SEC-1125: Further refactoring of web packages following creation of web module. Fixing samples.

cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilter.java

@@ -25,8 +25,8 @@ import org.springframework.security.AuthenticationException;
 
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 
-import org.springframework.security.ui.AbstractProcessingFilter;
-import org.springframework.security.ui.FilterChainOrder;
+import org.springframework.security.web.FilterChainOrder;
+import org.springframework.security.web.authentication.AbstractProcessingFilter;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilterEntryPoint.java

@@ -23,7 +23,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.jasig.cas.client.util.CommonUtils;
 import org.springframework.security.AuthenticationException;
-import org.springframework.security.ui.AuthenticationEntryPoint;
+import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
 

config/pom.xml

@@ -22,22 +22,28 @@
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-web</artifactId>
+            <artifactId>spring-security-core</artifactId>
             <version>${project.version}</version>
             <classifier>tests</classifier>
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>commons-logging</groupId>
-            <artifactId>commons-logging</artifactId>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+            <version>${project.version}</version>
+            <classifier>tests</classifier>
+            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-core</artifactId>
+            <artifactId>spring-security-openid</artifactId>
             <version>${project.version}</version>
-            <classifier>tests</classifier>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>commons-logging</groupId>
+            <artifactId>commons-logging</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-ldap</artifactId>

config/src/main/java/org/springframework/security/config/AnonymousBeanDefinitionParser.java

@@ -8,8 +8,8 @@ import org.springframework.beans.factory.parsing.BeanComponentDefinition;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider;
-import org.springframework.security.ui.anonymous.AnonymousProcessingFilter;
+import org.springframework.security.providers.AnonymousAuthenticationProvider;
+import org.springframework.security.web.authentication.AnonymousProcessingFilter;
 import org.springframework.util.StringUtils;
 import org.w3c.dom.Element;
 

config/src/main/java/org/springframework/security/config/BasicAuthenticationBeanDefinitionParser.java

@@ -7,8 +7,8 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.ui.basicauth.BasicProcessingFilter;
-import org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint;
+import org.springframework.security.web.authentication.www.BasicProcessingFilter;
+import org.springframework.security.web.authentication.www.BasicProcessingFilterEntryPoint;
 import org.w3c.dom.Element;
 
 /**

config/src/main/java/org/springframework/security/config/CachingUserDetailsService.java

@@ -1,9 +1,9 @@
 package org.springframework.security.config;
 
-import org.springframework.security.providers.dao.UserCache;
-import org.springframework.security.providers.dao.cache.NullUserCache;
+import org.springframework.security.userdetails.UserCache;
 import org.springframework.security.userdetails.UserDetailsService;
 import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.cache.NullUserCache;
 import org.springframework.util.Assert;
 
 /**

config/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java

@@ -10,9 +10,9 @@ import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
-import org.springframework.security.concurrent.ConcurrentSessionFilter;
-import org.springframework.security.concurrent.SessionRegistryImpl;
 import org.springframework.security.providers.ProviderManager;
+import org.springframework.security.web.concurrent.ConcurrentSessionFilter;
+import org.springframework.security.web.concurrent.SessionRegistryImpl;
 import org.springframework.util.StringUtils;
 import org.w3c.dom.Element;
 

config/src/main/java/org/springframework/security/config/EntryPointInjectionBeanPostProcessor.java

@@ -9,8 +9,8 @@ import org.springframework.beans.factory.BeanFactory;
 import org.springframework.beans.factory.BeanFactoryAware;
 import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.security.ui.AuthenticationEntryPoint;
-import org.springframework.security.ui.ExceptionTranslationFilter;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.ExceptionTranslationFilter;
 import org.springframework.util.Assert;
 
 /**

config/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java

@@ -18,19 +18,19 @@ import org.springframework.core.OrderComparator;
 import org.springframework.core.Ordered;
 import org.springframework.security.ConfigAttribute;
 import org.springframework.security.config.ConfigUtils.FilterChainList;
-import org.springframework.security.context.web.SecurityContextPersistenceFilter;
-import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
-import org.springframework.security.intercept.web.FilterSecurityInterceptor;
-import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
-import org.springframework.security.ui.ExceptionTranslationFilter;
-import org.springframework.security.ui.SessionFixationProtectionFilter;
-import org.springframework.security.ui.anonymous.AnonymousProcessingFilter;
-import org.springframework.security.ui.basicauth.BasicProcessingFilter;
-import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
-import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
-import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
-import org.springframework.security.web.util.FilterChainProxy;
-import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
+import org.springframework.security.providers.AnonymousAuthenticationToken;
+import org.springframework.security.web.ExceptionTranslationFilter;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.security.web.SessionFixationProtectionFilter;
+import org.springframework.security.web.authentication.AnonymousProcessingFilter;
+import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
+import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
+import org.springframework.security.web.authentication.www.BasicProcessingFilter;
+import org.springframework.security.web.context.SecurityContextPersistenceFilter;
+import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.intercept.FilterSecurityInterceptor;
+import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
 
 /**
  *

config/src/main/java/org/springframework/security/config/FilterInvocationSecurityMetadataSourceBeanDefinitionParser.java

@@ -7,10 +7,10 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.ConfigAttribute;
-import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
-import org.springframework.security.intercept.web.RequestKey;
 import org.springframework.security.util.AntUrlPathMatcher;
 import org.springframework.security.util.UrlMatcher;
+import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.intercept.RequestKey;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
@@ -24,7 +24,7 @@ import org.w3c.dom.Element;
 public class FilterInvocationSecurityMetadataSourceBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
 
     protected String getBeanClassName(Element element) {
-        return "org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource";
+        return "org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource";
     }
 
     protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {

config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java

@@ -7,10 +7,10 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.ui.SavedRequestAwareAuthenticationSuccessHandler;
-import org.springframework.security.ui.SimpleUrlAuthenticationFailureHandler;
-import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
-import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
+import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
+import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.util.StringUtils;
 
 import org.w3c.dom.Element;

config/src/main/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParser.java

@@ -45,10 +45,10 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
     private final Log logger = LogFactory.getLog(getClass());
 
-    private static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.SecuredMethodSecurityMetadataSource";
-    private static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource";
-    private static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource";
-    private static final String JSR_250_VOTER_CLASS = "org.springframework.security.annotation.Jsr250Voter";
+    static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.SecuredMethodSecurityMetadataSource";
+    static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource";
+    static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource";
+    static final String JSR_250_VOTER_CLASS = "org.springframework.security.annotation.Jsr250Voter";
 
     /*
      * Internal Bean IDs which are only used within this class

config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java

@@ -19,30 +19,30 @@ import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.ConfigAttribute;
 import org.springframework.security.ConfigAttributeEditor;
 import org.springframework.security.SecurityConfig;
-import org.springframework.security.context.web.HttpSessionSecurityContextRepository;
-import org.springframework.security.context.web.SecurityContextPersistenceFilter;
-import org.springframework.security.expression.web.WebExpressionVoter;
-import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
-import org.springframework.security.intercept.web.FilterSecurityInterceptor;
-import org.springframework.security.intercept.web.RequestKey;
-import org.springframework.security.securechannel.ChannelDecisionManagerImpl;
-import org.springframework.security.securechannel.ChannelProcessingFilter;
-import org.springframework.security.securechannel.InsecureChannelProcessor;
-import org.springframework.security.securechannel.RetryWithHttpEntryPoint;
-import org.springframework.security.securechannel.RetryWithHttpsEntryPoint;
-import org.springframework.security.securechannel.SecureChannelProcessor;
-import org.springframework.security.ui.AccessDeniedHandlerImpl;
-import org.springframework.security.ui.ExceptionTranslationFilter;
-import org.springframework.security.ui.SessionFixationProtectionFilter;
-import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
 import org.springframework.security.util.AntUrlPathMatcher;
 import org.springframework.security.util.RegexUrlPathMatcher;
 import org.springframework.security.util.UrlMatcher;
 import org.springframework.security.vote.AccessDecisionVoter;
 import org.springframework.security.vote.AuthenticatedVoter;
 import org.springframework.security.vote.RoleVoter;
-import org.springframework.security.web.util.FilterChainProxy;
-import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
+import org.springframework.security.web.AccessDeniedHandlerImpl;
+import org.springframework.security.web.ExceptionTranslationFilter;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.security.web.SessionFixationProtectionFilter;
+import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
+import org.springframework.security.web.context.SecurityContextPersistenceFilter;
+import org.springframework.security.web.expression.WebExpressionVoter;
+import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.intercept.FilterSecurityInterceptor;
+import org.springframework.security.web.intercept.RequestKey;
+import org.springframework.security.web.securechannel.ChannelDecisionManagerImpl;
+import org.springframework.security.web.securechannel.ChannelProcessingFilter;
+import org.springframework.security.web.securechannel.InsecureChannelProcessor;
+import org.springframework.security.web.securechannel.RetryWithHttpEntryPoint;
+import org.springframework.security.web.securechannel.RetryWithHttpsEntryPoint;
+import org.springframework.security.web.securechannel.SecureChannelProcessor;
+import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
@@ -106,8 +106,12 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
     private static final String ATT_DISABLE_URL_REWRITING = "disable-url-rewriting";
 
-    private static final String EXPRESSION_FIDS_CLASS = "org.springframework.security.expression.web.ExpressionBasedFilterInvocationSecurityMetadataSource";
-    private static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.expression.web.support.DefaultWebSecurityExpressionHandler";
+    static final String OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProcessingFilter";
+    static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider";
+    static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.AuthenticationProcessingFilter";
+
+    static final String EXPRESSION_FIMDS_CLASS = "org.springframework.security.web.expression.ExpressionBasedFilterInvocationSecurityMetadataSource";
+    static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.web.expression.DefaultWebSecurityExpressionHandler";
     private static final String EXPRESSION_HANDLER_ID = "_webExpressionHandler";
 
     @SuppressWarnings("unchecked")
@@ -166,7 +170,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
                 expressionHandlerRef = EXPRESSION_HANDLER_ID;
             }
 
-            fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(EXPRESSION_FIDS_CLASS);
+            fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(EXPRESSION_FIMDS_CLASS);
             fidsBuilder.addConstructorArgValue(matcher);
             fidsBuilder.addConstructorArgValue(requestToAttributesMap);
             fidsBuilder.addConstructorArgReference(expressionHandlerRef);
@@ -437,7 +441,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
         if (formLoginElt != null || autoConfig) {
             FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_security_check",
-                    "org.springframework.security.ui.webapp.AuthenticationProcessingFilter");
+                    AUTHENTICATION_PROCESSING_FILTER_CLASS);
 
             parser.parse(formLoginElt, pc);
             formLoginFilter = parser.getFilterBean();
@@ -449,7 +453,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
         if (openIDLoginElt != null) {
             FormLoginBeanDefinitionParser parser = new FormLoginBeanDefinitionParser("/j_spring_openid_security_check",
-                    "org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter");
+                    OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS);
 
             parser.parse(openIDLoginElt, pc);
             openIDFilter = parser.getFilterBean();
@@ -457,7 +461,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
             openIDLoginPage = parser.getLoginPage();
 
             BeanDefinitionBuilder openIDProviderBuilder =
-                BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.providers.openid.OpenIDAuthenticationProvider");
+                BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
 
             String userService = openIDLoginElt.getAttribute(ATT_USER_SERVICE_REF);
 

config/src/main/java/org/springframework/security/config/LogoutBeanDefinitionParser.java

@@ -6,8 +6,8 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.ManagedList;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.ui.logout.LogoutFilter;
-import org.springframework.security.ui.logout.SecurityContextLogoutHandler;
+import org.springframework.security.web.logout.LogoutFilter;
+import org.springframework.security.web.logout.SecurityContextLogoutHandler;
 import org.springframework.util.StringUtils;
 import org.w3c.dom.Element;
 

config/src/main/java/org/springframework/security/config/OrderedFilterBeanDefinitionDecorator.java

@@ -15,7 +15,7 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.core.Ordered;
-import org.springframework.security.ui.FilterChainOrder;
+import org.springframework.security.web.FilterChainOrder;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import org.w3c.dom.Element;

config/src/main/java/org/springframework/security/config/PortMappingsBeanDefinitionParser.java

@@ -1,6 +1,6 @@
 package org.springframework.security.config;
 
-import org.springframework.security.web.util.PortMapperImpl;
+import org.springframework.security.web.PortMapperImpl;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.beans.factory.config.BeanDefinition;
@@ -15,7 +15,7 @@ import java.util.Map;
 import java.util.HashMap;
 
 /**
- * Parses a port-mappings element, producing a single {@link org.springframework.security.web.util.PortMapperImpl}
+ * Parses a port-mappings element, producing a single {@link org.springframework.security.web.PortMapperImpl}
  * bean.
  *
  * @author Luke Taylor

config/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java

@@ -7,11 +7,11 @@ import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.ui.rememberme.JdbcTokenRepositoryImpl;
-import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMeServices;
-import org.springframework.security.ui.rememberme.RememberMeProcessingFilter;
-import org.springframework.security.ui.rememberme.TokenBasedRememberMeServices;
-import org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider;
+import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
+import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
+import org.springframework.security.web.authentication.rememberme.RememberMeProcessingFilter;
+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
+import org.springframework.security.providers.RememberMeAuthenticationProvider;
 import org.springframework.util.StringUtils;
 import org.w3c.dom.Element;
 

config/src/main/java/org/springframework/security/config/RememberMeServicesInjectionBeanPostProcessor.java

@@ -9,9 +9,9 @@ import org.springframework.beans.factory.BeanFactory;
 import org.springframework.beans.factory.BeanFactoryAware;
 import org.springframework.beans.factory.ListableBeanFactory;
 import org.springframework.beans.factory.config.BeanPostProcessor;
-import org.springframework.security.ui.AbstractProcessingFilter;
-import org.springframework.security.ui.basicauth.BasicProcessingFilter;
-import org.springframework.security.ui.rememberme.RememberMeServices;
+import org.springframework.security.web.authentication.AbstractProcessingFilter;
+import org.springframework.security.web.authentication.rememberme.RememberMeServices;
+import org.springframework.security.web.authentication.www.BasicProcessingFilter;
 import org.springframework.util.Assert;
 
 /**

config/src/main/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessor.java

@@ -11,8 +11,8 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.security.concurrent.ConcurrentSessionController;
 import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
 import org.springframework.security.concurrent.SessionRegistry;
-import org.springframework.security.ui.AbstractProcessingFilter;
-import org.springframework.security.ui.SessionFixationProtectionFilter;
+import org.springframework.security.web.SessionFixationProtectionFilter;
+import org.springframework.security.web.authentication.AbstractProcessingFilter;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

config/src/main/java/org/springframework/security/config/UserDetailsServiceInjectionBeanPostProcessor.java

@@ -13,9 +13,9 @@ import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider;
-import org.springframework.security.ui.rememberme.AbstractRememberMeServices;
 import org.springframework.security.userdetails.UserDetailsByNameServiceWrapper;
 import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
 import org.springframework.util.Assert;
 
 /**

config/src/main/java/org/springframework/security/config/X509BeanDefinitionParser.java

@@ -1,9 +1,9 @@
 package org.springframework.security.config;
 
-import org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint;
-import org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter;
-import org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor;
 import org.springframework.security.userdetails.UserDetailsByNameServiceWrapper;
+import org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint;
+import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
+import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
 import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;

config/src/test/java/org/springframework/security/config/FilterInvocationSecurityMetadataSourceBeanDefinitionParserTests.java

@@ -1,6 +1,7 @@
 package org.springframework.security.config;
 
 import static org.junit.Assert.*;
+import static org.mockito.Mockito.*;
 
 import java.util.List;
 
@@ -13,15 +14,16 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.ConfigAttribute;
 import org.springframework.security.SecurityConfig;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
-import org.springframework.security.intercept.web.DefaultFilterInvocationSecurityMetadataSource;
-import org.springframework.security.intercept.web.FilterInvocation;
+import org.springframework.security.web.intercept.DefaultFilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.intercept.FilterInvocation;
+import org.w3c.dom.Element;
 
 /**
- *
+ * Tests for {@link FilterInvocationSecurityMetadataSourceBeanDefinitionParser}.
  * @author Luke Taylor
  * @version $Id$
  */
-public class FilterInvocationDefinitionSourceParserTests {
+public class FilterInvocationSecurityMetadataSourceBeanDefinitionParserTests {
     private AbstractXmlApplicationContext appContext;
 
     @After
@@ -36,6 +38,11 @@ public class FilterInvocationDefinitionSourceParserTests {
         appContext = new InMemoryXmlApplicationContext(context);
     }
 
+    @Test
+    public void beanClassNameIsCorrect() throws Exception {
+        assertEquals(DefaultFilterInvocationSecurityMetadataSource.class.getName(), new FilterInvocationSecurityMetadataSourceBeanDefinitionParser().getBeanClassName(mock(Element.class)));
+    }
+
     @Test
     public void parsingMinimalConfigurationIsSuccessful() {
         setContext(
@@ -52,7 +59,7 @@ public class FilterInvocationDefinitionSourceParserTests {
     public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
         setContext(
                 "<http auto-config='true'/>" +
-                "<b:bean id='fsi' class='org.springframework.security.intercept.web.FilterSecurityInterceptor' autowire='byType'>" +
+                "<b:bean id='fsi' class='org.springframework.security.web.intercept.FilterSecurityInterceptor' autowire='byType'>" +
                 "   <b:property name='securityMetadataSource'>" +
                 "       <filter-invocation-definition-source>" +
                 "           <intercept-url pattern='/secure/extreme/**' access='ROLE_SUPERVISOR'/>" +

config/src/test/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParserTests.java

@@ -1,6 +1,7 @@
 package org.springframework.security.config;
 
 import static org.junit.Assert.*;
+import static org.springframework.security.config.GlobalMethodSecurityBeanDefinitionParser.*;
 import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
 
 import java.util.ArrayList;
@@ -14,8 +15,12 @@ import org.springframework.security.AccessDeniedException;
 import org.springframework.security.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
 import org.springframework.security.annotation.BusinessService;
+import org.springframework.security.annotation.Jsr250MethodSecurityMetadataSource;
+import org.springframework.security.annotation.Jsr250Voter;
+import org.springframework.security.annotation.SecuredMethodSecurityMetadataSource;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.expression.method.ExpressionAnnotationMethodSecurityMetadataSource;
 import org.springframework.security.expression.method.MethodExpressionAfterInvocationProvider;
 import org.springframework.security.expression.method.MethodExpressionVoter;
 import org.springframework.security.providers.TestingAuthenticationToken;
@@ -56,6 +61,14 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
         target = null;
     }
 
+    @Test
+    public void beanClassNamesAreCorrect() throws Exception {
+        assertEquals(SecuredMethodSecurityMetadataSource.class.getName(), SECURED_METHOD_DEFINITION_SOURCE_CLASS);
+        assertEquals(ExpressionAnnotationMethodSecurityMetadataSource.class.getName(), EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS);
+        assertEquals(Jsr250MethodSecurityMetadataSource.class.getName(), JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS);
+        assertEquals(Jsr250Voter.class.getName(), JSR_250_VOTER_CLASS);
+    }
+
     @Test(expected=AuthenticationCredentialsNotFoundException.class)
     public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
         loadContext();

config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java

@@ -2,6 +2,7 @@ package org.springframework.security.config;
 
 import static org.junit.Assert.*;
 import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
+import static org.springframework.security.config.HttpSecurityBeanDefinitionParser.*;
 
 import java.lang.reflect.Method;
 import java.util.Iterator;
@@ -24,34 +25,43 @@ import org.springframework.security.MockAuthenticationEntryPoint;
 import org.springframework.security.SecurityConfig;
 import org.springframework.security.concurrent.ConcurrentLoginException;
 import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
-import org.springframework.security.concurrent.ConcurrentSessionFilter;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.context.web.HttpSessionSecurityContextRepository;
-import org.springframework.security.context.web.SecurityContextPersistenceFilter;
-import org.springframework.security.intercept.web.FilterInvocation;
-import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
-import org.springframework.security.intercept.web.FilterSecurityInterceptor;
+import org.springframework.security.openid.OpenIDAuthenticationProcessingFilter;
+import org.springframework.security.openid.OpenIDAuthenticationProvider;
 import org.springframework.security.providers.TestingAuthenticationToken;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.securechannel.ChannelProcessingFilter;
-import org.springframework.security.ui.AuthenticationFailureHandler;
-import org.springframework.security.ui.AuthenticationSuccessHandler;
-import org.springframework.security.ui.ExceptionTranslationFilter;
-import org.springframework.security.ui.SessionFixationProtectionFilter;
-import org.springframework.security.ui.WebAuthenticationDetails;
-import org.springframework.security.ui.anonymous.AnonymousProcessingFilter;
-import org.springframework.security.ui.basicauth.BasicProcessingFilter;
-import org.springframework.security.ui.logout.LogoutFilter;
-import org.springframework.security.ui.logout.LogoutHandler;
-import org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter;
-import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMeServices;
-import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
-import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
 import org.springframework.security.util.FieldUtils;
-import org.springframework.security.web.util.FilterChainProxy;
-import org.springframework.security.web.util.PortMapperImpl;
-import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
+import org.springframework.security.web.ExceptionTranslationFilter;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.security.web.PortMapperImpl;
+import org.springframework.security.web.SessionFixationProtectionFilter;
+import org.springframework.security.web.WebAuthenticationDetails;
+import org.springframework.security.web.authentication.AnonymousProcessingFilter;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.DefaultLoginPageGeneratingFilter;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
+import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
+import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
+import org.springframework.security.web.authentication.www.BasicProcessingFilter;
+import org.springframework.security.web.concurrent.ConcurrentSessionFilter;
+import org.springframework.security.web.concurrent.SessionRegistryImpl;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
+import org.springframework.security.web.context.SecurityContextPersistenceFilter;
+import org.springframework.security.web.expression.DefaultWebSecurityExpressionHandler;
+import org.springframework.security.web.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.intercept.FilterInvocation;
+import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.intercept.FilterSecurityInterceptor;
+import org.springframework.security.web.logout.LogoutFilter;
+import org.springframework.security.web.logout.LogoutHandler;
+import org.springframework.security.web.securechannel.ChannelProcessingFilter;
+import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
 import org.springframework.util.ReflectionUtils;
 
 /**
@@ -76,6 +86,15 @@ public class HttpSecurityBeanDefinitionParserTests {
         setContext("<http><http-basic /></http>" + AUTH_PROVIDER_XML);
     }
 
+    @Test
+    public void beanClassNamesAreCorrect() throws Exception {
+        assertEquals(DefaultWebSecurityExpressionHandler.class.getName(), EXPRESSION_HANDLER_CLASS);
+        assertEquals(ExpressionBasedFilterInvocationSecurityMetadataSource.class.getName(), EXPRESSION_FIMDS_CLASS);
+        assertEquals(AuthenticationProcessingFilter.class.getName(), AUTHENTICATION_PROCESSING_FILTER_CLASS);
+        assertEquals(OpenIDAuthenticationProcessingFilter.class.getName(), OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS);
+        assertEquals(OpenIDAuthenticationProvider.class.getName(), OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
+    }
+
     @Test
     public void httpAutoConfigSetsUpCorrectFilterList() throws Exception {
         setContext("<http auto-config='true' />" + AUTH_PROVIDER_XML);
@@ -142,7 +161,7 @@ public class HttpSecurityBeanDefinitionParserTests {
         // This will be matched by the default pattern ".*"
         List<Filter> allFilters = getFilters("/ImCaughtByTheUniversalMatchPattern");
         checkAutoConfigFilters(allFilters);
-        assertEquals(false, FieldUtils.getFieldValue(appContext.getBean("_filterChainProxy"), "stripQueryStringFromUrls"));
+        assertEquals(false, FieldUtils.getFieldValue(appContext.getBean(BeanIds.FILTER_CHAIN_PROXY), "stripQueryStringFromUrls"));
         assertEquals(false, FieldUtils.getFieldValue(allFilters.get(AUTO_CONFIG_FILTERS-1), "securityMetadataSource.stripQueryStringFromUrls"));
     }
 
@@ -335,19 +354,22 @@ public class HttpSecurityBeanDefinitionParserTests {
     @Test
     public void externalFiltersAreTreatedCorrectly() throws Exception {
         // Decorated user-filters should be added to stack. The others should be ignored.
+        String contextHolderFilterClass = SecurityContextHolderAwareRequestFilter.class.getName();
+        String contextPersistenceFilterClass = SecurityContextPersistenceFilter.class.getName();
+
         setContext(
                 "<http auto-config='true'/>" + AUTH_PROVIDER_XML +
-                "<b:bean id='userFilter' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" +
+                "<b:bean id='userFilter' class='"+ contextHolderFilterClass +"'>" +
                 "    <custom-filter after='LOGOUT_FILTER'/>" +
                 "</b:bean>" +
-                "<b:bean id='userFilter1' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'>" +
+                "<b:bean id='userFilter1' class='" + contextPersistenceFilterClass + "'>" +
                 "    <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER'/>" +
                 "</b:bean>" +
-                "<b:bean id='userFilter2' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'>" +
+                "<b:bean id='userFilter2' class='" + contextPersistenceFilterClass + "'>" +
                 "    <custom-filter position='FIRST'/>" +
                 "</b:bean>" +
-                "<b:bean id='userFilter3' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'/>" +
-                "<b:bean id='userFilter4' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'/>"
+                "<b:bean id='userFilter3' class='" + contextPersistenceFilterClass + "'/>" +
+                "<b:bean id='userFilter4' class='"+ contextHolderFilterClass +"'/>"
                 );
         List<Filter> filters = getFilters("/someurl");
 
@@ -361,7 +383,7 @@ public class HttpSecurityBeanDefinitionParserTests {
     public void twoFiltersWithSameOrderAreRejected() {
         setContext(
                 "<http auto-config='true'/>" + AUTH_PROVIDER_XML +
-                "<b:bean id='userFilter' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" +
+                "<b:bean id='userFilter' class='" + SecurityContextHolderAwareRequestFilter.class.getName() + "'>" +
                 "    <custom-filter position='LOGOUT_FILTER'/>" +
                 "</b:bean>");
     }
@@ -373,7 +395,7 @@ public class HttpSecurityBeanDefinitionParserTests {
             "    <remember-me token-repository-ref='tokenRepo'/>" +
             "</http>" +
             "<b:bean id='tokenRepo' " +
-                    "class='org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl'/> " + AUTH_PROVIDER_XML);
+                    "class='" + InMemoryTokenRepositoryImpl.class.getName() + "'/> " + AUTH_PROVIDER_XML);
         Object rememberMeServices = appContext.getBean(BeanIds.REMEMBER_ME_SERVICES);
 
         assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices);
@@ -400,7 +422,7 @@ public class HttpSecurityBeanDefinitionParserTests {
                 "<http auto-config='true'>" +
                 "    <remember-me key='ourkey' services-ref='rms'/>" +
                 "</http>" +
-                "<b:bean id='rms' class='org.springframework.security.ui.rememberme.TokenBasedRememberMeServices'> " +
+                "<b:bean id='rms' class='"+ TokenBasedRememberMeServices.class.getName() +"'> " +
                 "    <b:property name='userDetailsService' ref='us'/>" +
                 "    <b:property name='key' value='ourkey'/>" +
                 "    <b:property name='tokenValiditySeconds' value='5000'/>" +
@@ -486,7 +508,7 @@ public class HttpSecurityBeanDefinitionParserTests {
                 "<http auto-config='true'>" +
                 "    <concurrent-session-control session-registry-ref='seshRegistry' />" +
                 "</http>" +
-                "<b:bean id='seshRegistry' class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
+                "<b:bean id='seshRegistry' class='" + SessionRegistryImpl.class.getName() + "'/>" +
                 AUTH_PROVIDER_XML);
         Object sessionRegistry = appContext.getBean("seshRegistry");
         Object sessionRegistryFromFilter = FieldUtils.getFieldValue(
@@ -508,9 +530,9 @@ public class HttpSecurityBeanDefinitionParserTests {
                 "<http auto-config='true'>" +
                 "    <concurrent-session-control session-registry-alias='seshRegistry' expired-url='/expired'/>" +
                 "</http>" +
-                "<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" +
+                "<b:bean id='sc' class='" + ConcurrentSessionControllerImpl.class.getName() +"'>" +
                 "  <b:property name='sessionRegistry'>" +
-                "    <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
+                "    <b:bean class='"+ SessionRegistryImpl.class.getName() + "'/>" +
                 "  </b:property>" +
                 "</b:bean>" + AUTH_PROVIDER_XML);
     }
@@ -523,7 +545,7 @@ public class HttpSecurityBeanDefinitionParserTests {
                 "</http>" +
                 "<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" +
                 "  <b:property name='sessionRegistry'>" +
-                "    <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
+                "    <b:bean class='" + SessionRegistryImpl.class.getName() + "'/>" +
                 "  </b:property>" +
                 "</b:bean>" +
                 "<authentication-manager alias='authManager' session-controller-ref='sc'/>" + AUTH_PROVIDER_XML);
@@ -564,7 +586,7 @@ public class HttpSecurityBeanDefinitionParserTests {
     public void customEntryPointIsSupported() throws Exception {
         setContext(
                 "<http auto-config='true' entry-point-ref='entryPoint'/>" +
-                "<b:bean id='entryPoint' class='org.springframework.security.MockAuthenticationEntryPoint'>" +
+                "<b:bean id='entryPoint' class='" + MockAuthenticationEntryPoint.class.getName() + "'>" +
                 "    <b:constructor-arg value='/customlogin'/>" +
                 "</b:bean>" + AUTH_PROVIDER_XML);
         ExceptionTranslationFilter etf = (ExceptionTranslationFilter) getFilters("/someurl").get(AUTO_CONFIG_FILTERS-3);
@@ -693,7 +715,7 @@ public class HttpSecurityBeanDefinitionParserTests {
     @Test
     public void supportsExternallyDefinedSecurityContextRepository() throws Exception {
         setContext(
-                "<b:bean id='repo' class='org.springframework.security.context.web.HttpSessionSecurityContextRepository'/>" +
+                "<b:bean id='repo' class='" + HttpSessionSecurityContextRepository.class.getName() + "'/>" +
                 "<http create-session='always' security-context-repository-ref='repo'>" +
                 "    <http-basic />" +
                 "</http>" + AUTH_PROVIDER_XML);
@@ -706,7 +728,7 @@ public class HttpSecurityBeanDefinitionParserTests {
     @Test(expected=BeanDefinitionParsingException.class)
     public void cantUseUnsupportedSessionCreationAttributeWithExternallyDefinedSecurityContextRepository() throws Exception {
         setContext(
-                "<b:bean id='repo' class='org.springframework.security.context.web.HttpSessionSecurityContextRepository'/>" +
+                "<b:bean id='repo' class='" + HttpSessionSecurityContextRepository.class.getName() + "'/>" +
                 "<http create-session='never' security-context-repository-ref='repo'>" +
                 "    <http-basic />" +
                 "</http>" + AUTH_PROVIDER_XML);
@@ -746,8 +768,8 @@ public class HttpSecurityBeanDefinitionParserTests {
                 "<http>" +
                 "   <form-login authentication-success-handler-ref='sh' authentication-failure-handler-ref='fh'/>" +
                 "</http>" +
-                "<b:bean id='sh' class='org.springframework.security.ui.SavedRequestAwareAuthenticationSuccessHandler'/>" +
-                "<b:bean id='fh' class='org.springframework.security.ui.SimpleUrlAuthenticationFailureHandler'/>" +
+                "<b:bean id='sh' class='" + SavedRequestAwareAuthenticationSuccessHandler.class.getName() +"'/>" +
+                "<b:bean id='fh' class='" + SimpleUrlAuthenticationFailureHandler.class.getName() + "'/>" +
                 AUTH_PROVIDER_XML);
         AuthenticationProcessingFilter apf = (AuthenticationProcessingFilter) appContext.getBean(BeanIds.FORM_LOGIN_FILTER);
         AuthenticationSuccessHandler sh = (AuthenticationSuccessHandler) appContext.getBean("sh");

config/src/test/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessorTests.java

@@ -8,8 +8,10 @@ import org.springframework.context.support.AbstractXmlApplicationContext;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.concurrent.ConcurrentSessionController;
+import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.util.FieldUtils;
+import org.springframework.security.web.concurrent.SessionRegistryImpl;
 
 /**
  *
@@ -35,9 +37,9 @@ public class SessionRegistryInjectionBeanPostProcessorTests {
     public void sessionRegistryIsSetOnFiltersWhenUsingCustomControllerWithInternalRegistryBean() throws Exception {
         setContext(
                 "<http auto-config='true'/>" +
-                "<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" +
+                "<b:bean id='sc' class='" + ConcurrentSessionControllerImpl.class.getName() + "'>" +
                 "  <b:property name='sessionRegistry'>" +
-                "      <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
+                "      <b:bean class='" + SessionRegistryImpl.class.getName() + "'/>" +
                 "  </b:property>" +
                 "</b:bean>" +
                 "<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
@@ -51,7 +53,7 @@ public class SessionRegistryInjectionBeanPostProcessorTests {
         setContext(
                 "<http auto-config='true'/>" +
                 "<b:bean id='sc' class='org.springframework.security.config.SessionRegistryInjectionBeanPostProcessorTests$MockConcurrentSessionController'/>" +
-                "<b:bean id='sessionRegistry' class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
+                "<b:bean id='sessionRegistry' class='" + SessionRegistryImpl.class.getName() + "'/>" +
                 "<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
                 ConfigTestUtils.AUTH_PROVIDER_XML);
         assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER), "sessionRegistry"));

config/src/test/java/org/springframework/security/util/FilterChainProxyConfigTests.java

@@ -34,10 +34,10 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.MockFilterConfig;
-import org.springframework.security.context.web.SecurityContextPersistenceFilter;
-import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
-import org.springframework.security.web.util.FilterChainProxy;
-import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
+import org.springframework.security.web.context.SecurityContextPersistenceFilter;
+import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
 
 /**
  * Tests {@link FilterChainProxy}.

config/src/test/resources/org/springframework/security/util/filtertest-valid.xml

@@ -24,14 +24,14 @@
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
 
-    <bean id="mockFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
+    <bean id="mockFilter" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter"/>
 
-    <bean id="mockFilter2" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
+    <bean id="mockFilter2" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter"/>
 
     <!-- These are just here so we have filters of a specific type to check the ordering is as expected -->
-    <bean id="sif" class="org.springframework.security.context.web.SecurityContextPersistenceFilter"/>
+    <bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
 
-    <bean id="apf" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
+    <bean id="apf" class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
        <property name="authenticationManager">
            <bean class="org.springframework.security.MockAuthenticationManager"/>
        </property>
@@ -39,7 +39,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
 
     <bean id="mockNotAFilter" class="org.springframework.security.util.MockNotAFilter"/>
 
-    <bean id="filterChain" class="org.springframework.security.web.util.FilterChainProxy">
+    <bean id="filterChain" class="org.springframework.security.web.FilterChainProxy">
         <sec:filter-chain-map path-type="ant">
             <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
             <sec:filter-chain pattern="/some/other/path/**" filters="mockFilter"/>
@@ -48,7 +48,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
     </bean>
 
 <!-- TODO: Refactor to replace the above (SEC-1034: 'new' is now the only valid syntax) -->
-    <bean id="newFilterChainProxy" class="org.springframework.security.web.util.FilterChainProxy">
+    <bean id="newFilterChainProxy" class="org.springframework.security.web.FilterChainProxy">
         <sec:filter-chain-map path-type="ant">
             <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
             <sec:filter-chain pattern="/some/other/path/**" filters="sif,mockFilter,mockFilter2"/>
@@ -57,14 +57,14 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
         </sec:filter-chain-map>
     </bean>
 
-    <bean id="newFilterChainProxyNoDefaultPath" class="org.springframework.security.web.util.FilterChainProxy">
+    <bean id="newFilterChainProxyNoDefaultPath" class="org.springframework.security.web.FilterChainProxy">
         <sec:filter-chain-map path-type="ant">
             <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
             <sec:filter-chain pattern="/*.bar" filters="mockFilter,mockFilter2"/>
         </sec:filter-chain-map>
     </bean>
 
-    <bean id="newFilterChainProxyWrongPathOrder" class="org.springframework.security.web.util.FilterChainProxy">
+    <bean id="newFilterChainProxyWrongPathOrder" class="org.springframework.security.web.FilterChainProxy">
         <sec:filter-chain-map path-type="ant">
             <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
             <sec:filter-chain pattern="/**" filters="sif,apf,mockFilter"/>
@@ -72,7 +72,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
         </sec:filter-chain-map>
     </bean>
 
-    <bean id="newFilterChainProxyRegex" class="org.springframework.security.web.util.FilterChainProxy">
+    <bean id="newFilterChainProxyRegex" class="org.springframework.security.web.FilterChainProxy">
         <sec:filter-chain-map path-type="regex">
             <sec:filter-chain pattern="\A/foo/.*\Z" filters="mockFilter"/>
             <sec:filter-chain pattern="\A/s[oO]me/other/path/.*\Z" filters="sif,mockFilter,mockFilter2"/>
@@ -81,7 +81,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
         </sec:filter-chain-map>
     </bean>
 
-    <bean id="newFilterChainProxyNonNamespace" class="org.springframework.security.web.util.FilterChainProxy">
+    <bean id="newFilterChainProxyNonNamespace" class="org.springframework.security.web.FilterChainProxy">
         <property name="matcher">
             <bean class="org.springframework.security.util.AntUrlPathMatcher"/>
         </property>

core/src/main/java/org/springframework/security/AuthenticationDetails.java

@@ -1,4 +1,4 @@
-package org.springframework.security.ui;
+package org.springframework.security;
 
 import java.io.Serializable;
 

core/src/main/java/org/springframework/security/AuthenticationDetailsSource.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.ui;
+package org.springframework.security;
 
 
 

core/src/main/java/org/springframework/security/AuthenticationDetailsSourceImpl.java

@@ -1,8 +1,8 @@
-package org.springframework.security.ui;
+package org.springframework.security;
 
 import java.lang.reflect.Constructor;
 
-import org.springframework.security.ui.AuthenticationDetailsSource;
+import org.springframework.security.AuthenticationDetailsSource;
 import org.springframework.util.Assert;
 import org.springframework.util.ReflectionUtils;
 

core/src/main/java/org/springframework/security/AuthenticationTrustResolverImpl.java

@@ -15,8 +15,8 @@
 
 package org.springframework.security;
 
-import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
-import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
+import org.springframework.security.providers.AnonymousAuthenticationToken;
+import org.springframework.security.providers.RememberMeAuthenticationToken;
 
 
 /**

core/src/main/java/org/springframework/security/expression/support/AbstractSecurityExpressionHandler.java

@@ -0,0 +1,5 @@
+package org.springframework.security.expression.support;
+
+public class AbstractSecurityExpressionHandler {
+
+}

core/src/main/java/org/springframework/security/providers/AnonymousAuthenticationProvider.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.providers.anonymous;
+package org.springframework.security.providers;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.MessageSource;
@@ -23,7 +23,6 @@ import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.BadCredentialsException;
 import org.springframework.security.SpringSecurityMessageSource;
-import org.springframework.security.providers.AuthenticationProvider;
 import org.springframework.util.Assert;
 
 

core/src/main/java/org/springframework/security/providers/AnonymousAuthenticationToken.java

@@ -13,11 +13,10 @@
  * limitations under the License.
  */
 
-package org.springframework.security.providers.anonymous;
+package org.springframework.security.providers;
 
 import org.springframework.security.GrantedAuthority;
 
-import org.springframework.security.providers.AbstractAuthenticationToken;
 
 import java.io.Serializable;
 import java.util.Arrays;

core/src/main/java/org/springframework/security/providers/RememberMeAuthenticationProvider.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.providers.rememberme;
+package org.springframework.security.providers;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.MessageSource;
@@ -23,7 +23,6 @@ import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.BadCredentialsException;
 import org.springframework.security.SpringSecurityMessageSource;
-import org.springframework.security.providers.AuthenticationProvider;
 import org.springframework.util.Assert;
 
 

core/src/main/java/org/springframework/security/providers/RememberMeAuthenticationToken.java

@@ -13,14 +13,13 @@
  * limitations under the License.
  */
 
-package org.springframework.security.providers.rememberme;
+package org.springframework.security.providers;
 
 import java.io.Serializable;
 import java.util.Arrays;
 import java.util.List;
 
 import org.springframework.security.GrantedAuthority;
-import org.springframework.security.providers.AbstractAuthenticationToken;
 
 
 /**

core/src/main/java/org/springframework/security/providers/anonymous/package.html

@@ -1,7 +0,0 @@
-<html>
-<body>
-Allows you to secure every invocation (especially useful for web request
-URI security) by always having either an actual principal or an anonymous
-principal authenticated.
-</body>
-</html>

core/src/main/java/org/springframework/security/providers/dao/AbstractUserDetailsAuthenticationProvider.java

@@ -26,12 +26,13 @@ import org.springframework.security.LockedException;
 
 import org.springframework.security.providers.AuthenticationProvider;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.providers.dao.cache.NullUserCache;
 
+import org.springframework.security.userdetails.UserCache;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;
 import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.springframework.security.userdetails.UserDetailsChecker;
+import org.springframework.security.userdetails.cache.NullUserCache;
 
 import org.springframework.beans.factory.InitializingBean;
 

core/src/main/java/org/springframework/security/providers/rememberme/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Authentication provider that processes <code>RememberMeAuthenticationToken</code>s.
-</body>
-</html>

core/src/main/java/org/springframework/security/userdetails/UserCache.java

@@ -13,10 +13,8 @@
  * limitations under the License.
  */
 
-package org.springframework.security.providers.dao;
+package org.springframework.security.userdetails;
 
-import org.springframework.security.userdetails.User;
-import org.springframework.security.userdetails.UserDetails;
 
 
 /**

core/src/main/java/org/springframework/security/userdetails/cache/EhCacheBasedUserCache.java

@@ -13,14 +13,14 @@
  * limitations under the License.
  */
 
-package org.springframework.security.providers.dao.cache;
+package org.springframework.security.userdetails.cache;
 
 import net.sf.ehcache.CacheException;
 import net.sf.ehcache.Element;
 import net.sf.ehcache.Ehcache;
 
-import org.springframework.security.providers.dao.UserCache;
 
+import org.springframework.security.userdetails.UserCache;
 import org.springframework.security.userdetails.UserDetails;
 
 import org.apache.commons.logging.Log;

core/src/main/java/org/springframework/security/userdetails/cache/NullUserCache.java

@@ -13,10 +13,10 @@
  * limitations under the License.
  */
 
-package org.springframework.security.providers.dao.cache;
+package org.springframework.security.userdetails.cache;
 
-import org.springframework.security.providers.dao.UserCache;
 
+import org.springframework.security.userdetails.UserCache;
 import org.springframework.security.userdetails.UserDetails;
 
 

core/src/main/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManager.java

@@ -9,11 +9,11 @@ import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.util.AuthorityUtils;
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.providers.dao.UserCache;
-import org.springframework.security.providers.dao.cache.NullUserCache;
+import org.springframework.security.userdetails.UserCache;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsManager;
 import org.springframework.security.userdetails.GroupManager;
+import org.springframework.security.userdetails.cache.NullUserCache;
 import org.springframework.context.ApplicationContextException;
 import org.springframework.dao.IncorrectResultSizeDataAccessException;
 import org.springframework.jdbc.core.PreparedStatementSetter;

core/src/test/java/org/springframework/security/AuthenticationDetailsSourceImplTests.java

@@ -1,8 +1,10 @@
-package org.springframework.security.ui;
+package org.springframework.security;
 
 import static org.junit.Assert.*;
 
 import org.junit.Test;
+import org.springframework.security.AuthenticationDetails;
+import org.springframework.security.AuthenticationDetailsSourceImpl;
 import org.springframework.security.providers.TestingAuthenticationToken;
 
 /**

core/src/test/java/org/springframework/security/AuthenticationTrustResolverImplTests.java

@@ -17,9 +17,9 @@ package org.springframework.security;
 
 import junit.framework.TestCase;
 
+import org.springframework.security.providers.AnonymousAuthenticationToken;
+import org.springframework.security.providers.RememberMeAuthenticationToken;
 import org.springframework.security.providers.TestingAuthenticationToken;
-import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
-import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
 import org.springframework.security.util.AuthorityUtils;
 
 

core/src/test/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationProviderTests.java

@@ -22,6 +22,8 @@ import org.springframework.security.BadCredentialsException;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
 
+import org.springframework.security.providers.AnonymousAuthenticationProvider;
+import org.springframework.security.providers.AnonymousAuthenticationToken;
 import org.springframework.security.providers.TestingAuthenticationToken;
 import org.springframework.security.util.AuthorityUtils;
 

core/src/test/java/org/springframework/security/providers/anonymous/AnonymousAuthenticationTokenTests.java

@@ -20,6 +20,7 @@ import java.util.List;
 import junit.framework.TestCase;
 
 import org.springframework.security.GrantedAuthority;
+import org.springframework.security.providers.AnonymousAuthenticationToken;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.util.AuthorityUtils;
 

core/src/test/java/org/springframework/security/providers/dao/DaoAuthenticationProviderTests.java

@@ -30,8 +30,6 @@ import org.springframework.security.LockedException;
 
 import org.springframework.security.providers.TestingAuthenticationToken;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.providers.dao.cache.EhCacheBasedUserCache;
-import org.springframework.security.providers.dao.cache.NullUserCache;
 import org.springframework.security.providers.dao.salt.SystemWideSaltSource;
 import org.springframework.security.providers.encoding.ShaPasswordEncoder;
 
@@ -39,6 +37,8 @@ import org.springframework.security.userdetails.User;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;
 import org.springframework.security.userdetails.UsernameNotFoundException;
+import org.springframework.security.userdetails.cache.EhCacheBasedUserCache;
+import org.springframework.security.userdetails.cache.NullUserCache;
 import org.springframework.security.util.AuthorityUtils;
 
 import org.springframework.dao.DataAccessException;

core/src/test/java/org/springframework/security/providers/dao/MockUserCache.java

@@ -7,6 +7,7 @@ import java.util.HashMap;
 import java.util.Map;
 
 import org.springframework.security.userdetails.User;
+import org.springframework.security.userdetails.UserCache;
 import org.springframework.security.userdetails.UserDetails;
 
 public class MockUserCache implements UserCache {

core/src/test/java/org/springframework/security/providers/dao/cache/EhCacheBasedUserCacheTests.java

@@ -25,6 +25,7 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.security.userdetails.User;
+import org.springframework.security.userdetails.cache.EhCacheBasedUserCache;
 import org.springframework.security.util.AuthorityUtils;
 
 /**

core/src/test/java/org/springframework/security/providers/dao/cache/NullUserCacheTests.java

@@ -18,6 +18,7 @@ package org.springframework.security.providers.dao.cache;
 import junit.framework.TestCase;
 
 import org.springframework.security.userdetails.User;
+import org.springframework.security.userdetails.cache.NullUserCache;
 import org.springframework.security.util.AuthorityUtils;
 
 

core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationProviderTests.java

@@ -19,6 +19,8 @@ import junit.framework.TestCase;
 
 import org.springframework.security.Authentication;
 import org.springframework.security.BadCredentialsException;
+import org.springframework.security.providers.RememberMeAuthenticationProvider;
+import org.springframework.security.providers.RememberMeAuthenticationToken;
 import org.springframework.security.providers.TestingAuthenticationToken;
 import org.springframework.security.util.AuthorityUtils;
 

core/src/test/java/org/springframework/security/providers/rememberme/RememberMeAuthenticationTokenTests.java

@@ -21,6 +21,7 @@ import java.util.List;
 import junit.framework.TestCase;
 
 import org.springframework.security.GrantedAuthority;
+import org.springframework.security.providers.RememberMeAuthenticationToken;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.util.AuthorityUtils;
 

core/src/test/java/org/springframework/security/userdetails/jdbc/JdbcUserDetailsManagerTests.java

@@ -26,8 +26,8 @@ import org.springframework.security.PopulatedDatabase;
 import org.springframework.security.TestDataSource;
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.providers.dao.UserCache;
 import org.springframework.security.userdetails.User;
+import org.springframework.security.userdetails.UserCache;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.util.AuthorityUtils;
 

core/src/test/java/org/springframework/security/vote/AuthenticatedVoterTests.java

@@ -22,9 +22,9 @@ import junit.framework.TestCase;
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
 import org.springframework.security.SecurityConfig;
+import org.springframework.security.providers.AnonymousAuthenticationToken;
+import org.springframework.security.providers.RememberMeAuthenticationToken;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
-import org.springframework.security.providers.rememberme.RememberMeAuthenticationToken;
 import org.springframework.security.util.AuthorityUtils;
 
 

itest/context/src/test/java/org/springframework/security/performance/FilterChainPerformanceTests.java

@@ -19,9 +19,9 @@ import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.context.web.HttpSessionSecurityContextRepository;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.web.util.FilterChainProxy;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.util.StopWatch;

itest/context/src/test/resources/filter-chain-performance-app-context.xml

@@ -11,13 +11,13 @@
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 
-    <bean id="fcpMinimalStack" class="org.springframework.security.web.util.FilterChainProxy">
+    <bean id="fcpMinimalStack" class="org.springframework.security.web.FilterChainProxy">
         <sec:filter-chain-map path-type="ant">
             <sec:filter-chain pattern="/**" filters="scpf,preAuthFilter,etf,fsi"/>
         </sec:filter-chain-map>
     </bean>
 
-    <bean id="fcpFullStack" class="org.springframework.security.web.util.FilterChainProxy">
+    <bean id="fcpFullStack" class="org.springframework.security.web.FilterChainProxy">
         <sec:filter-chain-map path-type="ant">
             <sec:filter-chain pattern="/**" filters="scpf,preAuthFilter,apf,basicPf,logoutFilter,scharf,etf,fsi"/>
         </sec:filter-chain-map>
@@ -37,36 +37,36 @@
         <sec:user name="bob" password="bobspassword" authorities="ROLE_0,ROLE_1"/>
     </sec:user-service>
 
-    <bean id="scpf" class="org.springframework.security.context.web.SecurityContextPersistenceFilter"/>
+    <bean id="scpf" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
 
-    <bean id="apf" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
+    <bean id="apf" class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
         <property name="authenticationManager" ref="authenticationManager"/>
     </bean>
 
-    <bean id="basicPf" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
+    <bean id="basicPf" class="org.springframework.security.web.authentication.www.BasicProcessingFilter">
         <property name="authenticationManager" ref="authenticationManager"/>
         <property name="ignoreFailure" value="true"/>
     </bean>
 
-    <bean id="preAuthFilter" class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter">
+    <bean id="preAuthFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderPreAuthenticatedProcessingFilter">
         <property name="authenticationManager" ref="authenticationManager"/>
     </bean>
 
-    <bean id="scharf" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />
+    <bean id="scharf" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter" />
 
     <bean id="preAuthenticatedProcessingFilterEntryPoint"
-            class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
+            class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
 
-    <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
+    <bean id="logoutFilter" class="org.springframework.security.web.logout.LogoutFilter">
         <constructor-arg value="/"/>
         <constructor-arg>
             <list>
-                <bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
+                <bean class="org.springframework.security.web.logout.SecurityContextLogoutHandler"/>
             </list>
         </constructor-arg>
     </bean>
 
-    <bean id="etf" class="org.springframework.security.ui.ExceptionTranslationFilter">
+    <bean id="etf" class="org.springframework.security.web.ExceptionTranslationFilter">
         <property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/>
     </bean>
 
@@ -88,7 +88,7 @@
         </property>
     </bean>
 
-    <bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
+    <bean id="fsi" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
         <property name="authenticationManager" ref="authenticationManager"/>
         <property name="accessDecisionManager" ref="accessDecisionManager"/>
         <property name="securityMetadataSource">

itest/web/src/main/webapp/WEB-INF/custom-filters.xml

@@ -7,13 +7,13 @@
                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
 
     <!-- A second APF in addition to the standard namespace one -->
-    <bean name="formLoginFilter2" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
+    <bean name="formLoginFilter2" class="org.springframework.security.authentication.AuthenticationProcessingFilter">
         <sec:custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
         <property name="filterProcessesUrl" value="/j_spring_security_check_2"/>
     </bean>
 
 
-    <bean name="switchUserFilter" class="org.springframework.security.ui.switchuser.SwitchUserProcessingFilter">
+    <bean name="switchUserFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserProcessingFilter">
         <sec:custom-filter position="SWITCH_USER_FILTER"/>
     </bean>
-</beans>
+</beans>

itest/web/src/main/webapp/WEB-INF/http-security.xml

@@ -6,13 +6,13 @@
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
 
-    <!-- 
+    <!--
        Http App Context to test form login, remember-me and concurrent session control.
-       Needs to be supplemented with authentication provider(s) 
+       Needs to be supplemented with authentication provider(s)
     -->
 
     <http>
-        <intercept-url pattern="/login.jsp*" filters="none" />        
+        <intercept-url pattern="/login.jsp*" filters="none" />
         <intercept-url pattern="/secure/**" access="ROLE_DEVELOPER,ROLE_USER" />
         <intercept-url pattern="/**" access="ROLE_DEVELOPER,ROLE_USER" />
 
@@ -27,8 +27,8 @@
         <remember-me key="doesntmatter" token-repository-ref="tokenRepo"/>
     </http>
 
-    <beans:bean name="tokenRepo" class="org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl"/>
+    <beans:bean name="tokenRepo" class="org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl"/>
 
     <!-- bean name="rememberMeServices" class="org.springframework.security.ui.rememberme.NullRememberMeServices"/ -->
 
-</beans:beans>
+</beans:beans>

ldap/src/main/java/org/springframework/security/ldap/SpringSecurityAuthenticationSource.java

@@ -2,7 +2,7 @@ package org.springframework.security.ldap;
 
 import org.springframework.security.Authentication;
 import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
+import org.springframework.security.providers.AnonymousAuthenticationToken;
 import org.springframework.security.userdetails.ldap.LdapUserDetails;
 import org.springframework.ldap.core.AuthenticationSource;
 

ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java

@@ -1,8 +1,8 @@
 package org.springframework.security.ldap;
 
 import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.AnonymousAuthenticationToken;
 import org.springframework.security.providers.TestingAuthenticationToken;
-import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
 import org.springframework.security.userdetails.ldap.LdapUserDetailsImpl;
 import org.springframework.security.util.AuthorityUtils;
 import org.springframework.ldap.core.AuthenticationSource;

ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java

@@ -17,18 +17,18 @@ package org.springframework.security.ui.ntlm;
 
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.AuthenticationDetailsSource;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.AuthenticationManager;
 import org.springframework.security.BadCredentialsException;
 import org.springframework.security.InsufficientAuthenticationException;
 import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.AnonymousAuthenticationToken;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
-import org.springframework.security.ui.SpringSecurityFilter;
-import org.springframework.security.ui.FilterChainOrder;
-import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.WebAuthenticationDetailsSource;
-import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
+import org.springframework.security.web.FilterChainOrder;
+import org.springframework.security.web.SpringSecurityFilter;
+import org.springframework.security.web.WebAuthenticationDetailsSource;
+import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
 

ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilterEntryPoint.java

@@ -22,7 +22,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.AuthenticationException;
-import org.springframework.security.ui.AuthenticationEntryPoint;
+import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.util.Assert;
 
 /**

openid/src/main/java/org/springframework/security/openid/AuthenticationCancelledException.java

@@ -12,7 +12,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.providers.openid;
+package org.springframework.security.openid;
 
 import org.springframework.security.AuthenticationException;
 

openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java

@@ -12,13 +12,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.ui.openid.consumers;
-
-import org.springframework.security.providers.openid.OpenIDAuthenticationStatus;
-import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
-
-import org.springframework.security.ui.openid.OpenIDConsumer;
-import org.springframework.security.ui.openid.OpenIDConsumerException;
+package org.springframework.security.openid;
 
 import org.openid4java.association.AssociationException;
 

openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.ui.openid;
+package org.springframework.security.openid;
 
 import java.io.IOException;
 import java.net.MalformedURLException;
@@ -28,12 +28,9 @@ import javax.servlet.http.HttpSession;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.AuthenticationServiceException;
-import org.springframework.security.providers.openid.OpenIDAuthenticationProvider;
-import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
-import org.springframework.security.ui.AbstractProcessingFilter;
-import org.springframework.security.ui.FilterChainOrder;
-import org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer;
-import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
+import org.springframework.security.web.FilterChainOrder;
+import org.springframework.security.web.authentication.AbstractProcessingFilter;
+import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
 import org.springframework.util.StringUtils;
 
 

openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java

@@ -12,7 +12,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.providers.openid;
+package org.springframework.security.openid;
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.Authentication;

openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationStatus.java

@@ -12,7 +12,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.providers.openid;
+package org.springframework.security.openid;
 
 import java.io.ObjectStreamException;
 import java.io.Serializable;

openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java

@@ -12,7 +12,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.providers.openid;
+package org.springframework.security.openid;
 
 import java.util.ArrayList;
 import java.util.List;

openid/src/main/java/org/springframework/security/openid/OpenIDConsumer.java

@@ -12,9 +12,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.ui.openid;
+package org.springframework.security.openid;
 
-import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
 
 import javax.servlet.http.HttpServletRequest;
 

openid/src/main/java/org/springframework/security/openid/OpenIDConsumerException.java

@@ -12,7 +12,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.ui.openid;
+package org.springframework.security.openid;
 
 /**
  * Thrown by an OpenIDConsumer if it cannot process a request

openid/src/main/java/org/springframework/security/providers/openid/package.html

@@ -1,6 +0,0 @@
-<html>
-<body>
-An authentication provider that can process <a href="http://openid.net">OpenID</a> 
-Authentication Tokens as created by implementations of the OpenIDConsumer interface.
-</body>
-</html>

openid/src/main/java/org/springframework/security/ui/openid/consumers/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Implementations of the OpenIDConsumer interface using 3rd party libraries.
-</body>
-</html>

openid/src/test/java/org/springframework/security/openid/MockOpenIDConsumer.java

@@ -12,11 +12,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.ui.openid.consumers;
+package org.springframework.security.openid;
 
-import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
-import org.springframework.security.ui.openid.OpenIDConsumer;
-import org.springframework.security.ui.openid.OpenIDConsumerException;
+import org.springframework.security.openid.OpenIDAuthenticationToken;
+import org.springframework.security.openid.OpenIDConsumer;
+import org.springframework.security.openid.OpenIDConsumerException;
 
 import javax.servlet.http.HttpServletRequest;
 

openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilterTests.java

@@ -1,4 +1,4 @@
-package org.springframework.security.ui.openid;
+package org.springframework.security.openid;
 
 import static org.junit.Assert.assertEquals;
 import static org.mockito.Matchers.any;
@@ -13,8 +13,9 @@ import org.junit.Test;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.MockAuthenticationManager;
-import org.springframework.security.ui.SavedRequestAwareAuthenticationSuccessHandler;
-import org.springframework.security.ui.openid.consumers.MockOpenIDConsumer;
+import org.springframework.security.openid.OpenIDAuthenticationProcessingFilter;
+import org.springframework.security.openid.OpenIDConsumerException;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 
 public class OpenIDAuthenticationProcessingFilterTests {
 

openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationProviderTests.java

@@ -12,7 +12,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.providers.openid;
+package org.springframework.security.openid;
 
 import junit.framework.TestCase;
 import org.springframework.security.Authentication;
@@ -23,6 +23,10 @@ import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.User;
+import org.springframework.security.openid.AuthenticationCancelledException;
+import org.springframework.security.openid.OpenIDAuthenticationProvider;
+import org.springframework.security.openid.OpenIDAuthenticationStatus;
+import org.springframework.security.openid.OpenIDAuthenticationToken;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.userdetails.UserDetailsService;
 

openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationTokenTests.java

@@ -12,7 +12,10 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.providers.openid;
+package org.springframework.security.openid;
+
+import org.springframework.security.openid.OpenIDAuthenticationStatus;
+import org.springframework.security.openid.OpenIDAuthenticationToken;
 
 import junit.framework.TestCase;
 

portlet/src/main/java/org/springframework/security/ui/portlet/PortletProcessingInterceptor.java

@@ -31,14 +31,14 @@ import javax.portlet.RenderRequest;
 import javax.portlet.RenderResponse;
 
 import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationDetailsSource;
+import org.springframework.security.AuthenticationDetailsSourceImpl;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.AuthenticationManager;
 import org.springframework.security.context.SecurityContext;
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.security.ui.AbstractProcessingFilter;
-import org.springframework.security.ui.AuthenticationDetailsSource;
-import org.springframework.security.ui.AuthenticationDetailsSourceImpl;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;

samples/contacts/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -43,7 +43,7 @@
     <!-- Filter used to switch the user context. Note: the switch and exit url must be secured
         based on the role granted the ability to 'switch' to another user -->
     <!-- In this example 'rod' has ROLE_SUPERVISOR that can switch to regular ROLE_USER(s) -->
-    <b:bean id="switchUserProcessingFilter" class="org.springframework.security.ui.switchuser.SwitchUserProcessingFilter" autowire="byType">
+    <b:bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserProcessingFilter" autowire="byType">
        <custom-filter position="SWITCH_USER_FILTER"/>
        <b:property name="targetUrl" value="/secure/index.htm"/>
     </b:bean>

samples/contacts/src/main/webapp/WEB-INF/web.xml

@@ -60,15 +60,6 @@
         <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
     </listener>
 
-    <!--
-        The HttpSessionEventPublisher will publish
-        HttpSessionCreatedEvent and HttpSessionDestroyedEvent
-        to the WebApplicationContext
- -->
-    <listener>
-        <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
-    </listener>
-
   <!--
     - Provides core MVC application controller. See contacts-servlet.xml.
     -->

samples/dms/src/main/resources/applicationContext-dms-secure.xml

@@ -73,7 +73,7 @@
       <property name="cacheName" value="userCache"/>
    </bean>
 
-   <bean id="userCache" class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
+   <bean id="userCache" class="org.springframework.security.userdetails.cache.EhCacheBasedUserCache">
       <property name="cache" ref="userCacheBackend"/>
    </bean>
 

samples/ldap/pom.xml

@@ -15,6 +15,16 @@
             <artifactId>spring-security-ldap</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>org.springframework.web</artifactId>

samples/ldap/src/main/webapp/WEB-INF/web.xml

@@ -46,12 +46,4 @@
         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
     </listener>
 
-    <!--
-      - Publishes events for session creation and destruction through the application
-      - context. Optional unless concurrent session control is being used.
-      -->
-    <listener>
-      <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
-    </listener>
-
 </web-app>

samples/preauth/pom.xml

@@ -14,29 +14,30 @@
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
             <version>${project.version}</version>
+            <scope>runtime</scope>
         </dependency>
         <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>org.springframework.web</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>org.springframework.web.servlet</artifactId>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+            <version>${project.version}</version>
+            <scope>runtime</scope>
         </dependency>
         <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>org.springframework.jdbc</artifactId>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>${project.version}</version>
             <scope>runtime</scope>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
-            <artifactId>org.springframework.aop</artifactId>
+            <artifactId>org.springframework.jdbc</artifactId>
             <scope>runtime</scope>
         </dependency>
         <dependency>
             <groupId>jaxen</groupId>
             <artifactId>jaxen</artifactId>
             <version>1.1.1</version>
+            <scope>runtime</scope>
         </dependency>
     </dependencies>
 
@@ -58,5 +59,4 @@
             </plugin>
         </plugins>
     </build>
-
 </project>

samples/preauth/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -12,13 +12,13 @@
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
 
-    <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
+    <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
         <sec:filter-chain-map path-type="ant">
             <sec:filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fsi"/>
         </sec:filter-chain-map>
     </bean>
 
-    <bean id="sif" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
+    <bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
 
     <sec:authentication-manager alias="authenticationManager" />
 
@@ -30,24 +30,24 @@
     <bean id="preAuthenticatedUserDetailsService"
             class="org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
 
-    <bean id="j2eePreAuthFilter" class="org.springframework.security.ui.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
+    <bean id="j2eePreAuthFilter" class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
         <property name="authenticationManager" ref="authenticationManager"/>
         <property name="authenticationDetailsSource" ref="authenticationDetailsSource"/>
     </bean>
 
     <bean id="preAuthenticatedProcessingFilterEntryPoint"
-            class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
+            class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
 
-    <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
+    <bean id="logoutFilter" class="org.springframework.security.web.logout.LogoutFilter">
         <constructor-arg value="/"/>
         <constructor-arg>
             <list>
-                <bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
+                <bean class="org.springframework.security.web.logout.SecurityContextLogoutHandler"/>
             </list>
         </constructor-arg>
     </bean>
 
-    <bean id="authenticationDetailsSource" class="org.springframework.security.ui.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
+    <bean id="authenticationDetailsSource" class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
         <property name="mappableRolesRetriever" ref="j2eeMappableRolesRetriever"/>
         <property name="userRoles2GrantedAuthoritiesMapper" ref="j2eeUserRoles2GrantedAuthoritiesMapper"/>
     </bean>
@@ -56,7 +56,7 @@
         <property name="convertAttributeToUpperCase" value="true"/>
     </bean>
 
-    <bean id="j2eeMappableRolesRetriever" class="org.springframework.security.ui.preauth.j2ee.WebXmlMappableAttributesRetriever">
+    <bean id="j2eeMappableRolesRetriever" class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever">
 
     <property name="webXmlInputStream"><bean factory-bean="webXmlResource" factory-method="getInputStream"/>
     </property>
@@ -69,7 +69,7 @@
 
     <bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/>
 
-    <bean id="etf" class="org.springframework.security.ui.ExceptionTranslationFilter">
+    <bean id="etf" class="org.springframework.security.web.ExceptionTranslationFilter">
         <property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/>
     </bean>
 
@@ -82,7 +82,7 @@
         </property>
     </bean>
 
-    <bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
+    <bean id="fsi" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
         <property name="authenticationManager" ref="authenticationManager"/>
         <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
         <property name="securityMetadataSource">
@@ -96,8 +96,8 @@
 
     <bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
 
-    <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter">
-        <property name="wrapperClass" value="org.springframework.security.wrapper.SecurityContextHolderAwareRequestWrapper"/>
+    <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter">
+        <property name="wrapperClass" value="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestWrapper"/>
     </bean>
 
 </beans>

samples/preauth/src/main/webapp/WEB-INF/web.xml

@@ -12,15 +12,15 @@
     <display-name>Spring Security Preauthentication Demo Application</display-name>
 
     <!--
-	  - Location of the XML file that defines the root application context
-	  - Applied by ContextLoaderListener.
-	  -->
-	<context-param>
-		<param-name>contextConfigLocation</param-name>
-		<param-value>
-			/WEB-INF/applicationContext-security.xml
-		</param-value>
-	</context-param>
+      - Location of the XML file that defines the root application context
+      - Applied by ContextLoaderListener.
+      -->
+    <context-param>
+        <param-name>contextConfigLocation</param-name>
+        <param-value>
+            /WEB-INF/applicationContext-security.xml
+        </param-value>
+    </context-param>
 
     <filter>
         <filter-name>filterChainProxy</filter-name>
@@ -32,21 +32,13 @@
       <url-pattern>/*</url-pattern>
     </filter-mapping>
 
-	<!--
-	  - Loads the root application context of this web app at startup.
-	  - The application context is then available via
-	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+    <!--
+      - Loads the root application context of this web app at startup.
+      - The application context is then available via
+      - WebApplicationContextUtils.getWebApplicationContext(servletContext).
     -->
-	<listener>
-		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-	</listener>
-
-	<!--
-	  - Publishes events for session creation and destruction through the application
-	  - context. Optional unless concurrent session control is being used.
-      -->
     <listener>
-      <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
+        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
     </listener>
 
     <login-config>

samples/runall.sh

@@ -26,20 +26,30 @@ stop_jetty() {
 cleanup
 
 cd tutorial
+echo "Running tutorial app..."
 start_jetty
 curl http://localhost:8080/tutorial/
 stop_jetty
 
+echo "Running contacts app..."
 cd ../contacts
 start_jetty
 curl http://localhost:8080/contacts/
 stop_jetty
 
+echo "Running ldap app..."
 cd ../ldap
 start_jetty
 curl http://localhost:8080/ldap/
 stop_jetty
 
+echo "Running preauth app..."
+cd ../preauth
+start_jetty
+curl http://localhost:8080/preauth/
+stop_jetty
+
+
 cd ../cas
 
 if [[ -e ./server/cas-server-webapp-3.2.1.war ]]

samples/tutorial/src/main/webapp/WEB-INF/web.xml

@@ -57,7 +57,7 @@
       - context. Optional unless concurrent session control is being used.
       -->
     <listener>
-      <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
+      <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
     </listener>
 
     <listener>

web/src/main/java/org/springframework/security/ui/basicauth/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Authenticates HTTP BASIC authentication requests.
-</body>
-</html>

web/src/main/java/org/springframework/security/ui/digestauth/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Authenticates HTTP Digest authentication requests.
-</body>
-</html>

web/src/main/java/org/springframework/security/ui/webapp/package.html

@@ -1,5 +0,0 @@
-<html>
-<body>
-Authenticates users via HTTP properties, headers and session.
-</body>
-</html>

web/src/main/java/org/springframework/security/web/AbstractAuthenticationTargetUrlRequestHandler.java

@@ -1,4 +1,4 @@
-package org.springframework.security.ui;
+package org.springframework.security.web;
 
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
@@ -11,7 +11,8 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.security.Authentication;
-import org.springframework.security.ui.logout.LogoutHandler;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.logout.LogoutHandler;
 import org.springframework.security.web.util.RedirectUtils;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;

web/src/main/java/org/springframework/security/web/AccessDeniedHandler.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.ui;
+package org.springframework.security.web;
 
 import org.springframework.security.AccessDeniedException;
 

web/src/main/java/org/springframework/security/web/AccessDeniedHandlerImpl.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.ui;
+package org.springframework.security.web;
 
 import java.io.IOException;
 

web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.ui;
+package org.springframework.security.web;
 
 import org.springframework.security.AuthenticationException;
 

web/src/main/java/org/springframework/security/web/ExceptionTranslationFilter.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.ui;
+package org.springframework.security.web;
 
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.SpringSecurityException;
@@ -22,11 +22,9 @@ import org.springframework.security.AuthenticationTrustResolver;
 import org.springframework.security.AuthenticationTrustResolverImpl;
 import org.springframework.security.InsufficientAuthenticationException;
 import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.ui.savedrequest.SavedRequest;
 import org.springframework.security.util.ThrowableAnalyzer;
 import org.springframework.security.util.ThrowableCauseExtractor;
-import org.springframework.security.web.util.PortResolver;
-import org.springframework.security.web.util.PortResolverImpl;
+import org.springframework.security.web.savedrequest.SavedRequest;
 import org.springframework.beans.factory.InitializingBean;
 
 import org.springframework.util.Assert;
@@ -51,8 +49,8 @@ import javax.servlet.http.HttpServletResponse;
  * <p>
  * If an {@link AccessDeniedException} is detected, the filter will determine whether or not the user is an anonymous
  * user. If they are an anonymous user, the <code>authenticationEntryPoint</code> will be launched. If they are not
- * an anonymous user, the filter will delegate to the {@link org.springframework.security.ui.AccessDeniedHandler}.
- * By default the filter will use {@link org.springframework.security.ui.AccessDeniedHandlerImpl}.
+ * an anonymous user, the filter will delegate to the {@link org.springframework.security.web.AccessDeniedHandler}.
+ * By default the filter will use {@link org.springframework.security.web.AccessDeniedHandlerImpl}.
  * <p>
  * To use this filter, it is necessary to specify the following properties:
  * <ul>
@@ -176,7 +174,7 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements
      * <code>false</code>.
      * <p>
      * Remember to also set
-     * {@link org.springframework.security.context.web.HttpSessionSecurityContextRepository#setAllowSessionCreation(boolean)}
+     * {@link org.springframework.security.web.context.HttpSessionSecurityContextRepository#setAllowSessionCreation(boolean)}
      * to <code>false</code> if you set this property to <code>false</code>.
      *
      * @return <code>true</code> if the <code>HttpSession</code> will be

web/src/main/java/org/springframework/security/web/FilterChainOrder.java

@@ -1,4 +1,4 @@
-package org.springframework.security.ui;
+package org.springframework.security.web;
 
 import org.springframework.util.Assert;
 

web/src/main/java/org/springframework/security/web/FilterChainProxy.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.util;
+package org.springframework.security.web;
 
 import java.io.IOException;
 import java.util.Collection;
@@ -34,10 +34,10 @@ import javax.servlet.ServletResponse;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.intercept.web.FilterInvocation;
-import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
 import org.springframework.security.util.AntUrlPathMatcher;
 import org.springframework.security.util.UrlMatcher;
+import org.springframework.security.web.intercept.FilterInvocation;
+import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.DelegatingFilterProxy;
 

web/src/main/java/org/springframework/security/web/PortMapper.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.util;
+package org.springframework.security.web;
 
 /**
  * <code>PortMapper</code> implementations provide callers with information