From a8215fa2cb7355613afd0dda854f371ebe569740 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Tue, 12 May 2009 05:37:11 +0000
Subject: [PATCH] SEC-1160: Renaming of authentication filters and entry points
 and associated doc changes

---
 .../security/cas/web/CasProcessingFilter.java |   4 +-
 .../config/FilterChainProxyPostProcessor.java |  10 +-
 .../config/FormLoginBeanDefinitionParser.java |   4 +-
 .../HttpSecurityBeanDefinitionParser.java     |   2 +-
 ...rMeServicesInjectionBeanPostProcessor.java |   6 +-
 ...ionRegistryInjectionBeanPostProcessor.java |   4 +-
 .../config/X509BeanDefinitionParser.java      |   6 +-
 .../config/FilterChainProxyConfigTests.java   |   4 +-
 ...HttpSecurityBeanDefinitionParserTests.java |  14 +-
 .../security/util/filtertest-valid.xml        |   2 +-
 .../filter-chain-performance-app-context.xml  |   4 +-
 .../main/webapp/WEB-INF/custom-filters.xml    |   2 +-
 .../ui/ntlm/NtlmProcessingFilter.java         |   4 +-
 .../OpenIDAuthenticationProcessingFilter.java |   8 +-
 .../portlet/PortletProcessingInterceptor.java |  12 +-
 .../PortletProcessingInterceptorTests.java    |   4 +-
 .../cas/client/src/main/webapp/casfailed.jsp  |   2 +-
 .../sample/SecurityContextPortlet.java        |   4 +-
 .../WEB-INF/applicationContext-security.xml   |   2 +-
 src/docbkx/appendix-namespace.xml             |  18 +-
 src/docbkx/cas-auth-provider.xml              |   2 +-
 src/docbkx/channel-security.xml               |   2 +-
 src/docbkx/common-auth-services.xml           |   4 +-
 src/docbkx/form-authentication.xml            |  10 +-
 src/docbkx/namespace-config.xml               |   6 +-
 src/docbkx/preauth.xml                        |   2 +-
 src/docbkx/remember-me-authentication.xml     |  10 +-
 src/docbkx/secured-objects.xml                |   6 +-
 src/docbkx/siteminder-auth-provider.xml       |   4 +-
 src/docbkx/springsecurity.xml                 |   4 +-
 src/docbkx/supporting-infrastructure.xml      |   2 +-
 src/docbkx/technical-overview.xml             |   2 +-
 .../web/AuthenticationEntryPoint.java         |   2 +-
 .../access/ExceptionTranslationFilter.java    |   2 +-
 ...bstractAuthenticationProcessingFilter.java | 439 ++++++++++++++++++
 .../AbstractProcessingFilter.java             | 435 +----------------
 .../AuthenticationProcessingFilter.java       | 177 +------
 ...henticationProcessingFilterEntryPoint.java | 254 +---------
 .../AuthenticationSuccessHandler.java         |   2 +-
 .../Http403ForbiddenEntryPoint.java           |  62 +++
 .../LoginUrlAuthenticationEntryPoint.java     | 260 +++++++++++
 .../authentication/RememberMeServices.java    |   2 +-
 ...asswordAuthenticationProcessingFilter.java | 185 ++++++++
 ...tractPreAuthenticatedProcessingFilter.java |   4 +-
 ...thenticatedProcessingFilterEntryPoint.java |  81 +---
 .../ui/DefaultLoginPageGeneratingFilter.java  |  18 +-
 .../web/savedrequest/SavedRequest.java        |   2 +-
 .../security/web/util/RedirectUtils.java      |   6 +-
 .../AbstractProcessingFilterTests.java        |  12 +-
 ...cationProcessingFilterEntryPointTests.java |  26 +-
 .../AuthenticationProcessingFilterTests.java  |  34 +-
 ...DefaultLoginPageGeneratingFilterTests.java |   8 +-
 ...icatedProcessingFilterEntryPointTests.java |   6 +-
 53 files changed, 1126 insertions(+), 1061 deletions(-)
 create mode 100644 web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
 create mode 100755 web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
 create mode 100644 web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
 create mode 100644 web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationProcessingFilter.java
 mode change 100755 => 100644 web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPoint.java

diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasProcessingFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasProcessingFilter.java
index 101049b77b..7566da0ea0 100644
--- a/cas/src/main/java/org/springframework/security/cas/web/CasProcessingFilter.java
+++ b/cas/src/main/java/org/springframework/security/cas/web/CasProcessingFilter.java
@@ -27,7 +27,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 
 import org.springframework.security.web.FilterChainOrder;
-import org.springframework.security.web.authentication.AbstractProcessingFilter;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -59,7 +59,7 @@ import javax.servlet.http.HttpServletResponse;
  * @author Ben Alex
  * @version $Id$
  */
-public class CasProcessingFilter extends AbstractProcessingFilter {
+public class CasProcessingFilter extends AbstractAuthenticationProcessingFilter {
     //~ Static fields/initializers =====================================================================================
 
     /** Used to identify a CAS request for a stateful user agent, such as a web browser. */
diff --git a/config/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java b/config/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java
index 0727c54a37..1a1ee3e9f7 100644
--- a/config/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java
@@ -24,8 +24,8 @@ import org.springframework.security.web.access.ExceptionTranslationFilter;
 import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.authentication.AnonymousProcessingFilter;
-import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
-import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
 import org.springframework.security.web.authentication.www.BasicProcessingFilter;
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
@@ -99,7 +99,7 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
      */
     private void checkFilterStack(List<Filter> filters) {
         checkForDuplicates(SecurityContextPersistenceFilter.class, filters);
-        checkForDuplicates(AuthenticationProcessingFilter.class, filters);
+        checkForDuplicates(UsernamePasswordAuthenticationProcessingFilter.class, filters);
         checkForDuplicates(SessionFixationProtectionFilter.class, filters);
         checkForDuplicates(BasicProcessingFilter.class, filters);
         checkForDuplicates(SecurityContextHolderAwareRequestFilter.class, filters);
@@ -128,9 +128,9 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
     private void checkLoginPageIsntProtected(FilterChainProxy fcp) {
         ExceptionTranslationFilter etf = (ExceptionTranslationFilter) beanFactory.getBean(BeanIds.EXCEPTION_TRANSLATION_FILTER);
 
-        if (etf.getAuthenticationEntryPoint() instanceof AuthenticationProcessingFilterEntryPoint) {
+        if (etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint) {
             String loginPage =
-                ((AuthenticationProcessingFilterEntryPoint)etf.getAuthenticationEntryPoint()).getLoginFormUrl();
+                ((LoginUrlAuthenticationEntryPoint)etf.getAuthenticationEntryPoint()).getLoginFormUrl();
             List<Filter> filters = fcp.getFilters(loginPage);
             logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
 
diff --git a/config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java
index 0bcdb713cd..ef8311e6e8 100644
--- a/config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java
@@ -7,7 +7,7 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
@@ -117,7 +117,7 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
         }
 
         BeanDefinitionBuilder entryPointBuilder =
-                BeanDefinitionBuilder.rootBeanDefinition(AuthenticationProcessingFilterEntryPoint.class);
+                BeanDefinitionBuilder.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class);
         entryPointBuilder.getRawBeanDefinition().setSource(source);
         entryPointBuilder.addPropertyValue("loginFormUrl", loginPage != null ? loginPage : DEF_LOGIN_PAGE);
         entryPointBean = (RootBeanDefinition) entryPointBuilder.getBeanDefinition();
diff --git a/config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
index 19e743f724..1e671820c5 100644
--- a/config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
@@ -110,7 +110,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
     static final String OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProcessingFilter";
     static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider";
-    static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.AuthenticationProcessingFilter";
+    static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter";
 
     static final String EXPRESSION_FIMDS_CLASS = "org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource";
     static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler";
diff --git a/config/src/main/java/org/springframework/security/config/RememberMeServicesInjectionBeanPostProcessor.java b/config/src/main/java/org/springframework/security/config/RememberMeServicesInjectionBeanPostProcessor.java
index 394775df75..a2d92a59a2 100644
--- a/config/src/main/java/org/springframework/security/config/RememberMeServicesInjectionBeanPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/RememberMeServicesInjectionBeanPostProcessor.java
@@ -9,7 +9,7 @@ import org.springframework.beans.factory.BeanFactory;
 import org.springframework.beans.factory.BeanFactoryAware;
 import org.springframework.beans.factory.ListableBeanFactory;
 import org.springframework.beans.factory.config.BeanPostProcessor;
-import org.springframework.security.web.authentication.AbstractProcessingFilter;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.www.BasicProcessingFilter;
 import org.springframework.util.Assert;
@@ -26,8 +26,8 @@ public class RememberMeServicesInjectionBeanPostProcessor implements BeanPostPro
     private ListableBeanFactory beanFactory;
 
     public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
-        if (bean instanceof AbstractProcessingFilter) {
-            AbstractProcessingFilter pf = (AbstractProcessingFilter) bean;
+        if (bean instanceof AbstractAuthenticationProcessingFilter) {
+            AbstractAuthenticationProcessingFilter pf = (AbstractAuthenticationProcessingFilter) bean;
 
             if (pf.getRememberMeServices() == null) {
                 logger.info("Setting RememberMeServices on bean " + beanName);
diff --git a/config/src/main/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessor.java b/config/src/main/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessor.java
index e9fe1b280d..d4bec494e2 100644
--- a/config/src/main/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessor.java
@@ -11,7 +11,7 @@ import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.security.authentication.concurrent.ConcurrentSessionController;
 import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
 import org.springframework.security.authentication.concurrent.SessionRegistry;
-import org.springframework.security.web.authentication.AbstractProcessingFilter;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.session.SessionFixationProtectionFilter;
 
 import org.apache.commons.logging.Log;
@@ -44,7 +44,7 @@ class SessionRegistryInjectionBeanPostProcessor implements BeanPostProcessor, Be
     public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
         if (BeanIds.FORM_LOGIN_FILTER.equals(beanName) ||
                 BeanIds.OPEN_ID_FILTER.equals(beanName)) {
-            ((AbstractProcessingFilter) bean).setSessionRegistry(getSessionRegistry());
+            ((AbstractAuthenticationProcessingFilter) bean).setSessionRegistry(getSessionRegistry());
         } else if (BeanIds.SESSION_FIXATION_PROTECTION_FILTER.equals(beanName)) {
             ((SessionFixationProtectionFilter)bean).setSessionRegistry(getSessionRegistry());
         }
diff --git a/config/src/main/java/org/springframework/security/config/X509BeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/X509BeanDefinitionParser.java
index f3981f6f47..53e3b48d63 100644
--- a/config/src/main/java/org/springframework/security/config/X509BeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/X509BeanDefinitionParser.java
@@ -1,7 +1,7 @@
 package org.springframework.security.config;
 
+import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint;
 import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
 import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
 import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
@@ -17,7 +17,7 @@ import org.w3c.dom.Element;
 
 /**
  * Parses x509 element in namespace, registering an {@link X509PreAuthenticatedProcessingFilter} instance and a
- * {@link PreAuthenticatedProcessingFilterEntryPoint}.
+ * {@link Http403ForbiddenEntryPoint}.
  *
  * @author Luke Taylor
  * @version $Id$
@@ -29,7 +29,7 @@ public class X509BeanDefinitionParser implements BeanDefinitionParser {
 
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(X509PreAuthenticatedProcessingFilter.class);
-        RootBeanDefinition entryPoint = new RootBeanDefinition(PreAuthenticatedProcessingFilterEntryPoint.class);
+        RootBeanDefinition entryPoint = new RootBeanDefinition(Http403ForbiddenEntryPoint.class);
 
         Object source = parserContext.extractSource(element);
         filterBuilder.getRawBeanDefinition().setSource(source);
diff --git a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
index 8a1a4ba624..1850afdced 100644
--- a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
@@ -35,7 +35,7 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.web.FilterChainProxy;
-import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
 import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
 
@@ -131,7 +131,7 @@ public class FilterChainProxyConfigTests {
         filters = filterChainProxy.getFilters("/another/nonspecificmatch");
         assertEquals(3, filters.size());
         assertTrue(filters.get(0) instanceof SecurityContextPersistenceFilter);
-        assertTrue(filters.get(1) instanceof AuthenticationProcessingFilter);
+        assertTrue(filters.get(1) instanceof UsernamePasswordAuthenticationProcessingFilter);
         assertTrue(filters.get(2) instanceof SecurityContextHolderAwareRequestFilter);
     }
 
diff --git a/config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
index 68629a5700..9ad795aff5 100644
--- a/config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
@@ -45,8 +45,8 @@ import org.springframework.security.web.access.intercept.FilterInvocationSecurit
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.authentication.AnonymousProcessingFilter;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
-import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
-import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
@@ -92,7 +92,7 @@ public class HttpSecurityBeanDefinitionParserTests {
     public void beanClassNamesAreCorrect() throws Exception {
         assertEquals(DefaultWebSecurityExpressionHandler.class.getName(), EXPRESSION_HANDLER_CLASS);
         assertEquals(ExpressionBasedFilterInvocationSecurityMetadataSource.class.getName(), EXPRESSION_FIMDS_CLASS);
-        assertEquals(AuthenticationProcessingFilter.class.getName(), AUTHENTICATION_PROCESSING_FILTER_CLASS);
+        assertEquals(UsernamePasswordAuthenticationProcessingFilter.class.getName(), AUTHENTICATION_PROCESSING_FILTER_CLASS);
         assertEquals(OpenIDAuthenticationProcessingFilter.class.getName(), OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS);
         assertEquals(OpenIDAuthenticationProvider.class.getName(), OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
     }
@@ -122,7 +122,7 @@ public class HttpSecurityBeanDefinitionParserTests {
         assertTrue(filters.next() instanceof SecurityContextPersistenceFilter);
         assertTrue(filters.next() instanceof LogoutFilter);
         Object authProcFilter = filters.next();
-        assertTrue(authProcFilter instanceof AuthenticationProcessingFilter);
+        assertTrue(authProcFilter instanceof UsernamePasswordAuthenticationProcessingFilter);
         assertTrue(filters.next() instanceof DefaultLoginPageGeneratingFilter);
         assertTrue(filters.next() instanceof BasicProcessingFilter);
         assertTrue(filters.next() instanceof SecurityContextHolderAwareRequestFilter);
@@ -190,7 +190,7 @@ public class HttpSecurityBeanDefinitionParserTests {
                 "   <form-login default-target-url='/default' always-use-default-target='true' />" +
                 "</http>" + AUTH_PROVIDER_XML);
         // These will be matched by the default pattern "/**"
-        AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) getFilters("/anything").get(1);
+        UsernamePasswordAuthenticationProcessingFilter filter = (UsernamePasswordAuthenticationProcessingFilter) getFilters("/anything").get(1);
         assertEquals("/default", FieldUtils.getFieldValue(filter, "successHandler.defaultTargetUrl"));
         assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "successHandler.alwaysUseDefaultTargetUrl"));
     }
@@ -657,7 +657,7 @@ public class HttpSecurityBeanDefinitionParserTests {
                 etf.getAuthenticationEntryPoint() instanceof MockEntryPoint);
     }
 
-    private static class MockEntryPoint extends AuthenticationProcessingFilterEntryPoint {
+    private static class MockEntryPoint extends LoginUrlAuthenticationEntryPoint {
         public MockEntryPoint() {
             super.setLoginFormUrl("/notused");
         }
@@ -861,7 +861,7 @@ public class HttpSecurityBeanDefinitionParserTests {
                 "<b:bean id='sh' class='" + SavedRequestAwareAuthenticationSuccessHandler.class.getName() +"'/>" +
                 "<b:bean id='fh' class='" + SimpleUrlAuthenticationFailureHandler.class.getName() + "'/>" +
                 AUTH_PROVIDER_XML);
-        AuthenticationProcessingFilter apf = (AuthenticationProcessingFilter) appContext.getBean(BeanIds.FORM_LOGIN_FILTER);
+        UsernamePasswordAuthenticationProcessingFilter apf = (UsernamePasswordAuthenticationProcessingFilter) appContext.getBean(BeanIds.FORM_LOGIN_FILTER);
         AuthenticationSuccessHandler sh = (AuthenticationSuccessHandler) appContext.getBean("sh");
         AuthenticationFailureHandler fh = (AuthenticationFailureHandler) appContext.getBean("fh");
         assertSame(sh, FieldUtils.getFieldValue(apf, "successHandler"));
diff --git a/config/src/test/resources/org/springframework/security/util/filtertest-valid.xml b/config/src/test/resources/org/springframework/security/util/filtertest-valid.xml
index a69f493de8..349eb783ed 100644
--- a/config/src/test/resources/org/springframework/security/util/filtertest-valid.xml
+++ b/config/src/test/resources/org/springframework/security/util/filtertest-valid.xml
@@ -31,7 +31,7 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
     <!-- These are just here so we have filters of a specific type to check the ordering is as expected -->
     <bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
 
-    <bean id="apf" class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
+    <bean id="apf" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter">
        <property name="authenticationManager">
            <bean class="org.springframework.security.MockAuthenticationManager"/>
        </property>
diff --git a/itest/context/src/test/resources/filter-chain-performance-app-context.xml b/itest/context/src/test/resources/filter-chain-performance-app-context.xml
index d986ebe804..0e6ab55d36 100644
--- a/itest/context/src/test/resources/filter-chain-performance-app-context.xml
+++ b/itest/context/src/test/resources/filter-chain-performance-app-context.xml
@@ -39,7 +39,7 @@
 
     <bean id="scpf" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
 
-    <bean id="apf" class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
+    <bean id="apf" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter">
         <property name="authenticationManager" ref="authenticationManager"/>
     </bean>
 
@@ -55,7 +55,7 @@
     <bean id="scharf" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter" />
 
     <bean id="preAuthenticatedProcessingFilterEntryPoint"
-            class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
+            class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
 
     <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
         <constructor-arg value="/"/>
diff --git a/itest/web/src/main/webapp/WEB-INF/custom-filters.xml b/itest/web/src/main/webapp/WEB-INF/custom-filters.xml
index 93733c2cb2..bc55fa037c 100644
--- a/itest/web/src/main/webapp/WEB-INF/custom-filters.xml
+++ b/itest/web/src/main/webapp/WEB-INF/custom-filters.xml
@@ -7,7 +7,7 @@
                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
 
     <!-- A second APF in addition to the standard namespace one -->
-    <bean name="formLoginFilter2" class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
+    <bean name="formLoginFilter2" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter">
         <sec:custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
         <property name="filterProcessesUrl" value="/j_spring_security_check_2"/>
     </bean>
diff --git a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
index f9dac846e7..6c38b8903a 100755
--- a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
+++ b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
@@ -27,7 +27,7 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.FilterChainOrder;
 import org.springframework.security.web.SpringSecurityFilter;
-import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
@@ -445,7 +445,7 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
         authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
 
         // Place the last username attempted into HttpSession for views
-        session.setAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY, authRequest.getName());
+        session.setAttribute(UsernamePasswordAuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY, authRequest.getName());
 
         // Backup the current authentication in case of an AuthenticationException
         backupAuth = SecurityContextHolder.getContext().getAuthentication();
diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java
index 15aa93158d..b5e9c4fb48 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java
@@ -29,8 +29,8 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.FilterChainOrder;
-import org.springframework.security.web.authentication.AbstractProcessingFilter;
-import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
 import org.springframework.util.StringUtils;
 
 
@@ -63,7 +63,7 @@ import org.springframework.util.StringUtils;
  * @since 2.0
  * @see OpenIDAuthenticationProvider
  */
-public class OpenIDAuthenticationProcessingFilter extends AbstractProcessingFilter {
+public class OpenIDAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
     //~ Static fields/initializers =====================================================================================
 
     public static final String DEFAULT_CLAIMED_IDENTITY_FIELD = "j_username";
@@ -153,7 +153,7 @@ public class OpenIDAuthenticationProcessingFilter extends AbstractProcessingFilt
         HttpSession session = request.getSession(false);
 
         if (session != null || getAllowSessionCreation()) {
-            request.getSession().setAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY, username);
+            request.getSession().setAttribute(UsernamePasswordAuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY, username);
         }
     }
 
diff --git a/portlet/src/main/java/org/springframework/security/portlet/PortletProcessingInterceptor.java b/portlet/src/main/java/org/springframework/security/portlet/PortletProcessingInterceptor.java
index aaee3a38bc..030691ffc4 100644
--- a/portlet/src/main/java/org/springframework/security/portlet/PortletProcessingInterceptor.java
+++ b/portlet/src/main/java/org/springframework/security/portlet/PortletProcessingInterceptor.java
@@ -44,7 +44,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.authentication.AbstractProcessingFilter;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.util.Assert;
 import org.springframework.web.portlet.HandlerInterceptor;
@@ -52,14 +52,14 @@ import org.springframework.web.portlet.ModelAndView;
 
 /**
  * <p>This interceptor is responsible for processing portlet authentication requests.  This
- * is the portlet equivalent of the <code>AuthenticationProcessingFilter</code> used for
+ * is the portlet equivalent of the <code>UsernamePasswordAuthenticationProcessingFilter</code> used for
  * traditional servlet-based web applications. It is applied to both <code>ActionRequest</code>s
  * and <code>RenderRequest</code>s alike.  If authentication is successful, the resulting
  * {@link Authentication} object will be placed into the <code>SecurityContext</code>, which
  * is guaranteed to have already been created by an earlier interceptor.  If authentication
  * fails, the <code>AuthenticationException</code> will be placed into the
  * <code>APPLICATION_SCOPE</code> of the <code>PortletSession</code> with the attribute defined
- * by {@link AbstractProcessingFilter#SPRING_SECURITY_LAST_EXCEPTION_KEY}.</p>
+ * by {@link AbstractAuthenticationProcessingFilter#SPRING_SECURITY_LAST_EXCEPTION_KEY}.</p>
  *
  *  <p>Some portals do not properly provide the identity of the current user via the
  * <code>getRemoteUser()</code> or <code>getUserPrincipal()</code> methods of the
@@ -75,8 +75,8 @@ import org.springframework.web.portlet.ModelAndView;
  * <code>details<code> property of the <code>Authentication</code> object that is sent
  * as a request to the <code>AuthenticationManager</code>.
  *
- * @see org.springframework.security.web.authentication.AbstractProcessingFilter
- * @see org.springframework.security.web.authentication.AuthenticationProcessingFilter
+ * @see org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
+ * @see org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter
  * @author John A. Lewis
  * @since 2.0
  * @version $Id$
@@ -209,7 +209,7 @@ public class PortletProcessingInterceptor implements HandlerInterceptor, Initial
                 }
                 ctx.setAuthentication(null);
                 request.getPortletSession().setAttribute(
-                        AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY,
+                        AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY,
                         failed, PortletSession.APPLICATION_SCOPE);
                 onUnsuccessfulAuthentication(request, response, failed);
             }
diff --git a/portlet/src/test/java/org/springframework/security/portlet/PortletProcessingInterceptorTests.java b/portlet/src/test/java/org/springframework/security/portlet/PortletProcessingInterceptorTests.java
index 0fac061557..486eadaf22 100644
--- a/portlet/src/test/java/org/springframework/security/portlet/PortletProcessingInterceptorTests.java
+++ b/portlet/src/test/java/org/springframework/security/portlet/PortletProcessingInterceptorTests.java
@@ -31,7 +31,7 @@ import org.springframework.mock.web.portlet.MockActionRequest;
 import org.springframework.mock.web.portlet.MockActionResponse;
 import org.springframework.mock.web.portlet.MockRenderRequest;
 import org.springframework.mock.web.portlet.MockRenderResponse;
-import org.springframework.security.web.authentication.AbstractProcessingFilter;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -140,7 +140,7 @@ public class PortletProcessingInterceptorTests {
 
         // Verify that proper exception was thrown
         assertTrue(request.getPortletSession().getAttribute(
-                    AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY,
+                    AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY,
                     PortletSession.APPLICATION_SCOPE)
                     instanceof BadCredentialsException);
     }
diff --git a/samples/cas/client/src/main/webapp/casfailed.jsp b/samples/cas/client/src/main/webapp/casfailed.jsp
index e9fcbdb452..a1ff6b8114 100644
--- a/samples/cas/client/src/main/webapp/casfailed.jsp
+++ b/samples/cas/client/src/main/webapp/casfailed.jsp
@@ -1,5 +1,5 @@
 <%@ page import="org.springframework.security.core.AuthenticationException" %>
-<%@ page import="org.springframework.security.web.authentication.AbstractProcessingFilter" %>
+<%@ page import="org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter" %>
 
 <html>
 <head>
diff --git a/samples/portlet/src/main/java/org/springframework/web/portlet/sample/SecurityContextPortlet.java b/samples/portlet/src/main/java/org/springframework/web/portlet/sample/SecurityContextPortlet.java
index 6062e76460..91b1af1513 100644
--- a/samples/portlet/src/main/java/org/springframework/web/portlet/sample/SecurityContextPortlet.java
+++ b/samples/portlet/src/main/java/org/springframework/web/portlet/sample/SecurityContextPortlet.java
@@ -11,7 +11,7 @@ import javax.portlet.RenderRequest;
 import javax.portlet.RenderResponse;
 
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.authentication.AbstractProcessingFilter;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 
 
 /**
@@ -32,7 +32,7 @@ public class SecurityContextPortlet extends GenericPortlet {
         out.println("<p>The security context contains: " +
                 SecurityContextHolder.getContext().getAuthentication() +
                 "</p>");
-        Object lastException = request.getPortletSession().getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, PortletSession.APPLICATION_SCOPE);
+        Object lastException = request.getPortletSession().getAttribute(AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, PortletSession.APPLICATION_SCOPE);
 
         if (lastException != null) {
             out.println("Last Exception: " + lastException);
diff --git a/samples/preauth/src/main/webapp/WEB-INF/applicationContext-security.xml b/samples/preauth/src/main/webapp/WEB-INF/applicationContext-security.xml
index b1318b8c1c..083ed0b572 100644
--- a/samples/preauth/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/samples/preauth/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -36,7 +36,7 @@
     </bean>
 
     <bean id="preAuthenticatedProcessingFilterEntryPoint"
-            class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
+            class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
 
     <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
         <constructor-arg value="/"/>
diff --git a/src/docbkx/appendix-namespace.xml b/src/docbkx/appendix-namespace.xml
index 60ff8ad726..706c53fa33 100644
--- a/src/docbkx/appendix-namespace.xml
+++ b/src/docbkx/appendix-namespace.xml
@@ -83,7 +83,7 @@
         </para>
         <para>
           If enabled this will add a <classname>SessionFixationProtectionFilter</classname> to the stack. The session fixation protection
-          options on namespace-created instances of <classname>AbstractProcessingFilter</classname> will also be set appropriately.
+          options on namespace-created instances of <classname>AbstractAuthenticationProcessingFilter</classname> will also be set appropriately.
         </para>
       </section>
 
@@ -206,8 +206,8 @@
     <section xml:id="nsa-form-login">
       <title>The <literal>&lt;form-login&gt;</literal> Element</title>
       <para>
-        Used to add an <classname>AuthenticationProcessingFilter</classname> to the filter stack and an 
-        <classname>AuthenticationProcessingFilterEntryPoint</classname> to the application context to provide authentication
+        Used to add an <classname>UsernamePasswordAuthenticationProcessingFilter</classname> to the filter stack and an 
+        <classname>LoginUrlAuthenticationEntryPoint</classname> to the application context to provide authentication
         on demand. This will always take precedence over other namespace-created entry points.
         If no attributes are supplied, a login page will be generated automatically at the URL "/spring-security-login"
         <footnote><para>This feature is really just provided for convenience and is not intended for production (where a 
@@ -221,7 +221,7 @@
         <title><literal>login-page</literal></title>
         <para>
           The URL that should be used to render the login page. Maps to the <literal>loginFormUrl</literal>
-          property of the <classname>AuthenticationProcessingFilterEntryPoint</classname>. Defaults to
+          property of the <classname>LoginUrlAuthenticationEntryPoint</classname>. Defaults to
           "/spring-security-login".
         </para>
       </section>
@@ -229,14 +229,14 @@
       <section>
         <title><literal>login-processing-url</literal></title>
         <para>
-          Maps to the <literal>filterProcessesUrl</literal> property of <classname>AuthenticationProcessingFilter</classname>.
+          Maps to the <literal>filterProcessesUrl</literal> property of <classname>UsernamePasswordAuthenticationProcessingFilter</classname>.
           The default value is "/j_spring_security_check".
         </para>
       </section>
       
       <section>
         <title><literal>default-target-url</literal></title>
-        <para>Maps to the <literal>defaultTargetUrl</literal> property of <classname>AuthenticationProcessingFilter</classname>. If
+        <para>Maps to the <literal>defaultTargetUrl</literal> property of <classname>UsernamePasswordAuthenticationProcessingFilter</classname>. If
         not set, the default value is "/" (the application root). A user will be taken to this URL after logging in, provided they
         were not asked to login while attempting to access a secured resource, when they will be taken to the originally requested URL.
         </para>
@@ -247,14 +247,14 @@
         <para>
           If set to "true", the user will always start at the value given by <literal>default-target-url</literal>, regardless of how 
           they arrived at the login page. Maps to the <literal>alwaysUseDefaultTargetUrl</literal> property of
-          <classname>AuthenticationProcessingFilter</classname>. Default value is "false".
+          <classname>UsernamePasswordAuthenticationProcessingFilter</classname>. Default value is "false".
         </para>
       </section>
 
       <section>
         <title><literal>authentication-failure-url</literal></title>
         <para>
-          Maps to the <literal>authenticationFailureUrl</literal> property of <classname>AuthenticationProcessingFilter</classname>.
+          Maps to the <literal>authenticationFailureUrl</literal> property of <classname>UsernamePasswordAuthenticationProcessingFilter</classname>.
           Defines the URL the browser will be redirected to on login failure. Defaults to "/spring_security_login?login_error", which will
           be automatically handled by the automatic login page generator, re-rendering the login page with an error message.
         </para>
@@ -425,7 +425,7 @@
       <title>The <literal>&lt;openid-login&gt;</literal> Element</title>
       <para>
         Similar to <literal>&lt;form-login&gt;</literal> and has the same attributes. The default value for <literal>login-processing-url</literal> 
-        is "/j_spring_openid_security_check". An <classname>OpenIDAuthenticationProcessingFilter</classname> and <classname>OpenIDAuthenticationProvider</classname>
+        is "/j_spring_openid_security_check". An <classname>OpenIDUsernamePasswordAuthenticationProcessingFilter</classname> and <classname>OpenIDAuthenticationProvider</classname>
         will be registered. The latter requires a reference to a <interfacename>UserDetailsService</interfacename>. Again, this can be
         specified by Id, using the <literal>user-service-ref</literal> attribute, or will be located automatically in the application context.
       </para>
diff --git a/src/docbkx/cas-auth-provider.xml b/src/docbkx/cas-auth-provider.xml
index 3ebfafc299..2bcc394dfe 100644
--- a/src/docbkx/cas-auth-provider.xml
+++ b/src/docbkx/cas-auth-provider.xml
@@ -316,7 +316,7 @@
     </para>
 
     <para>The <literal>CasProcessingFilter</literal> has very similar
-    properties to the <literal>AuthenticationProcessingFilter</literal>
+    properties to the <literal>UsernamePasswordAuthenticationProcessingFilter</literal>
     (used for form-based logins). Each property is
     self-explanatory. Note that we've also used the namespace syntax 
     for setting up an alias to the authentication mnager, since the 
diff --git a/src/docbkx/channel-security.xml b/src/docbkx/channel-security.xml
index aa3c3321b2..198faed75d 100644
--- a/src/docbkx/channel-security.xml
+++ b/src/docbkx/channel-security.xml
@@ -119,7 +119,7 @@
         <classname>ChannelProcessingFilter</classname> with form-based login,
         please ensure that your login page is set to
         <literal>REQUIRES_SECURE_CHANNEL</literal>, and that the
-        <literal>AuthenticationProcessingFilterEntryPoint.forceHttps</literal>
+        <literal>LoginUrlAuthenticationEntryPoint.forceHttps</literal>
         property is <literal>true</literal>.</para>
 </section>
 
diff --git a/src/docbkx/common-auth-services.xml b/src/docbkx/common-auth-services.xml
index f03903f6bb..1deb413c69 100644
--- a/src/docbkx/common-auth-services.xml
+++ b/src/docbkx/common-auth-services.xml
@@ -67,7 +67,7 @@
     guide - although they are correct in the above example.</para>
 
     <para>In our example we have the
-    <literal>AuthenticationProcessingFilter</literal> and
+    <literal>UsernamePasswordAuthenticationProcessingFilter</literal> and
     <literal>BasicProcessingFilter</literal> being used. These are the
     "authentication mechanisms" that respond to form-based authentication
     and BASIC HTTP header-based authentication respectively (we discussed
@@ -197,7 +197,7 @@
 </bean>
 
 <bean id="authenticationProcessingFilterEntryPoint"
-        class="org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint">
+        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
   <property name="loginFormUrl" value="/login.jsp"/>
   <property name="forceHttps">< value="false"/>
 </bean>]]></programlisting></para>
diff --git a/src/docbkx/form-authentication.xml b/src/docbkx/form-authentication.xml
index 68e5d045ff..8ec16b1747 100644
--- a/src/docbkx/form-authentication.xml
+++ b/src/docbkx/form-authentication.xml
@@ -6,7 +6,7 @@
         
         
         <para>HTTP Form Authentication involves using the
-            <literal>AuthenticationProcessingFilter</literal> to process a login
+            <literal>UsernamePasswordAuthenticationProcessingFilter</literal> to process a login
             form. This is the most common way for an application to authenticate end
             users. Form-based authentication is entirely compatible with the DAO
             and JAAS authentication providers.</para>
@@ -19,10 +19,10 @@
             <literal>j_password</literal> input fields, and posts to a URL that is
             monitored by the filter (by default
             <literal>/j_spring_security_check</literal>). You should add an 
-            <literal>AuthenticationProcessingFilter</literal> to your application context:
+            <literal>UsernamePasswordAuthenticationProcessingFilter</literal> to your application context:
             <programlisting><![CDATA[    
 <bean id="authenticationProcessingFilter"
-    class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
+    class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter">
   <property name="authenticationManager" ref="authenticationManager"/>
   <property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/>
   <property name="defaultTargetUrl" value="/"/>
@@ -36,7 +36,7 @@
             <literal>authenticationFailureUrl</literal>. The
             <literal>AuthenticationException</literal> will be placed into the
             <literal>HttpSession</literal> attribute indicated by
-            <literal>AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY</literal>,
+            <literal>AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY</literal>,
             enabling a reason to be provided to the user on the error page.</para>
         
         <para>If authentication is successful, the resulting
@@ -46,7 +46,7 @@
         <para>Once the <classname>SecurityContextHolder</classname> has been
             updated, the browser will need to be redirected to the target URL which 
             is usually indicated by the <literal>HttpSession</literal> attribute stored under
-            <literal>AbstractProcessingFilter.SPRING_SECURITY_TARGET_URL_KEY</literal>.
+            <literal>AbstractAuthenticationProcessingFilter.SPRING_SECURITY_TARGET_URL_KEY</literal>.
             This attribute is automatically set by the
             <classname>ExceptionTranslationFilter</classname> when an
             <literal>AuthenticationException</literal> occurs, so that after login
diff --git a/src/docbkx/namespace-config.xml b/src/docbkx/namespace-config.xml
index 6aa809ebb7..ae03f3ddce 100644
--- a/src/docbkx/namespace-config.xml
+++ b/src/docbkx/namespace-config.xml
@@ -395,7 +395,7 @@
         at particular locations or use a Spring Security filter for which there isn't currently a
         namespace configuration option (CAS, for example). Or you might want to use a customized
         version of a standard namespace filter, such as the
-          <literal>AuthenticationProcessingFilter</literal> which is created by the
+          <literal>UsernamePasswordAuthenticationProcessingFilter</literal> which is created by the
           <literal>&lt;form-login&gt;</literal> element, taking advantage of some of the extra
         configuration options which are available by using defining the bean directly. How can you
         do this with namespace configuration, since the filter chain is not directly exposed? </para>
@@ -453,7 +453,7 @@
               </row>
               <row>
                 <entry> AUTHENTICATION_PROCESSING_FILTER </entry>
-                <entry><literal>AuthenticationProcessingFilter</literal></entry>
+                <entry><literal>UsernamePasswordAuthenticationProcessingFilter</literal></entry>
                 <entry><literal>http/form-login</literal></entry>
               </row>
               <row>
@@ -691,7 +691,7 @@
       you can then use this name elsewhere in your application context. <programlisting><![CDATA[        
   <security:authentication-manager alias="authenticationManager"/>
 
-  <bean id="customizedFormLoginFilter" class="org.springframework.security.web.authentication.AuthenticationProcessingFilter">
+  <bean id="customizedFormLoginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter">
      <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER "/>
      <property name="authenticationManager" ref="authenticationManager"/>
      ...
diff --git a/src/docbkx/preauth.xml b/src/docbkx/preauth.xml
index 7387194e98..b795edb809 100644
--- a/src/docbkx/preauth.xml
+++ b/src/docbkx/preauth.xml
@@ -109,7 +109,7 @@
       </para>
     </section>
     <section>
-      <title>PreAuthenticatedProcessingFilterEntryPoint</title>
+      <title>Http403ForbiddenEntryPoint</title>
       <para>
         The <interfacename>AuthenticationEntryPoint</interfacename> was discussed in the <link xlink:href="#tech-auth-entry-point">technical
         overview</link> chapter. Normally it is responsible for kick-starting the authentication process for an unauthenticated user
diff --git a/src/docbkx/remember-me-authentication.xml b/src/docbkx/remember-me-authentication.xml
index 98e8ec5edb..9dc62800c9 100644
--- a/src/docbkx/remember-me-authentication.xml
+++ b/src/docbkx/remember-me-authentication.xml
@@ -92,8 +92,8 @@
     <para>Remember-me authentication is not used with basic
         authentication, given it is often not used with
         <literal>HttpSession</literal>s. Remember-me is used with
-        <literal>AuthenticationProcessingFilter</literal>, and is implemented
-        via hooks in the <literal>AbstractProcessingFilter</literal>
+        <literal>UsernamePasswordAuthenticationProcessingFilter</literal>, and is implemented
+        via hooks in the <literal>AbstractAuthenticationProcessingFilter</literal>
         superclass. The hooks will invoke a concrete
         <interfacename>RememberMeServices</interfacename> at the appropriate times. The
         interface looks like this:
@@ -104,7 +104,7 @@
     </programlisting>
         Please refer to the JavaDocs for a fuller discussion on what the
         methods do, although note at this stage that
-        <literal>AbstractProcessingFilter</literal> only calls the
+        <literal>AbstractAuthenticationProcessingFilter</literal> only calls the
         <literal>loginFail()</literal> and <literal>loginSuccess()</literal>
         methods. The <literal>autoLogin()</literal> method is called by
         <classname>RememberMeProcessingFilter</classname> whenever the
@@ -156,13 +156,13 @@
 ]]>        
             </programlisting>Don't forget to add your
                 <interfacename>RememberMeServices</interfacename> implementation to your
-                <literal>AuthenticationProcessingFilter.setRememberMeServices()</literal>
+                <literal>UsernamePasswordAuthenticationProcessingFilter.setRememberMeServices()</literal>
                 property, include the
                 <literal>RememberMeAuthenticationProvider</literal> in your
                 <literal>AuthenticationManager.setProviders()</literal> list, and add
                 <classname>RememberMeProcessingFilter</classname> into your
                 <classname>FilterChainProxy</classname> (typically immediately after your
-                <literal>AuthenticationProcessingFilter</literal>).</para>           
+                <literal>UsernamePasswordAuthenticationProcessingFilter</literal>).</para>           
         </section>
         <section>
             <title>PersistentTokenBasedRememberMeServices</title>
diff --git a/src/docbkx/secured-objects.xml b/src/docbkx/secured-objects.xml
index 4c068839dc..453a96d178 100644
--- a/src/docbkx/secured-objects.xml
+++ b/src/docbkx/secured-objects.xml
@@ -192,7 +192,7 @@ public void afterPropertiesSet() throws Exception {
 </bean>
 
 <bean id="authenticationEntryPoint"
-        class="org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint">
+        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
   <property name="loginFormUrl" value="/acegilogin.jsp"/>
   <property name="forceHttps" value="false"/>
 </bean>
@@ -222,13 +222,13 @@ public void afterPropertiesSet() throws Exception {
     authenticated. The class handles presenting the appropriate response
     to the user so that authentication can begin. Three concrete
     implementations are provided with Spring Security:
-    <classname>AuthenticationProcessingFilterEntryPoint</classname> for
+    <classname>LoginUrlAuthenticationEntryPoint</classname> for
     commencing a form-based authentication,
     <literal>BasicProcessingFilterEntryPoint</literal> for commencing a
     HTTP Basic authentication process, and
     <literal>CasProcessingFilterEntryPoint</literal> for commencing a
     JA-SIG Central Authentication Service (CAS) login. The
-    <classname>AuthenticationProcessingFilterEntryPoint</classname> and
+    <classname>LoginUrlAuthenticationEntryPoint</classname> and
     <literal>CasProcessingFilterEntryPoint</literal> have optional
     properties related to forcing the use of HTTPS, so please refer to the
     JavaDocs if you require this.</para>
diff --git a/src/docbkx/siteminder-auth-provider.xml b/src/docbkx/siteminder-auth-provider.xml
index f39bce8a83..75480652a6 100644
--- a/src/docbkx/siteminder-auth-provider.xml
+++ b/src/docbkx/siteminder-auth-provider.xml
@@ -8,7 +8,7 @@
         Associates.</para>
     
     <para>Spring Security provides a filter,
-        <literal>SiteminderAuthenticationProcessingFilter</literal> and
+        <literal>SiteminderUsernamePasswordAuthenticationProcessingFilter</literal> and
         provider, <literal>SiteminderAuthenticationProvider</literal> that can
         be used to process requests that have been pre-authenticated by
         Siteminder. This filter assumes that you're using Siteminder for
@@ -39,7 +39,7 @@
         example:</para>
     
     <para><programlisting>&lt;bean id="authenticationProcessingFilter"
-        class="org.springframework.security.ui.webapp.SiteminderAuthenticationProcessingFilter"&gt;
+        class="org.springframework.security.ui.webapp.SiteminderUsernamePasswordAuthenticationProcessingFilter"&gt;
         &lt;property name="authenticationManager"&gt;&lt;ref bean="authenticationManager"/&gt;&lt;/property&gt;
         &lt;property name="authenticationFailureUrl"&gt;&lt;value&gt;/login.jsp?login_error=1&lt;/value&gt;&lt;/property&gt;
         &lt;property name="defaultTargetUrl"&gt;&lt;value&gt;/security.do?method=getMainMenu&lt;/value&gt;&lt;/property&gt;
diff --git a/src/docbkx/springsecurity.xml b/src/docbkx/springsecurity.xml
index 29496b0b75..53a8cf9449 100644
--- a/src/docbkx/springsecurity.xml
+++ b/src/docbkx/springsecurity.xml
@@ -4,7 +4,7 @@
   <info><title>Spring Security</title><subtitle>Reference Documentation</subtitle><author>
       <personname>Ben Alex, Luke Taylor</personname>
     </author>
-    <releaseinfo>2.0.x</releaseinfo>
+    <releaseinfo>3.0.0.M1</releaseinfo>
   </info>
   <toc/>
   <preface xml:id="preface">
@@ -65,7 +65,7 @@
     <partintro>
       <para>The later parts of this guide provide an in-depth discussion of the framework
         architecture and implementation classes, an understanding of which is important if you need
-        to do any serious customization. In this part, we'll introduce Spring Security 2.0, give a
+        to do any serious customization. In this part, we'll introduce Spring Security 3.0, give a
         brief overview of the project's history and take a slightly gentler look at how to get
         started using the framework. In particular, we'll look at namespace configuration which
         provides a much simpler way of securing your application compared to the traditional Spring
diff --git a/src/docbkx/supporting-infrastructure.xml b/src/docbkx/supporting-infrastructure.xml
index 7b10b413c4..556424127d 100644
--- a/src/docbkx/supporting-infrastructure.xml
+++ b/src/docbkx/supporting-infrastructure.xml
@@ -239,7 +239,7 @@
 
       <listitem>
         <para>Authentication processing mechanisms -
-        <literal>AuthenticationProcessingFilter</literal>,
+        <literal>UsernamePasswordAuthenticationProcessingFilter</literal>,
         <literal>CasProcessingFilter</literal>,
         <literal>BasicProcessingFilter, HttpRequestIntegrationFilter,
         JbossIntegrationFilter</literal> etc - so that the
diff --git a/src/docbkx/technical-overview.xml b/src/docbkx/technical-overview.xml
index 9cc8d92483..e3c37f519e 100644
--- a/src/docbkx/technical-overview.xml
+++ b/src/docbkx/technical-overview.xml
@@ -503,7 +503,7 @@ if (obj instanceof UserDetails) {
         A "configuration attribute" can be thought of as a String that has special meaning to the classes used by
         <classname>AbstractSecurityInterceptor</classname>. They may be simple role names or have more complex meaning, depending on the
         how sophisticated the <interfacename>AccessDecisionManager</interfacename> implementation is. 
-        The <classname>AbstractSecurityInterceptor</classname> is configured with an <interfacename>ObjectDefinitionSource</interfacename> which 
+        The <classname>AbstractSecurityInterceptor</classname> is configured with a <interfacename>SecurityMetadataSource</interfacename> which 
         it uses to look up the attributes for a secure object. Usually this configuration will be hidden from the user. Configuration
         attributes will be entered as annotations on secured methods, or as access attributes on secured URLs (using the 
         namespace <literal>&lt;intercept-url&gt;</literal> syntax).
diff --git a/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
index 71077c0466..27b992d3ad 100644
--- a/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/AuthenticationEntryPoint.java
@@ -38,7 +38,7 @@ public interface AuthenticationEntryPoint {
      * Commences an authentication scheme.
      * <p>
      * <code>ExceptionTranslationFilter</code> will populate the <code>HttpSession</code> attribute named
-     * <code>AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY</code> with the requested target URL before
+     * <code>AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY</code> with the requested target URL before
      * calling this method.
      * <p>
      * Implementations should modify the headers on the <code>ServletResponse</code> as necessary to
diff --git a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
index b3d1b1f700..0703c6c8b3 100644
--- a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
@@ -206,7 +206,7 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements
             SavedRequest savedRequest = new SavedRequest(request, portResolver);
 
             if (createSessionAllowed || request.getSession(false) != null) {
-                // Store the HTTP request itself. Used by AbstractProcessingFilter
+                // Store the HTTP request itself. Used by AbstractAuthenticationProcessingFilter
                 // for redirection after successful authentication (SEC-29)
                 request.getSession().setAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY, savedRequest);
                 logger.debug("SavedRequest added to Session: " + savedRequest);
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
new file mode 100644
index 0000000000..02dd4f3df3
--- /dev/null
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
@@ -0,0 +1,439 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.authentication;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.context.ApplicationEventPublisherAware;
+import org.springframework.context.MessageSource;
+import org.springframework.context.MessageSourceAware;
+import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.security.authentication.AuthenticationDetailsSource;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.concurrent.SessionRegistry;
+import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.SpringSecurityMessageSource;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.SpringSecurityFilter;
+import org.springframework.security.web.session.SessionUtils;
+import org.springframework.security.web.util.UrlUtils;
+import org.springframework.util.Assert;
+
+/**
+ * Abstract processor of browser-based HTTP-based authentication requests.
+ *
+ * <h3>Authentication Process</h3>
+ *
+ * The filter requires that you set the <tt>authenticationManager</tt> property. An <tt>AuthenticationManager</tt> is
+ * required to process the authentication request tokens created by implementing classes.
+ * <p>
+ * This filter will intercept a request and attempt to perform authentication from that request if
+ * the request URL matches the value of the <tt>filterProcessesUrl</tt> property. This behaviour can modified by
+ * overriding the  method {@link #requiresAuthentication(HttpServletRequest, HttpServletResponse) requiresAuthentication}.
+ * <p>
+ * Authentication is performed by the {@link #attemptAuthentication(HttpServletRequest, HttpServletResponse)
+ * attemptAuthentication} method, which must be implemented by subclasses.
+ *
+ * <h4>Authentication Success</h4>
+ *
+ * If authentication is successful, the resulting {@link Authentication} object will be placed into the
+ * <code>SecurityContext</code> for the current thread, which is guaranteed to have already been created by an earlier
+ * filter. The configured {@link #setAuthenticationSuccessHandler(AuthenticationSuccessHandler) AuthenticationSuccessHandler} will
+ * then be called to take the redirect to the appropriate destination after a successful login. The default behaviour
+ * is implemented in a {@link SavedRequestAwareAuthenticationSuccessHandler} which will make use of any
+ * <tt>SavedRequest</tt> set by the <tt>ExceptionTranslationFilter</tt> and redirect the user to the URL contained
+ * therein. Otherwise it will redirect to the webapp root "/". You can customize this behaviour by injecting a
+ * differently configured instance of this class, or by using a different implementation.
+ * <p>
+ * See the {@link #successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication)
+ * successfulAuthentication} method for more information.
+ *
+ * <h4>Authentication Failure</h4>
+ *
+ * If authentication fails, the resulting <tt>AuthenticationException</tt> will be placed into the <tt>HttpSession</tt>
+ * with the attribute defined by {@link #SPRING_SECURITY_LAST_EXCEPTION_KEY}. It will then delegate to the configured
+ * {@link AuthenticationFailureHandler} to allow the failure information to be conveyed to the client.
+ * The default implementation is {@link SimpleUrlAuthenticationFailureHandler}, which sends a 401 error code to the
+ * client. It may also be configured with a failure URL as an alternative. Again you can inject whatever
+ * behaviour you require here.
+ *
+ * <h4>Event Publication</h4>
+ *
+ * If authentication is successful, an
+ * {@link org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent
+ * InteractiveAuthenticationSuccessEvent} will be published via the application context. No events will be published if
+ * authentication was unsuccessful, because this would generally be recorded via an
+ * <tt>AuthenticationManager</tt>-specific application event.
+ * <p>
+ * The filter has an optional attribute <tt>invalidateSessionOnSuccessfulAuthentication</tt> that will invalidate
+ * the current session on successful authentication. This is to protect against session fixation attacks (see
+ * <a href="http://en.wikipedia.org/wiki/Session_fixation">this Wikipedia article</a> for more information).
+ * The behaviour is turned off by default. Additionally there is a property <tt>migrateInvalidatedSessionAttributes</tt>
+ * which tells if on session invalidation we are to migrate all session attributes from the old session to a newly
+ * created one. This is turned on by default, but not used unless <tt>invalidateSessionOnSuccessfulAuthentication</tt>
+ * is true. If you are using this feature in combination with concurrent session control, you should set the
+ * <tt>sessionRegistry</tt> property to make sure that the session information is updated consistently.
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public abstract class AbstractAuthenticationProcessingFilter extends SpringSecurityFilter implements InitializingBean,
+        ApplicationEventPublisherAware, MessageSourceAware {
+    //~ Static fields/initializers =====================================================================================
+
+    public static final String SPRING_SECURITY_LAST_EXCEPTION_KEY = "SPRING_SECURITY_LAST_EXCEPTION";
+
+    //~ Instance fields ================================================================================================
+
+    protected ApplicationEventPublisher eventPublisher;
+    protected AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
+    private AuthenticationManager authenticationManager;
+    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
+    /*
+     * Delay use of NullRememberMeServices until initialization so that namespace has a chance to inject
+     * the RememberMeServices implementation into custom implementations.
+     */
+    private RememberMeServices rememberMeServices = null;
+
+    /**
+     * The URL destination that this filter intercepts and processes (usually
+     * something like <code>/j_spring_security_check</code>)
+     */
+    private String filterProcessesUrl;
+
+    private boolean continueChainBeforeSuccessfulAuthentication = false;
+
+    /**
+     * Tells if we on successful authentication should invalidate the
+     * current session. This is a common guard against session fixation attacks.
+     * Defaults to <code>false</code>.
+     */
+    private boolean invalidateSessionOnSuccessfulAuthentication = false;
+
+    /**
+     * If {@link #invalidateSessionOnSuccessfulAuthentication} is true, this
+     * flag indicates that the session attributes of the session to be invalidated
+     * are to be migrated to the new session. Defaults to <code>true</code> since
+     * nothing will happen unless {@link #invalidateSessionOnSuccessfulAuthentication}
+     * is true.
+     */
+    private boolean migrateInvalidatedSessionAttributes = true;
+
+    private boolean allowSessionCreation = true;
+
+    private SessionRegistry sessionRegistry;
+
+    private AuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
+    private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
+
+    //~ Constructors ===================================================================================================
+
+    /**
+     * @param defaultFilterProcessesUrl the default value for <tt>filterProcessesUrl</tt>.
+     */
+    protected AbstractAuthenticationProcessingFilter(String defaultFilterProcessesUrl) {
+        this.filterProcessesUrl = defaultFilterProcessesUrl;
+    }
+
+    //~ Methods ========================================================================================================
+
+    public void afterPropertiesSet() throws Exception {
+        Assert.hasLength(filterProcessesUrl, "filterProcessesUrl must be specified");
+        Assert.isTrue(UrlUtils.isValidRedirectUrl(filterProcessesUrl), filterProcessesUrl + " isn't a valid redirect URL");
+        Assert.notNull(authenticationManager, "authenticationManager must be specified");
+
+        if (rememberMeServices == null) {
+            rememberMeServices = new NullRememberMeServices();
+        }
+    }
+
+    /**
+     * Invokes the {@link #requiresAuthentication(HttpServletRequest, HttpServletResponse) requiresAuthentication}
+     * method to determine whether the request is for authentication and should be handled by this filter.
+     * If it is an authentication request, the
+     * {@link #attemptAuthentication(HttpServletRequest, HttpServletResponse) attemptAuthentication} will be invoked
+     * to perform the authentication. There are then three possible outcomes:
+     * <ol>
+     * <li>An <tt>Authentication</tt> object is returned.
+     * The {@link #successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication)
+     * successfulAuthentication} method will be invoked</li>
+     * <li>An <tt>AuthenticationException</tt> occurs during authentication.
+     * The {@link #unSuccessfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication)
+     * unSuccessfulAuthentication} method will be invoked</li>
+     * <li>Null is returned, indicating that the authentication process is incomplete.
+     * The method will then return immediately, assuming that the subclass has done any necessary work (such as
+     * redirects) to continue the authentication process. The assumption is that a later request will be received
+     * by this method where the returned <tt>Authentication</tt> object is not null.
+     * </ol>
+     */
+    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
+
+        if (!requiresAuthentication(request, response)) {
+            chain.doFilter(request, response);
+
+            return;
+        }
+
+        if (logger.isDebugEnabled()) {
+            logger.debug("Request is to process authentication");
+        }
+
+        Authentication authResult;
+
+        try {
+            authResult = attemptAuthentication(request, response);
+            if (authResult == null) {
+                // return immediately as subclass has indicated that it hasn't completed authentication
+                return;
+            }
+        }
+        catch (AuthenticationException failed) {
+            // Authentication failed
+            unsuccessfulAuthentication(request, response, failed);
+
+            return;
+        }
+
+        // Authentication success
+        if (continueChainBeforeSuccessfulAuthentication) {
+            chain.doFilter(request, response);
+        }
+
+        successfulAuthentication(request, response, authResult);
+    }
+
+    /**
+     * Indicates whether this filter should attempt to process a login request for the current invocation.
+     * <p>
+     * It strips any parameters from the "path" section of the request URL (such
+     * as the jsessionid parameter in
+     * <em>http://host/myapp/index.html;jsessionid=blah</em>) before matching
+     * against the <code>filterProcessesUrl</code> property.
+     * <p>
+     * Subclasses may override for special requirements, such as Tapestry integration.
+     *
+     * @return <code>true</code> if the filter should attempt authentication, <code>false</code> otherwise.
+     */
+    protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
+        String uri = request.getRequestURI();
+        int pathParamIndex = uri.indexOf(';');
+
+        if (pathParamIndex > 0) {
+            // strip everything after the first semi-colon
+            uri = uri.substring(0, pathParamIndex);
+        }
+
+        if ("".equals(request.getContextPath())) {
+            return uri.endsWith(filterProcessesUrl);
+        }
+
+        return uri.endsWith(request.getContextPath() + filterProcessesUrl);
+    }
+
+    /**
+     * Performs actual authentication.
+     * <p>
+     * The implementation should do one of the following:
+     * <ol>
+     * <li>Return a populated authentication token for the authenticated user, indicating successful authentication</li>
+     * <li>Return null, indicating that the authentication process is still in progress. Before returning, the
+     * implementation should perform any additional work required to complete the process.</li>
+     * <li>Throw an <tt>AuthenticationException</tt> if the authentication process fails</li>
+     * </ol>
+     *
+     * @param request   from which to extract parameters and perform the authentication
+     * @param response  the response, which may be needed if the implementation has to do a redirect as part of a
+     *                  multi-stage authentication process (such as OpenID).
+     *
+     * @return the authenticated user token, or null if authentication is incomplete.
+     *
+     * @throws AuthenticationException if authentication fails.
+     */
+    public abstract Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
+            throws AuthenticationException, IOException, ServletException;
+
+    /**
+     * Default behaviour for successful authentication.
+     * <ol>
+     * <li>Sets the successful <tt>Authentication</tt> object on the {@link SecurityContextHolder}</li>
+     * <li>Performs any configured session migration behaviour</li>
+     * <li>Informs the configured <tt>RememberMeServices</tt> of the successful login</li>
+     * <li>Fires an {@link InteractiveAuthenticationSuccessEvent} via the configured
+     * <tt>ApplicationEventPublisher</tt></li>
+     * <li>Delegates additional behaviour to the {@link AuthenticationSuccessHandler}.</li>
+     * </ol>
+     *
+     * @param authResult the object returned from the <tt>attemptAuthentication</tt> method.
+     */
+    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
+            Authentication authResult) throws IOException, ServletException {
+
+        if (logger.isDebugEnabled()) {
+            logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
+        }
+
+        SecurityContextHolder.getContext().setAuthentication(authResult);
+
+        if (invalidateSessionOnSuccessfulAuthentication) {
+            SessionUtils.startNewSessionIfRequired(request, migrateInvalidatedSessionAttributes, sessionRegistry);
+        }
+
+        rememberMeServices.loginSuccess(request, response, authResult);
+
+        // Fire event
+        if (this.eventPublisher != null) {
+            eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
+        }
+
+        successHandler.onAuthenticationSuccess(request, response, authResult);
+    }
+
+    /**
+     * Default behaviour for unsuccessful authentication.
+     * <ol>
+     * <li>Clears the {@link SecurityContextHolder}</li>
+     * <li>Stores the exception in the session (if it exists or <tt>allowSesssionCreation</tt> is set to <tt>true</tt>)</li>
+     * <li>Informs the configured <tt>RememberMeServices</tt> of the failed login</li>
+     * <li>Delegates additional behaviour to the {@link AuthenticationFailureHandler}.</li>
+     * </ol>
+     */
+    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
+            AuthenticationException failed) throws IOException, ServletException {
+        SecurityContextHolder.clearContext();
+
+        if (logger.isDebugEnabled()) {
+            logger.debug("Authentication request failed: " + failed.toString());
+            logger.debug("Updated SecurityContextHolder to contain null Authentication");
+            logger.debug("Delegating to authentication failure handler" + failureHandler);
+        }
+
+        try {
+            HttpSession session = request.getSession(false);
+
+            if (session != null || allowSessionCreation) {
+                request.getSession().setAttribute(SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
+            }
+        }
+        catch (Exception ignored) {
+        }
+
+        rememberMeServices.loginFail(request, response);
+
+        failureHandler.onAuthenticationFailure(request, response, failed);
+    }
+
+    protected AuthenticationManager getAuthenticationManager() {
+        return authenticationManager;
+    }
+
+    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+    }
+
+    public String getFilterProcessesUrl() {
+        return filterProcessesUrl;
+    }
+
+    public void setFilterProcessesUrl(String filterProcessesUrl) {
+        this.filterProcessesUrl = filterProcessesUrl;
+    }
+
+    public RememberMeServices getRememberMeServices() {
+        return rememberMeServices;
+    }
+
+    public void setRememberMeServices(RememberMeServices rememberMeServices) {
+        this.rememberMeServices = rememberMeServices;
+    }
+
+    /**
+     * Indicates if the filter chain should be continued prior to delegation to
+     * {@link #successfulAuthentication(HttpServletRequest, HttpServletResponse,
+     * Authentication)}, which may be useful in certain environment (such as
+     * Tapestry applications). Defaults to <code>false</code>.
+     */
+    public void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication) {
+        this.continueChainBeforeSuccessfulAuthentication = continueChainBeforeSuccessfulAuthentication;
+    }
+
+    public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
+        this.eventPublisher = eventPublisher;
+    }
+
+    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
+        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
+        this.authenticationDetailsSource = authenticationDetailsSource;
+    }
+
+    public void setMessageSource(MessageSource messageSource) {
+        this.messages = new MessageSourceAccessor(messageSource);
+    }
+
+    public void setInvalidateSessionOnSuccessfulAuthentication(boolean invalidateSessionOnSuccessfulAuthentication) {
+        this.invalidateSessionOnSuccessfulAuthentication = invalidateSessionOnSuccessfulAuthentication;
+    }
+
+    public void setMigrateInvalidatedSessionAttributes(boolean migrateInvalidatedSessionAttributes) {
+        this.migrateInvalidatedSessionAttributes = migrateInvalidatedSessionAttributes;
+    }
+
+    public AuthenticationDetailsSource getAuthenticationDetailsSource() {
+        // Required due to SEC-310
+        return authenticationDetailsSource;
+    }
+
+    protected boolean getAllowSessionCreation() {
+        return allowSessionCreation;
+    }
+
+    public void setAllowSessionCreation(boolean allowSessionCreation) {
+        this.allowSessionCreation = allowSessionCreation;
+    }
+
+    /**
+     * The session registry needs to be set if session fixation attack protection is in use (and concurrent
+     * session control is enabled).
+     */
+    public void setSessionRegistry(SessionRegistry sessionRegistry) {
+        this.sessionRegistry = sessionRegistry;
+    }
+
+    /**
+     * Sets the strategy used to handle a successful authentication.
+     * By default a {@link SavedRequestAwareAuthenticationSuccessHandler} is used.
+     */
+    public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler) {
+        Assert.notNull(successHandler, "successHandler cannot be null");
+        this.successHandler = successHandler;
+    }
+
+    public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) {
+        Assert.notNull(failureHandler, "failureHandler cannot be null");
+        this.failureHandler = failureHandler;
+    }
+}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractProcessingFilter.java
index 05ad766d04..4bbfd58dee 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractProcessingFilter.java
@@ -1,439 +1,18 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
 package org.springframework.security.web.authentication;
 
-import java.io.IOException;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.context.ApplicationEventPublisher;
-import org.springframework.context.ApplicationEventPublisherAware;
-import org.springframework.context.MessageSource;
-import org.springframework.context.MessageSourceAware;
-import org.springframework.context.support.MessageSourceAccessor;
-import org.springframework.security.authentication.AuthenticationDetailsSource;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.concurrent.SessionRegistry;
-import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.SpringSecurityMessageSource;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.SpringSecurityFilter;
-import org.springframework.security.web.session.SessionUtils;
-import org.springframework.security.web.util.UrlUtils;
-import org.springframework.util.Assert;
-
 /**
- * Abstract processor of browser-based HTTP-based authentication requests.
- *
- * <h3>Authentication Process</h3>
- *
- * The filter requires that you set the <tt>authenticationManager</tt> property. An <tt>AuthenticationManager</tt> is
- * required to process the authentication request tokens created by implementing classes.
+ * Renamed class, retained for backwards compatibility.
  * <p>
- * This filter will intercept a request and attempt to perform authentication from that request if
- * the request URL matches the value of the <tt>filterProcessesUrl</tt> property. This behaviour can modified by
- * overriding the  method {@link #requiresAuthentication(HttpServletRequest, HttpServletResponse) requiresAuthentication}.
- * <p>
- * Authentication is performed by the {@link #attemptAuthentication(HttpServletRequest, HttpServletResponse)
- * attemptAuthentication} method, which must be implemented by subclasses.
+ * See {@link AbstractAuthenticationProcessingFilter}.
  *
- * <h4>Authentication Success</h4>
- *
- * If authentication is successful, the resulting {@link Authentication} object will be placed into the
- * <code>SecurityContext</code> for the current thread, which is guaranteed to have already been created by an earlier
- * filter. The configured {@link #setAuthenticationSuccessHandler(AuthenticationSuccessHandler) AuthenticationSuccessHandler} will
- * then be called to take the redirect to the appropriate destination after a successful login. The default behaviour
- * is implemented in a {@link SavedRequestAwareAuthenticationSuccessHandler} which will make use of any
- * <tt>SavedRequest</tt> set by the <tt>ExceptionTranslationFilter</tt> and redirect the user to the URL contained
- * therein. Otherwise it will redirect to the webapp root "/". You can customize this behaviour by injecting a
- * differently configured instance of this class, or by using a different implementation.
- * <p>
- * See the {@link #successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication)
- * successfulAuthentication} method for more information.
- *
- * <h4>Authentication Failure</h4>
- *
- * If authentication fails, the resulting <tt>AuthenticationException</tt> will be placed into the <tt>HttpSession</tt>
- * with the attribute defined by {@link #SPRING_SECURITY_LAST_EXCEPTION_KEY}. It will then delegate to the configured
- * {@link AuthenticationFailureHandler} to allow the failure information to be conveyed to the client.
- * The default implementation is {@link SimpleUrlAuthenticationFailureHandler}, which sends a 401 error code to the
- * client. It may also be configured with a failure URL as an alternative. Again you can inject whatever
- * behaviour you require here.
- *
- * <h4>Event Publication</h4>
- *
- * If authentication is successful, an
- * {@link org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent
- * InteractiveAuthenticationSuccessEvent} will be published via the application context. No events will be published if
- * authentication was unsuccessful, because this would generally be recorded via an
- * <tt>AuthenticationManager</tt>-specific application event.
- * <p>
- * The filter has an optional attribute <tt>invalidateSessionOnSuccessfulAuthentication</tt> that will invalidate
- * the current session on successful authentication. This is to protect against session fixation attacks (see
- * <a href="http://en.wikipedia.org/wiki/Session_fixation">this Wikipedia article</a> for more information).
- * The behaviour is turned off by default. Additionally there is a property <tt>migrateInvalidatedSessionAttributes</tt>
- * which tells if on session invalidation we are to migrate all session attributes from the old session to a newly
- * created one. This is turned on by default, but not used unless <tt>invalidateSessionOnSuccessfulAuthentication</tt>
- * is true. If you are using this feature in combination with concurrent session control, you should set the
- * <tt>sessionRegistry</tt> property to make sure that the session information is updated consistently.
- *
- * @author Ben Alex
+ * @author Luke Taylor
  * @version $Id$
+ * @deprecated Use AbstractAuthenticationProcessingFilter instead.
  */
-public abstract class AbstractProcessingFilter extends SpringSecurityFilter implements InitializingBean,
-        ApplicationEventPublisherAware, MessageSourceAware {
-    //~ Static fields/initializers =====================================================================================
+@Deprecated
+public abstract class AbstractProcessingFilter extends AbstractAuthenticationProcessingFilter {
 
-    public static final String SPRING_SECURITY_LAST_EXCEPTION_KEY = "SPRING_SECURITY_LAST_EXCEPTION";
-
-    //~ Instance fields ================================================================================================
-
-    protected ApplicationEventPublisher eventPublisher;
-    protected AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
-    private AuthenticationManager authenticationManager;
-    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
-
-    /*
-     * Delay use of NullRememberMeServices until initialization so that namespace has a chance to inject
-     * the RememberMeServices implementation into custom implementations.
-     */
-    private RememberMeServices rememberMeServices = null;
-
-    /**
-     * The URL destination that this filter intercepts and processes (usually
-     * something like <code>/j_spring_security_check</code>)
-     */
-    private String filterProcessesUrl;
-
-    private boolean continueChainBeforeSuccessfulAuthentication = false;
-
-    /**
-     * Tells if we on successful authentication should invalidate the
-     * current session. This is a common guard against session fixation attacks.
-     * Defaults to <code>false</code>.
-     */
-    private boolean invalidateSessionOnSuccessfulAuthentication = false;
-
-    /**
-     * If {@link #invalidateSessionOnSuccessfulAuthentication} is true, this
-     * flag indicates that the session attributes of the session to be invalidated
-     * are to be migrated to the new session. Defaults to <code>true</code> since
-     * nothing will happen unless {@link #invalidateSessionOnSuccessfulAuthentication}
-     * is true.
-     */
-    private boolean migrateInvalidatedSessionAttributes = true;
-
-    private boolean allowSessionCreation = true;
-
-    private SessionRegistry sessionRegistry;
-
-    private AuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
-    private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
-
-    //~ Constructors ===================================================================================================
-
-    /**
-     * @param defaultFilterProcessesUrl the default value for <tt>filterProcessesUrl</tt>.
-     */
     protected AbstractProcessingFilter(String defaultFilterProcessesUrl) {
-        this.filterProcessesUrl = defaultFilterProcessesUrl;
-    }
-
-    //~ Methods ========================================================================================================
-
-    public void afterPropertiesSet() throws Exception {
-        Assert.hasLength(filterProcessesUrl, "filterProcessesUrl must be specified");
-        Assert.isTrue(UrlUtils.isValidRedirectUrl(filterProcessesUrl), filterProcessesUrl + " isn't a valid redirect URL");
-        Assert.notNull(authenticationManager, "authenticationManager must be specified");
-
-        if (rememberMeServices == null) {
-            rememberMeServices = new NullRememberMeServices();
-        }
-    }
-
-    /**
-     * Invokes the {@link #requiresAuthentication(HttpServletRequest, HttpServletResponse) requiresAuthentication}
-     * method to determine whether the request is for authentication and should be handled by this filter.
-     * If it is an authentication request, the
-     * {@link #attemptAuthentication(HttpServletRequest, HttpServletResponse) attemptAuthentication} will be invoked
-     * to perform the authentication. There are then three possible outcomes:
-     * <ol>
-     * <li>An <tt>Authentication</tt> object is returned.
-     * The {@link #successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication)
-     * successfulAuthentication} method will be invoked</li>
-     * <li>An <tt>AuthenticationException</tt> occurs during authentication.
-     * The {@link #unSuccessfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication)
-     * unSuccessfulAuthentication} method will be invoked</li>
-     * <li>Null is returned, indicating that the authentication process is incomplete.
-     * The method will then return immediately, assuming that the subclass has done any necessary work (such as
-     * redirects) to continue the authentication process. The assumption is that a later request will be received
-     * by this method where the returned <tt>Authentication</tt> object is not null.
-     * </ol>
-     */
-    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
-            throws IOException, ServletException {
-
-        if (!requiresAuthentication(request, response)) {
-            chain.doFilter(request, response);
-
-            return;
-        }
-
-        if (logger.isDebugEnabled()) {
-            logger.debug("Request is to process authentication");
-        }
-
-        Authentication authResult;
-
-        try {
-            authResult = attemptAuthentication(request, response);
-            if (authResult == null) {
-                // return immediately as subclass has indicated that it hasn't completed authentication
-                return;
-            }
-        }
-        catch (AuthenticationException failed) {
-            // Authentication failed
-            unsuccessfulAuthentication(request, response, failed);
-
-            return;
-        }
-
-        // Authentication success
-        if (continueChainBeforeSuccessfulAuthentication) {
-            chain.doFilter(request, response);
-        }
-
-        successfulAuthentication(request, response, authResult);
-    }
-
-    /**
-     * Indicates whether this filter should attempt to process a login request for the current invocation.
-     * <p>
-     * It strips any parameters from the "path" section of the request URL (such
-     * as the jsessionid parameter in
-     * <em>http://host/myapp/index.html;jsessionid=blah</em>) before matching
-     * against the <code>filterProcessesUrl</code> property.
-     * <p>
-     * Subclasses may override for special requirements, such as Tapestry integration.
-     *
-     * @return <code>true</code> if the filter should attempt authentication, <code>false</code> otherwise.
-     */
-    protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
-        String uri = request.getRequestURI();
-        int pathParamIndex = uri.indexOf(';');
-
-        if (pathParamIndex > 0) {
-            // strip everything after the first semi-colon
-            uri = uri.substring(0, pathParamIndex);
-        }
-
-        if ("".equals(request.getContextPath())) {
-            return uri.endsWith(filterProcessesUrl);
-        }
-
-        return uri.endsWith(request.getContextPath() + filterProcessesUrl);
-    }
-
-    /**
-     * Performs actual authentication.
-     * <p>
-     * The implementation should do one of the following:
-     * <ol>
-     * <li>Return a populated authentication token for the authenticated user, indicating successful authentication</li>
-     * <li>Return null, indicating that the authentication process is still in progress. Before returning, the
-     * implementation should perform any additional work required to complete the process.</li>
-     * <li>Throw an <tt>AuthenticationException</tt> if the authentication process fails</li>
-     * </ol>
-     *
-     * @param request   from which to extract parameters and perform the authentication
-     * @param response  the response, which may be needed if the implementation has to do a redirect as part of a
-     *                  multi-stage authentication process (such as OpenID).
-     *
-     * @return the authenticated user token, or null if authentication is incomplete.
-     *
-     * @throws AuthenticationException if authentication fails.
-     */
-    public abstract Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
-            throws AuthenticationException, IOException, ServletException;
-
-    /**
-     * Default behaviour for successful authentication.
-     * <ol>
-     * <li>Sets the successful <tt>Authentication</tt> object on the {@link SecurityContextHolder}</li>
-     * <li>Performs any configured session migration behaviour</li>
-     * <li>Informs the configured <tt>RememberMeServices</tt> of the successful login</li>
-     * <li>Fires an {@link InteractiveAuthenticationSuccessEvent} via the configured
-     * <tt>ApplicationEventPublisher</tt></li>
-     * <li>Delegates additional behaviour to the {@link AuthenticationSuccessHandler}.</li>
-     * </ol>
-     *
-     * @param authResult the object returned from the <tt>attemptAuthentication</tt> method.
-     */
-    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
-            Authentication authResult) throws IOException, ServletException {
-
-        if (logger.isDebugEnabled()) {
-            logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
-        }
-
-        SecurityContextHolder.getContext().setAuthentication(authResult);
-
-        if (invalidateSessionOnSuccessfulAuthentication) {
-            SessionUtils.startNewSessionIfRequired(request, migrateInvalidatedSessionAttributes, sessionRegistry);
-        }
-
-        rememberMeServices.loginSuccess(request, response, authResult);
-
-        // Fire event
-        if (this.eventPublisher != null) {
-            eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
-        }
-
-        successHandler.onAuthenticationSuccess(request, response, authResult);
-    }
-
-    /**
-     * Default behaviour for unsuccessful authentication.
-     * <ol>
-     * <li>Clears the {@link SecurityContextHolder}</li>
-     * <li>Stores the exception in the session (if it exists or <tt>allowSesssionCreation</tt> is set to <tt>true</tt>)</li>
-     * <li>Informs the configured <tt>RememberMeServices</tt> of the failed login</li>
-     * <li>Delegates additional behaviour to the {@link AuthenticationFailureHandler}.</li>
-     * </ol>
-     */
-    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
-            AuthenticationException failed) throws IOException, ServletException {
-        SecurityContextHolder.clearContext();
-
-        if (logger.isDebugEnabled()) {
-            logger.debug("Authentication request failed: " + failed.toString());
-            logger.debug("Updated SecurityContextHolder to contain null Authentication");
-            logger.debug("Delegating to authentication failure handler" + failureHandler);
-        }
-
-        try {
-            HttpSession session = request.getSession(false);
-
-            if (session != null || allowSessionCreation) {
-                request.getSession().setAttribute(SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
-            }
-        }
-        catch (Exception ignored) {
-        }
-
-        rememberMeServices.loginFail(request, response);
-
-        failureHandler.onAuthenticationFailure(request, response, failed);
-    }
-
-    protected AuthenticationManager getAuthenticationManager() {
-        return authenticationManager;
-    }
-
-    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
-        this.authenticationManager = authenticationManager;
-    }
-
-    public String getFilterProcessesUrl() {
-        return filterProcessesUrl;
-    }
-
-    public void setFilterProcessesUrl(String filterProcessesUrl) {
-        this.filterProcessesUrl = filterProcessesUrl;
-    }
-
-    public RememberMeServices getRememberMeServices() {
-        return rememberMeServices;
-    }
-
-    public void setRememberMeServices(RememberMeServices rememberMeServices) {
-        this.rememberMeServices = rememberMeServices;
-    }
-
-    /**
-     * Indicates if the filter chain should be continued prior to delegation to
-     * {@link #successfulAuthentication(HttpServletRequest, HttpServletResponse,
-     * Authentication)}, which may be useful in certain environment (such as
-     * Tapestry applications). Defaults to <code>false</code>.
-     */
-    public void setContinueChainBeforeSuccessfulAuthentication(boolean continueChainBeforeSuccessfulAuthentication) {
-        this.continueChainBeforeSuccessfulAuthentication = continueChainBeforeSuccessfulAuthentication;
-    }
-
-    public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
-        this.eventPublisher = eventPublisher;
-    }
-
-    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
-        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
-        this.authenticationDetailsSource = authenticationDetailsSource;
-    }
-
-    public void setMessageSource(MessageSource messageSource) {
-        this.messages = new MessageSourceAccessor(messageSource);
-    }
-
-    public void setInvalidateSessionOnSuccessfulAuthentication(boolean invalidateSessionOnSuccessfulAuthentication) {
-        this.invalidateSessionOnSuccessfulAuthentication = invalidateSessionOnSuccessfulAuthentication;
-    }
-
-    public void setMigrateInvalidatedSessionAttributes(boolean migrateInvalidatedSessionAttributes) {
-        this.migrateInvalidatedSessionAttributes = migrateInvalidatedSessionAttributes;
-    }
-
-    public AuthenticationDetailsSource getAuthenticationDetailsSource() {
-        // Required due to SEC-310
-        return authenticationDetailsSource;
-    }
-
-    protected boolean getAllowSessionCreation() {
-        return allowSessionCreation;
-    }
-
-    public void setAllowSessionCreation(boolean allowSessionCreation) {
-        this.allowSessionCreation = allowSessionCreation;
-    }
-
-    /**
-     * The session registry needs to be set if session fixation attack protection is in use (and concurrent
-     * session control is enabled).
-     */
-    public void setSessionRegistry(SessionRegistry sessionRegistry) {
-        this.sessionRegistry = sessionRegistry;
-    }
-
-    /**
-     * Sets the strategy used to handle a successful authentication.
-     * By default a {@link SavedRequestAwareAuthenticationSuccessHandler} is used.
-     */
-    public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler) {
-        Assert.notNull(successHandler, "successHandler cannot be null");
-        this.successHandler = successHandler;
-    }
-
-    public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) {
-        Assert.notNull(failureHandler, "failureHandler cannot be null");
-        this.failureHandler = failureHandler;
+        super(defaultFilterProcessesUrl);
     }
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilter.java
index 107cf553ca..9caf795668 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilter.java
@@ -1,182 +1,15 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
 package org.springframework.security.web.authentication;
 
-
-import org.springframework.security.authentication.AuthenticationServiceException;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-
-import org.springframework.security.web.FilterChainOrder;
-import org.springframework.security.web.util.TextEscapeUtils;
-import org.springframework.util.Assert;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-
 /**
- * Processes an authentication form.
+ * Renamed class, retained for backwards compatibility.
  * <p>
- * Login forms must present two parameters to this filter: a username and
- * password. The default parameter names to use are contained in the
- * static fields {@link #SPRING_SECURITY_FORM_USERNAME_KEY} and {@link #SPRING_SECURITY_FORM_PASSWORD_KEY}.
- * The parameter names can also be changed by setting the <tt>usernameParameter</tt> and <tt>passwordParameter</tt>
- * properties.
- * <p>
- * This filter by default responds to the URL <tt>/j_spring_security_check</tt>.
+ * See {@link UsernamePasswordAuthenticationProcessingFilter}.
  *
- * @author Ben Alex
- * @author Colin Sampaleanu
+ * @author Luke Taylor
  * @version $Id$
+ * @deprecated Use UsernamePasswordAuthenticationProcessingFilter instead.
  */
-public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
-    //~ Static fields/initializers =====================================================================================
 
-    public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";
-    public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";
-    public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";
+public class AuthenticationProcessingFilter extends UsernamePasswordAuthenticationProcessingFilter {
 
-    private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;
-    private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;
-    private boolean postOnly = true;
-
-    //~ Constructors ===================================================================================================
-
-    public AuthenticationProcessingFilter() {
-        super("/j_spring_security_check");
-    }
-
-    //~ Methods ========================================================================================================
-
-    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
-        if (postOnly && !request.getMethod().equals("POST")) {
-            throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
-        }
-
-        String username = obtainUsername(request);
-        String password = obtainPassword(request);
-
-        if (username == null) {
-            username = "";
-        }
-
-        if (password == null) {
-            password = "";
-        }
-
-        username = username.trim();
-
-        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
-
-        // Place the last username attempted into HttpSession for views
-        HttpSession session = request.getSession(false);
-
-        if (session != null || getAllowSessionCreation()) {
-            request.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY, TextEscapeUtils.escapeEntities(username));
-        }
-
-        // Allow subclasses to set the "details" property
-        setDetails(request, authRequest);
-
-        return this.getAuthenticationManager().authenticate(authRequest);
-    }
-
-    /**
-     * Enables subclasses to override the composition of the password, such as by including additional values
-     * and a separator.<p>This might be used for example if a postcode/zipcode was required in addition to the
-     * password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The
-     * <code>AuthenticationDao</code> will need to generate the expected password in a corresponding manner.</p>
-     *
-     * @param request so that request attributes can be retrieved
-     *
-     * @return the password that will be presented in the <code>Authentication</code> request token to the
-     *         <code>AuthenticationManager</code>
-     */
-    protected String obtainPassword(HttpServletRequest request) {
-        return request.getParameter(passwordParameter);
-    }
-
-    /**
-     * Enables subclasses to override the composition of the username, such as by including additional values
-     * and a separator.
-     *
-     * @param request so that request attributes can be retrieved
-     *
-     * @return the username that will be presented in the <code>Authentication</code> request token to the
-     *         <code>AuthenticationManager</code>
-     */
-    protected String obtainUsername(HttpServletRequest request) {
-        return request.getParameter(usernameParameter);
-    }
-
-    /**
-     * Provided so that subclasses may configure what is put into the authentication request's details
-     * property.
-     *
-     * @param request that an authentication request is being created for
-     * @param authRequest the authentication request object that should have its details set
-     */
-    protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
-        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
-    }
-
-    /**
-     * Sets the parameter name which will be used to obtain the username from the login request.
-     *
-     * @param usernameParameter the parameter name. Defaults to "j_username".
-     */
-    public void setUsernameParameter(String usernameParameter) {
-        Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
-        this.usernameParameter = usernameParameter;
-    }
-
-    /**
-     * Sets the parameter name which will be used to obtain the password from the login request..
-     *
-     * @param passwordParameter the parameter name. Defaults to "j_password".
-     */
-    public void setPasswordParameter(String passwordParameter) {
-        Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
-        this.passwordParameter = passwordParameter;
-    }
-
-    /**
-     * Defines whether only HTTP POST requests will be allowed by this filter.
-     * If set to true, and an authentication request is received which is not a POST request, an exception will
-     * be raised immediately and authentication will not be attempted. The <tt>unsuccessfulAuthentication()</tt> method
-     * will be called as if handling a failed authentication.
-     * <p>
-     * Defaults to <tt>true</tt> but may be overridden by subclasses.
-     */
-    public void setPostOnly(boolean postOnly) {
-        this.postOnly = postOnly;
-    }
-
-    public int getOrder() {
-        return FilterChainOrder.AUTHENTICATION_PROCESSING_FILTER;
-    }
-
-    public final String getUsernameParameter() {
-        return usernameParameter;
-    }
-
-    public final String getPasswordParameter() {
-        return passwordParameter;
-    }
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPoint.java
index e01679f2ce..be8c4d5f4a 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPoint.java
@@ -1,258 +1,14 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
 package org.springframework.security.web.authentication;
 
-
-
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.security.web.PortMapper;
-import org.springframework.security.web.PortMapperImpl;
-import org.springframework.security.web.PortResolver;
-import org.springframework.security.web.PortResolverImpl;
-import org.springframework.security.web.access.ExceptionTranslationFilter;
-import org.springframework.security.web.util.RedirectUrlBuilder;
-import org.springframework.security.web.util.UrlUtils;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.springframework.beans.factory.InitializingBean;
-
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-
-import java.io.IOException;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 /**
- * Used by the {@link ExceptionTranslationFilter} to commence a form login
- * authentication via the {@link AuthenticationProcessingFilter}. This object
- * holds the location of the login form, relative to the web app context path,
- * and is used to commence a redirect to that form.
+ * Renamed class, retained for backwards compatibility.
  * <p>
- * By setting the <em>forceHttps</em> property to true, you may configure the
- * class to force the protocol used for the login form to be <code>HTTPS</code>,
- * even if the original intercepted request for a resource used the
- * <code>HTTP</code> protocol. When this happens, after a successful login
- * (via HTTPS), the original resource will still be accessed as HTTP, via the
- * original request URL. For the forced HTTPS feature to work, the {@link
- * PortMapper} is consulted to determine the HTTP:HTTPS pairs.
+ * See {@link LoginUrlAuthenticationEntryPoint}.
  *
- * @author Ben Alex
- * @author colin sampaleanu
- * @author Omri Spector
+ * @author Luke Taylor
  * @version $Id$
+ * @deprecated Use LoginUrlAuthenticationEntryPoint instead.
  */
-public class AuthenticationProcessingFilterEntryPoint implements AuthenticationEntryPoint, InitializingBean {
-    //~ Static fields/initializers =====================================================================================
+public class AuthenticationProcessingFilterEntryPoint extends LoginUrlAuthenticationEntryPoint{
 
-    private static final Log logger = LogFactory.getLog(AuthenticationProcessingFilterEntryPoint.class);
-
-    //~ Instance fields ================================================================================================
-
-    private PortMapper portMapper = new PortMapperImpl();
-
-    private PortResolver portResolver = new PortResolverImpl();
-
-    private String loginFormUrl;
-
-    private boolean forceHttps = false;
-
-    private boolean useForward = false;
-
-    //~ Methods ========================================================================================================
-
-    public void afterPropertiesSet() throws Exception {
-        Assert.isTrue(StringUtils.hasText(loginFormUrl) && UrlUtils.isValidRedirectUrl(loginFormUrl),
-                "loginFormUrl must be specified and must be a valid redirect URL");
-        Assert.notNull(portMapper, "portMapper must be specified");
-        Assert.notNull(portResolver, "portResolver must be specified");
-    }
-
-    /**
-     * Allows subclasses to modify the login form URL that should be applicable for a given request.
-     *
-     * @param request   the request
-     * @param response  the response
-     * @param exception the exception
-     * @return the URL (cannot be null or empty; defaults to {@link #getLoginFormUrl()})
-     */
-    protected String determineUrlToUseForThisRequest(HttpServletRequest request, HttpServletResponse response,
-            AuthenticationException exception) {
-
-        return getLoginFormUrl();
-    }
-
-    /**
-     * Performs the redirect (or forward) to the login form URL.
-     */
-    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
-            throws IOException, ServletException {
-
-        HttpServletRequest httpRequest = (HttpServletRequest) request;
-        HttpServletResponse httpResponse = (HttpServletResponse) response;
-
-        String redirectUrl = null;
-
-        if (useForward) {
-
-            if (forceHttps && "http".equals(request.getScheme())) {
-                redirectUrl = buildHttpsRedirectUrlForRequest(httpRequest);
-            }
-
-            if (redirectUrl == null) {
-                String loginForm = determineUrlToUseForThisRequest(httpRequest, httpResponse, authException);
-
-                if (logger.isDebugEnabled()) {
-                    logger.debug("Server side forward to: " + loginForm);
-                }
-
-                RequestDispatcher dispatcher = httpRequest.getRequestDispatcher(loginForm);
-
-                dispatcher.forward(request, response);
-
-                return;
-            }
-        } else {
-            // redirect to login page. Use https if forceHttps true
-
-            redirectUrl = buildRedirectUrlToLoginPage(httpRequest, httpResponse, authException);
-
-        }
-
-        httpResponse.sendRedirect(httpResponse.encodeRedirectURL(redirectUrl));
-    }
-
-    protected String buildRedirectUrlToLoginPage(HttpServletRequest request, HttpServletResponse response,
-            AuthenticationException authException) {
-
-        String loginForm = determineUrlToUseForThisRequest(request, response, authException);
-        int serverPort = portResolver.getServerPort(request);
-        String scheme = request.getScheme();
-
-        RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();
-
-        urlBuilder.setScheme(scheme);
-        urlBuilder.setServerName(request.getServerName());
-        urlBuilder.setPort(serverPort);
-        urlBuilder.setContextPath(request.getContextPath());
-        urlBuilder.setPathInfo(loginForm);
-
-        if (forceHttps && "http".equals(scheme)) {
-            Integer httpsPort = portMapper.lookupHttpsPort(new Integer(serverPort));
-
-            if (httpsPort != null) {
-                // Overwrite scheme and port in the redirect URL
-                urlBuilder.setScheme("https");
-                urlBuilder.setPort(httpsPort.intValue());
-            } else {
-                logger.warn("Unable to redirect to HTTPS as no port mapping found for HTTP port " + serverPort);
-            }
-        }
-
-        return urlBuilder.getUrl();
-    }
-
-    /**
-     * Builds a URL to redirect the supplied request to HTTPS.
-     */
-    protected String buildHttpsRedirectUrlForRequest(HttpServletRequest request)
-            throws IOException, ServletException {
-
-        int serverPort = portResolver.getServerPort(request);
-        Integer httpsPort = portMapper.lookupHttpsPort(new Integer(serverPort));
-
-        if (httpsPort != null) {
-            RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();
-            urlBuilder.setScheme("https");
-            urlBuilder.setServerName(request.getServerName());
-            urlBuilder.setPort(httpsPort.intValue());
-            urlBuilder.setContextPath(request.getContextPath());
-            urlBuilder.setServletPath(request.getServletPath());
-            urlBuilder.setPathInfo(request.getPathInfo());
-            urlBuilder.setQuery(request.getQueryString());
-
-            return urlBuilder.getUrl();
-        }
-
-        // Fall through to server-side forward with warning message
-        logger.warn("Unable to redirect to HTTPS as no port mapping found for HTTP port " + serverPort);
-
-        return null;
-    }
-
-    /**
-     * Set to true to force login form access to be via https. If this value is true (the default is false),
-     * and the incoming request for the protected resource which triggered the interceptor was not already
-     * <code>https</code>, then the client will first be redirected to an https URL, even if <tt>serverSideRedirect</tt>
-     * is set to <tt>true</tt>.
-     */
-    public void setForceHttps(boolean forceHttps) {
-        this.forceHttps = forceHttps;
-    }
-
-    protected boolean isForceHttps() {
-        return forceHttps;
-    }
-
-    /**
-     * The URL where the <code>AuthenticationProcessingFilter</code> login
-     * page can be found. Should be relative to the web-app context path, and
-     * include a leading <code>/</code>
-     */
-    public void setLoginFormUrl(String loginFormUrl) {
-        this.loginFormUrl = loginFormUrl;
-    }
-
-    public String getLoginFormUrl() {
-        return loginFormUrl;
-    }
-
-    public void setPortMapper(PortMapper portMapper) {
-        this.portMapper = portMapper;
-    }
-
-    protected PortMapper getPortMapper() {
-        return portMapper;
-    }
-
-    public void setPortResolver(PortResolver portResolver) {
-        this.portResolver = portResolver;
-    }
-
-    protected PortResolver getPortResolver() {
-        return portResolver;
-    }
-
-    /**
-     * Tells if we are to do a forward to the <code>loginFormUrl</code> using the <tt>RequestDispatcher</tt>,
-     * instead of a 302 redirect.
-     *
-     * @param useForward
-     */
-    public void setUseForward(boolean useForward) {
-        this.useForward = useForward;
-    }
-
-    protected boolean isUseForward() {
-        return useForward;
-    }
 }
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java
index 3735d6cbf5..754ac612ac 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AuthenticationSuccessHandler.java
@@ -14,7 +14,7 @@ import org.springframework.security.core.Authentication;
  * Implementations can do whatever they want but typical behaviour would be to control the navigation to the
  * subsequent destination (using a redirect or a forward). For example, after a user has logged in by submitting a
  * login form, the application needs to decide where they should be redirected to afterwards
- * (see {@link AbstractProcessingFilter} and subclasses). Other logic may also be included if required.
+ * (see {@link AbstractAuthenticationProcessingFilter} and subclasses). Other logic may also be included if required.
  *
  * @author Luke Taylor
  * @version $Id$
diff --git a/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
new file mode 100755
index 0000000000..8e2351a75c
--- /dev/null
+++ b/web/src/main/java/org/springframework/security/web/authentication/Http403ForbiddenEntryPoint.java
@@ -0,0 +1,62 @@
+package org.springframework.security.web.authentication;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.core.Ordered;
+
+/**
+ * <p>
+ * In the pre-authenticated authentication case (unlike CAS, for example) the
+ * user will already have been identified through some external mechanism and a
+ * secure context established by the time the security-enforcement filter is
+ * invoked.
+ * <p>
+ * Therefore this class isn't actually responsible for the commencement of
+ * authentication, as it is in the case of other providers. It will be called if
+ * the user is rejected by the AbstractPreAuthenticatedProcessingFilter,
+ * resulting in a null authentication.
+ * <p>
+ * The <code>commence</code> method will always return an
+ * <code>HttpServletResponse.SC_FORBIDDEN</code> (403 error).
+ *
+ * @see org.springframework.security.web.access.ExceptionTranslationFilter
+ *
+ * @author Luke Taylor
+ * @author Ruud Senden
+ * @since 2.0
+ */
+public class Http403ForbiddenEntryPoint implements AuthenticationEntryPoint, Ordered {
+    private static final Log logger = LogFactory.getLog(Http403ForbiddenEntryPoint.class);
+
+    private int order = Integer.MAX_VALUE;
+
+    /**
+     * Always returns a 403 error code to the client.
+     */
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException arg2) throws IOException,
+            ServletException {
+        if (logger.isDebugEnabled()) {
+            logger.debug("Pre-authenticated entry point called. Rejecting access");
+        }
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
+    }
+
+    public int getOrder() {
+        return order;
+    }
+
+    public void setOrder(int i) {
+        order = i;
+    }
+
+}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
new file mode 100644
index 0000000000..35768f074a
--- /dev/null
+++ b/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
@@ -0,0 +1,260 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.authentication;
+
+
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.PortMapper;
+import org.springframework.security.web.PortMapperImpl;
+import org.springframework.security.web.PortResolver;
+import org.springframework.security.web.PortResolverImpl;
+import org.springframework.security.web.access.ExceptionTranslationFilter;
+import org.springframework.security.web.util.RedirectUrlBuilder;
+import org.springframework.security.web.util.UrlUtils;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.beans.factory.InitializingBean;
+
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
+import java.io.IOException;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Used by the {@link ExceptionTranslationFilter} to commence a form login
+ * authentication via the {@link UsernamePasswordAuthenticationProcessingFilter}. This object
+ * holds the location of the login form, relative to the web app context path,
+ * and is used to commence a redirect to that form.
+ * <p>
+ * By setting the <em>forceHttps</em> property to true, you may configure the
+ * class to force the protocol used for the login form to be <code>HTTPS</code>,
+ * even if the original intercepted request for a resource used the
+ * <code>HTTP</code> protocol. When this happens, after a successful login
+ * (via HTTPS), the original resource will still be accessed as HTTP, via the
+ * original request URL. For the forced HTTPS feature to work, the {@link
+ * PortMapper} is consulted to determine the HTTP:HTTPS pairs.
+ *
+ * @author Ben Alex
+ * @author colin sampaleanu
+ * @author Omri Spector
+ * @author Luke Taylor
+ * @version $Id$
+ * @since 3.0
+ */
+public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
+    //~ Static fields/initializers =====================================================================================
+
+    private static final Log logger = LogFactory.getLog(LoginUrlAuthenticationEntryPoint.class);
+
+    //~ Instance fields ================================================================================================
+
+    private PortMapper portMapper = new PortMapperImpl();
+
+    private PortResolver portResolver = new PortResolverImpl();
+
+    private String loginFormUrl;
+
+    private boolean forceHttps = false;
+
+    private boolean useForward = false;
+
+    //~ Methods ========================================================================================================
+
+    public void afterPropertiesSet() throws Exception {
+        Assert.isTrue(StringUtils.hasText(loginFormUrl) && UrlUtils.isValidRedirectUrl(loginFormUrl),
+                "loginFormUrl must be specified and must be a valid redirect URL");
+        Assert.notNull(portMapper, "portMapper must be specified");
+        Assert.notNull(portResolver, "portResolver must be specified");
+    }
+
+    /**
+     * Allows subclasses to modify the login form URL that should be applicable for a given request.
+     *
+     * @param request   the request
+     * @param response  the response
+     * @param exception the exception
+     * @return the URL (cannot be null or empty; defaults to {@link #getLoginFormUrl()})
+     */
+    protected String determineUrlToUseForThisRequest(HttpServletRequest request, HttpServletResponse response,
+            AuthenticationException exception) {
+
+        return getLoginFormUrl();
+    }
+
+    /**
+     * Performs the redirect (or forward) to the login form URL.
+     */
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
+            throws IOException, ServletException {
+
+        HttpServletRequest httpRequest = (HttpServletRequest) request;
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+
+        String redirectUrl = null;
+
+        if (useForward) {
+
+            if (forceHttps && "http".equals(request.getScheme())) {
+                redirectUrl = buildHttpsRedirectUrlForRequest(httpRequest);
+            }
+
+            if (redirectUrl == null) {
+                String loginForm = determineUrlToUseForThisRequest(httpRequest, httpResponse, authException);
+
+                if (logger.isDebugEnabled()) {
+                    logger.debug("Server side forward to: " + loginForm);
+                }
+
+                RequestDispatcher dispatcher = httpRequest.getRequestDispatcher(loginForm);
+
+                dispatcher.forward(request, response);
+
+                return;
+            }
+        } else {
+            // redirect to login page. Use https if forceHttps true
+
+            redirectUrl = buildRedirectUrlToLoginPage(httpRequest, httpResponse, authException);
+
+        }
+
+        httpResponse.sendRedirect(httpResponse.encodeRedirectURL(redirectUrl));
+    }
+
+    protected String buildRedirectUrlToLoginPage(HttpServletRequest request, HttpServletResponse response,
+            AuthenticationException authException) {
+
+        String loginForm = determineUrlToUseForThisRequest(request, response, authException);
+        int serverPort = portResolver.getServerPort(request);
+        String scheme = request.getScheme();
+
+        RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();
+
+        urlBuilder.setScheme(scheme);
+        urlBuilder.setServerName(request.getServerName());
+        urlBuilder.setPort(serverPort);
+        urlBuilder.setContextPath(request.getContextPath());
+        urlBuilder.setPathInfo(loginForm);
+
+        if (forceHttps && "http".equals(scheme)) {
+            Integer httpsPort = portMapper.lookupHttpsPort(new Integer(serverPort));
+
+            if (httpsPort != null) {
+                // Overwrite scheme and port in the redirect URL
+                urlBuilder.setScheme("https");
+                urlBuilder.setPort(httpsPort.intValue());
+            } else {
+                logger.warn("Unable to redirect to HTTPS as no port mapping found for HTTP port " + serverPort);
+            }
+        }
+
+        return urlBuilder.getUrl();
+    }
+
+    /**
+     * Builds a URL to redirect the supplied request to HTTPS.
+     */
+    protected String buildHttpsRedirectUrlForRequest(HttpServletRequest request)
+            throws IOException, ServletException {
+
+        int serverPort = portResolver.getServerPort(request);
+        Integer httpsPort = portMapper.lookupHttpsPort(new Integer(serverPort));
+
+        if (httpsPort != null) {
+            RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();
+            urlBuilder.setScheme("https");
+            urlBuilder.setServerName(request.getServerName());
+            urlBuilder.setPort(httpsPort.intValue());
+            urlBuilder.setContextPath(request.getContextPath());
+            urlBuilder.setServletPath(request.getServletPath());
+            urlBuilder.setPathInfo(request.getPathInfo());
+            urlBuilder.setQuery(request.getQueryString());
+
+            return urlBuilder.getUrl();
+        }
+
+        // Fall through to server-side forward with warning message
+        logger.warn("Unable to redirect to HTTPS as no port mapping found for HTTP port " + serverPort);
+
+        return null;
+    }
+
+    /**
+     * Set to true to force login form access to be via https. If this value is true (the default is false),
+     * and the incoming request for the protected resource which triggered the interceptor was not already
+     * <code>https</code>, then the client will first be redirected to an https URL, even if <tt>serverSideRedirect</tt>
+     * is set to <tt>true</tt>.
+     */
+    public void setForceHttps(boolean forceHttps) {
+        this.forceHttps = forceHttps;
+    }
+
+    protected boolean isForceHttps() {
+        return forceHttps;
+    }
+
+    /**
+     * The URL where the <code>UsernamePasswordAuthenticationProcessingFilter</code> login
+     * page can be found. Should be relative to the web-app context path, and
+     * include a leading <code>/</code>
+     */
+    public void setLoginFormUrl(String loginFormUrl) {
+        this.loginFormUrl = loginFormUrl;
+    }
+
+    public String getLoginFormUrl() {
+        return loginFormUrl;
+    }
+
+    public void setPortMapper(PortMapper portMapper) {
+        this.portMapper = portMapper;
+    }
+
+    protected PortMapper getPortMapper() {
+        return portMapper;
+    }
+
+    public void setPortResolver(PortResolver portResolver) {
+        this.portResolver = portResolver;
+    }
+
+    protected PortResolver getPortResolver() {
+        return portResolver;
+    }
+
+    /**
+     * Tells if we are to do a forward to the <code>loginFormUrl</code> using the <tt>RequestDispatcher</tt>,
+     * instead of a 302 redirect.
+     *
+     * @param useForward
+     */
+    public void setUseForward(boolean useForward) {
+        this.useForward = useForward;
+    }
+
+    protected boolean isUseForward() {
+        return useForward;
+    }
+}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
index 1a84b92026..1be37f6724 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/RememberMeServices.java
@@ -25,7 +25,7 @@ import org.springframework.security.core.Authentication;
  * Implement by a class that is capable of providing a remember-me service.
  *
  * <p>
- * Spring Security filters (namely {@link org.springframework.security.web.authentication.AbstractProcessingFilter} and
+ * Spring Security filters (namely {@link org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter} and
  * {@link RememberMeProcessingFilter} will call the methods provided by an implementation of this interface.
  * <p>
  * Implementations may implement any type of remember-me capability they wish.
diff --git a/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationProcessingFilter.java
new file mode 100644
index 0000000000..3adefb03a3
--- /dev/null
+++ b/web/src/main/java/org/springframework/security/web/authentication/UsernamePasswordAuthenticationProcessingFilter.java
@@ -0,0 +1,185 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.authentication;
+
+
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+
+import org.springframework.security.web.FilterChainOrder;
+import org.springframework.security.web.util.TextEscapeUtils;
+import org.springframework.util.Assert;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+
+/**
+ * Processes an authentication form. Called <tt>AuthenticationProcessingFilter<tt> in previous versions
+ * of the framework.
+ * <p>
+ * Login forms must present two parameters to this filter: a username and
+ * password. The default parameter names to use are contained in the
+ * static fields {@link #SPRING_SECURITY_FORM_USERNAME_KEY} and {@link #SPRING_SECURITY_FORM_PASSWORD_KEY}.
+ * The parameter names can also be changed by setting the <tt>usernameParameter</tt> and <tt>passwordParameter</tt>
+ * properties.
+ * <p>
+ * This filter by default responds to the URL <tt>/j_spring_security_check</tt>.
+ *
+ * @author Ben Alex
+ * @author Colin Sampaleanu
+ * @author Luke Taylor
+ * @version $Id$
+ * @since 3.0
+ */
+public class UsernamePasswordAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
+    //~ Static fields/initializers =====================================================================================
+
+    public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";
+    public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";
+    public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";
+
+    private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;
+    private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;
+    private boolean postOnly = true;
+
+    //~ Constructors ===================================================================================================
+
+    public UsernamePasswordAuthenticationProcessingFilter() {
+        super("/j_spring_security_check");
+    }
+
+    //~ Methods ========================================================================================================
+
+    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
+        if (postOnly && !request.getMethod().equals("POST")) {
+            throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
+        }
+
+        String username = obtainUsername(request);
+        String password = obtainPassword(request);
+
+        if (username == null) {
+            username = "";
+        }
+
+        if (password == null) {
+            password = "";
+        }
+
+        username = username.trim();
+
+        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
+
+        // Place the last username attempted into HttpSession for views
+        HttpSession session = request.getSession(false);
+
+        if (session != null || getAllowSessionCreation()) {
+            request.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY, TextEscapeUtils.escapeEntities(username));
+        }
+
+        // Allow subclasses to set the "details" property
+        setDetails(request, authRequest);
+
+        return this.getAuthenticationManager().authenticate(authRequest);
+    }
+
+    /**
+     * Enables subclasses to override the composition of the password, such as by including additional values
+     * and a separator.<p>This might be used for example if a postcode/zipcode was required in addition to the
+     * password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The
+     * <code>AuthenticationDao</code> will need to generate the expected password in a corresponding manner.</p>
+     *
+     * @param request so that request attributes can be retrieved
+     *
+     * @return the password that will be presented in the <code>Authentication</code> request token to the
+     *         <code>AuthenticationManager</code>
+     */
+    protected String obtainPassword(HttpServletRequest request) {
+        return request.getParameter(passwordParameter);
+    }
+
+    /**
+     * Enables subclasses to override the composition of the username, such as by including additional values
+     * and a separator.
+     *
+     * @param request so that request attributes can be retrieved
+     *
+     * @return the username that will be presented in the <code>Authentication</code> request token to the
+     *         <code>AuthenticationManager</code>
+     */
+    protected String obtainUsername(HttpServletRequest request) {
+        return request.getParameter(usernameParameter);
+    }
+
+    /**
+     * Provided so that subclasses may configure what is put into the authentication request's details
+     * property.
+     *
+     * @param request that an authentication request is being created for
+     * @param authRequest the authentication request object that should have its details set
+     */
+    protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
+        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
+    }
+
+    /**
+     * Sets the parameter name which will be used to obtain the username from the login request.
+     *
+     * @param usernameParameter the parameter name. Defaults to "j_username".
+     */
+    public void setUsernameParameter(String usernameParameter) {
+        Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
+        this.usernameParameter = usernameParameter;
+    }
+
+    /**
+     * Sets the parameter name which will be used to obtain the password from the login request..
+     *
+     * @param passwordParameter the parameter name. Defaults to "j_password".
+     */
+    public void setPasswordParameter(String passwordParameter) {
+        Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
+        this.passwordParameter = passwordParameter;
+    }
+
+    /**
+     * Defines whether only HTTP POST requests will be allowed by this filter.
+     * If set to true, and an authentication request is received which is not a POST request, an exception will
+     * be raised immediately and authentication will not be attempted. The <tt>unsuccessfulAuthentication()</tt> method
+     * will be called as if handling a failed authentication.
+     * <p>
+     * Defaults to <tt>true</tt> but may be overridden by subclasses.
+     */
+    public void setPostOnly(boolean postOnly) {
+        this.postOnly = postOnly;
+    }
+
+    public int getOrder() {
+        return FilterChainOrder.AUTHENTICATION_PROCESSING_FILTER;
+    }
+
+    public final String getUsernameParameter() {
+        return usernameParameter;
+    }
+
+    public final String getPasswordParameter() {
+        return passwordParameter;
+    }
+}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
index 8e16bcbf93..6b2a48a06e 100755
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -8,7 +8,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.web.SpringSecurityFilter;
-import org.springframework.security.web.authentication.AbstractProcessingFilter;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -128,7 +128,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
         if (logger.isDebugEnabled()) {
             logger.debug("Cleared security context due to exception", failed);
         }
-        request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
+        request.getSession().setAttribute(AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, failed);
     }
 
     /**
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPoint.java
old mode 100755
new mode 100644
index 2b52bd92e8..d64a1e5561
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPoint.java
@@ -1,65 +1,16 @@
-package org.springframework.security.web.authentication.preauth;
-
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.AuthenticationEntryPoint;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.core.Ordered;
-
-/**
- * <p>
- * In the pre-authenticated authentication case (unlike CAS, for example) the
- * user will already have been identified through some external mechanism and a
- * secure context established by the time the security-enforcement filter is
- * invoked.
- * <p>
- * Therefore this class isn't actually responsible for the commencement of
- * authentication, as it is in the case of other providers. It will be called if
- * the user is rejected by the AbstractPreAuthenticatedProcessingFilter,
- * resulting in a null authentication.
- * <p>
- * The <code>commence</code> method will always return an
- * <code>HttpServletResponse.SC_FORBIDDEN</code> (403 error).
- * <p>
- * This code is based on
- * {@link org.springframework.security.ui.x509.X509ProcessingFilterEntryPoint}.
- *
- * @see org.springframework.security.web.access.ExceptionTranslationFilter
- *
- * @author Luke Taylor
- * @author Ruud Senden
- * @since 2.0
- */
-public class PreAuthenticatedProcessingFilterEntryPoint implements AuthenticationEntryPoint, Ordered {
-    private static final Log logger = LogFactory.getLog(PreAuthenticatedProcessingFilterEntryPoint.class);
-
-    private int order = Integer.MAX_VALUE;
-
-    /**
-     * Always returns a 403 error code to the client.
-     */
-    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException arg2) throws IOException,
-            ServletException {
-        if (logger.isDebugEnabled()) {
-            logger.debug("Pre-authenticated entry point called. Rejecting access");
-        }
-        HttpServletResponse httpResponse = (HttpServletResponse) response;
-        httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
-    }
-
-    public int getOrder() {
-        return order;
-    }
-
-    public void setOrder(int i) {
-        order = i;
-    }
-
-}
+package org.springframework.security.web.authentication.preauth;
+
+import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
+
+/**
+ * Renamed class, retained for backwards compatibility.
+ * <p>
+ * See {@link Http403ForbiddenEntryPoint}.
+ *
+ * @author Luke Taylor
+ * @version $Id$
+ * @deprecated Use Http403ForbiddenEntryPoint instead.
+ */
+public class PreAuthenticatedProcessingFilterEntryPoint extends Http403ForbiddenEntryPoint {
+
+}
diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
index 66002a006e..0791c217c4 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
@@ -12,8 +12,8 @@ import org.springframework.beans.BeanWrapperImpl;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.FilterChainOrder;
 import org.springframework.security.web.SpringSecurityFilter;
-import org.springframework.security.web.authentication.AbstractProcessingFilter;
-import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
 
 /**
@@ -39,19 +39,19 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
     private String openIDusernameParameter;
     private String openIDrememberMeParameter;
 
-    public DefaultLoginPageGeneratingFilter(AbstractProcessingFilter filter) {
-        if (filter instanceof AuthenticationProcessingFilter) {
-            init((AuthenticationProcessingFilter)filter, null);
+    public DefaultLoginPageGeneratingFilter(AbstractAuthenticationProcessingFilter filter) {
+        if (filter instanceof UsernamePasswordAuthenticationProcessingFilter) {
+            init((UsernamePasswordAuthenticationProcessingFilter)filter, null);
         } else {
             init(null, filter);
         }
     }
 
-    public DefaultLoginPageGeneratingFilter(AuthenticationProcessingFilter authFilter, AbstractProcessingFilter openIDFilter) {
+    public DefaultLoginPageGeneratingFilter(UsernamePasswordAuthenticationProcessingFilter authFilter, AbstractAuthenticationProcessingFilter openIDFilter) {
         init(authFilter, openIDFilter);
     }
 
-    private void init(AuthenticationProcessingFilter authFilter, AbstractProcessingFilter openIDFilter) {
+    private void init(UsernamePasswordAuthenticationProcessingFilter authFilter, AbstractAuthenticationProcessingFilter openIDFilter) {
         if (authFilter != null) {
             formLoginEnabled = true;
             authenticationUrl = authFilter.getFilterProcessesUrl();
@@ -96,8 +96,8 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
             HttpSession session = request.getSession(false);
 
             if(session != null) {
-                lastUser = (String) session.getAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY);
-                AuthenticationException ex = (AuthenticationException) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
+                lastUser = (String) session.getAttribute(UsernamePasswordAuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY);
+                AuthenticationException ex = (AuthenticationException) session.getAttribute(AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
                 errorMsg = ex != null ? ex.getMessage() : "none";
                 if (lastUser == null) {
                     lastUser = "";
diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java
index 757ba86200..2e313b0b29 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SavedRequest.java
@@ -35,7 +35,7 @@ import java.util.TreeMap;
 
 /**
  * Represents central information from a <code>HttpServletRequest</code>.<p>This class is used by {@link
- * org.springframework.security.web.authentication.AbstractProcessingFilter} and {@link org.springframework.security.web.wrapper.SavedRequestAwareWrapper} to
+ * org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter} and {@link org.springframework.security.web.wrapper.SavedRequestAwareWrapper} to
  * reproduce the request after successful authentication. An instance of this class is stored at the time of an
  * authentication exception by {@link org.springframework.security.web.access.ExceptionTranslationFilter}.</p>
  * <p><em>IMPLEMENTATION NOTE</em>: It is assumed that this object is accessed only from the context of a single
diff --git a/web/src/main/java/org/springframework/security/web/util/RedirectUtils.java b/web/src/main/java/org/springframework/security/web/util/RedirectUtils.java
index 54b57d105a..ab87d1e4c5 100644
--- a/web/src/main/java/org/springframework/security/web/util/RedirectUtils.java
+++ b/web/src/main/java/org/springframework/security/web/util/RedirectUtils.java
@@ -1,6 +1,6 @@
 package org.springframework.security.web.util;
 
-import org.springframework.security.web.authentication.AbstractProcessingFilter;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.logout.LogoutFilter;
 
 import javax.servlet.http.HttpServletRequest;
@@ -20,7 +20,7 @@ public abstract class RedirectUtils {
     //~ Methods ========================================================================================================
 
     /**
-     * Encapsulates the redirect logic used in classes like {@link AbstractProcessingFilter} and {@link LogoutFilter}.
+     * Encapsulates the redirect logic used in classes like {@link AbstractAuthenticationProcessingFilter} and {@link LogoutFilter}.
      *
      * @param request the incoming request
      * @param response the response to redirect
@@ -28,7 +28,7 @@ public abstract class RedirectUtils {
      * @param useRelativeContext if true, causes any redirection URLs to be calculated minus the protocol
      * and context path.
      *
-     * @see AbstractProcessingFilter#setUseRelativeContext(boolean)
+     * @see AbstractAuthenticationProcessingFilter#setUseRelativeContext(boolean)
      */
     public static final void sendRedirect(HttpServletRequest request,
                                           HttpServletResponse response,
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractProcessingFilterTests.java
index b1d3dceaff..65a2698472 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AbstractProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractProcessingFilterTests.java
@@ -44,7 +44,7 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.PortResolverImpl;
-import org.springframework.security.web.authentication.AbstractProcessingFilter;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
@@ -53,7 +53,7 @@ import org.springframework.security.web.savedrequest.SavedRequest;
 
 
 /**
- * Tests {@link AbstractProcessingFilter}.
+ * Tests {@link AbstractAuthenticationProcessingFilter}.
  *
  * @author Ben Alex
  * @version $Id$
@@ -191,7 +191,7 @@ public class AbstractProcessingFilterTests extends TestCase {
     }
 
     public void testGettersSetters() throws Exception {
-        AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
+        AbstractAuthenticationProcessingFilter filter = new MockAbstractProcessingFilter();
         filter.setAuthenticationManager(mock(AuthenticationManager.class));
         filter.setFilterProcessesUrl("/p");
         filter.afterPropertiesSet();
@@ -254,7 +254,7 @@ public class AbstractProcessingFilterTests extends TestCase {
     }
 
     public void testStartupDetectsInvalidAuthenticationManager() throws Exception {
-        AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
+        AbstractAuthenticationProcessingFilter filter = new MockAbstractProcessingFilter();
         filter.setAuthenticationFailureHandler(failureHandler);
         successHandler.setDefaultTargetUrl("/");
         filter.setAuthenticationSuccessHandler(successHandler);
@@ -269,7 +269,7 @@ public class AbstractProcessingFilterTests extends TestCase {
     }
 
     public void testStartupDetectsInvalidFilterProcessesUrl() throws Exception {
-        AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
+        AbstractAuthenticationProcessingFilter filter = new MockAbstractProcessingFilter();
         filter.setAuthenticationFailureHandler(failureHandler);
         filter.setAuthenticationManager(mock(AuthenticationManager.class));
         filter.setAuthenticationSuccessHandler(successHandler);
@@ -520,7 +520,7 @@ public class AbstractProcessingFilterTests extends TestCase {
 
     //~ Inner Classes ==================================================================================================
 
-    private class MockAbstractProcessingFilter extends AbstractProcessingFilter {
+    private class MockAbstractProcessingFilter extends AbstractAuthenticationProcessingFilter {
         private AuthenticationException exceptionToThrow;
         private boolean grantAccess;
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPointTests.java
index 149f87cb91..f9d0d0ab30 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterEntryPointTests.java
@@ -20,7 +20,7 @@ import junit.framework.TestCase;
 import org.springframework.security.MockPortResolver;
 
 import org.springframework.security.web.PortMapperImpl;
-import org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
@@ -30,7 +30,7 @@ import java.util.Map;
 
 
 /**
- * Tests {@link AuthenticationProcessingFilterEntryPoint}.
+ * Tests {@link LoginUrlAuthenticationEntryPoint}.
  *
  * @author Ben Alex
  * @author colin sampaleanu
@@ -40,7 +40,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
     //~ Methods ========================================================================================================
 
     public void testDetectsMissingLoginFormUrl() throws Exception {
-        AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
+        LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
         ep.setPortMapper(new PortMapperImpl());
         ep.setPortResolver(new MockPortResolver(80, 443));
 
@@ -52,7 +52,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
     }
 
     public void testDetectsMissingPortMapper() throws Exception {
-        AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
+        LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
         ep.setLoginFormUrl("xxx");
         ep.setPortMapper(null);
 
@@ -64,7 +64,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
     }
 
     public void testDetectsMissingPortResolver() throws Exception {
-        AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
+        LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
         ep.setLoginFormUrl("xxx");
         ep.setPortResolver(null);
 
@@ -76,7 +76,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
     }
 
     public void testGettersSetters() {
-        AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
+        LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
         ep.setLoginFormUrl("/hello");
         ep.setPortMapper(new PortMapperImpl());
         ep.setPortResolver(new MockPortResolver(8080, 8443));
@@ -100,7 +100,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
 
         MockHttpServletResponse response = new MockHttpServletResponse();
 
-        AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
+        LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
         ep.setLoginFormUrl("/hello");
         ep.setPortMapper(new PortMapperImpl());
         ep.setForceHttps(true);
@@ -129,7 +129,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
         portMapper.setPortMappings(map);
         response = new MockHttpServletResponse();
 
-        ep = new AuthenticationProcessingFilterEntryPoint();
+        ep = new LoginUrlAuthenticationEntryPoint();
         ep.setLoginFormUrl("/hello");
         ep.setPortMapper(new PortMapperImpl());
         ep.setForceHttps(true);
@@ -151,7 +151,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
 
         MockHttpServletResponse response = new MockHttpServletResponse();
 
-        AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
+        LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
         ep.setLoginFormUrl("/hello");
         ep.setPortMapper(new PortMapperImpl());
         ep.setForceHttps(true);
@@ -170,7 +170,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
     }
 
     public void testNormalOperation() throws Exception {
-        AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
+        LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
         ep.setLoginFormUrl("/hello");
         ep.setPortMapper(new PortMapperImpl());
         ep.setPortResolver(new MockPortResolver(80, 443));
@@ -191,7 +191,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
     }
 
     public void testOperationWhenHttpsRequestsButHttpsPortUnknown() throws Exception {
-        AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
+        LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
         ep.setLoginFormUrl("/hello");
         ep.setPortResolver(new MockPortResolver(8888, 1234));
         ep.setForceHttps(true);
@@ -214,7 +214,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
     }
 
     public void testServerSideRedirectWithoutForceHttpsForwardsToLoginPage() throws Exception {
-        AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
+        LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
         ep.setLoginFormUrl("/hello");
         ep.setUseForward(true);
         ep.afterPropertiesSet();
@@ -234,7 +234,7 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
     }
 
     public void testServerSideRedirectWithForceHttpsRedirectsCurrentRequest() throws Exception {
-        AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
+        LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
         ep.setLoginFormUrl("/hello");
         ep.setUseForward(true);
         ep.setForceHttps(true);
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java
index 64f3b3027e..e435cb9e64 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java
@@ -35,7 +35,7 @@ import org.springframework.security.core.AuthenticationException;
 
 
 /**
- * Tests {@link AuthenticationProcessingFilter}.
+ * Tests {@link UsernamePasswordAuthenticationProcessingFilter}.
  *
  * @author Ben Alex
  * @version $Id$
@@ -46,10 +46,10 @@ public class AuthenticationProcessingFilterTests extends TestCase {
     @Test
     public void testNormalOperation() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
-        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
-        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
+        request.addParameter(UsernamePasswordAuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
+        request.addParameter(UsernamePasswordAuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
 
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        UsernamePasswordAuthenticationProcessingFilter filter = new UsernamePasswordAuthenticationProcessingFilter();
         assertEquals("/j_spring_security_check", filter.getFilterProcessesUrl());
         filter.setAuthenticationManager(createAuthenticationManager());
         filter.init(null);
@@ -57,16 +57,16 @@ public class AuthenticationProcessingFilterTests extends TestCase {
         Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
         assertTrue(result != null);
         assertEquals("rod", request.getSession().getAttribute(
-                AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY));
+                UsernamePasswordAuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY));
         assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress());
     }
 
     @Test
     public void testNullPasswordHandledGracefully() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
-        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
+        request.addParameter(UsernamePasswordAuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
 
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        UsernamePasswordAuthenticationProcessingFilter filter = new UsernamePasswordAuthenticationProcessingFilter();
         filter.setAuthenticationManager(createAuthenticationManager());
         assertNotNull(filter.attemptAuthentication(request, new MockHttpServletResponse()));
     }
@@ -74,16 +74,16 @@ public class AuthenticationProcessingFilterTests extends TestCase {
     @Test
     public void testNullUsernameHandledGracefully() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
-        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
+        request.addParameter(UsernamePasswordAuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
 
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        UsernamePasswordAuthenticationProcessingFilter filter = new UsernamePasswordAuthenticationProcessingFilter();
         filter.setAuthenticationManager(createAuthenticationManager());
         assertNotNull(filter.attemptAuthentication(request, new MockHttpServletResponse()));
     }
 
     @Test
     public void testUsingDifferentParameterNamesWorksAsExpected() throws ServletException {
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        UsernamePasswordAuthenticationProcessingFilter filter = new UsernamePasswordAuthenticationProcessingFilter();
         filter.setAuthenticationManager(createAuthenticationManager());
         filter.setUsernameParameter("x");
         filter.setPasswordParameter("y");
@@ -100,10 +100,10 @@ public class AuthenticationProcessingFilterTests extends TestCase {
     @Test
     public void testSpacesAreTrimmedCorrectlyFromUsername() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
-        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, " rod ");
-        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
+        request.addParameter(UsernamePasswordAuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, " rod ");
+        request.addParameter(UsernamePasswordAuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
 
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        UsernamePasswordAuthenticationProcessingFilter filter = new UsernamePasswordAuthenticationProcessingFilter();
         filter.setAuthenticationManager(createAuthenticationManager());
 
         Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
@@ -113,8 +113,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
     @Test
     public void testFailedAuthenticationThrowsException() {
         MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
-        request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        request.addParameter(UsernamePasswordAuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
+        UsernamePasswordAuthenticationProcessingFilter filter = new UsernamePasswordAuthenticationProcessingFilter();
         AuthenticationManager am = mock(AuthenticationManager.class);
         when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
         filter.setAuthenticationManager(am);
@@ -127,7 +127,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
 
         // Check username has still been set
         assertEquals("rod", request.getSession().getAttribute(
-                AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY));
+                UsernamePasswordAuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY));
     }
 
     /**
@@ -137,7 +137,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
     public void noSessionIsCreatedIfAllowSessionCreationIsFalse() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest();
 
-        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        UsernamePasswordAuthenticationProcessingFilter filter = new UsernamePasswordAuthenticationProcessingFilter();
         filter.setAllowSessionCreation(false);
         filter.setAuthenticationManager(createAuthenticationManager());
 
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
index 9fbb86a04a..a2feedc785 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
@@ -30,7 +30,7 @@ public class DefaultLoginPageGeneratingFilterTests {
 
     @Test
     public void generatingPageWithAuthenticationProcessingFilterOnlyIsSuccessFul() throws Exception {
-        DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new AuthenticationProcessingFilter());
+        DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new UsernamePasswordAuthenticationProcessingFilter());
         filter.doFilter(new MockHttpServletRequest("GET", "/spring_security_login"), new MockHttpServletResponse(), chain);
         filter.doFilter(new MockHttpServletRequest("GET", "/spring_security_login;pathparam=unused"), new MockHttpServletResponse(), chain);
     }
@@ -43,7 +43,7 @@ public class DefaultLoginPageGeneratingFilterTests {
     }
 
     // Fake OpenID filter (since it's not in this module
-    private static class MockProcessingFilter extends AbstractProcessingFilter {
+    private static class MockProcessingFilter extends AbstractAuthenticationProcessingFilter {
         protected MockProcessingFilter() {
             super("/someurl");
         }
@@ -65,14 +65,14 @@ public class DefaultLoginPageGeneratingFilterTests {
     /* SEC-1111 */
     @Test
     public void handlesNonIso8859CharsInErrorMessage() throws Exception {
-        DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new AuthenticationProcessingFilter());
+        DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new UsernamePasswordAuthenticationProcessingFilter());
         MockHttpServletRequest request = new MockHttpServletRequest("GET", "/spring_security_login");
         request.addParameter("login_error", "true");
         MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
         String message = messages.getMessage(
                 "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials", Locale.KOREA);
         System.out.println("Message: " + message);
-        request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, new BadCredentialsException(message));
+        request.getSession().setAttribute(AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY, new BadCredentialsException(message));
 
         filter.doFilter(request, new MockHttpServletResponse(), chain);
     }
diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPointTests.java
index 1de29fb05b..ab4f56ec9c 100755
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPointTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedProcessingFilterEntryPointTests.java
@@ -1,7 +1,7 @@
 package org.springframework.security.web.authentication.preauth;
 
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint;
+import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
 
 import java.io.IOException;
 
@@ -21,7 +21,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
 public class PreAuthenticatedProcessingFilterEntryPointTests extends TestCase {
 
     public void testGetSetOrder() {
-        PreAuthenticatedProcessingFilterEntryPoint fep = new PreAuthenticatedProcessingFilterEntryPoint();
+        Http403ForbiddenEntryPoint fep = new Http403ForbiddenEntryPoint();
         fep.setOrder(333);
         assertEquals(fep.getOrder(), 333);
     }
@@ -29,7 +29,7 @@ public class PreAuthenticatedProcessingFilterEntryPointTests extends TestCase {
     public void testCommence() {
         MockHttpServletRequest req = new MockHttpServletRequest();
         MockHttpServletResponse resp = new MockHttpServletResponse();
-        PreAuthenticatedProcessingFilterEntryPoint fep = new PreAuthenticatedProcessingFilterEntryPoint();
+        Http403ForbiddenEntryPoint fep = new Http403ForbiddenEntryPoint();
         try {
             fep.commence(req,resp,new AuthenticationCredentialsNotFoundException("test"));
             assertEquals("Incorrect status",resp.getStatus(),HttpServletResponse.SC_FORBIDDEN);