SEC-1132: Updated package and class names in ref manual.

src/docbkx/namespace-config.xml

@@ -276,7 +276,7 @@
           <literal>user-service-ref</literal> attribute: <programlisting><![CDATA[
   <authentication-provider user-service-ref='myUserDetailsService'/>
   
-  <beans:bean id="myUserDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
+  <beans:bean id="myUserDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
     <beans:property name="dataSource" ref="dataSource"/>
   </beans:bean>
   ]]>
@@ -355,7 +355,7 @@
         file to keep Spring Security updated about session lifecycle events: <programlisting>        
           <![CDATA[         
 <listener>
-  <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
+  <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
 </listener>
 ]]></programlisting> Then add the following line to your application context: <programlisting><![CDATA[     
   <http>

src/docbkx/preauth.xml

@@ -34,9 +34,8 @@
       <link xlink:href="#x509">X.509 authentication</link>, as it already has a namespace configuration
       option which is simpler to use and get started with. If you need to use explicit bean confiuration or 
       are planning on writing your own implementation then an understanding of how the
-      provided implementations work will be useful. You will find the web related classes under the 
+      provided implementations work will be useful. You will find classes under the 
-      <package>org.springframework.security.ui.preauth</package> package and the backend classes
+      <package>org.springframework.security.web.authentication.preauth</package>. We just provide an outline
-      under <package>org.springframework.security.providers.preauth</package>. We just provide an outline
       here so you should consult the Javadoc and source where appropriate.
     </para>
 
@@ -152,14 +151,14 @@
           A typical configuration using this filter would look like this:
 <programlisting><![CDATA[
 	<bean id="siteminderFilter"
-      class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter">
+      class="org.springframework.security.web.authentication.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter">
     <security:custom-filter position="PRE_AUTH_FILTER" />
     <property name="principalRequestHeader" value="SM_USER"/>
     <property name="authenticationManager" ref="authenticationManager" />
   </bean>
 
   <bean id="preauthAuthProvider"
-      class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
+      class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
     <security:custom-authentication-provider />      
     <property name="preAuthenticatedUserDetailsService">
       <bean id="userDetailsServiceWrapper" 

src/docbkx/remember-me-authentication.xml

@@ -139,18 +139,18 @@
             <para>The beans required in an application context to enable remember-me services are as follows:
 <programlisting><![CDATA[        
 <bean id="rememberMeProcessingFilter"
-    class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
+    class="org.springframework.security.web.authentication.rememberme.RememberMeProcessingFilter">
   <property name="rememberMeServices" ref="rememberMeServices"/>
   <property name="authenticationManager" ref="theAuthenticationManager" />    
 </bean>
         
-<bean id="rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
+<bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
   <property name="userDetailsService" ref="myUserDetailsService"/>
   <property name="key" value="springRocks"/>
 </bean>
         
 <bean id="rememberMeAuthenticationProvider"
-    class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
+    class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationProvider">
   <property name="key" value="springRocks"/>
 </bean>
 ]]>        

src/docbkx/runas-auth-provider.xml

@@ -87,12 +87,12 @@
             bean context with the same key:
             <programlisting>
 <![CDATA[
-<bean id="runAsManager" class="org.springframework.security.runas.RunAsManagerImpl">
+<bean id="runAsManager" class="org.springframework.security.access.intercept.RunAsManagerImpl">
   <property name="key" value="my_run_as_password"/>
 </bean>
 
 <bean id="runAsAuthenticationProvider"
-    class="org.springframework.security.runas.RunAsImplAuthenticationProvider">
+    class="org.springframework.security.access.intercept.RunAsImplAuthenticationProvider">
   <property name="key" value="my_run_as_password"/>
 </bean>]]></programlisting></para>
         <para>By using the same key, each <literal>RunAsUserToken</literal>

src/docbkx/samples.xml

@@ -45,7 +45,7 @@
             and passwords are suggested on that page. Simply authenticate with any of these and view
             the resulting page. It should contain a success message similar to the following:
             <literallayout>
-        Authentication object is of type: org.springframework.security.providers.UsernamePasswordAuthenticationToken
+        Authentication object is of type: org.springframework.security.authentication.UsernamePasswordAuthenticationToken
         
         Authentication object as a String: 
           org.springframework.security.providers.UsernamePasswordAuthenticationToken@1f127853: 

src/docbkx/secured-objects.xml

@@ -32,14 +32,14 @@
         for use with one of Spring AOP's proxying mechanisms:
 <programlisting><![CDATA[
 <bean id="bankManagerSecurity"
-    class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
+    class="org.springframework.security.intercept.aopalliance.MethodSecurityInterceptor">
   <property name="authenticationManager" ref="authenticationManager"/>
   <property name="accessDecisionManager" ref="accessDecisionManager"/>
   <property name="afterInvocationManager" ref="afterInvocationManager"/>
-  <property name="objectDefinitionSource">
+  <property name="securityMetadataSource">
     <value>
-      org.springframework.security.context.BankManager.delete*=ROLE_SUPERVISOR
+      com.mycompany.BankManager.delete*=ROLE_SUPERVISOR
-      org.springframework.security.context.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR
+      com.mycompany.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR
     </value>
   </property>
 </bean> ]]>
@@ -76,14 +76,14 @@
 
     <programlisting><![CDATA[
 <bean id="bankManagerSecurity"
-        class="org.springframework.security.intercept.method.aspectj.AspectJSecurityInterceptor">
+        class="org.springframework.security.intercept.aspectj.AspectJSecurityInterceptor">
   <property name="authenticationManager" ref="authenticationManager"/>
   <property name="accessDecisionManager" ref="accessDecisionManager"/>
   <property name="afterInvocationManager" ref="afterInvocationManager"/>
-  <property name="objectDefinitionSource">
+  <property name="securityMetadataSource">
     <value>
-        org.springframework.security.context.BankManager.delete*=ROLE_SUPERVISOR
+        com.mycompany.BankManager.delete*=ROLE_SUPERVISOR
-        org.springframework.security.context.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR
+        com.mycompany.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR
     </value>
 </property>
 </bean>]]>        </programlisting>
@@ -91,8 +91,8 @@
     <para>As you can see, aside from the class name, the
     <literal>AspectJSecurityInterceptor</literal> is exactly the same as
     the AOP Alliance security interceptor. Indeed the two interceptors can
-    share the same <literal>objectDefinitionSource</literal>, as the
+    share the same <literal>securityMetadataSource</literal>, as the
-    <interfacename>ObjectDefinitionSource</interfacename> works with
+    <interfacename>SecurityMetadataSource</interfacename> works with
     <literal>java.lang.reflect.Method</literal>s rather than an AOP
     library-specific class. Of course, your access decisions have access
     to the relevant AOP library-specific invocation (ie
@@ -106,8 +106,8 @@
     <programlisting>
 package org.springframework.security.samples.aspectj;
 
-import org.springframework.security.intercept.method.aspectj.AspectJSecurityInterceptor;
+import org.springframework.security.intercept.aspectj.AspectJSecurityInterceptor;
-import org.springframework.security.intercept.method.aspectj.AspectJCallback;
+import org.springframework.security.intercept.aspectj.AspectJCallback;
 import org.springframework.beans.factory.InitializingBean;
 
 public aspect DomainObjectInstanceSecurityAspect implements InitializingBean {
@@ -187,12 +187,12 @@ public void afterPropertiesSet() throws Exception {
     <programlisting>
 <![CDATA[
 <bean id="exceptionTranslationFilter"
-        class="org.springframework.security.ui.ExceptionTranslationFilter">
+        class="org.springframework.security.web.access.ExceptionTranslationFilter">
   <property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
 </bean>
 
 <bean id="authenticationEntryPoint"
-        class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+        class="org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint">
   <property name="loginFormUrl" value="/acegilogin.jsp"/>
   <property name="forceHttps" value="false"/>
 </bean>
@@ -201,7 +201,7 @@ public void afterPropertiesSet() throws Exception {
         class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
   <property name="authenticationManager" ref="authenticationManager"/>
   <property name="accessDecisionManager" ref="accessDecisionManager"/>
-  <property name="objectDefinitionSource">
+  <property name="securityMetadataSource">
     <security:filter-invocation-definition-source>
       <security:intercept-url pattern="/secure/super/**" access="ROLE_WE_DONT_HAVE"/>
       <security:intercept-url pattern="/secure/**" access="ROLE_SUPERVISOR,ROLE_TELLER"/>
@@ -251,23 +251,23 @@ public void afterPropertiesSet() throws Exception {
     used to configure a <classname>FilterChainProxy</classname> but the <literal>&lt;intercept-url&gt;</literal>
     child elements only use the <literal>pattern</literal> and <literal>access</literal> attributes.
     The second is by writing your own
-    <interfacename>ObjectDefinitionSource</interfacename>, although this is beyond the
+    <interfacename>SecurityMetadataSource</interfacename>, although this is beyond the
     scope of this document. Irrespective of the approach used, the
-    <interfacename>ObjectDefinitionSource</interfacename> is responsible for returning
+    <interfacename>SecurityMetadataSource</interfacename> is responsible for returning
     a <literal>List&lt;ConfigAttribute&gt;</literal> containing
     all of the configuration attributes associated with a single secure
     HTTP URL.</para>
 
     <para>It should be noted that the
-    <literal>FilterSecurityInterceptor.setObjectDefinitionSource()</literal>
+    <literal>FilterSecurityInterceptor.setSecurityMetadataSource()</literal>
     method actually expects an instance of
     <interfacename>FilterInvocationDefinitionSource</interfacename>. This is a marker
-    interface which subclasses <interfacename>ObjectDefinitionSource</interfacename>.
+    interface which subclasses <interfacename>SecurityMetadataSource</interfacename>.
-    It simply denotes the <interfacename>ObjectDefinitionSource</interfacename>
+    It simply denotes the <interfacename>SecurityMetadataSource</interfacename>
     understands <classname>FilterInvocation</classname>s. In the interests of
     simplicity we'll continue to refer to the
     <interfacename>FilterInvocationDefinitionSource</interfacename> as an
-    <interfacename>ObjectDefinitionSource</interfacename>, as the distinction is of
+    <interfacename>SecurityMetadataSource</interfacename>, as the distinction is of
     little relevance to most users of the
     <classname>FilterSecurityInterceptor</classname>.</para>
 
@@ -276,7 +276,7 @@ public void afterPropertiesSet() throws Exception {
     attributes that apply to each HTTP URL. Each configuration attribute
     is assigned into its own <literal>SecurityConfig</literal> object. The
     <literal>SecurityConfig</literal> object is discussed in the High
-    Level Design section. The <interfacename>ObjectDefinitionSource</interfacename>
+    Level Design section. The <interfacename>SecurityMetadataSource</interfacename>
     created by the property editor,
     <interfacename>FilterInvocationDefinitionSource</interfacename>, matches
     configuration attributes against <literal>FilterInvocations</literal>
@@ -295,7 +295,7 @@ public void afterPropertiesSet() throws Exception {
   <property name="authenticationManager" ref="authenticationManager"/>
   <property name="accessDecisionManager" ref="accessDecisionManager"/>
   <property name="runAsManager" ref="runAsManager"/>
-  <property name="objectDefinitionSource">
+  <property name="securityMetadataSource">
     <security:filter-invocation-definition-source path-type="regex">
       <security:intercept-url pattern="\A/secure/super/.*\Z" access="ROLE_WE_DONT_HAVE"/>
       <security:intercept-url pattern="\A/secure/.*\" access="ROLE_SUPERVISOR,ROLE_TELLER"/>

src/docbkx/supporting-infrastructure.xml

@@ -145,12 +145,12 @@
     <classname>FilterChainProxy</classname> class. It is wired using a
           <literal>DelegatingFilterProxy</literal> (just like in the example above),
     but the target class is
-    <literal>org.springframework.security.util.FilterChainProxy</literal>.
+    <literal>org.springframework.security.web.FilterChainProxy</literal>.
     The filter chain is then declared in the application context, using
     code such as this:</para>
 
     <para><programlisting><![CDATA[
-<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
+<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
   <sec:filter-chain-map path-type="ant">
      <sec:filter-chain pattern="/webServices/**" 
          filters="httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor"/>