diff --git a/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-authorization.xml b/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-authorization.xml
index beaa797367..57c4d3b318 100644
--- a/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-authorization.xml
+++ b/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-authorization.xml
@@ -34,10 +34,10 @@
       <property name="processDomainObjectClass"><value>sample.contact.Contact</value></property>
       <property name="aclManager"><ref local="aclManager"/></property>
       <property name="requirePermission">
-		<list>
-		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
-		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.READ"/>
-		</list>
+        <list>
+          <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
+          <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.READ"/>
+        </list>
       </property>
    </bean>
 
@@ -47,10 +47,10 @@
       <property name="processDomainObjectClass"><value>sample.contact.Contact</value></property>
       <property name="aclManager"><ref local="aclManager"/></property>
       <property name="requirePermission">
-		<list>
-		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
-		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.DELETE"/>
-		</list>
+        <list>
+          <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
+          <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.DELETE"/>
+        </list>
       </property>
    </bean>
 
@@ -60,9 +60,9 @@
       <property name="processDomainObjectClass"><value>sample.contact.Contact</value></property>
       <property name="aclManager"><ref local="aclManager"/></property>
       <property name="requirePermission">
-		<list>
-		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
-		</list>
+        <list>
+          <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
+        </list>
       </property>
    </bean>
 
@@ -112,10 +112,10 @@
    <bean id="afterAclCollectionRead" class="net.sf.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider">
       <property name="aclManager"><ref local="aclManager"/></property>
       <property name="requirePermission">
-		<list>
-		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
-		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.READ"/>
-		</list>
+        <list>
+          <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
+          <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.READ"/>
+        </list>
       </property>
    </bean>
    
@@ -123,10 +123,10 @@
    <bean id="afterAclRead" class="net.sf.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider">
       <property name="aclManager"><ref local="aclManager"/></property>
       <property name="requirePermission">
-		<list>
-		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
-		    <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.READ"/>
-		</list>
+        <list>
+          <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"/>
+          <ref local="net.sf.acegisecurity.acl.basic.SimpleAclEntry.READ"/>
+        </list>
       </property>
    </bean>
 
@@ -134,28 +134,28 @@
    <!-- ================= METHOD INVOCATION AUTHORIZATION ==================== -->
 
    <!-- getRandomContact() is public.
-	
-	    The create, getAll, getById etc have ROLE_USER to ensure user is
-		authenticated (all users hold ROLE_USER in this application).
-		
-		The delete and update methods don't need a ROLE_USER as they will
-		ensure the user is authenticated via their ACL_CONTACT_DELETE or
-		ACL_CONTACT_READ attribute, which also ensures the user has permission
-		to the Contact presented as a method argument.
-	-->
+
+    The create, getAll, getById etc have ROLE_USER to ensure user is
+    authenticated (all users hold ROLE_USER in this application).
+
+    The delete and update methods don't need a ROLE_USER as they will
+    ensure the user is authenticated via their ACL_CONTACT_DELETE or
+    ACL_CONTACT_READ attribute, which also ensures the user has permission
+    to the Contact presented as a method argument.
+    -->
    <bean id="contactManagerSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
       <property name="authenticationManager"><ref bean="authenticationManager"/></property>
       <property name="accessDecisionManager"><ref local="businessAccessDecisionManager"/></property>
       <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
       <property name="objectDefinitionSource">
          <value>
-				sample.contact.ContactManager.create=ROLE_USER
-				sample.contact.ContactManager.getAllRecipients=ROLE_USER
-				sample.contact.ContactManager.getAll=ROLE_USER,AFTER_ACL_COLLECTION_READ
-				sample.contact.ContactManager.getById=ROLE_USER,AFTER_ACL_READ
-				sample.contact.ContactManager.delete=ACL_CONTACT_DELETE
-				sample.contact.ContactManager.deletePermission=ACL_CONTACT_ADMIN
-				sample.contact.ContactManager.addPermission=ACL_CONTACT_ADMIN
+            sample.contact.ContactManager.create=ROLE_USER
+            sample.contact.ContactManager.getAllRecipients=ROLE_USER
+            sample.contact.ContactManager.getAll=ROLE_USER,AFTER_ACL_COLLECTION_READ
+            sample.contact.ContactManager.getById=ROLE_USER,AFTER_ACL_READ
+            sample.contact.ContactManager.delete=ACL_CONTACT_DELETE
+            sample.contact.ContactManager.deletePermission=ACL_CONTACT_ADMIN
+            sample.contact.ContactManager.addPermission=ACL_CONTACT_ADMIN
          </value>
       </property>
    </bean>