From aafe457420b0a9cb54574b8db73479729fdf36ea Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 15 Aug 2022 14:02:07 -0500
Subject: [PATCH] Revert "Remove contacts sample"

This reverts commit c0d5ff70fca77f986ee52e343a9fb496e1e3a518.
---
 servlet/xml/java/contacts/build.gradle        |  55 ++++
 .../java/contacts/client/client.properties    |   8 +
 .../java/contacts/client/clientContext.xml    |  73 ++++
 servlet/xml/java/contacts/gradle.properties   |   1 +
 .../xml/java/contacts/gradle/gretty.gradle    |  41 +++
 .../gradle/wrapper/gradle-wrapper.jar         | Bin 0 -> 58910 bytes
 .../gradle/wrapper/gradle-wrapper.properties  |   5 +
 servlet/xml/java/contacts/gradlew             | 185 +++++++++++
 servlet/xml/java/contacts/gradlew.bat         | 104 ++++++
 .../security/samples/ContactsTests.java       |  96 ++++++
 .../security/samples/pages/AddPage.java       |  79 +++++
 .../security/samples/pages/ContactsPage.java  | 131 ++++++++
 .../security/samples/pages/HomePage.java      |  72 ++++
 .../security/samples/pages/LoginPage.java     |  79 +++++
 .../contact/AddDeleteContactController.java   |  76 +++++
 .../java/sample/contact/AddPermission.java    |  58 ++++
 .../contact/AddPermissionValidator.java       |  59 ++++
 .../contact/AdminPermissionController.java    | 176 ++++++++++
 .../sample/contact/ClientApplication.java     | 140 ++++++++
 .../src/main/java/sample/contact/Contact.java |  77 +++++
 .../main/java/sample/contact/ContactDao.java  |  42 +++
 .../java/sample/contact/ContactDaoSpring.java |  89 +++++
 .../java/sample/contact/ContactManager.java   |  58 ++++
 .../sample/contact/ContactManagerBackend.java | 181 ++++++++++
 .../sample/contact/DataSourcePopulator.java   | 279 ++++++++++++++++
 .../java/sample/contact/IndexController.java  | 105 ++++++
 .../main/java/sample/contact/WebContact.java  |  46 +++
 .../sample/contact/WebContactValidator.java   |  46 +++
 ...pplicationContext-common-authorization.xml |  65 ++++
 .../applicationContext-common-business.xml    |  49 +++
 .../resources/applicationContext-security.xml |  70 ++++
 .../contacts/src/main/resources/logback.xml   |  14 +
 .../src/main/resources/messages.properties    |   6 +
 .../main/webapp/WEB-INF/contacts-servlet.xml  |  26 ++
 .../src/main/webapp/WEB-INF/jsp/add.jsp       |  42 +++
 .../main/webapp/WEB-INF/jsp/addPermission.jsp |  56 ++++
 .../webapp/WEB-INF/jsp/adminPermission.jsp    |  30 ++
 .../webapp/WEB-INF/jsp/deletePermission.jsp   |  20 ++
 .../src/main/webapp/WEB-INF/jsp/deleted.jsp   |  13 +
 .../src/main/webapp/WEB-INF/jsp/frames.jsp    |  10 +
 .../src/main/webapp/WEB-INF/jsp/hello.jsp     |  52 +++
 .../src/main/webapp/WEB-INF/jsp/include.jsp   |   6 +
 .../src/main/webapp/WEB-INF/jsp/index.jsp     |  37 +++
 .../main/webapp/WEB-INF/remoting-servlet.xml  |  49 +++
 .../src/main/webapp/WEB-INF/spring.tld        | 311 ++++++++++++++++++
 .../contacts/src/main/webapp/WEB-INF/web.xml  |  99 ++++++
 .../contacts/src/main/webapp/accessDenied.jsp |  22 ++
 .../java/contacts/src/main/webapp/error.html  |   5 +
 .../contacts/src/main/webapp/exitUser.jsp     |  39 +++
 .../java/contacts/src/main/webapp/index.jsp   |   4 +
 .../java/contacts/src/main/webapp/login.jsp   |  47 +++
 .../contacts/src/main/webapp/secure/debug.jsp |  40 +++
 .../contacts/src/main/webapp/switchUser.jsp   |  42 +++
 .../src/site/resources/logback-test.xml       |  15 +
 .../contacts/src/site/resources/sslhowto.txt  |  99 ++++++
 .../sample/contact/ContactManagerTests.java   | 166 ++++++++++
 .../src/test/resources/logback-test.xml       |  15 +
 settings.gradle                               |   1 +
 58 files changed, 3811 insertions(+)
 create mode 100644 servlet/xml/java/contacts/build.gradle
 create mode 100644 servlet/xml/java/contacts/client/client.properties
 create mode 100644 servlet/xml/java/contacts/client/clientContext.xml
 create mode 100644 servlet/xml/java/contacts/gradle.properties
 create mode 100644 servlet/xml/java/contacts/gradle/gretty.gradle
 create mode 100644 servlet/xml/java/contacts/gradle/wrapper/gradle-wrapper.jar
 create mode 100644 servlet/xml/java/contacts/gradle/wrapper/gradle-wrapper.properties
 create mode 100755 servlet/xml/java/contacts/gradlew
 create mode 100644 servlet/xml/java/contacts/gradlew.bat
 create mode 100644 servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/ContactsTests.java
 create mode 100644 servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/AddPage.java
 create mode 100644 servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/ContactsPage.java
 create mode 100644 servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/HomePage.java
 create mode 100644 servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/LoginPage.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/AddDeleteContactController.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/AddPermission.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/AddPermissionValidator.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/AdminPermissionController.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/ClientApplication.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/Contact.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/ContactDao.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/ContactDaoSpring.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/ContactManager.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/ContactManagerBackend.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/DataSourcePopulator.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/IndexController.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/WebContact.java
 create mode 100644 servlet/xml/java/contacts/src/main/java/sample/contact/WebContactValidator.java
 create mode 100644 servlet/xml/java/contacts/src/main/resources/applicationContext-common-authorization.xml
 create mode 100644 servlet/xml/java/contacts/src/main/resources/applicationContext-common-business.xml
 create mode 100644 servlet/xml/java/contacts/src/main/resources/applicationContext-security.xml
 create mode 100644 servlet/xml/java/contacts/src/main/resources/logback.xml
 create mode 100644 servlet/xml/java/contacts/src/main/resources/messages.properties
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/WEB-INF/contacts-servlet.xml
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/add.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/addPermission.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/adminPermission.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/deletePermission.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/deleted.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/frames.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/hello.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/include.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/index.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/WEB-INF/remoting-servlet.xml
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/WEB-INF/spring.tld
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/WEB-INF/web.xml
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/accessDenied.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/error.html
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/exitUser.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/index.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/login.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/secure/debug.jsp
 create mode 100644 servlet/xml/java/contacts/src/main/webapp/switchUser.jsp
 create mode 100644 servlet/xml/java/contacts/src/site/resources/logback-test.xml
 create mode 100644 servlet/xml/java/contacts/src/site/resources/sslhowto.txt
 create mode 100644 servlet/xml/java/contacts/src/test/java/sample/contact/ContactManagerTests.java
 create mode 100644 servlet/xml/java/contacts/src/test/resources/logback-test.xml

diff --git a/servlet/xml/java/contacts/build.gradle b/servlet/xml/java/contacts/build.gradle
new file mode 100644
index 0000000..660c554
--- /dev/null
+++ b/servlet/xml/java/contacts/build.gradle
@@ -0,0 +1,55 @@
+plugins {
+	id "java"
+	id "war"
+	id "nebula.integtest" version "8.2.0"
+	id "org.gretty" version "4.0.0"
+}
+
+apply from: "gradle/gretty.gradle"
+
+repositories {
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
+	maven { url "https://repo.spring.io/snapshot" }
+}
+
+dependencies {
+	implementation platform("org.springframework.security:spring-security-bom:6.0.0-SNAPSHOT")
+	implementation platform("org.springframework:spring-framework-bom:6.0.0-SNAPSHOT")
+	implementation platform("org.junit:junit-bom:5.7.0")
+
+	implementation "org.springframework.security:spring-security-config"
+	implementation "org.springframework.security:spring-security-web"
+	implementation "org.springframework.security:spring-security-acl"
+	implementation "org.springframework.security:spring-security-taglibs"
+	implementation 'org.springframework:spring-web'
+	implementation "org.springframework:spring-webmvc"
+	implementation 'org.springframework:spring-aop'
+	implementation 'org.springframework:spring-beans'
+	implementation 'org.springframework:spring-context'
+	implementation 'org.springframework:spring-jdbc'
+	implementation 'org.springframework:spring-tx'
+	implementation 'org.slf4j:slf4j-api:1.7.30'
+	implementation 'org.slf4j:slf4j-simple:1.7.30'
+
+	providedCompile "jakarta.servlet:jakarta.servlet-api:5.0.0"
+	providedCompile "org.glassfish.web:jakarta.servlet.jsp.jstl:2.0.0"
+
+	runtimeOnly 'net.sf.ehcache:ehcache:2.10.5'
+	runtimeOnly 'org.hsqldb:hsqldb:2.5.0'
+	runtimeOnly 'org.springframework:spring-context-support'
+
+	testImplementation "org.springframework:spring-test"
+	testImplementation "org.springframework.security:spring-security-test"
+	testImplementation("org.junit.jupiter:junit-jupiter-api")
+	testImplementation "org.assertj:assertj-core:3.18.0"
+
+	testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
+
+	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+}
+
+tasks.withType(Test).configureEach {
+	useJUnitPlatform()
+	outputs.upToDateWhen { false }
+}
diff --git a/servlet/xml/java/contacts/client/client.properties b/servlet/xml/java/contacts/client/client.properties
new file mode 100644
index 0000000..9f3feee
--- /dev/null
+++ b/servlet/xml/java/contacts/client/client.properties
@@ -0,0 +1,8 @@
+# Properties file with server URL settings for remote access.
+# Applied by PropertyPlaceholderConfigurer from "clientContext.xml".
+#
+
+serverName=localhost
+httpPort=8080
+contextPath=/spring-security-sample-contacts-filter
+rmiPort=1099
diff --git a/servlet/xml/java/contacts/client/clientContext.xml b/servlet/xml/java/contacts/client/clientContext.xml
new file mode 100644
index 0000000..f30d172
--- /dev/null
+++ b/servlet/xml/java/contacts/client/clientContext.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "https://www.springframework.org/dtd/spring-beans.dtd">
+
+<!--
+  - Contacts web application
+  - Client application context
+  -->
+
+<beans>
+
+	<!-- Resolves ${...} placeholders from client.properties -->
+	<bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+		<property name="location"><value>client.properties</value></property>
+	</bean>
+
+	<!-- Proxy for the RMI-exported ContactManager -->
+	<!-- COMMENTED OUT BY DEFAULT TO AVOID CONFLICTS WITH APPLICATION SERVERS
+	<bean id="rmiProxy" class="org.springframework.remoting.rmi.RmiProxyFactoryBean">
+		<property name="serviceInterface">
+			<value>sample.contact.ContactManager</value>
+		</property>
+		<property name="serviceUrl">
+			<value>rmi://${serverName}:${rmiPort}/contactManager</value>
+		</property>
+		<property name="remoteInvocationFactory">
+			<ref bean="remoteInvocationFactory"/>
+		</property>
+	</bean>
+
+	<bean id="remoteInvocationFactory" class="org.springframework.security.ui.rmi.ContextPropagatingRemoteInvocationFactory"/>
+	-->
+
+	<!-- Proxy for the HTTP-invoker-exported ContactManager -->
+	<!-- Spring's HTTP invoker uses Java serialization via HTTP	 -->
+	<bean id="httpInvokerProxy" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
+		<property name="serviceInterface">
+			<value>sample.contact.ContactManager</value>
+		</property>
+		<property name="serviceUrl">
+			<value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-httpinvoker</value>
+		</property>
+		<property name="httpInvokerRequestExecutor">
+			<ref bean="httpInvokerRequestExecutor"/>
+		</property>
+	</bean>
+
+	<!-- Automatically propagates ContextHolder-managed Authentication principal
+		 and credentials to a HTTP invoker BASIC authentication header -->
+	<bean id="httpInvokerRequestExecutor" class="org.springframework.security.core.context.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor"/>
+
+	<!-- Proxy for the Hessian-exported ContactManager
+	<bean id="hessianProxy" class="org.springframework.remoting.caucho.HessianProxyFactoryBean">
+		<property name="serviceInterface">
+			<value>sample.contact.ContactManager</value>
+		</property>
+		<property name="serviceUrl">
+			<value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-hessian</value>
+		</property>
+	</bean>
+	-->
+
+	<!-- Proxy for the Burlap-exported ContactManager
+	<bean id="burlapProxy" class="org.springframework.remoting.caucho.BurlapProxyFactoryBean">
+		<property name="serviceInterface">
+			<value>sample.contact.ContactManager</value>
+		</property>
+		<property name="serviceUrl">
+			<value>http://${serverName}:${httpPort}${contextPath}/remoting/ContactManager-burlap</value>
+		</property>
+	</bean>
+	-->
+
+</beans>
diff --git a/servlet/xml/java/contacts/gradle.properties b/servlet/xml/java/contacts/gradle.properties
new file mode 100644
index 0000000..a2f0b27
--- /dev/null
+++ b/servlet/xml/java/contacts/gradle.properties
@@ -0,0 +1 @@
+version=6.0.0-SNAPSHOT
diff --git a/servlet/xml/java/contacts/gradle/gretty.gradle b/servlet/xml/java/contacts/gradle/gretty.gradle
new file mode 100644
index 0000000..ae3483d
--- /dev/null
+++ b/servlet/xml/java/contacts/gradle/gretty.gradle
@@ -0,0 +1,41 @@
+gretty {
+	servletContainer = "tomcat10"
+	contextPath = "/"
+	fileLogEnabled = false
+	integrationTestTask = 'integrationTest'
+}
+
+Task prepareAppServerForIntegrationTests = project.tasks.create('prepareAppServerForIntegrationTests') {
+	group = 'Verification'
+	description = 'Prepares the app server for integration tests'
+	doFirst {
+		project.gretty {
+			httpPort = -1
+		}
+	}
+}
+
+project.tasks.matching { it.name == "appBeforeIntegrationTest" }.all { task ->
+	task.dependsOn prepareAppServerForIntegrationTests
+}
+
+project.tasks.matching { it.name == "integrationTest" }.all {
+	task -> task.doFirst {
+		def gretty = project.gretty
+		String host = project.gretty.host ?: 'localhost'
+		boolean isHttps = gretty.httpsEnabled
+		Integer httpPort = integrationTest.systemProperties['gretty.httpPort']
+		Integer httpsPort = integrationTest.systemProperties['gretty.httpsPort']
+		int port = isHttps ? httpsPort : httpPort
+		String contextPath = project.gretty.contextPath
+		String httpBaseUrl = "http://${host}:${httpPort}${contextPath}"
+		String httpsBaseUrl = "https://${host}:${httpsPort}${contextPath}"
+		String baseUrl = isHttps ? httpsBaseUrl : httpBaseUrl
+		integrationTest.systemProperty 'app.port', port
+		integrationTest.systemProperty 'app.httpPort', httpPort
+		integrationTest.systemProperty 'app.httpsPort', httpsPort
+		integrationTest.systemProperty 'app.baseURI', baseUrl
+		integrationTest.systemProperty 'app.httpBaseURI', httpBaseUrl
+		integrationTest.systemProperty 'app.httpsBaseURI', httpsBaseUrl
+	}
+}
\ No newline at end of file
diff --git a/servlet/xml/java/contacts/gradle/wrapper/gradle-wrapper.jar b/servlet/xml/java/contacts/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 0000000000000000000000000000000000000000..62d4c053550b91381bbd28b1afc82d634bf73a8a
GIT binary patch
literal 58910
zcma&ObC74zk}X`WF59+k+qTVL*+!RbS9RI8Z5v&-ZFK4Nn|tqzcjwK__x+Iv5xL`>
zj94dg?X`0sMHx^qXds{;KY)OMg#H>35XgTVfq<a?p5??;h3KT@#Th_>6#vc9ww|9)
z@UMfwUqk)B9p!}NrNqTlRO#i!ALOPcWo78-=iy}NsAr~T8<iQCSay%@r|8C{rsbw-
zq-cSm&qGa94~w*^+AzpU4vVORG04zSi_q_!?wo-C(-Z$b<o~=H*xze=CyW2*t^RKx
zn1A|MI2oDRnEj8gDF5#2?quZPVCMAy3`rqdENKS@0>T0X0%G{DhX~u-yEwc29WQ4D
zuv2j{a&j?qB4wgCu`zOXj!~YpTNFg)TWoV>DhYlR^Gp^rkOEluvxkGLB?!{fD!T@(
z%3cy>OkhbIKz*R%uoKqrg1%A?)uTZD&~ssOCUBlvZhx7XHQ4b7@`&sPdT475?*zWy
z>xq*iK=5G&N6!HiZaD{NSNhWL;+>Quw_#ZqZbyglna!Fqn3N!$L`=;TFPrhodD-Q`
z1l*=DP2gKJP@)cwI@-M}?M$$$%u~=vkeC%>cwR$~?y6cXx-M{=wdT4|3X(@)a|KkZ
z`w$6CNS@5gWS7s7P86L<=vg$Mxv$?)vMj3`o*7W4U~*Nden}wz=y+QtuMmZ{(Ir1D
zGp)ZsNiy{mS}Au5;(fYf93rs^xvi(H;|H8ECYdC`CiC&G`zw?@)#DjMc7j~daL_A$
z7e3nF2$TKlTi=mOftyFBt8*Xju-OY@2k@f3YBM)-v8+5_o}M?7pxlNn)C0M<uXotM
zSq>cd@87?+AA4{Ti2ptnYYKGp`^FhcJLlT%RwP4k$ad!ho}-^vW;s{6hnjD0*c39k
zrm@PkI8_p}mnT&5I@=O1^m?g}PN^8O8rB`;t`6H+?Su0IR?;8txBqwK1Au8O3BZAX
zNdJB{bpQWR@J|e=Z>XSXV1DB{uhr3pGf_tb)(cAkp)fS7*Qv))&Vkbb+cvG!j}ukd
zxt*C8&RN}5ck{jkw0=Q7ldUp0FQ&Pb_$M7a@^nf`8F%$ftu^jEz36d#^M8Ia{VaTy
z5(h$I)*l3i!VpPMW+XGgzL~fcN?{~1QWu9!Gu0jOW<HKb8|{ilL^sv#S99zl5SCZ0
z331RHfJ9biCT=4#!Q~+HS&h*5Ar*o#Qd*seDkOxbH<B9h111bD2sVQ-n_z9vW@>WE
zNW%&&by0DbXL&^)r-A*7R@;T$P}@3eOj#gqJ!uvTqBL5bupU91UK#d|IdxBUZAeh1
z>rAI#*Y4jv>uhOh7`S@mnsl0g@1C;k$Z%!d*n8#_$)l}-1&z2kr@M+xWoK<npW$w?
zLm%afv@2#fg&=Uhvvf<~y|f{jBJ`%Gs75wAvr{)ey=_~}lskP$J-byKh0|$n0--Qo
zT4Zcb(oa{x(G+eMEz?6DjD^^tmuf@*z`CZ@0T0y-`Z=8jo8!KKA4lrWL1AZGoYN&)
zxu!B$D%BI^l+w#rSlwof?Bc{;pLs$PYnNdL)mp|a)1jr<9GPKo+=64^UqI$sJ+2r{
z=LijWf3g679DeAKo1^oN(KWA*%svT}im=j{OlHh81PX$dKfs$9Q0H_;Tb!5q@Lz>R
z!KySy-7h&Bf}02%JeXmQGjO3ntu={K$jy$rFwfSV8!zqAL_*&e2|CJ06`4&<l8I{l
zQ60Pi4Vw&xeBXG&MOF-i!v#%SCHblu05?%ym>0+ceI026REfNT>JzAdwmIlKLEr2?
zaZ#d*XFUN*g<P=9;v-*8tsSVmp{xdOuqy*@uxEW<<h8&Os&-t^1Krbah^JeP%^IZ&
z3w)>pzOxq)cysr&<Pt5+W;Z;L;Fe@?j)t1?k-yd-aNnW{cXSEJ7S|?~N!44hY)~N2
z$zC40dpcLQpFfV+UKZD=3ixS4Hzk*_Bii6-Svrz+!L630nwy{+a+f->#6zNdDDPH%
zd8_>3B}uA7;bP4fKVdd~Og@}dW#7<IdSV&DiG9!BYvUY)yqQwFI-vN;w{W;p2z_gI
zZMsfduelF?%?;b}yJgj|bE##`hPcV=Znmo^IY<6p?1G^z%e`u&tC-G;?>4ceETOE-
zlZgQqQfEc?-5ly(Z5`L_CCM!&Uxk5#wgo=OLs-kFHFG*cTZ)$VE?c_gQUW&*!2@W2
z7Lq&_Kf88OCo?BHCtwe*&fu&8PQ(R5&lnYo8%+U73U)Ec2&|A)Y~m7(^bh299REPe
zn#gyaJ4%o4>diN3z%P5&_aFUmlKytY$t21WGwx;3?UC}vlxi-vdEQgsKQ;=#sJ#ll
zZeytjOad$kyON4XxC}frS|Ybh`Yq!<(IrlOXP3*q86ImyV*mJyBn$m~?#xp;EplcM
z+6sez%+K}Xj3$YN6{}VL;BZ7Fi|iJj-ywlR+AP8lq~mnt5p_%VmN{Sq$L^z!otu_u
znVCl@FgcVXo510e@5(wnko%Pv+^r^)GRh;>#Z(|#cLnu_Y$#_xG&nvuT+~gzJsoSi
zBv<tDs(g9hqTub+(+8z~)4}5g;<=ne?XlYAC;sQfDbCu^*Cxci8g4q)CyriW+-I*K
z_7k4(7=A}F8Xz1AQ;{=UwVZO<DqgS@>X`|IS~xaold!`P!h(v|=>!5gk)Q+!0R<D7
z7wj2q^atm->1Ge7!WpRP{*Ajz$oGG$_?Ajvz6F0X?809o`L8prsJ*+LjlGfSziO;+
zv>fyRBVx#oC0jGK8$%$>Z;0+dfn8x;kHFQ?Rpi7(Rc{Uq{63Kgs{IwLV>pDK7yX-2
zls;?`h!I9YQVVbAj7<z}<Pn_>Ok1%Y+F?CJa-Jl>1x#UVL(lpzBBH4(6<w|b>v0^4
z3Tf`INjml5`F_kZc5M#^J|f%7Hgxg3#o}Zwx%4l9<O!k6ZMK~z7)CyZU$EaCr!F$4
zRRHVPe+rSXl&O^GFPm9~{0IB`-=yZBgyml><o|>yYG!WaYUA>+dqpRE3nw#YXIX%=
zi<zC7(?1GKvD%gjjvDIsmJK`1B!sdgWpc~U7B(>H3iYO<YTE!yOUe{Q#A@!eLw1|a
z%YAduPn<uyDh7WF6yyzj&Z2)TXFSVUaQk(iM$eqS?vB1P9r*8hT$A~@Ky%_Hjkmkc
zwx4|XotW6;e>~jr0nP5xp*VIa#-aa;H&%>{mfAPPlh5Fc!N7^{!z$;p-p38aW{gGx
z)dFS62;V;%%fKp&i@+5x=Cn7Q>H`NofJGXmNeh{sOL+Nk>bQJJBw3K*H_$}%<F1Xy
z3hhXA5Y2!L+&guH4C^NQedlpjaFgPzRDO6RO{ja+;ogrC)uK^t^9#vOsSOx(66s57
zqd901_9Uqj(Svp@hbr_oUW2$s&T|6|qvD})Aos8l9+3H<pTMKC*?QzGhXsFp2`zF`
z*EUcoU#DUUL36UeeRwM^7C%_N<$?Dn&Qdi~wA`EqjJHfZ^teq2oh&rf^o!cy5TF5e
zCWF#Gby_wxzFV9K+c)=GmqDccs0)pK7@`AzT-Hzsd+g<a#U%Y>*xJM=Kh;s#$@RBR
z|75|g85da@#qT=pD777m$wI!Q8SC4Yw3(PVU53bzzGq$IdGQoFb-c_(iA_~qD|eAy
z@J+2!tc{|!8fF;%6rY9`Q!Kr>MFwEH%TY0y>Q(D}xGVJM{J{aGN0drG&|1xO!Ttdw
z-1^gQ&y~KS5SeslMmoA$Wv$ly={f}f9<{Gm!8ycp*D9m*5Ef{ymIq!MU01*)#J1_!
zM_i4{LYButqlQ>Q#o{~W!E_#(S=hR}kIrea_67Z5{W>8PD>g$f;dTvlD<w0Z4y?s8
zfD1Dt>=X@T$8D0;BWkle@{VTd&D5^)U>(>g(jFt4lRV6A2(Te->ooI{nk-bZ(gwgh
zaH4GT^wXPBq^Gcu%xW#S#p_&x)pNla5%S5;*OG_T^PhIIw1gXP&u5c;{^S(AC*+$>
z)GuVq(FT@zq9;i{*9lEsNJZ)??BbSc5vF+Kdh-kL@`(`l5tB4P!9Okin2!-T?}(w%
zEpbEU67|lU#@>DppToestmu8Ce=gz=e#V+o)v)#e=N`{$MI<vT<GM$R1^~WLnc5!{
z@958o<EvPQ&k11@cjnB#>5P0O)_fHt1@aIC_QCv=FO`Qf=Ga%^_NhqGI)xtN*^1n{
z&vgl|TrKZ3Vam@wE0p{c3xCCAl+RqFEse@r*a<3}wmJl-hoJoN<|O2zcvMRl<#BtZ
z#}-bPCv&OTw`GMp&n4tutf|er`@#d~7X+);##YFSJ)BitGALu}-N*DJdCzs(cQ?I-
z6u(WAKH^NUCcOtpt5QTsQRJ$}jN28ZsYx+4CrJUQ%egH<Phd6Sk}<Xro4d#<Y0mKC
zQkt%DvN^gqGi$mVBl#*VzYGhXkkGDf@U(rqLeWQ^q3J}YiccOqls_L9j)Hj2EWcp>
zo#tMoywhR*oeIkS%}%WUAIbM`D)R6Ya&@sZvvUEM7`fR0Ga03*=qaEGq4G7-+30Ck
zRkje{6A{`ebq?2BTFFYnMM$xcQbz0nEGe!s%}O)m={`075R0N9KTZ>vbv2^e<WY4X
z@UXn(IA6Crv-JA;^MKtVD&WZ)t_Wc_vL7p_yF1{(P|=punYOs&(jL?Vf$`$duwOGp
z_x>ml>@}722%!r#6<YxxJhDQJXwBZj%iq4sjwiNLTk&WcRx_OWG*spYVn1R}-n^)G
zbx{%JE_0+q6Zzwc3Z(|+*-7_9r9yi77ANwz$eufzeRJ@=!MGi&w7vm1gQ9u5)sJqW
z#~RhA09`_oP_bIY&oKc<0pxW8c<PO|*}B~r+AeK&Jsoed&~})gurno>Wto}?vNst?
zs`IasBtcROZG9+%rYaZe^=5y3chDzBf><MO&yc^#<=bEx#}i|gS>;|5sP0!sP(t^=
z^~go8msT@|rp8LJ8km?4l?Hb%o10h7(ixqV65~5Y>n_zG3AMqM3UxUNj6K-FUgMT7
z*Dy2Y8Ws+%<f!Dy6ZMTc2jU5ojXRCWdHD+DrWPxu27RD3&ExYh1ph)Q6L>`Z*~m9P
zCWQ8L^kA2$rf-S@qHow$J86t)hoU#XZ2YK~<gQ;1-*5`g{R*_GXMchJ*KDa1{rpdo
z#807<TvA6?!fb(5azh9e-?Nh@ZC?YMw%Sdmyqn2OJ7eyWt;jo;HuSWXvL}$5fqpp9
z$&&wE1d~Z_rsffVfVc^PfQbHQsQshJRck?c;EcNZ#R1jJIC%a@q!enP)ub3+Omt0b
zFit2SmFyCYPbShzOzTSw1~c9p77jz%NI+S0G=2-umH{NP%U$5MkdPr!W=JJBMJ%*Q
zcom%`w45d21F~{zyvdBduxJH;23wXIyg@ax*l%~e9OHdY)#!hY(-@E!$bI-RROjtH
zD5v-61#I6$9rF~tfrfm|$>9GXVR|*`f6`0&8j|ss_Ai-x=_;Df^*&=bW$1nc{Gplm
zF}VF`w)`5A;W@KM`@<9Bw_7~?_@b{Z`n_A6c1AG#h#>Z$K>gX6reEZ*bZRjCup|0#
zQ{XAb`n^}2cIwLTN%5Ix`PB*H^(|5S{j?BwItu+MS`1)VW=TnUtt6{3J!WR`4b`LW
z?AD#ZmoyYpL=903q3LSM=&5eNP^dwTDRD~iP=}FXgZ@2WqfdyPYl$9do?wX{RU*$S
zgQ{OqXK-Yuf4+}x6P#A*la&^G2c2TC;aNNZEYuB(f25|5eYi|rd$;i0qk7^3Ri8of
ziP~PVT_|4$n!~F-B1_E<iCG)1M`bUD+FtpMK82&QOYEq6V8mAV-7UqvY_r6vbAm^$
zN9Rb7x>t<0OJZ*e+MN;5FFH`iec(lHR+O%O%_RQhvbk-NBQ+$)w{D+dlA0jxI;z|P
zEKW`!X)${xzi}Ww5G&@g0akBb_F`ziv$u^hs0W&FXuz=Ap>SUMw9=M?X$`lgPRq11
zqq+<rS8mCv3w!cdS8PuzZ!odE*{%sd$=^+&Cx`C{KaVKy@Xxc~5!9e`DR34r?Gzm{
z)Uz<Kx7Ro!Wc`H+`|R=r2bXgS<>n44qL;pgGO+*DEc+Euv*j(#%;>p)yqdl`dT+Og
zZH?FXXt`<0XL2@PWYp|7DWzFqxLK)yDXae&3P*#+f+E{I&h=$UPj;ey9b`H?qe*Oj
zV|-qgI~v%&oh7rzICXf<TFBT?!jsDAwTMCz%2pOP1h?nUQZO3kN<%&ZKW`g1ig<|j
zkO7M_?Me5p)$(rM>Zmg$8$B|zkjli<S+t?|6j)AedXb>Q=e4jFgYCLR%yi!9gc7>N
z&5G#KG&Hr+UEfB;M(M>$Eh}P$)<_IqC_WKOhO4(cY@Gn4XF(#aENkp&D{sMQgrhDT
zXClOHrr9|POHqlmm+*L6CK=OENXbZ+kb}t>oRHE2xVW<;VKR@ykYq04LM9L-b;eo&
zl!QQo!Sw{_$-qosixZJWhciN>Gbe8|vEVV2l)`#5vKyrXc<gy!bun3%k2qG-T9N=b
zMvRY8vT4J4=8k^s>6E`zmH(76nGRdL)pqLb@j<&&b!qJRLf>d`rdz}^ZSm7E;+XUJ
ziy;xY&>LM?MA^v0Fu8{7hvh_ynOls6CI;kQkS2g^OZr70A}PU;i^~b_hUYN1*j-DD
zn$lHQG9(lh&sDii)ip*{;Sb_-Anluh`=l~qhqbI+;=ZzpFrRp&T+UICO!OoqX@Xr_
z32iJ`xSpx=lDDB_IG}k+GTYG@K8{rhTS)aoN8D~Xfe?ul&;jv^E;w$nhu-ICs&Q)%
zZ=~kPNZP0-A$pB8)!`T<aB9KJMxDz@-$Jj~C4@&77BcfV0J-%~spcFrsc2EwFsg(M
zZK;Ea9l&J(XpF;+!9@?_%f!a!PeJ&oGD}&#g12ktJsa4(k`1-qc_~|t;bsIS4}-9~
zgSN}(#k`=AFk7!oWt0iiR=WnauwUj}OH$vOruZa6cJ)KvS+7q-un`<24}|a+PC*~5
z#M90qM+SW`Ei-85;h|W?o9f~NP(y&!Imr%pXfo?YBwowJ4e~0neUtP<FhcgGnQgFl
zMn@g^XG}UrM&E)*UZTWLkYY$+Gy4mn;{d!fOfd@3odW%(h`Z^1Of=a|F=YdeF%+10
zI_Y5<JwD6_hckd5zvfi}0z>EqE`tY3Mx^`%O`?EDiWsZpoP`e-iQ#E>fIyUx8XN0L
z@S-NQwc;0HjSZKWDL}Au_Zkbh!juuB&mGL0=nO5)tUd_4scpPy&O7SNS^aRxUy0^<
zX}j*jPrLP4Pa0|PL+nrbd4G;YCxCK-=G7TG?dby~``AIHwxqFu^OJhyIUJkO0O<>_
zcpvg5Fk$Wpj}YE3;GxRK67P_Z@1V#+pu>pRj0!mFf(m_WR3w3*oQy$<!cy1C(1uEe
zxw2t`s3C^K;tPSLWOD=@KXZ+>s39~U7Cb}p(N&8SEwt+)@%o-kW9Ck=^?tvC2$b9%
ze9(Jn+H`;uAJE|;$Flha?!*lJ0@lKfZM>B|c)3lIAHb;5OEOT(2453m!LgH2AX=jK
zQ93An1-#l@I@mwB#pLc;M7=u6V5IgLl>E%gvE|}Hvd4-bE1>gs(P^C}gTv*&t>W#+
zASLRX$y^DD3Jr<oR!_Gl`^bd;6|r{kFhrLMO)AS1FHMm|z9b5omko*v0T27qchh5Y
z*1}m#Gl4T|$yC21WS?+&v;4{h42B%5BhRy2#YF<?V%;zpffZ?7qTOH-fYD9dK)>ht
zwyt`yuA1j(TcP*0p*Xkv>gh+YTLrcN_HuaRMso~0AJg`^nL#52dGBzY+_7i)Ud#X)
zVwg;6$WV20U2uyKt8<)jN#^1>PLg`I`@Mmut*Zy!c!zshSA!e^tWVoKJD%jN&ml#{
z@}B$j=U5J_#rc%T7(DGKF+WwIblEZ;Vq;CsG~OKxhWYGJx#g7fxb-_ya*D0=_Ys#f
zhXktl=Vnw#Z_neW>Xe#EXT(4sT^3p6srKby4Ma5LLfh6Xr<HHShTfTbBDm)Dm@_=`
z=I}+(0z8#g-0|7+t+diLEtP}JotX9}HW7M#v-6AJD^!|!E7=b6#6_H2xRI?=$9OsQ
zZsV<wovu&!gz~VC8!g%|E-skb$4`*3`&3$5p-?|4bxpN%?C5TeFW7b%s`dxa8#_1d
zWiEKYKuJiWT_z;_kF_I<s`Qv5<=vpX$ENR8F|gJ>HGFGgM;5Z}jv-T!f~=jT&n>Rk
z4U0RT-#2fsYCQhwtW&wNp6T(im4dq>363H^ivz#>Sj;TEKY<)dOQU=g=XsLZhnR>e
zd}@p1<i_4z?&ZjCbfs^<TVyq_gn-ZPma2Tl+Rr3cG$VY7%R>B;hMsL~QH2Wq>9Zb;
zK`0`09fzuYg9MLJe~cdMS6oxoAD{kW3sFAqDxvFM#{GpP^NU@9$d5;w^WgLYknCTN
z0)N425mjsJTI@#2kG-kB!({*+S(WZ-{SckG5^OiyP%(6DpRsx60$H8M$V65a_>oME
z^T~>oG7r!ew>Y)&^MOBrgc-3PezgTZ2xIhXv%ExMFgSf5dQbD=Kj*!J4k^Xx!Z>AW
ziZfvqJvtm|EXYsD%A|;>m1Md}j5f2>kt*gngL=enh<>#5iu<V0AwsLagi<qWph#{n
zilo3pn-vUsh3~2{N}RyPu1&1Wf1_^4`M9oB-DVWaaWGjVrP7cB7a5NJ+K@uZ?aP0n
zAKQ{$ZVEx4SLd|HsV=@+D4Et8_sm*3vel+&)gkvjDV8gssB#X9#E=^8;0Msn6X(8Q
zt8EvZQ!NbeN~!%W(_Y<AY*C$jy1E^f*Ou%ovZL#qng47$JPIM?7nv0nTj`{4uPdPv
zVZ*B6+azr1Ff@<TYVRa!1^tw#;)vHv+);t+PRmK^usZehB2e!k@a3Q!o&Oe;&$wXq
zJape+zdmZYAF)21oEu=DMWusQnBQka{VlhUsNYK=BD1jx7vuLr`nGp(W*fP4rE{&p
z?2@(9ZRl$oYUiFq^LY&mzCMAmw1~0Ht`>d0dS1P%u2o+>VQ{U%(nQ_WTySY(s#~~>
zrTsvp{lTSup_7*Xq@qgjY@1#bisPCRMMHnOL48qi*jQ0xg~TSW%KMG9z<AVs`$48n
z4j5^v2xW+0|DmmS<ZAV-*l6HNS2LzK39~qBG;w4-J(vA;pH=i{lBKEsjr@tt!g3L&
zsaFmOy42FyBeCVR#oRJ$^~7xl{*ig<ScAO$Q(Q+5Kop6%U)$~oo>N<LGiN=<$-9Oi
z&^t1D#F7O`Q2b>1(tjXix()2$N}}K$AJ@GUth+AyIhH6Aeh7qDgt#t*`iF5#A&g4+
zWr0$h9Zx6&Uo2!Ztcok($F>4NA<`dS&Js%L+67FT@WmI)z#fF~S75TUut%V($oUHw
z<dq>$IJsL0X$KfGPZYjB9jaj-LaoDD$OMY4QxuQ&vOGo?-*9@O!Nj>QBSA6n$Lx|^
zky)4+sy{#6)FRqRt6nM9j2Lzba!U;aL%ZcG&ki1=3gFx6(&A3J-oo|S2_`*w9zT)W
z4MBOVCp}?4nY)1))SOX#6Zu0fQQ7V{RJq{H)S#;sElY)S)lXTVyUXTepu4N)n85Xo
zIpWPT&rgnw$D2Fsut#Xf-hO&6uA0n~a;a3!=_!Tq^TdGE&<*c?1b|PovU}3tfiIUu
z){4W|@PY}zJOXkGviCw^x27%K_Fm9GuKVpd{P2>NJlnk^I|h2XW0IO~LTMj>2<;S*
zZh2uRNSdJM$U$@=`zz}%;ucRx{aKVxxF7?0hdKh6&GxO6f`l2kFncS3xu0Ly{ew0&
zeEP*#lk-8-B$LD(5yj>YFJ{yf5zb41PlW7S{D9zC4Aa4nVdkDNH{UsFJp)q-`9OYt
zbOKkigbmm5hF?ttt<p~r3Qg2`@yJOV`f20inh6w0i@GUo=RO&Bi2rW<I^<0DVsu8b
zyO>n;S4g^142AF^`kiLUC?e7=*JH%Qe>uW=dB24NQa`;lm5yL>Dyh@HbHy-f%6Vz^
zh&MgwYsh(z#_fhhqY$3*f>Ha}*^cU-r4uTHaT?)~LUj5``FcS46oyoI5F3ZRizVD%
zPFY(_S&5GN8$Nl2=+YO6j4d|M6O7CmUyS&}m4LSn6}J`$M0ZzT&Ome)ZbJDFvM&}A
zZdhDn(*viM-JHf84$!I(8eakl#zRjJ<!59ig7G8GV`ZI^M_a-~N&Yt3A}07Fn-b_~
zX#(FhFBF*6aANJE97Pg?5ouuiJVzi(!zhN(#)eChItW)9&s*SwtqxrS>H4qfw8=60
z11Ely^FyXjVvtv48-Fae7p=adlt9_F^j5#ZDf7)n!#j?{W?@j$Pi=k`>Ii>XxrJ?$
z^bhh|X6qC8d{NS4rX5P!%jXy=>(P+r9?W(2)|(=a<ahaquu+U!HM5@y-`9$(F%q7X
z(X3D*e14Cpy%ebGI3j!63MkmcTrM%>^s^l~x*^$Enw$~u%WRuRHHFan{X|S;FD(Mr
z@r@h^@Bs#C3G;~IJMrERd+D!o?HmFX&#i|~q(7<upnDy~H=_Lnn3!RG#x8wy{satU
z&x)0N<hr6c(>QR3f8QDip?ms6|GV_$86aDb|5pc?_-jo6vmWqYi{P#?{m_AesA4xX
zi&ki&lh0yvf*Yw~@jt|r-=zpj!bw<6zI3Aa^Wq{|*WEC}I=O!Re!l~&8|Vu<$yZ1p
zs-SlwJD8K!$(WWyhZ+sOqa8cciwvyh%zd`r$u;;fsHn!hub0VU)bUv^QH?x30#;tH
zTc_VbZj|prj7)d%ORU;Vs{#ERb>K8>GOLSImnF7JhR|g$7FQTU{(a7RHQ*ii-{U3X
z^7+vM0R$8b3k1aSU&kxvVPfOz3~)0O2iTYinV9_5{pF18j4b{o`=@AZIOAwwedB2@
ztXI1F04mg{<>a-gdFoRjq$6#FaevDn$^06L)k%wYq03&ysdXE+LL1#w$rRS1Y;BoS
zH1x<vfMvOott9mbeJr119K?b32afaI3&Fx<>}{ms>LHWmdtP(ydD!aRdAa(d@csEo
z0EF9L>%tppp`CZ2)jVb8AuoYyu;d^wfje6^n6`A?6$&%$p>HcE_De-Zh)%3o5)LDa
zskQ}%o7?bg$xUj|n8gN9YB)z!N&-K&!_hVQ?#SFj+MpQA4@4oq!UQ$Vm3B`W_Pq3J
z=ngFP4h_y=`Iar<`EESF9){%YZVyJqLPGq07TP7&fSDmnYs2NZQKiR%>){imTBJth
zPHr@p>8b+N@~%43rSeNuOz;rgEm?14hNtI|KC6Xz1d?|2J`QS#`OW7gTF_;TPPxu@
z)9J9>3Lx*bc>Ielg|F3cou$O0+&LTb34_*ZJhpS&$8DP>s%47a)4ZLw`|>s=P_J4u
z?I_%AvR_z8of@UYWJV?~c4Yb|A!9n!LEUE6{sn@9+D=0w_-`szJ_T++x3MN$v-)0d
zy`?1QG}C^KiNlnJBRZBLr4G~15V3$QqC%1G5b#CEB0VTr#z?Ug%Jyv@a`QqAYUV~^
zw)d|%0g&kl{j#FMdf$cn(~L@8s~6eQ)6{`ik(RI(o9s0g30Li{4YoxcVoYd+LpeLz
zai?~r)UcbYr@lv*Z>E%BsvTNd`Sc?}*}>mzJ|cr0Y(6rA7H_6&t>F{{mJ^xovc2a@
zFGGDUcGgI-z6H#o@Gj29C=Uy{<kA$h8|s=?6E2OBcx29=^6+bRV*Gl|MfNNy<2>wv
zQHY2`HZu8+sBQK*_~I-_>fOTKEAQ8_Q~YE$c?cSCxI;vs-JGO`RS464Ft06rpjn+a
zqRS0Y3oN(9HCP@{J4mOWqIyD8PirA!pgU^Ne{LHBG;S*bZpx3|JyQDGO&(;Im8!ed
zNdpE&?3U?E@O~>`@B;oY>#?gXEDl3pE@J30R1;?QNNxZ?YePc)3=NS>!STCrXu*lM
z69WkLB_RBwb1^-zEm*tkcHz3H;?v<RWY@dX)dRkh9|+|TpkW%)^_l5%$Dw3vn{~Nu
zzM5_zat<k<S-Q-2xofOm+XGr1wFensKae%F=6Hl^qgs4fK)|0jQJiAlJDXKVIyc~>
z;q+x0Jg$|?5;e1-kbJnuT+^$bWnYc~1qnyVTKh*cvM+8yJT-HBs1X@cD;L$su65;i
z2c1MxyL~NuZ9+)hF=^-#;dS#lFy^Idcb>AEDXu1!G4Kd8YPy~0lZz$2gbv?su}Zn}
zGtIbeYz3X8OA9{sT(aleold_?UEV{hWRl(@)NH6GFH@$<8hUt=dNte%e#Jc>7u9xi
zuqv!CRE@!fmZZ}3&@$D>p0z=*<BIEuLx27-hwsSaC;3TU6feX9=H(Gd7$DCk*mk4J
z5<E+J^C$kuE4@_fp0ymqcNQ)@M~{GTq46D*wHxDy0D8DsyPM-y96D|vJnvK-Iw4-<
z-r}q5YcXOvQolS_q{BBSzYKk5#0M5r6Ucr9ny3ZB3ZjmX&ocz8U6!@wnXE&3e_Ozc
zN_W?^n94l1o9?K|`Pwr&^7)z{o*vC<diA86n{xQ(3!AC?HhO#d*f7?_C*KW;(==~I
zgsx1*Q5>dfQ_=IE4bG0hLmT@OP>x$e`qaqf_=#baJ8XPtOpWi%$ep1Y)o2(sR=v)M
zt(z*pGS$Z#j_xq_lnCr+x9fwiT?h{NEn#iK(o)G&Xw-#DK?=Ms6T;%&EE${Gq_%99
z6(;P~jPKq9llc+cmI(MKQ6*7PcL)BmoI}MYFO)b3-{j>9FhNdXLR<^mnMP`I7z0v`
zj3wxcXAqi4Z0kpeSf>?V_+D}NULgU$DBvZ^=0G8Bypd7P2>;u`yW9`%4~&tzNJpgp
zqB+iLIM~IkB;ts!)exn643mAJ8-WlgFE%Rpq!UMYtB?$5QAMm)%PT0$$2{>Yu7&U@
zh}gD^Qdgu){y3ANdB5{75P;lRxSJPSpQPMJOiwmpMdT|?=q;&$aTt|dl~k<aJt>vS
z+*i;6cEQJ1V`R4Fd>-Uzsc=DPQ7A7#VPCIf!R!KK%LM&G%MoZ0{-8&99H!|UW$Ejv
zhDLX3ESS6CgWTm#1ZeS2HJb`=UM^gsQ84dQpX(ES<z(&&3-aTkgymIxhy>WSkjn>O
zVxg%`@mh(X9&&wN$lDIc*@>rf?C0AD_mge3f2KkT6kGySOhXqZjtA?5z`vKl_{(5g
z&%Y~9p?_DL{+q@siT~*3Q*$<RlC-xqleM?Ec6In?W0lH={DvSR9}KBmbih)w3^b}V
z6=~BD`1%5jSb?D+v2L<p5w94z7I;uS$!LCo!EzK>nWXQfNN;%s_eHP_A;O`N`SaoB
z6xYR;z_;HQ2xAa9xKgx~2f2xEKiEDpGPH1d@||v#f#_Ty6_gY>^oZ#xac?pc-F<Yh
zR_K?RiJ2oubCQ7^1AS@qhuw(e$?q0+SO_{-L;S1`TW&JG1MgIoKYffYS!p}+_O>`@
z*}8sPV@xiz?efDMcmmezYVw~qw=vT;G1xh+xRVBkmN66!u(mRG3G6P#v|;w@anEh7
zCf94arw%YB*=&3=RTqX?z4mID$W*^+&d6qI*LA-yGme;F9+wT<b@sM1y@yn4yfx{P
z9%qz6XAom3tkCH+4C-y<f5k@Iqr-DdIWdY4&_H<h82%2S#%euBYujZW%8ZeU^rQBg
zA7yk@0FV}qNUK9BTrUzJ>sNXNaX~zl2+qIK&D-aeN4lr0+yP;W>|Dh?ms_ogT{DT+
ztXFy<Fw<O&uN$I0yh{4kw%T3c-3IOeEqAa9Q=sJ%Fg2yM^<K4`&IuS{#_e=-Mwq*o
zmtrN@38$|+o}@!NTFNIFo$J$G$cM1(bSJ+vZkw{_%ngPw;8=;t;^L?=xu}ryFVg{U
zJDboU4GdWnuPTJgXDGqT<plV`P%=gC0bTZ!L|VoC1cp_PHT)5Gk<|+}{S#3AglpUW
zw4=y?IH6Q|t0Bi7w)rDspNF`hiUxuTN(r~ff>*R7j4IX;w@@R9Oct5k2M%&j=c_<x
zARHp2${;hHY<Zu<0hr7^)J=|ztMqh^o9b7=1tjqRcBfHw+P<aX%bEYbV>rWvoul+`
z<18FH5D@i$P38W9VU2(EnEvlJ(SHCqTNBa)brkIjGP|jCnK&Qi%97tikU}Y#3L?s!
z2ujL<P!NRJ;pb74B&2(*v3*=3C!ajoaM60iA_@<lvU~#?VK-;@%lYHB2=eH-KxgS<
z3i#RNOMZJchy9nvNjDb0=f@rmka`3-bWXl8OHR4)aO2^v4cBJ%E*CX5X*<ZQ+AS~m
z?8^bTUzZ~COr-~s{^h95hevs!x9XDgh_-Hg6obm0Q<rc*joOsUc&+lC)h3P6P12zC
z;jK2>%YiHO-#!|g5066V01hgT#>fzls7P>+%D~ogO<LgVQBY|7$Ac^C0gtdq_kF$l
zi!CRQINa@vQ85Af^0J}#!;epD{+|dHV}_c;Kk$|B7{$?iB>T<KE*!;%_1exy!;V7Z
zUhkB^36gRN(xP$|@1%SxpmRqoP<e^D1Zaq)zHs>&!Whb4iF=CnCto82Yb#b`YoVsj
zS2q^W0Rj!RrM@=_GuPQy5*_X@Zmu`TKSbqEOP@;Ga&Rrr>#H@L41@ZX)LAkbo{G8+
z;!5EH6vv-ip0`tLB)xUuOX(*YEDSWf?PIxXe`+_B8=KH#HFCfthu}QJylPMTNmoV;
zC63g%?57(&osaH^sxCyI-+gwVB|Xs2TOf=mgUAq<u+6a=o_#tNo<$cUz+tJYgt74L
z&bXb|lg8YWz0xqU_>?V~N_5!4A=b{AXbDae+yABuuu3B_XSa<ShO1FW&?3jUN>4~c
z1s-OW>!cIkjwJf4ZhvT|*IKaRTU)WAK=G|H#B5#NB9<{*kt?7`+G*-^<)7$Iup@Um
z7u*ABkG3F*Foj)W9-I&@BrN8(#$7Hdi`BU#SR1Uz4rh&=Ey!b76Qo?RqBJ!U+rh(1
znw@xw5$)4D8OWtB_^pJO*d~2Mb-f~>I!U#*=Eh*xa6$LX?4Evp4%;ENQR!mF4`f7F
zpG!NX=qnCwE8@<qR|&r{mxRcyemI&JFVUqTNe$Yqx3)%E2Ra>NAbQV`*?!v0;NJ(|
zBip8}VgFVsXFqslXUV>_Z>1gmD(7p#=WACXaB|Y`=Kxa=p@_ALsL&yAJ`*QW^`2@%
zW7~Yp(Q@ihmkf{vMF?kqkY%<z|HOVSkQhWsSTQ6i-lIJIJttZ!JjiiJ_ow$&kvWXq
z`4$VhLEd>SwG^t&CtfRWZ{syK@W$#DzegcQ1>~r7foTw3^V1)f2Tq_5f$igmfch;8
zT-<)?RKcCdQh6x^mMEOS;4IpQ@F2q-4IC4%*dU@jfHR<!`n5T9XSWr^nRn_u@rV=u
zWX}y_M)4?RA-|XAaToL3ZVTT=syG^~aU{{FH*Jsr?3^#XwL!huM!u*w-JwRve<&BM
z>4UdG>Usw4;7ESpORL|2^#jd+@zxz{(|<QJ)PEm)axi-e#yUYztv}U&Z^voJ1p2FR
z&+$VepO9z>RV*1WKrw-)ln*8LnxVkKDfGDHA%7`HaiuvhMu%*mY9*Ya{Ti#{DW?i0
zXXsp+Bb(_~wv(3t70QU3a$*<$1&zm1t++x#wDLCRI4K)kU?Vm9n2c0m@T<Z=DL!m#
zR31}F2Sr7!8C9b&9FSRt1}wG&Fy>yUV&&l9%}fulj!Z9)&@yIcQ3gX}l0b1LbIh4S
z5C*IDrYxR%qm4LVzSk{0;*npO_SocYWbkAjA6(^IAwUnoAzw_Uo}xYFo?Y<-4Zqec
z&k7HtVlFGyt_pA&kX%P8PaRD8y!Wsnv}NMLNLy-CHZf(ObmzV|t-iC#@Z9*d-zUsx
zxcYWw{H)nYX<H!OG74jpEvhynVg$Z6r^t$teoZF6&9mSZRfQSgzy#)7=dgb*gX2L6
zkLoVmidaPj$WO9534y?PN?$Pa*jcoSGD~uM4eiqhcderFtU*s!koalLsXq58q7OKr
z8mL~&vDPR1o!}gGqE@mB9)ll0Y+I3pg_@?($X#+g<X*Bc<fN?K>VdnJu5o-U+fn~W
z-$h1ax>h{NlWLA7;;6TcQHA>UJB$KNk74T1xNWh9)kwK~wX0m|Jo_Z;g;>^E4-k4R
zRj#pQb-Hg&dAh}*=2;JY*aiNZzT=IU&v|lQY%Q|=^V5pvTR7^t9+@+ST&sr!J1Y9a
z514dYZn5rg6@4Cy6P`-<Ip*0h@4^E-te%|Hygl8G7!?4YJmmD)iTnFnXlRh>?!3Y&
z?B*5zw!mTiD2)>f@3XYrW^9V-@%YFkE_;PCyCJ7*?_3cR%tHng9%ZpIU}LJM=a+0s
z(SDDLvcVa~b9O!cVL8)Q{d^R^(bbG=Ia$)dVN_tGMee3PMssZ7Z;c^Vg_1CjZYTnq
z)wnF8?=-MmqVOMX!iE?YDvHCN?%TQtKJMFHp$~kX4}jZ;EDqP$?jqJZjoa2PM@$uZ
zF4}iab<QEgXXhnd2;4rDSDgrcTv7~<DDN^=G=PSLBDxkg$c{YxQKz`lJO^y?8pfm9
zt^nd=ih;P9fmU8c=`6;a7jt^1&=Y67cw(v4eSp%ElSN)TuO|J=3b=0!maKgZW`DFf
zSy{X`Q)Gr|MoRxBY@krh6yO>1b5ep)L;jdegC3{<!<?;*J=R#rpw0<3&}6qn&=Qj)
z&e+IcP9Rz*wB8am3aW`T=#OJ#D@k8{jz0Y29E7R~mAMhtu?g3TAvkw^;&xX`tmgE|
zv^HiNoJBppf(Xm?i1;syXnI4Kn!IJlt@sOk+<|QQOYt{eZdrGA;vkZbOkt?Ba2HIo
zzjIO-T$11Tq)1`{dVa~e5V0({5ZU}cg(#C<A!}p9utp!2_QB+luRxxnNctT}@wh<9
zd*7bN#JQxas1}&Holy6BMg#{Lu_fw~`KJ<7j}u1ll;wth+Lnnxrq1~QmSi!Y(Nlgt
zxGphCr!e$X^);_GRTzJywtv&3ll_kEI;?Q|01;m03Qwiop_SN!O?|Kz%cH7e4$=v$
zufVL~L9kPYkFA}j-7Iv;Uh3q?Gq2+gV#BJM-fh7{Ftjp7y?9TBKX|T0oyT2`?;m+*
z)IkQ#@=2?2udS-L0MiL|9982kJ0h|{Yr`C`SZ0rYj)HfBOR~UYpVz^I_0K5WK!$+)
zs4$uUD>K4VnCH#OV;pRcSa(&Nm50ze-yZ8*cGv;@+N+A?ncc^2z9~|(xFhwOHmPW@
zR5&)E^YKQj@`g=;zJ_+CLamsPuvppUr$G1#9urUj+p-mPW_QSSHkPMS!52t>Hqy|g
z_@Yu3z%|wE=uYq8G>4`Q!4zivS}+}{m5Zjr7kMRGn_p&hNf|pc&f9iQ`^%78rl#~8
z;os@rpMA{ZioY~(<F66_*K|+nU;VoOpm}0{rO5$C*wF8(vtv}GE@=HH<Nk{pYFIF#
zdGD=>Rm!Wf#Wx##A0PthOI341QiJ=G*#}pDAkDm+{0kz&*NB?rC0-)glB{0_Tq*^o
zVS1>3REsv*Qb;qg!G^9;VoK)P*?f<*H&4Su1=}bP^Y<2PwFpoqw#up4Ig<U<gHghm
zE0#Y7<GK&2%{El%_Y)ca#APbrf%FUE9U^Nx(6!PnH=8Urc7uMy{d=TbHmLjRfA@%m
zBLDZ1+Bv%z+1UK66+2tg(+AZZ?fa`?lr{-?K~WgPGE3XWnPHDQcu-iF$rhQAC>X3L
z`w~8jsFCI3k~Y9g(Y9Km`y$0FS5vHb)kb)J<XzCZ+kRfXT7vI_;8{h?*WR3CZHtzQ
zDR=g3#{F~qz31g!ZszkOKMc5PK;YO2l-4eBvnw7aD+`q)HX6N%3^xI3AUwE`*|f;h
zDO#d6?3Vc2V2Xxe@3?pq_v9EJ3#v<2oI`(RI{U!^L%+YU)2s`*);LjP(gW@qYOh)L
zPY0s@Y{NF;L5v4VZC5+)%RZg#t9njPHLg-uH!f3GP}V%+^}&(*ga^hpok@JP<SyT4
zm&U-mu!sK-f**T9L_U(@DEw161V#V~QXkb3?oEb8C;{@l17vyW*I>b6q-9MbO{Hbb
zxg?IWQ1ZIGgE}wKm{axO6CCh~4DyoFU+i1xn#oyfe+<{>=^B5tm!!*1M?AW<qAZ%p
zqBl>8c=6g+%2Ft97_Hq&ZmOGvqGQ!Bn<_Vw`0DRuDoB6q8ME<;oL4kocr8E$NGoLI
zXWmI7Af-DR|KJw!vKp2SI4W*x%A%5BgDu%8%Iato+pWo5`vH@!XqC!yK}KLzvfS(q
z{!y(S-PKbk!qHsgVyxKsQWk_8HUSSmslUA9nWOjkKn0%cwn%yxnkfxn?Y2rys<JE*
zd6z;KD=#Q%;cSb%PH2V)%o{=Fx|k`{>XKS=t-TeI%DN$sQ{lcD!(s>(4y#CSxZ4R}
zFDI^HPC_l?uh_)-^ppeYRkPTPu~V^0Mt}#jrTL1Q(M;qVt4zb(L|J~sxx7Lva9`mh
zz!#A9tA*6?q)xThc7(gB<ny#3-hALo#K5~(NTrDll#>2Ryam$YG4qlh00c}r&$y6u
zIN#Qxn{7RKJ+_r|1G1KEv!&uKfXpOVZ8tK{M775ws%nDyoZ?bi3NufNbZs)zqXiqc
zqOsK@^OnlFMAT&mO3`@3nZP$3lLF;ds|;Z{W(Q-STa2>;)tjhR17OD|G>Q#zJHb*>
zMO<{WIgB%_4MG0SQi2;%f0J8l_FH)Lfaa>*GLobD#AeMttYh4Yfg22@q4|Itq};NB
z8;o*+@APqy@fPgrc&PTbGEwdEK=(x5K!If@R$NiO^7{#j9{~w=RBG)ZkbOw@$7Nhl
zyp{*&QoVBd<?r(PmG5eJ$o3z+HV5w1eeDp-rvnyYr;XeO2s}3%;u7*GZh4@3HEtn4
zl=_oilL7?}7({hJ(u2#?X>5lo<R;7Ivsy34t)%m;MhoOwp@KWu*vvBMNS|tbc6;}3
zpmPR_`W65;uBCDk3YIFuYZ@-W*_Ve$jbt<chLPyLl*T~u-9Iw2^SX15#ZeP(M%;??
z8Tyv)tkk-x*$;`<N;zq%`npv4>{iwl2gfyip@}IirZK;ia(&ozNl!-EEYc=QpYH_=
zJkv7gA{!n4up6$CrzDJIBAdC7D5D<_VLH*;OYN>_Dx3AT`K4Wyx8Tm{I+xplKP6k7
z2sb!i7)~%R#J0$|hK?~=u~rnH7HCUpsQJujDDE*GD`qrWWog+C+E~GGy|Hp_t4--}
zrxtrgnPh}r=9o}P6jpAQuDN}I*GI`8&%Lp-C0IOJt#o<LWWo^Dmj%NMD<@h&?0Gs;
z6)FA<Vxp%+oiZa^QrOWz-cjprk#BXB+XKySd9_XES;@3;wLHUg*Su?kSpjjdU`Su<
z!|N$yj0`p!E|t@nEV0e(1YB{2*>p)}XSr!ova@w{jG2V=?GXl3zEJJFXg)U3N>BQP
z*Lb@%Mx|Tu;|u>$-K(q^-<d@dEl3DmQcZJ9w#wRZ>HG!EQ3o93%w(A7@<y+Q*X@<~
zjX&YNFdh8ctHtbvY&9|NRffuw3miwYf8_fe>ngGU)HRWoO&&^}U$5x+T&#zri>6ct
zXOB#EF-;z3j311K`jrYyv6pOPF=*`SOz!ack=DuEi({UnAkL5H)@R?YbRKAeP|06U
z?-Ns0ZxD0h9D8)P66Sq$w-yF+1hEVTaul%&=kKDrQtF<$RnQPZ)ezm1`aHIjAY=!S
z`%vboP`?7mItgEo4w50C*}Ycqp9_3ZEr^F1;cEhkb`BNhbc6PvnXu@wi=AoezF4~K
zkxx%ps<8zb=wJ+9I8o#do)&{(=yAlNdduaDn!=xGSiuo~fLw~Edw$6;l-qaq#Z7?#
zGrdU(Cf-V@$x>O%yRc6!C1Vf`b19ly;=mEu8u9|zitcG^O`lbNh}k=$%a<a(jkHD&
z5E|{xtrO@buz>)UHhDwTEKis2yc4rBGR>l*(B$AC7ung&ssaZGkY-<sFP@AP+_60R
zAg>h(fpwcPyJSx*9EIJMRKbMP9}$nVrh6$g-Q^5Cw)BeWqb-qi#37ZXKL!GR;ql)~
z@PP*-oP?T|Thql<lGlaq*SE}O|Kg5v{p9U1#^sO|4i6$GN_=Fxac6SnsB!!bQwmxR
zzF`Y4Z9dIMc=u(+A?+H4+93(PKM20zf!d;g+9`$FibL)pAerKmD)Ym>GKR84zi^CN
z4TZ1A)7vL>ivoL2EU_~xl-P{p+sE}9CRwGJDKy{>0KP+gj`H9C+4fUMPnIB1_D`A-
z$1`G}g0lQmqMN{Y&8R*$xYUB*V}dQPxGVZQ+rH!DVohIoTbh%#z#Tru%Px@C<=|og
zGDDwGq7yz`%^?r~6t&>x*^We^tZ4!E4dhwsht#Pb1kCY{q#Kv;z%Dp#Dq;$vH$-(9
z8S5tu<X6lOB_R@a0Vr<O`jiFw>tZ}&JM2Iw&Y-7KY4h5BBvS=Ove0#+H2qPdR)WyI
zYcj)vB=MA{7T|3Ij_PN@FM@w(C9ANBq&|NoW30ccr~i#)EcH)T^3St~rJ0HKKd4wr
z@_+132;Bj+>UC@h)A<n=_{iu`>p*8B4r5A1lZ!Dh%H7&&hBnlFj@eayk=VD*i5AQc
z$uN8<jj%Mz=t#q{%FRx#WxsIUtYvHo`1^l=C=QT-Iv$#7$}3Wi-3pe_a7Q}nvc(HZ
zjbaBWJ-znO=(Ae|8a4S0?Kn>YG#PL;cuQa)Hyt-}R?&NAE1QT>svJDKt*)AQOZAJ@
zyxJoBebiobHeFlcLwu_iI&NEZuipnOR;Tn;PbT1Mt-#5v5b*8ULo7m)L-eti=UcGf
zRZXidmxeFgY!y80-*PH-*=(-W+fK%KyUKpg$X@tuv``tXj^*4qq@UkW$ZrAo%+hay
zU@a?z&2_@y)o@D!_g>NVxFBO!EyB&6Z!nd4=<EpWAIw*i`_(95Du;<hh`i0(OvU)o
zJAWpE*}wvy3Se90u|cilV!M2Sk<G3v`?@llEvy2X_;kh^wm@5miOB8tQzMjgS&WFy
z1_T#|P_NH5Ei^j{NKjDP=mteXU4Cz5b(0viVv>KyDP^hl!*(k{dEF6@NkXztO7gIh
zQ&PC+p-8WBv;N(rpfKdF^@Z~|E6pa)M1NBUrCZvLRW$%N%xIbv^uv?=C!=dDVq3%*
zgvbEBnG*JB*@vXx8>)7XL*!{1Jh=#2UrByF7U?Rj_}VYw88BwqefT_c<e4Q|cAR_y
zzPGw5XY8YH)i0W+ow;U(xdI9oqV)sU`cZ3Yu$@AG*n~rtRQ!HcH8>CTv8aTrRVjnn
z1HNCF=44?*&gs2`<Sd^EHgz7rQJ_Qfl@T}YZe28Av14ZY$;b?@?424@^eB+;ztot*
zn$~^)m?8zUpZ_NqAG(1!6#o5-0{veM6aF{Th=0KNAISZ?|G`Ifd0Bv>vCGJVHX@kO
z240eo#z+FhI0=yy6NHQwZs}a+J~4U<d8dmBO0TIJt+~2d+v+cq);kTXE+e(1USHSN
zNwc!GuI}8z==5Fp^DCD7KIzFAC-waC`u-a7zTNq<={$QcaFXMF687DGgNa19*9!??
zIFV5yoW@#^O(=1|%`9I)9Y1LzOmUJtIK$u1<;5%_oQ<!~SeSyox8YaGbcjE>-6X`@
zZ7j+tb##m`x%J66$a9qXDHG&^kp|GkFFMmjD(Y-k_ClY~N$H|n@NkSDz=gg?*2ga5
z)+f)MEY>2Lp15;~o`t`qj;S>BaE;%dv@Ux11yq}I(k|o&`5UZFUHn}1kE^gIK@qV&
z!S2IhyU;->VfA4Qb}m7YnkIa9%z{l~iPWo2YPk-`hy2-Eg=6E$21plQA5W2qMZDFU
z-a-@Dndf%#on6chT`dOKnU9}BJo|kJwgGC<^nfo34zOKH96LbWY7@Wc%EoFF=}`VU
zksP@wd%@W;-p!e^&-)N7#oR331Q)@9cx=mOoU?_Kih2!Le*8fhsZ8Qvo6t2vt+UOZ
zw|mCB*t2%z21YqL>whu!j?s~}-L`OS+jdg1(XnmYw$rg~r(?5Y+qTg`$F}q3J?GtL
z@BN&8#`u2RqkdG4yGGTus@7U_%{6C{XAhFE!2SelH?KtMtX@B1GBhEIDL-Bj#~{4!
zd}p7!#XE9Lt;sy@p5#Wj*jf8zGv6tTotCR2X$EVOOup;GnRPRVU5A6N@Lh8?eA7k?
zn~hz&gY;B0ybSpF?qwQ|sv_yO=8}zeg2$0n3A8KpE@q26)?707pPw?H76lCpjp=5r
z6jjp|auXJDnW}uLb6d7rsxekbET9(=zdTqC8(F5@NNqII2+~yB;X5iJNQSiv`#ozm
zf&p!;>8xAlwoxUC3DQ#!31ylK%VrcwS<$WeCY4V63V!|221oj+5#r}fGFQ}|uwC0)
zNl8(<?LlMOX%-wA6l`L9X38|nR$3cyaFLKGwqh<}hN1^NTPIB&B-fiVD=GN;!mkEd
zrZ~-Q^oflbYHe0^3!eS?_zBa=rmG1eKCb2a_YwtCHY7C`6Zqyde5Pu%W%v`?3Cqbo
z_ALc6sQ8bL3pMNAO~7O!ZDdor!-;=sGnJW2-pk6m>CF}PD`&Sj+p{d!B&&JtC+VuH
z#>US`)YQrhb6lIAYb08H22y(?)&L8MIQsA{26X`R5Km{YU)s!x(&gIsjDvq63@X`{
z=7{SiH*_ZsPME#t2m|bS76Uz*z{cpp1m|s}HIX}Ntx#v7Eo!1%G9__4dGSGl`p+xi
zZ!VK#Qe;Re=9bqXuW+0DSP{<gq0>uZ5-QXrNn-7qW19K0qU}OhVru7}3vqsG?#D67
zb}crN;QwsH*vymw(maZr_o|w&@sQki(X+D)gc5Bt&@iXisFG;eH@5d43~Wxq|HO(@
zV-rip4n#PEkHCWCa5d?@cQp^B;I-PzOfag|t-cuvTapQ@MWLmh*41NH`<+A+JGyKX
zyYL6Ba7qqa5j@3lOk~`OMO7f0!@FaOeZxkbG@vX<vJA&<M7ielhajv3<pqIc#T=<d
z5!XC6$9Zzd5N1yB3YIkxmE=Or75JkK(;tk5NYO;e2%y0~7Iq4(@^zemjVu3gn;k2h
z3pr-l^^1t)oS{lBub=&q*v-{Yor+}q*C%$OBr{Bh7_`KeZS3d~+}U*z^Vr7FCWCm$
z2w4q^9o%PrY=y+J<kc!1(Z8gb`+${nNibOU!ujz<plR`4ar9x6#1eT(9c_$fmz0&-
zVXep$WkZ4Nbvm%w$hWlUAA$2zWy&wWmG)?7m%&}>P<wwEw`l*m2D-%gz@e8LdJ@aK
z$*6HmJp<0gZmI6BLQM`}YJ$<M(i0=A?gL%JBkoHytmi7#XD+OZgsP8pN?#gLW@5=&
z=aZtd@1TB*YUW6yi5jlC6iDRHzo7(PY8G+Vmn$*S(%8%F+cb5~gJ|$XOXpQ&GMrT?
z$!W2eBPo$vsitpW`1GTw?A#Wer%N>(t3#U*fq8=GAPqUAS>vW2uxMk{a(<0=IxB;#
zMW;M+owrHaZBp`3{e@7gJCHP!I(EeyGFF;pdFPdeP+KphrulPSVidmg#!@W`GpD&d
z9p6R`dpjaR2E1Eg)Ws{BVCBU9-aCgN57N~uLvQZH`@T+2eOBD%73rr&sV~m#2~IZx
zY_8f8O;XLu2~E3JDXnGhFvsyb^>*!D>5EtlKPe%kOLv6*@=Jpci`8h0z?+fbBUg_7
zu6DjqO=$SjAv{|Om5)nz41ZkS4E_|fk%NDY509VV5yNeo%O|sb>7C#wj8mL9cEOFh
z>nDz%?vb!h*!0dHdnxDA>97~EoT~!N40>+)G2CeYdOvJr5^VnkGz)et<vAmb+D7=`
zfLJG@2}biua8X0Z?(4lCZZqmGg2`>&T9hr<I;LKB@tJlwjj=}SR5fOy_EE<RK~9`Q
z&ornH<N`P)8cCNMiZogO?-t5{Y4I1mn5zZP_@1H0n**GvGdSsVGgripNsyzrmvp(@
z(hXN%f5OF=4MuABi}-rV`4T5@&beK7woSv{whQOT{h=ES|BVz1v-^;aXz3}3O3UGa
zX5_O}5~5Ai-yIkjBTFZ}ks%lK17gOZn61m7u>D(VAgCAJjQ7V$O?csICB*HFd<a3I
z#UL=^i3%GiXMKM!n8|H4kN`Q50rX8eUS6#OQiBGB8&c#$sB%or3TUuL7_Ekj=1aSK
zCXT#G3Ij^I<M9hQ52o7fa#d=2z*!D4G>^k@$M5*v$PZJD-OVL?Ze(U=XGqZPVG8JQ
z<~ukO%&%nNXYaaRibq#B1KfW4+XMliC*Tng2G(T1VvP;2K~;b$EAqthc${gjn_P!b
zs62UT(->A>!ot}cJXMZHuy)^qfqW~xO-In2);e>Ta{LD6VG2u&UT&a@>r-;4<)cJ9
zjpQThb4^CY)Ev0KR7TBuT#-v}W?Xzj{c7$S5_zJA57Qf=$4^npEjl9clH0=jWO8sX
z3Fuu0@S!WY>0XX7arjH`?)I<%2|8HfL!~#c+&!ZVmhbh`wbzy0Ux|Jpy9A{_7GGB0
zadZ48dW0oUwUAHl%|E-Q{gA{z6TXsvU#Hj09<7i)d}wa+Iya)S$CVwG{4LqtB>w%S
zKZx(QbV7J9pYt`W4+0~f{hoo5ZG<0O&&5L57oF%hc0xGJ@<Y95+$+g)SR2pZ*)dUD
z?$BX<*_7NXdw*vzVF}Lap6Q0EUy-YcegUmTNhJrU=$zitBEB@MZ_`dx0mMD?QR0F!
zEjhLuBZEDX>Zrg_D&lNO=-I^0y#3mxCSZFxN2-tN_mU@7<@PnWG?L5OSqkm8TR!`|
zRcTeWH~0z1JY^%!N<(TtxSP5^G9*Vw1wub`tC-F`=U)&sJVfvmh#Pi`*44kSdG};1
zJbHOmy4Ot|%_?@$N?RA9fF?|CywR8Sf(SCN_luM8>(u0NSEbKUy7C(Sk&OuWffj)f
za`+mo+kM_8OLuCUiA*CNE|?jra$M=$F3t+h-)?pXz&r^F!ck;r##`)i)t?AWq-9A9
zSY{m~TC1w>HdEaiR*%j)L);H{IULw)uxDO>#+WcBUe^HU)~L|9#0D<*Ld459xTyew
zbh5vCg$a>`RCVk)#~ByCv@Ce!nm<#EW|9j><#jQ8JfTmK#~jJ&o0Fs9jz0Ux<k+gm
zL|9F;P_7C~4u+%F&P?7Noh+NS+akvy!A8oEC2J-Yo9jyF5JYlZZ@q=-n6Ud7v2R51
znk*L+%&a0NLLwqVi!`(br(74WFXEStMQj%FSK(A_4oz+gvccGHF<dj>{svdM4__<1
zrb>H(qBO;v(pXPf5_?XDq!*3KW^4>(XTo=6O2MJdM^N4IIcYn1sZZpnmMAEdt}4SU
zPO54j2d|(xJtQ9EX-YrlXU1}6*h{zjn`in-N!Ls}IJsG@X&lfycsoCemt_Ym(PXhv
zc*QTnkNIV=Ia%tg%pwJtT^+`v8ng>;2~ps~wdqZSNI7+}-3r+#r6p`8*G;~bVFzg=
z!S3&y)#iNSUF6z;%o)%h!ORhE?CUs%g(k2a-d576uOP2@QwG-6LT*G!I$JQLpd`cz
z-2=Brr_+z96a0*aIhY2%0(Sz=|D`_v<DoOMX7~<nR!^8v^o_|!7Xd+!_b3H^wzXam
zrWq}Irc@k4f?o)Ad^|2*P0ca*-84nqV$ZOte`HRMl7IbM|D}Z51;Zp=yrCS+{_aF8
zI+=_21od8$<bi_uw-;*p?PAvGU%@L^7d|hM%tACW_?f1^AFP(BnPal1PqQMO2kPF!
z+rBhqk7N7MR{XD&!S6w=#l>_7h%Yqbw2)<Wxg|d&MBQT(8_>8@1DwH4s*A82krEk{
zoa`LbCdS)R?egRWNeHV8KJG0Ypy!#}kslun?67}^+J&02<Q<uxIOk<bvz%abzMQB{
zJ{ld`rU&h}79#G%bOVV!V#@GH<;w=Kb`|^ho3VPTdE8Mhw16yi3)yd1vo<gvoRwzK
zc7|+ghkj}y-+IF2A5;Yi_f(vhu0cxHK2AuFehG;3=V)Hw7dcD-O_e`-sy)Mg5MTY?
zuvGj3AJQ4}Sxm?&<y_emzbtR=X<v9lymKJ>!D??lN~t@<Q+s{amrrTZ_TnxyD(S+W
z0}DJ;jPr0$)o_s~)QGQ8iHe3SaAef#ftVwys3pLJ#T@I2QJqg_rl}Hl1R<q}`Y<bZ
zTC8?jXb037w+$=MO;~pp62YKOapf-w3zWn#i)omR<l!694X5n3|3L&-Jx8x4r{7oB
zYUj7i_I6Uq$l4FXr(al0yH;By>;h?GS8#WX`)6<H)cPdLh4L9%BQ1d)tl2l_(MqLg
zP8Vlu3TI3Bo?=R`b}pgUkBV>yC**~5YNhN_Hj}YG<%2ao^bpD8RpgV|V|GQwlL27B
zEuah|)%m1s8C6>FLY0DFe9Ob66fo&b8%iUN=y_Qj;t3WGlNqP9^d#75ftCPA*R4E8
z)SWKBKkEzTr4JqRMEs`)0;x8C35yRAV++n(Cm5++?WB@ya=l8pFL`N0ag`lWhrYo3
z<j3kcuZAyDq24RTu&b#ib_b!cQHSIKmz-fttSrCWok16}nI{l8r`Zc}Dw_C`>JJ$<
zQ*_YAqIGR*;`VzAEx1Pd4b3_oWtdcs7LU2#1#Ls>Ynvd8k^M{Ef?8`RxA3!Th<MX`
zGjpE&sT~Q!q{k(_v&8L^`DWC=%t2Y2dPkdROg^3w=3DY}5f^Dscs!EsmD8Gp@%f6B
ziaI4*56fGwD(ZezB~pFC!a1|O6Yyob`uvLAjR|UmQB((5T0Q`41&w4<SadZiWqaC$
zphkyuZ&=2Dvj-`mX1D~rL?t@XmJbt9eHhfD-7Z)9zL4O2A<;e{WI_EgLHjF-v;f;2
zK*88Y^d&y%5I9t6b5AG8R6t|(k#;gXy#5(`hn-c<IltcKNMX{F%%LP@CcuW7VtoDi
zLnF*!XZhBE{~Ae_#_fF>-?ui{_WJvhzY4FiPxA?E4+N<!D(PLv0#~dJ$_A-y?DgcH
zYVm@f{doxVdd92K-{BQF;_~zXz2$UL7y#Ddm%!DAIC;l-vBS%g1zl8$>FmaC-Uh*a
zeLKkkECqy>Qx&1xxEhh8SzMML=8VP}?b*sgT9ypBLF)Zh#w&JzP>ymrM?nnvt!@$2
zh>N$Q>mbPAC2kNd&ab;FkBJ}39s*TYY0=@e?N7GX>wqaM>P=Y12lciUmve_jMF0lY
zBfI3U2{33vWo(DiSOc}!5##TDr|dgX1Uojq9!vW3$m#zM_83EGsP6&O`@v-PDdO3P
z>#!BEbqpOXd5s?QNnN!p+92SHy{sdpePXHL{d@c6UilT<#~I!tH$S(~o}c#(j<2%!
zQvm}MvAj-95Ekx3D4+|e%!?lO(F+DFw9bxb-}rsWQl)b44###eUg4N?N-P(sFH2hF
z`{zu?LmAxn2=2wCE8?;%ZDi#Y;Fzp+RnY8fWlzVz_*PDO6?Je&aEmuS>=uCXgdP6r
zoc_JB^TA~rU5*geh{G*gl%_HnISMS~^@{@KVC;(aL^ZA-De+1zwUSXgT>OY)W?d6~
z72znET0m`53q%AVUcGraYxIcAB?OZA8AT!uK8jU+=t;WneL~|IeQ>$*dWa#x%rB(+
z5?xEkZ&b{HsZ4Ju9TQ|)c_SIp`7r2qMJgaglfSBHhl)QO1a<VzKC^7j-g7z2Ad#{M
zvsgN~w60ZT{vl|Qd`NIm@OG$v;5-4JA~1~#)QySKY!9+bBDpd?4s7wP)GoMxA;<-K
zZ`2B#iCtg}xLy$u(m9_3^8$IS6jA;wh_x@G=2!e<Z(qLrSV7l3wt{^=(CzOu`rc`K
zLGCD<2e^JpC7H_s`bGxpUJC!1V+O1bT-lN@!5Uxu;TOp0CwcC$&$Mm9FOX8dpcN!?
zjaGPM1l0Q<WZ4s|!s>NtkGr0LUn{@mvAt=}nd7#>7ru}&I)FNsa*x?Oe3-4G`HcaR
zJ}c%iKlwh`x)yX1vBB<Fb|>;-Nr=7>$~(u=AuPX2#&Eh~IeFw%afU+U)td0KC!pHd
zyn+<y@H~@-|HAj3b<;(_C}QIT9{CiS8AVL~sK+;Y2c>X$L|(H3uNit-bpn<BTXt;L
zTy?!IgGx)I+O^{DaLfke%wDfNbFEh<rGXHiJEHvKj5UceUn@iAj+5VfhGAN(0PC?^
zShE02b=ul$#@&hzkw{zQtMs&HfM)nMR@&BO#*ya0FrO0gPxZcK{uz@rU3E%|u{|Q3
z`m%4+ARM{SDsey%J~Hd8{5m!c9>7%G%{&LsAaEfEsD?yM<;U2}WtD4KuVKuX=ec9X
zIe*ibp1?$gPL7<0uj*vmj2lWKe`U(f9E{KVbr&q*RsO;O>K{i-7W)8KG5~~uS++56
zm@XGrX@x+lGEjDQJp~XCkEyJG5Y57omJhGN{^2z5lj-()PVR&wWnDk2M?n_TYR(gM
zw4kQ|+i}3z6YZq8gVU<?mGHS7@zD<Oub^@JO}~F^I9>N}KiYre^sL{ynS}o{z$s&I
z{(rWaLXxcQ=MB(Cz7W$??Tn*$1y(7XX)tv;I-{7F$fPB%6YC7>-Dk#=Y8o1=&|>t5
z<nzVM_h9+`3CBHtDPhO5NiQrMIZc1L)1O@N^ZNl?<Y9}$wHUPqZZN4R#1w|Mv$_|x
z(M~mksP@GM>V_VVts>Eb@)&4%m}!K*WfLoLl|3FW)V~E1Z!yu`Sn+bAP5<C$JuzuB
zw%$B<9Etb-V%#IZCJi+jadT01_t-%@g$zRs>sRDyu7NEbLt?khAyz-ZyL-}MYb&nQ
zU16f@q7E1rh!)d%f^tTHE3cVoa%Xs%rKFc|temN1sa)aSlT*)*4k?Z>b3NP(IRXfq
zlB^#G6BDA1%t9^Nw1BD>lBV(0XW5c?l%vyB3)q*;Z5V~SU;HkN;1kA3Nx!$!9wti=
zB8>n`gt;VlBt%5xmDxjfl0>`K$fTU-C6_Z;!A_liu0@Os5reMLNk;jrlVF^FbLETI
zW+Z_5m|ozNBn7AaQ<&7zk}(jmEdCsPgmo%^GXo>YYt82n&7I-uQ%A;k{nS~VYGDTn
zlr3}HbWQG6xu8+bFu^9%%^PYCbkLf=*J|hr>Sw+#l(Y#ZGKDufa#f-f0k-{-XOb4i
zwVG1Oa0L2+&(u$S7TvedS<1m45*>a~5tuOZ;3x%!f``{=2QQlJk|b4>NpD4&L+xI+
z+}S(m3}|8|Vv(KYAGyZK5x*sgwOOJklN0jsq|BomM>OuRDVFf_?cMq%B*iQ*&|vS9
zVH7Kh)SjrCBv+FYAE=$0V&NIW=xP>d-s7@wM*sdfjVx6-Y@=~>rz%2L*rKp|*WXIz
z*vR^4tV&7MQpS9%{9b*>E9d_ls|toL7J|;srnW{l-}1gP_Qr-bBHt=}PL@WlE|&KH
zCUmDLZb%J$ZzN<D#Z=#5T)Bf2TA_muafrra2vX5d1$NtR6x+o}u9Zak6&oP?T!X$-
zIl5^NRuFYhPG)4VIGa6PeEdZh0G`k+V$2B$!nQTjo$SysaImgV(HW;0aA@nZ_axf?
zBM@p-s!k(06u+I4AoGZo>ii-5VeygOM?K8e$EcK=z-hIk63o4y63^_*RdaitO<V5B
za6+bDKg4KeMXpt9Qk*l&X>^THC{boKstphXZ2Z+&3ToeLQUG(0<j4{Nr{ry0FMWlF
zSGML4orU++CDT_v%%0nPebR1N6tB%g4p?Zdt|)+g?<UvIJR%MfMFe%=E81<>Frs?b
zCxB+65h7R$+LsbmL51Kc)pz_`YpGEzFEclzb=?FJ=>rJwgcp0QH-UuKRS1*yCHsO)
z-8t?Zw|6t($Eh&4K+u$I7HqVJBOOFCRcmMMH};RX_b?;rnk`rz@vxT_&|6V@q0~Uk
z9ax|!pA@Lwn8h7syrEtDl<WQqu`!%qrH)QqDdkQl)y?<^ZL9If#e?HpaWMe_2#DhU
z#}WT~UZ{5Bhr5K%XDp55$*Whe3eE1OkS$;$*_;U^o0Xot${f*KuWP>uZ6G!;@=GL>
zse#PRQrdDs=qa_v@<d3zJqn`;t)*z9<x>{Wv(3YjYD0|qocDC;-F~&{oaTP?@pi$n
z1L6SlmFU2~%)<yH+pnsVBtdhda43jrc>M^$@C(^cD!y)-2SeHo3t?u3JiN7UBa7E2
z;<+_A$V084@>&u)*C<4h7jw9joHuSpVsy8GZVT;(>lZ(RAr!;)bwM~o__Gm~exd`K
zKEgh2)w?ReH&syI`~;Uo4`x4$&X+dYKI{e`dS~b<eXyFbn{XKM`5J)C0L#f}e2}7~
z)nKDM!PRVb3~~@%Q+cQ&`I~MD#o@WX|K)!2e*JduzJGnF?fiayZ(hjkG0=Z>QuS|p
zA`P_{Q<DUc*G-jw4YhEKjcAK{a$+IO@h|;!Zx=7Ca^H#$3!0F`cAN4;(ZWd_f@rfM
zf;lM~!C(qj-G&)xi@2B?C@2|haHX@1ITzPu>LV3r$*~lb=9vR^H0AxK9_+dmHX}Y}
z<Mg3qa~jtH6?S$N7Pi{ev!k&}X3I>IV*#65%jRWem5Z($ji{!6ug$En4O*=^CiG=K
zp4S?+xE|6!cn$A%XutqNEgUqYY3fw&N(Z6=@W6*bxdp~i_yz5VcgSj=lf-6X1Nz75
z^DabwZ4*70$$8NsEy@U^W67tcy7^lNb<HNa;<A#a0;@HUP(E_$DV`ED`{MeJFNzNX
zyNSb7n+{%T0V2XT_k20~!zFnBAH)-Ef*2UK<bHrko9B>u;|kOLcJ40A%J#pZe0d#n
zC{)}+p+?8*ftUlxJE*!%$`h~|KZSaCb=jpK3byAcuHk7wk@?YxkT1!|r({P*KY^`u
z!hw#`5$JJZGt@nkBK_nwWA31_Q9UGvv9r-{NU<&7HHMQsq=sn@O?e~fwl20tnSBG*
zO%4?Ew6`aX=I5lqmy&OkmtU}b<pd?ip22G=uBEYij80TLN&YOpF?bC>H-+zvJ_CFy
z_nw#!8Rap5Wcex#5}Ldtqhr_Z$}@jPuYljTosS1+WG+TxZ>dGeT)?ZP3#3>sf#KOG
z0)s%{cEHBkS)019<O(Z?D$|I#4#d_d_ldFn9Qa+RHx|wEXzP>}-1A2kd*it>y65-C
zh7J9zogM74?PU)0c0YavY7g~%j%yiWEGDb+;Ew5g5Gq@MpVFFBNOpu0x)>Yn>G6uo
zKE%z1EhkG_N5$a<pLUdQd9Fv?Q#!(kSQhMqfih^ei*+r-a{ZsIlr=w+nG%<Zir-Hz
zA0JBlW@flNKk%$irvUzHogE?<ll#XEya-Q?ygeNYJ6j}DmXS_l3gPV*)ar|-%BT)S
z4^#FcGTU7gn_mlUoi&M$J@K9eK2Bdi7aOnroBW-ZnBg%_U$9)b;6oIx2IseA9T+sv
z%R;}STNVf>8f6SRm(25iH#FMeaJ1^TBcBy<04ID47(1(D)q}g=_6#^V@yI?Y&@HUf
z`;ojGDdsvRCoTmasXndENqfWkOw=#cV-9*Q<VCM(zaeSnb4*k5ZTq{y{R!fP2PP~~
z#ocTCysmLg^j&0;L|7nbQoxy+JN3;3&kVZ330~1zikqdHgM%aWC-q1tTT|}$l$oCd
zQvT6PS~S*<0y>ClpI03)FWcx(m5(P1DW+2-{Hr-`5M{v##Zu-i-9Cvt;V|n)1pR^y
ztp3IXzHjYWqabuPqnCY9^^;adc!a%Z35VN~TzwAxq{NU&Kp35m?fw_^<uSo(A?{k?
znbg>D{wzB}4FVXX5Zk@#={6jRh%wx|!eu@Xp;%x+{2;}!&J4X*_SvtkqE#KDIPPn@
z5BE$3uRlb>N<2A$g_cuRQM1T<!a^u8Xz^h<N#gmUt8_xxC^g_r`N0T-H`{x4$Fk6Y
z26%nmS7U+?DP<V>#5ra9u2x9pQuqF1l2#N{Q!jVJ<>HlLeVW|fN|#vqSn<pDm;gF#
zylmOTrj8b-MjRrg0XDo7KD{Bnlymmj8Zj{{^^wcgQE}=M#eVDHE8du-W3m=+>Rr<0
zTVs=)7d`=EsJXkZLJgv~9JB&ay16xDG6v(J2eZy;U%a@EbAB-=C?PpA9@}?_Yfb&)
zBpsih5m1U9Px<+2$TBJ@7s9HW>W){i&XKLZ_{1Wzh-o!l5_S+f$j^RNYo85}uVhN#
zq}_mN-d=n{>fZD2Lx$Twd2)}X2ceasu91}<ZaWW{@M=mTK>n&BS+4U9=Y{aZCgV5#
z?z_Hq-knIbgIpnkGzJz-NW*=p?3l(}y3(aPCW=A({g9CpjJfYuZ%#Tz81Y)al?!S~
z9AS5#&nzm*NF?2tCR#|D-EjBWifFR=da6hW^PHTl&km-WI9*F4o>5J{LBSieVk`KO
z2(^9R(zC$@g|i3}`mK-qFZ33PD34jd_qOAFj29687wCUy>;(Hwo%Me&c=~)V$ua)V
zsaM(aThQ3{TiM~;gTckp)LFvN?%TlO-;$y+YX4i`SU0hbm<})t0zZ!t1=wY&j#N>q
zONEHIB^RW6D5N*cq6^+?T}$3m|L{Fe+L!rxJ=KRjlJS~|z-&CC{#CU8`}2|lo~)<|
zk?Wi1;Cr;`?02-C_3^gD{|R<Y(hZx3stAq>yhw!8i?yx5i0v<rV+>5?p)9wZxSkwn
z3C;pz25KR&7{|rc4H)V~y8%+6lX&KN&=^$Wqu+}}n{Y~K4XpI-#O?L=(2qncYNePX
zTsB6_3`7q&e0K67=Kg7G=j#?r!j0S^w7;0?CJbB3_C4_8X*Q%F1%cmB{g%XE&|IA7
z(#?AeG{l)s_orNJp!$Q~qGrj*YnuKlV`nVdg4vkTNS~w$4d^Oc3(dxi(W5jq0e>x}
z<H43&U$@div|rbvDBRe6R$HFqIJAjE9hq%N%9L!GLWw1FEuE)zU{;}8`R?Y#wBqj3
zO1MTO!b+Rq_TNLtY>(GN1?u2%Sy;GA|B%Sk)ukr#v*UJU%(BE9X54!&KL9A^&rR%v
zIdYt0&D59ggM}CKWy<L@eudu7gPlf&1Jo$iD(Kka*IF8ue_nRsix(9}FH}z&>xGS@
z>T#})2Bk8sZMGJYFJtc>D#k0+Rrrs)2DG;(u(DB_v-sVg=<wfp1+=C#pn3%q#ZtQX
zD1=sc0GEPiJ}zf0)>GFMlSCx<&RL;BH}d6AG3VqP!JpC0Gv6f8d|+7YRC@g|=N=C2
zo>^0CE0*RW?W))S(N)}NKA)aSwsR{1*rs$(cZIs?nF9)G*bSr%%SZo^YQ|TSz={jX
z4Z+(~v_>RH0(|IZ-_D<c%xSf6;b@*khDx7hhK^c`_h5a>_h@~p_i%k^XEi+CJVC~B
zsPir<ubE`+28G6(*`wUO8K@4An-4YU3YVz}e1E{HueFVnk`ls7#`gZ^TlvhQLhcq>
zA0Jm2yIdo4`&I`hd%$Bv=Rq#-#bh{Mxb_{PN%trcf(#J3S1UKDfC1QjH2E;>wUf5=
ze8tY9QSYx0J;$JUR-0ar6fuiQTCQP#P|WEq;Ez|*@d?JHu-(?*tTpGHC+=Q%H>&I>
z*jC7%nJIy+HeoURWN%3X47UUusY2h7nckRxh8-)J61Zvn@j-uPA@99|y48pO)0XcW
zX^d&kW^p7xsvdX?2QZ8cEUbMZ7`&n{%Bo*xgFr4&fd#tHOEboQos~xm8q&W;fqrj}
z%KYnnE%R`=`+?lu-O+J9r@+$%YnqYq!SVs>xp;%Q8p^$wA~oynhnvIFp^)Z2CvcyC
zIN-_3EUHW}1^VQ0;Oj>q?mkPx$Wj-i7QoXgQ!HyRh<ktNSk=ZCcXXN8!+J8h{~XS6
zT=<Bp^&0qN#WipnKl|Rm@@-CTN7rLioC8AhnP|G*7-;}YkgtW5gFmh?d1QA48gE#V
zwavzj>6G<ji;QTn%&v3NF}(p<36+>j8p~gH22k&nmEqUR^)9qni{%uNeV{&0-H60C
zibHZtbV=8=aX!xF<rD22qR+?h8zFIglsMM+UFM823u*9)GfrLdQ{p!OTt9dn{K<Rl
z3rQA6jF72Gy$?$j{71+H40tV{|5sw*YiwAVvcnCb46i}S%2ukrQK+MO$NN91Uln}i
zh;`qcCjWOk^8a8k{(Dte*xt^}(%jX_@IPD3m?Yb8ePyH(^ZfhueJSZ&Fdq<fOT^tG
z7#I?02~`<%VQ`e4ctG}FiMGU!N(x^ZSu%?5YtZNXXcl+aWYes43YG?zyWEe9%ZHgA
z{T|>vkO}T@lJ_4&ki$d+0ns3FXb+iP-VAVN`B7f-hO)jyh#4#_$XG%Txk6M<+q6D~
zi*UcgRBOoP$7P6RmaPZ2%MG}CMfs=>*~(b97V4+2qdwvwA@>U3QQAA$hiN9zi%Mq{
z*#fH57zUmi)GEefh7@<KLA^%Ax?eS1H6Jz3n{{1?opUfxc2{@H2v2xgQ6_YpE<O-{
zwKlA^Wa9`MZO)=b<mGH;)??nIn%~AO-FW5b!n5qw`(BHa%%x0U&Mo!raOia}iI=lk
zX}GmMZ8rZ}kH1tL3Y}QhTDiEW-$qmMkUY5QK8No#6cwKCuQ?z4K9N+242X)-onFMY
z*!Q>`Uy7?@@=BL7<w31rMSsgn9#*|}|BRkF+Fj~d*V3(3eQG{is_t6Jvaf_NF-Y%A
z7i!;q1-5U(Dw<}#PkDhbF<kZM%>c<DmcWfKq*nfVQ6(A~BDG<UJ^uirxUNm?|5C?$
zwIC7u8I18-b<MSV*N-Wb3nF$T&J$RvJIQj-F_qgpY4b%rIBD~a*2pLq?0D-<MJTEr
z4BY4$ZdkM*4`&v|7|Jh@=YXUWhI@=H)-p(e;Z*^j&M)xg_JfWd40A8Q`NkFta}WLe
zve3@?7404tjc-ye?@*32AImiY8f~s?b{KWl5uJ=8NQOr6vY!uKLI#4maQGZp2vHbU
zo<@)r+e8f7NguvojL5mH{2piwCZ3vnG!Krs7L2-F5W+NGbdl}>Xbd{O9)*lJh*v!@
z-6}p9u0AreiGauxn7JBEa-2w&d=!*TLJ49`U@D7%2ppIh)ynMaAE2Q4dl@47cNu{9
z&3vT#pG$#%hrXzXsj=&Ss*0;W`Jo<RfBgcy9PDc_L)gF}5Bta4z=1*07Okf5Eeki<
zgcDbDNt?e3EK`@F{z1!}n|CRqwatvbbeYXa$FRZS$VXjwx$1f|KUjG5+~z4t;-vZz
zyz=_>^mcy4*L8b^sSi;H{*`zW9xX2HAtQ*sO|x$c6UbRA(7*9=;D~(%wfo(Z6#s$S
zuFk`dr%DfVX5KC|Af8@AIr8@OAVj=6iX!~8D_P>p7>s!Hj+X0_t}Y*T4L5V->A@Zx
zcm1wN;TNq=h`5W&>z5cNA99U1lY6+!!u$ib|41VMcJk8`+<hOmY7f)%fn4t=S8#3J
z>kP{PEOUvc@2@fW(bh5pp6>C3T55@XlpsAd#vn~__3H;Dz2w=t9v&{v*)1m4)vX;4
zX4YAjM66?Z7kD@XX{e`f1t_ZvYyi*puSNhVPq%jeyBteaOH<WPi3v0p=onKV{I^71
zf?y{jqn$s3h>o7vOr8!qqp7wV;)%jtD5>}-a?xavZ;<UY$b88#oaE*iTwC?<d<=%=
zg<gH^%oh=RT;)A^gRZ@!@t?4GasxI;e2$AnljrG7^oGK5mN6}H+FIO&ExGlLcw5%|
z=aV^sr3RMGhGr*9Tj`bw+52AO+x8l)najz+)pJhQ8^mro%gW&GVg><nEV7w^bEbMP
zeM2Xe7KkRrWwuS@lEz8mDQ1r=g8Ho*om=XYT@VTyxSZU^ro{+7z|nT)nz0GIcWv+k
zy4Gul-2gE(if-i-ndr(%@-JsTq&iACC!dL&j8<0j6RxTGCtOddsyUD#IL**t(K+~7
z|0=r{M0gixfm^dasT3jA0xD7PTjs-25$TnAka@g%W*1^(tCL_#fRI=!islMMlw17V
z)|yVATde!Ub7*v$NvF&u;figoR}pSbGPs@)@9URIL=`Mz{P&)TxIH~Re~}%1v&?YX
zvSB9sN$FoNwr1%Dn=KSa7>i|2P3<Gnpkzio3250CR4T)<GQ>~7c)vP2O#Fb`Y&Kce
zQNr7%fr4#S)OOV-1piOf7NgQvR<X5R=PS8{`PX!{(amEWo-3%6a0Zppc|tmc{L*r&
zSP7_KCKA}{)U{N<WhXA#Zas|vYn5c87(7j_MFk}6^-$1LUmb3vF!sNt!qu*MHrU-e
zelK3C!0ly`t=G0^JOT(pReW%F@`rWnJ@ew5VkEmXtWdOcb4bXqN3p0;HG9~5ek8J6
zX0cs_`({>{lcvZ*SNbLMq(olrdDC6su;ubp5un!&oT=jVTC3uTw7|r;@&y*s)a<{J
zkzG(PApmMCpMmuh6GkM_`AsBE@t~)EDcq1AJ~N@7bqyW_i!mtHGnVgBA`Dxi^P93i
z5R;}AQ60wy=Q2GUnSwz+W6C^}qn`S-lY7=J(3#BlOK%pCl=|RVWhC|I<E|<9C^<&k
zez1XlLG-BJ@aTOIh?grCPh?tzqEis&hWsSe+>Dj1E#+|M{TV0vE;vMZLy7KpD1$Yk
zi0!9%qy8>CyrcRK`juQ)I};r)5|_<<9x)32b3DT1M`>v^ld!yabX6@ihf`3ZVTgME
zfy(l-ocFuZ(L&OM4=1N#Mrrm_<>1DZpoWTO70U8+x4r3BpqH6z@(4~sqv!A9_L}@7
z7o~;|?~s-b?ud&Wx6==9{4uTcS|0-p@d<s-!-`6eP|mxu$inV|(_7!k6r}7zjyvws
z30jY+CV`@NfF#Tox6uKfqtteXBNalcv?KfPjg}pwq7Y0gXo`%?*%$EinQv5{$HcZ2
z6oVgIYRBP0^sy)@i@IIF5N^GsENCc&(Cpp9i99hyaR(9f5UPZkVq?+c%sk0P2Du0D
z!$xF%^JJw@mi^gPtj9d{ete_99b+dh5=QuU<|pxFp`TEbMX%nbc*n|Y4NR6r&rE~9
z*c-x(FZcxy-<xXV&ea;nLia?2eiUPiwN_Z0aa4vE=hU5~8=_Z4L!4VqSw8wKBc!DV
zg6hC;hX*<kXDEc30yB);M*p+YIYXT=u$T&GXnUmDCM+tDSYeFD<yAPL8KW0GtFQs7
zKjf3RHL>Ki0y#tPm2`A!^o3fZ8Uidxq|uz2vxf;wr<n<8ol2;(_XgZT#cwA<{&FS8
z4H^Qyu+ScJrgX7QdSaXyJ<;u)md*t7!`ih5lIJLjW{Uhl#YWhA!wYb!GX;haG1F@>
zM^%#9)h^R&T;}cxVI(XX7kKPEVb);AQO?cFT-ub=%lZPwxefymBk+!H!W(o(>I{jW
z$h;xuNUr#^0ivvSB-YEbUqe$GLSGrU$B3q28&oA55l)ChKOrwi<YbI635M+2d(w~|
z|L|T8!J>TyI~e*uN;^V@g-Dm4d|MK!ol8hoaSB%iOQ#i_@`EYK_9ZEjFZ8Ho7P^er
z^2U6ZNQ{*hcEm?R-lK)pD_r(e=Jfe?5VkJ$2~Oq^7YjE^5(6a6Il--j@6dBHx2Ulq
z!%hz{d-S~i9Eo~WvQYDt7O7*G9CP#nrKE#DtIEbe_uxptcCSmYZMqT2F}7Kw0AWWC
zPjwo0IYZ6klc(h9uL|NY$;{SGm4R8Bt^^q{e#foMxfCSY^-c&IVPl|A_ru!ebwR#7
z3<4+nZL(mEsU}O9e`^XB4^*m)73hd04HH%6ok^!;4|JAENnEr~%s6W~8KWD)3MD*+
zRc46yo<}8|!|yW-+KulE86aB_T4pDgL$XyiRW(OOcnP4|2;v!m2fB7Hw-IkY#wYfF
zP4w;k-RInWr4fbz=X$J;z2E8pvAuy9kLJUSl8_USi;rW`kZGF?*Ur%%(t$^{Rg!=v
zg;h3@!Q$eTa7S0#APEDHL<mR8`O&Qd`q;XL6FF22gl<y|&n1r$8i^uI6;3}cL8)5=
z8mw|b)bvWc_KRpcdazQtu>vK%RCn^o0u!xC1Y0Jg!Baht*a4mmKHy~88md{YmN#x)
zBOAp_i-z2h#V~*oO-9k(BizR^l#Vm%uSa^~3337d;f=AhVp?heJ)nlZGm`}D(U^2w
z#vC}o1g1h?RAV^90N|Jd@M00PoNUPyA?@HeX0P7`TKSA=*4s@R;Ulo4Ih{W^CD{c8
ze(ipN{CAXP(KHJ7UvpOc@9SUAS^wKo3h-}BDZu}-qjdNlVtp^Z{|CxKOEo?tB}-4;
zEXyDzGbXttJ3V$lLo-D?HYwZm7vvwdRo}P#KVF>F|M&eJ44n*ZO~0)#0e0Vy&j00I
z{%IrnUvKp70P?>~J^$^0Wo%>le>re2ZSvRfes@dC-*e=DD1-j%<$^~4^4>Id5w^Fr
z{RWL>EbUCcyC%1980kOYqZAcgdz5cS8c^7%vvrc@CSPIx<Txc7`4S|Qc?(wJYUKIB
z5kt)tTZ1$>;X=RuodO2dxk17|am?HJ@d~Mp_l8H?T;5l0&WGFoTKM{eP!L-a0O8?w
zgBPhY78tqf^+xv4#OK2I#0L-cSbEUWH2z+sDur85*!hjEhFfD!i0Eyr-RRLFEm5(n
z-RV6Zf_qMxN5S6#8fr9vDL01PxzHr7wgOn%0Htmvk9*gP^Um=<AAOp(CAL*GTy33v
zX!^>n^+7GLs#GmU&a#U^4jr)BkIubQO7oUG!4CneO2Ixa`e~+Jp9m{l6apL8SOqA^
zvrfEUPwnHQ8;yBt!&(hAwASmL?Axitiqvx%KZRRP?tj2521wyxN3ZD9buj4e;2y6U
zw=TKh$4%tt(eh|y#*{flUJ5t4VyP*@3af`hyY^YU3LCE3Z|22iRK7M7E;1SZVHbXF
zKVw!L?2bS|kl7rN4(*4h2qxyLjWG0vR@`M~QFPsf^KParmCX;Gh4OX6Uy9#4e_%oK
zv1DRnfvd$pu(kUoV(MmAc09ckDiu<gn&}G=_6q@%fcoGeF)8P2%xtVoGBq)NfvqDv
z5OEA!ZUs@+$X~*PG(eZEcV{4`u8-z!5%UDz;;6@2o6-;W=@hu<)W;K?z=S0od=v}!
z%T?1Lh8>qS$a%!AQ1Z>@DM#}-yAP$l`oV`BDYpkqpk(I|+qk!yoo$TwWr6dRzLy(c
zi+qbVlYGz0XUq@;Fm3r~_p%by)S&SVWS+wS0rC9bk^3K^_@6N5|2rtF)wI>WJ=;Fz
zn8$h<|Dr%k<fGRu1{V!VOE*a>N|nciMwJAv;_%3XG9sDnO@i&pKVNEfziH_gxKy{l
zo`2m4rnUT(qenuq9B0<#Iy(RPxP8R)=5~9wBku=%&EBoZ82x1GlV<>R=hIqf0PK!V
zw?{z9e^B`bGyg2nH!^x}06oE%J_JLk)^QyHLipoCs2MWIqc>vaxsJj(=gg1ZSa=u{
zt}od#V;e7sA4S(V9^<^TZ#InyVBFT(V#$fvI7Q+pgsr_2X`N~8)IOZtX}e(Bn(;eF
zsNj#qOF_bHl$nw5!ULY{lNx@93Fj}%R@lewUuJ*X*1$K`DNA<AupwZ?bdMd14>FpE
z7_lPE+!}uZ6c?+6NY1!QREg#iFy=Z!OEW}CXBd~wW|r_9%zkUPR0A3m+@Nk%4p>)F
zXVut7$aOZ6`w}%+WV$te6<w?=noFuDBs5m3>-IX7g2yms@aLygaTlIv3=Jl#Nr}nN
zp|vH-3L03#%-1-!mY`1z?+K1E>8K09G~JcxfS)%DZbteGQnQhaCGE2Y<{ut#(k-DL
zh&5PLpi9x3$HM82dS!M?<MhWyhk+U12yj&7nerConN0;2dy<sxbT{Jih@kLMe!k&@
zqGZx$@q}KI7gp1SzWbr8cO**Xz%qzenOxKt;y%d`G;5fH^A6aSd!UoTeUx5Qc);(|
zP%zT(OQYKpQSQ^C#|h#j`Iw`&NAvFF1KF2T8EA)=e_Q3!M6N0u_LX#YR~H1=V(0Y-
zRQ3yJAigD&%ciL!53v?+ws|3My^wFph`Rc?WMXBSw=g*hxo%S@Kfz5{lQ9iEN4>(Z
zEsqW?dx-K_GMQu5K54pYJD=5+Rn&@bGjB?3$xgYl-|`FElp}?zP&RAd<522c$Rv6}
zcM%rYClU%JB#GuS>FNb{P2q*oHy}UcQ-pZ2UlT~zXt5*k-ZalE(`p7<`0n7i(r2k{
zb84&^LA7+aW<I?zm-paWE?w58xOABQS~Q6(lq=onZrGLJ>1Gx5!wK!<XU1ai#9=^5
z$;+@p4LHf|^(_iPEM$cMXNhLIZbt`c4W95PyXhu6j9BL#Gf(uySGN+ACc7wov7)<%
z>xTbw0slM?6-i32CaOcLC2B>ZRI16d{&-$QBEu1fKF0dVU>GTP05x2>Tmdy`75Qx!
z^IG;HB9V1-D5&&)zjJ&~G}VU1-x7EUlT3QgNT<&eIDU<fVd)sK%jMHjgiO7tEx2Pt
zg!fDU>PYey$M|RD6%mVkoDe|;2`8Z+_{0&scCq>Mh3hj|E*|W3;y@{$qhu77<sig;
z6!9+DJ}91#MCTo11^V0V<UVG>D)QJ`<Zj~-r)6A`aT~3BdKd7DdO|AgdgVOry0?j>
znD9C1AHCKSAHQqdWBiP`-cAjq7`V%~JFES1=i-s5h6xVT<50kiAH_dn0KQB4t*=ua
zz}<XOsVTeLoPP8P{@-hYpViZz;@`X$>F@mcKjhB;^7ka@WbSJFZRPeYI&JFkpJ-!B
z!ju#!6IzJ;D@$Qhvz9IGY5!%TD&(db3<*sCpZ?U#1<Q0XGnBE(vf95DfBGS>^9RWQ
zs*O-)j!E85SMKtoZzE^8{w%E0R0b2lwwSJ%@E}Lou)iLmPQyO=eirG8h#o&E4~eew
z;h><=|4m0$`ANTOixHQOGpksXlF0yy17E&JksB4_(vKR5s$Ve+i;gco2}^RRJI+~R
zWJ82WGigLIUwP!uSELh3AAs9HmY-kz=_EL-w|9}noKE#(a;QBp<Zl*1v6QBUl>Ex9
z4BT-zY=6dJT>72Hkz=9J1E=}*MC;zzzUWb@<JR_200$2Y=_#O0s4m~sg9T5yE4dC9
zaL?aQwA`sx>x(Ho8cU_aRZ?fxse5_Ru2YOv<Jqo-<_8a#%{(K@2fqD}E(_fu_><!p
zjP3|5r8MkSL$VvXZ(#rZR2p{nUa`MV#r*qJ{#8l+7X#3LRW$$QRQ^%P#3;&2f76S8
zE-Vi()>cr?kg&pt@v;{ai7G--k$LQtoYj+Wjk+nnZty;XzANsrhoH#7=xVqfPIW(p
zX5{YF+5<gty3e{gNI4|R09x6DeHpUr!S9qyg1?Mf&GwTa$<JMR|3*M}(uf@M(xZM_
znv@(OOheg`g&0w+WIL!+@=_Tl%qc|}U=2F{S(Em-49URgp0!DI;+HJ`8otk#7hAI#
zUL;GlI-0I=k6(Xocf%o6LbKIZ4JVh%&j-EAnZ+IasJN+flTu7Q3+5kNJk?J=5IZAx
z_}O8EOy9y|-;L7#1%Tq%h(OdjV5yljQ?>=k4_LBnhLUZxX*O?29olfPS?u*ybhM_y
z*XHUqM6OLB#lyTB`v<<RYzDIg@~sYF{(n<_{_*|F|CdnDQPXxuRmIv$D#>BZ&<k(0
z%-1;}u@u5>YRs$N)S@5Kn_b3;gjz6>fh@^j%y2-ya({>Hd@kv{CZZ2e)tva7gxLLp
z`HoGW);eRtov~Ro5te<I<J{fQv+*f+_~hsN3En&LOc8C%NxAQX1)OayN|>tU2y72~
zQh>D`@dt@s^csdfN-*U&o*)i3c4oBufCa<WIE<yJgcp>0e|BwT2y%Y~=U7A^ny}tx
zHwA>Wm|!SCko~UN?hporyQHRUWl3djIc722EKbTIXQ6>>iC!x+cq^sUxVSj~u)dsY
zW8QgfZlE*2Os%=K;_vy3wx{0u!2%A)qEG-$R^`($%AOfnA^LpkB_}Dd7AymC)zSQr
z>C&N8V57)aeX8ap!|7vWaK6=-3~ko9meugAlBKYGOjc#36+KJwQKRNa_`W@7;a>ot
zdR<FQXd?aB!o>iJkz?+Q<Tq=~R2cU{KOPB>gC$b}-Owzuaw3zBVLEugOp6UeMH<uE
zy<x~@0D7I4o2Bz?O-}W2qydoMF%PtGhEslI9dz0_wPy8t+L-BHGfp+$N>AKo2$m4w
zpw?i%Lft^UtuLI}wd4(-9Z^*lVoa}11~+0|Hs6zAgJ01`dEA&^>Ai=mr0nC%eBd_B
zzgv2G_~1c1wr*q@QqVW*Wi1zn=}KCtSwLj<qxLWJf>wT>ndXE_Xa22HHL_xCDhkM(
zhbw+j4uZM|r&3h=Z#YrxGo}GX`)AZyv@7#7+nd-D?BZV>thtc|3jt30j$9{aIw9)v
zDY)*fsSLPQTNa&>UL^RWH(vpNXT7HBv@9=*=(Q?3#H<zaXjbEJ$$qZ&TQ=1R(ZVzv
zhec<>*crA2>KYx7Ab?-(HU~a275)MBp~`P)hhzSsbj|d`aBe(L*(;zif{iFJu**ZR
zkL-tPyh!#*r-JVQJq>5b0?cCy!uS<A;*Wvgz?qwn*0<uo+Uur3p8or3^Ww7po3+2R
zTA81s);rM;vXn693+#X}M%Xi8?pN3nIW@4OnOr_%;v(<JEp!<TNP}`yW-qZ0$;!TL
z7S%_cG4eS%^rli%Heq4i8!cVI-GFx6xmHc#X3ce@6>Kef+R=$s3iA7*k*_l&*e!$F
zYwGI;=S^0)b`mP8&Ry@{R(dPfykD&?H)na^ihVS7KXkxb36TbGm%X1!QSmbV9^#>A
z-%X>wljnTMU0#d;tpw?O1W<r+<x28~CVK?-zKmFSg&XXNv+|2bdy31|5R(~tec@=4
zZw{%!7((}uFeg1j_XV&~0n=@JzaD`WfG6y=!V<@Bv_<BF@*NMWy>@{X-k*>aOImeG
z#N^x?ehaaQd}ReQykp>i;92q@%<dSD!yL^|Llp-lf7=O<$7h<{k8zUSMM3!?SD{^3
zs^AQz<C;a%I(BJ3zXlb?JJr*$KXL0NUuWrVkjJmIx?_p!#B*>$a!y1PNyPYDIvMm&
zyYVwn;+0({W@3h(r&i#FuCDE)AC(y&Vu>4?1@j0|CWnhHUx4|zL7cdaA32RSk?wl%
zMK^n42@i5AU>f70(huWfOwaucbaToxj%+)7hnG^CjH|O`A}+GHZyQ-X57(WuiyRXV
zPf>0N3GJ<2Myg!sE4XJY?Z7@K3ZgHy8f7CS5ton0Eq)Cp`iLROAglnsiEXpnI+S8;
zZn>g2VqLxi^p8#F#Laf3<00AcT}Qh&kQnd^28u!9l1m^`lfh9+5$VNv=?(~Gl2wAl
zx(w$Z2!_oESg_3Kk0hUsBJ<;OTPyL(?z6xj6LG5|Ic4II*P+_=ac7KRJZ`(k2R$L#
zv|oWM@116K7r3^EL*j2ktjEEOY9c!IhnyqD&oy7+645^+@z5Y|;0+dyR2X6^%7GD*
zXrbPqT<Kirj}eqVE`=Re1hk5TPq-3KdpW*%b9wbtq_MbqX&N0ZcWkQu^emn>O}O={
z4cGaI#DdpP;5u?lcNb($V`l>H7k7otl_jQFu1hh>=(?CTPN#IPO%O_rlVX}_Nq;L<
z@YNiY>-W~&E@=EC5%o_z<^3YEw)i_c|NXxHF{=7U7Ev&C`c^0Z4-LGKXu*Hkk&Av=
zG&RAv{cR7o4${k~f{F~J48Ks&o(D@j-PQ2`LL@I~b=ifx3q!p6`d>~Y!<-^mMk3)e
zhi1;(YLU<lldLg|L*4T}iOaurmv8Bz7h<MU98>5KH}zzZNhl^`0HT(r`5FfmDEzxa
zk&J7WQ|!v~TyDWdXQ)!AN_Y%xM*!jv^`s)A`|F%;eGg27KYsrCE2H}7*r)zvum6B{
z$k5Har9pv!dcG%f|3hE<UkZ|ce^f!UZ*)b>(#hFH+12RZPycVi?2y`-9I7JHryMn3
z9Y8?==_(vOAJ7PnT<0&85`_jMD0#ipta~Q3M!q5H1D@Nj-YXI$W%OQplM(GWZ5Lpq
z-He6ul|3<;ZQsqs!{Y7x`FV@pOQc4|N;)qgtRe(Uf?|YqZv^$k8On7DJ5>f2%M=TV
zw~x}9o=mh$JVF{v4H5Su1pq66+mhTG6?F>Do}x{V(TgFwuLfvNP^ijkrp5#s4UT!~
zEU7pr8aA)2z1zb|X9IpmJykQcqI#(rS|A4&=TtWu@g^;JCN`2kL}%+K!K<D}3AN-+
zI5_@)l)VFYChW2;nhrX)ZQD*dNyoO;amTikH@0otwr$(CeR9^?<Bq$(v+o(}{)VUO
zsadnC<~%JZ!C)?xXHa#X6&Cxs)m}&`LPU=a1*IOrVF#nso5RtOVlW1!s)z?E6jxc1
zTB~2!D6PE2fdo_WxauS<5m&8qPsYB#WJf}8-ZETjR;)p%Lw90ttOJn7IW;6Er>lgC
z>P)v<K`x1%RuEn>+uCeI{1KZpewf>C=?N7%1e10Y3pQCZST1GT5fVyB1`q)JqCLXM
zSN0qlreH1=%Zg-5`(dlfSHI&2?^SQdbEE&W4#%Eve2-EnX>NfboD<2l((>>34lE%)
zS6PWibEvuBG7)KQo_`?KHSPk+2P;`}#xEs}0!;yPaTrR#j(2H|#-CbVnTt_?9aG`o
z(4IPU*n>`cw2V~HM#O`Z^bv|cK|K};buJ|#{reT8R)f+P2<3$0YGh!lqx3&a_wi2Q
zN^U|U$w4NP!Z>5|O)>$GjS5wqL3T8jTn%Vfg3_K<D)so2PwqtCvLJM9&0mg;J9XK)
zVP40y_h%+vU8bt_rT&r*^wY92PWJUxc`N8Jo&nStP*-`EycgQ0MK$Wj%QUAeIPDgA
zxFlx;xGQ@|l|YN3uW%z6m2vFY54ar!>nyUM{M`?bm)9oqZP&1w1)o=@+(5eUF@=P~
zk2B5AKxQ96n-6lyjh&xD!gHCzD$}OOdKQQk7LXS-fk2uy#h{ktqDo{o&>O!6%B|)`
zg?|JgcH{P*5SoE3(}QyGc=@hqlB5w;bnmF#pL4iH`TSuft$dE5j^qP2S)?)@pjRQZ
zBfo6g>c!|bN-Y|(Wah2o61Vd|OtXS?1`Fu&mFZ^yzUd4lgu7V|MRdGj3e#V`=mnk-
zZ@LHn?@dDi=I^}R?}mZwduik!hC%=Hcl56u{Wrk1|1SxlgnzG&e7Vzh*wNM(6Y!~m
z`cm8Ygc1$@z9u9=m5vs1(XXvH;q16fxyX4&e5dP-{!Kd555FD6G^sOXHyaCLka|8j
zKKW^E>}>URx736WWNf?U6Dbd37Va3wQkiE;5F!quSnVKnmaIRl)b5rM_ICu4txs+w
zj<t-;b)lgm^h`~*#bSA(z%vUBFpn$B@u>}nsd0I_VG^<%DMR8Zf}vh}kk;heOQTbl
ziEoE;9@FBIfR7OO9y4Pwyz02OeA$n<auF;U6I`|%IfwvAmpU@okr+n@;6z>)mESpj
zdd=xPwA`nO06uGGsXr4n>Cjot7m^~2X~V4<NSez__E*s`-FOfMj+2d!%||DS>yH&-
zv2llS{|und45}Pm1-_W@)a-`vFBpD~>eVP(-rVHIIA|HD@%7>k8JPI-O*<7X{L*Ik
zh^K`aEN!BteiRaY82FVo6<^8_22=aDIa8P&2A3V<(BQ;;x8Zs-1WuLRWjQvKv1rd2
zt%+fZ!L|ISVKT?$3iCK#7whp|1ivz1rV*R>yc5dS3kIKy_0`)n*%bfNyw%e7<nCbM
z)E`&(mdUy4LP*Dl3F=;}@C3F%^w$H5xc0PCR!l)qy=cA}i-}Yt_ymoYz@H=~*bbIQ
zA_4BKys(NsJ?!Ba%j}a#9vNWY{OWM8qG^1=BU2R}ja`GV1S0I^FbE-YMwZ%iI1GOd
zbSAtxxX{RTXOg9`LlY7ufOZxf5cQAhX$Q+6_JnfcN8+<$oj#I;Zj9wCa`U^Y`Qx6Y
zIV#I&v*RK8f9r=u;?h+Eb>Uo}Mnnf>QwDgeH$X5eg_)!pI4EJjh6?kkG2oc6Af0py
z(txE}$ukD|Zn=c+R`Oq;m~CSY{ebu9?!is}01sOK_mB?{lSY33E=!KkKtMeI*FO2b
z%95awv9;Z|UDp3xm+aP*5I!R-_M2;GxeCRx3ATS0iF<_Do2M<CNyh4gV56`9Ot*_e
zT_~<8h@_e81di&~jK@qyVfwaF*}-)|!FUw2`m-dn&ycY*)pEX4_jXalTlR66rRxR4
z5ER5DV{iisE6D_?9*&74)K?clOX~Yx2*tq<oq!rDm1`pt8gz`rCS2cdCf#G>i)Hk2
zjBF35VB>(oamIYjunu?g0O-?LuOvtfs5F(iiIicbu$HMPPF%F>pE@hIRjzT)>aa=m
zwe;H9&+2|S!m74!<R+!98b&XcTW0LUBUrHfHQMMbN-QG@Ii!`YuqtgNe3Z^1*=B;N
zIEAOx?9yL$ELx^uw`8Jdl2&Y5D*fA08Mm5CKkT9^gkq+~Eq5U(V?qN1lBn*Wv_{F}
z1T(h(9H2j~>E3xfO{l3E_ab`Q^tZ4yH9=~o2DUEtEMDqG=&D*8!>?2uao%w`&)THr
z^>=L3HJquY>6)>dW4pCWbzrIB+>rdr{s}}cL_?#!sOPztRwPm1B=!jP7lQG|Iy6rP
zVqZDNA;xaUx<Pc9O5Y-d$!|e8=VK}8OVsp%U_brzo#vrvKD46UTTigG=lDHlFj5P~
z{`Y64YoIJ<niscL>&xUt<T^>?Ox|;`9?oz`C0#}mc<1Urs#vTW4wd{1_r`eX=BeSV
z_9WV*9mz>PH6b^z{VYQJ1nSTSqOFHE9u>cY)m`Q>=w1NzUShxcHsAxasnF2BG;NQ;
zqL1tjLjImz_`q=|bAOr_i5_NEijqYZ^;d5y3ZFj6kCYakJh**N_wbfH;ICXq?-p#r
z{{ljNDPSytOaG#7=yPmA&5gyYI%^7pLnMOw-RK}#*dk=@usL;|4US?{@K%7esmc&n
z5$D*+l&C9)Bo@$d;Nwipd!68&+NnOj^<~vRcKLX>e03E|;to;$ndgR;9~&S-ly5gf
z{rzj+j-g$;O|u?;wwxrEpD<di&<XL~_wh%&(4M&M;Ni>=8iFzUHQfl{B>bLHqH(9P
zI59SS2PEBE;{zJUlcmf(T4DrcO?XRWR}?fekN<($1&AJTRDyW+D*2(Gyi?Qx-i}gy
z&BpIO!NeVdLReO!YgdUfnT}7?5Z#~t5rMWqG+$N2n%5o#Np6ccNly}#IZQsW4?|NV
zR9hrcyP(l#A+U4XcQvT;4{#i)dU>HK>aS!k1<3s2LyAhm2(!Nu%vRC9T`_yn9D+r}
z1i&U~IcQ?4xhZYyH6WL-f%<GmTrw_HZ;_l0-6mQ?ICpgJe;RzCFPB=5SDOQ#%yfi<
zJM|KKp$TN}nn_;wX=3N$rXUn!5PoO1|C|9cu?5e~n%p&@^r1KXREYih2PaxjRi+{R
zT}ZFK2RS1D$*&@$Z*TOiBxz)2Z|3mr#;5pw^Jiu94SN6g#Pk1IP%BXUm#`$S^IMHv
zlfqa~C{eJosQ{V_V_`tCv{dSRRDQry4({o;Q_{Fqi1)x(cNl&0v!2HzKIYBd<mFF)
zVe?&~qsjH})pU0m6MpZnYs79cHt1@3O1*I!&UMx?UTjIS4vRcvgMmRR!ma`jR7+&0
zu?20xMnnfv{oDeN7mw+!I5*LA*L2DzzsPH+K$XLEvbq^+RHQ>}qIhZkc&}n2N0PM|
z6|XA9d-y;!`D{p;xu*gv7a|zaZ*MiQ)}zPzW4GB0mr)}N-DmB&hl1&x`2@sxN572_
zS)RdJyR%<7kW0v3Q_|57JKy&9tUdbqz}|hwn84}U*0r^jt6Ss<ODJnG$L(HZaEdcW
ztsTqU(HX^j=_PEI>rp+#1y=JBcZ+F`f(N?O0XL1OFGN`1-r?S<#t4*C9|y~e)!UYZ
zRQ3M8m%~M)VriIvn~XzoP;5qeu(ZI>Y#<A^N^qq9jQ)IkJ@)=uu|E$X=$#i1g$T>r
zAd)J)G9)*BeE%gmm&M@Olg3DI_zokjh9Nv<wfr7vi|TE!t~N-{$LV3mi8Q2j!CUU!
zUL&{9Y8`tImgIUx0wk3^9uppDR%7gtXy9t}0Ge{q(lk7Qo96kLT$hquVu5gv>dGbT
z+u4(Y&uC6tBBefIg~e=J#8i1Zxr>RT)#rGaB2C71usdsT=}mm`<#WY^6V{L*J6v&l
z1^Tkr6-+^PA)yC;s1O^3Q!)Reb=fxs)P~I*?i&j{Vbb(Juc?La;cA5(H7#FKIj0Or
zgV0BO{DUs`I9HgQ{-!g@5P^Vr|C4}~w6b=#`Zx0XcVSd?(04HUHwK(gJNafgQNB9Z
zCi3TgNXAeJ+x|X|b@27$RxuYYuNSUBqo#uyiH6H(b~K*#!@g__4i%HP5wb<+Q7GSb
zTZjJw96htUaGZ89$K_iBo4xEOJ#DT#KRu9ozu!GH0cqR>hP$nk=KXM%Y!(%vWQ#}s
zy=O#BZ>xjUejMH^F39Bf0}>D}yiAh^toa-ts#gt6Mk9h1D<9_mGMBhLT0Ce2O3d_U
znaTkBaxd-8XgwSp<E94!@6Yff)Vg1gtLyLHJdY0yU49*3@@nngIH}k8fbYXc;%qgc
zO8u0MO3P$%$SFj_3s4A8r_@3#=X{o-8C>5)x-pqX5=+{cS<PL_yn;R~ocZzJN&2Vk
zW{r7kVdS&Aln9Tc5Hwt{C9*=xs5dy(Kq2HrjK0xgqd2Pej*wHx4ON2lAfTyXXIwwB
zlyMgo%o=NJ&Fk388}hY@7iNt(=r$6bu*4PZ=hzr^cn;hOzA|RV4JGxQvFkL=k^yUE
zHrZYP9qP-H-N=-b8(2@^95`x$#f$+8-jkk)R?o6VM&amEI_k=TSC+NyD<BLza2Pw~
z2dp_PM$ZZ|*RR`MC=@c%sgcALEAl!2))Oc#&8(|UKnj2@*XTw0pbj}%IQWKkV^vOX
z!y+=!xQ+K!B}oZUO@rScr7o`3-T!c(hO)xCxsN%LB1nPDy<}XHb5v^#clx41poBt5
zhl4rG^&}4cf`FQ&oj^Y*03FQh?dwR(_S{HEC(%NCbc{(y!&QB9463rv%!VN7NyCi0
zQrFr>uk6kyl@k|5D<q-)93?re?9yp%vC%f<Zb1@?ZomjC*HmTNuK+4BN4dvND|cI@
z95FaUBSQ+Qd=+cSznBibGEKpu>Q!5zLUVV%1X9vjY0gerbuG6nwZu5KDMdq(&UMLZ
zy?jW#F6joUtVyz`Y?-#Yc0=i*htOFwQ3`hk$8oq35D}0m$FAOp#UFTV3|U3F>@N?d
zeXLZCZjRC($%?dz(41e~)CN10qjh^1C<Uj{)9z=p=!$Q9Q8W2l9_;O=FrW#gJ;E8K
zJ!}ICZkreE%ARDkb&hf=8*8lAX&!N7v1sC*fKTq4Q1c6sFLU3qOAE!L7w!usOZ-{u
z7p)2p6x>dAcY(<=GMGk@`b1ptA&L*{L@_M{%Vd5b*x#b1(qh=7((<_l%ZUaHtmgq}
zjchBdiis<nc^flW#d2`g)2<}+WRkPCLNpZEBw&y~Iyv7v;EJs&4&XfM8S{7KT`&;k
zq)3Xz%zsSLlxBiWWedt<&f~LVs4yp~D!1ke6ReB6U(KFgn9Vv+HFzqyCwGmg6BXbu
zlTV~5k4H*G4vZjp8;8wOcv{+g_QIx0+x0z5W5nSxhnk~|6ewQ(o^+Kxg+8IH$*{|$
z>{Afxf@3CjPR09E*2#X(`W#-n`~6PcbaL_(^3tfDLk?Nb6CkW9v!v#&pWJ3iV-9hz
zngp#Q`w`r~2wt&cQ9#S7z0CA^>Mzm7fpt72g<0y-KT{G~l-@L#edm<wxG7_gpd{-+
z*MkZ%C$Setpo(Zn{_#wi*TF^=nM>jZQ}7{*$mLgSdJfS$Ge{hrD=mr;GD)uYq8}xS
zT>(w_;}894Kb}(P5~FOpFIEjadhmxD(PsZbKwa-qxVa7Oc7~ebPKMeN(pCRzq8s@l
z`|l^*X1eK1+Spz--WkSW_nK`Cs@JmkY4+p=U91nJoy{tSH;TzuIyS)Q_(S@;Iakua
zpuDo5W54Mo;jY@Ly1dY)j|+M%$FJ0`C=FW#%UvOd&?p}0QqL20Xt!#pr8ujy6CA-2
zFz6Ex5H1i)c9&HUNwG{8K%FRK7HL$RJwvGakle<U4&TwVA*pfQ%dWjrn2_86dZylh
z2?~VH#ST=0&%Fa=e#7jfSj?|g@|EQPOc_7BaH1c?J@8;zI;Q(;2t6{@)}r$40?J!4
zM`#WtVbI<O>LLo}tsb>t_nBCIuABNo$G--_j!gV&t8L^4N6wC|aLC)l&w04CD6V<Y
z9{N)UZDxABziwA(@QTt$cQVp?$}aQ+AsQ~XyS!&>c#h^(YH@Zs4nwUGkhc_-yt{dK
zMZ<%$swLmU<!_)nV!iroZ@9gXyth?td+$`^J!->l8`E~RLihGt@J5v;r;vT&*Q!Cx
zZ55-zpb;W7_Q{tf$mQvF61(K>kwTq0x{#Din||)B{+6O#ArLi)kiHWVC4`fOT&B(h
zw&YV`J1|^FLx~9Q%r-SFhYl4PywI7sF2Q$>4o50~dfp5nn}XHv-_DM?RGs#+4gM;%
znU>k=81G~f6u%^Z{bcX&sUv*h|L+|mNq=W<!8f+M|1OvRQO784W^ezE=KftQzh~h8
zuS%Km&6do`eG8H}V{a^?Vp0W1N&Q{{sfCRpEQXv6!XQu8W9U&uUmQ=pM6>43y@{~C
zpL-TW3hYPs0^*OqS#KQwA^CGG_A-6#`_{1LBCD&*3nY0UHWJj1D|VP%oQlFxLllaA
zVI@2^)HZ%E*=RbQcFOKIP7?+|_xV<mPFu0kZJil2yht#)_OJaCt2Uq|l^A;fu<y7=
zW3{SMbIOvYHE*8C0Ma!=98DT(w}h1FoRt%M0UoVs5UiZRb-<htqpC3htJt}V&6bf~
z$(gpUvp1{Y=7MpzsS$rUY(M5mI|C6tR*R_8FwGrSnW-evI>K+2oG(t_EGl2y;Ovox
zZb^qVpe!4^reKvpIBFzx;Ji=PmrV>uu-Hb>`s?k?YZQ?>av45>i(w0V!|n?AP|v5H
zm`e&Tgli#lqGEt?=(?~f<mr*}O%w4&P9ce@Z{Jo6<6gOllzn0-aW!^^n2os<^XIoH
zPtw{?hjb=}C`J%e8jR*($)A^cJdwhHm(Rpt{a2C?qhwxJ5KJ<+CV%}?j6O)LjOz6d
zu-OkY>y<(%#nDU`O@}Vjib6^rfE2xn;qgU6{u36j_+Km%v*2RLnGpsvS+THbZ>p(B
zgb{QvqE?~50pkLP^0(`~K<?k-Z0R|5Gu=2Q;(qj$G<jQ`;epcw2&D(mZNZ-AcPy>&
zjT=2Pt2nSnwmnDFi2>;*C|OM1dY|CAZ5R|%SAuU|5KkjRM!<b+Rt)`=;^dTqw?^SX
z+wS^);$Ve1dqFu_+;&opIU`Pym|C#%sJig-@q1@q7jp^RZ+@U}r+eYu4BZ6+ip^+(
zc(Fz-rptKClR1W|xTsES7PHpvv6XuO-I@5Sl!8=W$bM4}QVhliFlv3!(>LW_)LC*A
zf{f>XaD+;rl6<A#;otuq{{InD{I9ro*0(eIKagUD@|xA$zqCwjcbiG#*|bJU^C_h_
zBv*e?cGys&3Zv!_fC*DsV-JDO^;a&!1<LL~yX^cRfeM!Rb}|Y~mfnb^5}-q+-^@s<
zI|?^3{?35TFCe-84i2Q@l4%Ai=Orb#@RDHzt-we~usA9dDQb%1U;`Ba`5s3=zz$2=
zdSwF5n&EIFjy(N5SQYEI-%K@>Y>Umr>M8y>lF+=nSxZX_-Z7lkTXyuZ(O6?UHw^q;
z&$Zsm4U~}KLWz8>_{p*<YgwVoU>WQ!OgxT1JC&B&>|+LE3Z2mFNTUho<0u?@r^d=2
z-av!n8r#5M|F%l;=D=<m`;L@jZAIzN#=o(o?Vd1wa-H{~U59}`o6Z7j$!Xd;Sw7PV
z$Az`Y)=~2lIUWH9_y{DCB<@}4+BSotbLT}7H4n+wZ>S1mGLjgFsiYAOODAR}#e^a8
zfVt$k=_o}kt3PTz?Ep<Rx$0tl$T1ju-<0z9YpEJz$R+BgQm<tF>Lkt54dY}kyd$rU
zVqc9SN>0<qL)m3Tz=(HAg<l(tL63cAn&p)3xE*|JIwY3IDOS}2Ui%Gb)wRgj`<S6}
zYf0;T$<8{1)Y8Pn#564)?_ftfa@&LM<&~{@-DZK4U8MyBU2M)&fe8LA!p{Q_kdpXx
zm)iiu96~IhKFnH)0EoHNS#qZyheuRGPdoG-*-!Op_0T#RB{n~jG5uf<v(On#jVX|e
zjClyeBQTh^@i0S4C8exqzu_REPKtq^TU?$Qp-c+8U8Dg_I^w;%^X#e!s?#h)vQj>c
z753j-gdN~UiW*FUDMOpYEkVzP)}{Ds*3_)ZBi)4v26MQr140|QRqhFoP=a|;C{#KS
zD^9b-9HM11W+cb1Y)HAuk<^GUUo(ut!5kILBzAe)Vaxwu4U<W?$J@S>p!7Ql*#DDu
z>EB84&xSrh>0jT!*X81jJQq$CRHqNj29!V3FN9DCx)~bvZbLwSlo3l^zPb1sqBnp)
zfZpo|amY^H*I==3#8D%x3>zh#_SBf?r2QrD(Y@El!wa;Ja6G9Y1947P*DC|{9~nO&
z<z8S3A~azdaWQ-D2y!A74iDviMMQI=MNBs~skM7{%vdm^C;<v?@SlAZrDoXN6^ETW
zoik6gw=gOhtyUK&l_M9!l+RaEQG{*o`)QHdPN|};Wp9yV1gaKmHe-pGu0IJAOC#6h
zuq(avF#m2aDfhBDzWEfnR<vdA$mkwSWAwY}$>*vDnnU!8(c<MO1<yg=BlRhHbd!3-
zOs=xH&g(tM@h>V%HevsraF%Y%2{Z>CL0?64eu9r^t#WjW4~3uw8d}WHzsV%oq-T)Y
z0-c!FWX5j1{1##?{aTeCW2b$PEnwe;t`VPCm@sQ`+$$L2=3kBR%2XU1{_|__XJ$xt
zibjY2QlDVs)RgHH*kl&+jn*JqquF)k_Ypibo00lcc<2RYqsi-G%}k0r(N97H7<vq{
zz0yJ3J(z+oypJw8G^a@YX3aCx(7ho)jU|S621w5^5U>JEn7@E3ZTH0JK>d8)E~A-D
z!B&z9zJw0Bi^fgQZI%LirYaBKnWBXgc`An*qvO^*$xymqKOp(+3}IsnVhu?YnN7qz
zNJxDN-JWd7-vIiv2M9ih>x3gNVY%DzzY~dCnA}76IRl!`VM=6=TYQ=o&uuE8kHqZT
zoUNod0v+s9D)7aLJ|hVqL0li1hg)%&MAciI(4YJ=%D4H<c$k8~le3q3a4lk42-~FF
z+%Yb!5>$fGQ&Lu-?@>>@p<eb=iH&;=)j#)%Vp(HDiuuajJw=4N4`dXR2Z=RgcWr&9
z@({$pn#5(~CzvP{<~dI8#|lRj`*~K(V#hH4>EgC;ER<aIy=|8F&7}WB+v<NF9Q}VV
z2MMuT64(MLgI#s%b*+V1Un~oai^V_kP?jXDCGzD!3IekO#pv48Ncy;HQxaA}o}oN(
zszB*qfjo<6nbUlN16kV8w^Hi1UT`PVKR%9j(0z#K1yQOIdxu1PCV-R$Z`90;_>rL=
zI^cS&3q8fvEGTJZgZwL5j&jp%j9U^Of6pR{wA^u=tVt#yCQepXNIbynGnuWbsC_EE
zRyMFq{5DK692-*kyGy~An>AdVR9u___fzmmJ4;^s0yAGgO^h{YFmqJ%ZJ_^0BgCET
zE6(B*SzeZ4pAxe<NAxO^%xML+EphJeV~)R?c@FEzsm%zIZ_<WQN}c0j?TD&6<g=qd
zYXKXthSxy=O@C*1vEq-Yw6^-WoRg8NQOo?>ar^B-YW<%BK->X&Cr`g9_;qH~pCle#
zdY|UB5cS<}DFRMO;&czbmV(?vzikf)Ks`d$LL801@HTP5@r><}$xp}+Ip`u_AZ~!K
zT}{+R9Wkj}DtC=4QIqJok5(~0Ll&_6PPVQ`hZ+2iX1H{YjI8axG_Bw#QJy`6T>1Nn
z%u^l`>XJ<Uxx|n=_#|BR{TViXA5Z*8Q^S8h{=YfSe=|l2N?$VH2j`!UZU>{^vX`L0
z<q^Z`MaSg(vk0)vrNSY|D1LrvRwmiGbeLbl<wflxKhu){hmi64T;+d@n;}@l3C2xc
zj!$~rO^jcDyxx6~`+O@53-e25^w&qSgbLCYFy!rF(ZJSmv7iJ}Kr<%wTJCUH?NkEX
zVIc7qF>1%w-ie!dE|<z1I2=A!frVtJgEzX1CUVc(ZodDj&W)-K1vL{nYJmlP3^gZD
z6QiQelK|`I!lPg*--!-KyjDSL%mtUR2#j#$lxj$!Q|K+{-q4}E;T%PCP6%@q+I{7z
z8jGn0DuIs4k5aLl)SwvTLzzLvA1A5E{PuZ(A^xgsu7j3jdIzd{Z`#AhAk}ul6Vv9Y
z=urQ|8UQ#9{gjfkvzO5d_Q6~^f)U{%hMh@>!SP<>#c%ma9)8K4gm=!inHn2U+GR+~
zqZVoa!#aS0SP(|**WfQSe?cA=1|Jwk`UDsny%_y{@AV??N>xWekf>_IZLUEK3{Ksi
zWWW$if&Go~@Oz)`#=6t_bNtD$d9FMBN#&97+XKa+K2C@I9xWgTE{?Xnh<XYecBl$z
zLk7;WP-S9%_QvWrgUl4Yw5)25lLEb25-M#WE2X7>c9_KKPcujj@NprM@e|KtV_SR+
zSpeJ!1FGJ=Te6={;;+;a46-*DW*FjTnBfeuzI_=I1yk8M(}IwEIGWV0Y~wia;}^dg
z{BK#G7^J`SE10z4(_Me=kF&4ld*}wpNs91%2Ute>Om`byv<kX@8r@ci;FFPE3Wxa!
zm)S_Af-^Wpm6;P^l1Il%=Z6=+i%`2H+?E2bq|@OEu5jZ<ZZWM}wBoS;?)zOvh-Ebj
z2-b#+6Ejq34lH3aRywf~Jtj6rM$!<_83h(O@Ib+Oz}51TVb0MddqDs1&7g^ZZEgH_
z?7Mu&{{Ig&{6F*i8A?;%vI{7m#!hR2M$o7^R2sj^rxgq-2?F8~#E@gjl%@WP-Lu6@
zt7|!pTqZtOb&sSa>9qgK4VfwPj$`axsiZ)wxS4k4KTLb-d~!7I@^Jq`>?TrixHk|9
zqC<yu{f>X7@sWcVfNP8N;(T>>PJgsklQ#GF>F;fz_Rogh3r!dy*0qMr#>hvSua;$d
z3TCZ4tlkyWPTD<=5&*bUck~J;oaIzSQ0E03_2x{?weax^jL3o`ZP#uvK{Z5^%H4b6
z%Kbp6K?>{;8>BnQy64Jy$~DN?l(ufkcs6TpaO&i~dC>0f<Vc$|V{rA$Nt9BD!LZT<
zk~g~UgGZte1RNJHF^<Pu(O)Y{yeJW>vi-I^7YT#h?m;TVG|nba%CKRG%}3P*wejg)
zI(ow&(5X3HR_xk{jrnkA-hbwxEQh|$CET9Qv6UpM+-bY?E!XVorBvHoU59;q<9$hK
z%w5K-SK<tWK~)xDY1pfU-uh2F5s`TjYWMPe<qa`ryY7tDKBk}@3e-et05NCtf09o>
zWT#1OX__$ceoq0cRt>9|)v}$7{PlfwN}%Wh3rwSl;%JD|k~@IBMd5}JD#TOvp=S57
zae=J#0%+oH`-Av}a(Jqhd4h5~eG5ASOD)DfuqujI6p!;xF_GFcc;hZ9k^a7c%%h(J
zhY;n&SyJWxju<+r`;pmAAWJmHDs{)V-x7(0-;E?I9FWK@Z6G+?7Py8uLc2~Fh1^0K
zzC*V#P88(6U$XBjLmnahi2C!a+|4a)5Ho5>owQw$jaBm<)H2fR=-B*AI8G@@P-8I8
zHios92Q6Nk-n0;;c|WV$Q);Hu4;+y%C@3alP`cJ2{z~*m-@de%OKVgiWp;4Q)qf9n
zJ!vmx(C=_>{+??w{U^Bh|LFJ<6t}Er<-Tu{C{dv8eb(kVQ4!fOuopTo!^x1OrG}0D
zR{A#SrmN`=7T29bzQ}bwX8OUufW9d9T4>WY2n15=k3_rfGOp6sK0oj7(0xGaEe+-C
zVuWa;hS*MB{^$=0`bWF(h|{}?53{5Wf!1M%YxVw}io4u-G2AYN|FdmhI13Hv<wqNx
zyJ0aCDbf+6Xh)}VQ07NMBoDjFcTiqJ*FU};bE20sFe&dJcFxGT;@r?<LbS{0CUJaF
zat)G84W<W4B1Xma3~&F1w20lod?U`$8EsI6PbnM8J%KE^2~AIcnKP(y025h_G>noK
zNS2fStm=?8ZpKt}v1@Dmz0FD(9pu}N@aDG3BY8y`O*xFsSz9f+Y({hFx;P_h>ER_&
z`~{z?_vCNS>agYZI?ry*V96_uh;|EFc0*-x*`$f4A$*==p`TUVG;YDO+I4{gJGrj^
zn?ud(B4BlQr;<f7($6G0*wm%8Yx9)oXWeL*3fyb0-Z83=jX!Y^ZOz2xr_W6UE(jaH
zJ(oBs$}&9}P-B_Th=g2Z2$cnLESxH4YOC^yN6^ay)`W&sUCb|})aAB7Rs`hAJsBwv
z^t5#H^){uYP=n4Y>NN?<ynxz#$}3sutUA_0g9(%*1-IHHw^|pUAX|0TLH=Ip#<bz<
zG|Td2HdTu~wl!K<`h$PM2b&2s*p2U)GXGvW;{Q)#O4-W%|1x~)P##nGUJm4Sjur1^
z_yvJ*6BtY(4iS(94_XsFJ4*#sA*f#6Mxtozz$7G1HcJ0YPnRDmngGq;oq(+i&2F`R
zOt0o7TPPSHM@YBsu(j4Sb<$a6O?Kto<q56_)x_E#y)X@^Vbh4H8>vaz_7{&(D9mfd
z8esj=a4tR-ybJjCMtqV8>zn`r{0g$hwoWRUI3}X5=dofN){;vNoftEwX>2t@nUJro
z#%7rpie2eH1sRa9i6TbBA4hLE8SBK@blOs=ouBvk{zFCYn4xY;v3QSM%y6?_+FGDn
z4A;m)W?JL!gw^*tRx$gqmBXk&VU=Nh$gYp+Swu!h!+e(26(6*3Q!(!MsrMiLri`S=
zKItik^R9g!0q7y$lh+L4zBc-?Fsm8`CX1+f>4GK7^X2#*H|oK}reQnT{Mm|0ar<+S
zRc_dM%M?a3bC2ILD`|;6vKA`a3*N~(cjw~Xy`zhuY2s{(7KLB{S>QtR3NBQ3>vd+=
z#}Q)AJr7Y_-eV(sMN#x!uGX08oE*g=grB*|bBs}%^3!RVA4f%m3=1f0K=T^}iI&2K
zuM2GG5_%+#v-&V>?x4W9wQ|jE2Q7Be8mOyJtZrqn#gXy-1fF1P$C8+We&B*-pi#q5
zETp%H6g+%#sH+L4=ww?-h;MRCd2J9zwQUe4gHAbCbH08gD<n$4JOZfr1dy|4NISDt
zJq9Sb#*`qZqnLfVcKv#FZN&$4ZJ7x}GY49-9TIs=D0h|`xDX?Qt@)~Scwt?@CJhLF
z9Rla4t_bZ<5MDoVRcnCg5*U?ktKW{=ZsYTDs7n`bhz$sTiTGtX|El}NsYR5zLfGJh
zuqqUv?$%w*81@|EbW>JY;F6F)HtWCRW1fLR;)ysGZanlz*a+|V&@(ipWdB!tz=m_0
z6F}`d$r%33bw?G*azn*}Z;UMr{z4d9j~s`0*foZkUPwpJsGgoR0aF>&@DC;$A&(av
z?b|oo;`_jd>_5nye`D<obu&G!ftXK;)D(8NZ(rAyT3$Vi9gwp`#>VOcMLr-*Nw&nA
z82E8Dw^$Lpso)gEMh?N|Uc^X*NIhg=U%enuzZOGi-xcZRUZmkmq~(cP{S|*+A6P;Q
zprIkJkIl51@ng)8cR6QSXJtoa$AzT@*(zN3M+6`BTO~ZMo0`9$s;pg0HE3C;&;D@q
zd^0zcpT+jC%&=cYJF+j&uzX87d(gP9&kB9|-zN=69ymQS9_K@h3ph&wD5_!4q@qI@
zBMbd`2JJ2%yNX?`3(u&+nUUJLZ=|{t7^Rpw#v-pqD2_3}UEz!QazhRty%|Q~WCo7$
z+sIugHA%Lmm{lBP#bnu_>G}Ja<*6YOvSC;89z67M%iG0dagOt1HDpDn$<&H0DWxMU
zxOYaaks6%R@{`l~zlZ*~2}n53mn2|O&gE+j*^ypbrtBv{xd~G(NF?Z%F3>S6+qcry
z?ZdF9R*a;3lqX_!rI(Cov8ER_mOqSn6g&ZU(I|DHo7Jj`GJ}mF;T(vax`2+B8)H_D
zD0I;%I?*oGD616DsC#j0x*p+ZpBfd=9gR|TvB)832C<yhYAik<@H8~5#F6>R<A)^I
z813lsSPg>hsW_7g&WI@zp@r7dhg}{+4f=(cO2s+)jg0x(*6|^+6W_=YIfSH0lTcK*
z%)LyaOL6em@*-_u)}Swe8rU)~#zT-vNiW(D*~?Zp3NWl1y#fo!3sK-5Ek6F$F5l3|
zrFFD~WHz1}WHmzzZ!n&O8rTgfytJG*7iE~0`0;HGXgWTgx@2fD`oodipOM*MOWN-}
zJY-^>VMEi8v23ZlOn0NXp{7!QV3F1FY_URZjRK<l6h;TB{8A>McY(2PV_ms}EIC^x
z=EYB5UUQ{@R~$2Mwiw$_JAcF+szKB*<Pw8cE2gEj`x6sRWVOul$DOLM!NtNwjh^{(
zxfNtkDejs|AW>n(`MYpDCl>~ss54uDQ%Xf-8|dgO<D$o)tF6&E3o0(-+0v~XPcyB>
zY)B_qju=IaShS|XsQo=nSYxV$_vQR@hd~;qW)TEfU|BA0&-JSwO}-a*T;^}l;MgLM
zz}CjPlJX|W2vCzm3oHw3vqsRc3RY=2()}iw_k2#eKf&VEP7TQ;(<?;Dnz16vQ+EoX
z@YdXY3d=X;dXLc}GT10b@w?2#72%e6QoQ~Iso^XKa_A4FB-0kTb0gS}kCU)ekOmu4
z`X~-Y)K_*yRzFYC^5Ptoh0>DDzEAUgj!z_h2Br;Z3u=K~LqM6YOrlh)v9`!n|6M-s
z<LVy)p%e_Z0jAJF#}rF8BlQPu39Pb$)R=fT$F_oL3&Gro%^1<m;FD=A%JqXnheJY~
z0!=4l7633anV`XdE3ll;7?y>?XvA~y<5?WJ{+yM~uPh7uVM&g-(;IC3>uA}ud?B3F
zelSyc)Nx>(?F=H88O&_70%{<kvt?}pFSnnx$A+E#AvNZ=)Q67#lW<Bj=R~TC*34x<
zsIV$*icLF#lNv_`<!<@@H{3F&kUnVFe+}@wjNGQ{nYZ9?6}hda@t66<wlx96{_cE`
z$$a0j(_1tmoC?aiBGP^t4#2R1mY4;l4FmKUhoJ&lF<t;G=;U^CT{wVhc2vX(qHL;%
z-OQ&LUiC1Cq?IW2HC41#NaIch2w>ATsLVTAp88F-`+|egQ7C4rpIgOf;1tU1au+D3
zlz?k$jJtTOrl&B2%}D}8d=+$NINOZjY$lb{O<;oT<<w(P7-d7Q=?T(2)6S%4F4dsT
zi35lCeu|eW*ukuaYQn7hV8gDLi){5={4VyTorE0ZZjK<M1=NR{ZM!$i%JHC_!^QU0
zGv-ULw)i^~1DdoZqL(7f9gCW|Sy!yY)SNJoVu}g1?HCbB->zXoAp01KYG<PZ9H6O!
z))_mlm9Vu1mn+KG9d>$Y4*=)!&4g|FL(!54OhR-?)DXC&VS5E|1HGk8LY;)FRJqnz
zb_rV2F7=BGwHgDK&4J3{%&IK~rQx<&Kea|qEre;%A~5YD6x`mo>mdR)l?Nd%T2(5U
z_ciT02-zt_*C|vn?BYDuqSFrk3R(4B0M@CRFmG{5sovIq4%8AhjXA5UwRGo)MxZlI
zI%<!zxK{ej1*xOK@{q@yU&&2m0M<#J$s-)9nQJ#J9D$?MIi+@1qA-Ly$)60970|=L
z+)<dANvJ|$+x@*644bs*eF)w6b%Z+UpG@tteAy4c0qa=<nZV{kcyc?3DR^0UBf(tQ
zKVV;Sv@C}GZxNnStZ-+dFobV*{|x92_fZWDwisl5`v83Kseqc1BGi=gVi-fNboe{}
zDQ!10Gf30nF>vz`v8B+#ff*XtGnciczFG}l(I}{YuCco#2E6|+5WJ|>BSDfz0oT+F
z%QI^ixD|<Ire%}nK@2Aibp{~e4lq-hC}BRMRW9up0eGmQ%x;+z;N*J>^(AN`MS6J$
zXlKNTFhb>KDkJp*4*LaZ2WWA5YR~{`={F^hwXGG*rJYQA7kx|nwnC58!eogSIvy{F
zm1C#9@$LhK^Tl>&iM0wsnbG7Y^MnQ=q))MgApj4)DQt!Q5S`h+5a%c7M!m%)?+h65
z0NHDiEM^`W+<QZOD?Stcbud)jBUdJz>M4)=q^#sk(g!GTpB}edwIe>FJQ+jAbCo#b
zXmtd3raGJNH8vnqMtjem<_<RAJPF&-%GsWQ`YEcs5zd_a``?ag+n~zXrDsEJ{An$<
zo)|`>)9`gU_-RF&ZK!aIenv7B2Y0rZhon=2yh&VsHzM|`y|0x$Zez$bUg5Nqj?@~^
zPN43MB}q0kF&^=#3C;2T*bDBTyO(+#nZnULkVy0JcGJ36or7yl1wt7HI_>V7>mdud
zv2II9P61FyEXZuF$=69dn%Z6F;SOwyGL4<q<2ZxdTxZCB-(@VdZQg%XDDHH@cCjt3
zP;=X$AV;rcZN_7x<1S;3!mHBF>D5mKfW)q4l$8yUhv7|>>h_-4T*_CwAyu7;DW}_H
zo>N_7Gm6eed=UaiEp_7aZko@CC61@(E1be&5I9TUq%AOJW>s^9w%pR5g2{7HW9qyF
zh+ZvX;5}PN0!B4q2FUy+C#w5J?0Tkd&S#~94(AP4%fRb^742pgH7Tb1))siXWXHUT
z1Wn5C<yb=gsf8XFbOO5NR5v8J9|IBwD{uf)70TYaVeM&IZTi0M)$sw_JCuWq`=}b=
z8)W|q3IAjGL>G&!mGtr#jq6(P#!ck@K+FNprcWP?^wA2>mHA03W?kj>5b|P0ErXS)
zg2qDTjQ|grCgYhrH-RapWCvMq5vCa<vxi|F`?A!XHVHe)L4-tH;pd9Luqo?aPV!2s
z8*d5d)uG>F?{R%*mu}1)UDll~6;}<K4?1~CX;L1}g9u=o%>3Q*^QOfj!dlt02lSzK
z?+P)02Rrq``NbU3j&s*;<%i4Y>y9NK&=&KsYwvEmf5jwTG6?+Pu1q9M8lLlx)uZZ7
zizhr~e0ktGs-=$li-2jz^_48-jk**y&5u0`B2gc#i$T1~t+AS*kEfR*b{^Ec>2-F~
zKYRl&uQ5yO@EtAZX8ZSqx;8+AKf+CqhlUSpp*VfyBMv+%wxN5GukZEi^_to%MFRc0
zdXqJ*jk?#uYT6EJe446@(f6G4vhnxQP|pGeJ?-#|Ksq?g*ky=}x+Qnx+!<>Y(XStN
zQIND`{KU}&l)E*ntI^}kJ=ly8DML{!(58Xk4_bzIc@v~e;><z^97=`HZn*MMu&-Yg
z9OAP2=XoiJ9#|Bv1ibhQ?<i#4eQ8KaA1LcUI{C(jbJ_+e)%i?BCAr%VhAS6nBqnm&
zOKb5-QIs^)7Q^g>wKl_`7G%pGz~4KH*CTp;_|52)d!+ximd<F#sm2#+seBL|&Qg6U
zIH4|`rVu%b=4T?QFSuA{o^yZh^3fF1#a33<b;8dD%}OGkEXGV&tUFs68_~;DEn5o*
zhZd2`_dN1Q=^;r8BcE2oQQPvZJwW^cY1{+8&&E{!Lp-O4Y+%WZH;Bd)0e!Qy9ICrV
z)Gj&tR1KSz2R1ZAMXWdKQa?gzn)Js(jFRg>$|8v@zzEq%j68QXkgf$7eM~xdM5q5i
z{?qFx_W|eq@L03bW<UGBkQSwPH|s5CWgP#W8z%tU-Yz+j>Jfjy^z@()-iCjzjREuf
zb_a(yTz)ZKWCF%Lp>^2-%Q?*t{06}x#DLN3cO=i>h6#-a`z;<5rBGGM6GA(W<Lg(m
zm7?V_PW;n-_4B>qvRcX%Pn?Uvs1#e|ePSNJEC%+X(YI$x)`<aw5r?K?ufdtUbafv;
z1B#{SqMg66Z&7-Y0LFnjlW=}Nq{ztJ%nE?EXz`3b4cEBoJ5tdh4j`(po~Ft76f!ca
zUl9&xVkcY>s$%>O#%}D<Bxkxp>9dgqWfq4yfVz^%Fglo<Vpj$oQI(M`vqm^LsnI-r
zt^E2B$e1;rT?Mc7W`EHotX()0JY`gPQ@x=x)KDff#-DF|vIk(^5&pKNe6JswT{HWW
zFuclvp;&}aQJ8*m-TB?W)>kdFR}uJQhx|}_w`9Ulx38Ha>ZslKs58c-@IFI&f;?xM
zbK>rKNfPFsf>%+k6%(A6=7Aac^_qrOCNqb3ZVJ;8pt!?1DR*ynJb#@II9h?)xB)A~
zm9Kk)Hy}!Z+W}i6ZJDy+?yY_=#kWrzgV)2eZAx_E=}Nh7*#<&mQz`Umfe$+l^P(xd
zN}PA2qII4}ddCU+PN+yxkH%y!Qe(;iH3W%bwM3NKbU_saBo<8x9fGNtTAc_SizU=o
zC3n2;c%LoU^j90Sz>B_p--Fzqv7x7*?|~-x{haH8RP)p|^u$}S9pD-}5;88pu0J~9
zj}EC`Q^Fw}`^pvAs4qOIuxKvGN@DUdRQ8p-RXh=3S#<`3{+Qv6&nEm)uV|kRVnu6f
zco{(rJaWw(T0PWim?kkj9pJ)ZsUk9)dSNLDHf`y&@wbd;_ita>6RXFJ+8XC*-wsiN
z(HR|9IF283fn=DI#3Ze&#y3yS5;!yoIBAH(v}3p5_Zr+F99*%+)cp!Sy8e+lG?dOc
zuEz<;3X9Z5kkpL_ZYQa`sio<mu7#<R;P#^AzDZpNEFF-x6ISg?yJomJ7bPqcQ@V3r
zkdE38i3ZP3F@ZZPv}Ns~hi}3&z|z~Xe(PuXCDF99=C6$5T-)OJ35rFuX$2>R_@_cG
z8tT~GOSTWnO~#?$u)AcaBSaV7P~RT?Nn8(OSL1RmzPWRWQ$K2`6*)+&7^zZBeWzud
z*xb3|Fc~|R9eH+lQ#4wF#c;)Gka6lL(63C;>(bZob!i8F-3EhYU3|6-JBC0*5`y0|
zBs!Frs=s!Sy0qmQNgIH|F`6(SrD1js2prni_QbG9Sv@^Pu2szR9NZl8GU89gWWvVg
z2^-b*t+F{Nt>v?js7hnlC`tR<QFJb#1J-AD2Y_-!x0cUa7k-QE>U(an0qQG7;h6T~
z-`vf#R-AE$pzk`M{gCaia}F`->O<OWl)Ry@|N215RIbK)7oBxY(8>2)60AuGFAJg>
z*O2IZqTx=AzDvC49?A92>bQLdb&32_4>0Bgp0ESXXnd4B)!$<JlJM9H^R~a{?XOeJ
z<WSm_vo)2siYOYkAN5~Wm)}oOK5O{3aTYJ@>t$g{*FG%HYdt3b3a^J9#so%BJMyr2
z{y?rzW!><Q>lr097b9(75#&4&@lkB1vT*w&0E>!dS+a|ZOu6t^zro2tiP)bhcNNxn
zbJs3_Fz+?t;4bkd8GfDI7ccJ<q<OaN41j;vu2MUKpK*-OB+^@8|0UMdox>5zU`Bs~
zN~bci`c`a%DoCMel<-KUCBdZRmew`MbZEPYE|R#|*hhvhyhOL#9Yt7$g_)!X?fK^F
z8UDz)(zpsvriJ5aro5>qy`Fnz%;IR$@Kg3Z3EE!fv9CAdrAym6QU82=_$_N5*({_1
z7!-=zy(R<Q*94!ZMOOc>{xg9S519S6W{HpJZ8Is|kQ!0?`!vxDggmslD59)>iQ15f
z7J8NqdR<ga))e0)Ur%S+E}ec?+y~twFJ4A_Mss-AP+eF02kLp3zzFe*?#O4_dDZRy
zbv?H&>`9f8H|~iFGNsPV!N)(CC9JRmzL9S}7U-K@`X893f3f<8|8<l7zt!;mYl^FC
z=8SEE>Ls!^eA^#(O6nA+ByFIXcz_WLbfeG|nHJ5_sJJ^gNJ%SI9#XEfNRbzV+!RkI
zXS$MOVYb2!0vU}Gt7oUy*|WpF^*orBot~b2<Y_`8x!BAodNjWNH0hc3w0T6w{5sUZ
z|B2cC<DJgWDVgdP@mX(?FeHqs9Kvrhmw>J@^be?Gq;U%#a<fuYTr&+FHC3kSjUcEr
z1F>m8`PmH-UCFZ&uTJlnetYij0z{K1mmivk$bdPbLodu;-R@@#gAV!=d%(caz$E?r
zURX0pqAn7UuF6dULnoF1dZ$WM)t<Ee9jxt3VRL)Qt|k=L#J7L7eIPM4b7R6tK}kw`
zHvJihFn1ho^6Xt7)TuGkNxBs}tx(U%X%X=xQ`ylh2weAdzF7hIY+~jp76|mpcz0Z@
zGK0e2;cRTCq_nZ!Af@Z>HAM{eZK6DbU1J`V5<Z{7GK*`z#-439Xzh11z9N?3ixocB
zSP-RtvWs+6Vp`grGL8az-zi;6TP;MKqBV%8JdIbyz@d+w=tXA^^E62X5uQdV<T7<#
z7$$iHb4Gb1CEzftHC<QNnt*7os(xfMNgN<BkpflUzCR8rBH+;$KdU;oQRjSzM}Owi
zkxc2bytqB5!YVo6=u(rNUBNY<;6b_GhxbVQ<SZ-KWiYsio@tOFPJz0ma)S%jr{lVe
zmOHGx%qCf|iFEal|Mh34KB7kJZ|^w7YscJW1GAD%jIt<2a5&0^$BfFf{I^UOW1KW*
zA_2Q1M`8_By~1RuhkM|WdK&Rs<HLQEl{|fXX*sKo`HZA>Dw<;xk}Nl`h+nfMO_Rdv
z3SyOMzAbYaD;mkxA7_I_DOs#Bk;e5D%gsS3q)hlmi1w{FsjKNJE22`AjmNiAPRnIc
zcIkN25;rOn3FipAFd(PnlK9{03w6Q<(68#1Jw`{axEGQE{Ac>^U$<ZUy$k8K8eCOn
z#=x%Gb4$bF>h);h2ADICmaNxrfpb`Jdr*)Y1SicpYKCFv$3vf~;5aW>n^7QGa63MJ
z;B1+Z>WQ615R2D8JmmT`T{QcgZ+Kz1hTu{9FOL}Q8+iFx-Vyi}ZVVcGjTe>QfA`7W
zFoS__+;E_rQIQxd(Bq4$egKeKsk#-9=&A!)(|hBvydsr5ts0Zjp*%*C0lM2sIOx1s
zg$xz?Fh?x!P^!vWa|}^+SY8oZHub7f;E!S&Q;F?dZmvBxuFEISC}$^B_x*N-xRRJh
zn4W*ThEWaPD*$KBr8_?}XRhHY7h^U1aN6>m=n~?YJQd8+!Uyq_3^)~4>XjelM&!c9
zCo|0KsGq7!KsZ~9@%G?i>LaU7#uSTMpypocm*oqJHR|wOgVWc7_8PVuuw>x{kEG4T
z$p^DV`}jUK39zqFc(d5;N+M!Zd3zhZN&?Ww(<@AV-&f!<LI7*F8&iPDLUXltu(<}V
z$njn`XVpn?WJ*LB)uE)%4)wh=Ssn%11If>v$uV>%z+dg9((35o@4rqLvTC-se<GZ^
z@`nqI3i&X>@hkn^6k7+xHiK-vTRvM8{bCejbU;1@U=*r}GTI?Oc$!b6NRcj83-zF;
z=TB#ESDB`F`jf4)z=OS76Se}tQDDHh{VKJk#Ad6FDB_=afpK#pyRkGrk~OuzmQG)}
z*$t!nZu$KN&B;|O-aD=H<|n6aGGJZ=K9QFLG0y=Jye_ElJFNZJT;f<ekwWkA`guR1
z{-6+Q;C36hq*EaO#_dD=Ic~!kNe)DbJHR-5r$35y6?w=}fE@osSS>U8P8CZ<ru2E$
z&FfHRsx;HT;644Ji*zE#J;Iw#-X5!#zOw>cLBERjioAOC0Vz_pIXIc};)8HjfPwNy
zE!g|lkRv3qpmU?shz(BBt5%TbpJC3HzP9!t7k*Fh48!-HlJ4TTgdCr3rCU!iF}kgu
z4Qs;K@XOY~4f~N}Jl8V_mGbwzvNLbl&0e9UG4W;kvjTK|5`-Ld+eQ6YRF`N0ct%u%
z^3J_{7r#_W1zm|>IPN!yWCRrN)N!7v`~ptNkIXKipQ6ogFvcnI5ugxdoa{d;uD67g
zgo^}QuZRkB540Vc!@c80(wFG=$ct}oHq(#W0+-XX(;Rrt`x=<45X}ficNtI2(&}=~
zb(!}tNz?s`wm{g<VYvmC<DPs!Ffwi9p4hH_2+;OCs<0@Sl*DKhB3opORuW(|H@1FS
ze>K?2tdf+OEF;tzx<(3fMd7_tM@Ghs$Z(Os-H(kYq#qB|J-aC9Ku?fsWwJhB36c)A
zu|a7ZF?V8X<LT_AM+fJcpWO4|XIP|4e8O^HWt;P@;zk>7l2g5~xqZf>2=6Dsi5lfo
zKIRL&@MLJyaBE)V_9=pJYu%U2wxR*-(0MI5_|yqP`?h@cks(5LR@XUKLMI_xuVtiu
zRvpDS8MyUMRFM6`P+Sjc!A_e^H38Qu7b{b7QZ>NHyA6k-YYygQuW&C_OGO(<j^C?J
z61}&6UL&AH*ee~5X{4DF=YTk{e;k%C6cdMGz^_On5%_auAHK->7V7?}r)zedSVpBI
zuk29Z4GW3C0GpfozbZQya454sjt@ndQmsp=DA&@sWw&xmOlDk1JIcMNp~-ES$&A~k
zG#W(6hBj?!Fu8Q4WYexoSBa8_5=v20xnx6H?e;$t)5|f&{7=vOye^&3_c-Ug?|a@e
z=X`&qT_5B7N9vZoPBhXOTEDV;4&x2Je4}T(UB~O-$D#CjX77$R?RZ*`ed~$G;$4YS
z4n*|Pop(!NN79Hk2}U#cfEEwdxM)xQm}$~rV03xc=#U@@Y*}qEmot5KvDb=8{!E-n
zl4p?}&g2h^sUGyTcGh=0aQzQb*k;K;dvbeZUgmwEv>%#(EPtj=gHKdi|E8@w+|>KC
zxEU>b>P+9Xf}pEyQK(}#QrBG4Jaf!iE!qpMbTu>gb!<Yl`oJ2Qs~OjI2pYS$miOgf
z)oSAgm*%yXC(J_2Y^|lxT(Bj@)g{NCe_$2-#(IBW(>gtdq<`@xO+roQl+S_7)!G(%
zdy)$iGmJ1cwP?F=IyyV1-$|kf|EKM3B@I&lZ%NI@VV;*mQdLWjc#t|Vbk_Q~>&O03
zIcSr$(<C;?@SJ~enHTzBdHOa_kK%x}yPPx{Y@f-N;CqfpesVsIl6V%=e>qLAINj7a
z;!||v&1D5SX#X@5jNd}jUsi-CH_Scjyht&}q2p*CJCC-`&NyXf)vD5{e!HO629D-O
z%bZelTcq=DoRX>zeWCa^RmR3*{x9;3lZ75M#S)!W0bRIFH#P6b%{|HRSZ5!!I#s)W
z_|XXZQ<0_`>b^^0Z>LU64Yg1w)8}#M^9se(OZ9~baZ7fsKFc;EtnB>kesci#>=icG
zuHdjax2^=!_(9?0l7;G7^<S6vtx8KDwD(k*-}3X}*xp2~Q1QN_ey3mFbI>-}9>Y#M
zm;9*GT~dBuYWdk49%mZM0=H#FY1)}7NE5DE_vsqrA0`?0R0q535qHjWXcl|gz9Fq$
zMKxgL;68l!<x_iqb^g3P8sp{2wKCDUTct5DGCbp|qE`>gm3y0durIr3LHv~y*ABm`
zYhQG0UW#hg@*A{&G!;$FS43}rIF$e6yRdGJWVR<}uuJ_5_8qa3xaHH^!VzUteVp;>
z<0`M>3tnY$ZFb$(`0sg93TwGyP;`9UYUWxO&CvAnSzei&ap))NcW;R`tA=y^?<xF<
zJ6D(2{U$a%*dRJ!gY>mBmG+M*&bqW5kL$V(O;(p)aEk`^ci?2Jwxu>0sy>a7+Wa9t
z5#I2<E%eUDNU#8Q4p;zdEZ`amruvh;8KRi>o;+gr^9^&km^z7>xJWbN&Ft>Vna34E
zI@BBzwX)R}K3SL?)enrDJ45QLt;-7CFJk{`cF3L4Z^CtG_r5)0)HV>BOYPIUh#D%|
zYQAu31f{bm-D*`_k7DTTr?Nkw_gY%J1cb2&TdtibY?V=|SSIOlA;|5C!2@?Y<Jt;u
zTinN{+OAB61<CH4BTDj)y{EVI$2@cXn`zQ)eM(Dbn7!)2{+OWRfGx3V-oYUR*TG>Q
z-$?G0jj^mG|MP>DmbF7}T~C$H<GM1s9vtq{ctRL%)ku?lESW6RpB$5{h>6=CpZ~hd
zZ1C|xV@=h#^~`3LSCnmI(vZ|5r3>eq5*UB)dhdy``*gKY3Eg%jSK8I-`G+OWWlD)T
zt$wSQ=||lSkiKy}YF-k}@W9EiS?)z`hK{R!dd-$BCJvBtAN-yXn3njU$MisEtp!?Q
z%Vk-*(wy9dd15(-WFw_&^tT;;IpF?ox1`Qq3-0zVTk+$W_?q}GfAQlPcrB^?&tWSI
z2BB!K=sH7FUYmXa_dcV^Z3>5z8}~W{S!$j<QUfCP%Ei_-oejKF^4Px--@10AEb&&%
zqLhV;HtP}J?mNDW`>VR_3hu_|wl2|gmRH8ftn^z@fW75*;-`;wU+<qN{VVFPa<NJ=
z%5Tc^lT;~kS#GTR;uLu{UODRC`W1CjJDdMWF)yj9vSv5?EPGCP_CvxR<KVQ-ee^@d
z78utxn{J&uQMkX-;nbX#VhJS^U-x-G%_1q+m&vwTsVtWC=)Kmk)ap=ZslgW21X=O5
zOUYhn>fY+BR_yx6BZnE5_Hn<I7^Or<lw2y==ekF86`e-dVL;X`oN4E*Ej{e$8eW~9
zFj$ec3n$^oM&ZRdR&2#v#3~m#W`~$<;051(m(Jf=zQzdK;~#$hN`0a9c`p5??@+C@
zPeVp_&;r9RRci}cJlMLHOu2?574*VcMuRULYQ*CoWVc^hl7W#;r;q5FXFB;v*<w1q
zi{_E#wde=#Y3Y}v8)x>a({jrPiubRp$jZ=T=t$hx&NeCV1!vuCcl4PJ0p0Fjp>6K}
zHkoD1gQk=P2hYcT%)cJ2Q5WuA|5_x+dX0%hnozfTF>$#Wz~X!MY>){H4#fB#7^ID*
z1*o2Hzp}?WVs&gbS?Uq(CT0sP+F)u9{xfgg6o_{8J#m;|NeJqDHhb(Q8%z8aM_qeM
zn83>d`uDd47WIuKp78JBYo2SYupGcNXIzeou^eMY`@%Bv8elZ>q~3uq#~IX)g%g;h
zoUXymEd>|kVsMky<L3uw4pRyIQ~+QjmCB$4=YE<!$u9_OyX5)x^DXq?()o#LpIr_{
zIO?ELcmdP+iNjO_aw5V<2R$&_*Wtgt*?{*59BO<nICGdup!Efyall)FLM82-s;tU+
z`gtaxwVJ>b&1l~lrE-`w(0PObapYa35DJ4Y03Jv_!DKp}0HTbOgZRM=;PSsuAJJJ1
zItc+tu9;ANG;qHaCI|T85!euhFK~VK^G2LZV1+cbzS?>ar@>emg;JTI5VAn1g5U~|
zU=p&k0OlSzc$U=s#9_uL3&n|6A1X$XvrE9vFV@`A4G#!D1QcFCeE`F2N(deJx>)*A
z$XIW0P~-NbAd=5i6`s<~(vAQX9t$dbVqc5|E|CHRtb$1(l&KSNh_t2#k_l95KnP86
z)ns_DGspv-M0z0#h2a+*oH<N$Eg|T!fN8wzNHF)Gc7@I}fYSmF)d^g^wF0>|{5~j{
zXGD=}cLrBSESQ0u$XmQlFfWMCAW<k&T{2B`kEln2DqRfPZDN&P+#r+(TzPn03tzH#
zfZ(FO3Kgg2fV;0Q;3`k}(?hYs(1K|nDvXDyprC8Oy@>aS;wKK%#aSSYK=qljBiY(s
zT$v;We24&$w=avIILsMt0%1fDyah|AlLNg#WL$Lu)tf}YfqO%+pH~QC*bZO4aM*i9
zrPF<S6~WcOg5voiOp=#CCOjOQ5ZxCpF&rHeq3`w)NFVF}U|<Kw%7oEy^g#qo@fU`k
z7>f|5!hv@XY8CzaFh*Dy9vH|2fKKr(@x}`L#9^*vOae|lk`adG#oZZAyk|TOV8`9L
zc-sQu%y1MQes&J?)a1<kKqylWyJ0*WSp~sk!X}lCj~C^Y4HkkUA|OI7dnO5uEB_Sn
z5nw!Q?T_Gh?-hoJ-b!FB>}Zc*>-P!6j-T#<nXtbx!dw(1jQMR&Y09A*Y$c3P#bZUF
zPHij<7a#URMTBzWMHL#Yo-ub+SO9jPL<BMtMGz3;MF}gxj&z7pUy2AyBKgz7ny{%D
zqRCDbK~tE;7%T;wvLI45$3>75V$lLC!TuMB(!G-+D2;XptUxymSPFI-K&0x}B1?h$
z3-9**-9!);fwyiWB5gS$i;P~c<BV-!6?l&@qSAU=WR=lflY++!@J38Tpeg_V6qv5Y
z;7xFdRMlA#q^7MactaGzUwT0VzVPi)aKpfRNDwinqUps1w*|a<0AXIdIf?nLIwr3r
zfXfMg2!SyFs+pcC>=^}5-6G@{4<?gEpU8#(0(d$R(J6j7Ne3RyjvFOR^B9MxxDc5*
zF#j;kgcn?9US|F%QG-tcXAbk}L>TWDBRDc6(M|%qa-mS`z`u9kWo{Xl_uc;hXOkRd

literal 0
HcmV?d00001

diff --git a/servlet/xml/java/contacts/gradle/wrapper/gradle-wrapper.properties b/servlet/xml/java/contacts/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 0000000..e750102
--- /dev/null
+++ b/servlet/xml/java/contacts/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.3-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
diff --git a/servlet/xml/java/contacts/gradlew b/servlet/xml/java/contacts/gradlew
new file mode 100755
index 0000000..fbd7c51
--- /dev/null
+++ b/servlet/xml/java/contacts/gradlew
@@ -0,0 +1,185 @@
+#!/usr/bin/env sh
+
+#
+# Copyright 2015 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >/dev/null
+APP_HOME="`pwd -P`"
+cd "$SAVED" >/dev/null
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn () {
+    echo "$*"
+}
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+  NONSTOP* )
+    nonstop=true
+    ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+    
+    JAVACMD=`cygpath --unix "$JAVACMD"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=`expr $i + 1`
+    done
+    case $i in
+        0) set -- ;;
+        1) set -- "$args0" ;;
+        2) set -- "$args0" "$args1" ;;
+        3) set -- "$args0" "$args1" "$args2" ;;
+        4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Escape application args
+save () {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
+}
+APP_ARGS=`save "$@"`
+
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+
+exec "$JAVACMD" "$@"
diff --git a/servlet/xml/java/contacts/gradlew.bat b/servlet/xml/java/contacts/gradlew.bat
new file mode 100644
index 0000000..a9f778a
--- /dev/null
+++ b/servlet/xml/java/contacts/gradlew.bat
@@ -0,0 +1,104 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto init
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto init
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:init
+@rem Get command-line arguments, handling Windows variants
+
+if not "%OS%" == "Windows_NT" goto win9xME_args
+
+:win9xME_args
+@rem Slurp the command line arguments.
+set CMD_LINE_ARGS=
+set _SKIP=2
+
+:win9xME_args_slurp
+if "x%~1" == "x" goto execute
+
+set CMD_LINE_ARGS=%*
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
diff --git a/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/ContactsTests.java b/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/ContactsTests.java
new file mode 100644
index 0000000..faa5583
--- /dev/null
+++ b/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/ContactsTests.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.samples;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.htmlunit.HtmlUnitDriver;
+
+import org.springframework.security.samples.pages.ContactsPage;
+import org.springframework.security.samples.pages.HomePage;
+
+/**
+ * Test for Contacts application.
+ *
+ * @author Michael Simons
+ */
+public class ContactsTests {
+
+	private WebDriver driver;
+
+	private int port;
+
+	@BeforeEach
+	void setup() {
+		this.port = Integer.parseInt(System.getProperty("app.httpPort"));
+		this.driver = new HtmlUnitDriver();
+	}
+
+	@AfterEach
+	void tearDown() {
+		this.driver.quit();
+	}
+
+	@Test
+	void accessHomePageWithUnauthenticatedUserSuccess() {
+		final HomePage homePage = HomePage.to(this.driver, this.port);
+		homePage.assertAt();
+	}
+
+	@Test
+	void authenticatedUserCanAddContacts() {
+		final String name = "Rob Winch";
+		final String email = "rob@example.com";
+
+		// @formatter:off
+		ContactsPage.accessManagePageWithUnauthenticatedUser(this.driver, this.port)
+			.sendsToLoginPage()
+				.username("rod")
+				.password("koala")
+			.submit()
+			.isAtContactsPage()
+			.addContact()
+				.name(name)
+				.email(email)
+			.submit()
+			.andHasContact(name, email)
+			.delete()
+			.andConfirmDeletion()
+			.isAtContactsPage()
+			.andContactHasBeenRemoved(name, email);
+		// @formatter:on
+	}
+
+	@Test
+	void authenticatedUserLogsOut() {
+		// @formatter:off
+		final HomePage homePage = ContactsPage.accessManagePageWithUnauthenticatedUser(this.driver, this.port)
+			.sendsToLoginPage()
+				.username("rod")
+				.password("koala")
+			.submit()
+			.isAtContactsPage()
+			.logout();
+		// @formatter:on
+		homePage.assertAt();
+
+		ContactsPage.accessManagePageWithUnauthenticatedUser(this.driver, this.port).sendsToLoginPage();
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/AddPage.java b/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/AddPage.java
new file mode 100644
index 0000000..812ee52
--- /dev/null
+++ b/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/AddPage.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.samples.pages;
+
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.PageFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * The add new contact page.
+ *
+ * @author Michael Simons
+ */
+public class AddPage {
+
+	private final WebDriver webDriver;
+
+	private final AddForm addForm;
+
+	public AddPage(WebDriver webDriver) {
+		this.webDriver = webDriver;
+		this.addForm = PageFactory.initElements(this.webDriver, AddForm.class);
+	}
+
+	AddForm addForm() {
+		assertThat(this.webDriver.getTitle()).isEqualTo("Add New Contact");
+		return this.addForm;
+	}
+
+	public static class AddForm {
+
+		private WebDriver webDriver;
+
+		private WebElement name;
+
+		private WebElement email;
+
+		@FindBy(css = "input[type=submit]")
+		private WebElement submit;
+
+		public AddForm(WebDriver webDriver) {
+			this.webDriver = webDriver;
+		}
+
+		public AddForm name(String name) {
+			this.name.sendKeys(name);
+			return this;
+		}
+
+		public AddForm email(String email) {
+			this.email.sendKeys(email);
+			return this;
+		}
+
+		public ContactsPage submit() {
+			this.submit.click();
+			return PageFactory.initElements(this.webDriver, ContactsPage.class);
+		}
+
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/ContactsPage.java b/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/ContactsPage.java
new file mode 100644
index 0000000..3de827f
--- /dev/null
+++ b/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/ContactsPage.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.samples.pages;
+
+import java.util.List;
+import java.util.function.Predicate;
+
+import org.openqa.selenium.By;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.PageFactory;
+
+import org.springframework.security.samples.pages.AddPage.AddForm;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * The contacts / manage page.
+ *
+ * @author Michael Simons
+ */
+public class ContactsPage {
+
+	public static LoginPage accessManagePageWithUnauthenticatedUser(WebDriver driver, int port) {
+		driver.get("http://localhost:" + port + "/secure/index.htm");
+		return PageFactory.initElements(driver, LoginPage.class);
+	}
+
+	private final WebDriver webDriver;
+
+	@FindBy(linkText = "Add")
+	private WebElement a;
+
+	@FindBy(css = "table tr")
+	private List<WebElement> contacts;
+
+	@FindBy(xpath = "//input[@type='submit' and @value='Logoff']")
+	private WebElement logout;
+
+	public ContactsPage(WebDriver webDriver) {
+		this.webDriver = webDriver;
+	}
+
+	public ContactsPage isAtContactsPage() {
+		assertThat(this.webDriver.getTitle()).isEqualTo("Your Contacts");
+		return this;
+	}
+
+	public AddForm addContact() {
+		this.a.click();
+		final AddPage addPage = PageFactory.initElements(this.webDriver, AddPage.class);
+		return addPage.addForm();
+	}
+
+	Predicate<WebElement> byEmail(final String val) {
+		return (e) -> e.findElements(By.xpath("td[position()=3 and normalize-space()='" + val + "']")).size() == 1;
+	}
+
+	Predicate<WebElement> byName(final String val) {
+		return (e) -> e.findElements(By.xpath("td[position()=2 and normalize-space()='" + val + "']")).size() == 1;
+	}
+
+	public DeleteContactLink andHasContact(final String name, final String email) {
+		return this.contacts.stream().filter(byEmail(email).and(byName(name)))
+				.map((e) -> e.findElement(By.cssSelector("td:nth-child(4) > a"))).findFirst()
+				.map((e) -> new DeleteContactLink(this.webDriver, e)).get();
+	}
+
+	public ContactsPage andContactHasBeenRemoved(final String name, final String email) {
+		assertThat(this.contacts.stream().filter(byEmail(email).and(byName(name))).findAny()).isEmpty();
+		return this;
+	}
+
+	public HomePage logout() {
+		this.logout.click();
+		return PageFactory.initElements(this.webDriver, HomePage.class);
+	}
+
+	public static class DeleteContactLink {
+
+		private final WebDriver webDriver;
+
+		private final WebElement a;
+
+		public DeleteContactLink(WebDriver webDriver, WebElement a) {
+			this.webDriver = webDriver;
+			this.a = a;
+		}
+
+		public DeleteConfirmationPage delete() {
+			this.a.click();
+			return PageFactory.initElements(this.webDriver, DeleteConfirmationPage.class);
+		}
+
+	}
+
+	public static class DeleteConfirmationPage {
+
+		private final WebDriver webDriver;
+
+		@FindBy(linkText = "Manage")
+		private WebElement a;
+
+		public DeleteConfirmationPage(WebDriver webDriver) {
+			this.webDriver = webDriver;
+		}
+
+		public ContactsPage andConfirmDeletion() {
+			assertThat(this.webDriver.getTitle()).isEqualTo("Deletion completed");
+			this.a.click();
+			return PageFactory.initElements(this.webDriver, ContactsPage.class);
+		}
+
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/HomePage.java b/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/HomePage.java
new file mode 100644
index 0000000..41fae8f
--- /dev/null
+++ b/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/HomePage.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.samples.pages;
+
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.PageFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * The home page.
+ *
+ * @author Michael Simons
+ */
+public class HomePage {
+
+	public static HomePage to(WebDriver driver, int port) {
+		driver.get("http://localhost:" + port + "/");
+		return PageFactory.initElements(driver, HomePage.class);
+	}
+
+	private final WebDriver webDriver;
+
+	@FindBy(css = "p")
+	private WebElement message;
+
+	@FindBy(css = "input[type=submit]")
+	private WebElement logoutButton;
+
+	public HomePage(WebDriver webDriver) {
+		this.webDriver = webDriver;
+	}
+
+	public Content assertAt() {
+		assertThat(this.webDriver.getTitle()).isEqualTo("Contacts Security Demo");
+		return PageFactory.initElements(this.webDriver, Content.class);
+	}
+
+	public LoginPage logout() {
+		this.logoutButton.submit();
+		return PageFactory.initElements(this.webDriver, LoginPage.class);
+	}
+
+	public static class Content {
+
+		@FindBy(css = "p")
+		private WebElement message;
+
+		public Content andTheUserNameIsDisplayed() {
+			assertThat(this.message.getText()).isEqualTo("Hello user");
+			return this;
+		}
+
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/LoginPage.java b/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/LoginPage.java
new file mode 100644
index 0000000..9ceff20
--- /dev/null
+++ b/servlet/xml/java/contacts/src/integTest/java/org/springframework/security/samples/pages/LoginPage.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.samples.pages;
+
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.PageFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * The login page.
+ *
+ * @author Michael Simons
+ */
+public class LoginPage {
+
+	private final WebDriver webDriver;
+
+	private final LoginForm loginForm;
+
+	public LoginPage(WebDriver webDriver) {
+		this.webDriver = webDriver;
+		this.loginForm = PageFactory.initElements(this.webDriver, LoginForm.class);
+	}
+
+	public LoginForm sendsToLoginPage() {
+		assertThat(this.webDriver.getTitle()).isEqualTo("Login");
+		return this.loginForm;
+	}
+
+	public static class LoginForm {
+
+		private WebDriver webDriver;
+
+		private WebElement username;
+
+		private WebElement password;
+
+		@FindBy(css = "input[type=submit]")
+		private WebElement submit;
+
+		public LoginForm(WebDriver webDriver) {
+			this.webDriver = webDriver;
+		}
+
+		public LoginForm username(String username) {
+			this.username.sendKeys(username);
+			return this;
+		}
+
+		public LoginForm password(String password) {
+			this.password.sendKeys(password);
+			return this;
+		}
+
+		public ContactsPage submit() {
+			this.submit.click();
+			return PageFactory.initElements(this.webDriver, ContactsPage.class);
+		}
+
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/AddDeleteContactController.java b/servlet/xml/java/contacts/src/main/java/sample/contact/AddDeleteContactController.java
new file mode 100644
index 0000000..bf69b39
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/AddDeleteContactController.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.validation.BindingResult;
+import org.springframework.validation.Validator;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ * AddDeleteContactController.
+ *
+ * @author Luke Taylor
+ * @since 3.0
+ */
+@Controller
+public class AddDeleteContactController {
+
+	@Autowired
+	private ContactManager contactManager;
+
+	private final Validator validator = new WebContactValidator();
+
+	@RequestMapping(value = "/secure/add.htm", method = RequestMethod.GET)
+	public ModelAndView addContactDisplay() {
+		return new ModelAndView("add", "webContact", new WebContact());
+	}
+
+	@InitBinder
+	public void initBinder(WebDataBinder binder) {
+		System.out.println("A binder for object: " + binder.getObjectName());
+	}
+
+	@RequestMapping(value = "/secure/add.htm", method = RequestMethod.POST)
+	public String addContact(WebContact form, BindingResult result) {
+		this.validator.validate(form, result);
+
+		if (result.hasErrors()) {
+			return "add";
+		}
+
+		Contact contact = new Contact(form.getName(), form.getEmail());
+		this.contactManager.create(contact);
+
+		return "redirect:/secure/index.htm";
+	}
+
+	@RequestMapping(value = "/secure/del.htm", method = RequestMethod.GET)
+	public ModelAndView delContact(@RequestParam("contactId") int contactId) {
+		Contact contact = this.contactManager.getById((long) contactId);
+		this.contactManager.delete(contact);
+
+		return new ModelAndView("deleted", "contact", contact);
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/AddPermission.java b/servlet/xml/java/contacts/src/main/java/sample/contact/AddPermission.java
new file mode 100644
index 0000000..93bc6c7
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/AddPermission.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import org.springframework.security.acls.domain.BasePermission;
+
+/**
+ * Model object for add permission use case.
+ *
+ * @author Ben Alex
+ */
+public class AddPermission {
+
+	private Contact contact;
+
+	private Integer permission = BasePermission.READ.getMask();
+
+	private String recipient;
+
+	public Contact getContact() {
+		return this.contact;
+	}
+
+	public Integer getPermission() {
+		return this.permission;
+	}
+
+	public String getRecipient() {
+		return this.recipient;
+	}
+
+	public void setContact(Contact contact) {
+		this.contact = contact;
+	}
+
+	public void setPermission(Integer permission) {
+		this.permission = permission;
+	}
+
+	public void setRecipient(String recipient) {
+		this.recipient = recipient;
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/AddPermissionValidator.java b/servlet/xml/java/contacts/src/main/java/sample/contact/AddPermissionValidator.java
new file mode 100644
index 0000000..9a277e3
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/AddPermissionValidator.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import org.springframework.security.acls.domain.BasePermission;
+import org.springframework.validation.Errors;
+import org.springframework.validation.ValidationUtils;
+import org.springframework.validation.Validator;
+
+/**
+ * Validates {@link AddPermission}.
+ *
+ * @author Ben Alex
+ */
+public class AddPermissionValidator implements Validator {
+
+	@SuppressWarnings("unchecked")
+	public boolean supports(Class clazz) {
+		return clazz.equals(AddPermission.class);
+	}
+
+	public void validate(Object obj, Errors errors) {
+		AddPermission addPermission = (AddPermission) obj;
+
+		ValidationUtils.rejectIfEmptyOrWhitespace(errors, "permission", "err.permission", "Permission is required. *");
+		ValidationUtils.rejectIfEmptyOrWhitespace(errors, "recipient", "err.recipient", "Recipient is required. *");
+
+		if (addPermission.getPermission() != null) {
+			int permission = addPermission.getPermission();
+
+			if ((permission != BasePermission.ADMINISTRATION.getMask()) && (permission != BasePermission.READ.getMask())
+					&& (permission != BasePermission.DELETE.getMask())) {
+				errors.rejectValue("permission", "err.permission.invalid", "The indicated permission is invalid. *");
+			}
+		}
+
+		if (addPermission.getRecipient() != null) {
+			if (addPermission.getRecipient().length() > 100) {
+				errors.rejectValue("recipient", "err.recipient.length",
+						"The recipient is too long (maximum 100 characters). *");
+			}
+		}
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/AdminPermissionController.java b/servlet/xml/java/contacts/src/main/java/sample/contact/AdminPermissionController.java
new file mode 100644
index 0000000..88830bf
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/AdminPermissionController.java
@@ -0,0 +1,176 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.MessageSource;
+import org.springframework.context.MessageSourceAware;
+import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.dao.DataAccessException;
+import org.springframework.security.acls.domain.BasePermission;
+import org.springframework.security.acls.domain.DefaultPermissionFactory;
+import org.springframework.security.acls.domain.ObjectIdentityImpl;
+import org.springframework.security.acls.domain.PermissionFactory;
+import org.springframework.security.acls.domain.PrincipalSid;
+import org.springframework.security.acls.model.Acl;
+import org.springframework.security.acls.model.AclService;
+import org.springframework.security.acls.model.Permission;
+import org.springframework.security.acls.model.Sid;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.validation.BindingResult;
+import org.springframework.validation.Validator;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.SessionAttributes;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ * Web controller to handle <tt>Permission</tt> administration functions - adding and
+ * deleting permissions for contacts.
+ *
+ * @author Luke Taylor
+ * @since 3.0
+ */
+@Controller
+@SessionAttributes("addPermission")
+public final class AdminPermissionController implements MessageSourceAware {
+
+	@Autowired
+	private AclService aclService;
+
+	@Autowired
+	private ContactManager contactManager;
+
+	private MessageSourceAccessor messages;
+
+	private final Validator addPermissionValidator = new AddPermissionValidator();
+
+	private final PermissionFactory permissionFactory = new DefaultPermissionFactory();
+
+	@RequestMapping(value = "/secure/adminPermission.htm", method = RequestMethod.GET)
+	public ModelAndView displayAdminPage(@RequestParam("contactId") int contactId) {
+		Contact contact = this.contactManager.getById((long) contactId);
+		Acl acl = this.aclService.readAclById(new ObjectIdentityImpl(contact));
+
+		Map<String, Object> model = new HashMap<>();
+		model.put("contact", contact);
+		model.put("acl", acl);
+
+		return new ModelAndView("adminPermission", "model", model);
+	}
+
+	@RequestMapping(value = "/secure/addPermission.htm", method = RequestMethod.GET)
+	public ModelAndView displayAddPermissionPageForContact(@RequestParam("contactId") long contactId) {
+		Contact contact = this.contactManager.getById(contactId);
+
+		AddPermission addPermission = new AddPermission();
+		addPermission.setContact(contact);
+
+		Map<String, Object> model = new HashMap<>();
+		model.put("addPermission", addPermission);
+		model.put("recipients", listRecipients());
+		model.put("permissions", listPermissions());
+
+		return new ModelAndView("addPermission", model);
+	}
+
+	@InitBinder("addPermission")
+	public void initBinder(WebDataBinder binder) {
+		binder.setAllowedFields("recipient", "permission");
+	}
+
+	@RequestMapping(value = "/secure/addPermission.htm", method = RequestMethod.POST)
+	public String addPermission(AddPermission addPermission, BindingResult result, ModelMap model) {
+		this.addPermissionValidator.validate(addPermission, result);
+
+		if (result.hasErrors()) {
+			model.put("recipients", listRecipients());
+			model.put("permissions", listPermissions());
+
+			return "addPermission";
+		}
+
+		PrincipalSid sid = new PrincipalSid(addPermission.getRecipient());
+		Permission permission = this.permissionFactory.buildFromMask(addPermission.getPermission());
+
+		try {
+			this.contactManager.addPermission(addPermission.getContact(), sid, permission);
+		}
+		catch (DataAccessException existingPermission) {
+			existingPermission.printStackTrace();
+			result.rejectValue("recipient", "err.recipientExistsForContact", "Addition failure.");
+
+			model.put("recipients", listRecipients());
+			model.put("permissions", listPermissions());
+			return "addPermission";
+		}
+
+		return "redirect:/secure/index.htm";
+	}
+
+	@RequestMapping("/secure/deletePermission.htm")
+	public ModelAndView deletePermission(@RequestParam("contactId") long contactId, @RequestParam("sid") String sid,
+			@RequestParam("permission") int mask) {
+
+		Contact contact = this.contactManager.getById(contactId);
+
+		Sid sidObject = new PrincipalSid(sid);
+		Permission permission = this.permissionFactory.buildFromMask(mask);
+
+		this.contactManager.deletePermission(contact, sidObject, permission);
+
+		Map<String, Object> model = new HashMap<>();
+		model.put("contact", contact);
+		model.put("sid", sidObject);
+		model.put("permission", permission);
+
+		return new ModelAndView("deletePermission", "model", model);
+	}
+
+	private Map<Integer, String> listPermissions() {
+		Map<Integer, String> map = new LinkedHashMap<>();
+		map.put(BasePermission.ADMINISTRATION.getMask(), this.messages.getMessage("select.administer", "Administer"));
+		map.put(BasePermission.READ.getMask(), this.messages.getMessage("select.read", "Read"));
+		map.put(BasePermission.DELETE.getMask(), this.messages.getMessage("select.delete", "Delete"));
+
+		return map;
+	}
+
+	private Map<String, String> listRecipients() {
+		Map<String, String> map = new LinkedHashMap<>();
+		map.put("", this.messages.getMessage("select.pleaseSelect", "-- please select --"));
+
+		for (String recipient : this.contactManager.getAllRecipients()) {
+			map.put(recipient, recipient);
+		}
+
+		return map;
+	}
+
+	public void setMessageSource(MessageSource messageSource) {
+		this.messages = new MessageSourceAccessor(messageSource);
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/ClientApplication.java b/servlet/xml/java/contacts/src/main/java/sample/contact/ClientApplication.java
new file mode 100644
index 0000000..a404666
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/ClientApplication.java
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.beans.factory.ListableBeanFactory;
+import org.springframework.context.support.FileSystemXmlApplicationContext;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.util.StopWatch;
+
+/**
+ * Demonstrates accessing the {@link ContactManager} via remoting protocols.
+ * <p>
+ * Based on Spring's JPetStore sample, written by Juergen Hoeller.
+ *
+ * @author Ben Alex
+ */
+public class ClientApplication {
+
+	private final ListableBeanFactory beanFactory;
+
+	public ClientApplication(ListableBeanFactory beanFactory) {
+		this.beanFactory = beanFactory;
+	}
+
+	public void invokeContactManager(Authentication authentication, int nrOfCalls) {
+		StopWatch stopWatch = new StopWatch(nrOfCalls + " ContactManager call(s)");
+		Map<String, ContactManager> contactServices = this.beanFactory.getBeansOfType(ContactManager.class, true, true);
+
+		SecurityContextHolder.getContext().setAuthentication(authentication);
+
+		for (Map.Entry<String, ContactManager> entry : contactServices.entrySet()) {
+			String beanName = entry.getKey();
+			ContactManager remoteContactManager = entry.getValue();
+			Object object = this.beanFactory.getBean("&" + beanName);
+
+			try {
+				System.out.println("Trying to find setUsername(String) method on: " + object.getClass().getName());
+
+				Method method = object.getClass().getMethod("setUsername", new Class[] { String.class });
+				System.out.println("Found; Trying to setUsername(String) to " + authentication.getPrincipal());
+				method.invoke(object, authentication.getPrincipal());
+			}
+			catch (NoSuchMethodException ignored) {
+				System.out.println("This client proxy factory does not have a setUsername(String) method");
+			}
+			catch (IllegalAccessException | InvocationTargetException ignored) {
+				ignored.printStackTrace();
+			}
+
+			try {
+				System.out.println("Trying to find setPassword(String) method on: " + object.getClass().getName());
+
+				Method method = object.getClass().getMethod("setPassword", new Class[] { String.class });
+				method.invoke(object, authentication.getCredentials());
+				System.out.println("Found; Trying to setPassword(String) to " + authentication.getCredentials());
+			}
+			catch (NoSuchMethodException ignored) {
+				System.out.println("This client proxy factory does not have a setPassword(String) method");
+			}
+			catch (IllegalAccessException | InvocationTargetException ignored) {
+			}
+
+			System.out.println("Calling ContactManager '" + beanName + "'");
+
+			stopWatch.start(beanName);
+
+			List<Contact> contacts = null;
+
+			for (int i = 0; i < nrOfCalls; i++) {
+				contacts = remoteContactManager.getAll();
+			}
+
+			stopWatch.stop();
+
+			if (contacts.size() != 0) {
+				for (Contact contact : contacts) {
+					System.out.println("Contact: " + contact);
+				}
+			}
+			else {
+				System.out.println("No contacts found which this user has permission to");
+			}
+
+			System.out.println();
+			System.out.println(stopWatch.prettyPrint());
+		}
+
+		SecurityContextHolder.clearContext();
+	}
+
+	public static void main(String[] args) {
+		String username = System.getProperty("username", "");
+		String password = System.getProperty("password", "");
+		String nrOfCallsString = System.getProperty("nrOfCalls", "");
+
+		if ("".equals(username) || "".equals(password)) {
+			System.out.println(
+					"You need to specify the user ID to use, the password to use, and optionally a number of calls "
+							+ "using the username, password, and nrOfCalls system properties respectively. eg for user rod, "
+							+ "use: -Dusername=rod -Dpassword=koala' for a single call per service and "
+							+ "use: -Dusername=rod -Dpassword=koala -DnrOfCalls=10 for ten calls per service.");
+			System.exit(-1);
+		}
+		else {
+			int nrOfCalls = 1;
+
+			if (!"".equals(nrOfCallsString)) {
+				nrOfCalls = Integer.parseInt(nrOfCallsString);
+			}
+
+			ListableBeanFactory beanFactory = new FileSystemXmlApplicationContext("clientContext.xml");
+			ClientApplication client = new ClientApplication(beanFactory);
+
+			client.invokeContactManager(new UsernamePasswordAuthenticationToken(username, password), nrOfCalls);
+			System.exit(0);
+		}
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/Contact.java b/servlet/xml/java/contacts/src/main/java/sample/contact/Contact.java
new file mode 100644
index 0000000..fa5361a
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/Contact.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import java.io.Serializable;
+
+/**
+ * Represents a contact.
+ *
+ * @author Ben Alex
+ */
+public class Contact implements Serializable {
+
+	private Long id;
+
+	private String email;
+
+	private String name;
+
+	public Contact(String name, String email) {
+		this.name = name;
+		this.email = email;
+	}
+
+	public Contact() {
+	}
+
+	public String getEmail() {
+		return this.email;
+	}
+
+	public Long getId() {
+		return this.id;
+	}
+
+	public String getName() {
+		return this.name;
+	}
+
+	public void setEmail(String email) {
+		this.email = email;
+	}
+
+	public void setId(Long id) {
+		this.id = id;
+	}
+
+	public void setName(String name) {
+		this.name = name;
+	}
+
+	@Override
+	public String toString() {
+		StringBuilder sb = new StringBuilder();
+		sb.append(super.toString() + ": ");
+		sb.append("Id: " + this.getId() + "; ");
+		sb.append("Name: " + this.getName() + "; ");
+		sb.append("Email: " + this.getEmail());
+
+		return sb.toString();
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/ContactDao.java b/servlet/xml/java/contacts/src/main/java/sample/contact/ContactDao.java
new file mode 100644
index 0000000..495e30f
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/ContactDao.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import java.util.List;
+
+/**
+ * Provides access to the application's persistence layer.
+ *
+ * @author Ben Alex
+ */
+public interface ContactDao {
+
+	void create(Contact contact);
+
+	void delete(Long contactId);
+
+	List<Contact> findAll();
+
+	List<String> findAllPrincipals();
+
+	List<String> findAllRoles();
+
+	Contact getById(Long id);
+
+	void update(Contact contact);
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/ContactDaoSpring.java b/servlet/xml/java/contacts/src/main/java/sample/contact/ContactDaoSpring.java
new file mode 100644
index 0000000..8b86206
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/ContactDaoSpring.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.List;
+
+import org.springframework.jdbc.core.support.JdbcDaoSupport;
+
+/**
+ * Base implementation of {@link ContactDao} that uses Spring's JdbcTemplate.
+ *
+ * @author Ben Alex
+ * @author Luke Taylor
+ */
+public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
+
+	public void create(final Contact contact) {
+		getJdbcTemplate().update("insert into contacts values (?, ?, ?)", (ps) -> {
+			ps.setLong(1, contact.getId());
+			ps.setString(2, contact.getName());
+			ps.setString(3, contact.getEmail());
+		});
+	}
+
+	public void delete(final Long contactId) {
+		getJdbcTemplate().update("delete from contacts where id = ?", (ps) -> ps.setLong(1, contactId));
+	}
+
+	public void update(final Contact contact) {
+		getJdbcTemplate().update("update contacts set contact_name = ?, address = ? where id = ?", (ps) -> {
+			ps.setString(1, contact.getName());
+			ps.setString(2, contact.getEmail());
+			ps.setLong(3, contact.getId());
+		});
+	}
+
+	public List<Contact> findAll() {
+		return getJdbcTemplate().query("select id, contact_name, email from contacts order by id",
+				(rs, rowNum) -> mapContact(rs));
+	}
+
+	public List<String> findAllPrincipals() {
+		return getJdbcTemplate().queryForList("select username from users order by username", String.class);
+	}
+
+	public List<String> findAllRoles() {
+		return getJdbcTemplate().queryForList("select distinct authority from authorities order by authority",
+				String.class);
+	}
+
+	public Contact getById(Long id) {
+		List<Contact> list = getJdbcTemplate().query(
+				"select id, contact_name, email from contacts where id = ? order by id", (rs, rowNum) -> mapContact(rs),
+				id);
+
+		if (list.size() == 0) {
+			return null;
+		}
+		else {
+			return list.get(0);
+		}
+	}
+
+	private Contact mapContact(ResultSet rs) throws SQLException {
+		Contact contact = new Contact();
+		contact.setId(rs.getLong("id"));
+		contact.setName(rs.getString("contact_name"));
+		contact.setEmail(rs.getString("email"));
+
+		return contact;
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/ContactManager.java b/servlet/xml/java/contacts/src/main/java/sample/contact/ContactManager.java
new file mode 100644
index 0000000..c090d9a
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/ContactManager.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import java.util.List;
+
+import org.springframework.security.access.prepost.PostFilter;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.acls.model.Permission;
+import org.springframework.security.acls.model.Sid;
+
+/**
+ * Interface for the application's services layer.
+ *
+ * @author Ben Alex
+ */
+public interface ContactManager {
+
+	@PreAuthorize("hasPermission(#contact, admin)")
+	void addPermission(Contact contact, Sid recipient, Permission permission);
+
+	@PreAuthorize("hasPermission(#contact, admin)")
+	void deletePermission(Contact contact, Sid recipient, Permission permission);
+
+	@PreAuthorize("hasRole('ROLE_USER')")
+	void create(Contact contact);
+
+	@PreAuthorize("hasPermission(#contact, 'delete') or hasPermission(#contact, admin)")
+	void delete(Contact contact);
+
+	@PreAuthorize("hasRole('ROLE_USER')")
+	@PostFilter("hasPermission(filterObject, 'read') or hasPermission(filterObject, admin)")
+	List<Contact> getAll();
+
+	@PreAuthorize("hasRole('ROLE_USER')")
+	List<String> getAllRecipients();
+
+	@PreAuthorize("hasPermission(#id, 'sample.contact.Contact', read) or "
+			+ "hasPermission(#id, 'sample.contact.Contact', admin)")
+	Contact getById(Long id);
+
+	Contact getRandomContact();
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/ContactManagerBackend.java b/servlet/xml/java/contacts/src/main/java/sample/contact/ContactManagerBackend.java
new file mode 100644
index 0000000..98efea5
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/ContactManagerBackend.java
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import java.util.List;
+import java.util.Random;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.support.ApplicationObjectSupport;
+import org.springframework.security.acls.domain.BasePermission;
+import org.springframework.security.acls.domain.ObjectIdentityImpl;
+import org.springframework.security.acls.domain.PrincipalSid;
+import org.springframework.security.acls.model.AccessControlEntry;
+import org.springframework.security.acls.model.MutableAcl;
+import org.springframework.security.acls.model.MutableAclService;
+import org.springframework.security.acls.model.NotFoundException;
+import org.springframework.security.acls.model.ObjectIdentity;
+import org.springframework.security.acls.model.Permission;
+import org.springframework.security.acls.model.Sid;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.Assert;
+
+/**
+ * Concrete implementation of {@link ContactManager}.
+ *
+ * @author Ben Alex
+ */
+@Transactional
+public class ContactManagerBackend extends ApplicationObjectSupport implements ContactManager, InitializingBean {
+
+	private ContactDao contactDao;
+
+	private MutableAclService mutableAclService;
+
+	private int counter = 1000;
+
+	public void afterPropertiesSet() {
+		Assert.notNull(this.contactDao, "contactDao required");
+		Assert.notNull(this.mutableAclService, "mutableAclService required");
+	}
+
+	public void addPermission(Contact contact, Sid recipient, Permission permission) {
+		MutableAcl acl;
+		ObjectIdentity oid = new ObjectIdentityImpl(Contact.class, contact.getId());
+
+		try {
+			acl = (MutableAcl) this.mutableAclService.readAclById(oid);
+		}
+		catch (NotFoundException nfe) {
+			acl = this.mutableAclService.createAcl(oid);
+		}
+
+		acl.insertAce(acl.getEntries().size(), permission, recipient, true);
+		this.mutableAclService.updateAcl(acl);
+
+		logger.debug("Added permission " + permission + " for Sid " + recipient + " contact " + contact);
+	}
+
+	public void create(Contact contact) {
+		// Create the Contact itself
+		contact.setId((long) this.counter++);
+		this.contactDao.create(contact);
+
+		// Grant the current principal administrative permission to the contact
+		addPermission(contact, new PrincipalSid(getUsername()), BasePermission.ADMINISTRATION);
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("Created contact " + contact + " and granted admin permission to recipient " + getUsername());
+		}
+	}
+
+	public void delete(Contact contact) {
+		this.contactDao.delete(contact.getId());
+
+		// Delete the ACL information as well
+		ObjectIdentity oid = new ObjectIdentityImpl(Contact.class, contact.getId());
+		this.mutableAclService.deleteAcl(oid, false);
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("Deleted contact " + contact + " including ACL permissions");
+		}
+	}
+
+	public void deletePermission(Contact contact, Sid recipient, Permission permission) {
+		ObjectIdentity oid = new ObjectIdentityImpl(Contact.class, contact.getId());
+		MutableAcl acl = (MutableAcl) this.mutableAclService.readAclById(oid);
+
+		// Remove all permissions associated with this particular recipient (string
+		// equality to KISS)
+		List<AccessControlEntry> entries = acl.getEntries();
+
+		for (int i = 0; i < entries.size(); i++) {
+			if (entries.get(i).getSid().equals(recipient) && entries.get(i).getPermission().equals(permission)) {
+				acl.deleteAce(i);
+			}
+		}
+
+		this.mutableAclService.updateAcl(acl);
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("Deleted contact " + contact + " ACL permissions for recipient " + recipient);
+		}
+	}
+
+	@Transactional(readOnly = true)
+	public List<Contact> getAll() {
+		logger.debug("Returning all contacts");
+
+		return this.contactDao.findAll();
+	}
+
+	@Transactional(readOnly = true)
+	public List<String> getAllRecipients() {
+		logger.debug("Returning all recipients");
+
+		return this.contactDao.findAllPrincipals();
+	}
+
+	@Transactional(readOnly = true)
+	public Contact getById(Long id) {
+		if (logger.isDebugEnabled()) {
+			logger.debug("Returning contact with id: " + id);
+		}
+
+		return this.contactDao.getById(id);
+	}
+
+	@Transactional(readOnly = true)
+	public Contact getRandomContact() {
+		logger.debug("Returning random contact");
+
+		Random rnd = new Random();
+		List<Contact> contacts = this.contactDao.findAll();
+		int getNumber = rnd.nextInt(contacts.size());
+
+		return contacts.get(getNumber);
+	}
+
+	protected String getUsername() {
+		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+
+		if (auth.getPrincipal() instanceof UserDetails) {
+			return ((UserDetails) auth.getPrincipal()).getUsername();
+		}
+		else {
+			return auth.getPrincipal().toString();
+		}
+	}
+
+	public void setContactDao(ContactDao contactDao) {
+		this.contactDao = contactDao;
+	}
+
+	public void setMutableAclService(MutableAclService mutableAclService) {
+		this.mutableAclService = mutableAclService;
+	}
+
+	public void update(Contact contact) {
+		this.contactDao.update(contact);
+
+		logger.debug("Updated contact " + contact);
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/DataSourcePopulator.java b/servlet/xml/java/contacts/src/main/java/sample/contact/DataSourcePopulator.java
new file mode 100644
index 0000000..d064d95
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/DataSourcePopulator.java
@@ -0,0 +1,279 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import java.util.Random;
+
+import javax.sql.DataSource;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.security.acls.domain.AclImpl;
+import org.springframework.security.acls.domain.BasePermission;
+import org.springframework.security.acls.domain.ObjectIdentityImpl;
+import org.springframework.security.acls.domain.PrincipalSid;
+import org.springframework.security.acls.model.MutableAcl;
+import org.springframework.security.acls.model.MutableAclService;
+import org.springframework.security.acls.model.ObjectIdentity;
+import org.springframework.security.acls.model.Permission;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.support.TransactionTemplate;
+import org.springframework.util.Assert;
+
+/**
+ * Populates the Contacts in-memory database with contact and ACL information.
+ *
+ * @author Ben Alex
+ */
+public class DataSourcePopulator implements InitializingBean {
+
+	JdbcTemplate template;
+
+	private MutableAclService mutableAclService;
+
+	final Random rnd = new Random();
+
+	TransactionTemplate tt;
+
+	final String[] firstNames = { "Bob", "Mary", "James", "Jane", "Kristy", "Kirsty", "Kate", "Jeni", "Angela",
+			"Melanie", "Kent", "William", "Geoff", "Jeff", "Adrian", "Amanda", "Lisa", "Elizabeth", "Prue", "Richard",
+			"Darin", "Phillip", "Michael", "Belinda", "Samantha", "Brian", "Greg", "Matthew" };
+
+	final String[] lastNames = { "Smith", "Williams", "Jackson", "Rictor", "Nelson", "Fitzgerald", "McAlpine",
+			"Sutherland", "Abbott", "Hall", "Edwards", "Gates", "Black", "Brown", "Gray", "Marwell", "Booch", "Johnson",
+			"McTaggart", "Parklin", "Findlay", "Robinson", "Giugni", "Lang", "Chi", "Carmichael" };
+
+	private int createEntities = 50;
+
+	public void afterPropertiesSet() {
+		Assert.notNull(this.mutableAclService, "mutableAclService required");
+		Assert.notNull(this.template, "dataSource required");
+		Assert.notNull(this.tt, "platformTransactionManager required");
+
+		// Set a user account that will initially own all the created data
+		Authentication authRequest = new UsernamePasswordAuthenticationToken("rod", "koala",
+				AuthorityUtils.createAuthorityList("ROLE_IGNORED"));
+		SecurityContextHolder.getContext().setAuthentication(authRequest);
+
+		try {
+			this.template.execute("DROP TABLE CONTACTS");
+			this.template.execute("DROP TABLE AUTHORITIES");
+			this.template.execute("DROP TABLE USERS");
+			this.template.execute("DROP TABLE ACL_ENTRY");
+			this.template.execute("DROP TABLE ACL_OBJECT_IDENTITY");
+			this.template.execute("DROP TABLE ACL_CLASS");
+			this.template.execute("DROP TABLE ACL_SID");
+		}
+		catch (Exception ex) {
+			System.out.println("Failed to drop tables: " + ex.getMessage());
+		}
+
+		this.template.execute("CREATE TABLE ACL_SID("
+				+ "ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,"
+				+ "PRINCIPAL BOOLEAN NOT NULL," + "SID VARCHAR_IGNORECASE(100) NOT NULL,"
+				+ "CONSTRAINT UNIQUE_UK_1 UNIQUE(SID,PRINCIPAL));");
+		this.template.execute("CREATE TABLE ACL_CLASS("
+				+ "ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,"
+				+ "CLASS VARCHAR_IGNORECASE(100) NOT NULL," + "CLASS_ID_TYPE VARCHAR_IGNORECASE(100),"
+				+ "CONSTRAINT UNIQUE_UK_2 UNIQUE(CLASS));");
+		this.template.execute("CREATE TABLE ACL_OBJECT_IDENTITY("
+				+ "ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,"
+				+ "OBJECT_ID_CLASS BIGINT NOT NULL," + "OBJECT_ID_IDENTITY VARCHAR_IGNORECASE(36) NOT NULL,"
+				+ "PARENT_OBJECT BIGINT," + "OWNER_SID BIGINT," + "ENTRIES_INHERITING BOOLEAN NOT NULL,"
+				+ "CONSTRAINT UNIQUE_UK_3 UNIQUE(OBJECT_ID_CLASS,OBJECT_ID_IDENTITY),"
+				+ "CONSTRAINT FOREIGN_FK_1 FOREIGN KEY(PARENT_OBJECT)REFERENCES ACL_OBJECT_IDENTITY(ID),"
+				+ "CONSTRAINT FOREIGN_FK_2 FOREIGN KEY(OBJECT_ID_CLASS)REFERENCES ACL_CLASS(ID),"
+				+ "CONSTRAINT FOREIGN_FK_3 FOREIGN KEY(OWNER_SID)REFERENCES ACL_SID(ID));");
+		this.template.execute("CREATE TABLE ACL_ENTRY("
+				+ "ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,"
+				+ "ACL_OBJECT_IDENTITY BIGINT NOT NULL,ACE_ORDER INT NOT NULL,SID BIGINT NOT NULL,"
+				+ "MASK INTEGER NOT NULL,GRANTING BOOLEAN NOT NULL,AUDIT_SUCCESS BOOLEAN NOT NULL,"
+				+ "AUDIT_FAILURE BOOLEAN NOT NULL,CONSTRAINT UNIQUE_UK_4 UNIQUE(ACL_OBJECT_IDENTITY,ACE_ORDER),"
+				+ "CONSTRAINT FOREIGN_FK_4 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID),"
+				+ "CONSTRAINT FOREIGN_FK_5 FOREIGN KEY(SID) REFERENCES ACL_SID(ID));");
+
+		this.template.execute(
+				"CREATE TABLE USERS(USERNAME VARCHAR_IGNORECASE(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR_IGNORECASE(500) NOT NULL,ENABLED BOOLEAN NOT NULL);");
+		this.template.execute(
+				"CREATE TABLE AUTHORITIES(USERNAME VARCHAR_IGNORECASE(50) NOT NULL,AUTHORITY VARCHAR_IGNORECASE(50) NOT NULL,CONSTRAINT FK_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME));");
+		this.template.execute("CREATE UNIQUE INDEX IX_AUTH_USERNAME ON AUTHORITIES(USERNAME,AUTHORITY);");
+
+		this.template.execute(
+				"CREATE TABLE CONTACTS(ID BIGINT NOT NULL PRIMARY KEY, CONTACT_NAME VARCHAR_IGNORECASE(50) NOT NULL, EMAIL VARCHAR_IGNORECASE(50) NOT NULL)");
+
+		/*
+		 * Passwords encoded using MD5, NOT in Base64 format, with null as salt Encoded
+		 * password for rod is "koala" Encoded password for dianne is "emu" Encoded
+		 * password for scott is "wombat" Encoded password for peter is "opal" (but user
+		 * is disabled) Encoded password for bill is "wombat" Encoded password for bob is
+		 * "wombat" Encoded password for jane is "wombat"
+		 */
+		this.template.execute(
+				"INSERT INTO USERS VALUES('rod','$2a$10$75pBjapg4Nl8Pzd.3JRnUe7PDJmk9qBGwNEJDAlA3V.dEJxcDKn5O',TRUE);");
+		this.template.execute(
+				"INSERT INTO USERS VALUES('dianne','$2a$04$bCMEyxrdF/7sgfUiUJ6Ose2vh9DAMaVBldS1Bw2fhi1jgutZrr9zm',TRUE);");
+		this.template.execute(
+				"INSERT INTO USERS VALUES('scott','$2a$06$eChwvzAu3TSexnC3ynw4LOSw1qiEbtNItNeYv5uI40w1i3paoSfLu',TRUE);");
+		this.template.execute(
+				"INSERT INTO USERS VALUES('peter','$2a$04$8.H8bCMROLF4CIgd7IpeQ.tcBXLP5w8iplO0n.kCIkISwrIgX28Ii',FALSE);");
+		this.template.execute(
+				"INSERT INTO USERS VALUES('bill','$2a$04$8.H8bCMROLF4CIgd7IpeQ.3khQlPVNWbp8kzSQqidQHGFurim7P8O',TRUE);");
+		this.template.execute(
+				"INSERT INTO USERS VALUES('bob','$2a$06$zMgxlMf01SfYNcdx7n4NpeFlAGU8apCETz/i2C7VlYWu6IcNyn4Ay',TRUE);");
+		this.template.execute(
+				"INSERT INTO USERS VALUES('jane','$2a$05$ZrdS7yMhCZ1J.AAidXZhCOxdjD8LO/dhlv4FJzkXA6xh9gdEbBT/u',TRUE);");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_USER');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_SUPERVISOR');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('dianne','ROLE_USER');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('scott','ROLE_USER');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('peter','ROLE_USER');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('bill','ROLE_USER');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('bob','ROLE_USER');");
+		this.template.execute("INSERT INTO AUTHORITIES VALUES('jane','ROLE_USER');");
+
+		this.template.execute("INSERT INTO contacts VALUES (1, 'John Smith', 'john@somewhere.com');");
+		this.template.execute("INSERT INTO contacts VALUES (2, 'Michael Citizen', 'michael@xyz.com');");
+		this.template.execute("INSERT INTO contacts VALUES (3, 'Joe Bloggs', 'joe@demo.com');");
+		this.template.execute("INSERT INTO contacts VALUES (4, 'Karen Sutherland', 'karen@sutherland.com');");
+		this.template.execute("INSERT INTO contacts VALUES (5, 'Mitchell Howard', 'mitchell@abcdef.com');");
+		this.template.execute("INSERT INTO contacts VALUES (6, 'Rose Costas', 'rose@xyz.com');");
+		this.template.execute("INSERT INTO contacts VALUES (7, 'Amanda Smith', 'amanda@abcdef.com');");
+		this.template.execute("INSERT INTO contacts VALUES (8, 'Cindy Smith', 'cindy@smith.com');");
+		this.template.execute("INSERT INTO contacts VALUES (9, 'Jonathan Citizen', 'jonathan@xyz.com');");
+
+		for (int i = 10; i < this.createEntities; i++) {
+			String[] person = selectPerson();
+			this.template.execute("INSERT INTO contacts VALUES (" + i + ", '" + person[2] + "', '"
+					+ person[0].toLowerCase() + "@" + person[1].toLowerCase() + ".com');");
+		}
+
+		// Create acl_object_identity rows (and also acl_class rows as needed
+		for (int i = 1; i < this.createEntities; i++) {
+			final ObjectIdentity objectIdentity = new ObjectIdentityImpl(Contact.class, (long) i);
+			this.tt.execute((arg0) -> {
+				this.mutableAclService.createAcl(objectIdentity);
+
+				return null;
+			});
+		}
+
+		// Now grant some permissions
+		grantPermissions(1, "rod", BasePermission.ADMINISTRATION);
+		grantPermissions(2, "rod", BasePermission.READ);
+		grantPermissions(3, "rod", BasePermission.READ);
+		grantPermissions(3, "rod", BasePermission.WRITE);
+		grantPermissions(3, "rod", BasePermission.DELETE);
+		grantPermissions(4, "rod", BasePermission.ADMINISTRATION);
+		grantPermissions(4, "dianne", BasePermission.ADMINISTRATION);
+		grantPermissions(4, "scott", BasePermission.READ);
+		grantPermissions(5, "dianne", BasePermission.ADMINISTRATION);
+		grantPermissions(5, "dianne", BasePermission.READ);
+		grantPermissions(6, "dianne", BasePermission.READ);
+		grantPermissions(6, "dianne", BasePermission.WRITE);
+		grantPermissions(6, "dianne", BasePermission.DELETE);
+		grantPermissions(6, "scott", BasePermission.READ);
+		grantPermissions(7, "scott", BasePermission.ADMINISTRATION);
+		grantPermissions(8, "dianne", BasePermission.ADMINISTRATION);
+		grantPermissions(8, "dianne", BasePermission.READ);
+		grantPermissions(8, "scott", BasePermission.READ);
+		grantPermissions(9, "scott", BasePermission.ADMINISTRATION);
+		grantPermissions(9, "scott", BasePermission.READ);
+		grantPermissions(9, "scott", BasePermission.WRITE);
+		grantPermissions(9, "scott", BasePermission.DELETE);
+
+		// Now expressly change the owner of the first ten contacts
+		// We have to do this last, because "rod" owns all of them (doing it sooner would
+		// prevent ACL updates)
+		// Note that ownership has no impact on permissions - they're separate (ownership
+		// only allows ACl editing)
+		changeOwner(5, "dianne");
+		changeOwner(6, "dianne");
+		changeOwner(7, "scott");
+		changeOwner(8, "dianne");
+		changeOwner(9, "scott");
+
+		String[] users = { "bill", "bob", "jane" }; // don't want to mess around with
+													// consistent sample data
+		Permission[] permissions = { BasePermission.ADMINISTRATION, BasePermission.READ, BasePermission.DELETE };
+
+		for (int i = 10; i < this.createEntities; i++) {
+			String user = users[this.rnd.nextInt(users.length)];
+			Permission permission = permissions[this.rnd.nextInt(permissions.length)];
+			grantPermissions(i, user, permission);
+
+			String user2 = users[this.rnd.nextInt(users.length)];
+			Permission permission2 = permissions[this.rnd.nextInt(permissions.length)];
+			grantPermissions(i, user2, permission2);
+		}
+
+		SecurityContextHolder.clearContext();
+	}
+
+	private void changeOwner(int contactNumber, String newOwnerUsername) {
+		AclImpl acl = (AclImpl) this.mutableAclService
+				.readAclById(new ObjectIdentityImpl(Contact.class, (long) contactNumber));
+		acl.setOwner(new PrincipalSid(newOwnerUsername));
+		updateAclInTransaction(acl);
+	}
+
+	public int getCreateEntities() {
+		return this.createEntities;
+	}
+
+	private void grantPermissions(int contactNumber, String recipientUsername, Permission permission) {
+		AclImpl acl = (AclImpl) this.mutableAclService
+				.readAclById(new ObjectIdentityImpl(Contact.class, (long) contactNumber));
+		acl.insertAce(acl.getEntries().size(), permission, new PrincipalSid(recipientUsername), true);
+		updateAclInTransaction(acl);
+	}
+
+	private String[] selectPerson() {
+		String firstName = this.firstNames[this.rnd.nextInt(this.firstNames.length)];
+		String lastName = this.lastNames[this.rnd.nextInt(this.lastNames.length)];
+
+		return new String[] { firstName, lastName, firstName + " " + lastName };
+	}
+
+	public void setCreateEntities(int createEntities) {
+		this.createEntities = createEntities;
+	}
+
+	public void setDataSource(DataSource dataSource) {
+		this.template = new JdbcTemplate(dataSource);
+	}
+
+	public void setMutableAclService(MutableAclService mutableAclService) {
+		this.mutableAclService = mutableAclService;
+	}
+
+	public void setPlatformTransactionManager(PlatformTransactionManager platformTransactionManager) {
+		this.tt = new TransactionTemplate(platformTransactionManager);
+	}
+
+	private void updateAclInTransaction(final MutableAcl acl) {
+		this.tt.execute((arg0) -> {
+			this.mutableAclService.updateAcl(acl);
+
+			return null;
+		});
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/IndexController.java b/servlet/xml/java/contacts/src/main/java/sample/contact/IndexController.java
new file mode 100644
index 0000000..9dffd12
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/IndexController.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.PermissionEvaluator;
+import org.springframework.security.acls.AclPermissionEvaluator;
+import org.springframework.security.acls.domain.BasePermission;
+import org.springframework.security.acls.model.Permission;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ * Controller which handles simple, single request use cases such as index pages and
+ * contact deletion.
+ *
+ * @author Luke Taylor
+ * @since 3.0
+ */
+@Controller
+public class IndexController {
+
+	private static final Permission[] HAS_DELETE = new Permission[] { BasePermission.DELETE,
+			BasePermission.ADMINISTRATION };
+
+	private static final Permission[] HAS_ADMIN = new Permission[] { BasePermission.ADMINISTRATION };
+
+	@Autowired
+	private ContactManager contactManager;
+
+	@Autowired
+	private PermissionEvaluator permissionEvaluator;
+
+	/**
+	 * The public index page, used for unauthenticated users.
+	 * @return the public index page
+	 */
+	@RequestMapping(value = "/hello.htm", method = RequestMethod.GET)
+	public ModelAndView displayPublicIndex() {
+		Contact rnd = this.contactManager.getRandomContact();
+
+		return new ModelAndView("hello", "contact", rnd);
+	}
+
+	/**
+	 * The index page for an authenticated user.
+	 * <p>
+	 * This controller displays a list of all the contacts for which the current user has
+	 * read or admin permissions. It makes a call to {@link ContactManager#getAll()} which
+	 * automatically filters the returned list using Spring Security's ACL mechanism (see
+	 * the expression annotations on this interface for the details).
+	 * <p>
+	 * In addition to rendering the list of contacts, the view will also include a "Del"
+	 * or "Admin" link beside the contact, depending on whether the user has the
+	 * corresponding permissions (admin permission is assumed to imply delete here). This
+	 * information is stored in the model using the injected {@link PermissionEvaluator}
+	 * instance. The implementation should be an instance of
+	 * {@link AclPermissionEvaluator} or one which is compatible with Spring Security's
+	 * ACL module.
+	 * @return index page
+	 */
+	@RequestMapping(value = "/secure/index.htm", method = RequestMethod.GET)
+	public ModelAndView displayUserContacts() {
+		List<Contact> myContactsList = this.contactManager.getAll();
+		Map<Contact, Boolean> hasDelete = new HashMap<>(myContactsList.size());
+		Map<Contact, Boolean> hasAdmin = new HashMap<>(myContactsList.size());
+
+		Authentication user = SecurityContextHolder.getContext().getAuthentication();
+
+		for (Contact contact : myContactsList) {
+			hasDelete.put(contact, this.permissionEvaluator.hasPermission(user, contact, HAS_DELETE));
+			hasAdmin.put(contact, this.permissionEvaluator.hasPermission(user, contact, HAS_ADMIN));
+		}
+
+		Map<String, Object> model = new HashMap<>();
+		model.put("contacts", myContactsList);
+		model.put("hasDeletePermission", hasDelete);
+		model.put("hasAdminPermission", hasAdmin);
+
+		return new ModelAndView("index", "model", model);
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/WebContact.java b/servlet/xml/java/contacts/src/main/java/sample/contact/WebContact.java
new file mode 100644
index 0000000..d2496f7
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/WebContact.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+/**
+ * An object that represents user-editable sections of a {@link Contact}.
+ *
+ * @author Ben Alex
+ */
+public class WebContact {
+
+	private String email;
+
+	private String name;
+
+	public String getEmail() {
+		return this.email;
+	}
+
+	public String getName() {
+		return this.name;
+	}
+
+	public void setEmail(String email) {
+		this.email = email;
+	}
+
+	public void setName(String name) {
+		this.name = name;
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/main/java/sample/contact/WebContactValidator.java b/servlet/xml/java/contacts/src/main/java/sample/contact/WebContactValidator.java
new file mode 100644
index 0000000..4033ec1
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/java/sample/contact/WebContactValidator.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import org.springframework.validation.Errors;
+import org.springframework.validation.Validator;
+
+/**
+ * Validates {@link WebContact}.
+ *
+ * @author Ben Alex
+ */
+public class WebContactValidator implements Validator {
+
+	@SuppressWarnings("unchecked")
+	public boolean supports(Class clazz) {
+		return clazz.equals(WebContact.class);
+	}
+
+	public void validate(Object obj, Errors errors) {
+		WebContact wc = (WebContact) obj;
+
+		if ((wc.getName() == null) || (wc.getName().length() < 3) || (wc.getName().length() > 50)) {
+			errors.rejectValue("name", "err.name", "Name 3-50 characters is required. *");
+		}
+
+		if ((wc.getEmail() == null) || (wc.getEmail().length() < 3) || (wc.getEmail().length() > 50)) {
+			errors.rejectValue("email", "err.email", "Email 3-50 characters is required. *");
+		}
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/main/resources/applicationContext-common-authorization.xml b/servlet/xml/java/contacts/src/main/resources/applicationContext-common-authorization.xml
new file mode 100644
index 0000000..92bee0e
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/resources/applicationContext-common-authorization.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">
+
+<!--
+  - Application context containing the ACL beans.
+  -
+  -->
+
+  <!-- ========= ACL SERVICE  DEFINITIONS ========= -->
+	
+	<bean id="cacheManager" class="org.springframework.cache.concurrent.ConcurrentMapCacheManager"/>
+	
+	<bean id="userCacheBackend" class="org.springframework.cache.concurrent.ConcurrentMapCache">
+		<constructor-arg name="name" value="userCache"/>
+	</bean>
+
+  <bean id="aclCache" class="org.springframework.security.acls.domain.SpringCacheBasedAclCache">
+		<constructor-arg name="cache" ref="userCacheBackend"/>
+		<constructor-arg>
+			<bean class="org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy">
+				<constructor-arg>
+					<bean class="org.springframework.security.acls.domain.ConsoleAuditLogger"/>
+				</constructor-arg>
+			</bean>
+		</constructor-arg>
+		<constructor-arg>
+			<bean class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
+				<constructor-arg>
+					<list>
+						<bean class="org.springframework.security.core.authority.SimpleGrantedAuthority">
+							<constructor-arg value="ROLE_ACL_ADMIN"/>
+						</bean>
+					</list>
+				</constructor-arg>
+			</bean>
+		</constructor-arg>
+  </bean>
+
+  <bean id="lookupStrategy" class="org.springframework.security.acls.jdbc.BasicLookupStrategy">
+	<constructor-arg ref="dataSource"/>
+	<constructor-arg ref="aclCache"/>
+	<constructor-arg>
+		<bean class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
+			<constructor-arg>
+				<bean class="org.springframework.security.core.authority.SimpleGrantedAuthority">
+					<constructor-arg value="ROLE_ADMINISTRATOR"/>
+				</bean>
+			</constructor-arg>
+		</bean>
+	</constructor-arg>
+	<constructor-arg>
+	  <bean class="org.springframework.security.acls.domain.ConsoleAuditLogger"/>
+	</constructor-arg>
+  </bean>
+
+  <bean id="aclService" class="org.springframework.security.acls.jdbc.JdbcMutableAclService">
+	<constructor-arg ref="dataSource"/>
+	<constructor-arg ref="lookupStrategy"/>
+	<constructor-arg ref="aclCache"/>
+  </bean>
+
+</beans>
diff --git a/servlet/xml/java/contacts/src/main/resources/applicationContext-common-business.xml b/servlet/xml/java/contacts/src/main/resources/applicationContext-common-business.xml
new file mode 100644
index 0000000..28ebc0a
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/resources/applicationContext-common-business.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  - Application context containing business beans.
+  -
+  - Used by all artifacts.
+  -
+  -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
+						http://www.springframework.org/schema/tx https://www.springframework.org/schema/tx/spring-tx.xsd">
+
+	<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
+		<property name="basename" value="classpath:org/springframework/security/messages"/>
+	</bean>
+
+	<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
+		<property name="driverClassName" value="org.hsqldb.jdbcDriver"/>
+		<property name="url" value="jdbc:hsqldb:mem:test"/>
+		<!-- <value>jdbc:hsqldb:hsql://localhost/acl</value> -->
+		<property name="username" value="sa"/>
+		<property name="password" value=""/>
+	</bean>
+
+	<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
+		<property name="dataSource" ref="dataSource"/>
+	</bean>
+
+	<tx:annotation-driven transaction-manager="transactionManager" />
+
+	<bean id="dataSourcePopulator" class="sample.contact.DataSourcePopulator">
+		<property name="dataSource" ref="dataSource"/>
+		<property name="mutableAclService" ref="aclService"/>
+		<property name="platformTransactionManager" ref="transactionManager"/>
+	</bean>
+
+	<bean id="contactManager" class="sample.contact.ContactManagerBackend">
+	   <property name="contactDao">
+			<bean class="sample.contact.ContactDaoSpring">
+			   <property name="dataSource" ref="dataSource"/>
+			</bean>
+		</property>
+		<property name="mutableAclService" ref="aclService"/>
+   </bean>
+
+</beans>
diff --git a/servlet/xml/java/contacts/src/main/resources/applicationContext-security.xml b/servlet/xml/java/contacts/src/main/resources/applicationContext-security.xml
new file mode 100644
index 0000000..40ff543
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/resources/applicationContext-security.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  - Application context containing authentication, channel
+  - security and web URI beans.
+  -
+  - Only used by "filter" artifact.
+  -
+  -->
+
+<b:beans xmlns="http://www.springframework.org/schema/security"
+	xmlns:b="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
+						http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">
+
+	<global-method-security pre-post-annotations="enabled">
+		<expression-handler ref="expressionHandler"/>
+	</global-method-security>
+
+	<http realm="Contacts Realm" use-expressions="false">
+		<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
+		<intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
+		<intercept-url pattern="/hello.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
+		<intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
+		<intercept-url pattern="/switchuser.jsp" access="ROLE_SUPERVISOR"/>
+		<intercept-url pattern="/login/impersonate" access="ROLE_SUPERVISOR"/>
+		<intercept-url pattern="/**" access="ROLE_USER"/>
+
+		<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1"/>
+		<http-basic/>
+		<logout logout-success-url="/index.jsp"/>
+		<remember-me />
+		<headers/>
+		<csrf/>
+		<custom-filter ref="switchUserProcessingFilter" position="SWITCH_USER_FILTER"/>
+	</http>
+
+	<b:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
+
+	<authentication-manager>
+		<authentication-provider>
+		   <password-encoder ref="encoder"/>
+		   <jdbc-user-service data-source-ref="dataSource"/>
+		</authentication-provider>
+	</authentication-manager>
+
+	<!-- Automatically receives AuthenticationEvent messages -->
+	<b:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
+
+	<!-- Filter used to switch the user context. Note: the switch and exit url must be secured
+		based on the role granted the ability to 'switch' to another user -->
+	<!-- In this example 'rod' has ROLE_SUPERVISOR that can switch to regular ROLE_USER(s) -->
+	<b:bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter" autowire="byType">
+	   <b:property name="targetUrl" value="/secure/index.htm"/>
+	</b:bean>
+
+	<b:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
+		<b:property name="permissionEvaluator" ref="permissionEvaluator"/>
+		<b:property name="permissionCacheOptimizer">
+			<b:bean class="org.springframework.security.acls.AclPermissionCacheOptimizer">
+				<b:constructor-arg ref="aclService"/>
+			</b:bean>
+		</b:property>
+	</b:bean>
+
+	<b:bean id="permissionEvaluator" class="org.springframework.security.acls.AclPermissionEvaluator">
+		<b:constructor-arg ref="aclService"/>
+	</b:bean>
+
+</b:beans>
diff --git a/servlet/xml/java/contacts/src/main/resources/logback.xml b/servlet/xml/java/contacts/src/main/resources/logback.xml
new file mode 100644
index 0000000..993a0bf
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/resources/logback.xml
@@ -0,0 +1,14 @@
+<configuration>
+	<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+	<encoder>
+		<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+	</encoder>
+	</appender>
+
+<!--	 <logger name="org.springframework.security" level="TRACE"/>-->
+
+	<root level="WARN">
+	<appender-ref ref="STDOUT" />
+	</root>
+
+</configuration>
diff --git a/servlet/xml/java/contacts/src/main/resources/messages.properties b/servlet/xml/java/contacts/src/main/resources/messages.properties
new file mode 100644
index 0000000..058905c
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/resources/messages.properties
@@ -0,0 +1,6 @@
+err.name=Name 3-50 characters is required.
+err.email=Email 3-50 characters is required.
+err.permission=Permission is required.
+err.recipient=Recipient is required.
+err.permission.invalid=The indicated permission is invalid.
+err.recipient.length=The recipient is too long (maximum 100 characters).
\ No newline at end of file
diff --git a/servlet/xml/java/contacts/src/main/webapp/WEB-INF/contacts-servlet.xml b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/contacts-servlet.xml
new file mode 100644
index 0000000..1ec14d6
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/contacts-servlet.xml
@@ -0,0 +1,26 @@
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:mvc="http://www.springframework.org/schema/mvc"
+	xsi:schemaLocation="http://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsd
+		http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd">
+
+	<!-- ========================== WEB DEFINITIONS ======================= -->
+
+	<context:component-scan base-package="sample.contact"/>
+	<context:annotation-config />
+
+	<mvc:annotation-driven/>
+	<mvc:view-controller path="/frames.htm" view-name="/frames"/>
+
+	<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
+		<property name="basename" value="messages"/>
+	</bean>
+
+	<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
+		<property name="prefix" value="/WEB-INF/jsp/"/>
+		<property name="suffix" value=".jsp"/>
+	</bean>
+
+</beans>
diff --git a/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/add.jsp b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/add.jsp
new file mode 100644
index 0000000..02630f9
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/add.jsp
@@ -0,0 +1,42 @@
+<%@ include file="/WEB-INF/jsp/include.jsp" %>
+<html>
+<head><title>Add New Contact</title></head>
+<body>
+<h1>Add Contact</h1>
+<form method="post">
+  <table width="95%" bgcolor="f8f8ff" border="0" cellspacing="0" cellpadding="5">
+    <tr>
+      <td alignment="right" width="20%">Name:</td>
+      <spring:bind path="webContact.name">
+        <td width="20%">
+          <input type="text" name="name" value="<c:out value="${status.value}"/>">
+        </td>
+        <td width="60%">
+          <font color="red"><c:out value="${status.errorMessage}"/></font>
+        </td>
+      </spring:bind>
+    </tr>
+    <tr>
+      <td alignment="right" width="20%">Email:</td>
+      <spring:bind path="webContact.email">
+        <td width="20%">
+          <input type="text" name="email" value="<c:out value="${status.value}"/>">
+        </td>
+        <td width="60%">
+          <font color="red"><c:out value="${status.errorMessage}"/></font>
+        </td>
+      </spring:bind>
+    </tr>
+  </table>
+  <br>
+  <spring:hasBindErrors name="webContact">
+    <b>Please fix all errors!</b>
+  </spring:hasBindErrors>
+  <br><br>
+
+  <input type="hidden" name="<c:out value="${_csrf.parameterName}"/>" value="<c:out value="${_csrf.token}"/>"/>
+  <input name="execute" type="submit" alignment="center" value="Execute">
+</form>
+<a href="<c:url value="../hello.htm"/>">Home</a>
+</body>
+</html>
diff --git a/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/addPermission.jsp b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/addPermission.jsp
new file mode 100644
index 0000000..dfd2476
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/addPermission.jsp
@@ -0,0 +1,56 @@
+<%@ include file="/WEB-INF/jsp/include.jsp" %>
+<html>
+<head><title>Add Permission</title></head>
+<body>
+<h1>Add Permission</h1>
+<form method="post">
+  <table width="95%" bgcolor="f8f8ff" border="0" cellspacing="0" cellpadding="5">
+    <tr>
+      <td alignment="right" width="20%">Contact:</td>
+      <td width="60%"><c:out value="${addPermission.contact}"/></td>
+    </tr>
+    <tr>
+      <td alignment="right" width="20%">Recipient:</td>
+      <spring:bind path="addPermission.recipient">
+        <td width="20%">
+            <select name="<c:out value="${status.expression}"/>">
+              <c:forEach var="thisRecipient" items="${recipients}">
+                <option <c:if test="${thisRecipient.key == status.value}">selected</c:if> value="<c:out value="${thisRecipient.key}"/>">
+                <c:out value="${thisRecipient.value}"/></option>
+                </c:forEach>
+            </select>
+        </td>
+        <td width="60%">
+          <font color="red"><c:out value="${status.errorMessage}"/></font>
+        </td>
+      </spring:bind>
+    </tr>
+    <tr>
+      <td alignment="right" width="20%">Permission:</td>
+      <spring:bind path="addPermission.permission">
+        <td width="20%">
+            <select name="<c:out value="${status.expression}"/>">
+              <c:forEach var="thisPermission" items="${permissions}">
+                <option <c:if test="${thisPermission.key == status.value}">selected</c:if> value="<c:out value="${thisPermission.key}"/>">
+                <c:out value="${thisPermission.value}"/></option>
+                </c:forEach>
+            </select>
+        </td>
+        <td width="60%">
+          <font color="red"><c:out value="${status.errorMessage}"/></font>
+        </td>
+      </spring:bind>
+    </tr>
+  </table>
+  <br>
+  <spring:hasBindErrors name="webContact">
+    <b>Please fix all errors!</b>
+  </spring:hasBindErrors>
+  <br><br>
+  <input type="hidden" name="<c:out value="${_csrf.parameterName}"/>" value="<c:out value="${_csrf.token}"/>"/>
+  <input name="execute" type="submit" alignment="center" value="Execute">
+</form>
+<p>
+<A HREF="<c:url value="adminPermission.htm"><c:param name="contactId" value="${addPermission.contact.id}"/></c:url>">Admin Permission</A> <a href="<c:url value="index.htm"/>">Manage</a>
+</body>
+</html>
diff --git a/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/adminPermission.jsp b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/adminPermission.jsp
new file mode 100644
index 0000000..2e0d43f
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/adminPermission.jsp
@@ -0,0 +1,30 @@
+<%@ include file="/WEB-INF/jsp/include.jsp" %>
+
+<html>
+<head><title>Administer Permissions</title></head>
+<body>
+<h1>Administer Permissions</h1>
+<p>
+<code>
+<c:out value="${model.contact}"/>
+</code>
+</p>
+<table cellpadding="3" border="0">
+<c:forEach var="acl" items="${model.acl.entries}">
+    <tr>
+      <td>
+        <code>
+          <c:out value="${acl}"/>
+        </code>
+      </td>
+      <td>
+      <a href="<c:url value="deletePermission.htm"><c:param name="contactId" value="${model.contact.id}"/><c:param name="sid" value="${acl.sid.principal}"/><c:param name="permission" value="${acl.permission.mask}"/></c:url>">Del</a>
+      </td>
+    </tr>
+</c:forEach>
+</table>
+<p>
+<a href="<c:url value="addPermission.htm"><c:param name="contactId" value="${model.contact.id}"/></c:url>">Add Permission</a>   <a href="<c:url value="index.htm"/>">Manage</a>
+</p>
+</body>
+</html>
diff --git a/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/deletePermission.jsp b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/deletePermission.jsp
new file mode 100644
index 0000000..85a71a2
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/deletePermission.jsp
@@ -0,0 +1,20 @@
+<%@ include file="/WEB-INF/jsp/include.jsp" %>
+
+<html>
+<head><title>Permission Deleted</title></head>
+<body>
+<h1>Permission Deleted</h1>
+<P>
+<code>
+<c:out value="${model.contact}"/>
+</code>
+<P>
+<code>
+<c:out value="${model.sid}"/>
+</code>
+<code>
+<c:out value="${model.permission}"/>
+</code>
+<p><a href="<c:url value="index.htm"/>">Manage</a>
+</body>
+</html>
diff --git a/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/deleted.jsp b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/deleted.jsp
new file mode 100644
index 0000000..8fed87c
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/deleted.jsp
@@ -0,0 +1,13 @@
+<%@ include file="/WEB-INF/jsp/include.jsp" %>
+
+<html>
+<head><title>Deletion completed</title></head>
+<body>
+<h1>Deleted</h1>
+<P>
+<code>
+<c:out value="${contact}"/>
+</code>
+<p><a href="<c:url value="index.htm"/>">Manage</a>
+</body>
+</html>
diff --git a/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/frames.jsp b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/frames.jsp
new file mode 100644
index 0000000..cf3ad20
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/frames.jsp
@@ -0,0 +1,10 @@
+<html>
+<head>
+<title>Frames</title>
+</head>
+<body>
+<p>This contains frames, but the frames will not be loaded due to the <a href="https://tools.ietf.org/html/draft-ietf-websec-x-frame-options">X-Frame-Options</a>
+being specified as denied. This protects against <a href="https://en.wikipedia.org/wiki/Clickjacking">clickjacking attacks</a></p>
+<iframe src="./hello.htm" width="500" height="500"></iframe>
+</body>
+</html>
\ No newline at end of file
diff --git a/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/hello.jsp b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/hello.jsp
new file mode 100644
index 0000000..8713e0a
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/hello.jsp
@@ -0,0 +1,52 @@
+<%@ include file="/WEB-INF/jsp/include.jsp" %>
+
+<html>
+<head><title>Contacts Security Demo</title></head>
+<body>
+<h1>Contacts Security Demo</h1>
+<P>Contacts demonstrates the following central Spring Security capabilities:
+<ul>
+<li><b>Role-based security</b>. Each principal is a member of certain roles,
+    which are used to restrict access to certain secure objects.</li>
+<li><b>Domain object instance security</b>. The <code>Contact</code>, the
+    main domain object in the application, has an access control list (ACL)
+    that indicates who is allowed read, administer and delete the object.</li>
+<li><b>Method invocation security</b>. The <code>ContactManager</code> service
+   layer bean has a number of secured (protected) and public (unprotected)
+   methods.</li>
+<li><b>Web request security</b>. The <code>/secure</code> URI path is protected
+   by Spring Security from principals not holding the
+   <code>ROLE_USER</code> granted authority.</li>
+<li><b>Security unaware application objects</b>. None of the objects
+   are aware of the security being implemented by Spring Security. *</li>
+<li><b>Security taglib usage</b>. All of the JSPs use Spring Security's
+   taglib to evaluate security information. *</li>
+<li><b>Fully declarative security</b>. Every capability is configured in
+   the application context using standard Spring Security classes. *</li>
+<li><b>Database-sourced security data</b>. All of the user, role and ACL
+   information is obtained from an in-memory JDBC-compliant database.</li>
+<li><b>Integrated form-based and BASIC authentication</b>. Any BASIC
+   authentication header is detected and used for authentication. Normal
+   interactive form-based authentication is used by default.</li>
+<li><b>Remember-me services</b>. Spring Security's pluggable remember-me
+   strategy is demonstrated, with a corresponding checkbox on the login form.</li>
+</ul>
+
+* As the application provides an "ACL Administration" use case, those
+classes are necessarily aware of security. But no business use cases are.
+
+<p>Please excuse the lack of look 'n' feel polish in this application.
+It is about security, after all! :-)
+
+<p>To demonstrate a public method on <code>ContactManager</code>,
+here's a random <code>Contact</code>:
+<p>
+<code>
+<c:out value="${contact}"/>
+</code>
+<p>Get started by clicking "Manage"...
+<p><A HREF="<c:url value="secure/index.htm"/>">Manage</a>
+<a href="<c:url value="secure/debug.jsp"/>">Debug</a>
+<a href="<c:url value="./frames.htm"/>">Frames</a>
+</body>
+</html>
diff --git a/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/include.jsp b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/include.jsp
new file mode 100644
index 0000000..3b31878
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/include.jsp
@@ -0,0 +1,6 @@
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
+
+<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
+<%@ page pageEncoding="UTF-8" %>
diff --git a/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/index.jsp b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/index.jsp
new file mode 100644
index 0000000..10dc023
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/jsp/index.jsp
@@ -0,0 +1,37 @@
+<%@ include file="/WEB-INF/jsp/include.jsp" %>
+
+<html>
+<head><title>Your Contacts</title></head>
+<body>
+<h1><security:authentication property="principal.username"/>'s Contacts</h1>
+<P>
+<table cellpadding=3 border=0>
+<tr><td><b>id</b></td><td><b>Name</b></td><td><b>Email</b></td></tr>
+<c:forEach var="contact" items="${model.contacts}" >
+  <tr>
+  <td>
+      <c:out value="${contact.id}"/>
+  </td>
+  <td>
+      <c:out value="${contact.name}"/>
+  </td>
+  <td>
+      <c:out value="${contact.email}"/>
+  </td>
+  <c:if test="${model.hasDeletePermission[contact]}">
+    <td><a href="<c:url value="del.htm"><c:param name="contactId" value="${contact.id}"/></c:url>">Del</a></td>
+  </c:if>
+  <c:if test="${model.hasAdminPermission[contact]}">
+    <td><a href="<c:url value="adminPermission.htm"><c:param name="contactId" value="${contact.id}"/></c:url>">Admin Permission</a></td>
+  </c:if>
+  </tr>
+</c:forEach>
+</table>
+<p><a href="<c:url value="add.htm"/>">Add</a> </p>
+
+<form action="<c:url value="/logout"/>" method="post">
+    <input type="submit" value="Logoff"/> (also clears any remember-me cookie)
+    <security:csrfInput/>
+</form>
+</body>
+</html>
diff --git a/servlet/xml/java/contacts/src/main/webapp/WEB-INF/remoting-servlet.xml b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/remoting-servlet.xml
new file mode 100644
index 0000000..f3f25bd
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/remoting-servlet.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "https://www.springframework.org/dtd/spring-beans.dtd">
+
+<!--
+  - Contacts web application
+  -->
+<beans>
+
+	<!-- RMI exporter for the ContactManager -->
+	<!-- This could just as easily have been in
+		 applicationContext-common-business.xml, because it doesn't rely on
+		 DispatcherServlet or indeed any other HTTP services. It's in this
+		 application context simply for logical placement with other
+		 remoting exporters. -->
+	<!-- COMMENTED OUT BY DEFAULT TO AVOID CONFLICTS WITH APPLICATION SERVERS
+	<bean id="contactManager-rmi" class="org.springframework.remoting.rmi.RmiServiceExporter">
+		<property name="service"><ref bean="contactManager"/></property>
+		<property name="serviceInterface">
+			<value>sample.contact.ContactManager</value>
+		</property>
+		<property name="serviceName"><value>contactManager</value></property>
+		<property name="registryPort"><value>1099</value></property>
+	</bean>
+	-->
+
+	<!-- HTTP invoker exporter for the ContactManager -->
+	<!-- Spring's HTTP invoker uses Java serialization via HTTP  -->
+	<bean name="/ContactManager-httpinvoker" class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
+		<property name="service" ref="contactManager"/>
+		<property name="serviceInterface" value="sample.contact.ContactManager"/>
+	</bean>
+
+	<!-- Hessian exporter for the ContactManager -->
+	<!-- Hessian is a slim binary HTTP remoting protocol -->
+<!--
+	<bean name="/ContactManager-hessian" class="org.springframework.remoting.caucho.HessianServiceExporter">
+		<property name="service" ref="contactManager"/>
+		<property name="serviceInterface" value="sample.contact.ContactManager"/>
+	</bean>
+-->
+	<!-- Burlap exporter for the ContactManager -->
+	<!-- Burlap is a slim XML-based HTTP remoting protocol -->
+<!--
+	<bean name="/ContactManager-burlap" class="org.springframework.remoting.caucho.BurlapServiceExporter">
+		<property name="service" ref="contactManager"/>
+		<property name="serviceInterface" value="sample.contact.ContactManager"/>
+	</bean>
+-->
+</beans>
diff --git a/servlet/xml/java/contacts/src/main/webapp/WEB-INF/spring.tld b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/spring.tld
new file mode 100644
index 0000000..895f80a
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/spring.tld
@@ -0,0 +1,311 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE taglib PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.2//EN" "https://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd">
+
+<taglib>
+
+	<tlib-version>1.1.1</tlib-version>
+
+	<jsp-version>1.2</jsp-version>
+
+	<short-name>Spring</short-name>
+
+	<uri>http://www.springframework.org/tags</uri>
+
+	<description>Spring Framework JSP Tag Library. Authors: Rod Johnson, Juergen Hoeller</description>
+
+
+	<tag>
+
+		<name>htmlEscape</name>
+		<tag-class>org.springframework.web.servlet.tags.HtmlEscapeTag</tag-class>
+		<body-content>JSP</body-content>
+
+		<description>
+			Sets default HTML escape value for the current page.
+			Overrides a "defaultHtmlEscape" context-param in web.xml, if any.
+		</description>
+
+		<attribute>
+			<name>defaultHtmlEscape</name>
+			<required>true</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+	</tag>
+
+
+	<tag>
+
+		<name>escapeBody</name>
+		<tag-class>org.springframework.web.servlet.tags.EscapeBodyTag</tag-class>
+		<body-content>JSP</body-content>
+
+		<description>
+			Escapes its enclosed body content, applying HTML escaping and/or JavaScript escaping.
+			The HTML escaping flag participates in a page-wide or application-wide setting
+			(i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml).
+		</description>
+
+		<attribute>
+			<name>htmlEscape</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>javaScriptEscape</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+	</tag>
+
+
+	<tag>
+
+		<name>message</name>
+		<tag-class>org.springframework.web.servlet.tags.MessageTag</tag-class>
+		<body-content>JSP</body-content>
+
+		<description>
+			Retrieves the message with the given code, or text if code isn't resolvable.
+			The HTML escaping flag participates in a page-wide or application-wide setting
+			(i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml).
+		</description>
+
+		<attribute>
+			<name>code</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>arguments</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>text</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>var</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>scope</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>htmlEscape</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>javaScriptEscape</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+	</tag>
+
+
+	<tag>
+
+		<name>theme</name>
+		<tag-class>org.springframework.web.servlet.tags.ThemeTag</tag-class>
+		<body-content>JSP</body-content>
+
+		<description>
+			Retrieves the theme message with the given code, or text if code isn't resolvable.
+			The HTML escaping flag participates in a page-wide or application-wide setting
+			(i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml).
+		</description>
+
+		<attribute>
+			<name>code</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>arguments</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>text</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>var</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>scope</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>htmlEscape</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>javaScriptEscape</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+	</tag>
+
+
+	<tag>
+
+		<name>hasBindErrors</name>
+		<tag-class>org.springframework.web.servlet.tags.BindErrorsTag</tag-class>
+		<body-content>JSP</body-content>
+
+		<description>
+			Provides Errors instance in case of bind errors.
+			The HTML escaping flag participates in a page-wide or application-wide setting
+			(i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml).
+		</description>
+
+		<variable>
+			<name-given>errors</name-given>
+			<variable-class>org.springframework.validation.Errors</variable-class>
+		</variable>
+
+		<attribute>
+			<name>name</name>
+			<required>true</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>htmlEscape</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+	</tag>
+
+
+	<tag>
+
+		<name>nestedPath</name>
+		<tag-class>org.springframework.web.servlet.tags.NestedPathTag</tag-class>
+		<body-content>JSP</body-content>
+
+		<description>
+			Sets a nested path to be used by the bind tag's path.
+		</description>
+
+		<variable>
+			<name-given>nestedPath</name-given>
+			<variable-class>java.lang.String</variable-class>
+		</variable>
+
+		<attribute>
+			<name>path</name>
+			<required>true</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+	</tag>
+
+
+	<tag>
+
+		<name>bind</name>
+		<tag-class>org.springframework.web.servlet.tags.BindTag</tag-class>
+		<body-content>JSP</body-content>
+
+		<description>
+			Provides BindStatus object for the given bind path.
+			The HTML escaping flag participates in a page-wide or application-wide setting
+			(i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml).
+		</description>
+
+		<variable>
+			<name-given>status</name-given>
+			<variable-class>org.springframework.web.servlet.support.BindStatus</variable-class>
+		</variable>
+
+		<attribute>
+			<name>path</name>
+			<required>true</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>ignoreNestedPath</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>htmlEscape</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+	</tag>
+
+
+	<tag>
+
+		<name>transform</name>
+		<tag-class>org.springframework.web.servlet.tags.TransformTag</tag-class>
+		<body-content>JSP</body-content>
+
+		<description>
+			Provides transformation of variables to Strings, using an appropriate
+			custom PropertyEditor from BindTag (can only be used inside BindTag).
+			The HTML escaping flag participates in a page-wide or application-wide setting
+			(i.e. by HtmlEscapeTag or a "defaultHtmlEscape" context-param in web.xml).
+		</description>
+
+		<attribute>
+			<name>value</name>
+			<required>true</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>var</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>scope</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+		<attribute>
+			<name>htmlEscape</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+
+	</tag>
+
+</taglib>
diff --git a/servlet/xml/java/contacts/src/main/webapp/WEB-INF/web.xml b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..7b4f0d9
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  - Contacts web application
+  -
+  -->
+
+<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+	<display-name>Contacts Sample Application</display-name>
+
+	<!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+			classpath:applicationContext-common-business.xml
+			classpath:applicationContext-common-authorization.xml
+			classpath:applicationContext-security.xml
+		</param-value>
+	</context-param>
+
+   <!-- Nothing below here needs to be modified -->
+
+	<context-param>
+		<param-name>webAppRootKey</param-name>
+		<param-value>contacts.root</param-value>
+	</context-param>
+
+	<filter>
+		<filter-name>localizationFilter</filter-name>
+		<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
+	</filter>
+
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
+
+	<filter-mapping>
+		<filter-name>localizationFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<filter-mapping>
+	  <filter-name>springSecurityFilterChain</filter-name>
+	  <url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<!--
+	  - Loads the root application context of this web app at startup.
+	  - The application context is then available via
+	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+	-->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+
+  <!--
+	- Provides core MVC application controller. See contacts-servlet.xml.
+	-->
+	<servlet>
+		<servlet-name>contacts</servlet-name>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<load-on-startup>1</load-on-startup>
+	</servlet>
+
+  <!--
+	- Provides web services endpoint. See remoting-servlet.xml.
+	-->
+	<servlet>
+		<servlet-name>remoting</servlet-name>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<load-on-startup>2</load-on-startup>
+	</servlet>
+
+	<servlet-mapping>
+		<servlet-name>contacts</servlet-name>
+		<url-pattern>*.htm</url-pattern>
+	 </servlet-mapping>
+
+	<servlet-mapping>
+		<servlet-name>remoting</servlet-name>
+		<url-pattern>/remoting/*</url-pattern>
+	</servlet-mapping>
+
+	 <welcome-file-list>
+		<welcome-file>index.jsp</welcome-file>
+	</welcome-file-list>
+
+	<error-page>
+		<error-code>403</error-code>
+		<location>/error.html</location>
+	</error-page>
+
+</web-app>
diff --git a/servlet/xml/java/contacts/src/main/webapp/accessDenied.jsp b/servlet/xml/java/contacts/src/main/webapp/accessDenied.jsp
new file mode 100644
index 0000000..c94ae99
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/accessDenied.jsp
@@ -0,0 +1,22 @@
+<%@ page import="org.springframework.security.core.context.SecurityContextHolder" %>
+<%@ page import="org.springframework.security.core.Authentication" %>
+
+<html>
+  <head>
+    <title>Access Denied</title>
+  </head>
+
+<body>
+<h1>Sorry, access is denied</h1>
+
+<p>
+<%= request.getAttribute("SPRING_SECURITY_403_EXCEPTION")%>
+</p>
+<p>
+<%      Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        if (auth != null) { %>
+        Authentication object as a String: <%= auth.toString() %><br /><br />
+<%      } %>
+</p>
+</body>
+</html>
diff --git a/servlet/xml/java/contacts/src/main/webapp/error.html b/servlet/xml/java/contacts/src/main/webapp/error.html
new file mode 100644
index 0000000..3c58108
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/error.html
@@ -0,0 +1,5 @@
+<html>
+	<title>Access denied!</title>
+	<h1>Access Denied</h1>
+	<p>We're sorry, but you are not authorized to perform the requested operation.</p>
+</html>
\ No newline at end of file
diff --git a/servlet/xml/java/contacts/src/main/webapp/exitUser.jsp b/servlet/xml/java/contacts/src/main/webapp/exitUser.jsp
new file mode 100644
index 0000000..5f9e33b
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/exitUser.jsp
@@ -0,0 +1,39 @@
+<%@ taglib prefix='c' uri='http://java.sun.com/jsp/jstl/core' %>
+
+<%@ page import="org.springframework.security.core.Authentication" %>
+<%@ page import="org.springframework.security.core.context.SecurityContextHolder" %>
+<%@ page pageEncoding="UTF-8" %>
+
+<html>
+  <head>
+    <title>Exit User</title>
+  </head>
+
+  <body>
+    <h1>Exit User</h1>
+
+    <c:if test="${not empty param.login_error}">
+      <font color="red">
+        Your 'Exit User' attempt was not successful, try again.<br/><br/>
+        Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>
+      </font>
+    </c:if>
+
+    <form action="<c:url value='logout/impersonate'/>" method="POST">
+      <table>
+        <tr><td>Current User:</td><td>
+
+<%
+    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+    if (auth != null) { %>
+
+        <%= auth.getPrincipal().toString() %>
+
+ <% } %>
+         </td></tr>
+        <tr><td colspan='2'><input name="exit" type="submit" value="Exit"></td></tr>
+      </table>
+      <input type="hidden" name="<c:out value="${_csrf.parameterName}"/>" value="<c:out value="${_csrf.token}"/>"/>
+    </form>
+  </body>
+</html>
diff --git a/servlet/xml/java/contacts/src/main/webapp/index.jsp b/servlet/xml/java/contacts/src/main/webapp/index.jsp
new file mode 100644
index 0000000..4c86e33
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/index.jsp
@@ -0,0 +1,4 @@
+<%@ include file="/WEB-INF/jsp/include.jsp" %>
+
+<%-- Redirected because we can't set the welcome page to a virtual URL. --%>
+<c:redirect url="/hello.htm"/>
diff --git a/servlet/xml/java/contacts/src/main/webapp/login.jsp b/servlet/xml/java/contacts/src/main/webapp/login.jsp
new file mode 100644
index 0000000..ed07288
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/login.jsp
@@ -0,0 +1,47 @@
+<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ page pageEncoding="UTF-8" %>
+
+<html>
+  <head>
+    <title>Login</title>
+  </head>
+
+  <body onload="document.f.username.focus();">
+    <h1>Login</h1>
+
+    <p>Valid users:
+    <p>
+    <p>username <b>rod</b>, password <b>koala</b>
+    <p>username <b>dianne</b>, password <b>emu</b>
+    <p>username <b>scott</b>, password <b>wombat</b>
+    <p>username <b>peter</b>, password <b>opal</b> (user disabled)
+    <p>username <b>bill</b>, password <b>wombat</b>
+    <p>username <b>bob</b>, password <b>wombat</b>
+    <p>username <b>jane</b>, password <b>wombat</b>
+    <p>
+
+    <p>Locale is: <%= request.getLocale() %></p>
+    <%-- this form-login-page form is also used as the
+         form-error-page to ask for a login again.
+         --%>
+    <c:if test="${not empty param.login_error}">
+      <font color="red">
+        Your login attempt was not successful, try again.<br/><br/>
+        Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
+      </font>
+    </c:if>
+
+    <form name="f" action="<c:url value='login'/>" method="POST">
+      <table>
+        <tr><td>User:</td><td><input type='text' name='username' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/></td></tr>
+        <tr><td>Password:</td><td><input type='password' name='password'></td></tr>
+        <tr><td><input type="checkbox" name="remember-me"></td><td>Don't ask for my password for two weeks</td></tr>
+
+        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
+        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
+      </table>
+      <input type="hidden" name="<c:out value="${_csrf.parameterName}"/>" value="<c:out value="${_csrf.token}"/>"/>
+    </form>
+
+  </body>
+</html>
diff --git a/servlet/xml/java/contacts/src/main/webapp/secure/debug.jsp b/servlet/xml/java/contacts/src/main/webapp/secure/debug.jsp
new file mode 100644
index 0000000..553bc3a
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/secure/debug.jsp
@@ -0,0 +1,40 @@
+<%@ page import="org.springframework.security.core.context.SecurityContextHolder" %>
+<%@ page import="org.springframework.security.core.Authentication" %>
+<%@ page import="org.springframework.security.core.GrantedAuthority" %>
+
+<html>
+<head>
+<title>Security Debug Information</title>
+</head>
+<body>
+
+<h3>Security Debug Information</h3>
+
+<%
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        if (auth != null) { %>
+<p>
+            Authentication object is of type: <em><%= auth.getClass().getName() %></em>
+</p>
+<p>
+            Authentication object as a String: <br/><br/><%= auth.toString() %>
+</p>
+
+            Authentication object holds the following granted authorities:<br /><br />
+<%
+            for (GrantedAuthority authority : auth.getAuthorities()) { %>
+                <%= authority %> (<em>getAuthority()</em>: <%= authority.getAuthority() %>)<br />
+<%			}
+%>
+
+                <p><b>Success! Your web filters appear to be properly configured!</b></p>
+<%
+        } else {
+%>
+            Authentication object is null.<br />
+            This is an error and your Spring Security application will not operate properly until corrected.<br /><br />
+<%		}
+%>
+
+</body>
+</html>
diff --git a/servlet/xml/java/contacts/src/main/webapp/switchUser.jsp b/servlet/xml/java/contacts/src/main/webapp/switchUser.jsp
new file mode 100644
index 0000000..a8d3e15
--- /dev/null
+++ b/servlet/xml/java/contacts/src/main/webapp/switchUser.jsp
@@ -0,0 +1,42 @@
+<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core' %>
+<%@ page import="org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter" %>
+<%@ page import="org.springframework.security.core.AuthenticationException" %>
+<%@ page pageEncoding="UTF-8" %>
+
+<html>
+  <head>
+    <title>Switch User</title>
+  </head>
+
+  <body>
+    <h1>Switch to User</h1>
+
+	<h3>Valid users:</h3>
+
+	<p>username <b>rod</b>, password <b>koala</b></p>
+	<p>username <b>dianne</b>, password <b>emu</b></p>
+	<p>username <b>scott</b>, password <b>wombat</b></p>
+	<p>username <b>bill</b>, password <b>wombat</b></p>
+	<p>username <b>bob</b>, password <b>wombat</b></p>
+	<p>username <b>jane</b>, password <b>wombat</b></p>
+    <%-- this form-login-page form is also used as the
+         form-error-page to ask for a login again.
+         --%>
+    <c:if test="${not empty param.login_error}">
+    <p>
+      <font color="red">
+        Your 'su' attempt was not successful, try again.<br/>
+      </font>
+          </p>
+    </c:if>
+
+    <form action="<c:url value='login/impersonate'/>" method="POST">
+      <table>
+        <tr><td>User:</td><td><input type='text' name='username'></td></tr>
+        <tr><td colspan='2'><input name="switch" type="submit" value="Switch to User"></td></tr>
+      </table>
+      <input type="hidden" name="<c:out value="${_csrf.parameterName}"/>" value="<c:out value="${_csrf.token}"/>"/>
+    </form>
+
+  </body>
+</html>
diff --git a/servlet/xml/java/contacts/src/site/resources/logback-test.xml b/servlet/xml/java/contacts/src/site/resources/logback-test.xml
new file mode 100644
index 0000000..2d51ba4
--- /dev/null
+++ b/servlet/xml/java/contacts/src/site/resources/logback-test.xml
@@ -0,0 +1,15 @@
+<configuration>
+	<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+	<encoder>
+		<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+	</encoder>
+	</appender>
+
+	<logger name="org.springframework.security" level="${sec.log.level:-WARN}"/>
+
+
+	<root level="${root.level:-WARN}">
+	<appender-ref ref="STDOUT" />
+	</root>
+
+</configuration>
diff --git a/servlet/xml/java/contacts/src/site/resources/sslhowto.txt b/servlet/xml/java/contacts/src/site/resources/sslhowto.txt
new file mode 100644
index 0000000..9e073a6
--- /dev/null
+++ b/servlet/xml/java/contacts/src/site/resources/sslhowto.txt
@@ -0,0 +1,99 @@
+$Id$
+
+CAS requires HTTPS be used for all operations, with the certificate used
+having been signed by a certificate in the cacerts files shipped with Java.
+
+If you're using a HTTPS certificate signed by a well known authority
+(like Verisign), you can safely ignore the procedure below (although you
+might find the troubleshooting section at the end helpful).
+
+The following demonstrates how to create a self-signed certificate and add
+it to the cacerts file. If you just want to use the certificate we have
+already created and shipped with Spring Security, you
+can skip directly to step 3.
+
+
+1. keytool -keystore keystore -alias acegisecurity -genkey -keyalg RSA -validity 9999 -storepass password -keypass password
+
+What is your first and last name?
+  [Unknown]:  localhost
+What is the name of your organizational unit?
+  [Unknown]:  Spring Security
+What is the name of your organization?
+  [Unknown]:  TEST CERTIFICATE ONLY. DO NOT USE IN PRODUCTION.
+What is the name of your City or Locality?
+  [Unknown]:
+What is the name of your State or Province?
+  [Unknown]:
+What is the two-letter country code for this unit?
+  [Unknown]:
+Is CN=localhost, OU=Spring Security, O=TEST CERTIFICATE ONLY. D
+O NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown correct?
+  [no]:  yes
+
+
+2. keytool -export -v -rfc -alias acegisecurity -file acegisecurity.txt -keystore keystore -storepass password
+
+3. copy acegisecurity.txt %JAVA_HOME%\lib\security
+
+4. copy keystore %YOUR_WEB_CONTAINER_LOCATION%
+
+   NOTE: You will need to configure your web container as appropriate.
+   We recommend you test the certificate works by visiting
+   https://localhost:8443. When prompted by your browser, select to
+   install the certificate.
+
+5. cd %JAVA_HOME%\lib\security
+
+6. keytool -import -v -file acegisecurity.txt -keypass password -keystore cacerts -storepass changeit -alias acegisecurity
+
+Owner: CN=localhost, OU=Spring Security, O=TEST CERTIFICATE ONL
+Y. DO NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown
+Issuer: CN=localhost, OU=Spring Security, O=TEST CERTIFICATE ON
+LY. DO NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown
+Serial number: 4080daf4
+Valid from: Sat Apr 17 07:21:24 GMT 2004 until: Tue Sep 02 07:21:24 GMT 2031
+Certificate fingerprints:
+         MD5:  B4:AC:A8:24:34:99:F1:A9:F8:1D:A5:6C:BF:0A:34:FA
+         SHA1: F1:E6:B1:3A:01:39:2D:CF:06:FA:82:AB:86:0D:77:9D:06:93:D6:B0
+Trust this certificate? [no]:  yes
+Certificate was added to keystore
+[Saving cacerts]
+
+
+7. Finished. You can now run the sample application as if you purchased a
+   properly signed certificate. For production applications, of course you should
+   use an appropriately signed certificate so your web visitors will trust it
+   (such as issued by Thawte, Verisign etc).
+
+TROUBLESHOOTING
+
+* First of all, most CAS-Acegi Security problems are because of untrusted
+  SSL certificates. So it's important to understand why. Most people can
+  load the Acegi Security webapp, get redirected to the CAS server, then
+  after login they get redirected back to the Acegi Security webapp and
+  receive a failure. This is because the CAS server redirects to something
+  like https://server3.company.com/webapp/login/cas?ticket=ST-0-ER94xMJmn6pha35CQRoZ
+  which causes the "service ticket" (the "ticket" parameter) to be validated.
+  net.sf.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator
+  performs service ticket validation by delegation to CAS'
+  ProxyTicketValidator class. The ProxyTicketValidator class will perform a
+  HTTPS connection from the web server running the Acegi Security webapp
+  (server3.company.com) above to the CAS server. If for some reason the
+  web server keystore does not trust the HTTPS certificate presented by the
+  CAS server, you will receive various failures as discussed below. NB: This
+  has NOTHING to do with client-side (browser) certificates. You need to
+  correct the trust between the two webserver keystores alone.
+
+* A "sun.security.validator.ValidatorException: No trusted certificate
+  found" indicates the cacerts is not being used or it did not correctly
+  import the certificate. To rule out your web container replacing or in
+  some way modifying the trust manager, set the
+  CasProxyTicketValidator.trustStore property to the full file system
+  location to your cacerts file.
+
+* If your web container is ignoring your cacerts file, double-check it
+  is stored in $JAVA_HOME\lib\security\cacerts. $JAVA_HOME might be
+  pointing to the SDK, not JRE. In that case, copy
+  $JAVA_HOME\jre\lib\security\cacerts to $JAVA_HOME\lib\security\cacerts
+
diff --git a/servlet/xml/java/contacts/src/test/java/sample/contact/ContactManagerTests.java b/servlet/xml/java/contacts/src/test/java/sample/contact/ContactManagerTests.java
new file mode 100644
index 0000000..47999e2
--- /dev/null
+++ b/servlet/xml/java/contacts/src/test/java/sample/contact/ContactManagerTests.java
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.contact;
+
+import java.util.List;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Test;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.acls.domain.BasePermission;
+import org.springframework.security.acls.domain.PrincipalSid;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.web.SpringJUnitWebConfig;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.fail;
+
+/**
+ * Tests {@link ContactManager}.
+ *
+ * @author David Leal
+ * @author Ben Alex
+ * @author Luke Taylor
+ */
+@ContextConfiguration(locations = { "/applicationContext-security.xml", "/applicationContext-common-authorization.xml",
+		"/applicationContext-common-business.xml" })
+@SpringJUnitWebConfig
+public class ContactManagerTests {
+
+	@Autowired
+	protected ContactManager contactManager;
+
+	void assertContainsContact(long id, List<Contact> contacts) {
+		for (Contact contact : contacts) {
+			if (contact.getId().equals(id)) {
+				return;
+			}
+		}
+
+		fail("List of contacts should have contained: " + id);
+	}
+
+	void assertDoestNotContainContact(long id, List<Contact> contacts) {
+		for (Contact contact : contacts) {
+			if (contact.getId().equals(id)) {
+				fail("List of contact should NOT (but did) contain: " + id);
+			}
+		}
+	}
+
+	/**
+	 * Locates the first <code>Contact</code> of the exact name specified.
+	 * <p>
+	 * Uses the {@link ContactManager#getAll()} method.
+	 * @param id Identify of the contact to locate (must be an exact match)
+	 * @return the domain or <code>null</code> if not found
+	 */
+	Contact getContact(String id) {
+		for (Contact contact : this.contactManager.getAll()) {
+			if (contact.getId().equals(id)) {
+				return contact;
+			}
+		}
+
+		return null;
+	}
+
+	private void makeActiveUser(String username) {
+		String password = "";
+
+		if ("rod".equals(username)) {
+			password = "koala";
+		}
+		else if ("dianne".equals(username)) {
+			password = "emu";
+		}
+		else if ("scott".equals(username)) {
+			password = "wombat";
+		}
+		else if ("peter".equals(username)) {
+			password = "opal";
+		}
+
+		Authentication authRequest = new UsernamePasswordAuthenticationToken(username, password);
+		SecurityContextHolder.getContext().setAuthentication(authRequest);
+	}
+
+	@AfterEach
+	void clearContext() {
+		SecurityContextHolder.clearContext();
+	}
+
+	@Test
+	void testDianne() {
+		makeActiveUser("dianne"); // has ROLE_USER
+
+		List<Contact> contacts = this.contactManager.getAll();
+		assertThat(contacts).hasSize(4);
+
+		assertContainsContact(4, contacts);
+		assertContainsContact(5, contacts);
+		assertContainsContact(6, contacts);
+		assertContainsContact(8, contacts);
+
+		assertDoestNotContainContact(1, contacts);
+		assertDoestNotContainContact(2, contacts);
+		assertDoestNotContainContact(3, contacts);
+	}
+
+	@Test
+	void testrod() {
+		makeActiveUser("rod"); // has ROLE_SUPERVISOR
+
+		List<Contact> contacts = this.contactManager.getAll();
+
+		assertThat(contacts).hasSize(4);
+
+		assertContainsContact(1, contacts);
+		assertContainsContact(2, contacts);
+		assertContainsContact(3, contacts);
+		assertContainsContact(4, contacts);
+
+		assertDoestNotContainContact(5, contacts);
+
+		Contact c1 = this.contactManager.getById(4L);
+
+		this.contactManager.deletePermission(c1, new PrincipalSid("bob"), BasePermission.ADMINISTRATION);
+		this.contactManager.addPermission(c1, new PrincipalSid("bob"), BasePermission.ADMINISTRATION);
+	}
+
+	@Test
+	void testScott() {
+		makeActiveUser("scott"); // has ROLE_USER
+
+		List<Contact> contacts = this.contactManager.getAll();
+
+		assertThat(contacts).hasSize(5);
+
+		assertContainsContact(4, contacts);
+		assertContainsContact(6, contacts);
+		assertContainsContact(7, contacts);
+		assertContainsContact(8, contacts);
+		assertContainsContact(9, contacts);
+
+		assertDoestNotContainContact(1, contacts);
+	}
+
+}
diff --git a/servlet/xml/java/contacts/src/test/resources/logback-test.xml b/servlet/xml/java/contacts/src/test/resources/logback-test.xml
new file mode 100644
index 0000000..aa69aab
--- /dev/null
+++ b/servlet/xml/java/contacts/src/test/resources/logback-test.xml
@@ -0,0 +1,15 @@
+<configuration>
+	<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+	<encoder>
+		<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+	</encoder>
+	</appender>
+	
+	<logger name="org.springframework.security" level="TRACE"/>
+
+
+	<root level="${root.level:-WARN}">
+	<appender-ref ref="STDOUT" />
+	</root>
+
+</configuration>
diff --git a/settings.gradle b/settings.gradle
index e23460c..2b11589 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -62,6 +62,7 @@ include ":servlet:spring-boot:java:saml2:refreshable-metadata"
 include ":servlet:spring-boot:kotlin:hello-security"
 include ":servlet:xml:java:helloworld"
 include ":servlet:xml:java:preauth"
+include ":servlet:xml:java:contacts"
 include ":servlet:xml:java:dms"
 include ":servlet:xml:java:saml2:login-logout"