SEC-271: Impemented FilterSecurityInovation parser for 'authorization-http-url' tag

sandbox/spring-security-config/.classpath

@@ -5,40 +5,40 @@
 	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
 	<classpathentry excluding="**/*.java" kind="src" output="target/test-classes" path="src/test/resources"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
-	<classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/cas/casclient/2.0.11/casclient-2.0.11.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/2.0.4/spring-beans-2.0.4.jar" sourcepath="/spring"/>
-	<classpathentry kind="var" path="M2_REPO/jdbm/jdbm/1.0/jdbm-1.0.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-asn1/0.9.5.3/shared-asn1-0.9.5.3.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-support/2.0.4/spring-support-2.0.4.jar"/>
-	<classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-mock/2.0.4/spring-mock-2.0.4.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-dao/2.0.4/spring-dao-2.0.4.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-ldap/0.9.5.3/shared-ldap-0.9.5.3.jar"/>
-	<classpathentry kind="var" path="M2_REPO/javax/servlet/jsp-api/2.0/jsp-api-2.0.jar"/>
-	<classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar" sourcepath="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-jdbc/2.0.4/spring-jdbc-2.0.4.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1.jar" sourcepath="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/aspectj/aspectjrt/1.2/aspectjrt-1.2.jar"/>
-	<classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar" sourcepath="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-aop/2.0.4/spring-aop-2.0.4.jar"/>
-	<classpathentry kind="var" path="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1.jar" sourcepath="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9.jar" sourcepath="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-web/2.0.4/spring-web-2.0.4.jar"/>
-	<classpathentry kind="var" path="M2_REPO/oro/oro/2.0.8/oro-2.0.8.jar" sourcepath="M2_REPO/oro/oro/2.0.8/oro-2.0.8-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar" sourcepath="M2_REPO/junit/junit/3.8.1/junit-3.8.1-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.4/hsqldb-1.8.0.4.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-context/2.0.4/spring-context-2.0.4.jar"/>
-	<classpathentry kind="var" path="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6.jar" sourcepath="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1.jar" sourcepath="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar" sourcepath="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core/1.0.0/apacheds-core-1.0.0.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-remoting/2.0.4/spring-remoting-2.0.4.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core-shared/1.0.0/apacheds-core-shared-1.0.0.jar"/>
 	<classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4.jar" sourcepath="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/2.0.4/spring-core-2.0.4.jar"/>
+	<classpathentry kind="var" path="M2_REPO/aspectj/aspectjrt/1.2/aspectjrt-1.2.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-context/2.0.4/spring-context-2.0.4.jar"/>
+	<classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar" sourcepath="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6.jar" sourcepath="M2_REPO/antlr/antlr/2.7.6/antlr-2.7.6-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1.jar" sourcepath="M2_REPO/commons-lang/commons-lang/2.1/commons-lang-2.1-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1.jar" sourcepath="M2_REPO/org/slf4j/slf4j-log4j12/1.0.1/slf4j-log4j12-1.0.1-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security-tiger/1.0.5-SNAPSHOT/acegi-security-tiger-1.0.5-SNAPSHOT-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/2.0.4/spring-beans-2.0.4.jar"/>
+	<classpathentry kind="var" path="M2_REPO/javax/servlet/jsp-api/2.0/jsp-api-2.0.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-remoting/2.0.4/spring-remoting-2.0.4.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-support/2.0.4/spring-support-2.0.4.jar"/>
+	<classpathentry kind="var" path="M2_REPO/cas/casclient/2.0.11/casclient-2.0.11.jar"/>
+	<classpathentry kind="var" path="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0.jar" sourcepath="M2_REPO/aopalliance/aopalliance/1.0/aopalliance-1.0-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-dao/2.0.4/spring-dao-2.0.4.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core-shared/1.0.0/apacheds-core-shared-1.0.0.jar"/>
+	<classpathentry kind="var" path="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1.jar" sourcepath="M2_REPO/jmock/jmock/1.0.1/jmock-1.0.1-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6.jar" sourcepath="M2_REPO/taglibs/standard/1.0.6/standard-1.0.6-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/oro/oro/2.0.8/oro-2.0.8.jar" sourcepath="M2_REPO/oro/oro/2.0.8/oro-2.0.8-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-asn1/0.9.5.3/shared-asn1-0.9.5.3.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-mock/2.0.4/spring-mock-2.0.4.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-jdbc/2.0.4/spring-jdbc-2.0.4.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-aop/2.0.4/spring-aop-2.0.4.jar"/>
+	<classpathentry kind="var" path="M2_REPO/hsqldb/hsqldb/1.8.0.4/hsqldb-1.8.0.4.jar"/>
+	<classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core/1.0.0/apacheds-core-1.0.0.jar"/>
+	<classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9.jar" sourcepath="M2_REPO/log4j/log4j/1.2.9/log4j-1.2.9-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/jdbm/jdbm/1.0/jdbm-1.0.jar"/>
+	<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar" sourcepath="M2_REPO/junit/junit/3.8.1/junit-3.8.1-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-ldap/0.9.5.3/shared-ldap-0.9.5.3.jar"/>
+	<classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar" sourcepath="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-web/2.0.4/spring-web-2.0.4.jar"/>
+	<classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1-sources.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/2.0.4/spring-core-2.0.4.jar" sourcepath="/spring"/>
 	<classpathentry kind="output" path="target/classes"/>
 </classpath>

sandbox/spring-security-config/.project

@@ -1,25 +1,19 @@
-<?xml version="1.0" encoding="UTF-8"?>
 <projectDescription>
-	<name>spring-security-config</name>
+  <name>spring-security-config</name>
-	<comment>Acegi Security System for Spring</comment>
+  <comment>Acegi Security System for Spring</comment>
-	<projects>
+  <projects/>
-	</projects>
+  <buildSpec>
-	<buildSpec>
+    <buildCommand>
-		<buildCommand>
+      <name>org.eclipse.jdt.core.javabuilder</name>
-			<name>org.eclipse.jdt.core.javabuilder</name>
+    </buildCommand>
-			<arguments>
+    <buildCommand>
-			</arguments>
+      <name>org.eclipse.wst.validation.validationbuilder</name>
-		</buildCommand>
+    </buildCommand>
-		<buildCommand>
+  </buildSpec>
-			<name>org.eclipse.wst.validation.validationbuilder</name>
+  <natures>
-			<arguments>
+    <nature>org.eclipse.wst.common.project.facet.core.nature</nature>
-			</arguments>
+    <nature>org.eclipse.jdt.core.javanature</nature>
-		</buildCommand>
+    <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
-	</buildSpec>
+    <nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
-	<natures>
+  </natures>
-		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
-		<nature>org.eclipse.jdt.core.javanature</nature>
-		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
-		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
-	</natures>
 </projectDescription>

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthenticationMechanismBeanDefinitionParser.java

@@ -50,7 +50,7 @@ public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDef
 
 	private static final String AUTHENTICATION_JDBC = "authentication-jdbc";
 
-	private static final String AUTHENTICATION_LDAP="authentication-ldap";
+	private static final String AUTHENTICATION_LDAP = "authentication-ldap";
 
 	private static final String REF = "ref";
 
@@ -76,7 +76,8 @@ public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDef
 						// create a beandefinition
 						providers.add(new RuntimeBeanReference(attribute));
 					}
-				} else if (AUTHENTICATION_LDAP.equals(node.getLocalName())){
+				}
+				else if (AUTHENTICATION_LDAP.equals(node.getLocalName())) {
 					providers.add(createLdapAuthencticationProviderBeanDefinition(childElement, parserContext));
 				}
 			}
@@ -121,9 +122,10 @@ public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDef
 		ldapAuthoritiesPopulator.getConstructorArgumentValues().addIndexedArgumentValue(0, initialDirContextFactory);
 		BeanDefinitionParserUtils.setConstructorArgumentIfAvailable(1, element, "groupSearchBase", false,
 				ldapAuthoritiesPopulator);
-		BeanDefinitionParserUtils.setPropertyIfAvailable(element, "groupRoleAttribute", "groupRoleAttribute", ldapAuthoritiesPopulator);
+		BeanDefinitionParserUtils.setPropertyIfAvailable(element, "groupRoleAttribute", "groupRoleAttribute", false,
+				ldapAuthoritiesPopulator);
 
-		//LdapAuthoritiesPopulator
+		// LdapAuthoritiesPopulator
 		ldapAuthProvider.getConstructorArgumentValues().addIndexedArgumentValue(1, ldapAuthoritiesPopulator);
 
 		return ldapAuthProvider;
@@ -134,10 +136,10 @@ public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDef
 		RootBeanDefinition initialDirContextFactory = new RootBeanDefinition(DefaultInitialDirContextFactory.class);
 		BeanDefinitionParserUtils.setConstructorArgumentIfAvailable(0, element, "ldapUrl", false,
 				initialDirContextFactory);
-		BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerDn", "managerDn", initialDirContextFactory);
+		BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerDn", "managerDn", false,
-		BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerPassword", "managerPassword",
+				initialDirContextFactory);
+		BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerPassword", "managerPassword", false,
 				initialDirContextFactory);
 		return initialDirContextFactory;
 	}
-
 }

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthenticationRepositoryBeanDefinitionParser.java

@@ -27,8 +27,8 @@ import org.w3c.dom.NodeList;
  */
 public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDefinitionParser {
 
-	// ~ Instance fields
+	// ~ Static fields
-	// ================================================================================================
+	// =====================================================================================
 
 	private static final String REPOSITORY_BEAN_REF = "repositoryBeanRef";
 
@@ -50,9 +50,7 @@ public class AuthenticationRepositoryBeanDefinitionParser extends AbstractBeanDe
 
 	// ~ Method
 	// ================================================================================================
-	/**
+
-	 * TODO: Document Me !!!
-	 */
 	public AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
 		Assert.notNull(parserContext, "ParserContext must not be null");
 

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AutoConfigBeanDefinitionParser.java

@@ -39,12 +39,18 @@ import org.w3c.dom.Element;
  */
 public class AutoConfigBeanDefinitionParser implements BeanDefinitionParser {
 
+	// ~ instance fields
+	// ================================================================================================
+
 	private RootBeanDefinition authenticationManager;
 
 	private RootBeanDefinition rememberMeServices;
 
 	private ManagedList decisionVoters = new ManagedList();
 
+	// ~ Method
+	// ================================================================================================
+
 	public BeanDefinition parse(Element element, ParserContext parserContext) {
 		// authentication manager
 		this.authenticationManager = AuthenticationMechanismBeanDefinitionParser

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/ContextIntegrationBeanDefinitionParser.java

@@ -23,6 +23,9 @@ import org.w3c.dom.NamedNodeMap;
  */
 public class ContextIntegrationBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
 
+	// ~ Static fields/initializers
+	// =====================================================================================
+
 	private static final String HTTP_SESSION_CONTEXT_INTEGRATION = "session-context-integration";
 
 	private static final String SESSION_CREATION = "sessionCreation";
@@ -35,7 +38,8 @@ public class ContextIntegrationBeanDefinitionParser extends AbstractSingleBeanDe
 
 	private static final String ALLOW_SESSION_CREATION = "allowSessionCreation";
 
-	private BeanDefinitionBuilder builder;
+	// ~ Methods
+	// ========================================================================================================
 
 	protected Class getBeanClass(Element element) {
 		return HttpSessionContextIntegrationFilter.class;

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/ExceptionTranslationFilterBeanDefinitionParser.java

@@ -53,6 +53,9 @@ import org.w3c.dom.Element;
  */
 public class ExceptionTranslationFilterBeanDefinitionParser extends AbstractBeanDefinitionParser {
 
+	// ~ Static fields
+	// =====================================================================================
+
 	private static final String ACCESS_DENIED = "access-denied";
 
 	private static final String ACCESS_DENIED_REF = "accessDeniedBeanRef";
@@ -67,6 +70,9 @@ public class ExceptionTranslationFilterBeanDefinitionParser extends AbstractBean
 
 	private static final String LOGIN_FORM_URL_VALUE = "/acegilogin.jsp";
 
+	// ~ Method
+	// ================================================================================================
+
 	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
 
 		RootBeanDefinition exceptionFilterDef = new RootBeanDefinition(ExceptionTranslationFilter.class);

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/LogoutHandlerOrderResolver.java

@@ -70,10 +70,10 @@ public class LogoutHandlerOrderResolver implements BeanFactoryPostProcessor {
 			if (definition.hasBeanClass()) {
 				if (Ordered.class.isAssignableFrom(definition.getBeanClass())) {
 					definition.getPropertyValues().addPropertyValue("order",
-							new Integer(getOrder(definition.getBeanClass())));
+							Integer.valueOf(getOrder(definition.getBeanClass())));
 				}
 				else {
-					definition.getPropertyValues().addPropertyValue("order", new Integer(Integer.MAX_VALUE));
+					definition.getPropertyValues().addPropertyValue("order", Integer.valueOf(Integer.MAX_VALUE));
 				}
 			}
 			list.add(definition);

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/SecurityNamespaceHandler.java

@@ -28,6 +28,7 @@ public class SecurityNamespaceHandler extends NamespaceHandlerSupport {
 		registerBeanDefinitionParser("logout-support", new LogoutFilterBeanDefinitionParser());
 		registerBeanDefinitionParser("exception-translation", new ExceptionTranslationFilterBeanDefinitionParser());
 		registerBeanDefinitionParser("authentication-form", new AuthenticationProcessingFilterBeanDefinitionParser());
+		registerBeanDefinitionParser("authorization-http-url", new FilterSecurityInterceptorBeanDefinitionParser());
 		registerBeanDefinitionParser("autoconfig", new AutoConfigBeanDefinitionParser());
 	}
 

sandbox/spring-security-config/src/main/java/org/acegisecurity/util/BeanDefinitionParserUtils.java

@@ -14,29 +14,43 @@ import org.w3c.dom.Element;
  * 
  */
 public class BeanDefinitionParserUtils {
+	// ~ Constructor
+	// ================================================================================================
+
 	/**
 	 * Prevents instantiation
 	 */
 	private BeanDefinitionParserUtils() {
 	}
 
+	// ~ Method
+	// ================================================================================================
+
 	public static void setConstructorArgumentIfAvailable(int index, Element element, String attribute,
 			boolean isRunTimeBeanReference, RootBeanDefinition definition) {
 		String propertyValue = element.getAttribute(attribute);
 		if (StringUtils.hasText(propertyValue)) {
-			if(!isRunTimeBeanReference){
+			if (!isRunTimeBeanReference) {
 				definition.getConstructorArgumentValues().addIndexedArgumentValue(index, propertyValue);
-			} else {
+			}
-				definition.getConstructorArgumentValues().addIndexedArgumentValue(index, new RuntimeBeanNameReference(propertyValue));
+			else {
+				definition.getConstructorArgumentValues().addIndexedArgumentValue(index,
+						new RuntimeBeanNameReference(propertyValue));
 			}
 		}
 	}
 
 	public static void setPropertyIfAvailable(Element element, String attribute, String property,
-			RootBeanDefinition definition) {
+			boolean isRunTimeBeanReference, RootBeanDefinition definition) {
 		String propertyValue = element.getAttribute(attribute);
 		if (StringUtils.hasText(propertyValue)) {
-			definition.getPropertyValues().addPropertyValue(property, propertyValue);
+			if (!isRunTimeBeanReference) {
+				definition.getPropertyValues().addPropertyValue(property, propertyValue);
+			}
+			else {
+				definition.getPropertyValues().addPropertyValue(property, new RuntimeBeanNameReference(propertyValue));
+			}
+
 		}
 	}
 }

sandbox/spring-security-config/src/main/java/org/acegisecurity/util/OrderedUtils.java

@@ -13,6 +13,7 @@ import org.springframework.util.ReflectionUtils;
  * {@link Ordered} interface.
  * 
  * @author Ben Alex
+ * @author Vishal Puri
  */
 public abstract class OrderedUtils {
 	/**
@@ -59,7 +60,7 @@ public abstract class OrderedUtils {
 		Assert.notNull(destinationObject, "Destination object required");
 		Method m = ReflectionUtils.findMethod(destinationObject.getClass(), "setOrder", new Class[] {int.class});
 		Assert.notNull(m, "Method setOrder(int) not found on " + destinationObject.getClass());
-		ReflectionUtils.invokeMethod(m, destinationObject, new Object[] {new Integer(sourceObject.getOrder())});
+		ReflectionUtils.invokeMethod(m, destinationObject, new Object[] { Integer.valueOf((sourceObject.getOrder()))});
 	}
 	
 }

sandbox/spring-security-config/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd

@@ -504,6 +504,64 @@
 		</xsd:attribute>
 	</xsd:attributeGroup>
 
+	<xsd:element name="authorization-http-url"
+		type="AuthorizationHttpUrlType">
+		<xsd:annotation>
+			<xsd:documentation>
+				<![CDATA[
+				Specify security:uri-patterns in order of processing; each pattern must specify EITHER a 
+				regularExpression OR a path, but not both and ALL patterns in the url-mapping MUST be of the 
+				SAME type (ie cannot mix a regular expression and Ant Path) - exception will be thrown if tried
+				]]>
+			</xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+
+	<xsd:complexType name="AuthorizationHttpUrlType">
+		<xsd:sequence minOccurs="1" maxOccurs="1">
+			<xsd:element name="url-mapping" type="UrlMappingType"></xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="id" type="xsd:ID">
+			<xsd:annotation>
+				<xsd:documentation>
+					<![CDATA[
+	The unique identifier for a bean.
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+	</xsd:complexType>
+
+	<xsd:complexType name="UrlMappingType">
+		<xsd:sequence minOccurs="1" maxOccurs="unbounded">
+			<xsd:element name="uri-pattern" type="UriPatternType" />
+		</xsd:sequence>
+		<xsd:attribute name="source" type="xsd:string" default="xml" />
+		<xsd:attribute name="sourceBeanId" type="xsd:string">
+			<xsd:annotation>
+				<xsd:documentation>
+					<![CDATA[
+	Reference to an external ObjectDefinitionSource.
+				]]>
+				</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+	</xsd:complexType>
+
+	<xsd:complexType name="UriPatternType">
+		<xsd:sequence minOccurs="1" maxOccurs="unbounded">
+			<xsd:element name="configuration-attribute"
+				type="ConfigurationAttributeType" />
+		</xsd:sequence>
+		<xsd:attribute name="path" type="xsd:string" use="optional"/>
+		<xsd:attribute name="regularExpression" type="xsd:string" use="optional"/>
+	</xsd:complexType>
+
+	<xsd:complexType name="ConfigurationAttributeType">
+		<xsd:attribute name="attribute" type="xsd:string" />
+	</xsd:complexType>
+
+
 	<!-- simple internal types -->
 	<xsd:simpleType name="defaultable-boolean">
 		<xsd:restriction base="xsd:NMTOKEN">

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/AutoConfigBeanDefinitionParserTests.java

@@ -30,7 +30,7 @@ public class AutoConfigBeanDefinitionParserTests extends TestCase {
 
 	private ApplicationContext context;
 
-	ConfigurableListableBeanFactory bf;
+	private ConfigurableListableBeanFactory bf;
 
 	// ~ Methods
 	// ========================================================================================================
@@ -89,7 +89,6 @@ public class AutoConfigBeanDefinitionParserTests extends TestCase {
 		Field transactionAttributeSource = makeAccessibleAndGetFieldByName(advisor.getClass().getDeclaredFields(), "transactionAttributeSource");
 		assertNotNull(transactionAttributeSource);
 		assertTrue(transactionAttributeSource.get(advisor) instanceof MethodDefinitionSource);
-
 	}
 
 	private Field makeAccessibleAndGetFieldByName(Field[] declaredFields, String name) {

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/security-namespaces.xml

@@ -1,4 +1,4 @@
- <?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="UTF-8"?>
 
 <beans xmlns="http://www.springframework.org/schema/beans"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -36,7 +36,8 @@
 		superclass AbstractAccessDecisionManager requires refactoring so if no setProvider(List) given, it introspects app ctx for all AccessDecisionVoters
 		and uses their Ordered interface to apply them; if one doesn't implement Ordered, assume it is Integer.MAX_VALUE -->
 	<security:authorization-manager id="id"
-		strategy="consensus|unanimous|affirmative" />t
+		strategy="consensus|unanimous|affirmative" />
+	t
 
 	<!-- ======================== AUTHENTICATION ======================= -->
 
@@ -90,7 +91,7 @@
 			x="you can do the attributes and suitable nested elements" />
 		<security:properties
 			location="resourceStringToPropertiesFile">
-<!-- if they specify a resource attrib, that means throw exception if they nest some user-definition data) -->
+			<!-- if they specify a resource attrib, that means throw exception if they nest some user-definition data) -->
 			<security:user-definition username="ben"
 				password="nottellingYou" enabled="true"
 				it="more stuff if you want">
@@ -129,13 +130,15 @@
 
 	<!--  any kind of ACL support is out of scope; frankly it is too hard for 1.1.0 -->
 
-	<!-- ensure element name is not overlapping with portlet or spring web flow or tapestry URI patterns, as this filter is incompatible with them -->
+	<!-- ensure element name is not overlapping with portlet or spring web flow or tapestry URI patterns, 
+		as this filter is incompatible with them -->
 	<security:authorization-http-url>
 		<security:url-mapping
 			source="xml - the default and no other options"
 			sourceBeanId="referenceToTheirObjectDefinitionSource">
-			<!-- Specify security:uri-patterns in order of processing; each pattern must specify EITHER a regularExpression OR a path, but not both
+			<!-- Specify security:uri-patterns in order of processing; each pattern must specify EITHER a 
-				and ALL patterns in the url-mapping MUST be of the SAME type (ie cannot mix a regular expression and Ant Path) - give exception if tried -->
+			regularExpression OR a path, but not both and ALL patterns in the url-mapping MUST be of the 
+			SAME type (ie cannot mix a regular expression and Ant Path) - give exception if tried -->
 			<security:uri-pattern path="/index.jsp"
 				regularExpression="whatever">
 				<security:configuration-attribute attribute="ROLE_A" />