From c184d2d8c513b6fe548300f395e784a63ee7c5ab Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Wed, 23 Apr 2008 13:11:26 +0000
Subject: [PATCH] Added 'heavyduty' sample to sandbox for testing

---
 sandbox/heavyduty/certificates/Readme.txt     |  10 ++
 sandbox/heavyduty/certificates/ca.pem         |  22 +++
 sandbox/heavyduty/certificates/dianne.p12     | Bin 0 -> 1768 bytes
 sandbox/heavyduty/certificates/rod.p12        | Bin 0 -> 1784 bytes
 sandbox/heavyduty/certificates/scott.p12      | Bin 0 -> 1768 bytes
 sandbox/heavyduty/certificates/server.jks     | Bin 0 -> 3488 bytes
 sandbox/heavyduty/pom.xml                     | 166 ++++++++++++++++++
 .../src/main/java/bigbank/Account.java        |  51 ++++++
 .../src/main/java/bigbank/BankDao.java        |   7 +
 .../src/main/java/bigbank/BankDaoStub.java    |  32 ++++
 .../src/main/java/bigbank/BankService.java    |  15 ++
 .../main/java/bigbank/BankServiceImpl.java    |  40 +++++
 .../src/main/java/bigbank/SeedData.java       |  21 +++
 .../main/java/bigbank/web/ListAccounts.java   |  34 ++++
 .../main/java/bigbank/web/PostAccounts.java   |  39 ++++
 ...avyDutyAuthenticationProcessingFilter.java |  11 ++
 .../security/ui/HeavyDutyEntryPoint.java      |   9 +
 .../src/main/java/sample/dao/GenericDAO.java  |  46 +++++
 .../src/main/java/sample/dao/UserDAO.java     |  13 ++
 .../java/sample/dao/impl/GenericDAOImpl.java  | 126 +++++++++++++
 .../java/sample/dao/impl/UserDAOImpl.java     |  27 +++
 .../src/main/java/sample/domain/User.java     | 106 +++++++++++
 .../main/java/sample/service/UserService.java |  16 ++
 .../sample/service/impl/UserServiceImpl.java  |  68 +++++++
 .../resources/applicationContext-business.xml |  24 +++
 .../src/main/webapp/META-INF/MANIFEST.MF      |   2 +
 .../main/webapp/WEB-INF/appContext-misc.xml   |  51 ++++++
 .../webapp/WEB-INF/appContext-persistence.xml |  59 +++++++
 .../webapp/WEB-INF/appContext-security.xml    |  82 +++++++++
 .../applicationContext-acegi-security.xml     | 161 +++++++++++++++++
 .../src/main/webapp/WEB-INF/bank-servlet.xml  |  20 +++
 .../WEB-INF/classes/META-INF/persistence.xml  |  24 +++
 .../webapp/WEB-INF/classes/jdbc.properties    |   8 +
 .../webapp/WEB-INF/classes/log4j.properties   |  18 ++
 .../main/webapp/WEB-INF/classes/users.ldif    |  60 +++++++
 .../main/webapp/WEB-INF/jsp/listAccounts.jsp  |  27 +++
 .../heavyduty/src/main/webapp/WEB-INF/web.xml |  81 +++++++++
 sandbox/heavyduty/src/main/webapp/index.jsp   |  18 ++
 sandbox/heavyduty/src/main/webapp/login.jsp   |  47 +++++
 .../src/main/webapp/secure/extreme/index.jsp  |  15 ++
 .../src/main/webapp/secure/index.jsp          |  36 ++++
 41 files changed, 1592 insertions(+)
 create mode 100755 sandbox/heavyduty/certificates/Readme.txt
 create mode 100755 sandbox/heavyduty/certificates/ca.pem
 create mode 100755 sandbox/heavyduty/certificates/dianne.p12
 create mode 100755 sandbox/heavyduty/certificates/rod.p12
 create mode 100755 sandbox/heavyduty/certificates/scott.p12
 create mode 100755 sandbox/heavyduty/certificates/server.jks
 create mode 100755 sandbox/heavyduty/pom.xml
 create mode 100755 sandbox/heavyduty/src/main/java/bigbank/Account.java
 create mode 100755 sandbox/heavyduty/src/main/java/bigbank/BankDao.java
 create mode 100755 sandbox/heavyduty/src/main/java/bigbank/BankDaoStub.java
 create mode 100755 sandbox/heavyduty/src/main/java/bigbank/BankService.java
 create mode 100755 sandbox/heavyduty/src/main/java/bigbank/BankServiceImpl.java
 create mode 100755 sandbox/heavyduty/src/main/java/bigbank/SeedData.java
 create mode 100755 sandbox/heavyduty/src/main/java/bigbank/web/ListAccounts.java
 create mode 100755 sandbox/heavyduty/src/main/java/bigbank/web/PostAccounts.java
 create mode 100755 sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyAuthenticationProcessingFilter.java
 create mode 100755 sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyEntryPoint.java
 create mode 100755 sandbox/heavyduty/src/main/java/sample/dao/GenericDAO.java
 create mode 100755 sandbox/heavyduty/src/main/java/sample/dao/UserDAO.java
 create mode 100755 sandbox/heavyduty/src/main/java/sample/dao/impl/GenericDAOImpl.java
 create mode 100755 sandbox/heavyduty/src/main/java/sample/dao/impl/UserDAOImpl.java
 create mode 100755 sandbox/heavyduty/src/main/java/sample/domain/User.java
 create mode 100755 sandbox/heavyduty/src/main/java/sample/service/UserService.java
 create mode 100755 sandbox/heavyduty/src/main/java/sample/service/impl/UserServiceImpl.java
 create mode 100755 sandbox/heavyduty/src/main/resources/applicationContext-business.xml
 create mode 100755 sandbox/heavyduty/src/main/webapp/META-INF/MANIFEST.MF
 create mode 100755 sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-misc.xml
 create mode 100755 sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-persistence.xml
 create mode 100755 sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml
 create mode 100755 sandbox/heavyduty/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml
 create mode 100755 sandbox/heavyduty/src/main/webapp/WEB-INF/bank-servlet.xml
 create mode 100755 sandbox/heavyduty/src/main/webapp/WEB-INF/classes/META-INF/persistence.xml
 create mode 100755 sandbox/heavyduty/src/main/webapp/WEB-INF/classes/jdbc.properties
 create mode 100755 sandbox/heavyduty/src/main/webapp/WEB-INF/classes/log4j.properties
 create mode 100755 sandbox/heavyduty/src/main/webapp/WEB-INF/classes/users.ldif
 create mode 100755 sandbox/heavyduty/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
 create mode 100755 sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml
 create mode 100755 sandbox/heavyduty/src/main/webapp/index.jsp
 create mode 100755 sandbox/heavyduty/src/main/webapp/login.jsp
 create mode 100755 sandbox/heavyduty/src/main/webapp/secure/extreme/index.jsp
 create mode 100755 sandbox/heavyduty/src/main/webapp/secure/index.jsp

diff --git a/sandbox/heavyduty/certificates/Readme.txt b/sandbox/heavyduty/certificates/Readme.txt
new file mode 100755
index 0000000000..64b415cf83
--- /dev/null
+++ b/sandbox/heavyduty/certificates/Readme.txt
@@ -0,0 +1,10 @@
+This directory contains certificates and keys for use with SSL in the sample applications. Certificates are issued by
+our "Spring Security Test CA" certificate authority.
+
+ca.pem     - the certificate authority's certificate.
+server.jks - Java keystore containing the server certificate and privatekey. It Also contains the certificate authority
+             file and this is used as both keystore and truststore for they jetty server when running the samples with
+             the maven jetty plugin ("mvn jetty:run").
+
+rod.p12, dianne.p12, scott.p12 are all certificate/key combinations for client authentication and can be installed in
+your browser if you want to try out support for X.509 authentication.
\ No newline at end of file
diff --git a/sandbox/heavyduty/certificates/ca.pem b/sandbox/heavyduty/certificates/ca.pem
new file mode 100755
index 0000000000..a5b52ca9d7
--- /dev/null
+++ b/sandbox/heavyduty/certificates/ca.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIEMKX1dzANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMC
+R0IxETAPBgNVBAgTCFNjb3RsYW5kMRAwDgYDVQQHEwdHbGFzZ293MRkwFwYDVQQK
+ExBTcHJpbmcgRnJhbWV3b3JrMRgwFgYDVQQLEw9TcHJpbmcgU2VjdXJpdHkxIDAe
+BgNVBAMTF1NwcmluZyBTZWN1cml0eSBUZXN0IENBMB4XDTA4MDEyNTExMTIyMVoX
+DTE4MDIyNTAwMDAwMFowgYkxCzAJBgNVBAYTAkdCMREwDwYDVQQIEwhTY290bGFu
+ZDEQMA4GA1UEBxMHR2xhc2dvdzEZMBcGA1UEChMQU3ByaW5nIEZyYW1ld29yazEY
+MBYGA1UECxMPU3ByaW5nIFNlY3VyaXR5MSAwHgYDVQQDExdTcHJpbmcgU2VjdXJp
+dHkgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzl/wEe
+snYrwqaGZuB8hmwACtptazh1+eXCfd66FkioxlLF7yTnjCC7DT+vmMgSuThIEIsN
+xlxLpEgyU3bU8GIuR8wyYIyvuSMcptdFJLV7NKYuRycxpDuqimTM7Br0nfNgKVEv
+1QwguGWr6YN3aZ68/xe/D5xyPhakKu++7VFXIXw9f0+nqojdrFTqQ6l9GAVRgfX6
+h4JOaV1VFx83y2pnFj0iFneVxRcvXyWnyXlcOvJDIyVuyS/hYxb+E5rtBvp5XQ0o
+5CP4OMwCZGx/jEqlL8oO7BwEgu9aEBxKvoIKJmHDTHgWIxgawTrKabmong4utnMI
+yNrhsI77bmh2U7UCAwEAAaMQMA4wDAYDVR0PBAUDAwcGADANBgkqhkiG9w0BAQUF
+AAOCAQEAuD8W9Ukkfyi0y65mwguFVAqBC3RSTMRXcjbLQV4rMDM/Q9kjA6acY4Ta
+WgxGTwNCydqaqwDVsmn+6Je8Lp2xm9KLDLypVdNopGs+Mlfo55dhwqymXkQw1oJI
+CPhR3nBmGEnSWW0UY9bPlpxRF2D5GDVwpuxDtXvWa4baPwRRI9MxwPWHA3ITl+fc
+s9QVKy+pRAnuP9MSIp755cJ1CODOn2ElNCqnxxsZmcWcmI3LkHAwTmegl3PVvhrk
+MKMEA/neshh/M/hWGNTFt77Hoa7pU9dv5RCWFvZPqsUgPrwGrmUvcmSDir3lSWQm
+SuSED2LKVo+BFqwWS+jp49AR9b8B/Q==
+-----END CERTIFICATE-----
diff --git a/sandbox/heavyduty/certificates/dianne.p12 b/sandbox/heavyduty/certificates/dianne.p12
new file mode 100755
index 0000000000000000000000000000000000000000..6e5ba218db795c356e8c0aa5df637950e500f0d0
GIT binary patch
literal 1768
zcmV<E1{e7-f(GOQ0Ru3C2BHQDDuzgg_YDCD0ic2glLUeWk1&D;i!g!)hXx5MhDe6@
z4FLxRpn?W?FoFhj0s#Opf(C5{2`Yw2hW8Bt2LUi71_~;MNQU<f0So~KFct(5Gg0B~
zI=p%&mDF8MoS2)K0s;rnfPw}%A;p;lXdzHOk?qXQcU_7)KqA~=CHI}RQW0AWkG(CV
zW8VIGTvV}pK|sMZS$i6H`+O~6KMHRwUwFNLU-575sdmH?u?riXjoI`5!TV3g>5p{H
z@KGyZKM(YpXP|$!v=Z`&r_}of`Hb?dr|>EbzZ4AhI-Nr;UQ?jW$?E5B6&9x`m`5+x
zek#|fKrRTLbQ*oAytH6XaiRoX#gXQ?<=~KhZ5>Ag*ytt`O5QApHH8t-nA=<pNFYw`
zP77h14SmBhU~F65?o=|`1vLup`$(5TJP|m!RqaLH+b1vG_CZWnn$l6ZdjXYgU{i?^
zGm>6|e4=*fKBLsjiY`aqwZ99UdyRcme`|(LamO<H4Qkaj6Hh((we5uTKqoA+mBCl^
zieGD<7gm|?KdX1xw+a~~8eohEo{>0j1KRDNa5r_WH!UNrozVe$oMe*=n}Y#T-2Ql`
zHrX1a<p<hjcC?T0J-+2x?n+;l5;q+8<<26;n8Qoa5Zw8?JF(%BQ}Slh4+lcOem%EA
z#@doYQ9Y^+P|^=sc@*Bwg+^_1k4(TjBV-#KIU(f`DkHlH*j7o+if#?qF{>b=Y|UDd
zBW`LABJuJ%A-}^jpUv}td4d_BIBru*DA4Q9JG-^UJ9`&`lWBDq`569@ERD6Fpim4z
z&Dr(QE_a4~qS8?md%GDQD;cS(OqPr>8xV7-Y7a`Z!52-3mDHX}$op?<oxE*$l}&Yq
zwIsGTUh%c@i5fzM0}$FvjKM|G><o4wB-$z>LWXED^^samlV-=MOuNbUPg-t9P5Mq@
zQ(vaiSG~FTD_sie|1^6yp0c4%8^V(OXe%zFa7aM+N$J-6*fJ-8--}&xXoyMpQ?ZNQ
zaH?dq{MI;85ahEj1fh0<$=NLx@hydrwzOjHbBt8s6MB*`%=D{Ne1FzWTsKM0Vj|rL
zadQ-`4-lmxuH%#GNl}aQsRTDnuo<$d+xdUD=pnEnCsZ_^ioO?~+5%T~%+d74-e2W{
zGIf!O1O!Z_RpD~0qa9{dB`ttSZROgKDj<y~IIX{ycp>buRs>c`5Ja1qZcX<I(CB_#
z9Uf%jgC57`UEYF+tLZxT#0L|usM=pYVuMk24+P4&a%P|HUUf`dKwOg+yANSip6M)l
z-yUD}|81=?tYIu|<niTDE-B|xg0;2yfg;x{FB5+eCF;Hi`x(;#;FQR3U!8N1okxZS
zt#Klnn=f|4b%9q*<dstbN-1$5lu7qz)ff=a63xqmMj525%@ws2WuP*#ZTFCnw~^zS
z{X=Rbi%_$-O4=jyEfQr!pH<3)0i(|B|BDlXXr6Fogu$tmaQ?e0<ym@Y4)lr8dl}cH
z&V!08Qmhz(oET5y9xedofqW8%Tz%#Q)-Am_HyhsVb_TAqbKS#VK8Ru@_Hj8}Sruc4
zU4xtane@!&Xp0OSrqo+c;$FIboLs=EhWAG+(5~9hwfF5oaH;?q1I&xJ6LK_RYXduH
zaUh?1&@!&Br?f_MchS<>R*iDX#?>JL(ls(}IAt}LN<g(EUS^PDrD!DmHmb$JI;770
znU+l=EX(4Dh{HVelxSNj4TPKF&|Ys+M_Bu8_9eqEo+H0Wl(?)IO1CgxV|avLP8A3J
z6*|UZS9#N)+ICw@Dj#czJ^htNE{7*sV64_e<C4W@Dp(Pcq)HA9;6vNZBFFhy5L%T2
zg2a2m9RW}=&{ZX_5Brn{yN$UW1JZ*3_N&}Jymox4TjGYXm1Ovl&~B=O3~-QBeGprL
zACzsqP&Phm)LB!SuukSY(MSRfd2#2ktz!is3LhXcD3@~U{^BMC>VB08P}3Hl5Qwdq
zO_Q@DL&%3ZT2XZ(Nzs3Z=Bqn0MeJI$!tymlL9aaUj}+#5iww?vCnq7u9KFk1#Co-^
z1eUU3a6te#K@q{o6p(>t+BqSKtpa^cy#?@bUw;HRWL4EplIOw4B>4>4@+t!0fPry2
zR*-tiB8Nj?-60br)p5xkF<i6ep?L#&b~qbGV7apdzc*|ht_&sp)xYH5TyiCt4E5?5
zq<`e-j5ClJWk`5%uKU<vT%%8=<G>zTndzS<5kynQEmxj07I_?(Zw0EUV&b%`cwI60
zFgY+GFbM_)D-Ht!8U+9Z6!ipAu_Xa(fBcQjzWJh!5SV<j2?P+r?7yn`M_-jFb$M2{
Kq`r#+0te7e|2E11

literal 0
HcmV?d00001

diff --git a/sandbox/heavyduty/certificates/rod.p12 b/sandbox/heavyduty/certificates/rod.p12
new file mode 100755
index 0000000000000000000000000000000000000000..4cd05644305bc4f37fed7284e3faec8d759ca607
GIT binary patch
literal 1784
zcmV<U1_${tf(G;g0Ru3C2C@bTDuzgg_YDCD0ic2gqXdEmpD=<3n=pa~mj($chDe6@
z4FLxRpn?X7FoFhz0s#Opf(CsC2`Yw2hW8Bt2LUi71_~;MNQU<f0So~KFct(5F>+o2
z-1XypCipPV7v>@v0s;rnfPw}{P0Qr^yXYqvT)0wdjn7_cF52x95Oum`$&>QN;=3#q
z@`4M4;<cU3E3T`8k-Yp!TCTxt*yTwAeD^^QlQWgk+5RuaX!tV;2^7w-|7iE<#++N&
zJZ(``owfud+9(2>%4QY6a=|1;@)l61OH1h3w2=4eQnPgJ@9_BRARM;H&rr-u!|iO^
z-E8aj3m=dQq&VCR@CO9}lU+z>(2G1^#V5Kst5$o(AFAYGwCkI^UjVR1OQVVAwjk-H
zAE9(>sVC=|b(?wjWeEVzTR1hje5ZppIDtS%`xQuNw^Bh`ANJS&laAthnC$kBEEKY{
z2$c^;R-mO=Gci2~qCL>lAap+21e-M2B#s+53>!G`r2py!64<wc<QAu42PT#nc1LqI
zbSJ6@KfsNwvi~a5@1EeVsS0Y*gFwyGa%3&oTeGvxr=Q@^VL|`~+!g1HK_X61$v?rN
z8-UNeyOO*$<p>;I%u>;y=vFbxPb9)h$nB%`rU-WSJ0t9G5jUGUlQG*IWxIvdew+eE
ze67)6c(La76p_b6+K?pMYZQ1;t+o7vTmA^K!ScMD1gFjL4g!qsv815H$~=UcDQQjy
zpib=DS-P_8lT}`C`R(&Y&MR(v)g=#*DZ(iLQyF##`$jOtQy18<?{m8WWdeE0b|R_r
z;X(TK_vtAL5%X|Fdcih5kn`%9QX`H-&4E_Z2O|w?#0s0g3-QiF#XSU+(|g$V;l}69
z@k42&A?7$Dd5XFJY7~;x^{5Tw^llYwT!sZF{E~Iz7u?~-Pr_HnCtA=1IEo2&c2dd;
zn`xBloVED)3}&A%q4-DPLO+4LqCAU)o9x(qa{l}L1TFHKW|+u)?lv&#0nZ>~i3xyg
zaPvkmh~n7pk2?X2tc!_8nhX*DV=<TFh9_sU8xIahN@!JL+1L~@o9k(DCV-Rkzl#cc
zj)tD+GT`CE52r@J6<6lO{jDfuo7H}|InDpZTv7)K=2)_-M|LOuhqKficB?<1+TyxO
z4&WswA&{0Ia{E83mq_$U_pAw`!)dX;aaGg4T&hu<U5<sF)@<3J52awJA3QZ$BsRYT
z>7zn^0Cv$WKC^v>a(jwXjHL^_w1($T`FMK^WIA0E6-Ibk7ftz43C-`B&E{yD2?`0T
zQEXfKGg$y0eS;giVVT{@C;)^XrH)BHOc+5lxc?5O<M!=GB43NiXn0u7siA=)w^k_z
zuZs{iPx+7D{yIG$fw7Xbr_gbK=Z39rdl}T77{ctjLhDaZ?m?wwEg0&I;^LdGW>!}$
zlKck=be#ttIhf<64I^+n6Eq)$g>Bn}RX{?)b5g%e+QY2@_Kb?JqmKV+>OP%YGByf9
z(NSP7R#I#WAB%3N!;L6L57LEM1I1|VT6J$^pV@_yM2%33RnRTLCa+(ba3WwO6>g;4
z1VowM!(_>Ybrov|&JkP9W3}&c&U8XaNY>$c&d!3x-<k{6AbwrIp*IICuJBV6xFX;<
zh(PjUmX@@eCvN-|@RGS`g#INwxQARKh%7s#wRZk<dO_CxJW1>K;SJp4NFa&lWE3r2
zRY&>|Pc%LPYZM#F_{W-ECA%_3n*asGOy{QYiV`K*%6y~0(IkuVc{@8yw25y0I1dZp
zNMQLOJ6X9(VqW%5LJ8~}bC+<{;U>Y4aS^^onQEX`E)LeTOdC`iwYp)&jAHe`O`?jm
zQP74kvy8Q>sQOeYY-3{Xpn5M98QpNJ<;{tzB$l+92uBqbW&@%^N*5x#z&%KFMiYzS
z51z3d;%f|LzHAClqV9B^-}cqq<#e-z#`5f6G}b70bg3p0@EJNA2x%BD`$-ul#xTOP
z-W+%j7-*-t@p(0-{o+*M0sO5IAD^BF-vq7dF#&>vd!A`6ahmFYHObXCjtW6;m^JJg
z&pWU`?~Z~g5~og{5sD2fi?_(wh5L9@RO-Q<m7m^@^dW|9XDa|>o3a=j&h|G0dHy^#
zKdl2rJ=d>EghhIf^1m|%7oV{#uQc`}6%Whxo)tlWQt)xpD3S<Mz5Gb&M`a0EUW^|L
zGA(CsyaW+NuC&GrYUAlRSMvS86}0;QK`b6{Kpgu5D{npdIS#uJB5dRv(quF3Q4cC0
z&A~kU{$>YR*3=Ha2nMX)FgY+GFbM_)D-Ht!8U+9Z6h0=3+$Ga8{-?Rpwy}ec8W~cY
aA_Ne)6!9W(f=}drPhM~u0`Xu10te84%1hP&

literal 0
HcmV?d00001

diff --git a/sandbox/heavyduty/certificates/scott.p12 b/sandbox/heavyduty/certificates/scott.p12
new file mode 100755
index 0000000000000000000000000000000000000000..f0a6357e730752bd6b2f05658ec8a1a85ade6de9
GIT binary patch
literal 1768
zcmV<E1{e7-f(GOQ0Ru3C2BHQDDuzgg_YDCD0ic2glLUeWk1&D;i!g!)hXx5MhDe6@
z4FLxRpn?W?FoFhj0s#Opf(C5{2`Yw2hW8Bt2LUi71_~;MNQU<f0So~KFct(5$?Mk2
z+G>@jf7w>$2!v?*0s;rnfPw}%uQ6CU(Nz)C_gUU@<NSk@=K%dM`Aa4K%PN}wtf4J&
zn*h^xL~7y(+n9zKJRNg!^9ZxG?lBY>R@`pK{nk{#voCp;uha`md~4O@7hBjyQh3eo
z2Dr>lsCwI_;J6Q9#e*Q-_2+&^`>0prztBJEvGhS1c`XtNV#hQTuC?S}RhFW4^~y*B
zGgpJ+#R0=#oF0A<*-4I$xyyy&-M9;-oo<2b313{3rZTX}48q01?bD|PnrOk?fe`jn
z_l_~K{O0pPH9tTM=eTSKvvoTn-f{ST$8AZdRaF9nV80a}RvM6@0ts#9CoR`k^0@Sh
z<_tf3>whiFAMtPX(^GOeCDz3<QCP}Q|FkC3KqAnLcHF8x=Z@#b+T`!A8jaSfFyYQJ
zUn2!|77{ZOfot>r`cDl-IXYFT#jDV;`W7i0#kMF@@&$0@?xH#ec23RAm&A2OB4P0<
z@=z4KlB&fTb%svo>dJffN^0CR-3zA@$VY2+<cnegu*F-9PtFjlO{_27)$U8`Fza{m
z88$3W<tX;iLZqNM1|QQgxvS3%ujl7a<bv%yiSm^))H(Mmw$FMZS5h>TFl>Vy_3o>~
zXkA|xn~hqi<yEZSPkkeJJ{OEr{zFu{ap+KCWZp#YMAf8sN;L|#IasMCxFZLMSmS5&
zqa`)Xq0BHmt4Mf-Mz#3*^XEs}8}0!MlX;E!PU3~%S%_*iI=Ii)$(0(bZA?p{9B;WA
zI<L|SSTF_7ZDwNw_H!)0fl?+*c1uNx)he2@n~ukg{e&qX)?uc_dJIoq(ub`UENj;$
z`9)7lcsIs>U>JpesBOi7R~2s-8P+**;kfW?XbWQHMh^z(FT?3GQ4LBzlh%tIMtWFo
zG#E<mwp0-+q6}?`&sQ~tKgpupX4Uu()5mH~jVu*kw%JpOf(5cH0k_V6fcycAL@bJn
zcy*+k*tHn_Ng_aH@5)uL9SiT^OTI3ta>r$LwKuC)<R+cG%$eBZNu7n6>OQztsIN3W
z8v1+Ad#ai{N?c%;l@v6&v6IC;KD4yUL=yCjguAc;DnA8`gCTH@C9!T+i19x;@!kG5
zebit)i6ut-TIo41YO|`MkA4y7#wsxs6S?70lQ8%f>(iX`bEZIeZEr7;`n74|=7Xj3
zJT~w61y-v&U?7RqM_O|_*;RPS8?|Q3Bcq3yo<IXnIVHOh6qoO*2PvHAYd3WRc<&jN
z*nIvTyq@hI%L3?@YIf#c*EEWpz80yfCwB9CG*~K8UD8MY2A?fCMZV}~CJ^2*&#YBR
zc(sQJMa-eY<vj8Zaf4zN{cS+cg(s##AUGl_Iu;QUfUNF5xeZgsqp%52DgfAwHOflu
zvGAOtp7R~H;yQKakX^^&H0|RQ970N$T+rfFUK|ULapDmVFC}#)&8CV{aFnYnUA7}Y
zZVnXz^cs=F8NNMgFDz}7XA|;nP?hRSp-uu+kNIb6hm?P5q>53=GM1CbtWl_p!n*#1
ztFk}3$cAyy7HC|5m<m5XlG{2)&+ml?&8ufdD7cve*mDt1H7mY?az7$rJGa!q3w?l^
zN1f@P%|`_(wx4Jp*5MU6*TO2~i*$Mt2kp_#<BNRZ*;8vh-?uDaxdx5=XG6S+B+Vk#
z%b%w>VIt5(1{Wk<gnaQeB=<ZRYza5#J?KsEGxgyR@2G(|DNhXe!?uGN7W|obx98(s
zNVQ=0ujWZ3GC+0z>*nddhl4G#5=b+?@URP3+(Iau3Iq8YsEntB-R@2;%w7^0OD<9G
zzHa*RbCEssx#1=w*2Te1SxaxMahd}x?$pG_0XvvSYp*5>QK5GKuYcWCoE3YhIvVQN
zlT7h+OxHdb-Pm-(-x&jr6J<77g$;-HJj-)COD)MSKaVx*zxDn{*?Daf7=f->R@b%e
zjiy)c86OA)aNG^VHK~!e^eMG~`QHoGtzQr6g`X4N?bK4|@Qf1p+*g^eK+Un={OOl~
zO%x9HmFZ`_(N_5fPm+?;Ijlir02QE?-!F;}3aMvVbT07Sm){U{Ilz_LOI{q#3)5j?
zIk%D<FLcNsM!H5ZI+C856Ii>p?AO7AQ3%sfDqDqRwP}NB+5Ls(M@;Pn#=1)-e9^#f
zFgY+GFbM_)D-Ht!8U+9Z6qH(bRzE1NLfB>#tCj=qGCB<P!2}RcCF!EjEox!(dl^&I
Kr5SVr0te8k#Z8g`

literal 0
HcmV?d00001

diff --git a/sandbox/heavyduty/certificates/server.jks b/sandbox/heavyduty/certificates/server.jks
new file mode 100755
index 0000000000000000000000000000000000000000..f56cf2e837234e7dfb3e770a1e8fe952eedf28ec
GIT binary patch
literal 3488
zcmeH}do<K*7sr2dF}V+hnL&rikXtXm8Puc`xnCD)a>=EPF&M_Bp^;9inQG+jWJwpH
zFhv+8gs9|JL_`S{%At_U;dLqI9j9~7YIV+E?|Rp}&L2H%J%2oV|MRT9_jiB3Yg21e
z002P$yih6y03evMdN~0g;-O~*ZU+Du59GkEf*fc<E({8RLg8S+LNq9a5Yyq>au=l_
z5D^goWXBUEKrsZ&6^=kbZOjR>Aaea7iV`JL!=o6KFn@v!D7_xqfZAZgphO0SM-vo5
z%z8u|B}0y2(!&CA)=Ww$EjpYTLcoIP^^^n(`Fn~?qaI??qhbg+P-Q&>Lt(zj;P%oY
zqi_~xpbAC`B!L8?5rIG;5(%CdDFO*35{<y$j^{t>uN;Wl*QJDr05A>&34k1kIFti{
z0Cz_P5S3dj-3A^vVCX290f_g9hL8>|k2b`<u0h*gZ{E{1tv;57tCce4pKq0`CfUj)
zN;P{s<l7R-tezP^J)3r-ZxX*6zmfOCO1<JIL!O?ECLw=EQG$Q_q|*H5UwyS*^m`?7
zcW5`>pNytw-xXl)A+wk!=zN{&`Y9LpO-FYgcfMA1=2h|D4;F>7SP>WY!b%*+iSFZy
zQQg)S9EjejhK|l?!ss8+xb`T<+j!0buMzf0f0&A1LtUIgti<?8X}!ZQk=mjDjN?i6
z1^SPrCpW@5)1ERL?dv(>n<)<+52Nu|r3c23>DAY>rS&Q!MO*ua%Thjt1+mB#P#6S&
z<OxRyloWRT2P9ks2HSuDzOI>Y{Dd`w0C!B$3wG+qwQjeS1~f>V-Yd?Qh}z@W=+4~Q
zX0~4!G%&SziHGsBsHgfpC9R!d=8yU>-T-=U(bvW^@9JH?d8s>5@@}E)v!MJC6QcY0
zSSF>Rn77{&e9o~IU2=IH5rDPp-WMuQecpL4%LU`Rj5UhjO<Gj^^gM*yZwhz8KO@{<
zh=VavnPY?HJqo(|g_dF;O`plBWea<CNOY(phoWJqbFD>L@j_G9`Q)~=2+%1oH#4%g
zUg;f}2Zt@czJ)z*u;hmAX{xGkxl;O`{33i*<{bLp&P7c)le>sgnm*J2WJ2Ajo&RS0
zcc+kkkKIz)=wh_P`1`j{Wf$&2R)r#l01}ZjCX2?zQEAMmFG@y1gaWS>%C}0WKXF|I
z1P;-G$_iBrz&X%7M9D;a=b`yeDZU+f)@PLrcJvN-T;Z9NE!i2I>ROA>8<1}qZ4I=N
zmmjSxHY_q*<?s(jMR9J|B%thRM?X7xJY4eh_Buj6<z~N}Rx^{K>E#@7Y(5xeBaoM`
zWfuhvC0)&_wyTN|B}mt#uloI5J7ZHFsEGTVJF<^;P)+{|b9bDk!s$=4l-c;~Zncpy
zna|y|$TtJ7;q%I8L;5-`Kx)aj8F%F9%@c3-a|0DuVIejChdW+Q8fY=IhbR3w_;L4}
z4jGLFIO0<sw;y@Bsu2<aO~WrrAH-N9x_pZ5?@M375Asit;S!fdB1N(-4i<Zq?;|Rd
zJQIkB7%x?_XHN&ErojYTA8c*gW!@sszuZb!x?1m?yFCA4<w+O0GJA-2G2n@HawQpu
zVBZ=HbN1+zEtQ&kAU$6L^ebADs@pf|-BVHuZusENg8pcjEjF`FHpqR5^-9%rv0bNm
z1MFX>x!Ukv0oOBqYn!*Dhtb;PtZH-SPJkXB?0REXe$jBLL$%<ThQh<3&zl1@k@MxO
z&5~{tmge??y7Ua~M@?M@+>ZWQ`}!fVT*+U~8V!2YgeJ1(`qcBQOp?#h9%);vsGy}*
z^LInMb`B@llp#7=1PN+v&O(6Pu8-8gxnkuXOo}@WV8@!xTa>tr;;`J4g{{AAVT{e#
zEx!DGIk;p$#8Eb@Z~r`&XGQJV#%rOw9-}vg)j0+k4^8);@O@Zd+ILZOU}~VuYBwHv
z20EDc>e|`BJQ8*qK~a!a5NE|I4(!@A(Udqjy@W{)9g<1bnY(?&qOmZ+!N|A9I($ai
z`;O%};IF*z4$>qz_2BZaRxcG|?GP^<_2=jzn~Z6NuPEhW`4Z=Q<ziQ!p6E*H>8h$y
zHi*_Q-$B5HIL5p*Mz{S2r$1q&DTEPTIL#7&z^KAy<(qBrk6Q3w!HBpWB>fdeDgOmH
zf2X7PU+K67)cL|q{I_%@Q$iycG@MyP1cOecMA5^;A_;P!%omo5F~X@7Mo@TU6v)o`
zx}57kVkfWj9m-|{Ijws4Qhhj04hfZ>&s#k2Tz&FbLo(5V4@+rB0$RSo9}P%g@t8qM
ze;~`HFypj{WMjn#-#S`hyPlZpmejmUQ|u7WCjX+i6qKcdLGpq!^>XXa?yjNnj-HF@
zJ=*z&WgRC7DZ8>zqUyJb0M%eca$0(-o=Lhlwp4ldI~S_M-_ij0w=}qrxTeL~irg&0
zRnH#e9(XrtgI73qzhu7YBcUyrR5Dv7t(&|89d(QZ-s)Fa<>wcko=}{(9k@6VcZKQJ
z(RuSyy;}8=?zPwUy>(ABmK$#XReX#+)ajsfs!6Y=;zIYT_Cy1NS6WWc-J^2Gn?G9Y
zr)5a*^GljL%MmcHE;{z7X|!tPl%6-M6Pe$4bkA{TAO5|L&Vc%Sym`IC;SBr;kr&+0
zA1Ud7Q>X2y+Q%q(TOSc?;4vBDRF-Dmb|LqAk68nJ?{=7ers2$7d|gb8Z<4@wX%uT=
zRZ?m)tSvjMe2H)FQx=1BvVB;WG8pYO>4lH8vm&a>%w5Y7Tz~xCzWqO}=6Cz{-M;;g
b?AvPdx$6p(dMtTH;2V<Gt20Se*3bR}Ii))T

literal 0
HcmV?d00001

diff --git a/sandbox/heavyduty/pom.xml b/sandbox/heavyduty/pom.xml
new file mode 100755
index 0000000000..a30400feb2
--- /dev/null
+++ b/sandbox/heavyduty/pom.xml
@@ -0,0 +1,166 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.springframework.security</groupId>
+    <artifactId>spring-security-heavyduty</artifactId>
+    <name>Spring Security - Heavy Duty Sample</name>
+    <packaging>war</packaging>
+    <version>2.0.0</version>
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <version>${spring.security.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core-tiger</artifactId>
+            <version>${spring.security.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-taglibs</artifactId>
+            <version>${spring.security.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-core</artifactId>
+            <version>${spring.version}</version>
+        </dependency>                
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-context</artifactId>
+            <version>${spring.version}</version>
+        </dependency>        
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-jdbc</artifactId>
+            <scope>runtime</scope>
+            <version>${spring.version}</version>    
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-orm</artifactId>
+            <version>${spring.version}</version>
+        </dependency>        
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-aop</artifactId>
+            <scope>runtime</scope>
+            <version>${spring.version}</version>
+        </dependency>
+	    <dependency>
+	      <groupId>hsqldb</groupId>
+	      <artifactId>hsqldb</artifactId>
+	      <version>1.8.0.7</version>
+	      <scope>compile</scope>
+	    </dependency>
+	    <dependency>
+	      <groupId>org.hibernate</groupId>
+	      <artifactId>hibernate-entitymanager</artifactId>
+	      <version>3.3.2.GA</version>
+	      <scope>compile</scope>
+	    </dependency>
+	    <dependency>
+	      <groupId>net.sf.ehcache</groupId>
+	      <artifactId>ehcache</artifactId>
+	      <version>1.3.0</version>
+	      <scope>compile</scope>
+	    </dependency>
+	    <dependency>
+	        <groupId>org.aspectj</groupId>
+    		<artifactId>aspectjweaver</artifactId>
+	    	<optional>true</optional>
+		    <version>1.5.4</version>
+	    </dependency>	    
+	    <dependency>
+	        <groupId>org.aspectj</groupId>
+	    	<artifactId>aspectjrt</artifactId>
+		    <version>1.5.4</version>
+	    </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <scope>provided</scope>
+            <version>2.4</version>
+        </dependency>        
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jstl</artifactId>
+            <scope>runtime</scope>
+            <version>1.1.2</version>
+        </dependency>
+        <dependency>
+            <groupId>taglibs</groupId>
+            <artifactId>standard</artifactId>
+            <scope>runtime</scope>
+            <version>1.1.2</version>            
+        </dependency>
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+            <scope>runtime</scope>
+            <version>1.2.14</version>
+        </dependency>        
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>1.5</source>
+                    <target>1.5</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-eclipse-plugin</artifactId>
+                <version>2.5.1</version>
+                <configuration>
+                    <downloadSources>true</downloadSources>
+                    <wtpversion>2.0</wtpversion>
+                </configuration>
+            </plugin>            
+            <plugin>
+                <groupId>org.mortbay.jetty</groupId>
+                <artifactId>maven-jetty-plugin</artifactId>
+                <version>6.1.7</version>
+                <configuration>
+                    <contextPath>/tutorial</contextPath>
+                    <connectors>
+                        <connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
+                            <port>8080</port>
+                            <confidentialPort>8443</confidentialPort>
+                        </connector>
+                        <connector implementation="org.mortbay.jetty.security.SslSocketConnector">
+                            <port>8443</port>
+                            <keystore>certificates/server.jks</keystore>
+                            <password>password</password>
+                            <keyPassword>password</keyPassword>
+                            <truststore>certificates/server.jks</truststore>
+                            <trustPassword>password</trustPassword>
+                            <wantClientAuth>true</wantClientAuth>
+                            <needClientAuth>false</needClientAuth>
+                        </connector>
+                    </connectors>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+    <properties>        
+        <spring.version>2.5.3</spring.version>
+        <spring.security.version>2.0.1-SNAPSHOT</spring.security.version>
+    </properties>
+
+</project>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/java/bigbank/Account.java b/sandbox/heavyduty/src/main/java/bigbank/Account.java
new file mode 100755
index 0000000000..1fdc1044e5
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/bigbank/Account.java
@@ -0,0 +1,51 @@
+package bigbank;
+
+/**
+ * Note this class does not represent best practice, as we are failing to
+ * encapsulate business logic (methods) and state in the domain object.
+ * Nevertheless, this demo is intended to reflect what people usually do,
+ * as opposed to what they ideally would be doing.
+ * 
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class Account {
+	private long id = -1;
+	private String holder;
+	private double balance;
+	
+	public Account(String holder) {
+		super();
+		this.holder = holder;
+	}
+
+	public long getId() {
+		return id;
+	}
+
+	public void setId(long id) {
+		this.id = id;
+	}
+
+	public String getHolder() {
+		return holder;
+	}
+
+	public void setHolder(String holder) {
+		this.holder = holder;
+	}
+
+	public double getBalance() {
+		return balance;
+	}
+
+	public void setBalance(double balance) {
+		this.balance = balance;
+	}
+
+	public String toString() {
+		return "Account[id=" + id + ",balance=" + balance +",holder=" + holder + "]";
+	}
+
+	
+}
diff --git a/sandbox/heavyduty/src/main/java/bigbank/BankDao.java b/sandbox/heavyduty/src/main/java/bigbank/BankDao.java
new file mode 100755
index 0000000000..67806a7e76
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/bigbank/BankDao.java
@@ -0,0 +1,7 @@
+package bigbank;
+
+public interface BankDao {
+	public Account readAccount(Long id);
+	public void createOrUpdateAccount(Account account);
+	public Account[] findAccounts();
+}
diff --git a/sandbox/heavyduty/src/main/java/bigbank/BankDaoStub.java b/sandbox/heavyduty/src/main/java/bigbank/BankDaoStub.java
new file mode 100755
index 0000000000..de46d38af9
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/bigbank/BankDaoStub.java
@@ -0,0 +1,32 @@
+package bigbank;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class BankDaoStub implements BankDao {
+	private long id = 0;
+	private Map accounts = new HashMap();
+	
+	public void createOrUpdateAccount(Account account) {
+		if (account.getId() == -1) {
+			id++;
+			account.setId(id);
+		}
+		accounts.put(new Long(account.getId()), account);
+		System.out.println("SAVE: " + account);
+	}
+
+	public Account[] findAccounts() {
+		Account[] a = (Account[]) accounts.values().toArray(new Account[] {});
+		System.out.println("Returning " + a.length + " account(s):");
+		for (int i = 0; i < a.length; i++) {
+			System.out.println(" > " + a[i]);
+		}
+		return a;
+	}
+
+	public Account readAccount(Long id) {
+		return (Account) accounts.get(id);
+	}
+
+}
diff --git a/sandbox/heavyduty/src/main/java/bigbank/BankService.java b/sandbox/heavyduty/src/main/java/bigbank/BankService.java
new file mode 100755
index 0000000000..90c21ccde5
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/bigbank/BankService.java
@@ -0,0 +1,15 @@
+package bigbank;
+
+import org.springframework.security.annotation.Secured;
+
+public interface BankService {
+	
+	@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
+	public Account readAccount(Long id);
+		
+	@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
+	public Account[] findAccounts();
+	
+	@Secured("ROLE_TELLER")
+	public Account post(Account account, double amount);
+}
diff --git a/sandbox/heavyduty/src/main/java/bigbank/BankServiceImpl.java b/sandbox/heavyduty/src/main/java/bigbank/BankServiceImpl.java
new file mode 100755
index 0000000000..e461e132d0
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/bigbank/BankServiceImpl.java
@@ -0,0 +1,40 @@
+package bigbank;
+
+import org.aspectj.lang.annotation.Pointcut;
+import org.springframework.util.Assert;
+
+public class BankServiceImpl implements BankService {
+	private BankDao bankDao;
+
+	// Not used unless you declare a <protect-pointcut>
+	@Pointcut("execution(* bigbank.BankServiceImpl.*(..))")
+	public void myPointcut() {}
+
+	public BankServiceImpl(BankDao bankDao) {
+		Assert.notNull(bankDao);
+		this.bankDao = bankDao;
+	}
+
+	public Account[] findAccounts() {
+		return this.bankDao.findAccounts();
+	}
+
+	public Account post(Account account, double amount) {
+		Assert.notNull(account);
+		Assert.notNull(account.getId());
+		
+		// We read account bank from DAO so it reflects the latest balance
+		Account a = bankDao.readAccount(account.getId());
+		if (account == null) {
+			throw new IllegalArgumentException("Couldn't find requested account");
+		}
+		
+		a.setBalance(a.getBalance() + amount);
+		bankDao.createOrUpdateAccount(a);
+		return a;
+	}
+
+	public Account readAccount(Long id) {
+		return bankDao.readAccount(id);
+	}
+}
diff --git a/sandbox/heavyduty/src/main/java/bigbank/SeedData.java b/sandbox/heavyduty/src/main/java/bigbank/SeedData.java
new file mode 100755
index 0000000000..5bf0774448
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/bigbank/SeedData.java
@@ -0,0 +1,21 @@
+package bigbank;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.util.Assert;
+
+public class SeedData implements InitializingBean{
+	private BankDao bankDao;
+
+	public void afterPropertiesSet() throws Exception {
+		Assert.notNull(bankDao);
+		bankDao.createOrUpdateAccount(new Account("rod"));
+		bankDao.createOrUpdateAccount(new Account("dianne"));
+		bankDao.createOrUpdateAccount(new Account("scott"));
+		bankDao.createOrUpdateAccount(new Account("peter"));
+	}
+	
+	public void setBankDao(BankDao bankDao) {
+		this.bankDao = bankDao;
+	}
+	
+}
diff --git a/sandbox/heavyduty/src/main/java/bigbank/web/ListAccounts.java b/sandbox/heavyduty/src/main/java/bigbank/web/ListAccounts.java
new file mode 100755
index 0000000000..d0ea3ed67b
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/bigbank/web/ListAccounts.java
@@ -0,0 +1,34 @@
+package bigbank.web;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.AuthenticationCredentialsNotFoundException;
+import org.springframework.util.Assert;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.Controller;
+
+import bigbank.BankService;
+
+public class ListAccounts implements Controller {
+
+	private BankService bankService;
+	
+	public ListAccounts(BankService bankService) {
+		Assert.notNull(bankService);
+		this.bankService = bankService;
+	}
+
+	public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
+		// Security check (this is unnecessary if Spring Security is performing the authorization)
+//		if (request.getUserPrincipal() == null) {
+//			throw new AuthenticationCredentialsNotFoundException("You must login to view the account list (Spring Security message)"); // only for Spring Security managed authentication
+//		}
+		
+		// Actual business logic
+		ModelAndView mav = new ModelAndView("listAccounts");
+		mav.addObject("accounts", bankService.findAccounts());
+		return mav;
+	}
+
+}
diff --git a/sandbox/heavyduty/src/main/java/bigbank/web/PostAccounts.java b/sandbox/heavyduty/src/main/java/bigbank/web/PostAccounts.java
new file mode 100755
index 0000000000..e5967b52e3
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/bigbank/web/PostAccounts.java
@@ -0,0 +1,39 @@
+package bigbank.web;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.AccessDeniedException;
+import org.springframework.util.Assert;
+import org.springframework.web.bind.ServletRequestUtils;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.Controller;
+
+import bigbank.Account;
+import bigbank.BankService;
+
+public class PostAccounts implements Controller {
+
+	private BankService bankService;
+	
+	public PostAccounts(BankService bankService) {
+		Assert.notNull(bankService);
+		this.bankService = bankService;
+	}
+
+	public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
+		// Security check (this is unnecessary if Spring Security is performing the authorization)
+//		if (!request.isUserInRole("ROLE_TELLER")) {
+//			throw new AccessDeniedException("You must be a teller to post transactions (Spring Security message)"); // only for Spring Security managed authentication
+//		}
+		
+		// Actual business logic
+		Long id = ServletRequestUtils.getRequiredLongParameter(request, "id");
+		Double amount = ServletRequestUtils.getRequiredDoubleParameter(request, "amount");
+		Account a = bankService.readAccount(id);
+		bankService.post(a, amount);
+		
+		return new ModelAndView("redirect:listAccounts.html");
+	}
+
+}
diff --git a/sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyAuthenticationProcessingFilter.java b/sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyAuthenticationProcessingFilter.java
new file mode 100755
index 0000000000..a456c7fad9
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyAuthenticationProcessingFilter.java
@@ -0,0 +1,11 @@
+package heavyduty.security.ui;
+
+import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
+
+public class HeavyDutyAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
+	
+	
+
+	
+	
+}
diff --git a/sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyEntryPoint.java b/sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyEntryPoint.java
new file mode 100755
index 0000000000..3ee843792c
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/heavyduty/security/ui/HeavyDutyEntryPoint.java
@@ -0,0 +1,9 @@
+package heavyduty.security.ui;
+
+import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
+
+public class HeavyDutyEntryPoint extends AuthenticationProcessingFilterEntryPoint {
+
+	
+	
+}
diff --git a/sandbox/heavyduty/src/main/java/sample/dao/GenericDAO.java b/sandbox/heavyduty/src/main/java/sample/dao/GenericDAO.java
new file mode 100755
index 0000000000..4272790621
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/sample/dao/GenericDAO.java
@@ -0,0 +1,46 @@
+package sample.dao;
+
+import java.io.Serializable;
+
+
+/**
+ * The Interface GenericDAO.
+ */
+public interface GenericDAO<T extends Serializable, PK extends Serializable> 
+{
+   	/**
+   	 * persist
+   	 * @param transientInstance objet to persist
+   	 */
+	void persist(T transientInstance);
+
+	
+	/**
+   	 * refresh
+   	 * @param instance objet to refresh
+   	 */
+	void refresh(T instance);
+
+	
+	/**
+   	 * delete
+   	 * @param persistentInstance objet to delete
+   	 */
+	void delete(T persistentInstance);
+
+	
+	/**
+   	 * merge
+   	 * @param detachedInstance objet to merge
+   	 * @return merged object
+   	 */
+	T merge(T detachedInstance);
+	
+	
+	/**
+   	 * read
+   	 * @param id of object to read
+   	 * @return read object
+   	 */
+	T read(PK id);
+}
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/java/sample/dao/UserDAO.java b/sandbox/heavyduty/src/main/java/sample/dao/UserDAO.java
new file mode 100755
index 0000000000..5017a149f3
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/sample/dao/UserDAO.java
@@ -0,0 +1,13 @@
+
+package sample.dao;
+
+import sample.domain.User;
+
+
+/**
+ * The Interface PatientDAO.
+ */
+public interface UserDAO extends GenericDAO<User,Long> {
+	
+	public User findByUsername(String username);
+}
diff --git a/sandbox/heavyduty/src/main/java/sample/dao/impl/GenericDAOImpl.java b/sandbox/heavyduty/src/main/java/sample/dao/impl/GenericDAOImpl.java
new file mode 100755
index 0000000000..4fffeb7ef3
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/sample/dao/impl/GenericDAOImpl.java
@@ -0,0 +1,126 @@
+package sample.dao.impl;
+
+import java.io.Serializable;
+
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import sample.dao.GenericDAO;
+
+
+public class GenericDAOImpl<T extends Serializable, PK extends Serializable>
+		implements GenericDAO<T, PK> {
+	/** type */
+	private Class<T> type;
+
+	/** the logger */
+	private static final Log LOG = LogFactory.getLog(GenericDAOImpl.class);
+
+	@PersistenceContext
+	private EntityManager entityManager;
+
+	/**
+	 * Minimal constructor
+	 * 
+	 * @param t
+	 *            type POJO hibernate
+	 */
+	public GenericDAOImpl(Class<T> t) {
+		this.type = t;
+	}
+
+	/**
+	 * read data
+	 * 
+	 * @param id
+	 *            data id
+	 * @return data
+	 */
+	@SuppressWarnings("unchecked")
+	public T read(PK id) {
+		if (id == null) {
+			throw new IllegalArgumentException("Id cannot be null or empty");
+		}
+
+		// find() au lieu de getReference() pour forcer l'initialisation de
+		// l'objet, sinon on ne recupère
+		// qu'un proxy non-initialisé !
+		return entityManager.find(type, id);
+
+	}
+
+	/**
+	 * persist data
+	 * 
+	 * @param transientInstance
+	 *            data to persist
+	 * @see sido.common.dao.GenericDAO#persist(T)
+	 */
+	public void persist(T transientInstance) {
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("Persisting instance of "
+					+ transientInstance.getClass().getSimpleName());
+		}
+		entityManager.persist(transientInstance);
+	}
+
+	/**
+	 * 
+	 * attach clean
+	 * 
+	 * @param instance
+	 *            data to attach
+	 * @see sido.common.dao.GenericDAO#refresh(T)
+	 */
+	public void refresh(T instance) {
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("refreshing instance of "
+					+ instance.getClass().getSimpleName());
+		}
+		entityManager.refresh(instance);
+	}
+
+	/**
+	 * delete
+	 * 
+	 * @param persistentInstance
+	 *            data to delete
+	 * @see sido.common.dao.GenericDAO#delete(T)
+	 */
+	public void delete(T persistentInstance) {
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("deleting instance of "
+					+ persistentInstance.getClass().getSimpleName());
+		}
+		entityManager.remove(persistentInstance);
+	}
+
+	/**
+	 * merge
+	 * 
+	 * @param detachedInstance
+	 *            data to merge
+	 * @return the merged data
+	 * @see sido.common.dao.GenericDAO#merge(T)
+	 */
+	@SuppressWarnings("unchecked")
+	public T merge(T detachedInstance) {
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("merging instance of "
+					+ detachedInstance.getClass().getSimpleName());
+		}
+		return entityManager.merge(detachedInstance);
+	}
+
+	/**
+	 * @return the entityManager
+	 */
+	public EntityManager getEntityManager() {
+		return entityManager;
+	}
+
+
+}
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/java/sample/dao/impl/UserDAOImpl.java b/sandbox/heavyduty/src/main/java/sample/dao/impl/UserDAOImpl.java
new file mode 100755
index 0000000000..0712ab455f
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/sample/dao/impl/UserDAOImpl.java
@@ -0,0 +1,27 @@
+package sample.dao.impl;
+
+import org.springframework.stereotype.Repository;
+
+import sample.domain.User;
+
+/**
+ * UserDAOImpl
+ */
+@Repository
+public class UserDAOImpl extends GenericDAOImpl<User, Long> implements
+		sample.dao.UserDAO {
+
+	/**
+	 * Required constructor
+	 */
+	public UserDAOImpl() {
+		super(User.class);
+	}
+
+	public User findByUsername(String username) {
+		return (User) getEntityManager().createNamedQuery("User.findByUsername")
+				.setParameter("username", username).getSingleResult();
+	}
+	
+
+}
diff --git a/sandbox/heavyduty/src/main/java/sample/domain/User.java b/sandbox/heavyduty/src/main/java/sample/domain/User.java
new file mode 100755
index 0000000000..7fc7bf6afa
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/sample/domain/User.java
@@ -0,0 +1,106 @@
+
+
+package sample.domain;
+
+import java.io.Serializable;
+import java.util.Date;
+
+import javax.persistence.Basic;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.NamedQuery;
+
+/**
+ * The Class Patient.
+ */
+@Entity
+@NamedQuery(name = "User.findByUsername", query = "from User where username= :username")
+public class User implements Serializable {
+
+	/** serialVersionUID */
+	private static final long serialVersionUID = 7073017148588882593L;
+
+	/** The id. */
+	@Id
+	@GeneratedValue(strategy=GenerationType.IDENTITY)
+	private Long id;
+
+	/** The username. */
+	@Basic(optional = false)
+	private String username;
+
+	/** The username. */
+	@Basic(optional = false)
+	private String password;
+
+	/**
+	 * Default constructor
+	 */
+	public User() {
+		super();
+	}
+
+	/**
+	 * @param username
+	 * @param password
+	 */
+	public User(String username, String password) {
+		super();
+		this.username = username;
+		this.password = password;
+	}
+
+	/**
+	 * @return the id
+	 */
+	public Long getId() {
+		return id;
+	}
+
+	/**
+	 * @param id the id to set
+	 */
+	public void setId(Long id) {
+		this.id = id;
+	}
+
+	/**
+	 * @return the username
+	 */
+	public String getUsername() {
+		return username;
+	}
+
+	/**
+	 * @param username the username to set
+	 */
+	public void setUsername(String username) {
+		this.username = username;
+	}
+
+	/**
+	 * Full constructor
+	 * @param username
+	 */
+	public User(String username, String password, Date derniereConnexion,
+			String key) {
+		super();
+		this.username = username;
+	}
+
+	/**
+	 * @return the password
+	 */
+	public String getPassword() {
+		return password;
+	}
+
+	/**
+	 * @param password the password to set
+	 */
+	public void setPassword(String password) {
+		this.password = password;
+	}
+}
diff --git a/sandbox/heavyduty/src/main/java/sample/service/UserService.java b/sandbox/heavyduty/src/main/java/sample/service/UserService.java
new file mode 100755
index 0000000000..7130c120ee
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/sample/service/UserService.java
@@ -0,0 +1,16 @@
+package sample.service;
+
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsService;
+
+public interface UserService extends UserDetailsService {
+	
+	/**
+	 * Register a new User in database
+	 * @param username
+	 */
+	public UserDetails register(String username, String password);
+	
+	
+	
+}
diff --git a/sandbox/heavyduty/src/main/java/sample/service/impl/UserServiceImpl.java b/sandbox/heavyduty/src/main/java/sample/service/impl/UserServiceImpl.java
new file mode 100755
index 0000000000..8730c6888e
--- /dev/null
+++ b/sandbox/heavyduty/src/main/java/sample/service/impl/UserServiceImpl.java
@@ -0,0 +1,68 @@
+/**
+ * 
+ */
+package sample.service.impl;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Component;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import sample.dao.UserDAO;
+import sample.domain.User;
+import sample.service.UserService;
+
+/**
+ * @author A207119
+ * 
+ */
+@Component
+@Transactional
+public class UserServiceImpl implements UserService {
+
+	/** The logger */
+	private static final Log LOG = LogFactory.getLog(UserServiceImpl.class);
+
+	/** The User DAO */
+	@Autowired
+	private UserDAO userDAO = null;
+
+	public UserDetails loadUserByUsername(String username)
+			throws AuthenticationException {
+		try {
+			User user = userDAO.findByUsername(username);
+
+			return new org.springframework.security.userdetails.User(user
+					.getUsername(), user.getPassword(), true, true, true, true,
+					new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER") });
+		} catch (Exception e) {
+			LOG.error(e.getMessage(), e);
+			throw new UsernameNotFoundException("No matching account", e);
+		}
+	}
+
+	public UserDetails register(String username, String password) {
+		User user = new User(username, password);
+		userDAO.persist(user);
+		return new org.springframework.security.userdetails.User(user
+				.getUsername(), user.getPassword(), true, true, true, true,
+				new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER") });
+
+	}
+
+	/**
+	 * @param userDAO
+	 *            the userDAO to set
+	 */
+	public void setUserDAO(UserDAO userDAO) {
+		this.userDAO = userDAO;
+	}
+
+}
diff --git a/sandbox/heavyduty/src/main/resources/applicationContext-business.xml b/sandbox/heavyduty/src/main/resources/applicationContext-business.xml
new file mode 100755
index 0000000000..e1e21a97e4
--- /dev/null
+++ b/sandbox/heavyduty/src/main/resources/applicationContext-business.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:security="http://www.springframework.org/schema/security"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<bean id="bankDao" class="bigbank.BankDaoStub"/>
+
+	<bean id="seedData" class="bigbank.SeedData">
+		<property name="bankDao" ref="bankDao"/>
+	</bean>
+
+	<bean id="bankService" class="bigbank.BankServiceImpl">
+		<constructor-arg ref="bankDao"/>
+        <!-- This will add a security interceptor to the bean
+        <security:intercept-methods>
+            <security:protect method="bigbank.BankService.*" access="IS_AUTHENTICATED_REMEMBERED" />
+            <security:protect method="bigbank.BankService.post" access="ROLE_TELLER" />
+        </security:intercept-methods>  -->
+	</bean>
+
+</beans>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/META-INF/MANIFEST.MF b/sandbox/heavyduty/src/main/webapp/META-INF/MANIFEST.MF
new file mode 100755
index 0000000000..58630c02ef
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/META-INF/MANIFEST.MF
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-misc.xml b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-misc.xml
new file mode 100755
index 0000000000..67da7b4a52
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-misc.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  |
+  |  Miscellaneous beans added just to test configuration options
+  |
+  |  $Id$ 
+  -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:sec="http://www.springframework.org/schema/security"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+    <bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
+        <property name="decisionVoters">
+            <list>
+                <bean class="org.springframework.security.vote.RoleVoter"/>
+                <bean class="org.springframework.security.vote.AuthenticatedVoter"/>
+            </list>
+        </property>
+    </bean>
+
+
+    <bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
+        <property name="authenticationManager" ref="authenticationManager"/>
+        <property name="accessDecisionManager" ref="accessDecisionManager"/>
+        <property name="objectDefinitionSource">
+            <value><![CDATA[
+                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+                PATTERN_TYPE_APACHE_ANT
+                /secure/extreme/**=ROLE_SUPERVISOR
+                /secure/**=IS_AUTHENTICATED_REMEMBERED
+                /**=IS_AUTHENTICATED_ANONYMOUSLY
+            ]]></value>
+        </property>
+    </bean>
+    
+    <bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
+        <property name="authenticationManager" ref="authenticationManager"/>
+        <property name="authenticationEntryPoint" ref="basicProcessingFilterEntryPoint"/>
+    </bean>
+
+    <bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
+        <property name="realmName"><value>My Realm</value></property>
+    </bean>
+
+</beans>
+                        
+                        
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-persistence.xml b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-persistence.xml
new file mode 100755
index 0000000000..b1dd610e78
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-persistence.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xmlns:config="http://www.springframework.org/schema/config"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:security="http://www.springframework.org/schema/security"
+  xsi:schemaLocation="
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+    http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
+    http://www.springframework.org/schema/config http://www.springframework.org/schema/config/spring-config-2.5.xsd
+    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd">
+  
+  <bean id="AllPropertiesConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+    <property name="location">
+      <value>classpath:jdbc.properties</value>
+    </property>
+  </bean>
+
+  <tx:annotation-driven transaction-manager="transactionManager" />
+
+  <bean id="userDAO" class="sample.dao.impl.UserDAOImpl"/>
+  
+  <bean id="daoUserService" class="sample.service.impl.UserServiceImpl">
+    <property name="userDAO" ref="userDAO"/>
+  </bean>
+
+  <bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor">
+    <!--  property name="order" value="0"/ -->
+  </bean>
+  
+  <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
+    <property name="entityManagerFactory" ref="entityManagerFactory" />
+    <property name="dataSource" ref="dataSource" />
+  </bean>
+
+  <bean id="entityManagerFactory"
+    class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+    <property name="dataSource" ref="dataSource" />
+    <property name="jpaVendorAdapter">
+      <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
+        <property name="generateDdl" value="${jpa.generateDdl}" />
+        <property name="showSql" value="${jpa.showSql}" />
+        <property name="databasePlatform" value="${jpa.dialect}" />
+      </bean>
+    </property>
+  </bean>
+
+  <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
+    <property name="driverClassName" value="${jdbc.driver}" />
+    <property name="url" value="${jdbc.url}" />
+    <property name="username" value="${jdbc.username}" />
+    <property name="password" value="${jdbc.password}" />
+  </bean>
+
+</beans>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml
new file mode 100755
index 0000000000..055b910218
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/appContext-security.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  - Sample namespace-based configuration
+  -
+  - $Id: applicationContext-security-ns.xml 2923 2008-04-12 17:17:46Z luke_t $
+  -->
+
+<b:beans xmlns="http://www.springframework.org/schema/security"
+    xmlns:b="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+    <b:import resource="appContext-misc.xml"/>
+    
+	<global-method-security secured-annotations="enabled"/>		
+
+    <http entry-point-ref='customEntryPoint'>
+        <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
+        <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
+		<!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
+        <intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
+        <intercept-url pattern="/post.html" access="ROLE_TELLER" />
+        -->
+        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+<!--
+    Uncomment to enable X509 client authentication support -->
+        <x509 user-service-ref="daoUserService"/> 
+
+
+        <!-- All of this is unnecessary if auto-config="true" -->
+        <form-login />
+        <anonymous />
+        <!-- http-basic / -->
+        <logout />
+<!--          <remember-me user-service-ref="daoUserService"/> -->
+
+        <!-- Uncomment to limit the number of sessions a user can have -->
+        <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
+    </http>
+    
+    <authentication-manager alias="authenticationManager"/> 
+    
+    <b:bean id="customAuthFilter" class="heavyduty.security.ui.HeavyDutyAuthenticationProcessingFilter">
+        <custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
+        <b:property name="defaultTargetUrl" value="/"/>
+        <b:property name="authenticationManager" ref="authenticationManager"/>
+    </b:bean>
+    
+    <b:bean id="customEntryPoint" class="heavyduty.security.ui.HeavyDutyEntryPoint">
+        <b:property name="loginFormUrl" value="/login.jsp"/>
+    </b:bean>
+<!--     
+    <b:bean id="loginPageGenerator" class="org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter">
+        <custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/>
+        <b:constructor-arg ref="customAuthFilter"/>
+    </b:bean>
+ -->
+    <!--
+    Usernames/Passwords are
+        rod/koala
+        dianne/emu
+        scott/wombat
+        peter/opal
+    -->
+    
+	<authentication-provider user-service-ref="daoUserService">
+	    <password-encoder hash="md5" />
+	</authentication-provider>
+
+    <authentication-provider>
+        <password-encoder hash="md5"/>
+        <user-service>
+            <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
+	        <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
+            <user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
+            <user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
+	    </user-service>
+	</authentication-provider>
+
+</b:beans>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml b/sandbox/heavyduty/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml
new file mode 100755
index 0000000000..edd0759a43
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+
+<!--
+  - A simple "base bones" Acegi Security configuration.
+  -
+  - The sample includes the "popular" features that people tend to use.
+  - Specifically, form authentication, remember-me, and anonymous processing.
+  - Other features aren't setup, as these can be added later by inserting
+  - the relevant XML fragments as specified in the Reference Guide.
+  -
+  - To assist new users, the filters specified in the FilterChainProxy are
+  - declared in the application context in the same order. Collaborators
+  - required by those filters are placed at the end of the file.
+  -
+  - $Id: applicationContext-acegi-security.xml 2366 2007-12-11 19:18:44Z benalex $
+  -->
+
+<beans>
+
+	<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
+		<property name="filterInvocationDefinitionSource">
+			<value><![CDATA[
+				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+				PATTERN_TYPE_APACHE_ANT
+				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
+			]]></value>
+		</property>
+	</bean>
+
+	<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
+
+	<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
+		<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
+		<constructor-arg>
+			<list>
+				<ref bean="rememberMeServices"/>
+				<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
+			</list>
+		</constructor-arg>
+	</bean>
+
+	<bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
+		<property name="authenticationManager" ref="authenticationManager"/>
+		<property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
+		<property name="defaultTargetUrl" value="/"/>
+		<property name="filterProcessesUrl" value="/j_spring_security_check"/>
+		<property name="rememberMeServices" ref="rememberMeServices"/>
+	</bean>
+
+    <bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
+        <property name="authenticationManager"><ref local="authenticationManager"/></property>
+        <property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
+    </bean>
+
+    <bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
+        <property name="realmName"><value>My Realm</value></property>
+    </bean>
+
+	<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
+
+	<bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
+		<property name="authenticationManager" ref="authenticationManager"/>
+		<property name="rememberMeServices" ref="rememberMeServices"/>
+	</bean>
+
+	<bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
+		<property name="key" value="changeThis"/>
+		<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
+	</bean>
+
+	<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
+		<property name="authenticationEntryPoint">
+			<bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+				<property name="loginFormUrl" value="/acegilogin.jsp"/>
+				<property name="forceHttps" value="false"/>
+			</bean>
+		</property>
+		<property name="accessDeniedHandler">
+			<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
+				<property name="errorPage" value="/accessDenied.jsp"/>
+			</bean>
+		</property>
+	</bean>
+
+	<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
+		<property name="allowIfAllAbstainDecisions" value="false"/>
+		<property name="decisionVoters">
+			<list>
+				<bean class="org.springframework.security.vote.RoleVoter"/>
+				<bean class="org.springframework.security.vote.AuthenticatedVoter"/>
+			</list>
+		</property>
+	</bean>
+
+	<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
+		<property name="authenticationManager" ref="authenticationManager"/>
+		<property name="accessDecisionManager" ref="accessDecisionManager"/>
+		<property name="objectDefinitionSource">
+			<value><![CDATA[
+				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+				PATTERN_TYPE_APACHE_ANT
+				/secure/extreme/**=ROLE_SUPERVISOR
+				/secure/**=IS_AUTHENTICATED_REMEMBERED
+				/**=IS_AUTHENTICATED_ANONYMOUSLY
+			]]></value>
+		</property>
+	</bean>
+
+	<bean id="rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
+		<property name="userDetailsService" ref="userDetailsService"/>
+		<property name="key" value="changeThis"/>
+	</bean>
+
+	<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
+		<property name="providers">
+			<list>
+				<ref local="daoAuthenticationProvider"/>
+				<bean class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
+					<property name="key" value="changeThis"/>
+				</bean>
+				<bean class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
+					<property name="key" value="changeThis"/>
+				</bean>
+			</list>
+		</property>
+	</bean>
+
+	<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
+		<property name="userDetailsService" ref="userDetailsService"/>
+	</bean>
+
+	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
+	<bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
+		<property name="userProperties">
+			<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+				<property name="location" value="/WEB-INF/users.properties"/>
+			</bean>
+		</property>
+	</bean>
+
+	<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
+	<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
+
+	<bean id="daacc" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>
+
+	<bean id="attributes" class="org.springframework.security.annotation.SecurityAnnotationAttributes"/>
+
+	<bean id="objectDefinitionSource" class="org.springframework.security.intercept.method.MethodDefinitionAttributes">
+		<property name="attributes"><ref local="attributes"/></property>
+	</bean>
+
+	<bean id="securityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
+		<property name="authenticationManager"><ref local="authenticationManager"/></property>
+		<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
+		<property name="objectDefinitionSource">
+			<ref local="objectDefinitionSource"/>
+		</property>
+	</bean>
+
+</beans>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/bank-servlet.xml b/sandbox/heavyduty/src/main/webapp/WEB-INF/bank-servlet.xml
new file mode 100755
index 0000000000..a119417066
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/bank-servlet.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+
+	<bean name="/listAccounts.html" class="bigbank.web.ListAccounts">
+		<constructor-arg ref="bankService"/>
+	</bean>
+	
+	<bean name="/post.html" class="bigbank.web.PostAccounts">
+		<constructor-arg ref="bankService"/>
+	</bean>
+	
+	<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
+		<property name="prefix" value="/WEB-INF/jsp/"/>
+		<property name="suffix" value=".jsp"/>
+	</bean>
+
+</beans>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/classes/META-INF/persistence.xml b/sandbox/heavyduty/src/main/webapp/WEB-INF/classes/META-INF/persistence.xml
new file mode 100755
index 0000000000..20e12ff1bf
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/classes/META-INF/persistence.xml
@@ -0,0 +1,24 @@
+<persistence xmlns="http://java.sun.com/xml/ns/persistence"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
+http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
+  version="1.0">
+
+  <persistence-unit name="SAMPLE" transaction-type="RESOURCE_LOCAL">
+    <provider>org.hibernate.ejb.HibernatePersistence</provider>
+    <class>sample.domain.User</class>
+    <properties>
+      <property name="hibernate.archive.autodetection" value="class" />
+      <property name="hibernate.format_sql" value="true" />
+      <property name="hibernate.dialect" value="org.hibernate.dialect.HSQLDialect" />
+      <!-- property name="hibernate.cache.provider_class"
+        value="org.hibernate.cache.EHCacheProvider" />
+      <property name="hibernate.cache.use_second_level_cache" value="true" />
+      <property name="hibernate.cache.use_query_cache" value="true" / -->
+      <property name="hibernate.max_fetch_depth" value="3" />
+      <property name="hibernate.default_batch_fetch_size" value="8" />
+      <property name="hibernate.generate_statistics" value="true" />
+    </properties>
+  </persistence-unit>
+
+</persistence>
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/classes/jdbc.properties b/sandbox/heavyduty/src/main/webapp/WEB-INF/classes/jdbc.properties
new file mode 100755
index 0000000000..a88ac1e426
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/classes/jdbc.properties
@@ -0,0 +1,8 @@
+jpa.dialect=org.hibernate.dialect.HSQLDialect
+jpa.generateDdl=true
+jpa.showSql=true
+
+jdbc.driver=org.hsqldb.jdbcDriver
+jdbc.url=jdbc:hsqldb:mem:.
+jdbc.username=sa
+jdbc.password=
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/classes/log4j.properties b/sandbox/heavyduty/src/main/webapp/WEB-INF/classes/log4j.properties
new file mode 100755
index 0000000000..b2a7f64139
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/classes/log4j.properties
@@ -0,0 +1,18 @@
+# Global logging configuration
+log4j.rootLogger=DEBUG, stdout
+
+log4j.logger.org.springframework.security=DEBUG, stdout
+
+# Console output...
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.conversionPattern=[%p,%c{1},%L] - %m%n
+
+# Rolling log file output...
+#log4j.appender.fileout=org.apache.log4j.RollingFileAppender
+#log4j.appender.fileout.File=spring-security-tutorial.log
+#log4j.appender.fileout.File=${webapp.root}/WEB-INF/log4j.log
+#log4j.appender.fileout.MaxFileSize=1024KB
+#log4j.appender.fileout.MaxBackupIndex=1
+#log4j.appender.fileout.layout=org.apache.log4j.PatternLayout
+#log4j.appender.fileout.layout.conversionPattern=%d{ABSOLUTE} %5p %c{1},%t:%L - %m%n
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/classes/users.ldif b/sandbox/heavyduty/src/main/webapp/WEB-INF/classes/users.ldif
new file mode 100755
index 0000000000..0cf02e22ec
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/classes/users.ldif
@@ -0,0 +1,60 @@
+dn: ou=groups,dc=springframework,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: groups
+
+dn: ou=people,dc=springframework,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: people
+
+dn: uid=rod,ou=people,dc=springframework,dc=org
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+cn: Rod Johnson
+sn: Johnson
+uid: rod
+userPassword: koala
+
+dn: uid=dianne,ou=people,dc=springframework,dc=org
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+cn: Dianne Emu
+sn: Emu
+uid: dianne
+userPassword: emu
+
+dn: uid=scott,ou=people,dc=springframework,dc=org
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+cn: Scott
+sn: Wombat
+uid: scott
+userPassword: wombat
+
+dn: cn=user,ou=groups,dc=springframework,dc=org
+objectclass: top
+objectclass: groupOfNames
+cn: user
+member: uid=rod,ou=people,dc=springframework,dc=org
+member: uid=dianne,ou=people,dc=springframework,dc=org
+member: uid=scott,ou=people,dc=springframework,dc=org
+
+dn: cn=teller,ou=groups,dc=springframework,dc=org
+objectclass: top
+objectclass: groupOfNames
+cn: teller
+member: uid=rod,ou=people,dc=springframework,dc=org
+member: dianne=rod,ou=people,dc=springframework,dc=org
+
+dn: cn=supervisor,ou=groups,dc=springframework,dc=org
+objectclass: top
+objectclass: groupOfNames
+cn: supervisor
+member: uid=rod,ou=people,dc=springframework,dc=org
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/jsp/listAccounts.jsp b/sandbox/heavyduty/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
new file mode 100755
index 0000000000..548f43f3ba
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
@@ -0,0 +1,27 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt"%>
+
+<h1>Accounts</h1>
+
+<a href="index.jsp">Home3</a><br><br>
+
+<table>
+<c:forEach var="account" items="${accounts}">
+  <tr>
+  <td>
+      <c:out value="${account.id}"/>
+  </td>
+  <td>
+      <c:out value="${account.holder}"/>
+  </td>
+  <td>
+      <c:out value="${account.balance}"/>
+  </td>
+  <td>
+      <a href="post.html?id=<c:out value="${account.id}"/>&amount=-20.00">-$20</a>
+      <a href="post.html?id=<c:out value="${account.id}"/>&amount=-5.00">-$5</a>
+      <a href="post.html?id=<c:out value="${account.id}"/>&amount=5.00">+$5</a>
+      <a href="post.html?id=<c:out value="${account.id}"/>&amount=20.00">+$20</a>
+  </td>
+  </tr>
+</c:forEach>
+</table>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml b/sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml
new file mode 100755
index 0000000000..e745ff4d3c
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  - Tutorial web application
+  -
+  - $Id: web.xml 2809 2008-03-26 15:27:09Z luke_t $
+  -->
+
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
+
+    <display-name>Spring Security Tutorial Application</display-name>
+    
+    <!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+			classpath:applicationContext-business.xml
+			/WEB-INF/appContext-persistence.xml
+			/WEB-INF/appContext-security.xml
+		</param-value>
+	</context-param>
+	
+    <context-param>
+        <param-name>log4jConfigLocation</param-name>
+        <param-value>/WEB-INF/classes/log4j.properties</param-value>
+    </context-param>	
+
+    <filter>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+
+    <filter-mapping>
+      <filter-name>springSecurityFilterChain</filter-name>
+      <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <listener>
+        <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
+    </listener>
+
+	<!--
+	  - Loads the root application context of this web app at startup.
+	  - The application context is then available via
+	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+    -->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+
+	<!--
+	  - Publishes events for session creation and destruction through the application
+	  - context. Optional unless concurrent session control is being used.
+      -->
+    <listener>
+        <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
+    </listener>
+
+  <!--
+	- Provides core MVC application controller.
+    -->
+	<servlet>
+		<servlet-name>bank</servlet-name>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<load-on-startup>1</load-on-startup>
+	</servlet>
+
+	<servlet-mapping>
+    	<servlet-name>bank</servlet-name>
+    	<url-pattern>*.html</url-pattern>
+ 	</servlet-mapping>
+
+     <welcome-file-list>
+		<welcome-file>index.jsp</welcome-file>
+	</welcome-file-list>
+
+</web-app>
diff --git a/sandbox/heavyduty/src/main/webapp/index.jsp b/sandbox/heavyduty/src/main/webapp/index.jsp
new file mode 100755
index 0000000000..edf1d00d0b
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/index.jsp
@@ -0,0 +1,18 @@
+<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
+<html>
+<body>
+<h1>Home Page</h1>
+<p>
+Anyone can view this page.
+</p>
+<p>
+If you're logged in, you can <a href="listAccounts.html">list accounts</a>.
+</p>
+<p>
+Your principal object is....: <%= request.getUserPrincipal() %>
+</p>
+
+<p><a href="secure/index.jsp">Secure page</a></p>
+<p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>
+</body>
+</html>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/login.jsp b/sandbox/heavyduty/src/main/webapp/login.jsp
new file mode 100755
index 0000000000..d752d3975e
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/login.jsp
@@ -0,0 +1,47 @@
+<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core_rt' %>
+<%@ page import="org.springframework.security.ui.AbstractProcessingFilter" %>
+<%@ page import="org.springframework.security.ui.webapp.AuthenticationProcessingFilter" %>
+<%@ page import="org.springframework.security.AuthenticationException" %>
+
+<!-- Not used unless you declare a <form-login login-page="/login.jsp"/> element -->
+
+<html>
+  <head>
+    <title>CUSTOM SPRING SECURITY LOGIN</title>
+  </head>
+
+  <body onload="document.f.j_username.focus();">
+    <h1>CUSTOM SPRING SECURITY LOGIN</h1>
+
+	<P>Valid users:
+	<P>
+	<P>username <b>rod</b>, password <b>koala</b>
+	<br>username <b>dianne</b>, password <b>emu</b>
+	<br>username <b>scott</b>, password <b>wombat</b>
+	<br>username <b>peter</b>, password <b>opal</b>
+	<p>
+
+    <%-- this form-login-page form is also used as the
+         form-error-page to ask for a login again.
+         --%>
+	<% if (session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY) != null) { %>
+      <font color="red">
+        Your login attempt was not successful, try again.<BR><BR>
+        Reason: <%= ((AuthenticationException) session.getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)).getMessage() %>
+      </font>
+    <% } %>
+
+    <form name="f" action="<c:url value='j_spring_security_check'/>" method="POST">
+      <table>
+        <tr><td>User:</td><td><input type='text' name='j_username' <% if (session.getAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY) != null) { %>value='<%= session.getAttribute(AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY) %>'<% } %>></td></tr>
+        <tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
+        <tr><td><input type="checkbox" name="_spring_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr>
+
+        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
+        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
+      </table>
+
+    </form>
+
+  </body>
+</html>
diff --git a/sandbox/heavyduty/src/main/webapp/secure/extreme/index.jsp b/sandbox/heavyduty/src/main/webapp/secure/extreme/index.jsp
new file mode 100755
index 0000000000..93f7a17cfc
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/secure/extreme/index.jsp
@@ -0,0 +1,15 @@
+<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %>
+
+<html>
+<body>
+<h1>VERY Secure Page</h1>
+This is a protected page. You can only see me if you are a supervisor.
+
+<authz:authorize ifAllGranted="ROLE_SUPERVISOR">
+   You have "ROLE_SUPERVISOR" (this text is surrounded by &lt;authz:authorize&gt; tags).
+</authz:authorize>
+
+<p><a href="../../">Home</a>
+<p><a href="../../j_spring_security_logout">Logout</a>
+</body>
+</html>
\ No newline at end of file
diff --git a/sandbox/heavyduty/src/main/webapp/secure/index.jsp b/sandbox/heavyduty/src/main/webapp/secure/index.jsp
new file mode 100755
index 0000000000..e44be8bcd7
--- /dev/null
+++ b/sandbox/heavyduty/src/main/webapp/secure/index.jsp
@@ -0,0 +1,36 @@
+<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
+
+<html>
+<body>
+<h1>Secure Page</h1>
+<p>
+This is a protected page. You can get to me if you've been remembered,
+or if you've authenticated this session.
+</p>
+
+<sec:authorize ifAllGranted="ROLE_SUPERVISOR">
+	You are a supervisor! You can therefore see the <a href="extreme/index.jsp">extremely secure page</a>.<br/><br/>
+</sec:authorize>
+
+<h3>Properties obtained using &lt;sec:authentication /&gt; tag</h3>
+<table border="1">
+<tr><th>Tag</th><th>Value</th></tr>
+<tr>
+<td>&lt;sec:authentication property='name' /&gt;</td><td><sec:authentication property="name"/></td>
+</tr>
+<tr>
+<td>&lt;sec:authentication property='principal.username' /&gt;</td><td><sec:authentication property="principal.username"/></td>
+</tr>
+<tr>
+<td>&lt;sec:authentication property='principal.enabled' /&gt;</td><td><sec:authentication property="principal.enabled"/></td>
+</tr>
+<tr>
+<td>&lt;sec:authentication property='principal.accountNonLocked' /&gt;</td><td><sec:authentication property="principal.accountNonLocked"/></td>
+</tr>
+</table>
+
+
+<p><a href="../">Home</a>
+<p><a href="../j_spring_security_logout">Logout</a>
+</body>
+</html>
\ No newline at end of file