diff --git a/changelog.txt b/changelog.txt
index d6a8a01161..4beb4c0126 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -7,6 +7,7 @@ Changes in version 0.x (2004-xx-xx)
 * Added PasswordAuthenticationProvider for password-validating DAOs (eg LDAP)
 * Added FilterToBeanProxy compatibility with ContextLoaderServlet (lazy inits)
 * Added convenience methods to ConfigAttributeDefinition
+* Improved sample applications' bean reference notation
 * Clarified contract for ObjectDefinitionSource.getAttributes(Object)
 * Extracted removeUserFromCache(String) to UserCache interface
 * Improved ConfigAttributeEditor so it trims preceding and trailing spaces
diff --git a/samples/attributes/src/applicationContext.xml b/samples/attributes/src/applicationContext.xml
index 5d919f5b9f..f8e0150755 100644
--- a/samples/attributes/src/applicationContext.xml
+++ b/samples/attributes/src/applicationContext.xml
@@ -37,7 +37,7 @@
 	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
 		<property name="providers">
 		  <list>
-		    <ref bean="testingAuthenticationProvider"/>
+		    <ref local="testingAuthenticationProvider"/>
 		  </list>
 		</property>
 	</bean>
@@ -52,7 +52,7 @@
    		<property name="allowIfAllAbstainDecisions"><value>false</value></property>
 		<property name="decisionVoters">
 		  <list>
-		    <ref bean="roleVoter"/>
+		    <ref local="roleVoter"/>
 		  </list>
 		</property>
 	</bean>
@@ -67,10 +67,10 @@
 	<!-- We don't validate config attributes, as it's unsupported by MethodDefinitionAttributes -->
 	<bean id="securityInterceptor" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
     	<property name="validateConfigAttributes"><value>false</value></property>
-    	<property name="authenticationManager"><ref bean="authenticationManager"/></property>
-    	<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
-    	<property name="runAsManager"><ref bean="runAsManager"/></property>
- 		<property name="objectDefinitionSource"><ref bean="objectDefinitionSource"/></property>
+    	<property name="authenticationManager"><ref local="authenticationManager"/></property>
+    	<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
+    	<property name="runAsManager"><ref local="runAsManager"/></property>
+ 		<property name="objectDefinitionSource"><ref local="objectDefinitionSource"/></property>
 	</bean>
 	
 	<bean id="bankService" class="sample.attributes.BankServiceImpl"/>
@@ -86,7 +86,7 @@
 		<!-- the bean names to automatically generate proxies for -->
         <property name="beanNames">
             <list>
-                <value>bankService</value>
+                <idref local="bankService"/>
             </list>
         </property>
     </bean>
diff --git a/samples/contacts/etc/ca/applicationContext.xml b/samples/contacts/etc/ca/applicationContext.xml
index bb68bb07f7..c96e4c526c 100644
--- a/samples/contacts/etc/ca/applicationContext.xml
+++ b/samples/contacts/etc/ca/applicationContext.xml
@@ -28,9 +28,9 @@
 	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
 		<property name="providers">
 		  <list>
-		    <ref bean="runAsAuthenticationProvider"/>
-		    <ref bean="authByAdapterProvider"/>
-		    <ref bean="daoAuthenticationProvider"/>
+		    <ref local="runAsAuthenticationProvider"/>
+		    <ref local="authByAdapterProvider"/>
+		    <ref local="daoAuthenticationProvider"/>
 		  </list>
 		</property>
 	</bean>
@@ -47,12 +47,12 @@
 	</bean>
 	
 	<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
-     	<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
+     	<property name="authenticationDao"><ref local="inMemoryDaoImpl"/></property>
 	</bean>
 
 	<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
-		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
-		<property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
+		<property name="authenticationManager"><ref local="authenticationManager"/></property>
+		<property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
 	</bean>
 
 	<bean id="basicProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
@@ -74,8 +74,8 @@
    		<property name="allowIfAllAbstainDecisions"><value>false</value></property>
 		<property name="decisionVoters">
 		  <list>
-		    <ref bean="roleVoter"/>
-		    <ref bean="contactSecurityVoter"/>
+		    <ref local="roleVoter"/>
+		    <ref local="contactSecurityVoter"/>
 		  </list>
 		</property>
 	</bean>
@@ -83,9 +83,9 @@
 	<!-- ===================== SECURITY DEFINITIONS ======================= -->
 	
 	<bean id="publicContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
-    	<property name="authenticationManager"><ref bean="authenticationManager"/></property>
-    	<property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
-    	<property name="runAsManager"><ref bean="runAsManager"/></property>
+    	<property name="authenticationManager"><ref local="authenticationManager"/></property>
+    	<property name="accessDecisionManager"><ref local="businessAccessDecisionManager"/></property>
+    	<property name="runAsManager"><ref local="runAsManager"/></property>
  		<property name="objectDefinitionSource">
 			<value>
 				sample.contact.ContactManager.delete=ROLE_SUPERVISOR,RUN_AS_SERVER
@@ -98,9 +98,9 @@
 
 	<!-- We expect all callers of the backend object to hold the role ROLE_RUN_AS_SERVER -->
 	<bean id="backendContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
-    	<property name="authenticationManager"><ref bean="authenticationManager"/></property>
-    	<property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
-    	<property name="runAsManager"><ref bean="runAsManager"/></property>
+    	<property name="authenticationManager"><ref local="authenticationManager"/></property>
+    	<property name="accessDecisionManager"><ref local="businessAccessDecisionManager"/></property>
+    	<property name="runAsManager"><ref local="runAsManager"/></property>
  		<property name="objectDefinitionSource">
 			<value>
 				sample.contact.ContactManager.delete=ROLE_RUN_AS_SERVER
@@ -117,22 +117,22 @@
     	<property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
 	    <property name="interceptorNames">
       	<list>
-        	<value>publicContactManagerSecurity</value>
- 	        <value>publicContactManagerTarget</value>
+        	<idref local="publicContactManagerSecurity"/>
+ 	        <idref local="publicContactManagerTarget"/>
     	</list>
 	    </property>
   	</bean>
 
 	<bean id="publicContactManagerTarget" class="sample.contact.ContactManagerFacade">
-    	<property name="backend"><ref bean="backendContactManager"/></property>
+    	<property name="backend"><ref local="backendContactManager"/></property>
 	</bean>
 
 	<bean id="backendContactManager" class="org.springframework.aop.framework.ProxyFactoryBean">
     	<property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
 	    <property name="interceptorNames">
       	<list>
-        	<value>backendContactManagerSecurity</value>
- 	        <value>backendContactManagerTarget</value>
+        	<idref local="backendContactManagerSecurity"/>
+ 	        <idref local="backendContactManagerTarget"/>
     	</list>
 	    </property>
   	</bean>
diff --git a/samples/contacts/etc/cas/applicationContext.xml b/samples/contacts/etc/cas/applicationContext.xml
index 9fb59f0e98..31affe87f3 100644
--- a/samples/contacts/etc/cas/applicationContext.xml
+++ b/samples/contacts/etc/cas/applicationContext.xml
@@ -24,8 +24,8 @@
 	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
 		<property name="providers">
 		  <list>
-		    <ref bean="runAsAuthenticationProvider"/>
-		    <ref bean="casAuthenticationProvider"/>
+		    <ref local="runAsAuthenticationProvider"/>
+		    <ref local="casAuthenticationProvider"/>
 		  </list>
 		</property>
 	</bean>
@@ -42,8 +42,8 @@
 	</bean>
 	
 	<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
-		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
-		<property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
+		<property name="authenticationManager"><ref local="authenticationManager"/></property>
+		<property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
 	</bean>
 
 	<bean id="basicProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
@@ -53,17 +53,17 @@
 	<bean id="autoIntegrationFilter" class="net.sf.acegisecurity.ui.AutoIntegrationFilter" />
 
 	<bean id="casAuthenticationProvider" class="net.sf.acegisecurity.providers.cas.CasAuthenticationProvider">
-		<property name="casAuthoritiesPopulator"><ref bean="casAuthoritiesPopulator"/></property>
-		<property name="casProxyDecider"><ref bean="casProxyDecider"/></property>
-		<property name="ticketValidator"><ref bean="casProxyTicketValidator"/></property>
-		<property name="statelessTicketCache"><ref bean="statelessTicketCache"/></property>
+		<property name="casAuthoritiesPopulator"><ref local="casAuthoritiesPopulator"/></property>
+		<property name="casProxyDecider"><ref local="casProxyDecider"/></property>
+		<property name="ticketValidator"><ref local="casProxyTicketValidator"/></property>
+		<property name="statelessTicketCache"><ref local="statelessTicketCache"/></property>
 		<property name="key"><value>my_password_for_this_auth_provider_only</value></property>
 	</bean>
 
 	<bean id="casProxyTicketValidator" class="net.sf.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
 		<property name="casValidate"><value>https://localhost:8443/cas/proxyValidate</value></property>
 		<property name="proxyCallbackUrl"><value>https://localhost:8443/contacts-cas/casProxy/receptor</value></property>
-		<property name="serviceProperties"><ref bean="serviceProperties"/></property>
+		<property name="serviceProperties"><ref local="serviceProperties"/></property>
         <!-- <property name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></property> -->
 	</bean>
 
@@ -72,7 +72,7 @@
 	</bean>
 
 	<bean id="casAuthoritiesPopulator" class="net.sf.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
-		<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
+		<property name="authenticationDao"><ref local="inMemoryDaoImpl"/></property>
 	</bean>
 
 	<bean id="casProxyDecider" class="net.sf.acegisecurity.providers.cas.proxy.RejectProxyTickets">
@@ -96,8 +96,8 @@
    		<property name="allowIfAllAbstainDecisions"><value>false</value></property>
 		<property name="decisionVoters">
 		  <list>
-		    <ref bean="roleVoter"/>
-		    <ref bean="contactSecurityVoter"/>
+		    <ref local="roleVoter"/>
+		    <ref local="contactSecurityVoter"/>
 		  </list>
 		</property>
 	</bean>
@@ -105,9 +105,9 @@
 	<!-- ===================== SECURITY DEFINITIONS ======================= -->
 	
 	<bean id="publicContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
-    	<property name="authenticationManager"><ref bean="authenticationManager"/></property>
-    	<property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
-    	<property name="runAsManager"><ref bean="runAsManager"/></property>
+    	<property name="authenticationManager"><ref local="authenticationManager"/></property>
+    	<property name="accessDecisionManager"><ref local="businessAccessDecisionManager"/></property>
+    	<property name="runAsManager"><ref local="runAsManager"/></property>
  		<property name="objectDefinitionSource">
 			<value>
 				sample.contact.ContactManager.delete=ROLE_SUPERVISOR,RUN_AS_SERVER
@@ -120,9 +120,9 @@
 
 	<!-- We expect all callers of the backend object to hold the role ROLE_RUN_AS_SERVER -->
 	<bean id="backendContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
-    	<property name="authenticationManager"><ref bean="authenticationManager"/></property>
-    	<property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
-    	<property name="runAsManager"><ref bean="runAsManager"/></property>
+    	<property name="authenticationManager"><ref local="authenticationManager"/></property>
+    	<property name="accessDecisionManager"><ref local="businessAccessDecisionManager"/></property>
+    	<property name="runAsManager"><ref local="runAsManager"/></property>
  		<property name="objectDefinitionSource">
 			<value>
 				sample.contact.ContactManager.delete=ROLE_RUN_AS_SERVER
@@ -139,22 +139,22 @@
     	<property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
 	    <property name="interceptorNames">
       	<list>
-        	<value>publicContactManagerSecurity</value>
- 	        <value>publicContactManagerTarget</value>
+        	<idref local="publicContactManagerSecurity"/>
+ 	        <idref local="publicContactManagerTarget"/>
     	</list>
 	    </property>
   	</bean>
 
 	<bean id="publicContactManagerTarget" class="sample.contact.ContactManagerFacade">
-    	<property name="backend"><ref bean="backendContactManager"/></property>
+    	<property name="backend"><ref local="backendContactManager"/></property>
 	</bean>
 
 	<bean id="backendContactManager" class="org.springframework.aop.framework.ProxyFactoryBean">
     	<property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
 	    <property name="interceptorNames">
       	<list>
-        	<value>backendContactManagerSecurity</value>
- 	        <value>backendContactManagerTarget</value>
+        	<idref local="backendContactManagerSecurity"/>
+ 	        <idref local="backendContactManagerTarget"/>
     	</list>
 	    </property>
   	</bean>
@@ -164,7 +164,7 @@
 	<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
 	
 	<bean id="channelProcessingFilter" class="net.sf.acegisecurity.securechannel.ChannelProcessingFilter">
-		<property name="channelDecisionManager"><ref bean="channelDecisionManager"/></property>
+		<property name="channelDecisionManager"><ref local="channelDecisionManager"/></property>
  		<property name="filterInvocationDefinitionSource">
 			<value>
 			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
@@ -178,8 +178,8 @@
 	<bean id="channelDecisionManager" class="net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl">
 	    <property name="channelProcessors">
       		<list>
- 	        	<ref bean="secureChannelProcessor"/>
-        		<ref bean="insecureChannelProcessor"/>
+ 	        	<ref local="secureChannelProcessor"/>
+        		<ref local="insecureChannelProcessor"/>
      		</list>
 	    </property>
 	</bean>
@@ -190,27 +190,27 @@
 	<!-- ===================== HTTP REQUEST SECURITY ==================== -->
 
 	<bean id="casProcessingFilter" class="net.sf.acegisecurity.ui.cas.CasProcessingFilter">
-		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
+		<property name="authenticationManager"><ref local="authenticationManager"/></property>
 		<property name="authenticationFailureUrl"><value>/casfailed.jsp</value></property>
 		<property name="defaultTargetUrl"><value>/</value></property>
 		<property name="filterProcessesUrl"><value>/j_acegi_cas_security_check</value></property>
 	</bean>
 
 	<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
-		<property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property>
-		<property name="authenticationEntryPoint"><ref bean="casProcessingFilterEntryPoint"/></property>
+		<property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
+		<property name="authenticationEntryPoint"><ref local="casProcessingFilterEntryPoint"/></property>
 	</bean>
 
 	<bean id="casProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
 		<property name="loginUrl"><value>https://localhost:8443/cas/login</value></property>
-		<property name="serviceProperties"><ref bean="serviceProperties"/></property>
+		<property name="serviceProperties"><ref local="serviceProperties"/></property>
 	</bean>
 
 	<bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
    		<property name="allowIfAllAbstainDecisions"><value>false</value></property>
 		<property name="decisionVoters">
 		  <list>
-		    <ref bean="roleVoter"/>
+		    <ref local="roleVoter"/>
 		  </list>
 		</property>
 	</bean>
@@ -219,9 +219,9 @@
 	     The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
 	     Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
 	<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
-    	<property name="authenticationManager"><ref bean="authenticationManager"/></property>
-    	<property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property>
-    	<property name="runAsManager"><ref bean="runAsManager"/></property>
+    	<property name="authenticationManager"><ref local="authenticationManager"/></property>
+    	<property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
+    	<property name="runAsManager"><ref local="runAsManager"/></property>
  		<property name="objectDefinitionSource">
 			<value>
 			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
diff --git a/samples/contacts/etc/filter/applicationContext.xml b/samples/contacts/etc/filter/applicationContext.xml
index 2ba6b93205..780a1ae0c0 100644
--- a/samples/contacts/etc/filter/applicationContext.xml
+++ b/samples/contacts/etc/filter/applicationContext.xml
@@ -24,8 +24,8 @@
    <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
       <property name="providers">
          <list>
-            <ref bean="runAsAuthenticationProvider"/>
-            <ref bean="daoAuthenticationProvider"/>
+            <ref local="runAsAuthenticationProvider"/>
+            <ref local="daoAuthenticationProvider"/>
          </list>
       </property>
    </bean>
@@ -49,9 +49,9 @@
    <bean id="passwordEncoder" class="net.sf.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
 
    <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
-      <property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
-      <property name="userCache"><ref bean="userCache"/></property>
-      <property name="passwordEncoder"><ref bean="passwordEncoder"/></property>
+      <property name="authenticationDao"><ref local="inMemoryDaoImpl"/></property>
+      <property name="userCache"><ref local="userCache"/></property>
+      <property name="passwordEncoder"><ref local="passwordEncoder"/></property>
    </bean>
 
    <bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
@@ -62,8 +62,8 @@
    <bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
 
    <bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
-      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
-      <property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
+      <property name="authenticationManager"><ref local="authenticationManager"/></property>
+      <property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
    </bean>
 
    <bean id="basicProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
@@ -85,8 +85,8 @@
       <property name="allowIfAllAbstainDecisions"><value>false</value></property>
       <property name="decisionVoters">
          <list>
-            <ref bean="roleVoter"/>
-            <ref bean="contactSecurityVoter"/>
+            <ref local="roleVoter"/>
+            <ref local="contactSecurityVoter"/>
          </list>
       </property>
    </bean>
@@ -94,9 +94,9 @@
    <!-- ===================== SECURITY DEFINITIONS ======================= -->
 
    <bean id="publicContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
-      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
-      <property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
-      <property name="runAsManager"><ref bean="runAsManager"/></property>
+      <property name="authenticationManager"><ref local="authenticationManager"/></property>
+      <property name="accessDecisionManager"><ref local="businessAccessDecisionManager"/></property>
+      <property name="runAsManager"><ref local="runAsManager"/></property>
       <property name="objectDefinitionSource">
          <value>
 				sample.contact.ContactManager.delete=ROLE_SUPERVISOR,RUN_AS_SERVER
@@ -109,9 +109,9 @@
 
    <!-- We expect all callers of the backend object to hold the role ROLE_RUN_AS_SERVER -->
    <bean id="backendContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
-      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
-      <property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
-      <property name="runAsManager"><ref bean="runAsManager"/></property>
+      <property name="authenticationManager"><ref local="authenticationManager"/></property>
+      <property name="accessDecisionManager"><ref local="businessAccessDecisionManager"/></property>
+      <property name="runAsManager"><ref local="runAsManager"/></property>
       <property name="objectDefinitionSource">
          <value>
 				sample.contact.ContactManager.delete=ROLE_RUN_AS_SERVER
@@ -128,22 +128,22 @@
       <property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
       <property name="interceptorNames">
          <list>
-            <value>publicContactManagerSecurity</value>
-            <value>publicContactManagerTarget</value>
+            <idref local="publicContactManagerSecurity"/>
+            <idref local="publicContactManagerTarget"/>
          </list>
       </property>
    </bean>
 
    <bean id="publicContactManagerTarget" class="sample.contact.ContactManagerFacade">
-      <property name="backend"><ref bean="backendContactManager"/></property>
+      <property name="backend"><ref local="backendContactManager"/></property>
    </bean>
 
    <bean id="backendContactManager" class="org.springframework.aop.framework.ProxyFactoryBean">
       <property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
       <property name="interceptorNames">
          <list>
-            <value>backendContactManagerSecurity</value>
-            <value>backendContactManagerTarget</value>
+            <idref local="backendContactManagerSecurity"/>
+            <idref local="backendContactManagerTarget"/>
          </list>
       </property>
    </bean>
@@ -156,7 +156,7 @@
         <filter-mapping> in web.xml for the following beans to be used -->
 
    <bean id="channelProcessingFilter" class="net.sf.acegisecurity.securechannel.ChannelProcessingFilter">
-      <property name="channelDecisionManager"><ref bean="channelDecisionManager"/></property>
+      <property name="channelDecisionManager"><ref local="channelDecisionManager"/></property>
       <property name="filterInvocationDefinitionSource">
          <value>
 			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
@@ -171,8 +171,8 @@
    <bean id="channelDecisionManager" class="net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl">
       <property name="channelProcessors">
          <list>
-            <ref bean="secureChannelProcessor"/>
-            <ref bean="insecureChannelProcessor"/>
+            <ref local="secureChannelProcessor"/>
+            <ref local="insecureChannelProcessor"/>
          </list>
       </property>
    </bean>
@@ -183,15 +183,15 @@
    <!-- ===================== HTTP REQUEST SECURITY ==================== -->
 
    <bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
-      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
+      <property name="authenticationManager"><ref local="authenticationManager"/></property>
       <property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
       <property name="defaultTargetUrl"><value>/</value></property>
       <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
    </bean>
 
    <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
-      <property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property>
-      <property name="authenticationEntryPoint"><ref bean="authenticationProcessingFilterEntryPoint"/></property>
+      <property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
+      <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
    </bean>
 
    <bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
@@ -203,7 +203,7 @@
       <property name="allowIfAllAbstainDecisions"><value>false</value></property>
       <property name="decisionVoters">
          <list>
-            <ref bean="roleVoter"/>
+            <ref local="roleVoter"/>
          </list>
       </property>
    </bean>
@@ -212,9 +212,9 @@
         The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
         Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
    <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
-      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
-      <property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property>
-      <property name="runAsManager"><ref bean="runAsManager"/></property>
+      <property name="authenticationManager"><ref local="authenticationManager"/></property>
+      <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
+      <property name="runAsManager"><ref local="runAsManager"/></property>
       <property name="objectDefinitionSource">
          <value>
 			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
diff --git a/samples/quick-start/war-root/WEB-INF/applicationContext.xml b/samples/quick-start/war-root/WEB-INF/applicationContext.xml
index 0d828f1cec..d33334146f 100644
--- a/samples/quick-start/war-root/WEB-INF/applicationContext.xml
+++ b/samples/quick-start/war-root/WEB-INF/applicationContext.xml
@@ -30,8 +30,8 @@
 	     The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
 	     Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
 	<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
-    	<property name="authenticationManager"><ref bean="authenticationManager"/></property>
-    	<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
+    	<property name="authenticationManager"><ref local="authenticationManager"/></property>
+    	<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
  		<property name="objectDefinitionSource">
 			<value>
 			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
@@ -44,8 +44,8 @@
 	<!-- =================== SECURITY BEANS YOU WILL RARELY (IF EVER) CHANGE ================== -->
 	
 	<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
-     	<property name="authenticationDao"><ref bean="authenticationDao"/></property>
-     	<property name="userCache"><ref bean="userCache"/></property>
+     	<property name="authenticationDao"><ref local="authenticationDao"/></property>
+     	<property name="userCache"><ref local="userCache"/></property>
 	</bean>
 	
 	<bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
@@ -55,7 +55,7 @@
 	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
 		<property name="providers">
 		  <list>
-		    <ref bean="daoAuthenticationProvider"/>
+		    <ref local="daoAuthenticationProvider"/>
 		  </list>
 		</property>
 	</bean>
@@ -66,21 +66,21 @@
    		<property name="allowIfAllAbstainDecisions"><value>false</value></property>
 		<property name="decisionVoters">
 		  <list>
-		    <ref bean="roleVoter"/>
+		    <ref local="roleVoter"/>
 		  </list>
 		</property>
 	</bean>
 
 	<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
-		<property name="authenticationManager"><ref bean="authenticationManager"/></property>
+		<property name="authenticationManager"><ref local="authenticationManager"/></property>
 		<property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
 		<property name="defaultTargetUrl"><value>/</value></property>
 		<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
 	</bean>
 
 	<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
-		<property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property>
-		<property name="authenticationEntryPoint"><ref bean="authenticationProcessingFilterEntryPoint"/></property>
+		<property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property>
+		<property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
 	</bean>
 
 	<bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">