_username' <c:if test="${not empty param.login_error}">value='<%= session.getAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_USERNAME_KEY) %>'</c:if>></td></tr>
+        <tr><td>User:</td><td><input type='text' name='j_username' <c:if test="${not empty param.login_error}">value='<%= session.getAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY) %>'</c:if>></td></tr>
        <tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
        <tr><td><input type="checkbox" name="_acegi_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr>
--- a/samples/contacts/src/main/webapp/casfailed.jsp
+++ b/samples/contacts/src/main/webapp/casfailed.jsp
@ -12,7 +12,7 @@
      <font color="red">
        Your CAS credentials were rejected.<BR><BR>
-        Reason: <%= ((AuthenticationException) session.getAttribute(org.springframework.security.ui.AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
+        Reason: <%= ((AuthenticationException) session.getAttribute(org.springframework.security.ui.AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
      </font>
  </body>
--- a/samples/contacts/src/main/webapp/exitUser.jsp
+++ b/samples/contacts/src/main/webapp/exitUser.jsp
@ -17,7 +17,7 @@
    <c:if test="${not empty param.login_error}">
      <font color="red">
        Your 'Exit User' attempt was not successful, try again.<BR><BR>
-        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
+        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
      </font>
    </c:if>
--- a/samples/contacts/src/main/webapp/switchUser.jsp
+++ b/samples/contacts/src/main/webapp/switchUser.jsp
@ -26,7 +26,7 @@
    <c:if test="${not empty param.login_error}">
      <font color="red">
        Your 'su' attempt was not successful, try again.<BR><BR>
-        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
+        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
      </font>
    </c:if>
--- a/samples/tutorial/src/main/webapp/accessDenied.jsp
+++ b/samples/tutorial/src/main/webapp/accessDenied.jsp
@ -6,7 +6,7 @@
 <p>
-<%= request.getAttribute(AccessDeniedHandlerImpl.ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)%>
+<%= request.getAttribute(AccessDeniedHandlerImpl.SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY)%>
 <p>
--- a/samples/tutorial/src/main/webapp/acegilogin.jsp
+++ b/samples/tutorial/src/main/webapp/acegilogin.jsp
@ -25,7 +25,7 @@
    <c:if test="${not empty param.login_error}">
      <font color="red">
        Your login attempt was not successful, try again.<BR><BR>
-        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
+        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
      </font>
    </c:if>
--- a/sandbox/openid/src/main/java/org/springframework/security/ui/openid/OpenIDResponseProcessingFilter.java
+++ b/sandbox/openid/src/main/java/org/springframework/security/ui/openid/OpenIDResponseProcessingFilter.java
@ -58,7 +58,7 @@ public class OpenIDResponseProcessingFilter extends AbstractProcessingFilter {
        if (authentication.isAuthenticated()) {
            req.getSession()
-               .setAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_USERNAME_KEY, token.getIdentityUrl());
+               .setAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY, token.getIdentityUrl());
        }
        return authentication;
--- a/sandbox/openid/src/main/java/org/springframework/security/ui/openid/OpenIdAuthenticationProcessingFilter.java
+++ b/sandbox/openid/src/main/java/org/springframework/security/ui/openid/OpenIdAuthenticationProcessingFilter.java
@ -41,12 +41,12 @@ public class OpenIdAuthenticationProcessingFilter extends AbstractProcessingFilt
    //~ Static fields/initializers =====================================================================================
    private static final Log log = LogFactory.getLog(OpenIdAuthenticationProcessingFilter.class);
-    public static final String DEFAULT_CLAMED_IDENTITY_FIELD = "j_username";
+    public static final String DEFAULT_CLAIMED_IDENTITY_FIELD = "j_username";
    //~ Instance fields ================================================================================================
    private OpenIDConsumer consumer;
-    private String claimedIdentityFieldName = DEFAULT_CLAMED_IDENTITY_FIELD;
+    private String claimedIdentityFieldName = DEFAULT_CLAIMED_IDENTITY_FIELD;
    private String errorPage = "index.jsp";
    //~ Methods ========================================================================================================
@ -72,7 +72,7 @@ public class OpenIdAuthenticationProcessingFilter extends AbstractProcessingFilt
        if (authentication.isAuthenticated()) {
            req.getSession()
-                    .setAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_USERNAME_KEY, token.getIdentityUrl());
+                    .setAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY, token.getIdentityUrl());
        }
        return authentication;
@ -175,7 +175,7 @@ public class OpenIdAuthenticationProcessingFilter extends AbstractProcessingFilt
        }
        try {
-            request.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY, failed);
+            request.getSession().setAttribute(SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
        } catch (Exception ignored) {
        }