From 3f2b9cd6fb1098f712588d6419035757e5a3d812 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Wed, 3 Oct 2007 14:02:39 +0000 Subject: [PATCH] SEC-562: More changes of Acegi name in comments, docs etc. --- .../adapters/cas/CasPasswordHandlerProxy.java | 12 +- .../cas3/CasAuthenticationHandler.java | 8 +- .../adapters/cas3/applicationContext.xml | 4 +- adapters/cas/src/main/site/site.xml | 2 +- ...a => CatalinaSpringSecurityUserRealm.java} | 24 +- ...CatalinaSpringSecurityUserRealmTests.java} | 72 +-- ...va => JbossSpringSecurityLoginModule.java} | 14 +- .../jboss/JbossIntegrationFilterTests.java | 6 +- ... JbossSpringSecurityLoginModuleTests.java} | 48 +- ...java => JettySpringSecurityUserRealm.java} | 16 +- ...java => JettySpringSecurityUserToken.java} | 8 +- .../jetty/JettyAcegiUserRealmTests.java | 56 +- ...=> JettySpringSecurityUserTokenTests.java} | 23 +- .../resin/ResinAcegiAuthenticator.java | 16 +- .../resin/ResinAcegiAuthenticatorTests.java | 18 +- ....java => SpringSecurityMessageSource.java} | 15 +- ...GrantedAuthorityEffectiveAclsResolver.java | 2 +- .../adapters/AuthByAdapterProvider.java | 4 +- ... => PrincipalSpringSecurityUserToken.java} | 4 +- .../AclEntryAfterInvocationProvider.java | 4 +- .../BasicAclEntryAfterInvocationProvider.java | 4 +- .../ConcurrentSessionControllerImpl.java | 4 +- .../concurrent/SessionInformation.java | 8 +- .../AbstractSecurityInterceptor.java | 4 +- .../security/intercept/package.html | 10 +- .../web/FilterSecurityInterceptor.java | 2 +- .../ldap/DefaultInitialDirContextFactory.java | 4 +- .../ldap/SpringSecurityLdapTemplate.java | 2 +- .../org/springframework/security/package.html | 2 +- .../security/providers/ProviderManager.java | 4 +- .../AnonymousAuthenticationProvider.java | 4 +- .../cas/CasAuthenticationProvider.java | 4 +- .../cas/CasAuthoritiesPopulator.java | 4 +- .../providers/cas/StatelessTicketCache.java | 2 +- .../cas/proxy/NamedCasProxyDecider.java | 4 +- .../cas/proxy/RejectProxyTickets.java | 4 +- .../CasProxyTicketValidator.java | 6 +- ...ractUserDetailsAuthenticationProvider.java | 4 +- .../jaas/JaasAuthenticationProvider.java | 2 +- .../jaas/JaasNameCallbackHandler.java | 2 +- .../jaas/JaasPasswordCallbackHandler.java | 2 +- .../jaas/LoginExceptionResolver.java | 2 +- .../jaas/SecurityContextLoginModule.java | 17 +- .../AbstractLdapAuthenticator.java | 4 +- .../DefaultLdapAuthoritiesPopulator.java | 21 +- .../RememberMeAuthenticationProvider.java | 4 +- .../x509/X509AuthenticationProvider.java | 4 +- .../DaoX509AuthoritiesPopulator.java | 4 +- .../RunAsImplAuthenticationProvider.java | 4 +- .../security/taglibs/authz/AuthorizeTag.java | 2 +- .../security/taglibs/velocity/Authz.java | 2 +- .../security/ui/AbstractProcessingFilter.java | 4 +- .../security/ui/WebAuthenticationDetails.java | 2 +- .../ui/basicauth/BasicProcessingFilter.java | 2 +- .../security/ui/cas/ServiceProperties.java | 16 +- .../ui/digestauth/DigestProcessingFilter.java | 4 +- .../ui/rememberme/RememberMeServices.java | 12 +- .../TokenBasedRememberMeServices.java | 2 +- .../SwitchUserProcessingFilter.java | 6 +- ...eminderAuthenticationProcessingFilter.java | 12 +- .../x509/X509ProcessingFilterEntryPoint.java | 2 +- .../security/userdetails/UserDetails.java | 2 +- .../hierarchicalroles/RoleHierarchyImpl.java | 2 +- .../UserDetailsServiceWrapper.java | 4 +- .../hierarchicalroles/UserDetailsWrapper.java | 6 +- .../userdetails/jdbc/JdbcDaoImpl.java | 6 +- .../security/util/FilterInvocationUtils.java | 2 +- .../security/util/InMemoryResource.java | 2 +- .../security/util/MethodInvocationUtils.java | 4 +- .../security/util/package.html | 2 +- .../vote/AbstractAccessDecisionManager.java | 4 +- ...urityContextHolderAwareRequestWrapper.java | 2 +- .../security/wrapper/package.html | 4 +- .../security/messages_fr.properties | 2 +- .../providers/dao/jdbc/acegisecurity-jdbc.xml | 2 +- .../security/taglibs/authz.tld | 2 +- core/src/site/site.xml | 2 +- ... => SpringSecurityMessageSourceTests.java} | 14 +- .../security/adapters/AuthByAdapterTests.java | 8 +- .../HttpRequestIntegrationFilterTests.java | 8 +- ...rincipalSpringSecurityUserTokenTests.java} | 21 +- ...pSessionContextIntegrationFilterTests.java | 14 +- .../DefaultInitialDirContextFactoryTests.java | 14 +- .../security/ldap/LdapUtilsTests.java | 7 +- .../authenticator/BindAuthenticatorTests.java | 4 +- .../DigestProcessingFilterTests.java | 2 +- .../security/util/StringSplitUtilsTests.java | 8 +- jalopy.xml | 2 +- lib/clover/license.txt | 2 +- notice.txt | 11 +- .../ui/ntlm/NtlmProcessingFilter.java | 12 +- ...lmUsernamePasswordAuthenticationToken.java | 2 +- ntlm/web.xml | 14 +- readme.txt | 12 +- samples/contacts/client/client.properties | 2 +- .../contacts/src/main/webapp/WEB-INF/web.xml | 4 +- .../contacts/src/site/resources/sslhowto.txt | 10 +- .../tutorial/src/main/webapp/WEB-INF/web.xml | 4 +- .../security/util/package.html | 5 - src-readme.txt | 16 +- .../xsl/spring-security-docbook-fopdf.xsl | 2 +- src/docbkx/springsecurity.xml | 502 +++++++++--------- src/site/apt/index.apt | 48 +- src/site/apt/petclinic-tutorial.apt | 20 +- src/site/apt/suggested.apt | 20 +- src/site/resources/dbinit.txt | 6 +- src/site/site.xml | 10 +- src/site/xdoc/articles.xml | 10 +- src/site/xdoc/building.xml | 6 +- src/site/xdoc/changes.xml | 2 +- src/site/xdoc/downloads.xml | 12 +- src/site/xdoc/faq.xml | 2 +- src/site/xdoc/policies.xml | 4 +- src/site/xdoc/powering.xml | 14 +- src/site/xdoc/upgrade/upgrade-05-06.xml | 2 +- 115 files changed, 729 insertions(+), 739 deletions(-) rename adapters/catalina/src/main/java/org/springframework/security/adapters/catalina/{CatalinaAcegiUserRealm.java => CatalinaSpringSecurityUserRealm.java} (88%) rename adapters/catalina/src/test/java/org/springframework/security/adapters/catalina/{CatalinaAcegiUserRealmTests.java => CatalinaSpringSecurityUserRealmTests.java} (72%) rename adapters/jboss/src/main/java/org/springframework/security/adapters/jboss/{JbossAcegiLoginModule.java => JbossSpringSecurityLoginModule.java} (94%) rename adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/{JbossAcegiLoginModuleTests.java => JbossSpringSecurityLoginModuleTests.java} (86%) rename adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/{JettyAcegiUserRealm.java => JettySpringSecurityUserRealm.java} (88%) rename adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/{JettyAcegiUserToken.java => JettySpringSecurityUserToken.java} (83%) rename adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/{JettyAcegiUserTokenTests.java => JettySpringSecurityUserTokenTests.java} (76%) rename core/src/main/java/org/springframework/security/{AcegiMessageSource.java => SpringSecurityMessageSource.java} (65%) rename core/src/main/java/org/springframework/security/adapters/{PrincipalAcegiUserToken.java => PrincipalSpringSecurityUserToken.java} (88%) rename core/src/test/java/org/springframework/security/{AcegiMessageSourceTests.java => SpringSecurityMessageSourceTests.java} (79%) rename core/src/test/java/org/springframework/security/adapters/{PrincipalAcegiUserTokenTests.java => PrincipalSpringSecurityUserTokenTests.java} (76%) delete mode 100644 sandbox/spring-security-config/src/main/java/org/springframework/security/util/package.html diff --git a/adapters/cas/src/main/java/org/springframework/security/adapters/cas/CasPasswordHandlerProxy.java b/adapters/cas/src/main/java/org/springframework/security/adapters/cas/CasPasswordHandlerProxy.java index ae8ce329ca..e48fc536d2 100644 --- a/adapters/cas/src/main/java/org/springframework/security/adapters/cas/CasPasswordHandlerProxy.java +++ b/adapters/cas/src/main/java/org/springframework/security/adapters/cas/CasPasswordHandlerProxy.java @@ -32,13 +32,13 @@ import javax.servlet.http.HttpServletRequest; /** - * Enables CAS to use the Acegi Security System for authentication.

This class works along with {@link - * CasPasswordHandler} to enable users to easily migrate from stand-alone Acegi Security System deployments to + * Enables CAS to use the Spring Security for authentication.

This class works along with {@link + * CasPasswordHandler} to enable users to easily migrate from stand-alone Spring Security deployments to * enterprise-wide CAS deployments.

- *

It should be noted that the Acegi Security System will operate as a CAS client irrespective of the + *

It should be noted that Spring Security will operate as a CAS client irrespective of the * PasswordHandler used on the CAS server. In other words, this class need not be used on the CAS - * server if not desired. It exists solely for the convenience of users wishing have CAS delegate to an Acegi Security - * System-based AuthenticationManager.

+ * server if not desired. It exists solely for the convenience of users wishing have CAS delegate to a Spring Security-based + * AuthenticationManager.

*

This class works requires a properly configured CasPasswordHandler. On the first authentication * request, the class will use Spring's {@link WebApplicationContextUtils#getRequiredWebApplicationContext(ServletContext)} * method to obtain an ApplicationContext instance, inside which must be a configured @@ -49,7 +49,7 @@ import javax.servlet.http.HttpServletRequest; * org.springframework.security.adapters.cas.CasPasswordHandlerProxy.

* * @author Ben Alex - * @version $Id$ + * @version $Id:CasPasswordHandlerProxy.java 2151 2007-09-22 11:54:13Z luke_t $ */ public class CasPasswordHandlerProxy implements PasswordHandler { //~ Static fields/initializers ===================================================================================== diff --git a/adapters/cas/src/main/java/org/springframework/security/adapters/cas3/CasAuthenticationHandler.java b/adapters/cas/src/main/java/org/springframework/security/adapters/cas3/CasAuthenticationHandler.java index e8d0b90df8..e68b8cc1e4 100644 --- a/adapters/cas/src/main/java/org/springframework/security/adapters/cas3/CasAuthenticationHandler.java +++ b/adapters/cas/src/main/java/org/springframework/security/adapters/cas3/CasAuthenticationHandler.java @@ -32,12 +32,12 @@ import org.springframework.util.Assert; /** - *

Provides JA-SIG CAS 3 authentication by delegating to the Acegi AuthenticationManager.

+ *

Provides JA-SIG CAS 3 authentication by delegating to the Spring Security AuthenticationManager.

*

This class would be configured in the webapp/WEB-INF/deployerConfigContext.xml file in the CAS * distribution.

* * @author Scott Battaglia - * @version $Id$ + * @version $Id:CasAuthenticationHandler.java 2151 2007-09-22 11:54:13Z luke_t $ * * @see AuthenticationHandler * @see AuthenticationManager @@ -81,9 +81,9 @@ public final class CasAuthenticationHandler extends AbstractUsernamePasswordAuth } /** - * Method to set the Acegi AuthenticationManager to delegate to. + * Method to set the Spring Security AuthenticationManager to delegate to. * - * @param authenticationManager the Acegi AuthenticationManager that knows how to authenticate users. + * @param authenticationManager the Spring Security AuthenticationManager that knows how to authenticate users. */ public void setAuthenticationManager(final AuthenticationManager authenticationManager) { this.authenticationManager = authenticationManager; diff --git a/adapters/cas/src/main/resources/org/springframework/security/adapters/cas3/applicationContext.xml b/adapters/cas/src/main/resources/org/springframework/security/adapters/cas3/applicationContext.xml index c44d5b0e38..c5219f10a6 100644 --- a/adapters/cas/src/main/resources/org/springframework/security/adapters/cas3/applicationContext.xml +++ b/adapters/cas/src/main/resources/org/springframework/security/adapters/cas3/applicationContext.xml @@ -20,9 +20,9 @@ * The example CAS AuthenticationHandler should be placed within CAS's * AuthenticationManager's authenticationHandler list property. * - * The Acegi-specific beans can just be placed in the context file. + * The Spring Security-specific beans can just be placed in the context file. * - * $Id$ + * $Id:applicationContext.xml 2151 2007-09-22 11:54:13Z luke_t $ --> diff --git a/adapters/cas/src/main/site/site.xml b/adapters/cas/src/main/site/site.xml index 60560f1ddc..260537eb57 100644 --- a/adapters/cas/src/main/site/site.xml +++ b/adapters/cas/src/main/site/site.xml @@ -1,6 +1,6 @@ - + diff --git a/adapters/catalina/src/main/java/org/springframework/security/adapters/catalina/CatalinaAcegiUserRealm.java b/adapters/catalina/src/main/java/org/springframework/security/adapters/catalina/CatalinaSpringSecurityUserRealm.java similarity index 88% rename from adapters/catalina/src/main/java/org/springframework/security/adapters/catalina/CatalinaAcegiUserRealm.java rename to adapters/catalina/src/main/java/org/springframework/security/adapters/catalina/CatalinaSpringSecurityUserRealm.java index 1cd09a2533..051719c9b8 100644 --- a/adapters/catalina/src/main/java/org/springframework/security/adapters/catalina/CatalinaAcegiUserRealm.java +++ b/adapters/catalina/src/main/java/org/springframework/security/adapters/catalina/CatalinaSpringSecurityUserRealm.java @@ -19,7 +19,7 @@ import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationManager; -import org.springframework.security.adapters.PrincipalAcegiUserToken; +import org.springframework.security.adapters.PrincipalSpringSecurityUserToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken; @@ -41,17 +41,17 @@ import java.util.Map; /** - * Adapter to enable Catalina (Tomcat) to authenticate via the Acegi Security System for Spring.

Returns a {@link - * PrincipalAcegiUserToken} to Catalina's authentication system, which is subsequently available via + * Adapter to enable Catalina (Tomcat) to authenticate via the Spring Security.

Returns a {@link + * PrincipalSpringSecurityUserToken} to Catalina's authentication system, which is subsequently available via * HttpServletRequest.getUserPrincipal().

* * @author Ben Alex - * @version $Id$ + * @version $Id:CatalinaSpringSecurityUserRealm.java 2151 2007-09-22 11:54:13Z luke_t $ */ -public class CatalinaAcegiUserRealm extends RealmBase { +public class CatalinaSpringSecurityUserRealm extends RealmBase { //~ Static fields/initializers ===================================================================================== - private static final Log logger = LogFactory.getLog(CatalinaAcegiUserRealm.class); + private static final Log logger = LogFactory.getLog(CatalinaSpringSecurityUserRealm.class); //~ Instance fields ================================================================================================ @@ -59,7 +59,7 @@ public class CatalinaAcegiUserRealm extends RealmBase { private Container container; private String appContextLocation; private String key; - protected final String name = "CatalinaSpringUserRealm / $Id$"; + protected final String name = "CatalinaSpringUserRealm / $Id:CatalinaSpringSecurityUserRealm.java 2151 2007-09-22 11:54:13Z luke_t $"; //~ Methods ======================================================================================================== @@ -85,7 +85,7 @@ public class CatalinaAcegiUserRealm extends RealmBase { return null; } - return new PrincipalAcegiUserToken(this.key, response.getPrincipal().toString(), + return new PrincipalSpringSecurityUserToken(this.key, response.getPrincipal().toString(), response.getCredentials().toString(), response.getAuthorities(), response.getPrincipal()); } @@ -163,14 +163,14 @@ public class CatalinaAcegiUserRealm extends RealmBase { return false; } - if (!(principal instanceof PrincipalAcegiUserToken)) { - logger.warn("Expected passed principal to be of type PrincipalAcegiUserToken but was " + if (!(principal instanceof PrincipalSpringSecurityUserToken)) { + logger.warn("Expected passed principal to be of type PrincipalSpringSecurityUserToken but was " + principal.getClass().getName()); return false; } - PrincipalAcegiUserToken test = (PrincipalAcegiUserToken) principal; + PrincipalSpringSecurityUserToken test = (PrincipalSpringSecurityUserToken) principal; return test.isUserInRole(role); } @@ -221,7 +221,7 @@ public class CatalinaAcegiUserRealm extends RealmBase { String beanName = (String) beans.keySet().iterator().next(); authenticationManager = (AuthenticationManager) beans.get(beanName); - logger.info("CatalinaAcegiUserRealm Started"); + logger.info("CatalinaSpringSecurityUserRealm Started"); } /** diff --git a/adapters/catalina/src/test/java/org/springframework/security/adapters/catalina/CatalinaAcegiUserRealmTests.java b/adapters/catalina/src/test/java/org/springframework/security/adapters/catalina/CatalinaSpringSecurityUserRealmTests.java similarity index 72% rename from adapters/catalina/src/test/java/org/springframework/security/adapters/catalina/CatalinaAcegiUserRealmTests.java rename to adapters/catalina/src/test/java/org/springframework/security/adapters/catalina/CatalinaSpringSecurityUserRealmTests.java index cc66290171..ecfcec6254 100644 --- a/adapters/catalina/src/test/java/org/springframework/security/adapters/catalina/CatalinaAcegiUserRealmTests.java +++ b/adapters/catalina/src/test/java/org/springframework/security/adapters/catalina/CatalinaSpringSecurityUserRealmTests.java @@ -20,7 +20,7 @@ import junit.framework.TestCase; import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; -import org.springframework.security.adapters.PrincipalAcegiUserToken; +import org.springframework.security.adapters.PrincipalSpringSecurityUserToken; import org.apache.catalina.LifecycleException; @@ -32,35 +32,35 @@ import java.security.Principal; /** - * Tests {@link CatalinaAcegiUserRealm}. + * Tests {@link CatalinaSpringSecurityUserRealm}. * * @author Ben Alex - * @version $Id$ + * @version $Id:CatalinaSpringSecurityUserRealmTests.java 2151 2007-09-22 11:54:13Z luke_t $ */ -public class CatalinaAcegiUserRealmTests extends TestCase { +public class CatalinaSpringSecurityUserRealmTests extends TestCase { //~ Instance fields ================================================================================================ private final String ADAPTER_KEY = "my_key"; //~ Constructors =================================================================================================== - public CatalinaAcegiUserRealmTests() { + public CatalinaSpringSecurityUserRealmTests() { super(); } - public CatalinaAcegiUserRealmTests(String arg0) { + public CatalinaSpringSecurityUserRealmTests(String arg0) { super(arg0); } //~ Methods ======================================================================================================== public static void main(String[] args) { - junit.textui.TestRunner.run(CatalinaAcegiUserRealmTests.class); + junit.textui.TestRunner.run(CatalinaSpringSecurityUserRealmTests.class); } - private CatalinaAcegiUserRealm makeAdapter(String fileName) + private CatalinaSpringSecurityUserRealm makeAdapter(String fileName) throws Exception { - CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm(); + CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm(); URL url = Thread.currentThread().getContextClassLoader().getResource("org/springframework/security/adapters/" + fileName); @@ -86,7 +86,7 @@ public class CatalinaAcegiUserRealmTests extends TestCase { public void testAdapterAbortsIfAppContextDoesNotContainAnAuthenticationBean() throws Exception { try { - CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-invalid.xml"); + CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-invalid.xml"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertTrue(true); @@ -95,7 +95,7 @@ public class CatalinaAcegiUserRealmTests extends TestCase { public void testAdapterAbortsIfNoAppContextSpecified() throws Exception { - CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm(); + CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm(); adapter.setKey("KEY"); @@ -117,7 +117,7 @@ public class CatalinaAcegiUserRealmTests extends TestCase { } public void testAdapterAbortsIfNoKeySpecified() throws Exception { - CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm(); + CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm(); adapter.setAppContextLocation("SOMETHING"); @@ -140,7 +140,7 @@ public class CatalinaAcegiUserRealmTests extends TestCase { public void testAdapterAbortsWithIncorrectApplicationContextLocation() throws Exception { - CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm(); + CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm(); adapter.setAppContextLocation("SOME_INVALID_PATH"); adapter.setKey("KEY"); @@ -153,48 +153,48 @@ public class CatalinaAcegiUserRealmTests extends TestCase { } public void testAdapterIdentifiesItself() throws Exception { - CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm(); + CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm(); assertTrue(adapter.getName().lastIndexOf("CatalinaSpringUserRealm") != -1); } public void testAdapterStartsUpSuccess() throws Exception { - CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); + CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); assertTrue(true); } public void testAuthenticateManyParamsReturnsNull() { - CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm(); + CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm(); assertEquals(null, adapter.authenticate(null, null, null, null, null, null, null, null)); } public void testAuthenticateX509ReturnsNull() { - CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm(); + CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm(); assertEquals(null, adapter.authenticate(null)); } public void testAuthenticationFailsForIncorrectPassword() throws Exception { - CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); + CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); assertEquals(null, adapter.authenticate("marissa", "kangaroo")); } public void testAuthenticationFailsForIncorrectUserName() throws Exception { - CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); + CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); assertEquals(null, adapter.authenticate("melissa", "koala")); } public void testAuthenticationUsingByteArrayForCredentials() throws Exception { - CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); + CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); byte[] credentials = {'k', 'o', 'a', 'l', 'a'}; Principal result = adapter.authenticate("marissa", credentials); - if (!(result instanceof PrincipalAcegiUserToken)) { - fail("Should have returned PrincipalAcegiUserToken"); + if (!(result instanceof PrincipalSpringSecurityUserToken)) { + fail("Should have returned PrincipalSpringSecurityUserToken"); } - PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result; + PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result; assertEquals("marissa", castResult.getPrincipal()); assertEquals("koala", castResult.getCredentials()); assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority()); @@ -204,14 +204,14 @@ public class CatalinaAcegiUserRealmTests extends TestCase { public void testAuthenticationUsingStringForCredentials() throws Exception { - CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); + CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); Principal result = adapter.authenticate("marissa", "koala"); - if (!(result instanceof PrincipalAcegiUserToken)) { - fail("Should have returned PrincipalAcegiUserToken"); + if (!(result instanceof PrincipalSpringSecurityUserToken)) { + fail("Should have returned PrincipalSpringSecurityUserToken"); } - PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result; + PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result; assertEquals("marissa", castResult.getPrincipal()); assertEquals("koala", castResult.getCredentials()); assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority()); @@ -221,28 +221,28 @@ public class CatalinaAcegiUserRealmTests extends TestCase { public void testAuthenticationWithNullPasswordHandledGracefully() throws Exception { - CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); + CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); assertEquals(null, adapter.authenticate("marissa", (String) null)); } public void testAuthenticationWithNullUserNameHandledGracefully() throws Exception { - CatalinaAcegiUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); + CatalinaSpringSecurityUserRealm adapter = makeAdapter("catalinaAdapterTest-valid.xml"); assertEquals(null, adapter.authenticate(null, "koala")); } public void testGetPasswordReturnsNull() { - CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm(); + CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm(); assertEquals(null, adapter.getPassword(null)); } public void testGetPrincipalReturnsNull() { - CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm(); + CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm(); assertEquals(null, adapter.getPrincipal(null)); } public void testGetters() { - CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm(); + CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm(); adapter.setKey("KEY"); assertEquals("KEY", adapter.getKey()); adapter.setAppContextLocation("SOME_LOCATION"); @@ -250,12 +250,12 @@ public class CatalinaAcegiUserRealmTests extends TestCase { } public void testHasRoleWithANullPrincipalFails() { - CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm(); + CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm(); assertTrue(!adapter.hasRole(null, "ROLE_ONE")); } public void testHasRoleWithAPrincipalTheAdapterDidNotCreateFails() { - CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm(); + CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm(); assertTrue(!adapter.hasRole(new Principal() { public String getName() { return "MockPrincipal"; @@ -264,10 +264,10 @@ public class CatalinaAcegiUserRealmTests extends TestCase { } public void testHasRoleWithPrincipalAcegiUserToken() { - PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("KEY", "Test", "Password", + PrincipalSpringSecurityUserToken token = new PrincipalSpringSecurityUserToken("KEY", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, null); - CatalinaAcegiUserRealm adapter = new CatalinaAcegiUserRealm(); + CatalinaSpringSecurityUserRealm adapter = new CatalinaSpringSecurityUserRealm(); assertTrue(adapter.hasRole(token, "ROLE_ONE")); assertTrue(adapter.hasRole(token, "ROLE_TWO")); assertTrue(!adapter.hasRole(token, "ROLE_WE_DO_NOT_HAVE")); diff --git a/adapters/jboss/src/main/java/org/springframework/security/adapters/jboss/JbossAcegiLoginModule.java b/adapters/jboss/src/main/java/org/springframework/security/adapters/jboss/JbossSpringSecurityLoginModule.java similarity index 94% rename from adapters/jboss/src/main/java/org/springframework/security/adapters/jboss/JbossAcegiLoginModule.java rename to adapters/jboss/src/main/java/org/springframework/security/adapters/jboss/JbossSpringSecurityLoginModule.java index 4516ca2ce0..e88bd24cbb 100644 --- a/adapters/jboss/src/main/java/org/springframework/security/adapters/jboss/JbossAcegiLoginModule.java +++ b/adapters/jboss/src/main/java/org/springframework/security/adapters/jboss/JbossSpringSecurityLoginModule.java @@ -21,7 +21,7 @@ import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationManager; import org.springframework.security.CredentialsExpiredException; -import org.springframework.security.adapters.PrincipalAcegiUserToken; +import org.springframework.security.adapters.PrincipalSpringSecurityUserToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken; @@ -52,15 +52,15 @@ import javax.security.auth.login.LoginException; /** - * Adapter to enable JBoss to authenticate via the Acegi Security System for Spring.

Returns a {@link - * PrincipalAcegiUserToken} to JBoss' authentication system, which is subsequently available from - * java:comp/env/security/subject.

+ * Adapter to enable JBoss to authenticate via the Spring Security System for Spring. + *

Returns a {@link PrincipalSpringSecurityUserToken} to JBoss' authentication system, + * which is subsequently available from java:comp/env/security/subject.

* * @author Ben Alex * @author Sergio Bern� - * @version $Id$ + * @version $Id:JbossSpringSecurityLoginModule.java 2151 2007-09-22 11:54:13Z luke_t $ */ -public class JbossAcegiLoginModule extends AbstractServerLoginModule { +public class JbossSpringSecurityLoginModule extends AbstractServerLoginModule { //~ Instance fields ================================================================================================ private AuthenticationManager authenticationManager; @@ -284,7 +284,7 @@ public class JbossAcegiLoginModule extends AbstractServerLoginModule { super.log.debug("user is logged. redirecting to jaas classes"); - identity = new PrincipalAcegiUserToken(this.key, response.getName(), response.getCredentials().toString(), + identity = new PrincipalSpringSecurityUserToken(this.key, response.getName(), response.getCredentials().toString(), response.getAuthorities(), response.getPrincipal()); } diff --git a/adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/JbossIntegrationFilterTests.java b/adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/JbossIntegrationFilterTests.java index 941c6154cf..f56909d47c 100644 --- a/adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/JbossIntegrationFilterTests.java +++ b/adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/JbossIntegrationFilterTests.java @@ -20,7 +20,7 @@ import junit.framework.TestCase; import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; -import org.springframework.security.adapters.PrincipalAcegiUserToken; +import org.springframework.security.adapters.PrincipalSpringSecurityUserToken; import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextImpl; @@ -50,7 +50,7 @@ import javax.servlet.ServletResponse; * Tests {@link JbossIntegrationFilter}. * * @author Ben Alex - * @version $Id$ + * @version $Id:JbossIntegrationFilterTests.java 2151 2007-09-22 11:54:13Z luke_t $ */ public class JbossIntegrationFilterTests extends TestCase { //~ Constructors =================================================================================================== @@ -95,7 +95,7 @@ public class JbossIntegrationFilterTests extends TestCase { } public void testCorrectOperation() throws Exception { - PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key", "someone", "password", + PrincipalSpringSecurityUserToken principal = new PrincipalSpringSecurityUserToken("key", "someone", "password", new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")}, null); JbossIntegrationFilter filter = new MockJbossIntegrationFilter(new MockInitialContext(makeIntoSubject(principal))); diff --git a/adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/JbossAcegiLoginModuleTests.java b/adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/JbossSpringSecurityLoginModuleTests.java similarity index 86% rename from adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/JbossAcegiLoginModuleTests.java rename to adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/JbossSpringSecurityLoginModuleTests.java index 1d8c6d200b..cd5c84b0b4 100644 --- a/adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/JbossAcegiLoginModuleTests.java +++ b/adapters/jboss/src/test/java/org/springframework/security/adapters/jboss/JbossSpringSecurityLoginModuleTests.java @@ -17,10 +17,9 @@ package org.springframework.security.adapters.jboss; import junit.framework.TestCase; -import org.springframework.security.adapters.PrincipalAcegiUserToken; +import org.springframework.security.adapters.PrincipalSpringSecurityUserToken; import org.jboss.security.SimplePrincipal; -import org.jboss.security.SimpleGroup; import java.io.IOException; @@ -28,7 +27,6 @@ import java.security.Principal; import java.security.acl.Group; import java.util.Properties; -import java.util.Enumeration; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; @@ -41,30 +39,30 @@ import javax.security.auth.login.LoginException; /** - * Tests {@link JbossAcegiLoginModule}. + * Tests {@link JbossSpringSecurityLoginModule}. * * @author Ben Alex - * @version $Id$ + * @version $Id:JbossSpringSecurityLoginModuleTests.java 2151 2007-09-22 11:54:13Z luke_t $ */ -public class JbossAcegiLoginModuleTests extends TestCase { +public class JbossSpringSecurityLoginModuleTests extends TestCase { //~ Instance fields ================================================================================================ private final String ADAPTER_KEY = "my_key"; //~ Constructors =================================================================================================== - public JbossAcegiLoginModuleTests() { + public JbossSpringSecurityLoginModuleTests() { super(); } - public JbossAcegiLoginModuleTests(String arg0) { + public JbossSpringSecurityLoginModuleTests(String arg0) { super(arg0); } //~ Methods ======================================================================================================== public static void main(String[] args) { - junit.textui.TestRunner.run(JbossAcegiLoginModuleTests.class); + junit.textui.TestRunner.run(JbossSpringSecurityLoginModuleTests.class); } public final void setUp() throws Exception { @@ -73,7 +71,7 @@ public class JbossAcegiLoginModuleTests extends TestCase { public void testAdapterAbortsIfAppContextDoesNotContainAnAuthenticationBean() throws Exception { - JbossAcegiLoginModule adapter = new JbossAcegiLoginModule(); + JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule(); Properties props = new Properties(); props.put("key", ADAPTER_KEY); props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-invalid.xml"); @@ -88,7 +86,7 @@ public class JbossAcegiLoginModuleTests extends TestCase { public void testAdapterAbortsIfNoAppContextSpecified() throws Exception { - JbossAcegiLoginModule adapter = new JbossAcegiLoginModule(); + JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule(); Properties props = new Properties(); props.put("key", ADAPTER_KEY); @@ -113,7 +111,7 @@ public class JbossAcegiLoginModuleTests extends TestCase { } public void testAdapterAbortsIfNoKeySpecified() throws Exception { - JbossAcegiLoginModule adapter = new JbossAcegiLoginModule(); + JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule(); Properties props = new Properties(); props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml"); @@ -139,7 +137,7 @@ public class JbossAcegiLoginModuleTests extends TestCase { public void testAdapterAbortsWithIncorrectApplicationContextLocation() throws Exception { - JbossAcegiLoginModule adapter = new JbossAcegiLoginModule(); + JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule(); Properties props = new Properties(); props.put("key", ADAPTER_KEY); @@ -155,7 +153,7 @@ public class JbossAcegiLoginModuleTests extends TestCase { public void testAdapterFailsToAuthenticateIfNoCallbackHandlerAvailable() throws Exception { - JbossAcegiLoginModule adapter = new JbossAcegiLoginModule(); + JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule(); Properties props = new Properties(); props.put("key", ADAPTER_KEY); props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml"); @@ -173,7 +171,7 @@ public class JbossAcegiLoginModuleTests extends TestCase { } public void testAdapterStartsUpSuccess() throws Exception { - JbossAcegiLoginModule adapter = new JbossAcegiLoginModule(); + JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule(); Properties props = new Properties(); props.put("key", ADAPTER_KEY); props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml"); @@ -183,7 +181,7 @@ public class JbossAcegiLoginModuleTests extends TestCase { public void testAuthenticationFailsForIncorrectPassword() throws Exception { - JbossAcegiLoginModule adapter = new JbossAcegiLoginModule(); + JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule(); Properties props = new Properties(); props.put("key", ADAPTER_KEY); props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml"); @@ -203,7 +201,7 @@ public class JbossAcegiLoginModuleTests extends TestCase { public void testAuthenticationFailsForIncorrectUserName() throws Exception { - JbossAcegiLoginModule adapter = new JbossAcegiLoginModule(); + JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule(); Properties props = new Properties(); props.put("key", ADAPTER_KEY); props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml"); @@ -222,7 +220,7 @@ public class JbossAcegiLoginModuleTests extends TestCase { } public void testAuthenticationSuccess() throws Exception { - JbossAcegiLoginModule adapter = new JbossAcegiLoginModule(); + JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule(); Properties props = new Properties(); props.put("key", ADAPTER_KEY); props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml"); @@ -235,11 +233,11 @@ public class JbossAcegiLoginModuleTests extends TestCase { Principal result = adapter.getIdentity(); - if (!(result instanceof PrincipalAcegiUserToken)) { - fail("Should have returned PrincipalAcegiUserToken"); + if (!(result instanceof PrincipalSpringSecurityUserToken)) { + fail("Should have returned PrincipalSpringSecurityUserToken"); } - PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result; + PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result; assertEquals("marissa", castResult.getPrincipal()); assertEquals("koala", castResult.getCredentials()); assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority()); @@ -249,7 +247,7 @@ public class JbossAcegiLoginModuleTests extends TestCase { public void testAuthenticationWithNullPasswordHandledGracefully() throws Exception { - JbossAcegiLoginModule adapter = new JbossAcegiLoginModule(); + JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule(); Properties props = new Properties(); props.put("key", ADAPTER_KEY); props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml"); @@ -269,7 +267,7 @@ public class JbossAcegiLoginModuleTests extends TestCase { public void testAuthenticationWithNullUserNameAndNullPasswordHandledGracefully() throws Exception { - JbossAcegiLoginModule adapter = new JbossAcegiLoginModule(); + JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule(); Properties props = new Properties(); props.put("key", ADAPTER_KEY); props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml"); @@ -289,7 +287,7 @@ public class JbossAcegiLoginModuleTests extends TestCase { public void testAuthenticationWithNullUserNameHandledGracefully() throws Exception { - JbossAcegiLoginModule adapter = new JbossAcegiLoginModule(); + JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule(); Properties props = new Properties(); props.put("key", ADAPTER_KEY); props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml"); @@ -308,7 +306,7 @@ public class JbossAcegiLoginModuleTests extends TestCase { } public void testGetRoleSets() throws Exception { - JbossAcegiLoginModule adapter = new JbossAcegiLoginModule(); + JbossSpringSecurityLoginModule adapter = new JbossSpringSecurityLoginModule(); Properties props = new Properties(); props.put("key", ADAPTER_KEY); props.put("appContextLocation", "org/springframework/security/adapters/adaptertest-valid.xml"); diff --git a/adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettyAcegiUserRealm.java b/adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettySpringSecurityUserRealm.java similarity index 88% rename from adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettyAcegiUserRealm.java rename to adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettySpringSecurityUserRealm.java index 3fa9cee548..a0d08a2b3b 100644 --- a/adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettyAcegiUserRealm.java +++ b/adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettySpringSecurityUserRealm.java @@ -34,17 +34,17 @@ import java.util.Map; /** - * Adapter to enable Jetty to authenticate via the Acegi Security System for Spring.

Returns a {@link - * JettyAcegiUserToken} to Jetty's authentication system, which is subsequently available via + * Adapter to enable Jetty to authenticate via Spring Security.

Returns a {@link + * JettySpringSecurityUserToken} to Jetty's authentication system, which is subsequently available via * HttpServletRequest.getUserPrincipal().

* * @author Ben Alex - * @version $Id$ + * @version $Id:JettySpringSecurityUserRealm.java 2151 2007-09-22 11:54:13Z luke_t $ */ -public final class JettyAcegiUserRealm implements UserRealm { +public final class JettySpringSecurityUserRealm implements UserRealm { //~ Static fields/initializers ===================================================================================== - private static final Log logger = LogFactory.getLog(JettyAcegiUserRealm.class); + private static final Log logger = LogFactory.getLog(JettySpringSecurityUserRealm.class); //~ Instance fields ================================================================================================ @@ -64,7 +64,7 @@ public final class JettyAcegiUserRealm implements UserRealm { * * @throws IllegalArgumentException DOCUMENT ME! */ - public JettyAcegiUserRealm(String realm, String providerKey, String appContextLocation) { + public JettySpringSecurityUserRealm(String realm, String providerKey, String appContextLocation) { this.realm = realm; this.key = providerKey; @@ -96,7 +96,7 @@ public final class JettyAcegiUserRealm implements UserRealm { authenticationManager = (AuthenticationManager) beans.get(beanName); } - protected JettyAcegiUserRealm() { + protected JettySpringSecurityUserRealm() { throw new IllegalArgumentException("Cannot use default constructor"); } @@ -124,7 +124,7 @@ public final class JettyAcegiUserRealm implements UserRealm { return null; } - return new JettyAcegiUserToken(this.key, response.getPrincipal().toString(), + return new JettySpringSecurityUserToken(this.key, response.getPrincipal().toString(), response.getCredentials().toString(), response.getAuthorities()); } diff --git a/adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettyAcegiUserToken.java b/adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettySpringSecurityUserToken.java similarity index 83% rename from adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettyAcegiUserToken.java rename to adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettySpringSecurityUserToken.java index a8b2e5181c..38ba7e37b0 100644 --- a/adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettyAcegiUserToken.java +++ b/adapters/jetty/src/main/java/org/springframework/security/adapters/jetty/JettySpringSecurityUserToken.java @@ -26,9 +26,9 @@ import org.mortbay.http.UserPrincipal; * A Jetty compatible {@link org.springframework.security.Authentication} object. * * @author Ben Alex - * @version $Id$ + * @version $Id:JettySpringSecurityUserToken.java 2151 2007-09-22 11:54:13Z luke_t $ */ -public class JettyAcegiUserToken extends AbstractAdapterAuthenticationToken implements UserPrincipal { +public class JettySpringSecurityUserToken extends AbstractAdapterAuthenticationToken implements UserPrincipal { //~ Instance fields ================================================================================================ private static final long serialVersionUID = 1L; @@ -37,13 +37,13 @@ public class JettyAcegiUserToken extends AbstractAdapterAuthenticationToken impl //~ Constructors =================================================================================================== - public JettyAcegiUserToken(String key, String username, String password, GrantedAuthority[] authorities) { + public JettySpringSecurityUserToken(String key, String username, String password, GrantedAuthority[] authorities) { super(key, authorities); this.username = username; this.password = password; } - protected JettyAcegiUserToken() { + protected JettySpringSecurityUserToken() { throw new IllegalArgumentException("Cannot use default constructor"); } diff --git a/adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/JettyAcegiUserRealmTests.java b/adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/JettyAcegiUserRealmTests.java index aa91f61426..8e7ecb65d0 100644 --- a/adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/JettyAcegiUserRealmTests.java +++ b/adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/JettyAcegiUserRealmTests.java @@ -21,10 +21,10 @@ import org.mortbay.http.UserPrincipal; /** - * Tests {@link JettyAcegiUserRealm}. + * Tests {@link JettySpringSecurityUserRealm}. * * @author Ben Alex - * @version $Id$ + * @version $Id:JettyAcegiUserRealmTests.java 2151 2007-09-22 11:54:13Z luke_t $ */ public class JettyAcegiUserRealmTests extends TestCase { //~ Instance fields ================================================================================================ @@ -48,11 +48,11 @@ public class JettyAcegiUserRealmTests extends TestCase { junit.textui.TestRunner.run(JettyAcegiUserRealmTests.class); } - private JettyAcegiUserRealm makeAdapter(String fileName) + private JettySpringSecurityUserRealm makeAdapter(String fileName) throws Exception { String useFile = "org/springframework/security/adapters/" + fileName; - return new JettyAcegiUserRealm(REALM_NAME, ADAPTER_KEY, useFile); + return new JettySpringSecurityUserRealm(REALM_NAME, ADAPTER_KEY, useFile); } public final void setUp() throws Exception { @@ -62,7 +62,7 @@ public class JettyAcegiUserRealmTests extends TestCase { public void testAdapterAbortsIfAppContextDoesNotContainAnAuthenticationBean() throws Exception { try { - JettyAcegiUserRealm adapter = makeAdapter("adaptertest-invalid.xml"); + JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-invalid.xml"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertEquals("Bean context must contain at least one bean of type AuthenticationManager", @@ -73,14 +73,14 @@ public class JettyAcegiUserRealmTests extends TestCase { public void testAdapterAbortsIfNoAppContextSpecified() throws Exception { try { - new JettyAcegiUserRealm(REALM_NAME, ADAPTER_KEY, null); + new JettySpringSecurityUserRealm(REALM_NAME, ADAPTER_KEY, null); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertEquals("appContextLocation must be specified", expected.getMessage()); } try { - new JettyAcegiUserRealm(REALM_NAME, ADAPTER_KEY, ""); + new JettySpringSecurityUserRealm(REALM_NAME, ADAPTER_KEY, ""); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertEquals("appContextLocation must be specified", expected.getMessage()); @@ -89,14 +89,14 @@ public class JettyAcegiUserRealmTests extends TestCase { public void testAdapterAbortsIfNoKeySpecified() throws Exception { try { - new JettyAcegiUserRealm(REALM_NAME, null, "SOME_PATH"); + new JettySpringSecurityUserRealm(REALM_NAME, null, "SOME_PATH"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertEquals("key must be specified", expected.getMessage()); } try { - new JettyAcegiUserRealm(REALM_NAME, "", "SOME_PATH"); + new JettySpringSecurityUserRealm(REALM_NAME, "", "SOME_PATH"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertEquals("key must be specified", expected.getMessage()); @@ -106,14 +106,14 @@ public class JettyAcegiUserRealmTests extends TestCase { public void testAdapterAbortsIfNoRealmNameSpecified() throws Exception { try { - new JettyAcegiUserRealm(null, ADAPTER_KEY, "SOME_PATH"); + new JettySpringSecurityUserRealm(null, ADAPTER_KEY, "SOME_PATH"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertEquals("realm must be specified", expected.getMessage()); } try { - new JettyAcegiUserRealm(null, ADAPTER_KEY, "SOME_PATH"); + new JettySpringSecurityUserRealm(null, ADAPTER_KEY, "SOME_PATH"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertEquals("realm must be specified", expected.getMessage()); @@ -123,7 +123,7 @@ public class JettyAcegiUserRealmTests extends TestCase { public void testAdapterAbortsWithIncorrectApplicationContextLocation() throws Exception { try { - new JettyAcegiUserRealm(REALM_NAME, ADAPTER_KEY, "SOME_INVALID_LOCATION"); + new JettySpringSecurityUserRealm(REALM_NAME, ADAPTER_KEY, "SOME_INVALID_LOCATION"); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertTrue(expected.getMessage().startsWith("Cannot locate")); @@ -132,36 +132,36 @@ public class JettyAcegiUserRealmTests extends TestCase { public void testAdapterIdentifiesTheRealmItManages() throws Exception { - JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml"); + JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml"); assertEquals(REALM_NAME, adapter.getName()); } public void testAdapterStartsUpSuccess() throws Exception { - JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml"); + JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml"); assertTrue(true); } public void testAuthenticationFailsForIncorrectPassword() throws Exception { - JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml"); + JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml"); assertEquals(null, adapter.authenticate("marissa", "kangaroo", null)); } public void testAuthenticationFailsForIncorrectUserName() throws Exception { - JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml"); + JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml"); assertEquals(null, adapter.authenticate("melissa", "koala", null)); } public void testAuthenticationSuccess() throws Exception { - JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml"); + JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml"); UserPrincipal result = adapter.authenticate("marissa", "koala", null); - if (!(result instanceof JettyAcegiUserToken)) { - fail("Should have returned JettyAcegiUserToken"); + if (!(result instanceof JettySpringSecurityUserToken)) { + fail("Should have returned JettySpringSecurityUserToken"); } - JettyAcegiUserToken castResult = (JettyAcegiUserToken) result; + JettySpringSecurityUserToken castResult = (JettySpringSecurityUserToken) result; assertEquals("marissa", castResult.getPrincipal()); assertEquals("koala", castResult.getCredentials()); assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority()); @@ -171,36 +171,36 @@ public class JettyAcegiUserRealmTests extends TestCase { public void testAuthenticationWithNullPasswordHandledGracefully() throws Exception { - JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml"); + JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml"); assertEquals(null, adapter.authenticate("marissa", null, null)); } public void testAuthenticationWithNullUserNameHandledGracefully() throws Exception { - JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml"); + JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml"); assertEquals(null, adapter.authenticate(null, "koala", null)); } public void testDisassociateImplemented() throws Exception { - JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml"); + JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml"); adapter.disassociate(new MockUserPrincipal()); assertTrue(true); } public void testGetAuthenticationManager() throws Exception { - JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml"); + JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml"); assertTrue(adapter.getAuthenticationManager() != null); } public void testLogoutImplemented() throws Exception { - JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml"); + JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml"); adapter.logout(new MockUserPrincipal()); assertTrue(true); } public void testNoArgsConstructor() { try { - new JettyAcegiUserRealm(); + new JettySpringSecurityUserRealm(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertTrue(true); @@ -208,13 +208,13 @@ public class JettyAcegiUserRealmTests extends TestCase { } public void testPopRoleImplemented() throws Exception { - JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml"); + JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml"); MockUserPrincipal user = new MockUserPrincipal(); assertEquals(user, adapter.popRole(user)); } public void testPushRoleImplemented() throws Exception { - JettyAcegiUserRealm adapter = makeAdapter("adaptertest-valid.xml"); + JettySpringSecurityUserRealm adapter = makeAdapter("adaptertest-valid.xml"); MockUserPrincipal user = new MockUserPrincipal(); assertEquals(user, adapter.pushRole(user, "SOME_ROLE")); } diff --git a/adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/JettyAcegiUserTokenTests.java b/adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/JettySpringSecurityUserTokenTests.java similarity index 76% rename from adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/JettyAcegiUserTokenTests.java rename to adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/JettySpringSecurityUserTokenTests.java index 4f97d03255..b90af40b3f 100644 --- a/adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/JettyAcegiUserTokenTests.java +++ b/adapters/jetty/src/test/java/org/springframework/security/adapters/jetty/JettySpringSecurityUserTokenTests.java @@ -22,34 +22,25 @@ import org.springframework.security.GrantedAuthorityImpl; /** - * Tests {@link JettyAcegiUserToken}. + * Tests {@link JettySpringSecurityUserToken}. * * @author Ben Alex - * @version $Id$ + * @version $Id:JettySpringSecurityUserTokenTests.java 2151 2007-09-22 11:54:13Z luke_t $ */ -public class JettyAcegiUserTokenTests extends TestCase { +public class JettySpringSecurityUserTokenTests extends TestCase { //~ Constructors =================================================================================================== - public JettyAcegiUserTokenTests() { - super(); + public JettySpringSecurityUserTokenTests() { } - public JettyAcegiUserTokenTests(String arg0) { + public JettySpringSecurityUserTokenTests(String arg0) { super(arg0); } //~ Methods ======================================================================================================== - public static void main(String[] args) { - junit.textui.TestRunner.run(JettyAcegiUserTokenTests.class); - } - - public final void setUp() throws Exception { - super.setUp(); - } - public void testGetters() throws Exception { - JettyAcegiUserToken token = new JettyAcegiUserToken("my_password", "Test", "Password", + JettySpringSecurityUserToken token = new JettySpringSecurityUserToken("my_password", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}); assertEquals("Test", token.getPrincipal()); assertEquals("Password", token.getCredentials()); @@ -59,7 +50,7 @@ public class JettyAcegiUserTokenTests extends TestCase { public void testNoArgsConstructor() { try { - new JettyAcegiUserToken(); + new JettySpringSecurityUserToken(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertTrue(true); diff --git a/adapters/resin/src/main/java/org/springframework/security/adapters/resin/ResinAcegiAuthenticator.java b/adapters/resin/src/main/java/org/springframework/security/adapters/resin/ResinAcegiAuthenticator.java index 7ddbcb9b8b..377246c29b 100644 --- a/adapters/resin/src/main/java/org/springframework/security/adapters/resin/ResinAcegiAuthenticator.java +++ b/adapters/resin/src/main/java/org/springframework/security/adapters/resin/ResinAcegiAuthenticator.java @@ -21,7 +21,7 @@ import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationManager; -import org.springframework.security.adapters.PrincipalAcegiUserToken; +import org.springframework.security.adapters.PrincipalSpringSecurityUserToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken; @@ -41,12 +41,12 @@ import javax.servlet.http.HttpServletResponse; /** - * Adapter to enable Resin to authenticate via the Acegi Security System for Spring.

Returns a {@link - * PrincipalAcegiUserToken} to Resin's authentication system, which is subsequently available via + * Adapter to enable Resin to authenticate via Spring Security.

Returns a {@link + * PrincipalSpringSecurityUserToken} to Resin's authentication system, which is subsequently available via * HttpServletRequest.getUserPrincipal().

* * @author Ben Alex - * @version $Id$ + * @version $Id:ResinAcegiAuthenticator.java 2151 2007-09-22 11:54:13Z luke_t $ */ public class ResinAcegiAuthenticator extends AbstractAuthenticator { //~ Static fields/initializers ===================================================================================== @@ -98,15 +98,15 @@ public class ResinAcegiAuthenticator extends AbstractAuthenticator { public boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, Principal principal, String role) { - if (!(principal instanceof PrincipalAcegiUserToken)) { + if (!(principal instanceof PrincipalSpringSecurityUserToken)) { if (logger.isWarnEnabled()) { - logger.warn("Expected passed principal to be of type PrincipalAcegiUserToken"); + logger.warn("Expected passed principal to be of type PrincipalSpringSecurityUserToken"); } return false; } - PrincipalAcegiUserToken test = (PrincipalAcegiUserToken) principal; + PrincipalSpringSecurityUserToken test = (PrincipalSpringSecurityUserToken) principal; return test.isUserInRole(role); } @@ -133,7 +133,7 @@ public class ResinAcegiAuthenticator extends AbstractAuthenticator { return null; } - return new PrincipalAcegiUserToken(this.key, response.getPrincipal().toString(), + return new PrincipalSpringSecurityUserToken(this.key, response.getPrincipal().toString(), response.getCredentials().toString(), response.getAuthorities(), response.getPrincipal()); } diff --git a/adapters/resin/src/test/java/org/springframework/security/adapters/resin/ResinAcegiAuthenticatorTests.java b/adapters/resin/src/test/java/org/springframework/security/adapters/resin/ResinAcegiAuthenticatorTests.java index 8b909278ce..84ece22cf0 100644 --- a/adapters/resin/src/test/java/org/springframework/security/adapters/resin/ResinAcegiAuthenticatorTests.java +++ b/adapters/resin/src/test/java/org/springframework/security/adapters/resin/ResinAcegiAuthenticatorTests.java @@ -20,7 +20,7 @@ import junit.framework.TestCase; import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; -import org.springframework.security.adapters.PrincipalAcegiUserToken; +import org.springframework.security.adapters.PrincipalSpringSecurityUserToken; import java.security.Principal; @@ -31,7 +31,7 @@ import javax.servlet.ServletException; * Tests {@link ResinAcegiAuthenticator}. * * @author Ben Alex - * @version $Id$ + * @version $Id:ResinAcegiAuthenticatorTests.java 2151 2007-09-22 11:54:13Z luke_t $ */ public class ResinAcegiAuthenticatorTests extends TestCase { //~ Instance fields ================================================================================================ @@ -164,11 +164,11 @@ public class ResinAcegiAuthenticatorTests extends TestCase { Principal result = adapter.loginImpl("marissa", "koala"); - if (!(result instanceof PrincipalAcegiUserToken)) { - fail("Should have returned PrincipalAcegiUserToken"); + if (!(result instanceof PrincipalSpringSecurityUserToken)) { + fail("Should have returned PrincipalSpringSecurityUserToken"); } - PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result; + PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result; assertEquals("marissa", castResult.getPrincipal()); assertEquals("koala", castResult.getCredentials()); assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority()); @@ -185,11 +185,11 @@ public class ResinAcegiAuthenticatorTests extends TestCase { Principal result = adapter.loginImpl(null, null, null, "marissa", "koala"); - if (!(result instanceof PrincipalAcegiUserToken)) { - fail("Should have returned PrincipalAcegiUserToken"); + if (!(result instanceof PrincipalSpringSecurityUserToken)) { + fail("Should have returned PrincipalSpringSecurityUserToken"); } - PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) result; + PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) result; assertEquals("marissa", castResult.getPrincipal()); assertEquals("koala", castResult.getCredentials()); assertEquals("ROLE_TELLER", castResult.getAuthorities()[0].getAuthority()); @@ -247,7 +247,7 @@ public class ResinAcegiAuthenticatorTests extends TestCase { public void testHasRoleWithPrincipalAcegiUserToken() throws Exception { - PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("KEY", "Test", "Password", + PrincipalSpringSecurityUserToken token = new PrincipalSpringSecurityUserToken("KEY", "Test", "Password", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, null); ResinAcegiAuthenticator adapter = new ResinAcegiAuthenticator(); diff --git a/core/src/main/java/org/springframework/security/AcegiMessageSource.java b/core/src/main/java/org/springframework/security/SpringSecurityMessageSource.java similarity index 65% rename from core/src/main/java/org/springframework/security/AcegiMessageSource.java rename to core/src/main/java/org/springframework/security/SpringSecurityMessageSource.java index 6f3d3ecdbe..962064ddd7 100644 --- a/core/src/main/java/org/springframework/security/AcegiMessageSource.java +++ b/core/src/main/java/org/springframework/security/SpringSecurityMessageSource.java @@ -20,24 +20,25 @@ import org.springframework.context.support.ResourceBundleMessageSource; /** - * The default MessageSource used by Acegi Security.

All Acegi Security classes requiring messge - * localization will by default use this class. However, all such classes will also implement - * MessageSourceAware so that the application context can inject an alternative message source. Therefore - * this class is only used when the deployment environment has not specified an alternative message source.

+ * The default MessageSource used by Spring Security. + *

All Spring Security classes requiring messge localization will by default use this class. + * However, all such classes will also implement MessageSourceAware so that the application context can + * inject an alternative message source. Therefore this class is only used when the deployment environment has not + * specified an alternative message source.

* * @author Ben Alex * @version $Id$ */ -public class AcegiMessageSource extends ResourceBundleMessageSource { +public class SpringSecurityMessageSource extends ResourceBundleMessageSource { //~ Constructors =================================================================================================== - public AcegiMessageSource() { + public SpringSecurityMessageSource() { setBasename("org.springframework.security.messages"); } //~ Methods ======================================================================================================== public static MessageSourceAccessor getAccessor() { - return new MessageSourceAccessor(new AcegiMessageSource()); + return new MessageSourceAccessor(new SpringSecurityMessageSource()); } } diff --git a/core/src/main/java/org/springframework/security/acl/basic/GrantedAuthorityEffectiveAclsResolver.java b/core/src/main/java/org/springframework/security/acl/basic/GrantedAuthorityEffectiveAclsResolver.java index 896ad7cc10..5a6d3bb542 100644 --- a/core/src/main/java/org/springframework/security/acl/basic/GrantedAuthorityEffectiveAclsResolver.java +++ b/core/src/main/java/org/springframework/security/acl/basic/GrantedAuthorityEffectiveAclsResolver.java @@ -35,7 +35,7 @@ import java.util.Vector; * Authentication#getPrincipal()} or {@link Authentication#getAuthorities()}. The principal object or granted * authorities object has its Object.equals(recipient) method called to make the decision as to whether * the recipient in the BasicAclEntry is the same as the principal or granted authority.

- *

This class should prove an adequate ACLs resolver if you're using standard Acegi Security classes. This is + *

This class should prove an adequate ACLs resolver if you're using standard Spring Security classes. This is * because the typical Authentication token is UsernamePasswordAuthenticationToken, which * for its principal is usually a String. The GrantedAuthorityImpl is typically * used for granted authorities, which tests for equality based on a String. This means diff --git a/core/src/main/java/org/springframework/security/adapters/AuthByAdapterProvider.java b/core/src/main/java/org/springframework/security/adapters/AuthByAdapterProvider.java index 69c9e98ea6..29879bb78b 100644 --- a/core/src/main/java/org/springframework/security/adapters/AuthByAdapterProvider.java +++ b/core/src/main/java/org/springframework/security/adapters/AuthByAdapterProvider.java @@ -15,7 +15,7 @@ package org.springframework.security.adapters; -import org.springframework.security.AcegiMessageSource; +import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.BadCredentialsException; @@ -41,7 +41,7 @@ import org.springframework.util.Assert; public class AuthByAdapterProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware { //~ Instance fields ================================================================================================ - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); + protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); private String key; //~ Methods ======================================================================================================== diff --git a/core/src/main/java/org/springframework/security/adapters/PrincipalAcegiUserToken.java b/core/src/main/java/org/springframework/security/adapters/PrincipalSpringSecurityUserToken.java similarity index 88% rename from core/src/main/java/org/springframework/security/adapters/PrincipalAcegiUserToken.java rename to core/src/main/java/org/springframework/security/adapters/PrincipalSpringSecurityUserToken.java index f0cf97209d..0b1af281e7 100644 --- a/core/src/main/java/org/springframework/security/adapters/PrincipalAcegiUserToken.java +++ b/core/src/main/java/org/springframework/security/adapters/PrincipalSpringSecurityUserToken.java @@ -26,7 +26,7 @@ import java.security.Principal; * @author Ben Alex * @version $Id$ */ -public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken implements Principal { +public class PrincipalSpringSecurityUserToken extends AbstractAdapterAuthenticationToken implements Principal { //~ Instance fields ================================================================================================ private static final long serialVersionUID = 1L; @@ -36,7 +36,7 @@ public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken //~ Constructors =================================================================================================== - public PrincipalAcegiUserToken(String key, String username, String password, GrantedAuthority[] authorities, + public PrincipalSpringSecurityUserToken(String key, String username, String password, GrantedAuthority[] authorities, Object principal) { super(key, authorities); this.username = username; diff --git a/core/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java b/core/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java index ec32888a76..effd63b6e5 100644 --- a/core/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java +++ b/core/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java @@ -15,7 +15,7 @@ package org.springframework.security.afterinvocation; import org.springframework.security.AccessDeniedException; -import org.springframework.security.AcegiMessageSource; +import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.Authentication; import org.springframework.security.ConfigAttribute; import org.springframework.security.ConfigAttributeDefinition; @@ -58,7 +58,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme //~ Instance fields ================================================================================================ - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); + protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); //~ Constructors =================================================================================================== diff --git a/core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProvider.java b/core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProvider.java index 3665817b03..884ee7d477 100644 --- a/core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProvider.java +++ b/core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProvider.java @@ -16,7 +16,7 @@ package org.springframework.security.afterinvocation; import org.springframework.security.AccessDeniedException; -import org.springframework.security.AcegiMessageSource; +import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.Authentication; import org.springframework.security.ConfigAttribute; import org.springframework.security.ConfigAttributeDefinition; @@ -72,7 +72,7 @@ public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProv private AclManager aclManager; private Class processDomainObjectClass = Object.class; - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); + protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); private String processConfigAttribute = "AFTER_ACL_READ"; private int[] requirePermission = {SimpleAclEntry.READ}; diff --git a/core/src/main/java/org/springframework/security/concurrent/ConcurrentSessionControllerImpl.java b/core/src/main/java/org/springframework/security/concurrent/ConcurrentSessionControllerImpl.java index 29b5a891d4..b351683aaa 100644 --- a/core/src/main/java/org/springframework/security/concurrent/ConcurrentSessionControllerImpl.java +++ b/core/src/main/java/org/springframework/security/concurrent/ConcurrentSessionControllerImpl.java @@ -15,7 +15,7 @@ package org.springframework.security.concurrent; -import org.springframework.security.AcegiMessageSource; +import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; @@ -39,7 +39,7 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl MessageSourceAware { //~ Instance fields ================================================================================================ - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); + protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); private SessionRegistry sessionRegistry = new SessionRegistryImpl(); private boolean exceptionIfMaximumExceeded = false; private int maximumSessions = 1; diff --git a/core/src/main/java/org/springframework/security/concurrent/SessionInformation.java b/core/src/main/java/org/springframework/security/concurrent/SessionInformation.java index 0e49803020..b78579730a 100644 --- a/core/src/main/java/org/springframework/security/concurrent/SessionInformation.java +++ b/core/src/main/java/org/springframework/security/concurrent/SessionInformation.java @@ -22,11 +22,11 @@ import java.io.Serializable; /** - * Represents a record of a session within the Acegi Security framework.

This is primarily used for concurrent - * session support.

- *

Sessions have three states: active, expired, and destroyed. A session can that is invalidated by + * Represents a record of a session within the Spring Security framework. + *

This is primarily used for concurrent session support.

+ *

Sessions have three states: active, expired, and destroyed. A session can that is invalidated by * session.invalidate() or via Servlet Container management is considered "destroyed". An "expired" - * session, on the other hand, is a session that Acegi Security wants to end because it was selected for removal for + * session, on the other hand, is a session that Spring Security wants to end because it was selected for removal for * some reason (generally as it was the least recently used session and the maximum sessions for the user were * reached). An "expired" session is removed as soon as possible by a Filter.

* diff --git a/core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java b/core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java index cda7f4e8f2..00a2d9b384 100644 --- a/core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java +++ b/core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java @@ -17,7 +17,7 @@ package org.springframework.security.intercept; import org.springframework.security.AccessDecisionManager; import org.springframework.security.AccessDeniedException; -import org.springframework.security.AcegiMessageSource; +import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.AfterInvocationManager; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationCredentialsNotFoundException; @@ -134,7 +134,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A private AuthenticationManager authenticationManager; - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); + protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); private RunAsManager runAsManager = new NullRunAsManager(); diff --git a/core/src/main/java/org/springframework/security/intercept/package.html b/core/src/main/java/org/springframework/security/intercept/package.html index 0423ea5018..0367103dd4 100644 --- a/core/src/main/java/org/springframework/security/intercept/package.html +++ b/core/src/main/java/org/springframework/security/intercept/package.html @@ -5,17 +5,17 @@ Actually enforces the security and ties the whole security system together. A secure object is a term frequently used throughout the security system. It does not refer to a business object that is being secured, but instead refers to some infrastructure object that can have -security facilities provided for it by the Acegi Security System for -Spring. For example, one secure object would be -MethodInvocation, whilst another would be HTTP {@link -org.springframwork.security.intercept.web.FilterInvocation}. Note these are +security facilities provided for it by Spring Security. +For example, one secure object would be MethodInvocation, +whilst another would be HTTP +{@link org.springframwork.security.intercept.web.FilterInvocation}. Note these are infrastructure objects and their design allows them to represent a large variety of actual resources that might need to be secured, such as business objects or HTTP request URLs.

Each secure object typically has its -own org.acegisecurity.intercept package. +own org.springframwork.security.intercept package. Each package usually includes a concrete security interceptor (which subclasses {@link org.springframework.security.intercept.AbstractSecurityInterceptor}, an appropriate {@link org.springframework.security.intercept.ObjectDefinitionSource} diff --git a/core/src/main/java/org/springframework/security/intercept/web/FilterSecurityInterceptor.java b/core/src/main/java/org/springframework/security/intercept/web/FilterSecurityInterceptor.java index 44be69b10c..ddd6e7ca8d 100644 --- a/core/src/main/java/org/springframework/security/intercept/web/FilterSecurityInterceptor.java +++ b/core/src/main/java/org/springframework/security/intercept/web/FilterSecurityInterceptor.java @@ -41,7 +41,7 @@ import javax.servlet.ServletResponse; public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter { //~ Static fields/initializers ===================================================================================== - private static final String FILTER_APPLIED = "__acegi_security_filterSecurityInterceptor_filterApplied"; + private static final String FILTER_APPLIED = "__spring_security_filterSecurityInterceptor_filterApplied"; //~ Instance fields ================================================================================================ diff --git a/core/src/main/java/org/springframework/security/ldap/DefaultInitialDirContextFactory.java b/core/src/main/java/org/springframework/security/ldap/DefaultInitialDirContextFactory.java index 180b1b0c70..a136fac716 100644 --- a/core/src/main/java/org/springframework/security/ldap/DefaultInitialDirContextFactory.java +++ b/core/src/main/java/org/springframework/security/ldap/DefaultInitialDirContextFactory.java @@ -15,7 +15,7 @@ package org.springframework.security.ldap; -import org.springframework.security.AcegiMessageSource; +import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.BadCredentialsException; import org.apache.commons.logging.Log; @@ -78,7 +78,7 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory /** Allows extra environment variables to be added at config time. */ private Map extraEnvVars = null; - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); + protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); /** Type of authentication within LDAP; default is simple. */ private String authenticationType = "simple"; diff --git a/core/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java b/core/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java index 22677ef83b..6d9dcaeec9 100644 --- a/core/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java +++ b/core/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java @@ -50,7 +50,7 @@ import javax.naming.directory.SearchResult; /** * LDAP equivalent of the Spring JdbcTemplate class. *

- * This is mainly intended to simplify Ldap access within Acegi Security's LDAP-related services. + * This is mainly intended to simplify Ldap access within Spring Security's LDAP-related services. *

* * @author Ben Alex diff --git a/core/src/main/java/org/springframework/security/package.html b/core/src/main/java/org/springframework/security/package.html index 36dbb1d84b..beb204c90d 100644 --- a/core/src/main/java/org/springframework/security/package.html +++ b/core/src/main/java/org/springframework/security/package.html @@ -1,6 +1,6 @@ -Provides core Acegi Security System for Spring interfaces and classes. +Provides core Spring Security interfaces and classes. diff --git a/core/src/main/java/org/springframework/security/providers/ProviderManager.java b/core/src/main/java/org/springframework/security/providers/ProviderManager.java index bb6cf2c84e..432bef973d 100644 --- a/core/src/main/java/org/springframework/security/providers/ProviderManager.java +++ b/core/src/main/java/org/springframework/security/providers/ProviderManager.java @@ -17,7 +17,7 @@ package org.springframework.security.providers; import org.springframework.security.AbstractAuthenticationManager; import org.springframework.security.AccountExpiredException; -import org.springframework.security.AcegiMessageSource; +import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationServiceException; @@ -108,7 +108,7 @@ public class ProviderManager extends AbstractAuthenticationManager implements In private ApplicationEventPublisher applicationEventPublisher; private ConcurrentSessionController sessionController = new NullConcurrentSessionController(); private List providers; - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); + protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); private Properties exceptionMappings = new Properties(); static { diff --git a/core/src/main/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationProvider.java b/core/src/main/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationProvider.java index 00b08ca2d8..1f9d7d5734 100644 --- a/core/src/main/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationProvider.java @@ -15,7 +15,7 @@ package org.springframework.security.providers.anonymous; -import org.springframework.security.AcegiMessageSource; +import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.BadCredentialsException; @@ -42,7 +42,7 @@ public class AnonymousAuthenticationProvider implements AuthenticationProvider, //~ Instance fields ================================================================================================ - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); + protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); private String key; //~ Methods ======================================================================================================== diff --git a/core/src/main/java/org/springframework/security/providers/cas/CasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/providers/cas/CasAuthenticationProvider.java index ee4f2b9050..e11b5dfef7 100644 --- a/core/src/main/java/org/springframework/security/providers/cas/CasAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/providers/cas/CasAuthenticationProvider.java @@ -15,7 +15,7 @@ package org.springframework.security.providers.cas; -import org.springframework.security.AcegiMessageSource; +import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.BadCredentialsException; @@ -58,7 +58,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia private CasAuthoritiesPopulator casAuthoritiesPopulator; private CasProxyDecider casProxyDecider; - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); + protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); private StatelessTicketCache statelessTicketCache; private String key; private TicketValidator ticketValidator; diff --git a/core/src/main/java/org/springframework/security/providers/cas/CasAuthoritiesPopulator.java b/core/src/main/java/org/springframework/security/providers/cas/CasAuthoritiesPopulator.java index 8392119541..c238226179 100644 --- a/core/src/main/java/org/springframework/security/providers/cas/CasAuthoritiesPopulator.java +++ b/core/src/main/java/org/springframework/security/providers/cas/CasAuthoritiesPopulator.java @@ -26,7 +26,7 @@ import org.springframework.security.userdetails.UserDetails; * *

* CAS does not provide the authorities (roles) granted to a user. It merely - * authenticates their identity. As the Acegi Security System for Spring needs + * authenticates their identity. As Spring Security needs * to know the authorities granted to a user in order to construct a valid * Authentication object, implementations of this interface will * provide this information. @@ -36,7 +36,7 @@ import org.springframework.security.userdetails.UserDetails; * A {@link UserDetails} is returned by implementations. The * UserDetails must, at minimum, contain the username and * GrantedAuthority[] objects applicable to the CAS-authenticated - * user. Note that Acegi Security ignores the password and enabled/disabled + * user. Note that Spring Security ignores the password and enabled/disabled * status of the UserDetails because this is * authentication-related and should have been enforced by the CAS server. The * UserDetails returned by implementations is stored in the diff --git a/core/src/main/java/org/springframework/security/providers/cas/StatelessTicketCache.java b/core/src/main/java/org/springframework/security/providers/cas/StatelessTicketCache.java index cb954f6f1a..ead02975d0 100644 --- a/core/src/main/java/org/springframework/security/providers/cas/StatelessTicketCache.java +++ b/core/src/main/java/org/springframework/security/providers/cas/StatelessTicketCache.java @@ -37,7 +37,7 @@ package org.springframework.security.providers.cas; *

* To avoid this issue with stateless callers, it is expected stateless callers * will obtain a single service ticket or proxy ticket, and then present this - * same ticket to the Acegi Security System secured application on each + * same ticket to the Spring Security secured application on each * occasion. As no HttpSession is available for such callers, the * affirmative CAS validation outcome cannot be stored in this location. *

diff --git a/core/src/main/java/org/springframework/security/providers/cas/proxy/NamedCasProxyDecider.java b/core/src/main/java/org/springframework/security/providers/cas/proxy/NamedCasProxyDecider.java index 6c1aa4e69d..9953c4d648 100644 --- a/core/src/main/java/org/springframework/security/providers/cas/proxy/NamedCasProxyDecider.java +++ b/core/src/main/java/org/springframework/security/providers/cas/proxy/NamedCasProxyDecider.java @@ -15,7 +15,7 @@ package org.springframework.security.providers.cas.proxy; -import org.springframework.security.AcegiMessageSource; +import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.providers.cas.CasProxyDecider; import org.springframework.security.providers.cas.ProxyUntrustedException; @@ -46,7 +46,7 @@ public class NamedCasProxyDecider implements CasProxyDecider, InitializingBean, //~ Instance fields ================================================================================================ private List validProxies; - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); + protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); //~ Methods ======================================================================================================== diff --git a/core/src/main/java/org/springframework/security/providers/cas/proxy/RejectProxyTickets.java b/core/src/main/java/org/springframework/security/providers/cas/proxy/RejectProxyTickets.java index 8e083e13ba..1088095f9e 100644 --- a/core/src/main/java/org/springframework/security/providers/cas/proxy/RejectProxyTickets.java +++ b/core/src/main/java/org/springframework/security/providers/cas/proxy/RejectProxyTickets.java @@ -15,7 +15,7 @@ package org.springframework.security.providers.cas.proxy; -import org.springframework.security.AcegiMessageSource; +import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.providers.cas.CasProxyDecider; import org.springframework.security.providers.cas.ProxyUntrustedException; @@ -45,7 +45,7 @@ public class RejectProxyTickets implements CasProxyDecider, MessageSourceAware, //~ Instance fields ================================================================================================ - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); + protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); //~ Methods ======================================================================================================== diff --git a/core/src/main/java/org/springframework/security/providers/cas/ticketvalidator/CasProxyTicketValidator.java b/core/src/main/java/org/springframework/security/providers/cas/ticketvalidator/CasProxyTicketValidator.java index 540d85eed0..832e1fb44e 100644 --- a/core/src/main/java/org/springframework/security/providers/cas/ticketvalidator/CasProxyTicketValidator.java +++ b/core/src/main/java/org/springframework/security/providers/cas/ticketvalidator/CasProxyTicketValidator.java @@ -69,14 +69,14 @@ public class CasProxyTicketValidator extends AbstractTicketValidator { /** * Optional callback URL to obtain a proxy-granting ticket from CAS. - *

This callback URL belongs to the Acegi Security System for Spring secured application. We suggest you use + *

This callback URL belongs to the Spring Security secured application. We suggest you use * CAS' ProxyTicketReceptor servlet to receive this callback and manage the proxy-granting ticket list. * The callback URL is usually something like * https://www.mycompany.com/application/casProxy/receptor. *

*

If left null, the CasAuthenticationToken will not have a proxy granting - * ticket IOU and there will be no proxy-granting ticket callback. Accordingly, the Acegi Securty System for - * Spring secured application will be unable to obtain a proxy ticket to call another CAS-secured service on + * ticket IOU and there will be no proxy-granting ticket callback. Accordingly, the Spring Securty + * secured application will be unable to obtain a proxy ticket to call another CAS-secured service on * behalf of the user. This is not really an issue for most applications.

* * @return the proxy callback URL, or null if not used diff --git a/core/src/main/java/org/springframework/security/providers/dao/AbstractUserDetailsAuthenticationProvider.java b/core/src/main/java/org/springframework/security/providers/dao/AbstractUserDetailsAuthenticationProvider.java index 11cad7cc2a..01d9c72691 100644 --- a/core/src/main/java/org/springframework/security/providers/dao/AbstractUserDetailsAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/providers/dao/AbstractUserDetailsAuthenticationProvider.java @@ -16,7 +16,7 @@ package org.springframework.security.providers.dao; import org.springframework.security.AccountExpiredException; -import org.springframework.security.AcegiMessageSource; +import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.BadCredentialsException; @@ -69,7 +69,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe MessageSourceAware { //~ Instance fields ================================================================================================ - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); + protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); private UserCache userCache = new NullUserCache(); private boolean forcePrincipalAsString = false; protected boolean hideUserNotFoundExceptions = true; diff --git a/core/src/main/java/org/springframework/security/providers/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/providers/jaas/JaasAuthenticationProvider.java index dc0fce330e..aa79ead705 100644 --- a/core/src/main/java/org/springframework/security/providers/jaas/JaasAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/providers/jaas/JaasAuthenticationProvider.java @@ -146,7 +146,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli private LoginExceptionResolver loginExceptionResolver = new DefaultLoginExceptionResolver(); private Resource loginConfig; - private String loginContextName = "ACEGI"; + private String loginContextName = "SPRINGSECURITY"; private AuthorityGranter[] authorityGranters; private JaasAuthenticationCallbackHandler[] callbackHandlers; private ApplicationEventPublisher applicationEventPublisher; diff --git a/core/src/main/java/org/springframework/security/providers/jaas/JaasNameCallbackHandler.java b/core/src/main/java/org/springframework/security/providers/jaas/JaasNameCallbackHandler.java index 60f9d6d249..ac8f0d8c4a 100644 --- a/core/src/main/java/org/springframework/security/providers/jaas/JaasNameCallbackHandler.java +++ b/core/src/main/java/org/springframework/security/providers/jaas/JaasNameCallbackHandler.java @@ -28,7 +28,7 @@ import javax.security.auth.callback.UnsupportedCallbackException; /** * The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and - * PasswordCallback. The acegi security framework provides the JaasNameCallbackHandler specifically tailored to + * PasswordCallback. Spring Security provides the JaasNameCallbackHandler specifically tailored to * handling the NameCallback.
* * @author Ray Krueger diff --git a/core/src/main/java/org/springframework/security/providers/jaas/JaasPasswordCallbackHandler.java b/core/src/main/java/org/springframework/security/providers/jaas/JaasPasswordCallbackHandler.java index a2f0c56a14..ca80515d38 100644 --- a/core/src/main/java/org/springframework/security/providers/jaas/JaasPasswordCallbackHandler.java +++ b/core/src/main/java/org/springframework/security/providers/jaas/JaasPasswordCallbackHandler.java @@ -26,7 +26,7 @@ import javax.security.auth.callback.UnsupportedCallbackException; /** * The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and - * PasswordCallback. The acegi security framework provides the JaasPasswordCallbackHandler specifically tailored to + * PasswordCallback. Spring Security provides the JaasPasswordCallbackHandler specifically tailored to * handling the PasswordCallback.
* * @author Ray Krueger diff --git a/core/src/main/java/org/springframework/security/providers/jaas/LoginExceptionResolver.java b/core/src/main/java/org/springframework/security/providers/jaas/LoginExceptionResolver.java index da22500a32..2e4cd49700 100644 --- a/core/src/main/java/org/springframework/security/providers/jaas/LoginExceptionResolver.java +++ b/core/src/main/java/org/springframework/security/providers/jaas/LoginExceptionResolver.java @@ -22,7 +22,7 @@ import javax.security.auth.login.LoginException; /** * The JaasAuthenticationProvider takes an instance of LoginExceptionResolver - * to resolve LoginModule specific exceptions to Acegi exceptions. For + * to resolve LoginModule specific exceptions to Spring Security exceptions. For * instance, a configured login module could throw a * ScrewedUpPasswordException that extends LoginException, in this instance * the LoginExceptionResolver implementation would return a {@link diff --git a/core/src/main/java/org/springframework/security/providers/jaas/SecurityContextLoginModule.java b/core/src/main/java/org/springframework/security/providers/jaas/SecurityContextLoginModule.java index c5968fec7f..9a4c040e30 100644 --- a/core/src/main/java/org/springframework/security/providers/jaas/SecurityContextLoginModule.java +++ b/core/src/main/java/org/springframework/security/providers/jaas/SecurityContextLoginModule.java @@ -31,13 +31,14 @@ import javax.security.auth.spi.LoginModule; /** - * An implementation of {@link LoginModule} that uses an Acegi Security {@link + * An implementation of {@link LoginModule} that uses a Spring Security {@link * org.springframework.security.context.SecurityContext SecurityContext} to provide authentication.

This LoginModule * provides opposite functionality to the {@link JaasAuthenticationProvider} API, and should not really be used in * conjunction with it.

- *

The {@link JaasAuthenticationProvider} allows Acegi to authenticate against Jaas.

- *

The SecurityContextLoginModule allows a Jaas based application to authenticate against Acegi. If there is no - * Authentication in the {@link SecurityContextHolder} the login() method will throw a LoginException by default. + *

The {@link JaasAuthenticationProvider} allows Spring Security to authenticate against Jaas.

+ *

The SecurityContextLoginModule allows a Jaas based application to authenticate against Spring Security. + * If there is no Authentication in the {@link SecurityContextHolder} the login() method will throw a LoginException + * by default. * This functionality can be changed with the ignoreMissingAuthentication option by setting it to "true". * Setting ignoreMissingAuthentication=true will tell the SecurityContextLoginModule to simply return false and be * ignored if the authentication is null.

@@ -59,7 +60,7 @@ public class SecurityContextLoginModule implements LoginModule { //~ Methods ======================================================================================================== /** - * Abort the authentication process by forgetting the Acegi Security Authentication. + * Abort the authentication process by forgetting the Spring Security Authentication. * * @return true if this method succeeded, or false if this LoginModule should be ignored. * @@ -76,7 +77,7 @@ public class SecurityContextLoginModule implements LoginModule { } /** - * Authenticate the Subject (phase two) by adding the Acegi Security + * Authenticate the Subject (phase two) by adding the Spring Security * Authentication to the Subject's principals. * * @return true if this method succeeded, or false if this LoginModule should be ignored. @@ -103,7 +104,7 @@ public class SecurityContextLoginModule implements LoginModule { /** * Initialize this LoginModule. Ignores the callback handler, since the code establishing the - * LoginContext likely won't provide one that understands Acegi Security. Also ignores the + * LoginContext likely won't provide one that understands Spring Security. Also ignores the * sharedState and options parameters, since none are recognized. * * @param subject the Subject to be authenticated.

@@ -120,7 +121,7 @@ public class SecurityContextLoginModule implements LoginModule { } /** - * Authenticate the Subject (phase one) by extracting the Acegi Security + * Authenticate the Subject (phase one) by extracting the Spring Security * Authentication from the current SecurityContext. * * @return true if the authentication succeeded, or false if this LoginModule should be ignored. diff --git a/core/src/main/java/org/springframework/security/providers/ldap/authenticator/AbstractLdapAuthenticator.java b/core/src/main/java/org/springframework/security/providers/ldap/authenticator/AbstractLdapAuthenticator.java index c767ca21c2..df00cbe3eb 100644 --- a/core/src/main/java/org/springframework/security/providers/ldap/authenticator/AbstractLdapAuthenticator.java +++ b/core/src/main/java/org/springframework/security/providers/ldap/authenticator/AbstractLdapAuthenticator.java @@ -15,7 +15,7 @@ package org.springframework.security.providers.ldap.authenticator; -import org.springframework.security.AcegiMessageSource; +import org.springframework.security.SpringSecurityMessageSource; import org.springframework.security.ldap.InitialDirContextFactory; import org.springframework.security.ldap.LdapUserSearch; @@ -49,7 +49,7 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In /** Optional search object which can be used to locate a user when a simple DN match isn't sufficient */ private LdapUserSearch userSearch; - protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); + protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); /** * The suffix to be added to the DN patterns, worked out internally from the root DN of the configured diff --git a/core/src/main/java/org/springframework/security/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java b/core/src/main/java/org/springframework/security/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java index 1834cfcb1c..3aa6ebf67f 100644 --- a/core/src/main/java/org/springframework/security/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java +++ b/core/src/main/java/org/springframework/security/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java @@ -38,20 +38,27 @@ import javax.naming.directory.SearchControls; /** * The default strategy for obtaining user role information from the directory. - *

*

It obtains roles by performing a search for "groups" the user is a member of.

*

- *

* A typical group search scenario would be where each group/role is specified using the groupOfNames * (or groupOfUniqueNames) LDAP objectClass and the user's DN is listed in the member (or * uniqueMember) attribute to indicate that they should be assigned that role. The following LDIF sample has * the groups stored under the DN ou=groups,dc=springframework,dc=org and a group called "developers" with * "ben" and "marissa" as members: * 

- * dn: ou=groups,dc=springframework,dc=orgobjectClass: top
- * objectClass: organizationalUnitou: groupsdn: cn=developers,ou=groups,dc=springframework,dc=org
- * objectClass: groupOfNamesobjectClass: topcn: developersdescription: Acegi Security Developers
- * member: uid=ben,ou=people,dc=springframework,dc=orgmember: uid=marissa,ou=people,dc=springframework,dc=orgou: developer
+ * dn: ou=groups,dc=springframework,dc=org
+ * objectClass: top
+ * objectClass: organizationalUnit
+ * ou: groups
+ *
+ * dn: cn=developers,ou=groups,dc=springframework,dc=org
+ * objectClass: groupOfNameso
+ * objectClass: top
+ * cn: developers
+ * description: Spring Security Developers
+ * member: uid=ben,ou=people,dc=springframework,dc=org
+ * member: uid=marissa,ou=people,dc=springframework,dc=org
+ * ou: developer
  *
*

*

@@ -65,7 +72,7 @@ import javax.naming.directory.SearchControls; *

The configuration below shows how the group search might be performed with the above schema. * 

  * <bean id="ldapAuthoritiesPopulator"
- *         class="org.springframework.security.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
+ *       class="org.springframework.security.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
  *   <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
  *   <constructor-arg><value>ou=groups</value></constructor-arg>
  *   <property name="groupRoleAttribute"><value>ou</value></property>
diff --git a/core/src/main/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationProvider.java b/core/src/main/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationProvider.java
index 8fe5296e2b..9497035874 100644
--- a/core/src/main/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationProvider.java
@@ -15,7 +15,7 @@
 
 package org.springframework.security.providers.rememberme;
 
-import org.springframework.security.AcegiMessageSource;
+import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.BadCredentialsException;
@@ -47,7 +47,7 @@ public class RememberMeAuthenticationProvider implements AuthenticationProvider,
 
     //~ Instance fields ================================================================================================
 
-    protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
+    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
     private String key;
 
     //~ Methods ========================================================================================================
diff --git a/core/src/main/java/org/springframework/security/providers/x509/X509AuthenticationProvider.java b/core/src/main/java/org/springframework/security/providers/x509/X509AuthenticationProvider.java
index e55c8e7fdf..2c98128c3e 100644
--- a/core/src/main/java/org/springframework/security/providers/x509/X509AuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/providers/x509/X509AuthenticationProvider.java
@@ -15,7 +15,7 @@
 
 package org.springframework.security.providers.x509;
 
-import org.springframework.security.AcegiMessageSource;
+import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.BadCredentialsException;
@@ -53,7 +53,7 @@ public class X509AuthenticationProvider implements AuthenticationProvider, Initi
 
     //~ Instance fields ================================================================================================
 
-    protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
+    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
     private X509AuthoritiesPopulator x509AuthoritiesPopulator;
     private X509UserCache userCache = new NullX509UserCache();
 
diff --git a/core/src/main/java/org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulator.java b/core/src/main/java/org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulator.java
index 560fcbe460..5d14b6c2bd 100644
--- a/core/src/main/java/org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulator.java
+++ b/core/src/main/java/org/springframework/security/providers/x509/populator/DaoX509AuthoritiesPopulator.java
@@ -15,7 +15,7 @@
 
 package org.springframework.security.providers.x509.populator;
 
-import org.springframework.security.AcegiMessageSource;
+import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.BadCredentialsException;
 import org.springframework.security.AuthenticationServiceException;
@@ -53,7 +53,7 @@ public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, In
 
     //~ Instance fields ================================================================================================
 
-    protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
+    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
     private Pattern subjectDNPattern;
     private String subjectDNRegex = "CN=(.*?),";
     private UserDetailsService userDetailsService;
diff --git a/core/src/main/java/org/springframework/security/runas/RunAsImplAuthenticationProvider.java b/core/src/main/java/org/springframework/security/runas/RunAsImplAuthenticationProvider.java
index 5059468220..0edacd14bd 100644
--- a/core/src/main/java/org/springframework/security/runas/RunAsImplAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/runas/RunAsImplAuthenticationProvider.java
@@ -15,7 +15,7 @@
 
 package org.springframework.security.runas;
 
-import org.springframework.security.AcegiMessageSource;
+import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.BadCredentialsException;
@@ -41,7 +41,7 @@ import org.springframework.util.Assert;
 public class RunAsImplAuthenticationProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware {
     //~ Instance fields ================================================================================================
 
-    protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
+    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
     private String key;
 
     //~ Methods ========================================================================================================
diff --git a/core/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java b/core/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java
index 228789f256..297e7311fa 100644
--- a/core/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java
+++ b/core/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java
@@ -173,7 +173,7 @@ public class AuthorizeTag extends TagSupport {
      * returns a null string as the return value of {@link
      * org.springframework.security.GrantedAuthority#getAuthority()}.
      * 

-     * 
Reported by rawdave, on Fri Feb 04, 2005 2:11 pm in the Acegi Security System for Spring forums.

+     * 
Reported by rawdave, on Fri Feb 04, 2005 2:11 pm in the Spring Security forum.

      *
      * @param granted The authorities granted by the authentication. May be any implementation of {@link
      *        GrantedAuthority} that does not return null from {@link
diff --git a/core/src/main/java/org/springframework/security/taglibs/velocity/Authz.java b/core/src/main/java/org/springframework/security/taglibs/velocity/Authz.java
index a2af507fcc..4452fae922 100644
--- a/core/src/main/java/org/springframework/security/taglibs/velocity/Authz.java
+++ b/core/src/main/java/org/springframework/security/taglibs/velocity/Authz.java
@@ -29,7 +29,7 @@ import org.springframework.context.ApplicationContext;
 
 
 /**
- * Wrapper the implementation of Acegi Security for Spring JSP tag includes:
+ * Wrapper the implementation of Spring Security JSP tag includes:
  * {@link AuthenticationTag}, {@link AclTag}, {@link AuthorizeTag}
  *
  * @author Wang Qi
diff --git a/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
index 51d9bf4c12..a56b144d09 100644
--- a/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
@@ -15,7 +15,7 @@
 
 package org.springframework.security.ui;
 
-import org.springframework.security.AcegiMessageSource;
+import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.AuthenticationManager;
@@ -157,7 +157,7 @@ public abstract class AbstractProcessingFilter implements Filter, InitializingBe
 
 	protected final Log logger = LogFactory.getLog(this.getClass());
 
-	protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
+	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
 	private Properties exceptionMappings = new Properties();
 
diff --git a/core/src/main/java/org/springframework/security/ui/WebAuthenticationDetails.java b/core/src/main/java/org/springframework/security/ui/WebAuthenticationDetails.java
index 19cd113aa7..9a1566585b 100644
--- a/core/src/main/java/org/springframework/security/ui/WebAuthenticationDetails.java
+++ b/core/src/main/java/org/springframework/security/ui/WebAuthenticationDetails.java
@@ -42,7 +42,7 @@ public class WebAuthenticationDetails implements SessionIdentifierAware, Seriali
      *
      * 

      * NB: This constructor will cause a HttpSession to be created
-     * (this is considered reasonable as all Acegi Security authentication
+     * (this is considered reasonable as all Spring Security authentication
      * requests rely on HttpSession to store the
      * Authentication between requests
      * 

diff --git a/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java
index 1b43d46abe..63723f739e 100644
--- a/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java
@@ -61,7 +61,7 @@ import org.springframework.util.Assert;
  * which will prompt the user to authenticate again via BASIC authentication.

  *  
Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still
  * transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also
- * provided by Acegi Security and should be used instead of Basic authentication wherever possible. See {@link
+ * provided by Spring Security and should be used instead of Basic authentication wherever possible. See {@link
  * org.springframework.security.ui.digestauth.DigestProcessingFilter}.

  *  
Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me
  * details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as
diff --git a/core/src/main/java/org/springframework/security/ui/cas/ServiceProperties.java b/core/src/main/java/org/springframework/security/ui/cas/ServiceProperties.java
index 34e3aa0555..03e2f317ef 100644
--- a/core/src/main/java/org/springframework/security/ui/cas/ServiceProperties.java
+++ b/core/src/main/java/org/springframework/security/ui/cas/ServiceProperties.java
@@ -19,9 +19,10 @@ import org.springframework.beans.factory.InitializingBean;
 
 
 /**
- * Stores properties related to this CAS service.
Each web application capable of processing CAS tickets is known
- * as a service. This class stores the properties that are relevant to the local CAS service, being the application
- * that is being secured by the Acegi Security System for Spring.

+ * Stores properties related to this CAS service.
+ * 
Each web application capable of processing CAS tickets is known as a service.
+ * This class stores the properties that are relevant to the local CAS service, being the application
+ * that is being secured by Spring Security.

  *
  * @author Ben Alex
  * @version $Id$
@@ -41,9 +42,12 @@ public class ServiceProperties implements InitializingBean {
     }
 
     /**
-     * Represents the service the user is authenticating to.
This service is the callback URL belonging to
-     * the local Acegi Security System for Spring secured application. For example,

-     *  https://www.mycompany.com/application/j_spring_cas_security_check
+     * Represents the service the user is authenticating to.
+     * 
This service is the callback URL belonging to the local Spring Security System for Spring secured application.
+     * For example,
+     * 
+     * https://www.mycompany.com/application/j_spring_cas_security_check
+     * 

      *
      * @return the URL of the service the user is authenticating to
      */
diff --git a/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java
index b4232a4888..54319a8a83 100644
--- a/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/digestauth/DigestProcessingFilter.java
@@ -15,7 +15,7 @@
 
 package org.springframework.security.ui.digestauth;
 
-import org.springframework.security.AcegiMessageSource;
+import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.AuthenticationServiceException;
 import org.springframework.security.BadCredentialsException;
@@ -93,7 +93,7 @@ public class DigestProcessingFilter implements Filter, InitializingBean, Message
 
     private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
     private DigestProcessingFilterEntryPoint authenticationEntryPoint;
-    protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
+    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
     private UserCache userCache = new NullUserCache();
     private UserDetailsService userDetailsService;
     private boolean passwordAlreadyEncoded = false;
diff --git a/core/src/main/java/org/springframework/security/ui/rememberme/RememberMeServices.java b/core/src/main/java/org/springframework/security/ui/rememberme/RememberMeServices.java
index 5d59981554..a21a116f94 100644
--- a/core/src/main/java/org/springframework/security/ui/rememberme/RememberMeServices.java
+++ b/core/src/main/java/org/springframework/security/ui/rememberme/RememberMeServices.java
@@ -25,7 +25,7 @@ import javax.servlet.http.HttpServletResponse;
  * Implement by a class that is capable of providing a remember-me service.
  *
  * 

- * Acegi Security filters (namely {@link
+ * Spring Security filters (namely {@link
  * org.springframework.security.ui.AbstractProcessingFilter} and {@link
  * org.springframework.security.ui.rememberme.RememberMeProcessingFilter} will call
  * the methods provided by an implementation of this interface.
@@ -44,7 +44,7 @@ import javax.servlet.http.HttpServletResponse;
  * 

  * This interface does not define how remember-me services should offer a
  * "cancel all remember-me tokens" type capability, as this will be
- * implementation specific and requires no hooks into Acegi Security.
+ * implementation specific and requires no hooks into Spring Security.
  * 

  *
  * @author Ben Alex
@@ -55,14 +55,14 @@ public interface RememberMeServices {
 
     /**
      * This method will be called whenever the SecurityContextHolder does not contain an
-     * Authentication and the Acegi Security system wishes to provide an implementation with an
-     * opportunity to authenticate the request using remember-me capabilities. Acegi Security makes no attempt
+     * Authentication object and Spring Security wishes to provide an implementation with an
+     * opportunity to authenticate the request using remember-me capabilities. Spring Security makes no attempt
      * whatsoever to determine whether the browser has requested remember-me services or presented a valid cookie.
      * Such determinations are left to the implementation. If a browser has presented an unauthorised cookie for
      * whatever reason, it should be silently ignored and invalidated using the HttpServletResponse
      * object.
The returned Authentication must be acceptable to  {@link
-     * org.springframework.security.AuthenticationManager} or {@link org.springframework.security.providers.AuthenticationProvider} defined
-     * by the web application. It is recommended {@link
+     * org.springframework.security.AuthenticationManager} or
+     * {@link org.springframework.security.providers.AuthenticationProvider} defined by the web application. It is recommended {@link
      * org.springframework.security.providers.rememberme.RememberMeAuthenticationToken} be used in most cases, as it has a
      * corresponding authentication provider.

      *
diff --git a/core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java b/core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java
index ec3d555518..1912568ae4 100644
--- a/core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java
+++ b/core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java
@@ -106,7 +106,7 @@ public class TokenBasedRememberMeServices implements RememberMeServices, Initial
 
 	public static final String SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY = "SPRING_SECURITY_HASHED_REMEMBER_ME_COOKIE";
 
-	public static final String DEFAULT_PARAMETER = "_acegi_security_remember_me";
+	public static final String DEFAULT_PARAMETER = "_spring_security_remember_me";
 
 	protected static final Log logger = LogFactory.getLog(TokenBasedRememberMeServices.class);
 
diff --git a/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java
index 0009438ade..d76cf2d156 100644
--- a/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java
@@ -16,7 +16,7 @@
 package org.springframework.security.ui.switchuser;
 
 import org.springframework.security.AccountExpiredException;
-import org.springframework.security.AcegiMessageSource;
+import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.AuthenticationException;
@@ -70,7 +70,7 @@ import javax.servlet.http.HttpServletResponse;
 
 /**
  * Switch User processing filter responsible for user context switching.
This filter is similar to Unix 'su'
- * however for Acegi-managed web applications.  A common use-case for this feature is the ability to allow
+ * however for Spring Security-managed web applications.  A common use-case for this feature is the ability to allow
  * higher-authority users (i.e. ROLE_ADMIN) to switch to a regular user (i.e. ROLE_USER).

  *  
This filter assumes that the user performing the switch will be required to be logged in as normal (i.e.
  * ROLE_ADMIN user). The user will then access a page/controller that enables the administrator to specify who they
@@ -111,7 +111,7 @@ public class SwitchUserProcessingFilter implements Filter, InitializingBean, App
 
     private ApplicationEventPublisher eventPublisher;
     private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
-    protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
+    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
     private String exitUserUrl = "/j_spring_security_exit_user";
     private String switchUserUrl = "/j_spring_security_switch_user";
     private String targetUrl;
diff --git a/core/src/main/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilter.java
index a6fe7a57c6..fd52db4a77 100644
--- a/core/src/main/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilter.java
@@ -31,17 +31,17 @@ import javax.servlet.http.HttpServletResponse;
 
 
 /**
- * Extends Acegi's AuthenticationProcessingFilter to pick up CA/Netegrity Siteminder headers.
Also provides a
- * backup form-based authentication and the ability set source key names.

- *  
Siteminder must present two headers to this filter, a username and password. You must set the
+ * Extends Spring Security's AuthenticationProcessingFilter to pick up CA/Netegrity Siteminder headers.
+ * 
Also provides a backup form-based authentication and the ability set source key names.

+ * 
Siteminder must present two headers to this filter, a username and password. You must set the
  * header keys before this filter is used for authentication, otherwise Siteminder checks will be skipped. If the
  * Siteminder check is unsuccessful (i.e. if the headers are not found), then the form parameters will be checked (see
  * next paragraph). This allows applications to optionally function even when their Siteminder infrastructure is
  * unavailable, as is often the case during development.

- *  
Login forms must present two parameters to this filter: a username and password. If not
+ *  
Login forms must present two parameters to this filter: a username and password. If not
  * specified, the parameter names to use are contained in the static fields {@link #SPRING_SECURITY_FORM_USERNAME_KEY}
  * and {@link #SPRING_SECURITY_FORM_PASSWORD_KEY}.

- *  
Do not use this class directly. Instead, configure web.xml to use the {@link
+ *  
Do not use this class directly. Instead, configure web.xml to use the {@link
  * org.springframework.security.util.FilterToBeanProxy}.

  */
 public class SiteminderAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
@@ -66,7 +66,7 @@ public class SiteminderAuthenticationProcessingFilter extends AuthenticationProc
 
     //~ Constructors ===================================================================================================
 
-/**
+    /**
      * Basic constructor.
      */
     public SiteminderAuthenticationProcessingFilter() {
diff --git a/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilterEntryPoint.java b/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilterEntryPoint.java
index cf86dc0706..fa443573b4 100644
--- a/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilterEntryPoint.java
+++ b/core/src/main/java/org/springframework/security/ui/x509/X509ProcessingFilterEntryPoint.java
@@ -34,7 +34,7 @@ import org.apache.commons.logging.LogFactory;
  * 

  * Therefore this class isn't actually responsible for the commencement of
  * authentication, as it is in the case of other providers. It will be called if
- * the certificate was rejected by Acegi's X509AuthenticationProvider, resulting
+ * the certificate was rejected by Spring Security's X509AuthenticationProvider, resulting
  * in a null authentication.
  * 

  * The commence method will always return an
diff --git a/core/src/main/java/org/springframework/security/userdetails/UserDetails.java b/core/src/main/java/org/springframework/security/userdetails/UserDetails.java
index 28783d0317..1c9f419725 100644
--- a/core/src/main/java/org/springframework/security/userdetails/UserDetails.java
+++ b/core/src/main/java/org/springframework/security/userdetails/UserDetails.java
@@ -25,7 +25,7 @@ import java.io.Serializable;
  * Provides core user information.
  *
  * 

- * Implementations are not used directly by Acegi Security for security
+ * Implementations are not used directly by Spring Security for security
  * purposes. They simply store user information which is later encapsulated
  * into {@link Authentication} objects. This allows non-security related user
  * information (such as email addresses, telephone numbers etc) to be stored
diff --git a/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImpl.java b/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImpl.java
index 70b7c1f240..7b6d68e2cd 100755
--- a/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImpl.java
+++ b/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/RoleHierarchyImpl.java
@@ -51,7 +51,7 @@ import java.util.*;
  * Hierarchical Roles will dramatically shorten your access rules (and also make the access rules much more elegant).
  * 

  * 

- * Consider this access rule for Acegi's RoleVoter (background: every user that is authenticated should be
+ * Consider this access rule for Spring Security's RoleVoter (background: every user that is authenticated should be
  * able to log out):

  * /logout.html=ROLE_A,ROLE_B,ROLE_AUTHENTICATED

  * With hierarchical roles this can now be shortened to:

diff --git a/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsServiceWrapper.java b/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsServiceWrapper.java
index 01bf325f45..d512818d16 100755
--- a/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsServiceWrapper.java
+++ b/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsServiceWrapper.java
@@ -20,8 +20,8 @@ import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.springframework.dao.DataAccessException;
 
 /**
- * This class wraps Acegi's UserDetailsService in a way that its loadUserByUsername()
- * method returns wrapped UserDetails that return all hierachically reachable authorities
+ * This class wraps Spring Security's UserDetailsService in a way that its loadUserByUsername()
+ * method returns wrapped UserDetails that return all hierachically reachable authorities
  * instead of only the directly assigned authorities.
  *
  * @author Michael Mayr
diff --git a/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapper.java b/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapper.java
index a4ee70b84a..3ca0d3ec60 100755
--- a/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapper.java
+++ b/core/src/main/java/org/springframework/security/userdetails/hierarchicalroles/UserDetailsWrapper.java
@@ -18,9 +18,9 @@ import org.springframework.security.GrantedAuthority;
 import org.springframework.security.userdetails.UserDetails;
 
 /**
- * This class wraps Acegi's UserDetails in a way that its getAuthorities()-Method is
- * delegated to RoleHierarchy.getReachableGrantedAuthorities. All other methods are
- * delegated to the UserDetails implementation.
+ * This class wraps Spring Security's UserDetails in a way that its getAuthorities() method is
+ * delegated to RoleHierarchy.getReachableGrantedAuthorities. All other methods are
+ * delegated to the UserDetails implementation.
  *
  * @author Michael Mayr
  */
diff --git a/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcDaoImpl.java b/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcDaoImpl.java
index ebfd2984c0..089075f663 100644
--- a/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcDaoImpl.java
+++ b/core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcDaoImpl.java
@@ -17,7 +17,7 @@ package org.springframework.security.userdetails.jdbc;
 
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
-import org.springframework.security.AcegiMessageSource;
+import org.springframework.security.SpringSecurityMessageSource;
 
 import org.springframework.security.userdetails.User;
 import org.springframework.security.userdetails.UserDetails;
@@ -67,7 +67,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
 
     //~ Instance fields ================================================================================================
 
-    protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
+    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
     protected MappingSqlQuery authoritiesByUsernameMapping;
     protected MappingSqlQuery usersByUsernameMapping;
     private String authoritiesByUsernameQuery;
@@ -169,7 +169,7 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
     /**
      * Allows a default role prefix to be specified. If this is set to a non-empty value, then it is
      * automatically prepended to any roles read in from the db. This may for example be used to add the
-     * ROLE_ prefix expected to exist in role names (by default) by some other Acegi Security framework
+     * ROLE_ prefix expected to exist in role names (by default) by some other Spring Security
      * classes, in the case that the prefix is not already present in the db.
      *
      * @param rolePrefix the new prefix
diff --git a/core/src/main/java/org/springframework/security/util/FilterInvocationUtils.java b/core/src/main/java/org/springframework/security/util/FilterInvocationUtils.java
index 4347451d28..77c2fdf98f 100644
--- a/core/src/main/java/org/springframework/security/util/FilterInvocationUtils.java
+++ b/core/src/main/java/org/springframework/security/util/FilterInvocationUtils.java
@@ -31,7 +31,7 @@ import javax.servlet.ServletResponse;
 
 
 /**
- * Static utility methods for creating FilterInvocations usable within Acegi Security.
The generated
+ * Static utility methods for creating FilterInvocations usable within Spring Security.
The generated
  * FilterInvocation objects are not intended for use with AbstractSecurityInterceptor
  * subclasses. Instead they are generally used by WebInvocationPrivilegeEvaluator.

  *
diff --git a/core/src/main/java/org/springframework/security/util/InMemoryResource.java b/core/src/main/java/org/springframework/security/util/InMemoryResource.java
index db433955fd..dab9bda1c9 100644
--- a/core/src/main/java/org/springframework/security/util/InMemoryResource.java
+++ b/core/src/main/java/org/springframework/security/util/InMemoryResource.java
@@ -24,7 +24,7 @@ import java.io.InputStream;
 
 /**
  * An in memory implementation of Spring's {@link org.springframework.core.io.Resource} interface.
- * 
Used by the "Acegifier" web application to create a bean factory from an XML string, rather than a file.

+ * 
Used to create a bean factory from an XML string, rather than a file.

  *
  * @author Luke Taylor
  * @version $Id$
diff --git a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
index a234dc51fb..77a7a24b0d 100644
--- a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
+++ b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
@@ -26,8 +26,8 @@ import java.util.List;
 
 
 /**
- * Static utility methods for creating MethodInvocations usable within Acegi Security.
All methods
- * of this class return a {@link org.springframework.security.util.SimpleMethodInvocation}.

+ * Static utility methods for creating MethodInvocations usable within Spring Security.
+ * 
All methods of this class return a {@link org.springframework.security.util.SimpleMethodInvocation}.

  *
  * @author Ben Alex
  * @version $Id$
diff --git a/core/src/main/java/org/springframework/security/util/package.html b/core/src/main/java/org/springframework/security/util/package.html
index d845e7485f..cd32a17ca9 100644
--- a/core/src/main/java/org/springframework/security/util/package.html
+++ b/core/src/main/java/org/springframework/security/util/package.html
@@ -1,5 +1,5 @@
 
 
-General utility classes used throughout the Acegi Security System.
+General utility classes used throughout the Spring Security framework.
 
 
diff --git a/core/src/main/java/org/springframework/security/vote/AbstractAccessDecisionManager.java b/core/src/main/java/org/springframework/security/vote/AbstractAccessDecisionManager.java
index f3af5b433d..1e42b0bcf2 100644
--- a/core/src/main/java/org/springframework/security/vote/AbstractAccessDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/vote/AbstractAccessDecisionManager.java
@@ -20,7 +20,7 @@ import java.util.List;
 
 import org.springframework.security.AccessDecisionManager;
 import org.springframework.security.AccessDeniedException;
-import org.springframework.security.AcegiMessageSource;
+import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.ConfigAttribute;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.MessageSource;
@@ -43,7 +43,7 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
 
     private List decisionVoters;
 
-    protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
+    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
     private boolean allowIfAllAbstainDecisions = false;
 
diff --git a/core/src/main/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestWrapper.java b/core/src/main/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestWrapper.java
index 1b73c90432..dcf5cda6ed 100644
--- a/core/src/main/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestWrapper.java
+++ b/core/src/main/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestWrapper.java
@@ -31,7 +31,7 @@ import javax.servlet.http.HttpServletRequestWrapper;
 
 
 /**
- * An Acegi Security-aware HttpServletRequestWrapper, which uses the
+ * A Spring Security-aware HttpServletRequestWrapper, which uses the
  * SecurityContext-defined Authentication object for {@link
  * SecurityContextHolderAwareRequestWrapper#isUserInRole(java.lang.String)} and {@link
  * javax.servlet.http.HttpServletRequestWrapper#getRemoteUser()} responses.
diff --git a/core/src/main/java/org/springframework/security/wrapper/package.html b/core/src/main/java/org/springframework/security/wrapper/package.html
index 913908a2e0..839ab128c6 100644
--- a/core/src/main/java/org/springframework/security/wrapper/package.html
+++ b/core/src/main/java/org/springframework/security/wrapper/package.html
@@ -1,9 +1,9 @@
 
 
-Populates a Servlet request with a new Acegi Security compliant
+Populates a Servlet request with a new Spring Security compliant
 HttpServletRequestWrapper.
 
-
To use, simply add the ContextHolderAwareRequestFilter
+
To use, simply add the SecurityContextHolderAwareRequestFilter
 to web.xml.
 
 
diff --git a/core/src/main/resources/org/springframework/security/messages_fr.properties b/core/src/main/resources/org/springframework/security/messages_fr.properties
index 9bf8cf9d84..9ac4dbda26 100644
--- a/core/src/main/resources/org/springframework/security/messages_fr.properties
+++ b/core/src/main/resources/org/springframework/security/messages_fr.properties
@@ -1,4 +1,4 @@
-# Acegi security
+# Spring security
 # Messages in French
 # Translation by Laurent Pireyn (laurent.pireyn@pisolutions.eu)
 
diff --git a/core/src/main/resources/org/springframework/security/providers/dao/jdbc/acegisecurity-jdbc.xml b/core/src/main/resources/org/springframework/security/providers/dao/jdbc/acegisecurity-jdbc.xml
index 34cd583fe9..15d3e188bf 100644
--- a/core/src/main/resources/org/springframework/security/providers/dao/jdbc/acegisecurity-jdbc.xml
+++ b/core/src/main/resources/org/springframework/security/providers/dao/jdbc/acegisecurity-jdbc.xml
@@ -1,7 +1,7 @@
 
 
 
diff --git a/core/src/main/resources/org/springframework/security/taglibs/authz.tld b/core/src/main/resources/org/springframework/security/taglibs/authz.tld
index b4f29a7ca8..d556f89a06 100644
--- a/core/src/main/resources/org/springframework/security/taglibs/authz.tld
+++ b/core/src/main/resources/org/springframework/security/taglibs/authz.tld
@@ -8,7 +8,7 @@
 	authz
 	http://acegisecurity.org/authz
 	
-        Acegi Security Systems Authorization Tag Library
+        Spring Securitys Authorization Tag Library
 		$Id$
 	
 
diff --git a/core/src/site/site.xml b/core/src/site/site.xml
index 0e58bf1333..7d10d582cc 100644
--- a/core/src/site/site.xml
+++ b/core/src/site/site.xml
@@ -1,6 +1,6 @@
 
 
-
+
 
     
         

diff --git a/core/src/test/java/org/springframework/security/AcegiMessageSourceTests.java b/core/src/test/java/org/springframework/security/SpringSecurityMessageSourceTests.java
similarity index 79%
rename from core/src/test/java/org/springframework/security/AcegiMessageSourceTests.java
rename to core/src/test/java/org/springframework/security/SpringSecurityMessageSourceTests.java
index 4241fc74a7..fb4b357fa8 100644
--- a/core/src/test/java/org/springframework/security/AcegiMessageSourceTests.java
+++ b/core/src/test/java/org/springframework/security/SpringSecurityMessageSourceTests.java
@@ -24,27 +24,27 @@ import java.util.Locale;
 
 
 /**
- * Tests {@link org.springframework.security.AcegiMessageSource}.
+ * Tests {@link org.springframework.security.SpringSecurityMessageSource}.
  */
-public class AcegiMessageSourceTests extends TestCase {
+public class SpringSecurityMessageSourceTests extends TestCase {
     //~ Constructors ===================================================================================================
 
-    public AcegiMessageSourceTests() {
+    public SpringSecurityMessageSourceTests() {
         super();
     }
 
-    public AcegiMessageSourceTests(String arg0) {
+    public SpringSecurityMessageSourceTests(String arg0) {
         super(arg0);
     }
 
     //~ Methods ========================================================================================================
 
     public static void main(String[] args) {
-        junit.textui.TestRunner.run(AcegiMessageSourceTests.class);
+        junit.textui.TestRunner.run(SpringSecurityMessageSourceTests.class);
     }
 
     public void testOperation() {
-        AcegiMessageSource msgs = new AcegiMessageSource();
+        SpringSecurityMessageSource msgs = new SpringSecurityMessageSource();
         assertEquals("Proxy tickets are rejected", msgs.getMessage("RejectProxyTickets.reject", null, Locale.ENGLISH));
     }
 
@@ -54,7 +54,7 @@ public class AcegiMessageSourceTests extends TestCase {
         LocaleContextHolder.setLocale(Locale.ENGLISH);
 
         // Cause a message to be generated
-        MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
+        MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
         assertEquals("Missing mandatory digest value; received header FOOBAR",
             messages.getMessage("DigestProcessingFilter.missingMandatory", new Object[] {"FOOBAR"},
                 "ERROR - FAILED TO LOOKUP"));
diff --git a/core/src/test/java/org/springframework/security/adapters/AuthByAdapterTests.java b/core/src/test/java/org/springframework/security/adapters/AuthByAdapterTests.java
index 23ce6d770a..954a8c90a0 100644
--- a/core/src/test/java/org/springframework/security/adapters/AuthByAdapterTests.java
+++ b/core/src/test/java/org/springframework/security/adapters/AuthByAdapterTests.java
@@ -59,7 +59,7 @@ public class AuthByAdapterTests extends TestCase {
         AuthByAdapterProvider provider = new AuthByAdapterProvider();
         provider.setKey("my_password");
 
-        PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("my_password", "Test", "Password",
+        PrincipalSpringSecurityUserToken token = new PrincipalSpringSecurityUserToken("my_password", "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")},
                 null);
         assertTrue(provider.supports(token.getClass()));
@@ -75,7 +75,7 @@ public class AuthByAdapterTests extends TestCase {
             fail("Should have returned same type of object it was given");
         }
 
-        PrincipalAcegiUserToken castResponse = (PrincipalAcegiUserToken) response;
+        PrincipalSpringSecurityUserToken castResponse = (PrincipalSpringSecurityUserToken) response;
         assertEquals(token.getName(), castResponse.getName());
     }
 
@@ -120,8 +120,8 @@ public class AuthByAdapterTests extends TestCase {
         AuthByAdapterProvider provider = new AuthByAdapterProvider();
         provider.setKey("my_password");
 
-        // Should fail as PrincipalAcegiUserToken has different key
-        PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("wrong_password", "Test", "Password", null, null);
+        // Should fail as PrincipalSpringSecurityUserToken has different key
+        PrincipalSpringSecurityUserToken token = new PrincipalSpringSecurityUserToken("wrong_password", "Test", "Password", null, null);
 
         try {
             provider.authenticate(token);
diff --git a/core/src/test/java/org/springframework/security/adapters/HttpRequestIntegrationFilterTests.java b/core/src/test/java/org/springframework/security/adapters/HttpRequestIntegrationFilterTests.java
index cb6039700b..78ec99a873 100644
--- a/core/src/test/java/org/springframework/security/adapters/HttpRequestIntegrationFilterTests.java
+++ b/core/src/test/java/org/springframework/security/adapters/HttpRequestIntegrationFilterTests.java
@@ -58,7 +58,7 @@ public class HttpRequestIntegrationFilterTests extends TestCase {
 
     public void testCorrectOperation() throws Exception {
         HttpRequestIntegrationFilter filter = new HttpRequestIntegrationFilter();
-        PrincipalAcegiUserToken principal = new PrincipalAcegiUserToken("key", "someone", "password",
+        PrincipalSpringSecurityUserToken principal = new PrincipalSpringSecurityUserToken("key", "someone", "password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("SOME_ROLE")}, null);
 
         MockHttpServletRequest request = new MockHttpServletRequest();
@@ -69,12 +69,12 @@ public class HttpRequestIntegrationFilterTests extends TestCase {
 
         filter.doFilter(request, response, chain);
 
-        if (!(SecurityContextHolder.getContext().getAuthentication() instanceof PrincipalAcegiUserToken)) {
+        if (!(SecurityContextHolder.getContext().getAuthentication() instanceof PrincipalSpringSecurityUserToken)) {
             System.out.println(SecurityContextHolder.getContext().getAuthentication());
-            fail("Should have returned PrincipalAcegiUserToken");
+            fail("Should have returned PrincipalSpringSecurityUserToken");
         }
 
-        PrincipalAcegiUserToken castResult = (PrincipalAcegiUserToken) SecurityContextHolder.getContext()
+        PrincipalSpringSecurityUserToken castResult = (PrincipalSpringSecurityUserToken) SecurityContextHolder.getContext()
                                                                                             .getAuthentication();
         assertEquals(principal, castResult);
     }
diff --git a/core/src/test/java/org/springframework/security/adapters/PrincipalAcegiUserTokenTests.java b/core/src/test/java/org/springframework/security/adapters/PrincipalSpringSecurityUserTokenTests.java
similarity index 76%
rename from core/src/test/java/org/springframework/security/adapters/PrincipalAcegiUserTokenTests.java
rename to core/src/test/java/org/springframework/security/adapters/PrincipalSpringSecurityUserTokenTests.java
index 15b3036fdc..6339b40092 100644
--- a/core/src/test/java/org/springframework/security/adapters/PrincipalAcegiUserTokenTests.java
+++ b/core/src/test/java/org/springframework/security/adapters/PrincipalSpringSecurityUserTokenTests.java
@@ -22,34 +22,25 @@ import org.springframework.security.GrantedAuthorityImpl;
 
 
 /**
- * Tests {@link PrincipalAcegiUserToken}.
+ * Tests {@link PrincipalSpringSecurityUserToken}.
  *
  * @author Ben Alex
  * @version $Id$
  */
-public class PrincipalAcegiUserTokenTests extends TestCase {
+public class PrincipalSpringSecurityUserTokenTests extends TestCase {
     //~ Constructors ===================================================================================================
 
-    public PrincipalAcegiUserTokenTests() {
-        super();
+    public PrincipalSpringSecurityUserTokenTests() {
     }
 
-    public PrincipalAcegiUserTokenTests(String arg0) {
+    public PrincipalSpringSecurityUserTokenTests(String arg0) {
         super(arg0);
     }
 
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(PrincipalAcegiUserTokenTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
     public void testGetters() throws Exception {
-        PrincipalAcegiUserToken token = new PrincipalAcegiUserToken("my_password", "Test", "Password",
+        PrincipalSpringSecurityUserToken token = new PrincipalSpringSecurityUserToken("my_password", "Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")},
                 null);
         assertEquals("Test", token.getPrincipal());
@@ -59,7 +50,7 @@ public class PrincipalAcegiUserTokenTests extends TestCase {
     }
 
     public void testNoArgConstructorDoesntExist() {
-        Class clazz = PrincipalAcegiUserToken.class;
+        Class clazz = PrincipalSpringSecurityUserToken.class;
 
         try {
             clazz.getDeclaredConstructor((Class[]) null);
diff --git a/core/src/test/java/org/springframework/security/context/HttpSessionContextIntegrationFilterTests.java b/core/src/test/java/org/springframework/security/context/HttpSessionContextIntegrationFilterTests.java
index ab11a99f77..0a24310523 100644
--- a/core/src/test/java/org/springframework/security/context/HttpSessionContextIntegrationFilterTests.java
+++ b/core/src/test/java/org/springframework/security/context/HttpSessionContextIntegrationFilterTests.java
@@ -22,7 +22,7 @@ import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.MockFilterConfig;
 
-import org.springframework.security.adapters.PrincipalAcegiUserToken;
+import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -104,7 +104,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 
 	public void testExceptionWithinFilterChainStillClearsSecurityContextHolder() throws Exception {
 		// Build an Authentication object we simulate came from HttpSession
-		PrincipalAcegiUserToken sessionPrincipal = new PrincipalAcegiUserToken(
+		PrincipalSpringSecurityUserToken sessionPrincipal = new PrincipalSpringSecurityUserToken(
 				"key",
 				"someone",
 				"password",
@@ -149,7 +149,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 	public void testExistingContextContentsCopiedIntoContextHolderFromSessionAndChangesToContextCopiedBackToSession()
 			throws Exception {
 		// Build an Authentication object we simulate came from HttpSession
-		PrincipalAcegiUserToken sessionPrincipal = new PrincipalAcegiUserToken(
+		PrincipalSpringSecurityUserToken sessionPrincipal = new PrincipalSpringSecurityUserToken(
 				"key",
 				"someone",
 				"password",
@@ -158,7 +158,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 
 		// Build an Authentication object we simulate our Authentication changed
 		// it to
-		PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken(
+		PrincipalSpringSecurityUserToken updatedPrincipal = new PrincipalSpringSecurityUserToken(
 				"key", "someone", "password",
 				new GrantedAuthority[] { new GrantedAuthorityImpl(
 						"SOME_DIFFERENT_ROLE") }, null);
@@ -194,7 +194,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 
 	public void testHttpSessionCreatedWhenContextHolderChanges() throws Exception {
 		// Build an Authentication object we simulate our Authentication changed it to
-		PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken(
+		PrincipalSpringSecurityUserToken updatedPrincipal = new PrincipalSpringSecurityUserToken(
 				"key", "someone", "password",
 				new GrantedAuthority[] { new GrantedAuthorityImpl(
 						"SOME_DIFFERENT_ROLE") }, null);
@@ -260,7 +260,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 	public void testHttpSessionWithNonContextInWellKnownLocationIsOverwritten() throws Exception {
 		// Build an Authentication object we simulate our Authentication changed
 		// it to
-		PrincipalAcegiUserToken updatedPrincipal = new PrincipalAcegiUserToken(
+		PrincipalSpringSecurityUserToken updatedPrincipal = new PrincipalSpringSecurityUserToken(
 				"key", "someone", "password",
 				new GrantedAuthority[] { new GrantedAuthorityImpl(
 						"SOME_DIFFERENT_ROLE") }, null);
@@ -289,7 +289,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
 	}
 
 	public void testConcurrentThreadsLazilyChangeFilterAppliedValueToTrue() throws Exception {
-		PrincipalAcegiUserToken sessionPrincipal = new PrincipalAcegiUserToken(
+		PrincipalSpringSecurityUserToken sessionPrincipal = new PrincipalSpringSecurityUserToken(
 				"key",
 				"someone",
 				"password",
diff --git a/core/src/test/java/org/springframework/security/ldap/DefaultInitialDirContextFactoryTests.java b/core/src/test/java/org/springframework/security/ldap/DefaultInitialDirContextFactoryTests.java
index be0e8e1237..fc7d343c85 100644
--- a/core/src/test/java/org/springframework/security/ldap/DefaultInitialDirContextFactoryTests.java
+++ b/core/src/test/java/org/springframework/security/ldap/DefaultInitialDirContextFactoryTests.java
@@ -15,7 +15,7 @@
 
 package org.springframework.security.ldap;
 
-import org.springframework.security.AcegiMessageSource;
+import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.BadCredentialsException;
 import org.springframework.ldap.UncategorizedLdapException;
 
@@ -43,7 +43,7 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
     public void onSetUp() throws Exception {
         super.onSetUp();
         idf = getInitialDirContextFactory();
-        idf.setMessageSource(new AcegiMessageSource());
+        idf.setMessageSource(new SpringSecurityMessageSource());
     }
 
     @Test
@@ -57,15 +57,15 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
 
     @Test
     public void testBaseDnIsParsedFromCorrectlyFromUrl() {
-        idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/dc=springframework,dc=org");
+        idf = new DefaultInitialDirContextFactory("ldap://springsecurity.org/dc=springframework,dc=org");
         assertEquals("dc=springframework,dc=org", idf.getRootDn());
 
         // Check with an empty root
-        idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/");
+        idf = new DefaultInitialDirContextFactory("ldap://springsecurity.org/");
         assertEquals("", idf.getRootDn());
 
         // Empty root without trailing slash
-        idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org");
+        idf = new DefaultInitialDirContextFactory("ldap://springsecurity.org");
         assertEquals("", idf.getRootDn());
     }
 
@@ -125,12 +125,12 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapIntegratio
 
     @Test
     public void testEnvironment() {
-        idf = new DefaultInitialDirContextFactory("ldap://acegisecurity.org/");
+        idf = new DefaultInitialDirContextFactory("ldap://springsecurity.org/");
 
         // check basic env
         Hashtable env = idf.getEnvironment();
         //assertEquals("com.sun.jndi.ldap.LdapCtxFactory", env.get(Context.INITIAL_CONTEXT_FACTORY));
-        assertEquals("ldap://acegisecurity.org/", env.get(Context.PROVIDER_URL));
+        assertEquals("ldap://springsecurity.org/", env.get(Context.PROVIDER_URL));
         assertEquals("simple", env.get(Context.SECURITY_AUTHENTICATION));
         assertNull(env.get(Context.SECURITY_PRINCIPAL));
         assertNull(env.get(Context.SECURITY_CREDENTIALS));
diff --git a/core/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java b/core/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
index 8226e4249c..127f78a5c7 100644
--- a/core/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/ldap/LdapUtilsTests.java
@@ -60,14 +60,13 @@ public class LdapUtilsTests extends MockObjectTestCase {
             LdapUtils.getRelativeName("cn=jane,dc=springframework,dc=org", (Context) mockCtx.proxy()));
     }
 
-    public void testGetRelativeNameWorksWithArbitrarySpaces()
-        throws Exception {
+    public void testGetRelativeNameWorksWithArbitrarySpaces() throws Exception {
         Mock mockCtx = mock(DirContext.class);
 
-        mockCtx.expects(atLeastOnce()).method("getNameInNamespace").will(returnValue("dc=acegisecurity,dc = org"));
+        mockCtx.expects(atLeastOnce()).method("getNameInNamespace").will(returnValue("dc=springsecurity,dc = org"));
 
         assertEquals("cn=jane smith",
-            LdapUtils.getRelativeName("cn=jane smith, dc = acegisecurity , dc=org", (Context) mockCtx.proxy()));
+            LdapUtils.getRelativeName("cn=jane smith, dc = springsecurity , dc=org", (Context) mockCtx.proxy()));
     }
 
     public void testRootDnsAreParsedFromUrlsCorrectly() {
diff --git a/core/src/test/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticatorTests.java b/core/src/test/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticatorTests.java
index f9dee7f286..8aa6d74e9a 100644
--- a/core/src/test/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticatorTests.java
+++ b/core/src/test/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticatorTests.java
@@ -15,7 +15,7 @@
 
 package org.springframework.security.providers.ldap.authenticator;
 
-import org.springframework.security.AcegiMessageSource;
+import org.springframework.security.SpringSecurityMessageSource;
 import org.springframework.security.BadCredentialsException;
 import org.springframework.security.Authentication;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
@@ -48,7 +48,7 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
 
     public void onSetUp() {
         authenticator = new BindAuthenticator((InitialDirContextFactory) getContextSource());
-        authenticator.setMessageSource(new AcegiMessageSource());
+        authenticator.setMessageSource(new SpringSecurityMessageSource());
         bob = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
         ben = new UsernamePasswordAuthenticationToken("ben", "benspassword");
 
diff --git a/core/src/test/java/org/springframework/security/ui/digestauth/DigestProcessingFilterTests.java b/core/src/test/java/org/springframework/security/ui/digestauth/DigestProcessingFilterTests.java
index 58fc20bfd7..78091c4d14 100644
--- a/core/src/test/java/org/springframework/security/ui/digestauth/DigestProcessingFilterTests.java
+++ b/core/src/test/java/org/springframework/security/ui/digestauth/DigestProcessingFilterTests.java
@@ -63,7 +63,7 @@ public class DigestProcessingFilterTests extends MockObjectTestCase {
     private static final String NC = "00000002";
     private static final String CNONCE = "c822c727a648aba7";
     private static final String REALM = "The Actual, Correct Realm Name";
-    private static final String KEY = "acegi";
+    private static final String KEY = "springsecurity";
     private static final String QOP = "auth";
     private static final String USERNAME = "marissa,ok";
     private static final String PASSWORD = "koala";
diff --git a/core/src/test/java/org/springframework/security/util/StringSplitUtilsTests.java b/core/src/test/java/org/springframework/security/util/StringSplitUtilsTests.java
index fc1dd376de..ff488d7eff 100644
--- a/core/src/test/java/org/springframework/security/util/StringSplitUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/util/StringSplitUtilsTests.java
@@ -51,14 +51,14 @@ public class StringSplitUtilsTests extends TestCase {
 
     public void testSplitEachArrayElementAndCreateMapNormalOperation() {
         // note it ignores malformed entries (ie those without an equals sign)
-        String unsplit = "username=\"marissa\", invalidEntryThatHasNoEqualsSign, realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/acegi-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\"";
+        String unsplit = "username=\"marissa\", invalidEntryThatHasNoEqualsSign, realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\"";
         String[] headerEntries = StringUtils.commaDelimitedListToStringArray(unsplit);
         Map headerMap = StringSplitUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\"");
 
         assertEquals("marissa", headerMap.get("username"));
         assertEquals("Contacts Realm", headerMap.get("realm"));
         assertEquals("MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==", headerMap.get("nonce"));
-        assertEquals("/acegi-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4",
+        assertEquals("/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4",
                 headerMap.get("uri"));
         assertEquals("38644211cf9ac3da63ab639807e2baff", headerMap.get("response"));
         assertEquals("auth", headerMap.get("qop"));
@@ -68,14 +68,14 @@ public class StringSplitUtilsTests extends TestCase {
     }
 
     public void testSplitEachArrayElementAndCreateMapRespectsInstructionNotToRemoveCharacters() {
-        String unsplit = "username=\"marissa\", realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/acegi-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\"";
+        String unsplit = "username=\"marissa\", realm=\"Contacts Realm\", nonce=\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\", uri=\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\", response=\"38644211cf9ac3da63ab639807e2baff\", qop=auth, nc=00000004, cnonce=\"2b8d329a8571b99a\"";
         String[] headerEntries = StringUtils.commaDelimitedListToStringArray(unsplit);
         Map headerMap = StringSplitUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", null);
 
         assertEquals("\"marissa\"", headerMap.get("username"));
         assertEquals("\"Contacts Realm\"", headerMap.get("realm"));
         assertEquals("\"MTEwOTAyMzU1MTQ4NDo1YzY3OWViYWM5NDNmZWUwM2UwY2NmMDBiNDQzMTQ0OQ==\"", headerMap.get("nonce"));
-        assertEquals("\"/acegi-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\"",
+        assertEquals("\"/spring-security-sample-contacts-filter/secure/adminPermission.htm?contactId=4\"",
                 headerMap.get("uri"));
         assertEquals("\"38644211cf9ac3da63ab639807e2baff\"", headerMap.get("response"));
         assertEquals("auth", headerMap.get("qop"));
diff --git a/jalopy.xml b/jalopy.xml
index a64f486f7a..1088d0667a 100644
--- a/jalopy.xml
+++ b/jalopy.xml
@@ -5,7 +5,7 @@
 14
 
 
 
diff --git a/lib/clover/license.txt b/lib/clover/license.txt
index 20eb561980..91db22aceb 100644
--- a/lib/clover/license.txt
+++ b/lib/clover/license.txt
@@ -1,4 +1,4 @@
-Cenque has supported the Acegi Security System for Spring project with a free
+Cenque has supported Spring Security project with a free
 Team Edition license of Clover.
 
 We thank Cenqua for their support.
diff --git a/notice.txt b/notice.txt
index ba0ab15ee4..fea3e810e6 100644
--- a/notice.txt
+++ b/notice.txt
@@ -1,19 +1,18 @@
    ======================================================================
    == NOTICE file corresponding to section 4(d) of the Apache License, ==
-   == Version 2.0, in this case for the Acegi Security System for      ==
-   == Spring distribution.                                             ==
+   == Version 2.0, in this case for the Spring Security distribution.  ==
    ======================================================================
 
    The end-user documentation included with a redistribution, if any,
    must include the following acknowledgement:
 
-     "This product includes software developed by the Acegi Security
-      System for Spring Project (http://acegisecurity.org)."
+     "This product includes software developed by Spring Security
+      Project (http://acegisecurity.org)."
 
    Alternately, this acknowledgement may appear in the software itself,
    if and wherever such third-party acknowledgements normally appear.
 
-   The names "Acegi", "Acegi Security System" and "Acegi Security System
-   for Spring" must not be used to endorse or promote products derived
+   The names "Spring", "Spring Security" and "Spring Security System" 
+   must not be used to endorse or promote products derived
    from this software without prior written permission. For written
    permission, please contact ben.alex@acegi.com.au.
diff --git a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
index 5a36253137..b2ec97c500 100755
--- a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
+++ b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
@@ -54,7 +54,7 @@ import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
 
 /**
- * A clean-room implementation for Acegi Security System of an NTLM HTTP filter
+ * A clean-room implementation for Spring Security of an NTLM HTTP filter
  * leveraging the JCIFS library.
  * 

  * NTLM is a Microsoft-developed protocol providing single sign-on capabilities
@@ -64,13 +64,13 @@ import org.springframework.util.Assert;
  * A web application can then reuse the user's Windows credentials without
  * having to ask for them again.
  * 

- * Because NTLM only provides the username of the Windows client, an Acegi
+ * Because NTLM only provides the username of the Windows client, a Spring
  * Security NTLM deployment must have a UserDetailsService that
  * provides a UserDetails object with the empty string as the
  * password and whatever GrantedAuthority values necessary to
  * pass the FilterSecurityInterceptor.
  * 

- * The Acegi Security bean configuration file must also place the
+ * The Spring Security bean configuration file must also place the
  * ExceptionTranslationFilter before this filter in the
  * FilterChainProxy definition.
  *
@@ -83,7 +83,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
 
 	private static Log	logger = LogFactory.getLog(NtlmProcessingFilter.class);
 
-	private static final String	STATE_ATTR = "AcegiNtlm";
+	private static final String	STATE_ATTR = "SpringSecurityNtlm";
 	private static final String	CHALLENGE_ATTR = "NtlmChal";
 	private static final Integer BEGIN = new Integer(0);
 	private static final Integer NEGOTIATE = new Integer(1);
@@ -328,7 +328,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
 				this.logon(session, dcAddress, auth);
 				session.setAttribute(STATE_ATTR, COMPLETE);
 
-				// Do not reauthenticate the user in Acegi during an IE POST
+				// Do not reauthenticate the user in Spring Security during an IE POST
 				final Authentication myCurrentAuth = SecurityContextHolder.getContext().getAuthentication();
 				if (myCurrentAuth == null || myCurrentAuth instanceof AnonymousAuthenticationToken) {
 					logger.debug("Authenticating user credentials");
@@ -408,7 +408,7 @@ public class NtlmProcessingFilter extends HttpFilter implements InitializingBean
 	}
 
 	/**
-	 * Authenticates the user credentials acquired from NTLM against the Acegi
+	 * Authenticates the user credentials acquired from NTLM against the Spring
 	 * Security AuthenticationManager.
 	 *
 	 * @param request the HttpServletRequest object.
diff --git a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmUsernamePasswordAuthenticationToken.java b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmUsernamePasswordAuthenticationToken.java
index 8612993af5..c92d05d0bb 100755
--- a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmUsernamePasswordAuthenticationToken.java
+++ b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmUsernamePasswordAuthenticationToken.java
@@ -31,7 +31,7 @@ public class NtlmUsernamePasswordAuthenticationToken extends UsernamePasswordAut
 	private static final long serialVersionUID = 1L;
 	
 	/**
-	 * ACEGI often checks password ; but we do not have one. This is the replacement password 
+	 * Spring Security often checks password ; but we do not have one. This is the replacement password 
 	 */
 	public static final String DEFAULT_PASSWORD = "";
 
diff --git a/ntlm/web.xml b/ntlm/web.xml
index b9bd1f10ec..034cc391f5 100755
--- a/ntlm/web.xml
+++ b/ntlm/web.xml
@@ -1,10 +1,10 @@
 
 
-	Acegi NTLM
+	Spring Security NTLM
 
 
-
-
+
+
 	
 		contextConfigLocation
 		/WEB-INF/applicationContext.xml
@@ -15,9 +15,9 @@
 		/WEB-INF/log4j.properties
 	
 
-
+
 	
-		Acegi Filter Chain Proxy
+		Spring Security Filter Chain Proxy
 		org.springframework.security.util.FilterToBeanProxy
 		
 			targetClass
@@ -26,7 +26,7 @@
 	
 
 	
-		Acegi Filter Chain Proxy
+		Spring Security Filter Chain Proxy
 		/**
 	
 
@@ -41,7 +41,7 @@
 		org.springframework.web.util.Log4jConfigListener
 	
 
-
+
 	
 		org.springframework.security.ui.session.HttpSessionEventPublisher
 	
diff --git a/readme.txt b/readme.txt
index 4f81c6aa49..020f577beb 100644
--- a/readme.txt
+++ b/readme.txt
@@ -1,12 +1,12 @@
 ===============================================================================
-              ACEGI SECURITY SYSTEM FOR SPRING - README FILE
+                    SPRING SECURITY - README FILE
 ===============================================================================
 
 -------------------------------------------------------------------------------
 OVERVIEW
 -------------------------------------------------------------------------------
 
-The Acegi Security System for Spring provides security services for 
+Spring Security provides security services for
 The Spring Framework (http://www.springframework.org).
 
 For a detailed list of features and access to the latest release, please visit
@@ -22,7 +22,7 @@ JAR files are no longer signed. They were signed in releases 1.0.0 and earlier.
 BUILDING
 -------------------------------------------------------------------------------
 
-Acegi Security is built using Maven. Please read the "Building with Maven" page
+Spring Security is built using Maven. Please read the "Building" page
 at http://acegisecurity.org. This page is also included in the /docs directory
 of official release ZIPs.
 
@@ -38,7 +38,7 @@ ZIPs.
 DOCUMENTATION
 -------------------------------------------------------------------------------
 
-http://acegisecurity.org has a wide range of articles about Acegi Security,
+http://acegisecurity.org has a wide range of articles about Spring Security,
 including links to external resources. A copy of this web site is included in
 the /docs directory of official release ZIPs.
 
@@ -50,12 +50,12 @@ The core JavaDocs can be found in /docs/multiproject/acegi-security/apidocs/.
 OBTAINING SUPPORT
 -------------------------------------------------------------------------------
 
-If you need any help, please use the Acegi Security System for Spring forum
+If you need any help, please use the Spring Security forum
 located at the Spring Community's forum site: 
 
   http://forum.springframework.org
 
-If you start using Acegi Security in your project, please consider joining
+If you start using Spring Security in your project, please consider joining
 the acegisecurity-developer mailing list. This is currently the best way to
 keep informed about the project's status and provide feedback in design 
 discussions. You can join at:
diff --git a/samples/contacts/client/client.properties b/samples/contacts/client/client.properties
index 8105a5e49b..00e0fadf67 100644
--- a/samples/contacts/client/client.properties
+++ b/samples/contacts/client/client.properties
@@ -5,5 +5,5 @@
 
 serverName=localhost
 httpPort=8080
-contextPath=/acegi-security-sample-contacts-filter
+contextPath=/spring-security-sample-contacts-filter
 rmiPort=1099
diff --git a/samples/contacts/src/main/webapp/WEB-INF/web.xml b/samples/contacts/src/main/webapp/WEB-INF/web.xml
index e98a9ccbae..7f9d88b18c 100644
--- a/samples/contacts/src/main/webapp/WEB-INF/web.xml
+++ b/samples/contacts/src/main/webapp/WEB-INF/web.xml
@@ -46,7 +46,7 @@
 
 
    
-        Acegi Filter Chain Proxy
+        Spring Security Filter Chain Proxy
         org.springframework.security.util.FilterToBeanProxy
         
             targetClass
@@ -55,7 +55,7 @@
    
 
     
-      Acegi Filter Chain Proxy
+      Spring Security Filter Chain Proxy
       /*
     
 
diff --git a/samples/contacts/src/site/resources/sslhowto.txt b/samples/contacts/src/site/resources/sslhowto.txt
index 5745cf03ea..add60a2e93 100644
--- a/samples/contacts/src/site/resources/sslhowto.txt
+++ b/samples/contacts/src/site/resources/sslhowto.txt
@@ -9,7 +9,7 @@ might find the troubleshooting section at the end helpful).
 
 The following demonstrates how to create a self-signed certificate and add
 it to the cacerts file. If you just want to use the certificate we have
-already created and shipped with the Acegi Security System for Spring, you
+already created and shipped with Spring Security, you
 can skip directly to step 3.
 
 
@@ -18,7 +18,7 @@ can skip directly to step 3.
 What is your first and last name?
   [Unknown]:  localhost
 What is the name of your organizational unit?
-  [Unknown]:  Acegi Security System for Spring
+  [Unknown]:  Spring Security
 What is the name of your organization?
   [Unknown]:  TEST CERTIFICATE ONLY. DO NOT USE IN PRODUCTION.
 What is the name of your City or Locality?
@@ -27,7 +27,7 @@ What is the name of your State or Province?
   [Unknown]:
 What is the two-letter country code for this unit?
   [Unknown]:
-Is CN=localhost, OU=Acegi Security System for Spring, O=TEST CERTIFICATE ONLY. D
+Is CN=localhost, OU=Spring Security, O=TEST CERTIFICATE ONLY. D
 O NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown correct?
   [no]:  yes
 
@@ -47,9 +47,9 @@ O NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown correct?
 
 6. keytool -import -v -file acegisecurity.txt -keypass password -keystore cacerts -storepass changeit -alias acegisecurity
 
-Owner: CN=localhost, OU=Acegi Security System for Spring, O=TEST CERTIFICATE ONL
+Owner: CN=localhost, OU=Spring Security, O=TEST CERTIFICATE ONL
 Y. DO NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown
-Issuer: CN=localhost, OU=Acegi Security System for Spring, O=TEST CERTIFICATE ON
+Issuer: CN=localhost, OU=Spring Security, O=TEST CERTIFICATE ON
 LY. DO NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown
 Serial number: 4080daf4
 Valid from: Sat Apr 17 07:21:24 GMT 2004 until: Tue Sep 02 07:21:24 GMT 2031
diff --git a/samples/tutorial/src/main/webapp/WEB-INF/web.xml b/samples/tutorial/src/main/webapp/WEB-INF/web.xml
index 82632e0430..882105418c 100644
--- a/samples/tutorial/src/main/webapp/WEB-INF/web.xml
+++ b/samples/tutorial/src/main/webapp/WEB-INF/web.xml
@@ -25,7 +25,7 @@
 	
 
     
-        Acegi Filter Chain Proxy
+        Spring Security Filter Chain Proxy
         org.springframework.security.util.FilterToBeanProxy
         
             targetClass
@@ -34,7 +34,7 @@
     
 
     
-      Acegi Filter Chain Proxy
+      Spring Security Filter Chain Proxy
       /*
     
 
diff --git a/sandbox/spring-security-config/src/main/java/org/springframework/security/util/package.html b/sandbox/spring-security-config/src/main/java/org/springframework/security/util/package.html
deleted file mode 100644
index d845e7485f..0000000000
--- a/sandbox/spring-security-config/src/main/java/org/springframework/security/util/package.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-General utility classes used throughout the Acegi Security System.
-
-
diff --git a/src-readme.txt b/src-readme.txt
index aa52c7e3ff..cec12ea854 100644
--- a/src-readme.txt
+++ b/src-readme.txt
@@ -1,12 +1,12 @@
 ===============================================================================
-              ACEGI SECURITY SYSTEM FOR SPRING - README FILE
+              SPRING SECURITY - README FILE
 ===============================================================================
 
 -------------------------------------------------------------------------------
 OVERVIEW
 -------------------------------------------------------------------------------
 
-The Acegi Security System for Spring provides security services for 
+Spring Security System provides security services for
 The Spring Framework (http://www.springframework.org).
 
 For a detailed list of features and access to the latest release, please visit
@@ -16,10 +16,10 @@ http://acegisecurity.org.
 SOURCE RELEASES
 -------------------------------------------------------------------------------
 
-If you have downloaded an acegi-security-xx-src.zip, you will NOT be able to
+If you have downloaded a spring-security-xx-src.zip, you will NOT be able to
 compile the project. The -src releases are intended for source code review
-and IDE integration only. If you wish to use Acegi Security, you must download
-the full release or compile it from CVS. See the "Building with Maven" page
+and IDE integration only. If you wish to use Spring Security, you must download
+the full release or compile it from CVS. See the "Building" page
 at http://acegisecurity.org for further details. There is also a "Download"
 link if you would prefer to download an already compiled release.
 
@@ -27,12 +27,12 @@ link if you would prefer to download an already compiled release.
 OBTAINING SUPPORT
 -------------------------------------------------------------------------------
 
-If you need any help, please use the Acegi Security System for Spring forum
-located at the Spring Community's forum site: 
+If you need any help, please use the Spring Security forum located at the
+Spring Community's forum site:
 
   http://forum.springframework.org
 
-If you start using Acegi Security in your project, please consider joining
+If you start using Spring Security in your project, please consider joining
 the acegisecurity-developer mailing list. This is currently the best way to
 keep informed about the project's status and provide feedback in design 
 discussions. You can join at:
diff --git a/src/docbkx/resources/xsl/spring-security-docbook-fopdf.xsl b/src/docbkx/resources/xsl/spring-security-docbook-fopdf.xsl
index 9e639fc060..2acee094d5 100644
--- a/src/docbkx/resources/xsl/spring-security-docbook-fopdf.xsl
+++ b/src/docbkx/resources/xsl/spring-security-docbook-fopdf.xsl
@@ -111,7 +111,7 @@
 		
 		
 			
-				Acegi Security 
+				Spring Security 
 			
 		
 		
diff --git a/src/docbkx/springsecurity.xml b/src/docbkx/springsecurity.xml
index d307c483dc..0190cc2737 100644
--- a/src/docbkx/springsecurity.xml
+++ b/src/docbkx/springsecurity.xml
@@ -23,7 +23,7 @@
 -->
 
   
-    Acegi Security
+    Spring Security
 
     Reference Documentation
 
@@ -43,7 +43,7 @@
   
     Preface
 
-    Acegi Security provides a comprehensive security solution for
+    Spring Security provides a comprehensive security solution for
     J2EE-based enterprise software applications. As you will discover as you
     venture through this reference guide, we have tried to provide you a
     useful and highly configurable security system.
@@ -70,7 +70,7 @@
     real-time. Moving to the higher layers, your Java Virtual Machine will
     hopefully be configured to minimize the permissions granted to different
     Java types, and then your application will add its own problem
-    domain-specific security configuration. Acegi Security makes this latter
+    domain-specific security configuration. Spring Security makes this latter
     area - application security - much easier.
 
     Of course, you will need to properly address all security layers
@@ -81,7 +81,7 @@
     performance benchmarking, load monitoring, centralised logging, incident
     response procedures etc.
 
-    With Acegi Security being focused on helping you with the enterprise
+    With Spring Security being focused on helping you with the enterprise
     application security layer, you will find that there are as many different
     requirements as there are business problem domains. A banking application
     has different needs from an ecommerce application. An ecommerce
@@ -90,7 +90,7 @@
     challenging and rewarding.
 
     This reference guide has been largely restructured for the 1.0.0
-    release of Acegi Security. Please read Part I, Overall Architecture, in its
     entirety. The remaining parts of the reference guide are structured in a
     more traditional reference style, designed to be read on an as-required
@@ -99,7 +99,7 @@
     We hope that you find this reference guide useful, and we welcome
     your feedback and suggestions.
 
-    Finally, welcome to the Acegi Security Finally, welcome to the Spring Security community.
   
 
@@ -107,11 +107,11 @@
     Overall Architecture
 
     
-      Like most software, Acegi Security has certain central interfaces,
+      Like most software, Spring Security has certain central interfaces,
       classes and conceptual abstractions that are commonly used throughout
       the framework. In this part of the reference guide we will introduce
-      Acegi Security, before examining these central elements that are
-      necessary to successfully planning and executing an Acegi Security
+      Spring Security, before examining these central elements that are
+      necessary to successfully planning and executing a Spring Security
       integration.
     
 
@@ -119,26 +119,26 @@
       Introduction
 
       
-        What is Acegi Security?
+        What is Spring Security?
 
-        Acegi Security provides comprehensive security services for
+        Spring Security provides comprehensive security services for
         J2EE-based enterprise software applications. There is a particular
         emphasis on supporting projects built using The Spring Framework,
         which is the leading J2EE solution for enterprise software
         development. If you're not using Spring for developing enterprise
         applications, we warmly encourage you to take a closer look at it.
         Some familiarity with Spring - and in particular dependency injection
-        principles - will help you get up to speed with Acegi Security more
+        principles - will help you get up to speed with Spring Security more
         easily.
 
-        People use Acegi Security for many reasons, but most are drawn
+        People use Spring Security for many reasons, but most are drawn
         to the project after finding the security features of J2EE's Servlet
         Specification or EJB Specification lack the depth required for typical
         enterprise application scenarios. Whilst mentioning these standards,
         it's important to recognise that they are not portable at a WAR or EAR
         level. Therefore, if you switch server environments, it is typically a
         lot of work to reconfigure your application's security in the new
-        target environment. Using Acegi Security overcomes these problems, and
+        target environment. Using Spring Security overcomes these problems, and
         also brings you dozens of other useful, entirely customisable security
         features.
 
@@ -151,14 +151,14 @@
         your application. To arrive at the point where an authorization
         decision is needed, the identity of the principal has already been
         established by the authentication process. These concepts are common,
-        and not at all specific to Acegi Security.
+        and not at all specific to Spring Security.
 
-        At an authentication level, Acegi Security supports a wide range
+        At an authentication level, Spring Security supports a wide range
         of authentication models. Most of these authentication models are
         either provided by third parties, or are developed by relevant
         standards bodies such as the Internet Engineering Task Force. In
-        addition, Acegi Security provides its own set of authentication
-        features. Specifically, Acegi Security currently supports
+        addition, Spring Security provides its own set of authentication
+        features. Specifically, Spring Security currently supports
         authentication with all of these technologies:
 
         
@@ -233,16 +233,16 @@
           
         
 
-        Many independent software vendors (ISVs) adopt Acegi Security
+        Many independent software vendors (ISVs) adopt Spring Security
         because of this rich choice of authentication models. Doing so allows
         them to quickly integrate their solutions with whatever their end
         clients need, without undertaking a lot of engineering or requiring
         the client to change their environment. If none of the above
-        authentication mechanisms suit your needs, Acegi Security is an open
+        authentication mechanisms suit your needs, Spring Security is an open
         platform and it is quite simple to write your own authentication
-        mechanism. Many corporate users of Acegi Security need to integrate
+        mechanism. Many corporate users of Spring Security need to integrate
         with "legacy" systems that don't follow any particular security
-        standards, and Acegi Security is happy to "play nicely" with such
+        standards, and Spring Security is happy to "play nicely" with such
         systems.
 
         Sometimes the mere process of authentication isn't enough.
@@ -255,17 +255,17 @@
         This is especially helpful to protect password recovery processes from
         brute force attacks, or simply to make it harder for people to
         duplicate your application's key content. To help you achieve these
-        goals, Acegi Security fully supports automatic "channel security",
+        goals, Spring Security fully supports automatic "channel security",
         together with JCaptcha integration for human user detection.
 
-        Irrespective of how authentication was undertaken, Acegi
+        Irrespective of how authentication was undertaken, Spring
         Security provides a deep set of authorization capabilities. There are
         three main areas of interest in respect of authorization, these being
         authorizing web requests, authorizing methods can be invoked, and
         authorizing access to individual domain object instances. To help you
         understand the differences, consider the authorization capabilities
         found in the Servlet Specification web pattern security, EJB Container
-        Managed Security and file system security respectively. Acegi Security
+        Managed Security and file system security respectively. Spring Security
         provides deep capabilities in all of these important areas, which
         we'll explore later in this reference guide.
       
@@ -273,13 +273,13 @@
       
         History
 
-        Acegi Security began in late 2003, when a question was posed on
-        the Spring Developers' mailing list asking whether there had been any
-        consideration given to a Spring-based security implementation. At the
-        time the Spring community was relatively small (especially by today's
-        size!), and indeed Spring itself had only existed as a SourceForge
-        project from early 2003. The response to the question was that it was
-        a worthwhile area, although a lack of time currently prevented its
+        Spring Security began in late 2003 as "The Acegi Security System for Spring".
+        A question was posed on the Spring Developers' mailing list asking 
+        whether there had been any consideration given to a Spring-based security
+        implementation. At the time the Spring community was relatively small
+        (especially by today's size!), and indeed Spring itself had only existed
+        as a SourceForge project from early 2003. The response to the question
+        was that it was a worthwhile area, although a lack of time currently prevented its
         exploration.
 
         With that in mind, a simple security implementation was built
@@ -301,14 +301,18 @@
         misconfiguration.
 
         Acegi Security-specific authentication services were
-        subsequently introduced. Around a year later, the Acegi Security
+        subsequently introduced. Around a year later, Acegi Security
         became an official Spring Framework subproject. The 1.0.0 final
         release was published in May 2006 - after more than two and a half
         years of active use in numerous production software projects and many
         hundreds of improvements and community contributions.
 
-        Today Acegi Security enjoys a strong and active open source
-        community. There are thousands of messages about Acegi Security on the
+        Since work began on the 2.0 release, the project has been
+        rebranded as "Spring Security".
+        
+
+        Today Spring Security enjoys a strong and active open source
+        community. There are thousands of messages about Spring Security on the
         support forums. Fourteen developers work on the code itself, with an
         active community who also regularly share patches and support their
         peers.
@@ -317,7 +321,7 @@
       
         Release Numbering
 
-        It is useful to understand how Acegi Security release numbers
+        It is useful to understand how Spring Security release numbers
         work, as it will help you identify the effort (or lack thereof)
         involved in migrating to future releases of the project. Officially,
         we use the Apache Portable Runtime Project versioning guidelines,
@@ -340,19 +344,19 @@
       
         Runtime Environment
 
-        Acegi Security is written to execute within a standard Java 1.3
+        Spring Security is written to execute within a standard Java 1.3
         Runtime Environment. It also supports Java 5.0, although the Java
         types which are specific to this release are packaged in a separate
-        package with the suffix "tiger" in their JAR filename. As Acegi
+        package with the suffix "tiger" in their JAR filename. As Spring
         Security aims to operate in a self-contained manner, there is no need
         to place any special configuration files into your Java Runtime
         Environment. In particular, there is no need to configure a special
         Java Authentication and Authorization Service (JAAS) policy file or
-        place Acegi Security into common classpath locations.
+        place Spring Security into common classpath locations.
 
         Similarly, if you are using an EJB Container or Servlet
         Container there is no need to put any special configuration files
-        anywhere, nor include Acegi Security in a server classloader.
+        anywhere, nor include Spring Security in a server classloader.
 
         This above design offers maximum deployment time flexibility, as
         you can simply copy your target artifact (be it a JAR, WAR or EAR)
@@ -363,7 +367,7 @@
         Shared Components
 
         Let's explore some of the most important shared components in
-        Acegi Security. Components are considered "shared" if they are central
+        Spring Security. Components are considered "shared" if they are central
         to the framework and the framework cannot operate without them. These
         Java types represent the building blocks of the remaining system, so
         it's important to understand that they're there, even if you don't
@@ -380,7 +384,7 @@
         passed around as an argument to those methods. Using a
         ThreadLocal in this way is quite safe if care is
         taken to clear the thread after the present principal's request is
-        processed. Of course, Acegi Security takes care of this for you
+        processed. Of course, Spring Security takes care of this for you
         automatically so there is no need to worry about it.
 
         Some applications aren't entirely suitable for using a
@@ -402,7 +406,7 @@
 
         Inside the SecurityContextHolder we store
         details of the principal currently interacting with the application.
-        Acegi Security uses an Authentication object to
+        Spring Security uses an Authentication object to
         represent this information. Whilst you won't normally need to create
         an Authentication object yourself, it is fairly
         common for users to query the Authentication
@@ -422,7 +426,7 @@ if (obj instanceof UserDetails) {
         object between SecurityContextHolder and
         Authentication. The
         SecurityContextHolder.getContext() method is
-        actually returning a SecurityContext. Acegi
+        actually returning a SecurityContext. Spring
         Security uses a few different SecurityContext
         implementations, such as if we need to store special information
         related to a request that is not principal-specific. A good example of
@@ -436,10 +440,10 @@ if (obj instanceof UserDetails) {
         can obtain a principal from the Authentication
         object. The principal is just an Object. Most of
         the time this can be cast into a UserDetails
-        object. UserDetails is a central interface in Acegi
+        object. UserDetails is a central interface in Spring
         Security. It represents a principal, but in an extensible and
         application-specific way. Think of UserDetails as
-        the adapter between your own user database and what Acegi Security
+        the adapter between your own user database and what Spring Security
         needs inside the SecurityContextHolder. Being a
         representation of something from your own user database, quite often
         you will cast the UserDetails to the original
@@ -454,7 +458,7 @@ if (obj instanceof UserDetails) {
         interface called UserDetailsService. The only
         method on this interface accepts a String-based
         username argument and returns a UserDetails. Most
-        authentication providers that ship with Acegi Security delegate to a
+        authentication providers that ship with Spring Security delegate to a
         UserDetailsService as part of the authentication
         process. The UserDetailsService is used to build
         the Authentication object that is stored in the
@@ -478,7 +482,7 @@ if (obj instanceof UserDetails) {
         "roles", such as ROLE_ADMINISTRATOR or
         ROLE_HR_SUPERVISOR. These roles are later on
         configured for web authorization, method authorization and domain
-        object authorization. Other parts of Acegi Security are capable of
+        object authorization. Other parts of Spring Security are capable of
         interpreting these authorities, and expect them to be present.
         GrantedAuthority objects are usually loaded by
         the UserDetailsService.
@@ -490,7 +494,7 @@ if (obj instanceof UserDetails) {
         Employee object number 54, because if there are
         thousands of such authorities you would quickly run out of memory (or,
         at the very least, cause the application to take a long time to
-        authenticate a user). Of course, Acegi Security is expressly designed
+        authenticate a user). Of course, Spring Security is expressly designed
         to handle this common requirement, but you'd instead use the project's
         domain object security capabilities for this purpose.
 
@@ -507,7 +511,7 @@ if (obj instanceof UserDetails) {
         always use the SecurityContextHolder
         instead.
 
-        Just to recap, the major building blocks of Acegi Security
+        Just to recap, the major building blocks of Spring Security
         are:
 
         
@@ -530,7 +534,7 @@ if (obj instanceof UserDetails) {
 
           
             Authentication, to represent the
-            principal in an Acegi Security-specific manner.
+            principal in a Spring Security-specific manner.
           
 
           
@@ -560,13 +564,13 @@ if (obj instanceof UserDetails) {
       
         Authentication
 
-        As mentioned in the beginning of this reference guide, Acegi
+        As mentioned in the beginning of this reference guide, Spring
         Security can participate in many different authentication
-        environments. Whilst we recommend people use Acegi Security for
+        environments. Whilst we recommend people use Spring Security for
         authentication and not integrate with existing Container Managed
         Authentication, it is nevertheless supported - as is integrating with
         your own proprietary authentication system. Let's first explore
-        authentication from the perspective of Acegi Security managing web
+        authentication from the perspective of Spring Security managing web
         security entirely on its own, which is illustrative of the most
         complex and most common situation.
 
@@ -622,7 +626,7 @@ if (obj instanceof UserDetails) {
           
         
 
-        Acegi Security has distinct classes responsible for most of the
+        Spring Security has distinct classes responsible for most of the
         steps described above. The main participants (in the order that they
         are used) are the ExceptionTranslationFilter, an
         AuthenticationEntryPoint, an authentication
@@ -647,7 +651,7 @@ if (obj instanceof UserDetails) {
         The AuthenticationEntryPoint is responsible
         for step three in the above list. As you can imagine, each web
         application will have a default authentication strategy (well, this
-        can be configured like nearly everything else in Acegi Security, but
+        can be configured like nearly everything else in Spring Security, but
         let's keep it simple for now). Each major authentication system will
         have its own AuthenticationEntryPoint
         implementation, which takes actions such as described in step
@@ -656,7 +660,7 @@ if (obj instanceof UserDetails) {
         After your browser decides to submit your authentication
         credentials (either as an HTTP form post or HTTP header) there needs to
         be something on the server that "collects" these authentication
-        details. By now we're at step six in the above list. In Acegi Security
+        details. By now we're at step six in the above list. In Spring Security
         we have a special name for the function of collecting authentication
         details from a user agent (usually a web browser), and that name is
         "authentication mechanism". After the authentication details are
@@ -664,7 +668,7 @@ if (obj instanceof UserDetails) {
         request" object is built and then presented to an
         AuthenticationProvider.
 
-        The last played in the Acegi Security authentication process is
+        The last played in the Spring Security authentication process is
         an AuthenticationProvider. Quite simply, it is
         responsible for taking an Authentication request
         object and deciding whether or not it is valid. The provider will
@@ -678,7 +682,7 @@ if (obj instanceof UserDetails) {
         UserDetails object. As mentioned earlier, most
         application will provide their own
         UserDetailsService, although some will be able to
-        use the JDBC or in-memory implementation that ships with Acegi
+        use the JDBC or in-memory implementation that ships with Spring
         Security. The resultant UserDetails object - and
         particularly the GrantedAuthority[]s contained
         within the UserDetails object - will be used when
@@ -695,7 +699,7 @@ if (obj instanceof UserDetails) {
         above).
 
         Whilst this describes the typical authentication workflow, the
-        good news is that Acegi Security doesn't mind how you put an
+        good news is that Spring Security doesn't mind how you put an
         Authentication inside the
         SecurityContextHolder. The only critical
         requirement is that the SecurityContextHolder
@@ -705,15 +709,15 @@ if (obj instanceof UserDetails) {
 
         You can (and many users do) write their own filters or MVC
         controllers to provide interoperability with authentication systems
-        that are not based on Acegi Security. For example, you might be using
+        that are not based on Spring Security. For example, you might be using
         Container Managed Authentication which makes the current user
         available from a ThreadLocal or JNDI location. Or you might work for a
         company that has a legacy proprietary authentication system, which is
         a corporate "standard" over which you have little control. In such
-        situations it's quite easy to get Acegi Security to work, and still
+        situations it's quite easy to get Spring Security to work, and still
         provide authorization capabilities. All you need to do is write a
         filter (or equivalent) that reads the third-party user information
-        from a location, build an Acegi Security-specific Authentication
+        from a location, build a Spring Security-specific Authentication
         object, and put it onto the SecurityContextHolder. It's quite easy to
         do this, and it is a fully-supported integration approach.
       
@@ -725,14 +729,14 @@ if (obj instanceof UserDetails) {
         types of advice available: before, after, throws and around. An around
         advice is very useful, because an advisor can elect whether or not to
         proceed with a method invocation, whether or not to modify the
-        response, and whether or not to throw an exception. Acegi Security
+        response, and whether or not to throw an exception. Spring Security
         provides an around advice for method invocations as well as web
         requests. We achieve an around advice for method invocations using AOP
         Alliance, and we achieve an around advice for web requests using a
         standard Filter.
 
         For those not familiar with AOP, the key point to understand is
-        that Acegi Security can help you protect method invocations as well as
+        that Spring Security can help you protect method invocations as well as
         web requests. Most people are interested in securing method
         invocations on their services layer. This is because the services
         layer is where most business logic resides in current-generation J2EE
@@ -753,9 +757,9 @@ if (obj instanceof UserDetails) {
         authorization, coupled with some AOP Alliance method invocation
         authorization on the services layer.
 
-        Acegi Security uses the term "secure object" to refer to any
+        Spring Security uses the term "secure object" to refer to any
         object that can have security applied to it. Each secure object
-        supported by Acegi Security has its own class, which is a subclass of
+        supported by Spring Security has its own class, which is a subclass of
         AbstractSecurityInterceptor. Importantly, by the
         time the AbstractSecurityInterceptor is run, the
         SecurityContextHolder will contain a valid
@@ -785,7 +789,7 @@ if (obj instanceof UserDetails) {
         AccessDecisionManager calling a
         RunAsManager. This might be useful in reasonably
         unusual situations, such as if a services layer method needs to call a
-        remote system and present a different identity. Because Acegi Security
+        remote system and present a different identity. Because Spring Security
         automatically propagates security identity from one server to another
         (assuming you're using a properly-configured RMI or HttpInvoker
         remoting protocol client), this may be useful.
@@ -843,7 +847,7 @@ if (obj instanceof UserDetails) {
         Conclusion
 
         Congratulations! You have enough of a high-level picture of
-        Acegi Security to embark on your project. We've explored the shared
+        Spring Security to embark on your project. We've explored the shared
         components, how authentication works, and reviewed the common
         authorization concept of a "secure object". Everything that follows in
         this reference guide may or may not apply to your particular needs,
@@ -855,16 +859,16 @@ if (obj instanceof UserDetails) {
       Supporting Infrastructure
 
       This chapter introduces some of the supplementary and supporting
-      infrastructure used by Acegi Security. If a capability is not directly
-      related to security, yet included in the Acegi Security project, we will
+      infrastructure used by Spring Security. If a capability is not directly
+      related to security, yet included in the Spring Security project, we will
       discuss it in this chapter.
 
       
         Localization
 
-        Acegi Security supports localization of exception messages that
+        Spring Security supports localization of exception messages that
         end users are likely to see. If your application is designed for
-        English users, you don't need to do anything as by default all Acegi
+        English users, you don't need to do anything as by default all Security
         Security messages are in English. If you need to support other
         locales, everything you need to know is contained in this
         section.
@@ -875,7 +879,7 @@ if (obj instanceof UserDetails) {
         developers or system deployers (including incorrect attributes,
         interface contract violations, using incorrect constructors, startup
         time validation, debug-level logging) etc are not localized and
-        instead are hard-coded in English within Acegi Security's code.
+        instead are hard-coded in English within Spring Security's code.
 
         Shipping in the acegi-security-xx.jar you
         will find an org.springframework.security package that in turn
@@ -894,8 +898,8 @@ if (obj instanceof UserDetails) {
 
         The messages.properties is named in
         accordance with standard resource bundles and represents the default
-        language supported by Acegi Securtiy messages. This default file is in
-        English. If you do not register a message source, Acegi Security will
+        language supported by Spring Security messages. This default file is in
+        English. If you do not register a message source, Spring Security will
         still work correctly and fallback to hard-coded English versions of
         the messages.
 
@@ -913,7 +917,7 @@ if (obj instanceof UserDetails) {
         ThreadLocal known as
         org.springframework.context.i18n.LocaleContextHolder.
         You should set the LocaleContextHolder to represent
-        the preferred Locale of each user. Acegi Security
+        the preferred Locale of each user. Spring Security
         will attempt to locate a message from the message source using the
         Locale obtained from this
         ThreadLocal. Please refer to Spring documentation
@@ -928,7 +932,7 @@ if (obj instanceof UserDetails) {
       
         Filters
 
-        Acegi Security uses many filters, as referred to throughout the
+        Spring Security uses many filters, as referred to throughout the
         remainder of this reference guide. You have a choice in how these
         filters are added to your web application, in that you can use either
         FilterToBeanProxy or
@@ -939,7 +943,7 @@ if (obj instanceof UserDetails) {
         web.xml follows:
 
         <filter>
-  <filter-name>Acegi HTTP Request Security Filter</filter-name>
+  <filter-name>Spring Security HTTP Request Security Filter</filter-name>
   <filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
   <init-param>
     <param-name>targetClass</param-name>
@@ -1001,7 +1005,7 @@ if (obj instanceof UserDetails) {
         <filter> and
         <filter-mapping> entries in
         web.xml explodes when using more than a few
-        filters. To overcome this issue, Acegi Security provides a
+        filters. To overcome this issue, Spring Security provides a
         FilterChainProxy class. It is wired using a
         FilterToBeanProxy (just like in the example above),
         but the target class is
@@ -1130,7 +1134,7 @@ if (obj instanceof UserDetails) {
           
             The
             SecurityContextHolderAwareRequestFilter, if you
-            are using it to install an Acegi Security aware
+            are using it to install a Spring Security aware
             HttpServletRequestWrapper into your servlet
             container
           
@@ -1154,7 +1158,7 @@ if (obj instanceof UserDetails) {
 
           
             ExceptionTranslationFilter, to catch any
-            Acegi Security exceptions so that either an HTTP error response can
+            Spring Security exceptions so that either an HTTP error response can
             be returned or an appropriate
             AuthenticationEntryPoint can be launched
           
@@ -1170,10 +1174,10 @@ if (obj instanceof UserDetails) {
         FilterChainProxy. It is recommended that a single
         FilterToBeanProxy proxy through to a single
         FilterChainProxy for each application, with that
-        FilterChainProxy defining all of Acegi Security
+        FilterChainProxy defining all of Spring Security
         Filters.
 
-        If you're using SiteMesh, ensure Acegi Security filters execute
+        If you're using SiteMesh, ensure Spring Security filters execute
         before the SiteMesh filters are called. This enables the
         SecurityContextHolder to be populated in time for
         use by SiteMesh decorators
@@ -1187,7 +1191,7 @@ if (obj instanceof UserDetails) {
         Overview
 
         In addition to coordinating the authentication and authorization
-        requirements of your application, Acegi Security is also able to
+        requirements of your application, Spring Security is also able to
         ensure unauthenticated web requests have certain properties. These
         properties may include being of a particular transport type, having a
         particular HttpSession attribute set and so on. The
@@ -1211,19 +1215,19 @@ if (obj instanceof UserDetails) {
         across an insecure channel. You will need to ensure your
         web.xml-defined
         <welcome-file> points to an HTTPS location,
-        and the application never directs the user to an HTTP location. Acegi
+        and the application never directs the user to an HTTP location. Spring
         Security provides a solution to assist with the latter.
       
 
       
         Configuration
 
-        To utilise Acegi Security's channel security services, add the
+        To utilise Spring Security's channel security services, add the
         following lines to web.xml:
 
         
 <filter>
-  <filter-name>Acegi Channel Processing Filter</filter-name>
+  <filter-name>Spring Security Channel Processing Filter</filter-name>
   <filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
   <init-param>
     <param-name>targetClass</param-name>
@@ -1232,7 +1236,7 @@ if (obj instanceof UserDetails) {
 </filter>
 
 <filter-mapping>
-  <filter-name>Acegi Channel Processing Filter</filter-name>
+  <filter-name>Spring Security Channel Processing Filter</filter-name>
   <url-pattern>/*</url-pattern>
 </filter-mapping>
 
@@ -1286,7 +1290,7 @@ if (obj instanceof UserDetails) {
         transport protocol), it will perform a redirect, throw an exception or
         take whatever other action is appropriate.
 
-        Included with Acegi Security are two concrete
+        Included with Spring Security are two concrete
         ChannelProcessor implementations:
         SecureChannelProcessor ensures requests with a
         configuration attribute of REQUIRES_SECURE_CHANNEL
@@ -1297,7 +1301,7 @@ if (obj instanceof UserDetails) {
         Both implementations delegate to a
         ChannelEntryPoint if the required transport
         protocol is not used. The two ChannelEntryPoint
-        implementations included with Acegi Security simply redirect the
+        implementations included with Spring Security simply redirect the
         request to HTTP and HTTPS as appropriate. Appropriate defaults are
         assigned to the ChannelProcessor implementations
         for the configuration attribute keywords they respond to and the
@@ -1312,7 +1316,7 @@ if (obj instanceof UserDetails) {
         respond correctly to a redirection instruction which also changes the
         port to use. Accordingly, absolute URLs are used in conjunction with
         bug detection logic in the PortResolverImpl that is
-        wired up by default to many Acegi Security beans. Please refer to the
+        wired up by default to many Spring Security beans. Please refer to the
         JavaDocs for PortResolverImpl for further
         details.
 
@@ -1368,7 +1372,7 @@ if (obj instanceof UserDetails) {
       
         Overview
 
-        Acegi Security comes bundled with several JSP tag libraries that
+        Spring Security comes bundled with several JSP tag libraries that
         eases JSP writing. The tag libraries are known as
         authz and provide a range of different
         services.
@@ -1378,7 +1382,7 @@ if (obj instanceof UserDetails) {
         Configuration
 
         All taglib classes are included in the core
-        acegi-security-xx.jar file, with the
+        spring-security-xx.jar file, with the
         authz.tld located in the JAR's
         META-INF directory. This means for JSP 1.2+ web
         containers you can simply include the JAR in the WAR's
@@ -1422,7 +1426,7 @@ if (obj instanceof UserDetails) {
       
         Mechanisms, Providers and Entry Points
 
-        If you're using Acegi Security-provided authentication
+        If you're using Spring Security-provided authentication
         approaches, you'll usually need to configure a web filter, together
         with an AuthenticationProvider and
         AuthenticationEntryPoint. In this section we are
@@ -1433,11 +1437,11 @@ if (obj instanceof UserDetails) {
 
         In the web.xml, this application will need a single Acegi
         Security filter in order to use the FilterChainProxy. Nearly every
-        Acegi Security application will have such an entry, and it looks like
+        Spring Security application will have such an entry, and it looks like
         this:
 
         <filter>
-  <filter-name>Acegi Filter Chain Proxy</filter-name>
+  <filter-name>Spring Security Filter Chain Proxy</filter-name>
   <filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
   <init-param>
     <param-name>targetClass</param-name>
@@ -1446,12 +1450,12 @@ if (obj instanceof UserDetails) {
 </filter>
 
 <filter-mapping>
-  <filter-name>Acegi Filter Chain Proxy</filter-name>
+  <filter-name>Spring Security Filter Chain Proxy</filter-name>
   <url-pattern>/*</url-pattern>
 </filter-mapping>
 
         The above declarations will cause every web request to be passed
-        through to Acegi Security's FilterChainProxy. As explained in the
+        through to Spring Security's FilterChainProxy. As explained in the
         filters section of this reference guide, the FilterChainProxy is a
         generally-useful class that enables web requests to be passed to
         different filters based on the URL patterns. Those delegated filters
@@ -1471,7 +1475,7 @@ if (obj instanceof UserDetails) {
   </property>
 </bean>
 
-        Internally Acegi Security will use a
+        Internally Spring Security will use a
         PropertyEditor to convert the string presented in
         the above XML fragment into a
         FilterInvocationDefinitionSource object. What's
@@ -1537,7 +1541,7 @@ if (obj instanceof UserDetails) {
         AuthenticationManager is responsible for passing requests through a
         chain of AuthenticationProviders. It's a little like the filter chain
         we discussed earlier, although there are some differences. There is
-        only one AuthenticationManager implementation shipped with Acegi
+        only one AuthenticationManager implementation shipped with Spring
         Security, so let's look at how it's configured for the example we're
         using in this chapter:
 
@@ -1626,7 +1630,7 @@ if (obj instanceof UserDetails) {
         access denied error page. We use a forward so that the
         SecurityContextHolder still contains details of the
         principal, which may be useful for display to the user (in old
-        releases of Acegi Security we relied upon the servlet container to
+        releases of Spring Security we relied upon the servlet container to
         handle a 403 error message, which lacked this useful contextual
         information). AccessDeniedHandlerImpl will also set
         the HTTP header to 403, which is the official error code to indicate
@@ -1669,8 +1673,8 @@ if (obj instanceof UserDetails) {
         responsibility of actually validating the credentials.
 
         A single concrete implementation of
-        UserDetails is provided with Acegi Security, being
-        the User class. Acegi Security users will need to
+        UserDetails is provided with Spring Security, being
+        the User class. Spring Security users will need to
         decide when writing their UserDetailsService what
         concrete UserDetails class to return. In most cases
         User will be used directly or subclassed, although
@@ -1686,7 +1690,7 @@ if (obj instanceof UserDetails) {
         Given UserDetailsService is so simple to
         implement, it should be easy for users to retrieve authentication
         information using a persistence strategy of their choice. Having said
-        that, Acegi Security does include a couple of useful base
+        that, Spring Security does include a couple of useful base
         implementations, which we'll look at below.
 
         
@@ -1696,7 +1700,7 @@ if (obj instanceof UserDetails) {
           UserDetailsService implementation that extracts
           information from a persistence engine of choice, many applications
           do not require such complexity. This is particularly true if you're
-          undertaking a rapid prototype or just starting integrating Acegi
+          undertaking a rapid prototype or just starting integrating Spring
           Security, when you don't really want to spend time configuring
           databases or writing UserDetailsService
           implementations. For this sort of situation, a simple option is to
@@ -1746,7 +1750,7 @@ if (obj instanceof UserDetails) {
         
           JDBC Authentication
 
-          Acegi Security also includes a
+          Spring Security also includes a
           UserDetailsService that can obtain authentication
           information from a JDBC data source. Internally Spring JDBC is used,
           so it avoids the complexity of a fully-featured object relational
@@ -1774,7 +1778,7 @@ if (obj instanceof UserDetails) {
           per normal Spring options. Irrespective of the database used and how
           a DataSource is obtained, a standard schema must
           be used as indicated in dbinit.txt. You can
-          download this file from the Acegi Security web site.
+          download this file from the Spring Security web site.
 
           If your default schema is unsuitable for your needs,
           JdbcDaoImpl provides two properties that allow
@@ -1786,7 +1790,7 @@ if (obj instanceof UserDetails) {
           certain UserDetails implementation returned),
           you'd be better off writing your own
           UserDetailsService. The base implementation
-          provided with Acegi Security is intended for typical situations, and
+          provided with Spring Security is intended for typical situations, and
           does not offer infinite configuration flexibility.
         
       
@@ -1794,7 +1798,7 @@ if (obj instanceof UserDetails) {
       
         Concurrent Session Handling
 
-        Acegi Security is able to prevent a principal from concurrently
+        Spring Security is able to prevent a principal from concurrently
         authenticating to the same application more than a specified number of
         times. Many ISVs take advantage of this to enforce licensing, whilst
         network administrators like this feature because it helps prevent
@@ -1874,7 +1878,7 @@ if (obj instanceof UserDetails) {
       
         Overview
 
-        Acegi Security includes a production-quality
+        Spring Security includes a production-quality
         AuthenticationProvider implementation called
         DaoAuthenticationProvider. This authentication
         provider is compatible with all of the authentication mechanisms that
@@ -1914,7 +1918,7 @@ if (obj instanceof UserDetails) {
         A SaltSource enables the passwords to be populated
         with a "salt", which enhances the security of the passwords in the
         authentication repository. PasswordEncoder
-        implementations are provided with Acegi Security covering MD5, SHA and
+        implementations are provided with Spring Security covering MD5, SHA and
         cleartext encodings. Two SaltSource implementations
         are also provided: SystemWideSaltSource which
         encodes all passwords with the same salt, and
@@ -1961,7 +1965,7 @@ if (obj instanceof UserDetails) {
   <property name="cache"><ref local="userCacheBackend"/></property>
 </bean>        
 
-        All Acegi Security EH-CACHE implementations (including
+        All Spring Security EH-CACHE implementations (including
         EhCacheBasedUserCache) require an EH-CACHE
         Cache object. The Cache object
         can be obtained from wherever you like, although we recommend you use
@@ -1989,7 +1993,7 @@ if (obj instanceof UserDetails) {
         applications, such as the user's full name, email address etc. If
         using container adapters, or if your applications were written to
         operate with Strings (as was the case for releases
-        prior to Acegi Security 0.6), you should set the
+        prior to Spring Security 0.6), you should set the
         DaoAuthenticationProvider.forcePrincipalAsString
         property to true in your application context
       
@@ -2002,7 +2006,7 @@ if (obj instanceof UserDetails) {
       
         Overview
 
-        Acegi Security provides a package able to delegate
+        Spring Security provides a package able to delegate
         authentication requests to the Java Authentication and Authorization
         Service (JAAS). This package is discussed in detail below.
 
@@ -2027,7 +2031,7 @@ if (obj instanceof UserDetails) {
   sample.SampleLoginModule required;
 };
 
-        Like all Acegi Security beans, the
+        Like all Spring Security beans, the
         JaasAuthenticationProvider is configured via the
         application context. The following definitions would correspond to the
         above JAAS login configuration file:
@@ -2066,15 +2070,15 @@ if (obj instanceof UserDetails) {
           of some sort. These callbacks are usually used to obtain the
           username and password from the user.
 
-          In an Acegi Security deployment, Acegi Security is responsible
+          In a Spring Security deployment, Spring Security is responsible
           for this user interaction (via the authentication mechanism). Thus,
           by the time the authentication request is delegated through to JAAS,
-          Acegi Security's authentication mechanism will already have
+          Spring Security's authentication mechanism will already have
           fully-populated an Authentication object
           containing all the information required by the JAAS
           LoginModule.
 
-          Therefore, the JAAS package for Acegi Security provides two
+          Therefore, the JAAS package for Spring Security provides two
           default callback handlers,
           JaasNameCallbackHandler and
           JaasPasswordCallbackHandler. Each of these
@@ -2102,11 +2106,11 @@ if (obj instanceof UserDetails) {
           JAAS AuthorityGranter
 
           JAAS works with principals. Even "roles" are represented as
-          principals in JAAS. Acegi Security, on the other hand, works with
+          principals in JAAS. Spring Security, on the other hand, works with
           Authentication objects. Each
           Authentication object contains a single
           principal, and multiple GrantedAuthority[]s. To
-          facilitate mapping between these different concepts, Acegi
+          facilitate mapping between these different concepts, Spring
           Security's JAAS package includes an
           AuthorityGranter interface.
 
@@ -2114,7 +2118,7 @@ if (obj instanceof UserDetails) {
           inspecting a JAAS principal and returning a
           String. The
           JaasAuthenticationProvider then creates a
-          JaasGrantedAuthority (which implements Acegi
+          JaasGrantedAuthority (which implements Spring
           Security’s GrantedAuthority interface) containing
           both the AuthorityGranter-returned
           String and the JAAS principal that the
@@ -2129,7 +2133,7 @@ if (obj instanceof UserDetails) {
           JaasAuthenticationProvider.setAuthorityGranters(List)
           property.
 
-          Acegi Security does not include any production
+          Spring Security does not include any production
           AuthorityGranters given that every JAAS principal
           has an implementation-specific meaning. However, there is a
           TestAuthorityGranter in the unit tests that
@@ -2148,15 +2152,15 @@ if (obj instanceof UserDetails) {
         Siteminder is a commercial single sign on solution by Computer
         Associates.
 
-        Acegi Security provides a filter,
+        Spring Security provides a filter,
         SiteminderAuthenticationProcessingFilter and
         provider, SiteminderAuthenticationProvider that can
         be used to process requests that have been pre-authenticated by
         Siteminder. This filter assumes that you're using Siteminder for
-        authentication, and that you're using Acegi
+        authentication, and that you're using Spring
         Security for authorization. The use of Siteminder
         for authorization is not yet directly supported
-        by Acegi Security.
+        by Spring Security.
 
         When using Siteminder, an agent is setup on your web server to
         intercept a principal's first call to your application. The agent
@@ -2171,7 +2175,7 @@ if (obj instanceof UserDetails) {
       
         Configuration
 
-        The first step in setting up Acegi Security's Siteminder support
+        The first step in setting up Spring Security's Siteminder support
         is to define the authentication mechanism that will inspect the HTTP
         header discussed earlier. It will be responsible for generating a
         UsernamePasswordAuthenticationToken that is later
@@ -2192,7 +2196,7 @@ if (obj instanceof UserDetails) {
         AuthenticationManager, as is normally needed by
         authentication mechanisms. Several URLs are also specified, with the
         values being self-explanatory. It's important to also specify the HTTP
-        header that Acegi Security should inspect. If you additionally want to
+        header that Spring Security should inspect. If you additionally want to
         support form-based authentication (i.e. in your development
         environment where Siteminder is not installed), specify the form's
         username parameter as well - just don't do this in production!
@@ -2242,7 +2246,7 @@ if (obj instanceof UserDetails) {
         will be able to call other objects which require different
         authentication and authorization credentials. It will also be able to
         perform any internal security checks for specific
-        GrantedAuthority objects. Because Acegi Security
+        GrantedAuthority objects. Because Spring Security
         provides a number of helper classes that automatically configure
         remoting protocols based on the contents of the
         SecurityContextHolder, these run-as replacements
@@ -2272,7 +2276,7 @@ public boolean supports(Class clazz);
         that the security interceptor will present.
 
         One concrete implementation of a RunAsManager
-        is provided with Acegi Security. The
+        is provided with Spring Security. The
         RunAsManagerImpl class returns a replacement
         RunAsUserToken if any
         ConfigAttribute starts with
@@ -2410,7 +2414,7 @@ public boolean supports(Class clazz);
       
         Overview
 
-        Acegi Security provides a
+        Spring Security provides a
         BasicProcessingFilter which is capable of
         processing basic authentication credentials presented in HTTP headers.
         This can be used for authenticating calls made by Spring remoting
@@ -2471,7 +2475,7 @@ public boolean supports(Class clazz);
       
         Overview
 
-        Acegi Security provides a
+        Spring Security provides a
         DigestProcessingFilter which is capable of
         processing digest authentication credentials presented in HTTP
         headers. Digest Authentication attempts to solve many of the
@@ -2481,7 +2485,7 @@ public boolean supports(Class clazz);
         Explorer. The standard governing HTTP Digest Authentication is defined
         by RFC 2617, which updates an earlier version of the Digest
         Authentication standard prescribed by RFC 2069. Most user agents
-        implement RFC 2617. Acegi Security
+        implement RFC 2617. Spring Security
         DigestProcessingFilter is compatible with the
         "auth" quality of protection
         (qop) prescribed by RFC 2617, which also provides
@@ -2497,7 +2501,7 @@ public boolean supports(Class clazz);
         between Form Authentication, Basic Authentication and Digest
         Authentication, although extra security also means more complex user
         agent implementations. Central to Digest Authentication is a "nonce".
-        This is a value the server generates. Acegi Security's nonce adopts
+        This is a value the server generates. Spring Security's nonce adopts
         the following format:
 
         base64(expirationTime + ":" + md5Hex(expirationTime + ":" + key))
@@ -2516,7 +2520,7 @@ key:              A private key to prevent modification of the nonce token
         a random value which the user agent generates each request), the realm
         name etc, then performing an MD5 hash. Both the server and user agent
         perform this digest computation, resulting in different hash codes if
-        they disagree on an included value (eg password). In Acegi Security
+        they disagree on an included value (eg password). In Spring Security
         implementation, if the server-generated nonce has merely expired (but
         the digest was otherwise valid), the
         DigestProcessingFilterEntryPoint will send a
@@ -2538,9 +2542,9 @@ key:              A private key to prevent modification of the nonce token
         Because of the more complex implementation of Digest
         Authentication, there are often user agent issues. For example,
         Internet Explorer fails to present an "opaque"
-        token on subsequent requests in the same session. Acegi Security
+        token on subsequent requests in the same session. Spring Security
         filters therefore encapsulate all state information into the
-        "nonce" token instead. In our testing, Acegi
+        "nonce" token instead. In our testing, Spring
         Security implementation works reliably with FireFox and Internet
         Explorer, correctly handling nonce timeouts etc.
       
@@ -2597,12 +2601,12 @@ key:              A private key to prevent modification of the nonce token
 
         Digest Authentication's RFC offers a range of additional
         features to further increase security. For example, the nonce can be
-        changed on every request. Despite this, Acegi Security implementation
+        changed on every request. Despite this, Spring Security implementation
         was designed to minimise the complexity of the implementation (and the
         doubtless user agent incompatibilities that would emerge), and avoid
         needing to store server-side state. You are invited to review RFC 2617
         if you wish to explore these features in more detail. As far as we are
-        aware, Acegi Security implementation does comply with the minimum
+        aware, Spring Security's implementation does comply with the minimum
         standards of this RFC.
       
     
@@ -2632,7 +2636,7 @@ key:              A private key to prevent modification of the nonce token
       
         Configuration
 
-        Acegi Security provides three classes that together provide an
+        Spring Security provides three classes that together provide an
         anonymous authentication feature.
         AnonymousAuthenticationToken is an implementation
         of Authentication, and stores the
@@ -2723,7 +2727,7 @@ key:              A private key to prevent modification of the nonce token
         remember the identity of a principal between sessions. This is
         typically accomplished by sending a cookie to the browser, with the
         cookie being detected during future sessions and causing automated
-        login to take place. Acegi Security provides the necessary hooks so
+        login to take place. Spring Security provides the necessary hooks so
         that such operations can take place, along with providing a concrete
         implementation that uses hashing to preserve the security of
         cookie-based tokens.
@@ -2849,25 +2853,25 @@ key:              A private key to prevent modification of the remember-me token
         part of the SSL handshake. The server will authenticate the client by
         checking that it's certificate is signed by an acceptable authority.
         If a valid certificate has been provided, it can be obtained through
-        the servlet API in an application. Acegi Security X509 module extracts
+        the servlet API in an application. Spring Security X509 module extracts
         the certificate using a filter and passes it to the configured X509
         authentication provider to allow any additional application-specific
         checks to be applied. It also maps the certificate to an application
         user and loads that user's set of granted authorities for use with the
-        standard Acegi Security infrastructure.
+        standard Spring Security infrastructure.
 
         You should be familiar with using certificates and setting up
         client authentication for your servlet container before attempting to
-        use it with Acegi Security. Most of the work is in creating and
+        use it with Spring Security. Most of the work is in creating and
         installing suitable certificates and keys. For example, if you're
         using Tomcat then read the instructions here .
         It's important that you get this working before trying it out with
-        Acegi Security
+        Spring Security
       
 
       
-        Using X509 with Acegi Security
+        Using X509 with Spring Security
 
         With X509 authentication, there is no explicit login procedure
         so the implementation is relatively simple; there is no need to
@@ -2969,7 +2973,7 @@ key:              A private key to prevent modification of the remember-me token
         clientAuth can also be set to
         want if you still want SSL connections to
         succeed even if the client doesn't provide a certificate. Obviously
-        these clients won't be able to access any objects secured by Acegi
+        these clients won't be able to access any objects secured by Spring
         Security (unless you use a non-X509 authentication mechanism, such as
         BASIC authentication, to authenticate the user)
       
@@ -2986,13 +2990,13 @@ key:              A private key to prevent modification of the remember-me token
         to store the role information for application users.
 
         There are many different scenarios for how an LDAP server may be
-        configured so Acegi LDAP provider is fully configurable. It uses
+        configured so Spring Security's LDAP provider is fully configurable. It uses
         separate strategy interfaces for authentication and role retrieval and
         provides default implementations which can be configured to handle a
         wide range of situations.
 
         You should be familiar with LDAP before trying to use it with
-        Acegi. The following link provides a good introduction to the concepts
+        Spring Security. The following link provides a good introduction to the concepts
         involved and a guide to setting up a directory using the free LDAP
         server OpenLDAP: . Some familiarity
@@ -3002,7 +3006,7 @@ key:              A private key to prevent modification of the remember-me token
       
 
       
-        Using LDAP with Acegi Security
+        Using LDAP with Spring Security
 
         The main LDAP provider class is
         org.springframework.security.providers.ldap.LdapAuthenticationProvider.
@@ -3027,7 +3031,7 @@ key:              A private key to prevent modification of the remember-me token
           with the user's own permissions.
 
           There are currently two authentication strategies supplied
-          with Acegi Security: 
+          with Spring Security: 
               
                 Authentication directly to the LDAP server ("bind"
                 authentication).
@@ -3237,15 +3241,15 @@ key:              A private key to prevent modification of the remember-me token
         JA-SIG produces an enterprise-wide single sign on system known
         as CAS. Unlike other initiatives, JA-SIG's Central Authentication
         Service is open source, widely used, simple to understand, platform
-        independent, and supports proxy capabilities. Acegi Security fully
+        independent, and supports proxy capabilities. Spring Security fully
         supports CAS, and provides an easy migration path from
-        single-application deployments of Acegi Security through to
+        single-application deployments of Spring Security through to
         multiple-application deployments secured by an enterprise-wide CAS
         server.
 
         You can learn more about CAS at
         http://www.ja-sig.org/products/cas/. You will need
-        to visit this URL to download the CAS Server files. Whilst Acegi
+        to visit this URL to download the CAS Server files. Whilst Spring
         Security includes two CAS libraries in the "-with-dependencies" ZIP
         file, you will still need the CAS Java Server Pages and
         web.xml to customise and deploy your CAS
@@ -3257,9 +3261,9 @@ key:              A private key to prevent modification of the remember-me token
 
         Whilst the CAS web site above contains two documents that detail
         the architecture of CAS, we present the general overview again here
-        within the context of Acegi Security. The following refers to both CAS
+        within the context of Spring Security. The following refers to both CAS
         2.0 (produced by Yale) and CAS 3.0 (produced by JA-SIG), being the
-        versions of CAS that Acegi Security supports.
+        versions of CAS that Spring Security supports.
 
         Somewhere in your enterprise you will need to setup a CAS
         server. The CAS server is simply a standard WAR file, so there isn't
@@ -3278,13 +3282,13 @@ key:              A private key to prevent modification of the remember-me token
         If you are already running an existing CAS 2.0 server instance,
         you will have already established a
         PasswordHandler. If you do not already have a
-        PasswordHandler, you might prefer to use Acegi
-        Security CasPasswordHandler class. This class
-        delegates through to the standard Acegi Security
+        PasswordHandler, you might prefer to use Spring
+        Security's CasPasswordHandler class. This class
+        delegates through to the standard Spring Security
         AuthenticationManager, enabling you to use a
         security configuration you might already have in place. You do not
         need to use the CasPasswordHandler class on your
-        CAS server if you do not wish. Acegi Security will function as a CAS
+        CAS server if you do not wish. Spring Security will function as a CAS
         client successfully irrespective of the
         PasswordHandler you've chosen for your CAS
         server.
@@ -3304,12 +3308,12 @@ key:              A private key to prevent modification of the remember-me token
         you will have already established an
         AuthenticationHandler. If you do not already have
         an AuthenticationHandler, you might prefer to use
-        Acegi Security CasAuthenticationHandler class. This
-        class delegates through to the standard Acegi Security
+        Spring Security CasAuthenticationHandler class. This
+        class delegates through to the standard Spring Security
         AuthenticationManager, enabling you to use a
         security configuration you might already have in place. You do not
         need to use the CasAuthenticationHandler class on
-        your CAS server if you do not wish. Acegi Security will function as a
+        your CAS server if you do not wish. Spring Security will function as a
         CAS client successfully irrespective of the
         AuthenticationHandler you've chosen for your CAS
         server.
@@ -3327,20 +3331,20 @@ key:              A private key to prevent modification of the remember-me token
         Active Server Pages, Perl, Python and others. Naturally, Java support
         is very strong given the CAS server is written in Java. You do not
         need to use any of CAS' client classes in applications secured by
-        Acegi Security. This is handled transparently for you.
+        Spring Security. This is handled transparently for you.
 
-        The basic interaction between a web browser, CAS server and an
-        Acegi Security for System Spring secured service is as follows:
+        The basic interaction between a web browser, CAS server and n
+        Spring Security-secured service is as follows:
 
         
           
             The web user is browsing the service's public pages. CAS or
-            Acegi Security is not involved.
+            Spring Security is not involved.
           
 
           
             The user eventually requests a page that is either secure or
-            one of the beans it uses is secure. Acegi Security's
+            one of the beans it uses is secure. Spring Security's
             ExceptionTranslationFilter will detect the
             AuthenticationException.
           
@@ -3359,7 +3363,7 @@ key:              A private key to prevent modification of the remember-me token
             The CasProcessingFilterEntry point will
             redirect the user's browser to the CAS server. It will also
             indicate a service parameter, which is the
-            callback URL for Acegi Security service. For example, the URL to
+            callback URL for Spring Security service. For example, the URL to
             which the browser is redirected might be
             https://my.company.com/cas/login?service=https%3A%2F%2Fserver3.company.com%2Fwebapp%2Fj_spring_cas_security_check.
           
@@ -3414,7 +3418,7 @@ key:              A private key to prevent modification of the remember-me token
           
             CasAuthenticationProvider will validate
             the service ticket using a TicketValidator
-            implementation. Acegi Security includes one implementation, the
+            implementation. Spring Security includes one implementation, the
             CasProxyTicketValidator. This implementation a
             ticket validation class included in the CAS client library. The
             CasProxyTicketValidator makes an HTTPS request
@@ -3463,8 +3467,8 @@ key:              A private key to prevent modification of the remember-me token
             a configured CasProxyDecider. The
             CasProxyDecider indicates whether the proxy
             list in the TicketResponse is acceptable to the
-            service. Several implementations are provided with Acegi Security
-            System: RejectProxyTickets,
+            service. Several implementations are provided with Spring Security:
+            RejectProxyTickets,
             AcceptAnyCasProxy and
             NamedCasProxyDecider. These names are largely
             self-explanatory, except NamedCasProxyDecider
@@ -3476,7 +3480,7 @@ key:              A private key to prevent modification of the remember-me token
             CasAuthenticationProvider will next
             request a CasAuthoritiesPopulator to advise the
             GrantedAuthority objects that apply to the user
-            contained in the TicketResponse. Acegi Security
+            contained in the TicketResponse. Spring Security
             includes a DaoCasAuthoritiesPopulator which
             simply uses the UserDetailsService
             infrastructure to find the UserDetails and
@@ -3505,7 +3509,7 @@ key:              A private key to prevent modification of the remember-me token
             CasProcessingFilter, which places the created
             CasAuthenticationToken into the
             HttpSession attribute named
-            HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY.
+            HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY.
           
 
           
@@ -3517,7 +3521,7 @@ key:              A private key to prevent modification of the remember-me token
             As the Authentication object is now in
             the well-known location, it is handled like any other
             authentication approach. Usually the
-            HttpSessionIntegrationFilter will be used to
+            HttpSessionContextIntegrationFilter will be used to
             associate the Authentication object with the
             SecurityContextHolder for the duration of each
             request.
@@ -3525,14 +3529,14 @@ key:              A private key to prevent modification of the remember-me token
         
 
         It's good that you're still here! It might sound involved, but
-        you can relax as Acegi Security classes hide much of the complexity.
+        you can relax as Spring Security classes hide much of the complexity.
         Let's now look at how this is configured
       
 
       
         Optional CAS Server Setup
 
-        Acegi Security can even act as the backend which a CAS version
+        Spring Security can even act as the backend which a CAS version
         2.0 or 3.0 server utilises. The configuration approach is described
         below. Of course, if you have an existing CAS environment you might
         just like to use it instead.
@@ -3540,10 +3544,10 @@ key:              A private key to prevent modification of the remember-me token
         
           CAS Version 2.0
 
-          As mentioned above, Acegi Security includes a
+          As mentioned above, Spring Security includes a
           PasswordHandler that bridges your existing
           AuthenticationManager into CAS 2.0. You do not
-          need to use this PasswordHandler to use Acegi
+          need to use this PasswordHandler to use Spring
           Security on the client side (any CAS
           PasswordHandler will do).
 
@@ -3633,11 +3637,11 @@ key:              A private key to prevent modification of the remember-me token
         
           CAS Version 3.0
 
-          As mentioned above, Acegi Security includes an
+          As mentioned above, Spring Security includes an
           AuthenticationHandler that bridges your existing
           AuthenticationManager into CAS 3.0. You do not
           need to use this AuthenticationHandler to use
-          Acegi Security on the client side (any CAS
+          Spring Security on the client side (any CAS
           AuthenticationHandler will do).
 
           To install, you will need to download and extract the CAS
@@ -3666,7 +3670,7 @@ key:              A private key to prevent modification of the remember-me token
 				<list>
 					<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" />
 					<bean class="org.springframework.security.adapters.cas3.CasAuthenticationHandler">
-						<property name="authenticationManager" ref="acegiAuthenticationManager" />
+						<property name="authenticationManager" ref="authenticationManager" />
 					</bean>
 				</list>
 			</property>
@@ -3689,7 +3693,7 @@ key:              A private key to prevent modification of the remember-me token
 	     	<property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property>
 		</bean>
 
-		<bean id="acegiAuthenticationManager" class="org.springframework.security.providers.ProviderManager">
+		<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
 			<property name="providers">
 			  <list>
 			    <ref bean="daoAuthenticationProvider"/>
@@ -3725,8 +3729,8 @@ key:              A private key to prevent modification of the remember-me token
       
         Configuration of CAS Client
 
-        The web application side of CAS is made easy due to Acegi
-        Security. It is assumed you already know the basics of using Acegi
+        The web application side of CAS is made easy due to Spring
+        Security. It is assumed you already know the basics of using Spring
         Security, so these are not covered again below. Only the CAS-specific
         beans are mentioned.
 
@@ -3778,7 +3782,7 @@ key:              A private key to prevent modification of the remember-me token
 
         
 <filter>
-  <filter-name>Acegi CAS Processing Filter</filter-name>
+  <filter-name>Spring Security CAS Processing Filter</filter-name>
   <filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
   <init-param>
     <param-name>targetClass</param-name>
@@ -3787,7 +3791,7 @@ key:              A private key to prevent modification of the remember-me token
 </filter>
 
 <filter-mapping>
-  <filter-name>Acegi CAS Processing Filter</filter-name>
+  <filter-name>Spring Security CAS Processing Filter</filter-name>
   <url-pattern>/*</url-pattern>
 </filter-mapping>
 
@@ -3898,7 +3902,7 @@ key:              A private key to prevent modification of the remember-me token
 
         This completes the configuration of CAS. If you haven't made any
         mistakes, your web application should happily work within the
-        framework of CAS single sign on. No other parts of Acegi Security need
+        framework of CAS single sign on. No other parts of Spring Security need
         to be concerned about the fact CAS handled authentication.
 
         There is also a contacts-cas.war file in the
@@ -3926,9 +3930,9 @@ key:              A private key to prevent modification of the remember-me token
         ticket directly from the CAS server.
 
         Because remoting protocols have no way of presenting themselves
-        within the context of a HttpSession, it isn't
+        within the context of an HttpSession, it isn't
         possible to rely on the HttpSession's
-        HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY
+        HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY
         attribute to locate the CasAuthenticationToken.
         Furthermore, because the CAS server invalidates a service ticket after
         it has been validated by the TicketValidator,
@@ -3964,7 +3968,7 @@ key:              A private key to prevent modification of the remember-me token
         proxy-granting IOU ticket by calling
         CasAuthenticationToken.getProxyGrantingTicketIou().
 
-        It is hoped you find CAS integration easy and useful with Acegi
+        It is hoped you find CAS integration easy and useful with Spring
         Security classes. Welcome to enterprise-wide single sign on!
       
     
@@ -3975,7 +3979,7 @@ key:              A private key to prevent modification of the remember-me token
       
         Overview
 
-        Very early versions of Acegi Security exclusively used Container
+        Very early versions of Spring Security exclusively used Container
         Adapters for interfacing authentication with end users. Whilst this
         worked well, it required considerable time to support multiple
         container versions and the configuration itself was relatively
@@ -3984,19 +3988,19 @@ key:              A private key to prevent modification of the remember-me token
         developed, and are today recommended for almost all
         applications.
 
-        Container Adapters enable Acegi Security to integrate directly
+        Container Adapters enable Spring Security to integrate directly
         with the containers used to host end user applications. This
         integration means that applications can continue to leverage the
         authentication and authorization capabilities built into containers
         (such as isUserInRole() and form-based or basic
         authentication), whilst benefiting from the enhanced security
-        interception capabilities provided by Acegi Security (it should be
-        noted that Acegi Security also offers
+        interception capabilities provided by Spring Security (it should be
+        noted that Spring Security also offers
         ContextHolderAwareRequestWrapper to deliver
         isUserInRole() and similar Servlet Specification
         compatibility methods).
 
-        The integration between a container and Acegi Security is
+        The integration between a container and Spring Security is
         achieved through an adapter. The adapter provides a
         container-compatible user authentication provider, and needs to return
         a container-compatible user object.
@@ -4009,7 +4013,7 @@ key:              A private key to prevent modification of the remember-me token
         acegisecurity.xml and is placed in a
         container-specific location.
 
-        Acegi Security currently supports Jetty, Catalina (Tomcat),
+        Spring Security currently supports Jetty, Catalina (Tomcat),
         JBoss and Resin. Additional container adapters can easily be
         written
       
@@ -4087,7 +4091,7 @@ key:              A private key to prevent modification of the remember-me token
         
   <Call name="addRealm">
     <Arg>
-      <New class="org.springframework.security.adapters.jetty.JettyAcegiUserRealm">
+      <New class="org.springframework.security.adapters.jetty.JettySpringSecurityUserRealm">
         <Arg>Spring Powered Realm</Arg>
         <Arg>my_password</Arg>
         <Arg>etc/acegisecurity.xml</Arg>
@@ -4160,7 +4164,7 @@ key:              A private key to prevent modification of the remember-me token
         
 <application-policy name = "SpringPoweredRealm">
    <authentication>
-      <login-module code = "org.springframework.security.adapters.jboss.JbossAcegiLoginModule"
+      <login-module code = "org.springframework.security.adapters.jboss.JbossSpringSecurityLoginModule"
             flag = "required">
         <module-option name = "appContextLocation">acegisecurity.xml</module-option>
         <module-option name = "key">my_password</module-option>
@@ -4186,7 +4190,7 @@ key:              A private key to prevent modification of the remember-me token
         
 <application-policy name = "SpringPoweredRealm">
    <authentication>
-      <login-module code = "org.springframework.security.adapters.jboss.JbossAcegiLoginModule"
+      <login-module code = "org.springframework.security.adapters.jboss.JbossSpringSecurityLoginModule"
             flag = "required">
         <module-option name = "singletonId">springRealm</module-option>
         <module-option name = "key">my_password</module-option>
@@ -4361,7 +4365,7 @@ key:              A private key to prevent modification of the remember-me token
         entry:
 
               <Realm
-            className="org.springframework.security.adapters.catalina.CatalinaAcegiUserRealm"
+            className="org.springframework.security.adapters.catalina.CatalinaSpringSecurityUserRealm"
             appContextLocation="conf/acegisecurity.xml"
              key="my_password" />
 
@@ -4371,7 +4375,7 @@ key:              A private key to prevent modification of the remember-me token
         Copy acegisecurity.xml into
         $CATALINA_HOME/conf.
 
-        Copy acegi-security-catalina-XX.jar into
+        Copy spring-security-catalina-XX.jar into
         $CATALINA_HOME/server/lib.
 
         Copy the following files into
@@ -4400,7 +4404,7 @@ key:              A private key to prevent modification of the remember-me token
         
 
         None of the above JAR files (or
-        acegi-security-XX.jar) should be in your
+        spring-security-XX.jar) should be in your
         application's WEB-INF/lib. The realm name indicated
         in your web.xml does not matter with
         Catalina.
@@ -4788,11 +4792,11 @@ $CATALINA_HOME/bin/startup.sh
     Authorization
 
     
-      The advanced authorization capabilities within Acegi Security
+      The advanced authorization capabilities within Spring Security
       represent one of the most compelling reasons for its popularity.
-      Irrespective of how you choose to authenticate - whether using an Acegi
+      Irrespective of how you choose to authenticate - whether using a Spring
       Security-provided mechanism and provider, or integrating with a
-      container or other non-Acegi Security authentication authority - you
+      container or other non-Spring Security authentication authority - you
       will find the authorization services can be used within your application
       in a consistent and simple way.
 
@@ -4845,7 +4849,7 @@ $CATALINA_HOME/bin/startup.sh
         specifically support the GrantedAuthority
         implementation in order to understand its contents.
 
-        Acegi Security includes one concrete
+        Spring Security includes one concrete
         GrantedAuthority implementation,
         GrantedAuthorityImpl. This allows any
         user-specified String to be converted into a
@@ -4894,7 +4898,7 @@ public boolean supports(Class clazz);
 
         Whilst users can implement their own
         AccessDecisionManager to control all aspects of
-        authorization, Acegi Security includes several
+        authorization, Spring Security includes several
         AccessDecisionManager implementations that are
         based on voting. Figure 4 illustrates the relevant classes.
 
@@ -4935,7 +4939,7 @@ public boolean supports(Class clazz);
         ACCESS_GRANTED.
 
         There are three concrete
-        AccessDecisionManagers provided with Acegi Security
+        AccessDecisionManagers provided with Spring Security
         that tally the votes. The ConsensusBased
         implementation will grant or deny access based on the consensus of
         non-abstain votes. Properties are provided to control behavior in the
@@ -4960,7 +4964,7 @@ public boolean supports(Class clazz);
         effect.
 
         There are two concrete AccessDecisionVoter
-        implementations provided with Acegi Security. The
+        implementations provided with Spring Security. The
         RoleVoter class will vote if any ConfigAttribute
         begins with ROLE_. It will vote to grant access if
         there is a GrantedAuthority which returns a
@@ -4976,7 +4980,7 @@ public boolean supports(Class clazz);
         as the ROLE_ prefix.
 
         BasicAclEntryVoter is the other concrete
-        voter included with Acegi Security. It integrates with Acegi
+        voter included with Spring Security. It integrates with Spring
         Security's AclManager (discussed later). This voter
         is designed to have multiple instances in the same application
         context, such as:
@@ -5025,14 +5029,14 @@ public boolean supports(Class clazz);
         BasicAclEntryVoter is an important class as it
         allows you to build truly complex applications with domain object
         security entirely defined in the application context. If you're
-        interested in learning more about Acegi Security's ACL capabilities
+        interested in learning more about Spring Security's ACL capabilities
         and how best to apply them, please see the ACL and "After Invocation"
         sections of this reference guide, and the Contacts sample
         application.
 
         It is also possible to implement a custom
         AccessDecisionVoter. Several examples are provided
-        in Acegi Security unit tests, including
+        in Spring Security unit tests, including
         ContactSecurityVoter and
         DenyVoter. The
         ContactSecurityVoter abstains from voting decisions
@@ -5062,11 +5066,11 @@ public boolean supports(Class clazz);
         with the secure object invocation, some applications need a way of
         modifying the object actually returned by the secure object
         invocation. Whilst you could easily implement your own AOP concern to
-        achieve this, Acegi Security provides a convenient hook that has
+        achieve this, Spring Security provides a convenient hook that has
         several concrete implementations that integrate with its ACL
         capabilities.
 
-        Figure 5 illustrates Acegi Security's
+        Figure 5 illustrates Spring Security's
         AfterInvocationManager and its concrete
         implementations.
 
@@ -5081,7 +5085,7 @@ public boolean supports(Class clazz);
             
           
 
-        Like many other parts of Acegi Security,
+        Like many other parts of Spring Security,
         AfterInvocationManager has a single concrete
         implementation, AfterInvocationProviderManager, which
         polls a list of AfterInvocationProviders. Each
@@ -5097,7 +5101,7 @@ public boolean supports(Class clazz);
         configuration attributes that allow the
         MethodSecurityInterceptor's
         AccessDecisionManager to allow an operation. If
-        you're using the typical Acegi Security included
+        you're using the typical Spring Security included
         AccessDecisionManager implementations, having no
         configuration attributes defined for a particular secure method
         invocation will cause each AccessDecisionVoter to
@@ -5361,7 +5365,7 @@ public boolean supports(Class clazz);
         domain object. The numbers are actually integers that are used with
         BasePermission bit masking. Please refer to the ACL
         section of this reference guide to understand more about the ACL
-        capabilities of Acegi Security.
+        capabilities of Spring Security.
 
         AclTag is part of the old ACL module and
         should be considered deprecated. For the sake of historical reference,
@@ -5384,7 +5388,7 @@ public boolean supports(Class clazz);
         ProxyFactoryBean or
         BeanNameAutoProxyCreator, as commonly used by many
         other parts of Spring (refer to the sample application for examples).
-        Alternatively, Acegi Security provides a
+        Alternatively, Spring Security provides a
         MethodDefinitionSourceAdvisor which may be used
         with Spring's DefaultAdvisorAutoProxyCreator to
         automatically chain the security interceptor in front of any beans
@@ -5501,7 +5505,7 @@ public boolean supports(Class clazz);
     public float getBalance(int id);
 }
 
-        If you are using the Acegi Security Java 5 Annotations approach,
+        If you are using the Spring Security Java 5 Annotations approach,
         your bean context will be configured as follows:
 
         <bean id="attributes"
@@ -5520,7 +5524,7 @@ public boolean supports(Class clazz);
   <property name="objectDefinitionSource"><ref bean="objectDefinitionSource"/></property>
 </bean>        
 
-        In addition, your source code will contain Acegi Java 5 Security
+        In addition, your source code will contain Spring Security Java 5 Security
         Annotations that represent the ConfigAttribute. The
         following example uses the @Secured annotations to
         represent the configuration attributes, and results in the same
@@ -5717,7 +5721,7 @@ public aspect DomainObjectInstanceSecurityAspect implements InitializingBean {
         configuration example is provided below:
 
         <filter>
-  <filter-name>Acegi HTTP Request Security Filter</filter-name>
+  <filter-name>Spring Security HTTP Request Security Filter</filter-name>
   <filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
   <init-param>
     <param-name>targetClass</param-name>
@@ -5726,13 +5730,13 @@ public aspect DomainObjectInstanceSecurityAspect implements InitializingBean {
 </filter>
 
 <filter-mapping>
-  <filter-name>Acegi HTTP Request Security Filter</filter-name>
+  <filter-name>Spring Security HTTP Request Security Filter</filter-name>
   <url-pattern>/*</url-pattern>
 </filter-mapping>
 
         Notice that the filter is actually a
         FilterToBeanProxy. Most of the filters used by
-        Acegi Security use this class. Refer to the Filters section to learn
+        Spring Security use this class. Refer to the Filters section to learn
         more about this bean.
 
         In the application context you will need to configure three
@@ -5774,7 +5778,7 @@ public aspect DomainObjectInstanceSecurityAspect implements InitializingBean {
         if the user requests a secure HTTP resource but they are not
         authenticated. The class handles presenting the appropriate response
         to the user so that authentication can begin. Three concrete
-        implementations are provided with Acegi Security:
+        implementations are provided with Spring Security:
         AuthenticationProcessingFilterEntryPoint for
         commencing a form-based authentication,
         BasicProcessingFilterEntryPoint for commencing a
@@ -5917,7 +5921,7 @@ public aspect DomainObjectInstanceSecurityAspect implements InitializingBean {
         only be able to see their own customer records. To make it a little
         more interesting, your customers can allow other users to see their
         customer records, such as their "puppy preschool "mentor or president
-        of their local "Pony Club". Using Acegi Security as the foundation,
+        of their local "Pony Club". Using Spring Security as the foundation,
         you have several approaches that can be used:
             
               Write your business methods to enforce the security. You
@@ -6093,7 +6097,7 @@ public aspect DomainObjectInstanceSecurityAspect implements InitializingBean {
         only be able to see their own customer records. To make it a little
         more interesting, your customers can allow other users to see their
         customer records, such as their "puppy preschool "mentor or president
-        of their local "Pony Club". Using Acegi Security as the foundation,
+        of their local "Pony Club". Using Spring Security as the foundation,
         you have several approaches that can be used:
             
               Write your business methods to enforce the security. You
@@ -6159,7 +6163,7 @@ public aspect DomainObjectInstanceSecurityAspect implements InitializingBean {
 
         Please note that our Basic ACL services are currently being
         refactored. We expect release 1.1.0 will contain this new code.
-        Planned code is already in the Acegi Security Subversion sandbox, so
+        Planned code is already in the Spring Security Subversion sandbox, so
         please check there if you have a new application requiring ACLs or are
         in the planning stages. The Basic ACL services will be deprecated from
         release 1.1.0.
@@ -6224,7 +6228,7 @@ public AclEntry[] getAcls(java.lang.Object domainInstance, Authentication authen
         With this background, let's now look at a usable ACL
         implementation.
 
-        Acegi Security includes a production-quality ACL provider
+        Spring Security includes a production-quality ACL provider
         implementation, which is shown in Figure 7.
 
         
@@ -6294,7 +6298,7 @@ public java.lang.Object getRecipient();
         a BasicAclDao against the provider, so different
         ACL repository types can be accessed in a pluggable manner. The
         BasicAclProvider also supports pluggable cache
-        providers (with Acegi Security including an implementation that fronts
+        providers (with Spring Security including an implementation that fronts
         EH-CACHE).
 
         The BasicAclDao interface is very simple to
@@ -6308,7 +6312,7 @@ public java.lang.Object getRecipient();
         appropriate BasicAclEntry objects and return
         them.
 
-        Acegi Security includes a single BasicAclDao
+        Spring Security includes a single BasicAclDao
         implementation called JdbcDaoImpl. As implied by
         the name, JdbcDaoImpl accesses ACL information from
         a JDBC database. There is also an extended version of this DAO,
@@ -6541,7 +6545,7 @@ END;
 
     
       In addition to this reference guide, a number of other resources
-      exist to help you learn how to use Acegi Security. These resources are
+      exist to help you learn how to use Spring Security. These resources are
       discussed in this section.
     
 
@@ -6551,31 +6555,31 @@ END;
       
         Contacts
 
-        Included with Acegi Security is a very simple application that
+        Included with Spring Security is a very simple application that
         can demonstrate the basic security facilities provided by the system
         (and confirm your Container Adapter is properly configured if you're
         using one).
 
         If you build from Subversion, the Contacts sample application
         includes three deployable versions:
-        acegi-security-sample-contacts-filter.war is
+        spring-security-sample-contacts-filter.war is
         configured with the HTTP Session Authentication approach.
-        Acegi-security-sample-contacts-ca.war
+        spring-security-sample-contacts-ca.war
         is configured to use a Container Adapter. Finally,
-        acegi-security-sample-contacts-cas.war is designed
+        spring-security-sample-contacts-cas.war is designed
         to work with a JA-SIG CAS server. If you're just wanting to see how
         the sample application works, please use
-        acegi-security-sample-contacts-filter.war
+        spring-security-sample-contacts-filter.war
         as it does not require special configuration of your container. This
         is also the artifact included in official release ZIPs.
 
-        To deploy, simply copy the relevant WAR file from Acegi Security
+        To deploy, simply copy the relevant WAR file from Spring Security
         distribution into your container’s webapps
         directory.
 
         After starting your container, check the application can load.
         Visit
-        http://localhost:8080/acegi-security-sample-contacts-filter
+        http://localhost:8080/spring-security-sample-contacts-filter
         (or whichever URL is appropriate for your web container and the WAR
         you deployed). A random contact should be displayed. Click "Refresh"
         several times and you will see different contacts. The business method
@@ -6594,11 +6598,11 @@ END;
           The Context implements SecurityContext.
 
           Authentication object is of type:
-              org.springframework.security.adapters.PrincipalAcegiUserToken
+              org.springframework.security.adapters.PrincipalSpringSecurityUserToken
           
 
           Authentication object as a String:
-              org.springframework.security.adapters.PrincipalAcegiUserToken@e9a7c2: Username:
+              org.springframework.security.adapters.PrincipalSpringSecurityUserToken@e9a7c2: Username:
           marissa; Password: [PROTECTED]; Authenticated: true; Granted
           Authorities: ROLE_TELLER, ROLE_SUPERVISOR
 
@@ -6614,7 +6618,7 @@ END;
         
 
         If you receive a different message, and deployed
-        acegi-security-sample-contacts-ca.war, check you
+        spring-security-sample-contacts-ca.war, check you
         have properly configured your Container Adapter as described elsewhere
         in this reference guide.
 
@@ -6626,8 +6630,8 @@ END;
         contacts. Behind the scenes, the
         MethodSecurityInterceptor is securing the business
         objects. If you're using
-        acegi-security-sample-contacts-filter.war
-        or acegi-security-sample-contacts-cas.war, the
+            or spring-security-sample-contacts-cas.war, the
+            spring-security-sample-contacts-filter.war
         FilterSecurityInterceptor is also securing the HTTP
         requests. If using either of these WARs, be sure to try visiting
         http://localhost:8080/contacts/secure/super, which
@@ -6641,7 +6645,7 @@ END;
         The Contacts sample application also include a
         client directory. Inside you will find a small
         application that queries the backend business objects using several
-        web services protocols. This demonstrates how to use Acegi Security
+        web services protocols. This demonstrates how to use Spring Security
         for authentication with Spring remoting protocols. To try this client,
         ensure your servlet container is still running the Contacts sample
         application, and then execute client marissa koala.
@@ -6708,7 +6712,7 @@ END;
       
         Use JIRA for Issue Tracking
 
-        Acegi Security uses JIRA to manage bug reports and enhancement
+        Spring Security uses JIRA to manage bug reports and enhancement
         requests. If you find a bug, please log a report using JIRA. Do not
         log it on the support forum, mailing list or by emailing the project's
         developers. Such approaches are ad-hoc and we prefer to manage bugs
@@ -6728,14 +6732,14 @@ END;
       
         Becoming Involved
 
-        We welcome you to become involved in Acegi Security project.
+        We welcome you to become involved in Spring Security project.
         There are many ways of contributing, including reading the mailing
         list and responding to questions from other people, writing new code,
         improving existing code, assisting with documentation, developing
         samples or tutorials, or simply making suggestions.
 
         Please read our project policies web page that is available on
-        Acegi Security home page. This explains the path to become a
+        Spring Security home page. This explains the path to become a
         committer, and the administration approaches we use within the
         project.
       
@@ -6743,7 +6747,7 @@ END;
       
         Further Information
 
-        Questions and comments on Acegi Security are welcome. Please use
+        Questions and comments on Spring Security are welcome. Please use
         the Spring Community Forum web site at  for all support
         issues. Remember to use JIRA for bug reports, as explained above.
diff --git a/src/site/apt/index.apt b/src/site/apt/index.apt
index 9c5b29ff06..a695ab7096 100644
--- a/src/site/apt/index.apt
+++ b/src/site/apt/index.apt
@@ -1,12 +1,12 @@
                                 --------------------------------
-                                Acegi Security System for Spring
+                                       Spring Security
                                 --------------------------------
 
-What is Acegi Security?
+What is Spring Security?
 
-      Acegi Security is a powerful, flexible security solution for enterprise software,
+      Spring Security is a powerful, flexible security solution for enterprise software,
 	  with a particular emphasis on applications that use
-	  {{{http://www.springframework.org/}Spring}}. Using Acegi Security provides your
+	  {{{http://www.springframework.org/}Spring}}. Using Spring Security provides your
 	  applications with comprehensive authentication, authorization, instance-based access control,
 	  channel security and human user detection capabilities.
 
@@ -30,12 +30,12 @@ Key Features
 
     * <> Using JA-SIG's open
         source {{{http://www.ja-sig.org/products/cas/}Central Authentication Service}} (CAS),
-        the Acegi Security can participate
+        the Spring Security can participate
         in an enterprise-wide single sign on environment. You no longer need
         every web application to have its own authentication database. Nor are
         you restricted to single sign on across a single web container. Advanced
         single sign on features like proxy support and forced refresh of logins
-        are supported by both CAS and Acegi Security.
+        are supported by both CAS and Spring Security.
 
     * <> We use Spring application
         contexts for all configuration, which should help Spring developers get
@@ -66,7 +66,7 @@ Key Features
         flexibility without adding security code to your Spring business
         objects.
 
-    * <> Acegi Security can not only protect
+    * <> Spring Security can not only protect
 		methods from being invoked in the first place, but it can also
 		deal with the objects returned from the methods. Included implementations
 		of after invocation security can throw an exception or mutate the returned
@@ -79,41 +79,41 @@ Key Features
         or Apache Ant paths, along with pluggable authentication, authorization
         and run-as replacement managers.
 
-    * <> Acegi Security can
+    * <> Spring Security can
         automatically redirect requests across an appropriate transport channel.
         Whilst flexible enough to support any of your "channel" requirements (eg
         the remote user is a human, not a robot), a common channel security
         feature is to ensure your secure pages will only be available over
-        HTTPS, and your public pages only over HTTP. Acegi Security also
+        HTTPS, and your public pages only over HTTP. Spring Security also
         supports unusual port combinations (including if accessed via an
         intermediate server like Apache) and pluggable transport decision
         managers.
 
     * <> Perfect for remoting
         protocols or those web applications that prefer a simple browser pop-up
-        (rather than a form login), Acegi Security can directly process HTTP
+        (rather than a form login), Spring Security can directly process HTTP
         BASIC authentication requests as per RFC 1945.
 
     * <> For greater security than
-        offered by BASIC authentcation, Acegi Security also supports Digest Authentication
+        offered by BASIC authentcation, Spring Security also supports Digest Authentication
         (which never sends the user's password across the wire). Digest Authentication
-        is widely supported by modern browsers. Acegi Security's implementation complies
+        is widely supported by modern browsers. Spring Security's implementation complies
         with both RFC 2617 and RFC 2069.
 
     * <> Authentication can be
         delegated through to CA's Siteminder solution, which is common in large
         corporate environments.
 
-    * <> Acegi Security can easily read
+    * <> Spring Security can easily read
         client-side X509 certificates for authenticating users.
 
-    * <> Do you have an LDAP directory? Acegi Security can
+    * <> Do you have an LDAP directory? Spring Security can
         happily authenticate against it.
 
     * <> Your JSP files can use our taglib
         to ensure that protected content like links and messages are only
         displayed to users holding the appropriate granted authorities. The taglib
-		also fully integrates with Acegi Security's ACL services, and
+		also fully integrates with Spring Security's ACL services, and
 		obtaining extra information about the logged-in principal.
 
     * <> You
@@ -121,7 +121,7 @@ Key Features
         project supports configuration via Spring application contexts, as well
         as Jakarta Commons Attributes and Java 5's annotations feature. Some users
         (such as those building content management systems) pull configuration data
-        from a database, which exemplifies Acegi Security's flexible configuration
+        from a database, which exemplifies Spring Security's flexible configuration
         metadata system.
 
     * <> We include the ability to
@@ -134,14 +134,14 @@ Key Features
         <<>> services, you can write your own listeners
         for authentication-related events, along with authorisation-related events.
 		This enables you to implement account lockout and audit log systems, with
-		complete decoupling from Acegi Security code.
+		complete decoupling from Spring Security code.
 
     * <> Our implementations
         have been designed to make it very easy to use your existing
         authentication schema and data (without modification). Of course,
 		you can also provide your own Data Access Object if you wish.
 
-    * <> Acegi Security integrates with Spring's {{{http://ehcache.sourceforge.net}EHCACHE}} factory.
+    * <> Spring Security integrates with Spring's {{{http://ehcache.sourceforge.net}EHCACHE}} factory.
         This flexibility means your database (or other authentication
         repository) is not repeatedly queried for authentication
         information.
@@ -157,7 +157,7 @@ Key Features
         corrected quickly.
 
     * <> Does your project use a rich client? Not a
-        problem. Acegi Security integrates with standard Spring remoting
+        problem. Spring Security integrates with standard Spring remoting
         protocols, because it automatically processes the HTTP BASIC
         authentication headers they present. Add our BASIC authentication filter
         to your web.xml and you're done. You can also easily use RMI or Digest
@@ -166,7 +166,7 @@ Key Features
     * <> Of course, passwords in your
         authentication repository need not be in plain text. We support both SHA
         and MD5 encoding, and also pluggable "salt" providers to maximise
-        password security. Acegi Security doesn't even need to see the password
+        password security. Spring Security doesn't even need to see the password
         if your backend can use a bind-based strategy for authentication (such as
         an LDAP directory, or a database login).
 
@@ -176,12 +176,12 @@ Key Features
         object tiers with different security configurations than your backend
         objects.
 
-    * <> Acegi Security can automatically
+    * <> Spring Security can automatically
 		transfer its core authentication information from one machine to another,
 		using a variety of protocols including RMI and Spring's HttpInvoker.
 
     * <> Even though
-		Acegi Security can deliver authentication using a range of pluggable mechanisms
+		Spring Security can deliver authentication using a range of pluggable mechanisms
 		(most of which require no web container configuration), we allow you to access
 		the resulting Authentication object via the getRemoteUser() and other
 		security methods on HttpServletRequest.
@@ -202,8 +202,8 @@ Key Features
         using an open source security package leverages the continuous design
         and code quality improvements that emerge from peer review.
 
-    * <> Well-known for its supportive community, Acegi Security
+    * <> Well-known for its supportive community, Spring Security
         has an active group of developers and users. Visit our project resources (below)
         to access these services.
 
-    * <> You can confidently use Acegi Security in your project.
+    * <> You can confidently use Spring Security in your project.
diff --git a/src/site/apt/petclinic-tutorial.apt b/src/site/apt/petclinic-tutorial.apt
index 011231e310..fba81bb5d1 100644
--- a/src/site/apt/petclinic-tutorial.apt
+++ b/src/site/apt/petclinic-tutorial.apt
@@ -10,10 +10,10 @@ Tutorial: Adding Security to Spring Petclinic
 * Preparation
 
     To complete this tutorial, you will require a servlet container (such as Tomcat)
-    and a general understanding of using Spring without Acegi Security. The Petclinic
+    and a general understanding of using Spring without Spring Security. The Petclinic
     sample itself is part of Spring and should help you learn Spring. We suggest you
     only try to learn one thing at a time, and start with Spring/Petclinic before
-    Acegi Security.
+    Spring Security.
 
 
 
@@ -21,18 +21,18 @@ Tutorial: Adding Security to Spring Petclinic
 
     * Spring 2.0 M4 with dependencies ZIP file
 
-    * Acegi Security 1.0.2
+    * Spring Security 1.0.2
 
 
-    Unzip both files. After unzipping Acegi Security, you'll need to unzip the
-    acegi-security-sample-tutorial.war file, because we need some files that are
+    Unzip both files. After unzipping Spring Security, you'll need to unzip the
+    spring-security-sample-tutorial.war file, because we need some files that are
     included within it. In the code below, we'll refer to the respective unzipped
     locations as %spring% and %acegi% (with the latter variable referring to the
     unzipped WAR, not the original ZIP). There is no need to setup any environment
     variables to complete the tutorial.
 
 
-* Add required Acegi Security files to Petclinic
+* Add required Spring Security files to Petclinic
 
 
     We now need to put some extra files into Petclinic. The following commands should work:
@@ -56,7 +56,7 @@ copy %acegi%\WEB-INF\lib\commons-codec-1.3.jar %spring%\samples\petclinic\war\WE
 +------------------------------------------------------
 
 
-  Acegi Filter Chain Proxy
+  Spring Security Filter Chain Proxy
   org.springframework.security.util.FilterToBeanProxy
   
     targetClass
@@ -65,7 +65,7 @@ copy %acegi%\WEB-INF\lib\commons-codec-1.3.jar %spring%\samples\petclinic\war\WE
 
 
 
-  Acegi Filter Chain Proxy
+  Spring Security Filter Chain Proxy
   /*
 
 
@@ -194,7 +194,7 @@ copy dist\petclinic.war %TOMCAT_HOME%\webapps
     You will receive an access denied error when you attempt to add a visit.
 
     To clean things up a bit, you might want to wrap up by hiding the "add visit" link
-    unless you are authorized to use it. Acegi Security provides a tag library to help
+    unless you are authorized to use it. Spring Security provides a tag library to help
     you do that. Edit %spring%\samples\petclinic\war\WEB-INF\jsp\owner.jsp. Add
     the following line to the top of the file:
 
@@ -220,6 +220,6 @@ copy dist\petclinic.war %TOMCAT_HOME%\webapps
     These steps can be applied to your own application. Although we do suggest
     that you visit http://acegisecurity.org
     and in particular review the "Suggested Steps" for getting started with Acegi
-    Security. The suggested steps are optimized for learning Acegi Security quickly
+    Security. The suggested steps are optimized for learning Spring Security quickly
     and applying it to your own projects. It also includes realistic time estimates
     for each step so you can plan your integration activities.

diff --git a/src/site/apt/suggested.apt b/src/site/apt/suggested.apt
index c4e811bacb..7509c22dff 100644
--- a/src/site/apt/suggested.apt
+++ b/src/site/apt/suggested.apt
@@ -1,11 +1,11 @@
                                 --------------------------------
-                                Acegi Security Suggested Steps
+                                Spring Security Suggested Steps
                                 --------------------------------
 
 Suggested Steps
 
   Presented below are the steps we encourage you to take in order to gain the most
-  out of Acegi Security in a realistic timeframe.
+  out of Spring Security in a realistic timeframe.
 
 
     [[1]] First of all, deploy the "Tutorial Sample", which is included in the main distribution
@@ -16,9 +16,9 @@ Suggested Steps
 
 
     [[2]] Next, follow the {{{petclinic-tutorial.html}Petclinic Tutorial}}, which
-    covers how to add Acegi Security to the commonly-used Petclinic sample application
+    covers how to add Spring Security to the commonly-used Petclinic sample application
     that ships with Spring. This will give you a hands-on approach to integrating
-    Acegi Security into your own application.
+    Spring Security into your own application.
 
 	Estimated time: 1 hour.
 
@@ -32,10 +32,10 @@ Suggested Steps
 	Estimated time: 1 day.
 
 	[[4]] If you have relatively simple security needs, you can probably start to integrate
-	Acegi Security into your application at this point. Just use the "Tutorial Sample"
+	Spring Security into your application at this point. Just use the "Tutorial Sample"
 	as your basis (now that you understand how it works). Those with more complicated
 	requirements should review the "Contacts Sample" application.
-	This will probably involve deploying <<>>,
+	This will probably involve deploying <<>>,
 	which is also included in the release ZIP file.
 
 	The purpose of understanding the "Contacts Sample" is to get a better feel for how method
@@ -66,7 +66,7 @@ Suggested Steps
 	Estimated time: 1-2 days.
 
 
-	[[5]]By now you will have a good grasp on how Acegi Security works, and all that is left to
+	[[5]]By now you will have a good grasp on how Spring Security works, and all that is left to
 	do is design your own application's implementation.
 
 
@@ -81,7 +81,7 @@ Suggested Steps
 	{{{reference.html}Reference Guide}},
 	{{{http://www.springframework.org}forums}}, and
 	{{{faq.html}FAQ}}
-	for help, you'll find it pretty easy to implement Acegi Security in your application.
+	for help, you'll find it pretty easy to implement Spring Security in your application.
 	Most importantly, you'll be using a security framework that offers you complete container
 	portability, flexibility, and community support - without needing to write and maintain your
 	own code.
@@ -93,10 +93,10 @@ Suggested Steps
   on how much experience you have, particularly with Java and Spring. They will also vary depending
   on how complex your intended security-enabled application will be. Some people need to push the domain
   object instance access control list capabilities to the maximum, whilst others don't even need anything
-  beyond web request security. The good thing is Acegi Security will either directly support your future
+  beyond web request security. The good thing is Spring Security will either directly support your future
   needs, or provide a clearly-defined extension point for addressing them.
 
 
   We welcome your feedback about how long it has actually taken you to complete each step, so we
   can update this page and help new users better assess their project timetables in the future.
-  Any other tips on what you found helpful in learning Acegi Security are also very welcome.
+  Any other tips on what you found helpful in learning Spring Security are also very welcome.
diff --git a/src/site/resources/dbinit.txt b/src/site/resources/dbinit.txt
index 90e97a6b1f..b33f3eaeff 100644
--- a/src/site/resources/dbinit.txt
+++ b/src/site/resources/dbinit.txt
@@ -2,9 +2,9 @@
 
 --- Sample Hypersonic SQL compatible schema and data
 ---
---- All Acegi Security JDBC DAOs can be customised to use a different schema.
---- In addition, the Acegi Security JDBC DAOs do not even need to be used
---- with Acegi Security, and an entirely customised persistence strategy
+--- All Spring Security JDBC DAOs can be customised to use a different schema.
+--- In addition, the Spring Security JDBC DAOs do not even need to be used
+--- with Spring Security, and an entirely customised persistence strategy
 --- can be employed via standard interfaces (eg in-memory, Hibernate etc).
 
 SET IGNORECASE TRUE;
diff --git a/src/site/site.xml b/src/site/site.xml
index 573572ce34..613fd734da 100644
--- a/src/site/site.xml
+++ b/src/site/site.xml
@@ -20,21 +20,21 @@
  * ========================================================================
 -->
 
-
+
   
-    Acegi Security on Sourceforge
+    Spring Security on Sourceforge
     http://sourceforge.net/sflogo.php?group_id=104215&type=5
     http://sourceforge.net/projects/acegisecurity
   
   
-    Acegi Security
+    Spring Security
     images/logo.gif
     http://acegisecurity.org/
   
 
   
     
-        
+        
     
 
     
@@ -58,7 +58,7 @@
       
       
       
-      
+      
       
       
     
diff --git a/src/site/xdoc/articles.xml b/src/site/xdoc/articles.xml
index d53ec22614..341bd10207 100644
--- a/src/site/xdoc/articles.xml
+++ b/src/site/xdoc/articles.xml
@@ -1,14 +1,14 @@
 
-External Web Articles covering Acegi Security
Here are some of the external pages mentioning Acegi Security. If you've
+External Web Articles covering Spring Security
Here are some of the external pages mentioning Spring Security. If you've
 	found another, please let us know.