diff --git a/acl/pom.xml b/acl/pom.xml
index 8bf7ea3279..6bfcdca81b 100644
--- a/acl/pom.xml
+++ b/acl/pom.xml
@@ -3,13 +3,13 @@
     <parent>
         <artifactId>spring-security-parent</artifactId>
         <groupId>org.springframework.security</groupId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-acl</artifactId>
     <name>Spring Security - ACL module</name>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
     <packaging>bundle</packaging>
 
     <dependencies>
diff --git a/adapters/catalina/pom.xml b/adapters/catalina/pom.xml
index 4dfce15008..03615b8a00 100644
--- a/adapters/catalina/pom.xml
+++ b/adapters/catalina/pom.xml
@@ -3,7 +3,7 @@
   <parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-adapters</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
   </parent>
   <artifactId>spring-security-catalina</artifactId>
   <name>Spring Security - Catalina adapter</name>
diff --git a/adapters/jboss/pom.xml b/adapters/jboss/pom.xml
index aec0e26a01..b0c3e407be 100644
--- a/adapters/jboss/pom.xml
+++ b/adapters/jboss/pom.xml
@@ -3,7 +3,7 @@
   <parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-adapters</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
   </parent>
   <artifactId>spring-security-jboss</artifactId>
   <name>Spring Security - JBoss adapter</name>
diff --git a/adapters/jetty/pom.xml b/adapters/jetty/pom.xml
index 9a393a76ef..bc2809953d 100644
--- a/adapters/jetty/pom.xml
+++ b/adapters/jetty/pom.xml
@@ -3,7 +3,7 @@
   <parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-adapters</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
   </parent>
   <artifactId>spring-security-jetty</artifactId>
   <name>Spring Security - Jetty adapter</name>
diff --git a/adapters/pom.xml b/adapters/pom.xml
index 239fcfe461..03446d4a78 100644
--- a/adapters/pom.xml
+++ b/adapters/pom.xml
@@ -3,7 +3,7 @@
   <parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-parent</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
   </parent>
   <artifactId>spring-security-adapters</artifactId>
   <name>Spring Security - Adapters</name>
diff --git a/adapters/resin/pom.xml b/adapters/resin/pom.xml
index 60dbdebd3d..688ce07bb9 100644
--- a/adapters/resin/pom.xml
+++ b/adapters/resin/pom.xml
@@ -3,7 +3,7 @@
   <parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-adapters</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
   </parent>
   <artifactId>spring-security-resin</artifactId>
   <name>Spring Security - Resin adapter</name>
diff --git a/cas/pom.xml b/cas/pom.xml
index 303c38a108..03f8813c48 100644
--- a/cas/pom.xml
+++ b/cas/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-parent</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <artifactId>spring-security-cas-client</artifactId>
     <name>Spring Security - CAS support</name>
diff --git a/core-tiger/pom.xml b/core-tiger/pom.xml
index 7884c82e40..f0bfdce4ee 100644
--- a/core-tiger/pom.xml
+++ b/core-tiger/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-parent</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <packaging>bundle</packaging>    
     <artifactId>spring-security-core-tiger</artifactId>
diff --git a/core-tiger/src/test/resources/log4j.properties b/core-tiger/src/test/resources/log4j.properties
new file mode 100644
index 0000000000..2c1eb7cf30
--- /dev/null
+++ b/core-tiger/src/test/resources/log4j.properties
@@ -0,0 +1,12 @@
+# Logging
+#
+# $Id: log4j.properties 2385 2007-12-20 20:53:26Z luke_t $
+
+log4j.rootCategory=DEBUG, stdout
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%d %p %c - %m%n
+
+log4j.category.org.springframework.security=DEBUG
+
diff --git a/core/pom.xml b/core/pom.xml
index 27bb76e2c4..4564a945c6 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-parent</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <packaging>bundle</packaging>
     <artifactId>spring-security-core</artifactId>
diff --git a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
index ffae1f3685..7718c4e66d 100644
--- a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
@@ -389,9 +389,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
             }
             
             BeanDefinition openIDProvider = openIDProviderBuilder.getBeanDefinition();
-            ConfigUtils.getRegisteredProviders(pc).add(openIDProvider);
-            
             pc.getRegistry().registerBeanDefinition(BeanIds.OPEN_ID_PROVIDER, openIDProvider);
+            ConfigUtils.getRegisteredProviders(pc).add(new RuntimeBeanReference(BeanIds.OPEN_ID_PROVIDER));
         }
         
         boolean needLoginPage = false;
diff --git a/ntlm/pom.xml b/ntlm/pom.xml
index 545b2638ce..0559ca8925 100755
--- a/ntlm/pom.xml
+++ b/ntlm/pom.xml
@@ -3,7 +3,7 @@
 	<parent>
 		<groupId>org.springframework.security</groupId>
 		<artifactId>spring-security-parent</artifactId>
-		<version>2.0.2-SNAPSHOT</version>
+		<version>2.0.2</version>
 	</parent>
 	<packaging>jar</packaging>
 	<artifactId>spring-security-ntlm</artifactId>
diff --git a/openid/pom.xml b/openid/pom.xml
index e7cf73c659..826f0f52d7 100644
--- a/openid/pom.xml
+++ b/openid/pom.xml
@@ -3,12 +3,12 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-parent</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <artifactId>spring-security-openid</artifactId>
     <name>Spring Security - OpenID support</name>
     <description>Spring Security - Support for OpenID</description>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
     <packaging>bundle</packaging>
 
     <dependencies>
diff --git a/pom.xml b/pom.xml
index a7d4d6c564..910bec8561 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-parent</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
     <name>Spring Security</name>
     <packaging>pom</packaging>
 
@@ -38,9 +38,9 @@
 
     <!-- Note when doing releases: tagBase is set in release plugin configuration below -->
     <scm>
-        <connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/trunk</connection>
-        <developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/trunk</developerConnection>
-        <url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/spring-security/trunk/</url>
+        <connection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/spring-security-parent-2.0.2</connection>
+        <developerConnection>scm:svn:https://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/tags/spring-security-parent-2.0.2</developerConnection>
+        <url>http://acegisecurity.svn.sourceforge.net/viewcvs.cgi/acegisecurity/spring-security/tags/spring-security-parent-2.0.2</url>
     </scm>
 
     <issueManagement>
diff --git a/portlet/pom.xml b/portlet/pom.xml
index 113c278b71..8f2a32ab54 100644
--- a/portlet/pom.xml
+++ b/portlet/pom.xml
@@ -3,18 +3,18 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-parent</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <artifactId>spring-security-portlet</artifactId>
     <name>Spring Security - Portlet support</name>
     <description>Spring Security - Support for JSR 168 Portlets</description>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
 
     <dependencies>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
-            <version>2.0.2-SNAPSHOT</version>
+            <version>2.0.2</version>
         </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
diff --git a/samples/cas/client/pom.xml b/samples/cas/client/pom.xml
index 354ac8604a..57720cb8e2 100644
--- a/samples/cas/client/pom.xml
+++ b/samples/cas/client/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-samples-cas</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-samples-cas-client</artifactId>
diff --git a/samples/cas/pom.xml b/samples/cas/pom.xml
index 0f15054519..0494294278 100644
--- a/samples/cas/pom.xml
+++ b/samples/cas/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-samples-cas</artifactId>
diff --git a/samples/cas/server/pom.xml b/samples/cas/server/pom.xml
index 45be497181..b9cefe4d3f 100644
--- a/samples/cas/server/pom.xml
+++ b/samples/cas/server/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-samples-cas</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-samples-cas-server</artifactId>
diff --git a/samples/contacts/pom.xml b/samples/contacts/pom.xml
index 5939ca453f..67e5efe034 100644
--- a/samples/contacts/pom.xml
+++ b/samples/contacts/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <artifactId>spring-security-samples-contacts</artifactId>
     <name>Spring Security - Contacts sample</name>
diff --git a/samples/dms/pom.xml b/samples/dms/pom.xml
index e3af4371d6..0af993efa3 100644
--- a/samples/dms/pom.xml
+++ b/samples/dms/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <artifactId>spring-security-samples-dms</artifactId>
     <name>Spring Security - DMS sample</name>
diff --git a/samples/ldap/pom.xml b/samples/ldap/pom.xml
index ecf7b03e23..bf840763e5 100644
--- a/samples/ldap/pom.xml
+++ b/samples/ldap/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-samples-ldap</artifactId>
diff --git a/samples/openid/pom.xml b/samples/openid/pom.xml
index 5420a7d1a9..061eac9ae5 100644
--- a/samples/openid/pom.xml
+++ b/samples/openid/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-samples-openid</artifactId>
diff --git a/samples/openid/src/main/webapp/WEB-INF/classes/log4j.properties b/samples/openid/src/main/webapp/WEB-INF/classes/log4j.properties
index 5a78fdb39c..2f7890f02e 100644
--- a/samples/openid/src/main/webapp/WEB-INF/classes/log4j.properties
+++ b/samples/openid/src/main/webapp/WEB-INF/classes/log4j.properties
@@ -10,7 +10,7 @@ log4j.appender.stdout.layout.conversionPattern=[%p,%c{1},%t] %m%n
 
 # Rolling log file output...
 log4j.appender.fileout=org.apache.log4j.RollingFileAppender
-log4j.appender.fileout.File=spring-security-preauth.log
+log4j.appender.fileout.File=spring-security-openid.log
 #log4j.appender.fileout.File=${webapp.root}/WEB-INF/log4j.log
 log4j.appender.fileout.MaxFileSize=1024KB
 log4j.appender.fileout.MaxBackupIndex=1
diff --git a/samples/pom.xml b/samples/pom.xml
index 57620f4655..3832b0e29a 100644
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-parent</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-samples</artifactId>
diff --git a/samples/portlet/pom.xml b/samples/portlet/pom.xml
index 7c6a90f846..16690eb976 100644
--- a/samples/portlet/pom.xml
+++ b/samples/portlet/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-samples-portlet</artifactId>
diff --git a/samples/preauth/pom.xml b/samples/preauth/pom.xml
index a77c8808cd..25cca8c98e 100644
--- a/samples/preauth/pom.xml
+++ b/samples/preauth/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-samples-preauth</artifactId>
diff --git a/samples/tutorial/pom.xml b/samples/tutorial/pom.xml
index fdef8275d2..04cf8f4f44 100644
--- a/samples/tutorial/pom.xml
+++ b/samples/tutorial/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-samples</artifactId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-samples-tutorial</artifactId>
diff --git a/sandbox/captcha/pom.xml b/sandbox/captcha/pom.xml
index ed32645295..6e0aeb81ef 100644
--- a/sandbox/captcha/pom.xml
+++ b/sandbox/captcha/pom.xml
@@ -3,13 +3,13 @@
     <parent>
         <artifactId>spring-security-parent</artifactId>
         <groupId>org.springframework.security</groupId>
-        <version>2.0-SNAPSHOT</version>
+        <version>2.0.2-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-captcha</artifactId>
     <name>Spring Security - Captcha module</name>
-    <version>2.0-SNAPSHOT</version>
+    <version>2.0.2-SNAPSHOT</version>
 
     <dependencies>
         <dependency>
@@ -34,4 +34,4 @@
             <scope>test</scope>
         </dependency>        
     </dependencies>
-</project>
\ No newline at end of file
+</project>
diff --git a/sandbox/heavyduty/pom.xml b/sandbox/heavyduty/pom.xml
index 48cc0f82cb..d83036c881 100755
--- a/sandbox/heavyduty/pom.xml
+++ b/sandbox/heavyduty/pom.xml
@@ -4,7 +4,7 @@
     <artifactId>spring-security-heavyduty</artifactId>
     <name>Spring Security - Heavy Duty Sample</name>
     <packaging>war</packaging>
-    <version>2.0.0</version>
+    <version>2.0.2-SNAPSHOT</version>
     <dependencies>
         <dependency>
             <groupId>org.springframework.security</groupId>
@@ -58,6 +58,12 @@
             <scope>runtime</scope>
             <version>${spring.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.freemarker</groupId>
+            <artifactId>freemarker</artifactId>
+            <scope>runtime</scope>
+            <version>2.3.12</version>
+        </dependency>        
 	    <dependency>
 	      <groupId>hsqldb</groupId>
 	      <artifactId>hsqldb</artifactId>
@@ -160,7 +166,7 @@
     </build>
     <properties>        
         <spring.version>2.5.4</spring.version>
-        <spring.security.version>2.0.1-SNAPSHOT</spring.security.version>
+        <spring.security.version>2.0.2-SNAPSHOT</spring.security.version>
     </properties>
 
-</project>
\ No newline at end of file
+</project>
diff --git a/sandbox/heavyduty/src/main/java/bigbank/web/ListAccounts.java b/sandbox/heavyduty/src/main/java/bigbank/web/ListAccounts.java
index d0ea3ed67b..c33225ef37 100755
--- a/sandbox/heavyduty/src/main/java/bigbank/web/ListAccounts.java
+++ b/sandbox/heavyduty/src/main/java/bigbank/web/ListAccounts.java
@@ -3,7 +3,6 @@ package bigbank.web;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.springframework.security.AuthenticationCredentialsNotFoundException;
 import org.springframework.util.Assert;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.mvc.Controller;
@@ -19,12 +18,7 @@ public class ListAccounts implements Controller {
 		this.bankService = bankService;
 	}
 
-	public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
-		// Security check (this is unnecessary if Spring Security is performing the authorization)
-//		if (request.getUserPrincipal() == null) {
-//			throw new AuthenticationCredentialsNotFoundException("You must login to view the account list (Spring Security message)"); // only for Spring Security managed authentication
-//		}
-		
+	public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {		
 		// Actual business logic
 		ModelAndView mav = new ModelAndView("listAccounts");
 		mav.addObject("accounts", bankService.findAccounts());
diff --git a/sandbox/heavyduty/src/main/java/bigbank/web/PostAccounts.java b/sandbox/heavyduty/src/main/java/bigbank/web/PostAccounts.java
index e5967b52e3..63c6bdf94f 100755
--- a/sandbox/heavyduty/src/main/java/bigbank/web/PostAccounts.java
+++ b/sandbox/heavyduty/src/main/java/bigbank/web/PostAccounts.java
@@ -3,7 +3,6 @@ package bigbank.web;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.springframework.security.AccessDeniedException;
 import org.springframework.util.Assert;
 import org.springframework.web.bind.ServletRequestUtils;
 import org.springframework.web.servlet.ModelAndView;
diff --git a/sandbox/heavyduty/src/main/java/heavyduty/web/TestMultiActionController.java b/sandbox/heavyduty/src/main/java/heavyduty/web/TestMultiActionController.java
new file mode 100644
index 0000000000..9315cca8b1
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/heavyduty/web/TestMultiActionController.java
@@ -0,0 +1,44 @@
+package heavyduty.web;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.bind.ServletRequestBindingException;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
+
+/**
+ * Reproduces SEC-830.
+ */
+public class TestMultiActionController extends MultiActionController {
+	public static final String VIEW_NAME = "multi-action-test";
+	
+	public String login(HttpServletRequest request, HttpServletResponse response) {
+		return "login";
+	}
+		
+	public void step1(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+		request.getRequestDispatcher("/testMulti.htm?action=step1xtra").forward(request, response);
+	}
+
+	public ModelAndView step1xtra(HttpServletRequest request, HttpServletResponse response) throws ServletRequestBindingException {
+		return createView("step2");
+	}	
+	
+	public ModelAndView step2(HttpServletRequest request, HttpServletResponse response) throws ServletRequestBindingException {
+		return createView("step1");
+	}
+	
+	private ModelAndView createView(String name) {
+		Map model = new HashMap();
+		model.put("nextAction", name);
+		return new ModelAndView(VIEW_NAME, model);
+	}
+	
+}
+
diff --git a/sandbox/heavyduty/src/main/java/sample/TestVoter.java b/sandbox/heavyduty/src/main/java/sample/TestVoter.java
new file mode 100644
index 0000000000..df4d20c82f
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/sample/TestVoter.java
@@ -0,0 +1,30 @@
+package sample;
+
+import java.lang.annotation.Annotation;
+
+import org.aopalliance.intercept.MethodInvocation;
+import org.springframework.security.Authentication;
+import org.springframework.security.ConfigAttribute;
+import org.springframework.security.ConfigAttributeDefinition;
+import org.springframework.security.vote.AccessDecisionVoter;
+
+public class TestVoter implements AccessDecisionVoter {
+
+	public boolean supports(ConfigAttribute attribute) {
+		return true;
+	}
+
+	public boolean supports(Class clazz) {
+		return MethodInvocation.class.isAssignableFrom(clazz);
+	}
+
+	public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
+		MethodInvocation mi = (MethodInvocation) object;
+		
+		Annotation[][] annotations = mi.getMethod().getParameterAnnotations();
+		
+
+		return ACCESS_GRANTED;
+	}
+
+}
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-misc.xml b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-misc.xml
index 67da7b4a52..9a98c4e4cf 100755
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-misc.xml
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-misc.xml
@@ -10,8 +10,10 @@
 <beans xmlns="http://www.springframework.org/schema/beans"
     xmlns:sec="http://www.springframework.org/schema/security"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd
+                        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.5.xsd">
 
     <bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
         <property name="decisionVoters">
@@ -45,6 +47,19 @@
     <bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
         <property name="realmName"><value>My Realm</value></property>
     </bean>
+    
+	<bean id="bankServiceSecurityInterceptor"
+	    class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
+	  <property name="authenticationManager" ref="authenticationManager"/>
+	  <property name="accessDecisionManager" ref="accessDecisionManager"/>
+	  <!-- property name="afterInvocationManager" ref="afterInvocationManager"/ -->
+	  <property name="objectDefinitionSource">
+	    <value>
+	        bigbank.BankService.post*=ROLE_SUPERVISOR
+	        bigbank.BankService.find*=ROLE_SUPERVISOR
+	    </value>
+	  </property>
+    </bean>
 
 </beans>
                         
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-persistence.xml b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-persistence.xml
index b1dd610e78..f72dbb83a4 100755
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-persistence.xml
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-persistence.xml
@@ -15,9 +15,7 @@
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd">
   
   <bean id="AllPropertiesConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
-    <property name="location">
-      <value>classpath:jdbc.properties</value>
-    </property>
+    <property name="location" value="classpath:jdbc.properties"/>
   </bean>
 
   <tx:annotation-driven transaction-manager="transactionManager" />
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml
index c11ce17185..f0e83554a0 100755
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml
@@ -10,45 +10,70 @@
     xmlns:b="http://www.springframework.org/schema/beans"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
 
     <b:import resource="appContext-misc.xml"/>
     
-	<global-method-security secured-annotations="enabled"/>		
-
-    <http entry-point-ref='customEntryPoint'>
+	<!-- global-method-security secured-annotations="enabled" access-decision-manager-ref="methodAccessMgr"/ -->
+	
+	<b:bean id="methodAccessmanager" class="org.springframework.security.vote.AffirmativeBased">
+	   <b:property name="decisionVoters">
+	       <b:list>
+	           <b:bean class="sample.TestVoter"/>
+	       </b:list>
+	   </b:property>
+	</b:bean>
+    
+    <!-- http entry-point-ref='customEntryPoint'-->
+    <http>
         <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
-        <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
+        <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
+        <intercept-url pattern="/testMulti.htm*" access="IS_AUTHENTICATED_FULLY" />        
 		<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
         <intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
         <intercept-url pattern="/post.html" access="ROLE_TELLER" />
         -->
         <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
 <!--
-    Uncomment to enable X509 client authentication support -->
-        <x509 user-service-ref="daoUserService"/> 
-
-
-        <!-- All of this is unnecessary if auto-config="true" -->
-        <form-login default-target-url="/secure/index.jsp" always-use-default-target="true"/>
+    Uncomment to enable X509 client authentication support
+        <x509 user-service-ref="daoUserService"/>
+-->
+        <!-- form-login default-target-url="/secure/index.jsp" login-page="/login.jsp" authentication-failure-url="/login.jsp?login-error=1" always-use-default-target="false"/-->
         <anonymous />
-        <!-- http-basic / -->
-        <logout />
+        <http-basic />
+        <logout />
+        <remember-me key='doesntmatter' token-repository-ref='tokenRepo' user-service-ref='daoUserService'/>
 <!--          <remember-me user-service-ref="daoUserService"/> -->
 
         <!-- Uncomment to limit the number of sessions a user can have -->
-        <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
+        <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" session-registry-ref='sessionRegistry'/>
+        
     </http>
+
+    <authentication-manager alias="authenticationManager" />
     
-    <authentication-manager alias="authenticationManager"/> 
+    <b:bean id='tokenRepo' class='org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl'/>    
     
+    <!-- Traditional Session Control Beans -->
+<!--     
+    <b:bean id='sessionControlFilter' class="org.springframework.security.concurrent.ConcurrentSessionFilter">
+        <custom-filter position="CONCURRENT_SESSION_FILTER"/>
+        <b:property name="sessionRegistry" ref='sessionRegistry'/>
+    </b:bean>
+    
+    <b:bean id='sessionController' class="org.springframework.security.concurrent.ConcurrentSessionControllerImpl">
+        <b:property name='sessionRegistry' ref='sessionRegistry'/>
+    </b:bean>
+ -->    
+    <b:bean id='sessionRegistry' class="org.springframework.security.concurrent.SessionRegistryImpl"/>
+<!-- 
     <b:bean id="customAuthFilter" class="heavyduty.security.ui.HeavyDutyAuthenticationProcessingFilter">
-        <custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
+        <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
         <b:property name="defaultTargetUrl" value="/"/>
         <b:property name="authenticationManager" ref="authenticationManager"/>
     </b:bean>
-    
-    <b:bean id="customEntryPoint" class="heavyduty.security.ui.HeavyDutyEntryPoint">
+ -->    
+    <b:bean id="customEntryPoint" class="heavyduty.security.ui.HeavyDutyEntryPoint"> 
         <b:property name="loginFormUrl" value="/login.jsp"/>
     </b:bean>
 <!--     
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/bank-servlet.xml b/sandbox/heavyduty/src/main/webapp/WEB-INF/bank-servlet.xml
deleted file mode 100755
index a119417066..0000000000
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/bank-servlet.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
-
-	<bean name="/listAccounts.html" class="bigbank.web.ListAccounts">
-		<constructor-arg ref="bankService"/>
-	</bean>
-	
-	<bean name="/post.html" class="bigbank.web.PostAccounts">
-		<constructor-arg ref="bankService"/>
-	</bean>
-	
-	<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
-		<property name="prefix" value="/WEB-INF/jsp/"/>
-		<property name="suffix" value=".jsp"/>
-	</bean>
-
-</beans>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl b/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl
new file mode 100644
index 0000000000..671752513d
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/login.ftl
@@ -0,0 +1,22 @@
+<html>
+  <head>
+    <title>Spring Security Login</title>
+  </head>
+
+  <body onload="document.f.j_username.focus();">
+    <h1>Spring Security Login (Freemarker)</h1>
+
+    <form name="f" action="j_spring_security_check" method="POST">
+      <table>
+        <tr><td>User:</td><td><input type='text' name='j_username' value=''/></td></tr>
+        <tr><td>Password:</td><td><input type='password' name='j_password' value=''/></td></tr>
+        <tr><td><input type="checkbox" name="_spring_security_remember_me"/></td><td>Don't ask for my password for two weeks</td></tr>
+
+        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
+        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
+      </table>
+
+    </form>
+
+  </body>
+</html>
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/multi-action-test.ftl b/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/multi-action-test.ftl
new file mode 100644
index 0000000000..bac2503081
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/freemarker/multi-action-test.ftl
@@ -0,0 +1,13 @@
+
+<html>
+	<head>
+        <title>MultiActionController Test</title>
+	</head>
+	<body>
+
+    <form action="testMulti.htm">
+        <input name="action" value="${nextAction}" type="text"/>
+        <input  type='submit' value='submit' />
+    </form>
+    </body>
+</html>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/heavyduty-servlet.xml b/sandbox/heavyduty/src/main/webapp/WEB-INF/heavyduty-servlet.xml
new file mode 100755
index 0000000000..558a43d195
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/heavyduty-servlet.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+
+	<bean name="testMultiController" class="heavyduty.web.TestMultiActionController">
+	   <property name="methodNameResolver">
+	       <bean class="org.springframework.web.servlet.mvc.multiaction.ParameterMethodNameResolver"/>
+	   </property>
+	</bean>
+<!-- 	
+	<bean name="/post.html" class="bigbank.web.PostAccounts">
+		<constructor-arg ref="bankService"/>
+	</bean>
+ -->
+	<bean id="freemarkerConfig" class="org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer">
+	  <property name="templateLoaderPath" value="/WEB-INF/freemarker/"/>
+	</bean>
+	
+	<bean id="viewResolver" class="org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
+		<property name="prefix" value=""/>
+		<property name="suffix" value=".ftl"/>
+	</bean>
+
+    <bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
+        <property name="mappings">
+            <value>
+                **/testMulti.htm=testMultiController
+            </value>
+        </property>
+    </bean>
+
+</beans>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml b/sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml
index e745ff4d3c..f43928bc2d 100755
--- a/sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml
@@ -64,14 +64,14 @@
 	- Provides core MVC application controller.
     -->
 	<servlet>
-		<servlet-name>bank</servlet-name>
+		<servlet-name>heavyduty</servlet-name>
 		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
 		<load-on-startup>1</load-on-startup>
 	</servlet>
 
 	<servlet-mapping>
-    	<servlet-name>bank</servlet-name>
-    	<url-pattern>*.html</url-pattern>
+    	<servlet-name>heavyduty</servlet-name>
+    	<url-pattern>*.htm</url-pattern>
  	</servlet-mapping>
 
      <welcome-file-list>
diff --git a/sandbox/heavyduty/src/main/webapp/context.jsp b/sandbox/heavyduty/src/main/webapp/context.jsp
new file mode 100644
index 0000000000..bcd5c6fe0f
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/context.jsp
@@ -0,0 +1,29 @@
+<%@page import="org.springframework.web.context.support.WebApplicationContextUtils"%>
+<%@page import="org.springframework.security.providers.ldap.LdapAuthenticationProvider"%>
+<%@page import="org.springframework.security.providers.ProviderManager"%>
+
+<html>
+<body>
+<h1>Context Information Page</h1>
+<p>
+LdapAuthenticationProvider instances: <br/>
+
+<%=
+WebApplicationContextUtils.getRequiredWebApplicationContext(
+        session.getServletContext()).getBeansOfType(LdapAuthenticationProvider.class)
+%>
+</p>
+
+<p>
+Providers: <br />
+
+<%=
+((ProviderManager)WebApplicationContextUtils.getRequiredWebApplicationContext(
+        session.getServletContext()).getBean("_authenticationManager")).getProviders() %>
+</p>
+
+
+
+<p><a href="/index.jsp">Home</a></p>
+</body>
+</html>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/index.jsp b/sandbox/heavyduty/src/main/webapp/index.jsp
index edf1d00d0b..94a364172b 100755
--- a/sandbox/heavyduty/src/main/webapp/index.jsp
+++ b/sandbox/heavyduty/src/main/webapp/index.jsp
@@ -1,17 +1,17 @@
 <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
 <html>
 <body>
-<h1>Home Page</h1>
+<h1>HeavyDuty App Home Page</h1>
 <p>
 Anyone can view this page.
 </p>
-<p>
-If you're logged in, you can <a href="listAccounts.html">list accounts</a>.
+<p>
+Test multi-action controller <a href="testMulti.htm?action=step1">SEC-830</a>.
 </p>
 <p>
 Your principal object is....: <%= request.getUserPrincipal() %>
 </p>
-
+<h3>Restricted Pages ...</h3>
 <p><a href="secure/index.jsp">Secure page</a></p>
 <p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>
 </body>
diff --git a/sandbox/other/pom.xml b/sandbox/other/pom.xml
index dd92aaf62c..2eed2bcf31 100644
--- a/sandbox/other/pom.xml
+++ b/sandbox/other/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-sandbox</artifactId>
-    <version>2.0-SNAPSHOT</version>
+    <version>2.0.2-SNAPSHOT</version>
   </parent>
   <artifactId>spring-security-sandbox-other</artifactId>
   <name>Spring Security - Other Sandbox Code</name>
diff --git a/sandbox/pom.xml b/sandbox/pom.xml
index 8650cfab50..a28196a506 100644
--- a/sandbox/pom.xml
+++ b/sandbox/pom.xml
@@ -4,7 +4,7 @@
   <parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-parent</artifactId>
-    <version>2.0-SNAPSHOT</version>
+    <version>2.0.2-SNAPSHOT</version>
   </parent>
   <artifactId>spring-security-sandbox</artifactId>
   <name>Spring Security - Sandbox</name>
@@ -20,7 +20,7 @@
     <dependency>
       <groupId>org.springframework.security</groupId>
       <artifactId>spring-security-core</artifactId>
-      <version>2.0-SNAPSHOT</version>
+      <version>2.0.2-SNAPSHOT</version>
     </dependency>
   </dependencies>
   
diff --git a/sandbox/webwork/pom.xml b/sandbox/webwork/pom.xml
index 19c049a836..d6535bd7e6 100644
--- a/sandbox/webwork/pom.xml
+++ b/sandbox/webwork/pom.xml
@@ -3,7 +3,7 @@
   <parent>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-sandbox</artifactId>
-    <version>2.0-SNAPSHOT</version>
+    <version>2.0.2-SNAPSHOT</version>
   </parent>
   <artifactId>spring-security-webwork</artifactId>
   <name>Spring Security - Webwork support</name>
diff --git a/src/site/fml/faq.fml b/src/site/fml/faq.fml
index 054dcb4b6b..3c6851d172 100644
--- a/src/site/fml/faq.fml
+++ b/src/site/fml/faq.fml
@@ -128,8 +128,8 @@ org.springframework.security.AccessDeniedException: Access is denied
     	</faq>
     	<faq>
     		<question>
-    			I've configured the "requires-channel" attribute to use HTTPS for my login page and switch back to HTTP afterwards but I just end up back at
-    			the login page after authenticating. I'm using Tomcat. Why doesn't it work?
+    			I'm using Tomcat and have enabled HTTPS for my login page, switching back to HTTP afterwards. It doesn't work - I just 
+    			end up back at the login page after authenticating.
     		</question>
     		<answer>
     			<p>
@@ -140,7 +140,7 @@ org.springframework.security.AccessDeniedException: Access is denied
     	</faq>
     	<faq>
     		<question>
-    			I'm forwarding a request to another URL using the RequestDispatcher, but my security constraints aren't being applied. Why not?
+    			I'm forwarding a request to another URL using the RequestDispatcher, but my security constraints aren't being applied.
     		</question>
     		<answer>
     			Filters are not applied by default to forwards or includes. If you really want the security filters to be applied to forwards and/or includes, 
@@ -156,9 +156,9 @@ org.springframework.security.AccessDeniedException: Access is denied
 	  			<p>This question comes up repeatedly in the Spring Security forum so you will find more information there.</p>
 	  			<p>
 	  			The submitted login information is processed by an instance of <i>AuthenticationProcessingFilter</i>. You will need to customize this class to handle
-	  				the extra data field(s). One option is to use your own customized authentication token class (rather than the standard <i>UsernamePasswordAuthenticatioToken</i>),
+	  				the extra data field(s). One option is to use your own customized authentication token class (rather than the standard <i>UsernamePasswordAuthenticationToken</i>),
 	  				another is simply to concatenate the extra fields with the username (for example, using a ":" as the separator) and pass them in the username property of
-	  				<i>UsernamePasswordAuthenticatioToken</i>.
+	  				<i>UsernamePasswordAuthenticationToken</i>.
 	  			</p>
 	  			<p>
 	  				You will also need to customize the actual authentication process. If you are using a custom authentication token class, for example, you will have to write an 
diff --git a/taglibs/pom.xml b/taglibs/pom.xml
index db748a82a3..3d670d1077 100644
--- a/taglibs/pom.xml
+++ b/taglibs/pom.xml
@@ -3,13 +3,13 @@
     <parent>
         <artifactId>spring-security-parent</artifactId>
         <groupId>org.springframework.security</groupId>
-        <version>2.0.2-SNAPSHOT</version>
+        <version>2.0.2</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-taglibs</artifactId>
     <name>Spring Security - JSP taglibs</name>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.0.2</version>
     <packaging>jar</packaging>
 
     <dependencies>