JavaDoc corrections.

core/src/main/java/org/acegisecurity/Authentication.java

@@ -29,8 +29,7 @@ import java.security.Principal;
  * </p>
  * 
  * <p>
- * Stored in a request {@link
- * org.acegisecurity.context.security.SecurityContext}.
+ * Stored in a request {@link org.acegisecurity.context.SecurityContext}.
  * </p>
  *
  * @author Ben Alex

core/src/main/java/org/acegisecurity/concurrent/ConcurrentSessionController.java

@@ -47,7 +47,7 @@ public interface ConcurrentSessionController {
     /**
      * Called by an <code>AuthenticationManager</code> when the authentication was successful. An
      * implementation is expected to register the authenticated user in some sort of registry, for future concurrent
-     * tracking via the {@link #checkConcurrentAuthentication(Authentication)} method.
+     * tracking via the {@link #checkAuthenticationAllowed(Authentication)} method.
      *
      * @param authentication the successfully authenticated user (never <code>null</code>)
      */

core/src/main/java/org/acegisecurity/concurrent/SessionRegistry.java

@@ -27,7 +27,7 @@ public interface SessionRegistry {
     /**
      * Obtains all the known principals in the <code>SessionRegistry</code>.
      *
-     * @return each of the unique principals, which can then be presented to {@link #getAllSessions(Object)}.
+     * @return each of the unique principals, which can then be presented to {@link #getAllSessions(Object, boolean)}.
      */
     public Object[] getAllPrincipals();
 

core/src/main/java/org/acegisecurity/event/authentication/InteractiveAuthenticationSuccessEvent.java

@@ -46,7 +46,7 @@ public class InteractiveAuthenticationSuccessEvent extends AbstractAuthenticatio
      * Getter for the <code>Class</code> that generated this event. This can be useful for generating
      * additional logging information.
      *
-     * @return
+     * @return the class
      */
     public Class getGeneratedBy() {
         return generatedBy;

core/src/main/java/org/acegisecurity/intercept/package.html

@@ -8,17 +8,17 @@ secured, but instead refers to some infrastructure object that can have
 security facilities provided for it by the Acegi Security System for
 Spring. For example, one secure object would be
 <code>MethodInvocation</code>, whilst another would be HTTP {@link
-net.sf.acegisecurity.intercept.web.FilterInvocation}. Note these are
+org.acegisecurity.intercept.web.FilterInvocation}. Note these are
 infrastructure objects and their design allows them to represent a large
 variety of actual resources that might need to be secured, such as business
 objects or HTTP request URLs.
 </p>
  
 <P>Each secure object typically has its 
-own <code>net.sf.acegisecurity.intercept</code> package.
+own <code>org.acegisecurity.intercept</code> package.
 Each package usually includes a concrete security interceptor (which
-subclasses {@link net.sf.acegisecurity.intercept.AbstractSecurityInterceptor},
-an appropriate {@link net.sf.acegisecurity.intercept.ObjectDefinitionSource}
+subclasses {@link org.acegisecurity.intercept.AbstractSecurityInterceptor},
+an appropriate {@link org.acegisecurity.intercept.ObjectDefinitionSource}
 for the type of resources the secure object represents, and a property editor
 to populate the <code>ObjectDefinitionSource</code>.
 

core/src/main/java/org/acegisecurity/providers/dao/salt/ReflectionSaltSource.java

@@ -27,9 +27,10 @@ import java.lang.reflect.Method;
 
 
 /**
- * Obtains a salt from a specified property of the {@link User} object.<P>This allows you to subclass
- * <code>User</code> and provide an additional bean getter for a salt. You should use a synthetic value that does not
- * change, such as a database primary key.  Do not use <code>username</code> if it is likely to change.</p>
+ * Obtains a salt from a specified property of the {@link org.acegisecurity.userdetails.User} object.<P>This allows
+ * you to subclass <code>User</code> and provide an additional bean getter for a salt. You should use a synthetic
+ * value that does not change, such as a database primary key.  Do not use <code>username</code> if it is likely to
+ * change.</p>
  *
  * @author Ben Alex
  * @version $Id$

core/src/main/java/org/acegisecurity/providers/dao/salt/SystemWideSaltSource.java

@@ -24,8 +24,8 @@ import org.springframework.beans.factory.InitializingBean;
 
 /**
  * Uses a static system-wide <code>String</code> as the salt.<P>Does not supply a different salt for each {@link
- * User}. This means users sharing the same password will still have the same digested password. Of benefit is the
- * digested passwords will at least be more protected than if stored without any salt.</p>
+ * org.acegisecurity.userdetails.User}. This means users sharing the same password will still have the same digested
+ * password. Of benefit is the digested passwords will at least be more protected than if stored without any salt.</p>
  *
  * @author Ben Alex
  * @version $Id$

core/src/main/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationProvider.java

@@ -37,8 +37,8 @@ import org.springframework.util.Assert;
 /**
  * An {@link AuthenticationProvider} implementation that validates {@link
  * org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken}s.<p>To be successfully validated, the
- * {@link{@link org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken#getKeyHash()} must match this
- * class' {@link #getKey()}.</p>
+ * {@link org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken#getKeyHash()} must match this class'
+ * {@link #getKey()}.</p>
  */
 public class RememberMeAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
     //~ Static fields/initializers =====================================================================================

core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationToken.java

@@ -36,9 +36,9 @@ public class X509AuthenticationToken extends AbstractAuthenticationToken {
 
     //~ Constructors ===================================================================================================
 
-/**
-     * Used for an authentication request.  The {@link
-     * Authentication#isAuthenticated()} will return <code>false</code>.
+    /**
+     * Used for an authentication request.  The {@link org.acegisecurity.Authentication#isAuthenticated()} will return
+     * <code>false</code>.
      *
      * @param credentials the certificate
      */
@@ -47,9 +47,9 @@ public class X509AuthenticationToken extends AbstractAuthenticationToken {
         this.credentials = credentials;
     }
 
-/**
-     * Used for an authentication response object. The {@link
-     * Authentication#isAuthenticated()} will return <code>true</code>.
+    /**
+     * Used for an authentication response object. The {@link Authentication#isAuthenticated()}
+     * will return <code>true</code>.
      *
      * @param principal the principal, which is generally a
      *        <code>UserDetails</code>

core/src/main/java/org/acegisecurity/securechannel/ChannelDecisionManager.java

@@ -28,12 +28,6 @@ import javax.servlet.ServletException;
 /**
  * Decides whether a web channel provides sufficient security.
  * 
- * <P>
- * If necessary due to the nature of the redirection, implementations should
- * store the original destination of the request in {@link
- * org.acegisecurity.ui.AbstractProcessingFilter#ACEGI_SECURITY_TARGET_URL_KEY}.
- * </p>
- *
  * @author Ben Alex
  * @version $Id$
  */

core/src/main/java/org/acegisecurity/taglibs/velocity/Authz.java

@@ -73,7 +73,7 @@ public interface Authz {
 
     /**
      * return true if the principal holds either permission specified for the provided domain object<P>Only
-     * works with permissions that are subclasses of {@link net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry}.</p>
+     * works with permissions that are subclasses of {@link org.acegisecurity.acl.basic.AbstractBasicAclEntry}.</p>
      *  <p>For this class to operate it must be able to access the application context via the
      * <code>WebApplicationContextUtils</code> and locate an {@link AclManager}.</p>
      *

core/src/main/java/org/acegisecurity/ui/basicauth/BasicProcessingFilterEntryPoint.java

@@ -33,8 +33,8 @@ import javax.servlet.http.HttpServletResponse;
  * Used by the <code>SecurityEnforcementFilter</code> to commence authentication via the {@link
  * BasicProcessingFilter}.<P>Once a user agent is authenticated using BASIC authentication, logout requires that
  * the browser be closed or an unauthorized (401) header be sent. The simplest way of achieving the latter is to call
- * the {@link #commence(ServletRequest, ServletResponse)} method below. This will indicate to the browser its
- * credentials are no longer authorized, causing it to prompt the user to login again.</p>
+ * the {@link #commence(ServletRequest, ServletResponse, AuthenticationException)} method below. This will indicate to
+ * the browser its credentials are no longer authorized, causing it to prompt the user to login again.</p>
  *
  * @author Ben Alex
  * @version $Id$

core/src/main/java/org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.java

@@ -71,7 +71,7 @@ import javax.servlet.http.HttpServletResponse;
  *  <p>This is a basic remember-me implementation which is suitable for many applications. However, we recommend a
  * database-based implementation if you require a more secure remember-me approach.</p>
  *  <p>By default the tokens will be valid for 14 days from the last successful authentication attempt. This can be
- * changed using {@link #setTokenValiditySeconds(int)}.</p>
+ * changed using {@link #setTokenValiditySeconds(long)}.</p>
  *
  * @author Ben Alex
  * @version $Id$

core/src/main/java/org/acegisecurity/ui/session/HttpSessionEventPublisher.java

@@ -58,8 +58,7 @@ public class HttpSessionEventPublisher implements HttpSessionListener, ServletCo
     public void contextDestroyed(ServletContextEvent event) {}
 
     /**
-     * Handled internally by a call to {@link
-     * org.springframework.web.appContext.support.WebApplicationContextUtils#getRequiredWebApplicationContext(javax.servlet.ServletContext)}
+     * Handled internally by a call to {@link WebApplicationContextUtils#getWebApplicationContext(javax.servlet.ServletContext)}.
      *
      * @param event the ServletContextEvent passed in by the container, event.getServletContext() will be used to get
      *        the WebApplicationContext

core/src/main/java/org/acegisecurity/userdetails/User.java

@@ -42,8 +42,7 @@ public class User implements UserDetails {
     //~ Constructors ===================================================================================================
 
 /**
-     * Construct the <code>User</code> with the details required by {@link
-     * DaoAuthenticationProvider}.
+     * Construct the <code>User</code> with the details required by {@link org.acegisecurity.providers.dao.DaoAuthenticationProvider}.
      *
      * @param username the username presented to the
      *        <code>DaoAuthenticationProvider</code>
@@ -67,8 +66,7 @@ public class User implements UserDetails {
     }
 
 /**
-     * Construct the <code>User</code> with the details required by {@link
-     * DaoAuthenticationProvider}.
+     * Construct the <code>User</code> with the details required by {@link org.acegisecurity.providers.dao.DaoAuthenticationProvider}.
      *
      * @param username the username presented to the
      *        <code>DaoAuthenticationProvider</code>
@@ -97,8 +95,7 @@ public class User implements UserDetails {
     }
 
 /**
-     * Construct the <code>User</code> with the details required by {@link
-     * DaoAuthenticationProvider}.
+     * Construct the <code>User</code> with the details required by {@link org.acegisecurity.providers.dao.DaoAuthenticationProvider}.
      *
      * @param username the username presented to the
      *        <code>DaoAuthenticationProvider</code>

core/src/main/java/org/acegisecurity/userdetails/jdbc/JdbcDaoImpl.java

@@ -171,8 +171,8 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements UserDetailsService {
     }
 
     /**
-     * If <code>true</code> (the default), indicates the {@link #getUsersByUsernameMapping()} returns a
-     * username in response to a query. If <code>false</code>, indicates that a primary key is used instead. If set to
+     * If <code>true</code> (the default), indicates the {@link #getUsersByUsernameQuery()} returns a username
+     * in response to a query. If <code>false</code>, indicates that a primary key is used instead. If set to
      * <code>true</code>, the class will use the database-derived username in the returned <code>UserDetails</code>.
      * If <code>false</code>, the class will use the {@link #loadUserByUsername(String)} derived username in the
      * returned <code>UserDetails</code>.

core/src/main/java/org/acegisecurity/util/FilterChainProxy.java

@@ -51,9 +51,9 @@ import javax.servlet.ServletResponse;
 /**
  * Delegates <code>Filter</code> requests to a list of Spring-managed beans.<p>The <code>FilterChainProxy</code> is
  * loaded via a standard {@link org.acegisecurity.util.FilterToBeanProxy} declaration in <code>web.xml</code>.
- * <code>FilterChainProxy</code> will then pass {@link #init(FilterConfig)}, {@link #destroy()}, {@link #doInit()} and
- * {@link #doFilter(ServletRequest, ServletResponse, FilterChain)} invocations through to each <code>Filter</code>
- * defined against <code>FilterChainProxy</code>.</p>
+ * <code>FilterChainProxy</code> will then pass {@link #init(FilterConfig)}, {@link #destroy()} and {@link
+ * #doFilter(ServletRequest, ServletResponse, FilterChain)} invocations through to each <code>Filter</code> defined
+ * against <code>FilterChainProxy</code>.</p>
  *  <p><code>FilterChainProxy</code> is configured using a standard {@link
  * org.acegisecurity.intercept.web.FilterInvocationDefinitionSource}. Each possible URI pattern that
  * <code>FilterChainProxy</code> should service must be entered. The first matching URI pattern located by

core/src/main/java/org/acegisecurity/vote/AbstractAclVoter.java

@@ -16,9 +16,7 @@
 package org.acegisecurity.vote;
 
 import org.acegisecurity.AuthorizationServiceException;
-import org.acegisecurity.ConfigAttribute;
 
-import org.acegisecurity.acl.AclEntry;
 import org.acegisecurity.acl.AclManager;
 
 import org.aopalliance.intercept.MethodInvocation;
@@ -32,40 +30,6 @@ import org.springframework.util.Assert;
 /**
  * <p>Given a domain object instance passed as a method argument, ensures the principal has appropriate permission
  * as defined by the {@link AclManager}.</p>
- *  <p>The <code>AclManager</code> is used to retrieve the access control list (ACL) permissions associated with a
- * domain object instance for the current <code>Authentication</code> object. This class is designed to process {@link
- * AclEntry}s that are subclasses of {@link org.acegisecurity.acl.basic.BasicAclEntry} only. Generally these are
- * obtained by using the {@link org.acegisecurity.acl.basic.BasicAclProvider}.</p>
- *  <p>The voter will vote if any  {@link ConfigAttribute#getAttribute()} matches the {@link
- * #processConfigAttribute}. The provider will then locate the first method argument of type {@link
- * #processDomainObjectClass}. Assuming that method argument is non-null, the provider will then lookup the ACLs from
- * the <code>AclManager</code> and ensure the principal is {@link
- * org.acegisecurity.acl.basic.BasicAclEntry#isPermitted(int)} for at least one of the {@link #requirePermission}s.</p>
- *  <p>If the method argument is <code>null</code>, the voter will abstain from voting. If the method argument
- * could not be found, an {@link org.acegisecurity.AuthorizationServiceException} will be thrown.</p>
- *  <p>In practical terms users will typically setup a number of <code>BasicAclEntryVoter</code>s. Each will have a
- * different {@link #processDomainObjectClass}, {@link #processConfigAttribute} and {@link #requirePermission}
- * combination. For example, a small application might employ the following instances of
- * <code>BasicAclEntryVoter</code>:
- *  <ul>
- *      <li>Process domain object class <code>BankAccount</code>, configuration attribute
- *      <code>VOTE_ACL_BANK_ACCONT_READ</code>, require permission <code>SimpleAclEntry.READ</code></li>
- *      <li>Process domain object class <code>BankAccount</code>, configuration attribute
- *      <code>VOTE_ACL_BANK_ACCOUNT_WRITE</code>, require permission list <code>SimpleAclEntry.WRITE</code> and
- *      <code>SimpleAclEntry.CREATE</code> (allowing the principal to have <b>either</b> of these two permissions</li>
- *      <li>Process domain object class <code>Customer</code>, configuration attribute
- *      <code>VOTE_ACL_CUSTOMER_READ</code>, require permission <code>SimpleAclEntry.READ</code></li>
- *      <li>Process domain object class <code>Customer</code>, configuration attribute
- *      <code>VOTE_ACL_CUSTOMER_WRITE</code>, require permission list <code>SimpleAclEntry.WRITE</code> and
- *      <code>SimpleAclEntry.CREATE</code></li>
- *  </ul>
- *  Alternatively, you could have used a common superclass or interface for the {@link #processDomainObjectClass}
- * if both <code>BankAccount</code> and <code>Customer</code> had common parents.</p>
- *  <p>If the principal does not have sufficient permissions, the voter will vote to deny access.</p>
- *  <p>The <code>AclManager</code> is allowed to return any implementations of <code>AclEntry</code> it wishes.
- * However, this provider will only be able to validate against <code>AbstractBasicAclEntry</code>s, and thus a vote
- * to deny access will be made if no <code>AclEntry</code> is of type <code>AbstractBasicAclEntry</code>.</p>
- *  <p>All comparisons and prefixes are case sensitive.</p>
  *
  * @author Ben Alex
  * @version $Id$

core/src/main/java/org/acegisecurity/wrapper/SecurityContextHolderAwareRequestWrapper.java

@@ -120,9 +120,10 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest
     }
 
     /**
-     * Simple searches for an exactly matching {@link GrantedAuthority#getAuthority()}.<p>Will always return
-     * <code>false</code> if the <code>SecurityContextHolder</code> contains an <code>Authentication</code> with
-     * <code>null</code><code>principal</code> and/or <code>GrantedAuthority[]</code> objects.</p>
+     * Simple searches for an exactly matching {@link org.acegisecurity.GrantedAuthority#getAuthority()}.<p>Will
+     * always return <code>false</code> if the <code>SecurityContextHolder</code> contains an
+     * <code>Authentication</code> with <code>null</code><code>principal</code> and/or <code>GrantedAuthority[]</code>
+     * objects.</p>
      *
      * @param role the <code>GrantedAuthority</code><code>String</code> representation to check for
      *

doc/deploy.bat

@@ -2,4 +2,4 @@ set MAVEN_OPTS=-Xmx768m -XX:MaxPermSize=512m
 call maven -Dmaven.jar.override=on -Dmaven.jar.clover-ant=1.3.3_01 clean
 call maven -Dmaven.jar.override=on -Dmaven.jar.clover-ant=1.3.3_01 multiproject:clean
 call maven -Dmaven.jar.override=on -Dmaven.jar.clover-ant=1.3.3_01 multiproject:artifact
-call maven -X -Dmaven.jar.override=on -Dmaven.jar.clover-ant=1.3.3_01 multiproject:site
+call maven -Dmaven.jar.override=on -Dmaven.jar.clover-ant=1.3.3_01 multiproject:site

project.properties

@@ -16,7 +16,7 @@ maven.compile.source=1.3
 #signature.storepass=
 #signature.keystore=
 
-maven.javadoc.links=http://java.sun.com/j2se/1.5.0/docs/api/,http://www.springframework.org/docs/api/,http://jakarta.apache.org/commons/lang/api/index.html,http://developer.ja-sig.org/projects/cas/multiproject/cas-server/apidocs/index.html,http://jakarta.apache.org/commons/codec/apidocs/index.html,http://jakarta.apache.org/commons/collections/api/,http://jakarta.apache.org/commons/logging/apidocs/index.html,http://tomcat.apache.org/tomcat-5.0-doc/servletapi/index.html
+maven.javadoc.links=http://java.sun.com/j2se/1.5.0/docs/api/,http://www.springframework.org/docs/api/,http://jakarta.apache.org/commons/lang/api/,http://developer.ja-sig.org/projects/cas/multiproject/cas-server/apidocs/,http://jakarta.apache.org/commons/codec/apidocs/,http://jakarta.apache.org/commons/collections/api/,http://jakarta.apache.org/commons/logging/apidocs/,http://tomcat.apache.org/tomcat-5.0-doc/servletapi/
 
 maven.repo.remote=http://www.ibiblio.org/maven,http://acegisecurity.sourceforge.net/maven,http://svn.apache.org/repository/