diff --git a/sandbox/heavyduty/src/main/java/heavyduty/web/TestMultiActionController.java b/sandbox/heavyduty/src/main/java/heavyduty/web/TestMultiActionController.java
new file mode 100644
index 0000000000..9315cca8b1
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/heavyduty/web/TestMultiActionController.java
@@ -0,0 +1,44 @@
+package heavyduty.web;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.bind.ServletRequestBindingException;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
+
+/**
+ * Reproduces SEC-830.
+ */
+public class TestMultiActionController extends MultiActionController {
+	public static final String VIEW_NAME = "multi-action-test";
+	
+	public String login(HttpServletRequest request, HttpServletResponse response) {
+		return "login";
+	}
+		
+	public void step1(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+		request.getRequestDispatcher("/testMulti.htm?action=step1xtra").forward(request, response);
+	}
+
+	public ModelAndView step1xtra(HttpServletRequest request, HttpServletResponse response) throws ServletRequestBindingException {
+		return createView("step2");
+	}	
+	
+	public ModelAndView step2(HttpServletRequest request, HttpServletResponse response) throws ServletRequestBindingException {
+		return createView("step1");
+	}
+	
+	private ModelAndView createView(String name) {
+		Map model = new HashMap();
+		model.put("nextAction", name);
+		return new ModelAndView(VIEW_NAME, model);
+	}
+	
+}
+
diff --git a/sandbox/heavyduty/src/main/java/sample/TestVoter.java b/sandbox/heavyduty/src/main/java/sample/TestVoter.java
new file mode 100644
index 0000000000..df4d20c82f
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/sample/TestVoter.java
@@ -0,0 +1,30 @@
+package sample;
+
+import java.lang.annotation.Annotation;
+
+import org.aopalliance.intercept.MethodInvocation;
+import org.springframework.security.Authentication;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.vote.AccessDecisionVoter;
+
+public class TestVoter implements AccessDecisionVoter {
+
+	public boolean supports(ConfigAttribute attribute) {
+		return true;
+	}
+
+	public boolean supports(Class clazz) {
+		return MethodInvocation.class.isAssignableFrom(clazz);
+	}
+
+	public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+		MethodInvocation mi = (MethodInvocation) object;
+		
+		Annotation[][] annotations = mi.getMethod().getParameterAnnotations();
+		
+
+		return ACCESS_GRANTED;
+	}
+
+}
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl b/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl
new file mode 100644
index 0000000000..671752513d
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl
@@ -0,0 +1,22 @@
+<html>
+  <head>
+    <title>Spring Security Login</title>
+  </head>
+
+  <body onload="document.f.j_username.focus();">
+    <h1>Spring Security Login (Freemarker)</h1>
+
+    <form name="f" action="j_spring_security_check" method="POST">
+      <table>
+        <tr><td>User:</td><td><input type='text' name='j_username' value=''/></td></tr>
+        <tr><td>Password:</td><td><input type='password' name='j_password' value=''/></td></tr>
+        <tr><td><input type="checkbox" name="_spring_security_remember_me"/></td><td>Don't ask for my password for two weeks</td></tr>
+
+        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
+        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
+      </table>
+
+    </form>
+
+  </body>
+</html>
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/multi-action-test.ftl b/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/multi-action-test.ftl
new file mode 100644
index 0000000000..bac2503081
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/multi-action-test.ftl
@@ -0,0 +1,13 @@
+
+<html>
+	<head>
+        <title>MultiActionController Test</title>
+	</head>
+	<body>
+
+    <form action="testMulti.htm">
+        <input name="action" value="${nextAction}" type="text"/>
+        <input  type='submit' value='submit' />
+    </form>
+    </body>
+</html>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/context.jsp b/sandbox/heavyduty/src/main/webapp/context.jsp
new file mode 100644
index 0000000000..bcd5c6fe0f
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/context.jsp
@@ -0,0 +1,29 @@
+<%@page import="org.springframework.web.context.support.WebApplicationContextUtils"%>
+<%@page import="org.springframework.security.providers.ldap.LdapAuthenticationProvider"%>
+<%@page import="org.springframework.security.providers.ProviderManager"%>
+
+<html>
+<body>
+<h1>Context Information Page</h1>
+<p>
+LdapAuthenticationProvider instances: <br/>
+
+<%=
+WebApplicationContextUtils.getRequiredWebApplicationContext(
+        session.getServletContext()).getBeansOfType(LdapAuthenticationProvider.class)
+%>
+</p>
+
+<p>
+Providers: <br />
+
+<%=
+((ProviderManager)WebApplicationContextUtils.getRequiredWebApplicationContext(
+        session.getServletContext()).getBean("_authenticationManager")).getProviders() %>
+</p>
+
+
+
+<p><a href="/index.jsp">Home</a></p>
+</body>
+</html>
\ No newline at end of file