Updated heavy-duty sample to be able to build it.

17 years ago · f38c0eb675
13 changed files with 287 additions and 294 deletions
--- a/sandbox/heavyduty/pom.xml
+++ b/sandbox/heavyduty/pom.xml
@ -8,24 +8,20 @@
    <dependencies>
        <dependency>
            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-core</artifactId>
+            <artifactId>spring-security-web</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-taglibs</artifactId>
+            <artifactId>spring-security-ldap</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <dependency>
-            <groupId>org.springframework</groupId>
+            <groupId>org.springframework.security</groupId>
-            <artifactId>org.springframework.core</artifactId>
+            <artifactId>spring-security-config</artifactId>
-            <version>${spring.version}</version>
+            <version>${spring.security.version}</version>
        </dependency>                
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>org.springframework.context</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>org.springframework.web</artifactId>
@ -44,50 +40,52 @@
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
-            <artifactId>spring-orm</artifactId>
+            <artifactId>org.springframework.orm</artifactId>
            <version>${spring.version}</version>
        </dependency>
 <!--
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>org.springframework.context</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>org.springframework.aop</artifactId>
            <scope>runtime</scope>
            <version>${spring.version}</version>
        </dependency>
 -->
        <dependency>
            <groupId>org.freemarker</groupId>
            <artifactId>freemarker</artifactId>
            <scope>runtime</scope>
            <version>2.3.12</version>
        </dependency>
-	    <dependency>
+        <dependency>
-	      <groupId>hsqldb</groupId>
+          <groupId>hsqldb</groupId>
-	      <artifactId>hsqldb</artifactId>
+          <artifactId>hsqldb</artifactId>
-	      <version>1.8.0.7</version>
+          <version>1.8.0.7</version>
-	      <scope>compile</scope>
+          <scope>compile</scope>
-	    </dependency>
+        </dependency>
-	    <dependency>
+        <dependency>
-	      <groupId>org.hibernate</groupId>
+          <groupId>org.hibernate</groupId>
-	      <artifactId>hibernate-entitymanager</artifactId>
+          <artifactId>hibernate-entitymanager</artifactId>
-	      <version>3.3.2.GA</version>
+          <version>3.3.2.GA</version>
-	      <scope>compile</scope>
+          <scope>compile</scope>
-	    </dependency>
+        </dependency>
-	    <dependency>
+        <dependency>
-	      <groupId>net.sf.ehcache</groupId>
+          <groupId>net.sf.ehcache</groupId>
-	      <artifactId>ehcache</artifactId>
+          <artifactId>ehcache</artifactId>
-	      <version>1.3.0</version>
+          <version>1.4.1</version>
-	      <scope>compile</scope>
+          <scope>compile</scope>
-	    </dependency>
+        </dependency>
 	    <dependency>
 	        <groupId>org.aspectj</groupId>
    		<artifactId>aspectjweaver</artifactId>
 	    	<optional>true</optional>
 		    <version>1.5.4</version>
 	    </dependency>	    
 	    <dependency>
 	        <groupId>org.aspectj</groupId>
 	    	<artifactId>aspectjrt</artifactId>
 		    <version>1.5.4</version>
 	    </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>servlet-api</artifactId>
@ -184,7 +182,7 @@
        </plugins>
    </build>
    <properties>
-        <spring.version>2.5.6</spring.version>
+        <spring.version>3.0.0.M2</spring.version>
        <spring.security.version>3.0.0.CI-SNAPSHOT</spring.security.version>
    </properties>
--- a/sandbox/heavyduty/src/main/java/bigbank/BankDaoStub.java
+++ b/sandbox/heavyduty/src/main/java/bigbank/BankDaoStub.java
@ -5,7 +5,7 @@ import java.util.Map;
 public class BankDaoStub implements BankDao {
    private long id = 0;
-    private Map accounts = new HashMap();
+    private Map<Long, Account> accounts = new HashMap<Long, Account>();
    public void createOrUpdateAccount(Account account) {
        if (account.getId() == -1) {
--- a/sandbox/heavyduty/src/main/java/bigbank/BankService.java
+++ b/sandbox/heavyduty/src/main/java/bigbank/BankService.java
@ -1,6 +1,6 @@
 package bigbank;
-import org.springframework.security.annotation.Secured;
+import org.springframework.security.access.annotation.Secured;
 public interface BankService {
--- a/sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyAuthenticationProcessingFilter.java
+++ b/sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyAuthenticationProcessingFilter.java
@ -1,6 +1,6 @@
 package heavyduty.security.ui;
-import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
 public class HeavyDutyAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
--- a/sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyEntryPoint.java
+++ b/sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyEntryPoint.java
@ -1,6 +1,6 @@
 package heavyduty.security.ui;
-import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
+import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
 public class HeavyDutyEntryPoint extends AuthenticationProcessingFilterEntryPoint {
--- a/sandbox/heavyduty/src/main/java/heavyduty/web/TestMultiActionController.java
+++ b/sandbox/heavyduty/src/main/java/heavyduty/web/TestMultiActionController.java
@ -41,7 +41,7 @@ public class TestMultiActionController extends MultiActionController {
    }
    private ModelAndView createView(String name) {
-        Map model = new HashMap();
+        Map<String, String> model = new HashMap<String, String>();
        model.put("nextAction", name);
        return new ModelAndView(VIEW_NAME, model);
    }
--- a/sandbox/heavyduty/src/main/java/sample/TestVoter.java
+++ b/sandbox/heavyduty/src/main/java/sample/TestVoter.java
@ -1,12 +1,11 @@
 package sample;
 import java.lang.annotation.Annotation;
 import java.util.List;
 import org.aopalliance.intercept.MethodInvocation;
-import org.springframework.security.Authentication;
+import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.ConfigAttribute;
+import org.springframework.security.access.vote.AccessDecisionVoter;
-import org.springframework.security.vote.AccessDecisionVoter;
+import org.springframework.security.core.Authentication;
 public class TestVoter implements AccessDecisionVoter {
@ -14,14 +13,14 @@ public class TestVoter implements AccessDecisionVoter {
        return true;
    }
-    public boolean supports(Class clazz) {
+    public boolean supports(Class<?> clazz) {
        return MethodInvocation.class.isAssignableFrom(clazz);
    }
    public int vote(Authentication authentication, Object object, List<ConfigAttribute> config) {
        MethodInvocation mi = (MethodInvocation) object;
-        Annotation[][] annotations = mi.getMethod().getParameterAnnotations();
+        mi.getMethod().getParameterAnnotations();
        return ACCESS_GRANTED;
--- a/sandbox/heavyduty/src/main/java/sample/dao/impl/GenericDAOImpl.java
+++ b/sandbox/heavyduty/src/main/java/sample/dao/impl/GenericDAOImpl.java
@ -39,7 +39,6 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
     *            data id
     * @return data
     */
    @SuppressWarnings("unchecked")
    public T read(PK id) {
        if (id == null) {
            throw new IllegalArgumentException("Id cannot be null or empty");
@ -106,7 +105,6 @@ public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
     * @return the merged data
     * @see sido.common.dao.GenericDAO#merge(T)
     */
    @SuppressWarnings("unchecked")
    public T merge(T detachedInstance) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("merging instance of "
--- a/sandbox/heavyduty/src/main/java/sample/service/UserService.java
+++ b/sandbox/heavyduty/src/main/java/sample/service/UserService.java
@ -1,7 +1,7 @@
 package sample.service;
-import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UserDetailsService;
 public interface UserService extends UserDetailsService {
--- a/sandbox/heavyduty/src/main/java/sample/service/impl/UserServiceImpl.java
+++ b/sandbox/heavyduty/src/main/java/sample/service/impl/UserServiceImpl.java
@ -6,13 +6,11 @@ package sample.service.impl;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.AuthenticationException;
+import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Component;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import sample.dao.UserDAO;
@ -39,9 +37,9 @@ public class UserServiceImpl implements UserService {
        try {
            User user = userDAO.findByUsername(username);
-            return new org.springframework.security.userdetails.User(user
+            return new org.springframework.security.core.userdetails.User(user
                    .getUsername(), user.getPassword(), true, true, true, true,
-                    new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER") });
+                    AuthorityUtils.createAuthorityList("ROLE_USER"));
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            throw new UsernameNotFoundException("No matching account", e);
@ -51,9 +49,9 @@ public class UserServiceImpl implements UserService {
    public UserDetails register(String username, String password) {
        User user = new User(username, password);
        userDAO.persist(user);
-        return new org.springframework.security.userdetails.User(user
+        return new org.springframework.security.core.userdetails.User(user
                .getUsername(), user.getPassword(), true, true, true, true,
-                new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER") });
+                AuthorityUtils.createAuthorityList("ROLE_USER"));
    }
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml
@ -12,33 +12,33 @@
    xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
-						http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
+                        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
                        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
    <!--b:import resource="appContext-misc.xml"/-->
-	<context:component-scan base-package='sample'/>
+    <context:component-scan base-package='sample'/>
-	<global-method-security secured-annotations="enabled" access-decision-manager-ref="methodAccessMgr">
+    <global-method-security secured-annotations="enabled" access-decision-manager-ref="methodAccessMgr">
-		<protect-pointcut expression="execution(* sample.service.UserService+.*(..))"
+        <protect-pointcut expression="execution(* sample.service.UserService+.*(..))"
-					access="ROLE_LOGGEDIN" />
+                    access="ROLE_LOGGEDIN" />
-	</global-method-security>
+    </global-method-security>
-	<aop:aspectj-autoproxy/>
+    <aop:aspectj-autoproxy/>
-	<b:bean id="methodAccessMgr" class="org.springframework.security.vote.AffirmativeBased">
+    <b:bean id="methodAccessMgr" class="org.springframework.security.access.vote.AffirmativeBased">
-	   <b:property name="decisionVoters">
+       <b:property name="decisionVoters">
-	       <b:list>
+           <b:list>
-	           <b:bean class="sample.TestVoter"/>
+               <b:bean class="sample.TestVoter"/>
-	       </b:list>
+           </b:list>
-	   </b:property>
+       </b:property>
-	</b:bean>
+    </b:bean>
    <http>
        <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
        <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
        <intercept-url pattern="/testMulti.htm*" access="IS_AUTHENTICATED_FULLY" />
-		<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
+        <!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
        <intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
        <intercept-url pattern="/post.html" access="ROLE_TELLER" />
        -->
@ -62,7 +62,7 @@
    <authentication-manager alias="authenticationManager" />
-    <b:bean id='tokenRepo' class='org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl'/>    
+    <b:bean id='tokenRepo' class='org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl'/>
    <!-- Traditional Session Control Beans -->
 <!--
@ -75,7 +75,7 @@
        <b:property name='sessionRegistry' ref='sessionRegistry'/>
    </b:bean>
 -->
-    <b:bean id='sessionRegistry' class="org.springframework.security.concurrent.SessionRegistryImpl"/>
+    <b:bean id='sessionRegistry' class="org.springframework.security.authentication.concurrent.SessionRegistryImpl"/>
 <!--
    <b:bean id="customAuthFilter" class="heavyduty.security.ui.HeavyDutyAuthenticationProcessingFilter">
        <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
@ -94,37 +94,37 @@
    </b:bean>
 -->
-	<authentication-provider user-service-ref="daoUserService">
+    <authentication-provider user-service-ref="daoUserService">
-	    <password-encoder hash="md5" />
+        <password-encoder hash="md5" />
-	</authentication-provider>
+    </authentication-provider>
    <authentication-provider>
        <password-encoder hash="md5"/>
        <user-service>
            <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
-	        <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
+            <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
            <user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
            <user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
-	    </user-service>
+        </user-service>
-	</authentication-provider>
+    </authentication-provider>
-	<ldap-server id="ldapServer"/>
+    <ldap-server id="ldapServer"/>
    <!-- b:bean id="mbeanServer" class="org.springframework.jmx.support.MBeanServerFactoryBean"/ -->
-	<b:bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
+    <b:bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
-	    <b:property name="beans">
+        <b:property name="beans">
-	      <b:map>
+          <b:map>
-	        <b:entry key="bean:name=ldapContextSource" value-ref="ldapServer"/>
+            <b:entry key="bean:name=ldapContextSource" value-ref="ldapServer"/>
-	      </b:map>
+          </b:map>
-	    </b:property>
+        </b:property>
-	    <b:property name="assembler">
+        <b:property name="assembler">
-	      <b:bean class="org.springframework.jmx.export.assembler.MethodNameBasedMBeanInfoAssembler">
+          <b:bean class="org.springframework.jmx.export.assembler.MethodNameBasedMBeanInfoAssembler">
-	        <b:property name="managedMethods" value="setPassword,setUserDn,getUrls,setUrl,setUrls,setPooled,isPooled,setBase,getBaseLdapPathAsString"/>
+            <b:property name="managedMethods" value="setPassword,setUserDn,getUrls,setUrl,setUrls,setPooled,isPooled,setBase,getBaseLdapPathAsString"/>
-	      </b:bean>
+          </b:bean>
-	    </b:property>	    
+        </b:property>
-	    <!-- b:property name="server" ref="mbeanServer"/-->
+        <!-- b:property name="server" ref="mbeanServer"/-->
-	</b:bean>
+    </b:bean>
 </b:beans>
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml
@ -18,35 +18,35 @@
 <beans>
-	<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
+    <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
-		<property name="filterInvocationDefinitionSource">
+        <property name="filterInvocationDefinitionSource">
-			<value><![CDATA[
+            <value><![CDATA[
-				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-				PATTERN_TYPE_APACHE_ANT
+                PATTERN_TYPE_APACHE_ANT
-				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
+                /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
-			]]></value>
+            ]]></value>
-		</property>
+        </property>
-	</bean>
+    </bean>
-
+
-	<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
+    <bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
-
+
-	<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
+    <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
-		<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
+        <constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
-		<constructor-arg>
+        <constructor-arg>
-			<list>
+            <list>
-				<ref bean="rememberMeServices"/>
+                <ref bean="rememberMeServices"/>
-				<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
+                <bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
-			</list>
+            </list>
-		</constructor-arg>
+        </constructor-arg>
-	</bean>
+    </bean>
-
+
-	<bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
+    <bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
-		<property name="authenticationManager" ref="authenticationManager"/>
+        <property name="authenticationManager" ref="authenticationManager"/>
-		<property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
+        <property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
-		<property name="defaultTargetUrl" value="/"/>
+        <property name="defaultTargetUrl" value="/"/>
-		<property name="filterProcessesUrl" value="/j_spring_security_check"/>
+        <property name="filterProcessesUrl" value="/j_spring_security_check"/>
-		<property name="rememberMeServices" ref="rememberMeServices"/>
+        <property name="rememberMeServices" ref="rememberMeServices"/>
-	</bean>
+    </bean>
    <bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
        <property name="authenticationManager"><ref local="authenticationManager"/></property>
@ -57,105 +57,105 @@
        <property name="realmName"><value>My Realm</value></property>
    </bean>
-	<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
+    <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
-
+
-	<bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
+    <bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
-		<property name="authenticationManager" ref="authenticationManager"/>
+        <property name="authenticationManager" ref="authenticationManager"/>
-		<property name="rememberMeServices" ref="rememberMeServices"/>
+        <property name="rememberMeServices" ref="rememberMeServices"/>
-	</bean>
+    </bean>
-
+
-	<bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
+    <bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
-		<property name="key" value="changeThis"/>
+        <property name="key" value="changeThis"/>
-		<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
+        <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
-	</bean>
+    </bean>
-
+
-	<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
+    <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
-		<property name="authenticationEntryPoint">
+        <property name="authenticationEntryPoint">
-			<bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+            <bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
-				<property name="loginFormUrl" value="/acegilogin.jsp"/>
+                <property name="loginFormUrl" value="/acegilogin.jsp"/>
-				<property name="forceHttps" value="false"/>
+                <property name="forceHttps" value="false"/>
-			</bean>
+            </bean>
-		</property>
+        </property>
-		<property name="accessDeniedHandler">
+        <property name="accessDeniedHandler">
-			<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
+            <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
-				<property name="errorPage" value="/accessDenied.jsp"/>
+                <property name="errorPage" value="/accessDenied.jsp"/>
-			</bean>
+            </bean>
-		</property>
+        </property>
-	</bean>
+    </bean>
-
+
-	<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
+    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
-		<property name="allowIfAllAbstainDecisions" value="false"/>
+        <property name="allowIfAllAbstainDecisions" value="false"/>
-		<property name="decisionVoters">
+        <property name="decisionVoters">
-			<list>
+            <list>
-				<bean class="org.springframework.security.vote.RoleVoter"/>
+                <bean class="org.springframework.security.access.vote.RoleVoter"/>
-				<bean class="org.springframework.security.vote.AuthenticatedVoter"/>
+                <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
-			</list>
+            </list>
-		</property>
+        </property>
-	</bean>
+    </bean>
-
+
-	<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
+    <bean id="filterInvocationInterceptor" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
-		<property name="authenticationManager" ref="authenticationManager"/>
+        <property name="authenticationManager" ref="authenticationManager"/>
-		<property name="accessDecisionManager" ref="accessDecisionManager"/>
+        <property name="accessDecisionManager" ref="accessDecisionManager"/>
-		<property name="objectDefinitionSource">
+        <property name="objectDefinitionSource">
-			<value><![CDATA[
+            <value><![CDATA[
-				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-				PATTERN_TYPE_APACHE_ANT
+                PATTERN_TYPE_APACHE_ANT
-				/secure/extreme/**=ROLE_SUPERVISOR
+                /secure/extreme/**=ROLE_SUPERVISOR
-				/secure/**=IS_AUTHENTICATED_REMEMBERED
+                /secure/**=IS_AUTHENTICATED_REMEMBERED
-				/**=IS_AUTHENTICATED_ANONYMOUSLY
+                /**=IS_AUTHENTICATED_ANONYMOUSLY
-			]]></value>
+            ]]></value>
-		</property>
+        </property>
-	</bean>
+    </bean>
-
+
-	<bean id="rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
+    <bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
-		<property name="userDetailsService" ref="userDetailsService"/>
+        <property name="userDetailsService" ref="userDetailsService"/>
-		<property name="key" value="changeThis"/>
+        <property name="key" value="changeThis"/>
-	</bean>
+    </bean>
-
+
-	<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
+    <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
-		<property name="providers">
+        <property name="providers">
-			<list>
+            <list>
-				<ref local="daoAuthenticationProvider"/>
+                <ref local="daoAuthenticationProvider"/>
-				<bean class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
+                <bean class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
-					<property name="key" value="changeThis"/>
+                    <property name="key" value="changeThis"/>
-				</bean>
+                </bean>
-				<bean class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
+                <bean class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationProvider">
-					<property name="key" value="changeThis"/>
+                    <property name="key" value="changeThis"/>
-				</bean>
+                </bean>
-			</list>
+            </list>
-		</property>
+        </property>
-	</bean>
+    </bean>
-
+
-	<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
+    <bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
-		<property name="userDetailsService" ref="userDetailsService"/>
+        <property name="userDetailsService" ref="userDetailsService"/>
-	</bean>
+    </bean>
-
+
-	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
+    <!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
-	<bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
+    <bean id="userDetailsService" class="org.springframework.security.core.userdetails.memory.InMemoryDaoImpl">
-		<property name="userProperties">
+        <property name="userProperties">
-			<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+            <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
-				<property name="location" value="/WEB-INF/users.properties"/>
+                <property name="location" value="/WEB-INF/users.properties"/>
-			</bean>
+            </bean>
-		</property>
+        </property>
-	</bean>
+    </bean>
-
+
-	<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
+    <!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
-	<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
+    <bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
-
+
-	<bean id="daacc" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>
+    <bean id="daacc" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>
-
+
-	<bean id="attributes" class="org.springframework.security.annotation.SecurityAnnotationAttributes"/>
+    <bean id="attributes" class="org.springframework.security.access.annotation.SecurityAnnotationAttributes"/>
-
+
-	<bean id="objectDefinitionSource" class="org.springframework.security.intercept.method.MethodDefinitionAttributes">
+    <bean id="securityMetadataSource" class="org.springframework.security.access.intercept.method.MethodDefinitionAttributes">
-		<property name="attributes"><ref local="attributes"/></property>
+        <property name="attributes"><ref local="attributes"/></property>
-	</bean>
+    </bean>
-
+
-	<bean id="securityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
+    <bean id="securityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
-		<property name="authenticationManager"><ref local="authenticationManager"/></property>
+        <property name="authenticationManager"><ref local="authenticationManager"/></property>
-		<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
+        <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
-		<property name="objectDefinitionSource">
+        <property name="securityMetadataSource">
-			<ref local="objectDefinitionSource"/>
+            <ref local="securityMetadataSource"/>
-		</property>
+        </property>
-	</bean>
+    </bean>
 </beans>
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml
@ -62,7 +62,7 @@
      - context. Optional unless concurrent session control is being used.
      -->
    <listener>
-        <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
+        <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
    </listener>
  <!--