[maven-release-plugin] copy for tag spring-security-parent-2.0.2

2026-02-12 00:14:33 +00:00 · 2008-06-03 16:06:44 +00:00 · 2008-06-03 16:06:44 +00:00 · 807ae835b8
commit 807ae835b8
parent 122e1c47ed
48 changed files with 308 additions and 108 deletions
--- a/acl/pom.xml
+++ b/acl/pom.xml
@ -3,13 +3,13 @@
    <parent>
        <artifactId>spring-security-parent</artifactId>
        <groupId>org.springframework.security</groupId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-acl</artifactId>
    <name>Spring Security - ACL module</name>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
    <packaging>bundle</packaging>

    <dependencies>
--- a/adapters/catalina/pom.xml
+++ b/adapters/catalina/pom.xml
@ -3,7 +3,7 @@
  <parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-adapters</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
  </parent>
  <artifactId>spring-security-catalina</artifactId>
  <name>Spring Security - Catalina adapter</name>
--- a/adapters/jboss/pom.xml
+++ b/adapters/jboss/pom.xml
@ -3,7 +3,7 @@
  <parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-adapters</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
  </parent>
  <artifactId>spring-security-jboss</artifactId>
  <name>Spring Security - JBoss adapter</name>
--- a/adapters/jetty/pom.xml
+++ b/adapters/jetty/pom.xml
@ -3,7 +3,7 @@
  <parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-adapters</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
  </parent>
  <artifactId>spring-security-jetty</artifactId>
  <name>Spring Security - Jetty adapter</name>
--- a/adapters/pom.xml
+++ b/adapters/pom.xml
@ -3,7 +3,7 @@
  <parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-parent</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
  </parent>
  <artifactId>spring-security-adapters</artifactId>
  <name>Spring Security - Adapters</name>
--- a/adapters/resin/pom.xml
+++ b/adapters/resin/pom.xml
@ -3,7 +3,7 @@
  <parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-adapters</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
  </parent>
  <artifactId>spring-security-resin</artifactId>
  <name>Spring Security - Resin adapter</name>
--- a/cas/pom.xml
+++ b/cas/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-parent</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <artifactId>spring-security-cas-client</artifactId>
    <name>Spring Security - CAS support</name>
--- a/core-tiger/pom.xml
+++ b/core-tiger/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-parent</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <packaging>bundle</packaging>    
    <artifactId>spring-security-core-tiger</artifactId>
--- a/core-tiger/src/test/resources/log4j.properties
+++ b/core-tiger/src/test/resources/log4j.properties
@ -0,0 +1,12 @@
+# Logging
+#
+# $Id: log4j.properties 2385 2007-12-20 20:53:26Z luke_t $
+
+log4j.rootCategory=DEBUG, stdout
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%d %p %c - %m%n
+
+log4j.category.org.springframework.security=DEBUG
+
--- a/core/pom.xml
+++ b/core/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-parent</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <packaging>bundle</packaging>
    <artifactId>spring-security-core</artifactId>
--- a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
@ -389,9 +389,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
            }
            
            BeanDefinition openIDProvider = openIDProviderBuilder.getBeanDefinition();
-            ConfigUtils.getRegisteredProviders(pc).add(openIDProvider);
-            
            pc.getRegistry().registerBeanDefinition(BeanIds.OPEN_ID_PROVIDER, openIDProvider);
+            ConfigUtils.getRegisteredProviders(pc).add(new RuntimeBeanReference(BeanIds.OPEN_ID_PROVIDER));
        }
        
        boolean needLoginPage = false;
--- a/ntlm/pom.xml
+++ b/ntlm/pom.xml
@ -3,7 +3,7 @@
 	<parent>
 		<groupId>org.springframework.security</groupId>
 		<artifactId>spring-security-parent</artifactId>
-		<version>2.0.2-SNAPSHOT</version>
+		<version>2.0.2</version>
 	</parent>
 	<packaging>jar</packaging>
 	<artifactId>spring-security-ntlm</artifactId>
--- a/openid/pom.xml
+++ b/openid/pom.xml
@ -3,12 +3,12 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-parent</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <artifactId>spring-security-openid</artifactId>
    <name>Spring Security - OpenID support</name>
    <description>Spring Security - Support for OpenID</description>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
    <packaging>bundle</packaging>

    <dependencies>
--- a/pom.xml
+++ b/pom.xml
@ -3,7 +3,7 @@
    <modelVersion>4.0.0</modelVersion>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-parent</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
    <name>Spring Security</name>
    <packaging>pom</packaging>

@ -38,9 +38,9 @@

    <!-- Note when doing releases: tagBase is set in release plugin configuration below -->
    <scm>
-        <connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/trunk</connection>
-        <developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/trunk</developerConnection>
-        <url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/spring-security/trunk/</url>
+        <connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/spring-security-parent-2.0.2</connection>
+        <developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/spring-security-parent-2.0.2</developerConnection>
+        <url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/spring-security/tags/spring-security-parent-2.0.2</url>
    </scm>

    <issueManagement>
--- a/portlet/pom.xml
+++ b/portlet/pom.xml
@ -3,18 +3,18 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-parent</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <artifactId>spring-security-portlet</artifactId>
    <name>Spring Security - Portlet support</name>
    <description>Spring Security - Support for JSR 168 Portlets</description>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>

    <dependencies>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
-            <version>2.0.2-SNAPSHOT</version>
+            <version>2.0.2</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
--- a/samples/cas/client/pom.xml
+++ b/samples/cas/client/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-samples-cas</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-samples-cas-client</artifactId>
--- a/samples/cas/pom.xml
+++ b/samples/cas/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-samples-cas</artifactId>
--- a/samples/cas/server/pom.xml
+++ b/samples/cas/server/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-samples-cas</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-samples-cas-server</artifactId>
--- a/samples/contacts/pom.xml
+++ b/samples/contacts/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <artifactId>spring-security-samples-contacts</artifactId>
    <name>Spring Security - Contacts sample</name>
--- a/samples/dms/pom.xml
+++ b/samples/dms/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <artifactId>spring-security-samples-dms</artifactId>
    <name>Spring Security - DMS sample</name>
--- a/samples/ldap/pom.xml
+++ b/samples/ldap/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-samples-ldap</artifactId>
--- a/samples/openid/pom.xml
+++ b/samples/openid/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-samples-openid</artifactId>
--- a/samples/openid/src/main/webapp/WEB-INF/classes/log4j.properties
+++ b/samples/openid/src/main/webapp/WEB-INF/classes/log4j.properties
@ -10,7 +10,7 @@ log4j.appender.stdout.layout.conversionPattern=[%p,%c{1},%t] %m%n

 # Rolling log file output...
 log4j.appender.fileout=org.apache.log4j.RollingFileAppender
-log4j.appender.fileout.File=spring-security-preauth.log
+log4j.appender.fileout.File=spring-security-openid.log
 #log4j.appender.fileout.File=${webapp.root}/WEB-INF/log4j.log
 log4j.appender.fileout.MaxFileSize=1024KB
 log4j.appender.fileout.MaxBackupIndex=1
--- a/samples/pom.xml
+++ b/samples/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-parent</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-samples</artifactId>
--- a/samples/portlet/pom.xml
+++ b/samples/portlet/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-samples-portlet</artifactId>
--- a/samples/preauth/pom.xml
+++ b/samples/preauth/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-samples-preauth</artifactId>
--- a/samples/tutorial/pom.xml
+++ b/samples/tutorial/pom.xml
@ -3,7 +3,7 @@
    <parent>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-samples-tutorial</artifactId>
--- a/sandbox/captcha/pom.xml
+++ b/sandbox/captcha/pom.xml
@ -3,13 +3,13 @@
    <parent>
        <artifactId>spring-security-parent</artifactId>
        <groupId>org.springframework.security</groupId>
-        <version>2.0-SNAPSHOT</version>
+        <version>2.0.2-SNAPSHOT</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-captcha</artifactId>
    <name>Spring Security - Captcha module</name>
-    <version>2.0-SNAPSHOT</version>
+    <version>2.0.2-SNAPSHOT</version>

    <dependencies>
        <dependency>
@ -34,4 +34,4 @@
            <scope>test</scope>
        </dependency>        
    </dependencies>
-</project>
+</project>
--- a/sandbox/heavyduty/pom.xml
+++ b/sandbox/heavyduty/pom.xml
@ -4,7 +4,7 @@
    <artifactId>spring-security-heavyduty</artifactId>
    <name>Spring Security - Heavy Duty Sample</name>
    <packaging>war</packaging>
-    <version>2.0.0</version>
+    <version>2.0.2-SNAPSHOT</version>
    <dependencies>
        <dependency>
            <groupId>org.springframework.security</groupId>
@ -58,6 +58,12 @@
            <scope>runtime</scope>
            <version>${spring.version}</version>
        </dependency>
+        <dependency>
+            <groupId>org.freemarker</groupId>
+            <artifactId>freemarker</artifactId>
+            <scope>runtime</scope>
+            <version>2.3.12</version>
+        </dependency>        
 	    <dependency>
 	      <groupId>hsqldb</groupId>
 	      <artifactId>hsqldb</artifactId>
@ -160,7 +166,7 @@
    </build>
    <properties>        
        <spring.version>2.5.4</spring.version>
-        <spring.security.version>2.0.1-SNAPSHOT</spring.security.version>
+        <spring.security.version>2.0.2-SNAPSHOT</spring.security.version>
    </properties>

-</project>
+</project>
--- a/sandbox/heavyduty/src/main/java/bigbank/web/ListAccounts.java
+++ b/sandbox/heavyduty/src/main/java/bigbank/web/ListAccounts.java
@ -3,7 +3,6 @@ package bigbank.web;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

-import org.springframework.security.AuthenticationCredentialsNotFoundException;
 import org.springframework.util.Assert;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.mvc.Controller;
@ -19,12 +18,7 @@ public class ListAccounts implements Controller {
 		this.bankService = bankService;
 	}

-	public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
-		// Security check (this is unnecessary if Spring Security is performing the authorization)
-//		if (request.getUserPrincipal() == null) {
-//			throw new AuthenticationCredentialsNotFoundException("You must login to view the account list (Spring Security message)"); // only for Spring Security managed authentication
-//		}
-		
+	public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {		
 		// Actual business logic
 		ModelAndView mav = new ModelAndView("listAccounts");
 		mav.addObject("accounts", bankService.findAccounts());
--- a/sandbox/heavyduty/src/main/java/bigbank/web/PostAccounts.java
+++ b/sandbox/heavyduty/src/main/java/bigbank/web/PostAccounts.java
@ -3,7 +3,6 @@ package bigbank.web;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

-import org.springframework.security.AccessDeniedException;
 import org.springframework.util.Assert;
 import org.springframework.web.bind.ServletRequestUtils;
 import org.springframework.web.servlet.ModelAndView;
--- a/sandbox/heavyduty/src/main/java/heavyduty/web/TestMultiActionController.java
+++ b/sandbox/heavyduty/src/main/java/heavyduty/web/TestMultiActionController.java
@ -0,0 +1,44 @@
+package heavyduty.web;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.bind.ServletRequestBindingException;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
+
+/**
+ * Reproduces SEC-830.
+ */
+public class TestMultiActionController extends MultiActionController {
+	public static final String VIEW_NAME = "multi-action-test";
+	
+	public String login(HttpServletRequest request, HttpServletResponse response) {
+		return "login";
+	}
+		
+	public void step1(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+		request.getRequestDispatcher("/testMulti.htm?action=step1xtra").forward(request, response);
+	}
+
+	public ModelAndView step1xtra(HttpServletRequest request, HttpServletResponse response) throws ServletRequestBindingException {
+		return createView("step2");
+	}	
+	
+	public ModelAndView step2(HttpServletRequest request, HttpServletResponse response) throws ServletRequestBindingException {
+		return createView("step1");
+	}
+	
+	private ModelAndView createView(String name) {
+		Map model = new HashMap();
+		model.put("nextAction", name);
+		return new ModelAndView(VIEW_NAME, model);
+	}
+	
+}
+
--- a/sandbox/heavyduty/src/main/java/sample/TestVoter.java
+++ b/sandbox/heavyduty/src/main/java/sample/TestVoter.java
@ -0,0 +1,30 @@
+package sample;
+
+import java.lang.annotation.Annotation;
+
+import org.aopalliance.intercept.MethodInvocation;
+import org.springframework.security.Authentication;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.vote.AccessDecisionVoter;
+
+public class TestVoter implements AccessDecisionVoter {
+
+	public boolean supports(ConfigAttribute attribute) {
+		return true;
+	}
+
+	public boolean supports(Class clazz) {
+		return MethodInvocation.class.isAssignableFrom(clazz);
+	}
+
+	public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+		MethodInvocation mi = (MethodInvocation) object;
+		
+		Annotation[][] annotations = mi.getMethod().getParameterAnnotations();
+		
+
+		return ACCESS_GRANTED;
+	}
+
+}
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-misc.xml
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-misc.xml
@ -10,8 +10,10 @@
 <beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd
+                        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.5.xsd">

    <bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
        <property name="decisionVoters">
@ -45,6 +47,19 @@
    <bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
        <property name="realmName"><value>My Realm</value></property>
    </bean>
+    
+	<bean id="bankServiceSecurityInterceptor"
+	    class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
+	  <property name="authenticationManager" ref="authenticationManager"/>
+	  <property name="accessDecisionManager" ref="accessDecisionManager"/>
+	  <!-- property name="afterInvocationManager" ref="afterInvocationManager"/ -->
+	  <property name="objectDefinitionSource">
+	    <value>
+	        bigbank.BankService.post*=ROLE_SUPERVISOR
+	        bigbank.BankService.find*=ROLE_SUPERVISOR
+	    </value>
+	  </property>
+    </bean>

 </beans>
                        
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-persistence.xml
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-persistence.xml
@ -15,9 +15,7 @@
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd">
  
  <bean id="AllPropertiesConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
-    <property name="location">
-      <value>classpath:jdbc.properties</value>
-    </property>
+    <property name="location" value="classpath:jdbc.properties"/>
  </bean>

  <tx:annotation-driven transaction-manager="transactionManager" />
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml
@ -10,45 +10,70 @@
    xmlns:b="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">

    <b:import resource="appContext-misc.xml"/>
    
-	<global-method-security secured-annotations="enabled"/>		
-
-    <http entry-point-ref='customEntryPoint'>
+	<!-- global-method-security secured-annotations="enabled" access-decision-manager-ref="methodAccessMgr"/ -->
+	
+	<b:bean id="methodAccessmanager" class="org.springframework.security.vote.AffirmativeBased">
+	   <b:property name="decisionVoters">
+	       <b:list>
+	           <b:bean class="sample.TestVoter"/>
+	       </b:list>
+	   </b:property>
+	</b:bean>
+    
+    <!-- http entry-point-ref='customEntryPoint'-->
+    <http>
        <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
-        <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
+        <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
+        <intercept-url pattern="/testMulti.htm*" access="IS_AUTHENTICATED_FULLY" />        
 		<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
        <intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
        <intercept-url pattern="/post.html" access="ROLE_TELLER" />
        -->
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
 <!--
-    Uncomment to enable X509 client authentication support -->
-        <x509 user-service-ref="daoUserService"/> 
-
-
-        <!-- All of this is unnecessary if auto-config="true" -->
-        <form-login default-target-url="/secure/index.jsp" always-use-default-target="true"/>
+    Uncomment to enable X509 client authentication support
+        <x509 user-service-ref="daoUserService"/>
+-->
+        <!-- form-login default-target-url="/secure/index.jsp" login-page="/login.jsp" authentication-failure-url="/login.jsp?login-error=1" always-use-default-target="false"/-->
        <anonymous />
-        <!-- http-basic / -->
-        <logout />
+        <http-basic />
+        <logout />
+        <remember-me key='doesntmatter' token-repository-ref='tokenRepo' user-service-ref='daoUserService'/>
 <!--          <remember-me user-service-ref="daoUserService"/> -->

        <!-- Uncomment to limit the number of sessions a user can have -->
-        <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
+        <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" session-registry-ref='sessionRegistry'/>
+        
    </http>
+
+    <authentication-manager alias="authenticationManager" />
    
-    <authentication-manager alias="authenticationManager"/> 
+    <b:bean id='tokenRepo' class='org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl'/>    
    
+    <!-- Traditional Session Control Beans -->
+<!--     
+    <b:bean id='sessionControlFilter' class="org.springframework.security.concurrent.ConcurrentSessionFilter">
+        <custom-filter position="CONCURRENT_SESSION_FILTER"/>
+        <b:property name="sessionRegistry" ref='sessionRegistry'/>
+    </b:bean>
+    
+    <b:bean id='sessionController' class="org.springframework.security.concurrent.ConcurrentSessionControllerImpl">
+        <b:property name='sessionRegistry' ref='sessionRegistry'/>
+    </b:bean>
+ -->    
+    <b:bean id='sessionRegistry' class="org.springframework.security.concurrent.SessionRegistryImpl"/>
+<!-- 
    <b:bean id="customAuthFilter" class="heavyduty.security.ui.HeavyDutyAuthenticationProcessingFilter">
-        <custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
+        <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
        <b:property name="defaultTargetUrl" value="/"/>
        <b:property name="authenticationManager" ref="authenticationManager"/>
    </b:bean>
-    
-    <b:bean id="customEntryPoint" class="heavyduty.security.ui.HeavyDutyEntryPoint">
+ -->    
+    <b:bean id="customEntryPoint" class="heavyduty.security.ui.HeavyDutyEntryPoint"> 
        <b:property name="loginFormUrl" value="/login.jsp"/>
    </b:bean>
 <!--     
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/bank-servlet.xml
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/bank-servlet.xml
@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
-
-	<bean name="/listAccounts.html" class="bigbank.web.ListAccounts">
-		<constructor-arg ref="bankService"/>
-	</bean>
-	
-	<bean name="/post.html" class="bigbank.web.PostAccounts">
-		<constructor-arg ref="bankService"/>
-	</bean>
-	
-	<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
-		<property name="prefix" value="/WEB-INF/jsp/"/>
-		<property name="suffix" value=".jsp"/>
-	</bean>
-
-</beans>
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl
@ -0,0 +1,22 @@
+<html>
+  <head>
+    <title>Spring Security Login</title>
+  </head>
+
+  <body onload="document.f.j_username.focus();">
+    <h1>Spring Security Login (Freemarker)</h1>
+
+    <form name="f" action="j_spring_security_check" method="POST">
+      <table>
+        <tr><td>User:</td><td><input type='text' name='j_username' value=''/></td></tr>
+        <tr><td>Password:</td><td><input type='password' name='j_password' value=''/></td></tr>
+        <tr><td><input type="checkbox" name="_spring_security_remember_me"/></td><td>Don't ask for my password for two weeks</td></tr>
+
+        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
+        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
+      </table>
+
+    </form>
+
+  </body>
+</html>
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/multi-action-test.ftl
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/multi-action-test.ftl
@ -0,0 +1,13 @@
+
+<html>
+	<head>
+        <title>MultiActionController Test</title>
+	</head>
+	<body>
+
+    <form action="testMulti.htm">
+        <input name="action" value="${nextAction}" type="text"/>
+        <input  type='submit' value='submit' />
+    </form>
+    </body>
+</html>
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/heavyduty-servlet.xml
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/heavyduty-servlet.xml
@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+
+	<bean name="testMultiController" class="heavyduty.web.TestMultiActionController">
+	   <property name="methodNameResolver">
+	       <bean class="org.springframework.web.servlet.mvc.multiaction.ParameterMethodNameResolver"/>
+	   </property>
+	</bean>
+<!-- 	
+	<bean name="/post.html" class="bigbank.web.PostAccounts">
+		<constructor-arg ref="bankService"/>
+	</bean>
+ -->
+	<bean id="freemarkerConfig" class="org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer">
+	  <property name="templateLoaderPath" value="/WEB-INF/freemarker/"/>
+	</bean>
+	
+	<bean id="viewResolver" class="org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
+		<property name="prefix" value=""/>
+		<property name="suffix" value=".ftl"/>
+	</bean>
+
+    <bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
+        <property name="mappings">
+            <value>
+                **/testMulti.htm=testMultiController
+            </value>
+        </property>
+    </bean>
+
+</beans>
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml
@ -64,14 +64,14 @@
 	- Provides core MVC application controller.
    -->
 	<servlet>
-		<servlet-name>bank</servlet-name>
+		<servlet-name>heavyduty</servlet-name>
 		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
 		<load-on-startup>1</load-on-startup>
 	</servlet>

 	<servlet-mapping>
-    	<servlet-name>bank</servlet-name>
-    	<url-pattern>*.html</url-pattern>
+    	<servlet-name>heavyduty</servlet-name>
+    	<url-pattern>*.htm</url-pattern>
 	</servlet-mapping>

     <welcome-file-list>
--- a/sandbox/heavyduty/src/main/webapp/context.jsp
+++ b/sandbox/heavyduty/src/main/webapp/context.jsp
@ -0,0 +1,29 @@
+<%@page import="org.springframework.web.context.support.WebApplicationContextUtils"%>
+<%@page import="org.springframework.security.providers.ldap.LdapAuthenticationProvider"%>
+<%@page import="org.springframework.security.providers.ProviderManager"%>
+
+<html>
+<body>
+<h1>Context Information Page</h1>
+<p>
+LdapAuthenticationProvider instances: <br/>
+
+<%=
+WebApplicationContextUtils.getRequiredWebApplicationContext(
+        session.getServletContext()).getBeansOfType(LdapAuthenticationProvider.class)
+%>
+</p>
+
+<p>
+Providers: <br />
+
+<%=
+((ProviderManager)WebApplicationContextUtils.getRequiredWebApplicationContext(
+        session.getServletContext()).getBean("_authenticationManager")).getProviders() %>
+</p>
+
+
+
+<p><a href="/index.jsp">Home</a></p>
+</body>
+</html>
--- a/sandbox/heavyduty/src/main/webapp/index.jsp
+++ b/sandbox/heavyduty/src/main/webapp/index.jsp
@ -1,17 +1,17 @@
 <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
 <html>
 <body>
-<h1>Home Page</h1>
+<h1>HeavyDuty App Home Page</h1>
 <p>
 Anyone can view this page.
 </p>
-<p>
-If you're logged in, you can <a href="listAccounts.html">list accounts</a>.
+<p>
+Test multi-action controller <a href="testMulti.htm?action=step1">SEC-830</a>.
 </p>
 <p>
 Your principal object is....: <%= request.getUserPrincipal() %>
 </p>
-
+<h3>Restricted Pages ...</h3>
 <p><a href="secure/index.jsp">Secure page</a></p>
 <p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>
 </body>
--- a/sandbox/other/pom.xml
+++ b/sandbox/other/pom.xml
@ -6,7 +6,7 @@
  <parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-sandbox</artifactId>
-    <version>2.0-SNAPSHOT</version>
+    <version>2.0.2-SNAPSHOT</version>
  </parent>
  <artifactId>spring-security-sandbox-other</artifactId>
  <name>Spring Security - Other Sandbox Code</name>
--- a/sandbox/pom.xml
+++ b/sandbox/pom.xml
@ -4,7 +4,7 @@
  <parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-parent</artifactId>
-    <version>2.0-SNAPSHOT</version>
+    <version>2.0.2-SNAPSHOT</version>
  </parent>
  <artifactId>spring-security-sandbox</artifactId>
  <name>Spring Security - Sandbox</name>
@ -20,7 +20,7 @@
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-core</artifactId>
-      <version>2.0-SNAPSHOT</version>
+      <version>2.0.2-SNAPSHOT</version>
    </dependency>
  </dependencies>
  
--- a/sandbox/webwork/pom.xml
+++ b/sandbox/webwork/pom.xml
@ -3,7 +3,7 @@
  <parent>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-sandbox</artifactId>
-    <version>2.0-SNAPSHOT</version>
+    <version>2.0.2-SNAPSHOT</version>
  </parent>
  <artifactId>spring-security-webwork</artifactId>
  <name>Spring Security - Webwork support</name>
--- a/src/site/fml/faq.fml
+++ b/src/site/fml/faq.fml
@ -128,8 +128,8 @@ org.springframework.security.AccessDeniedException: Access is denied
    	</faq>
    	<faq>
    		<question>
-    			I've configured the "requires-channel" attribute to use HTTPS for my login page and switch back to HTTP afterwards but I just end up back at
-    			the login page after authenticating. I'm using Tomcat. Why doesn't it work?
+    			I'm using Tomcat and have enabled HTTPS for my login page, switching back to HTTP afterwards. It doesn't work - I just 
+    			end up back at the login page after authenticating.
    		</question>
    		<answer>
    			<p>
@ -140,7 +140,7 @@ org.springframework.security.AccessDeniedException: Access is denied
    	</faq>
    	<faq>
    		<question>
-    			I'm forwarding a request to another URL using the RequestDispatcher, but my security constraints aren't being applied. Why not?
+    			I'm forwarding a request to another URL using the RequestDispatcher, but my security constraints aren't being applied.
    		</question>
    		<answer>
    			Filters are not applied by default to forwards or includes. If you really want the security filters to be applied to forwards and/or includes, 
@ -156,9 +156,9 @@ org.springframework.security.AccessDeniedException: Access is denied
 	  			<p>This question comes up repeatedly in the Spring Security forum so you will find more information there.</p>
 	  			<p>
 	  			The submitted login information is processed by an instance of <i>AuthenticationProcessingFilter</i>. You will need to customize this class to handle
-	  				the extra data field(s). One option is to use your own customized authentication token class (rather than the standard <i>UsernamePasswordAuthenticatioToken</i>),
+	  				the extra data field(s). One option is to use your own customized authentication token class (rather than the standard <i>UsernamePasswordAuthenticationToken</i>),
 	  				another is simply to concatenate the extra fields with the username (for example, using a ":" as the separator) and pass them in the username property of
-	  				<i>UsernamePasswordAuthenticatioToken</i>.
+	  				<i>UsernamePasswordAuthenticationToken</i>.
 	  			</p>
 	  			<p>
 	  				You will also need to customize the actual authentication process. If you are using a custom authentication token class, for example, you will have to write an 
--- a/taglibs/pom.xml
+++ b/taglibs/pom.xml
@ -3,13 +3,13 @@
    <parent>
        <artifactId>spring-security-parent</artifactId>
        <groupId>org.springframework.security</groupId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-taglibs</artifactId>
    <name>Spring Security - JSP taglibs</name>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
    <packaging>jar</packaging>

    <dependencies>