SEC-1202: Removed SpringSecurityFilter and replaced with use of GenericFilterBean from spring-web

2025-06-01 09:42:13 +00:00 · 2009-08-10 14:18:18 +00:00 · 2009-08-10 14:18:18 +00:00 · f536c80020
commit f536c80020
parent b807f7cbdd
36 changed files with 225 additions and 251 deletions
--- a/cas/src/test/java/org/springframework/security/cas/web/CasProcessingFilterTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasProcessingFilterTests.java
@ -48,7 +48,6 @@ public class CasProcessingFilterTests extends TestCase {
        CasProcessingFilter filter = new CasProcessingFilter();
        filter.setAuthenticationManager(authMgr);
        filter.init(null);
        Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
        assertTrue(result != null);
@ -62,7 +61,6 @@ public class CasProcessingFilterTests extends TestCase {
        CasProcessingFilter filter = new CasProcessingFilter();
        filter.setAuthenticationManager(authMgr);
        filter.init(null);
        try {
            filter.attemptAuthentication(request, new MockHttpServletResponse());
--- a/config/pom.xml
+++ b/config/pom.xml
@ -58,7 +58,6 @@
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.apache.directory.server</groupId>
--- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
+++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
@ -22,28 +22,28 @@ import org.springframework.security.web.context.SecurityContextPersistenceFilter
 import org.springframework.security.web.session.SessionManagementFilter;
 import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
-public class DefaultFilterChainValidator implements FilterChainProxy.FilterChainValidator{
+public class DefaultFilterChainValidator implements FilterChainProxy.FilterChainValidator {
    private Log logger = LogFactory.getLog(getClass());
-	public void validate(FilterChainProxy fcp) {
+    public void validate(FilterChainProxy fcp) {
-		Map<String, List<Filter>> filterChainMap = fcp.getFilterChainMap();
+        Map<String, List<Filter>> filterChainMap = fcp.getFilterChainMap();
-		for(String pattern : fcp.getFilterChainMap().keySet()) {
+        for(String pattern : fcp.getFilterChainMap().keySet()) {
-			List<Filter> filters = filterChainMap.get(pattern);
+            List<Filter> filters = filterChainMap.get(pattern);
-			checkFilterStack(filters);
+            checkFilterStack(filters);
-		}
+        }
-		checkLoginPageIsntProtected(fcp, filterChainMap.get(fcp.getMatcher().getUniversalMatchPattern()));
+        checkLoginPageIsntProtected(fcp, filterChainMap.get(fcp.getMatcher().getUniversalMatchPattern()));
-	}
+    }
    private Object getFilter(Class<?> type, List<Filter> filters) {
-    	for (Filter f : filters) {
+        for (Filter f : filters) {
-    		if (type.isAssignableFrom(f.getClass())) {
+            if (type.isAssignableFrom(f.getClass())) {
-    			return f;
+                return f;
-    		}
+            }
-    	}
+        }
-    	return null;
+        return null;
    }
    /**
@ -78,7 +78,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
    /* Checks for the common error of having a login page URL protected by the security interceptor */
    private void checkLoginPageIsntProtected(FilterChainProxy fcp, List<Filter> defaultFilters) {
-    	ExceptionTranslationFilter etf = (ExceptionTranslationFilter)getFilter(ExceptionTranslationFilter.class, defaultFilters);
+        ExceptionTranslationFilter etf = (ExceptionTranslationFilter)getFilter(ExceptionTranslationFilter.class, defaultFilters);
        if (etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint) {
            String loginPage =
@ -129,7 +129,4 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
            }
        }
    }
 }
--- a/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/FilterChainProxyConfigTests.java
@ -17,13 +17,13 @@ package org.springframework.security.config;
 import static org.junit.Assert.*;
 import static org.mockito.Matchers.any;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import java.util.List;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@ -136,8 +136,6 @@ public class FilterChainProxyConfigTests {
    }
    private void doNormalOperation(FilterChainProxy filterChainProxy) throws Exception {
        filterChainProxy.init(mock(FilterConfig.class));
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setServletPath("/foo/secure/super/somefile.html");
@ -151,7 +149,5 @@ public class FilterChainProxyConfigTests {
        chain = mock(FilterChain.class);
        filterChainProxy.doFilter(request, response, chain);
        verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
        filterChainProxy.destroy();
    }
 }
--- a/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
+++ b/ntlm/src/main/java/org/springframework/security/ui/ntlm/NtlmProcessingFilter.java
@ -22,6 +22,8 @@ import java.util.Properties;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@ -40,7 +42,6 @@ import jcifs.util.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
@ -51,10 +52,10 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 /**
 * A clean-room implementation for Spring Security of an NTLM HTTP filter
@ -81,7 +82,7 @@ import org.springframework.util.Assert;
 * @author Edward Smith
 * @version $Id$
 */
-public class NtlmProcessingFilter extends SpringSecurityFilter implements InitializingBean {
+public class NtlmProcessingFilter extends GenericFilterBean {
    //~ Static fields/initializers =====================================================================================
    private static Log    logger = LogFactory.getLog(NtlmProcessingFilter.class);
@ -120,7 +121,8 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
     * Ensures an <code>AuthenticationManager</code> and authentication failure
     * URL have been provided in the bean configuration file.
     */
-    public void afterPropertiesSet() throws Exception {
+    @Override
    public void afterPropertiesSet() {
        Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
        // Default to 5 minutes if not already specified
@ -304,8 +306,10 @@ public class NtlmProcessingFilter extends SpringSecurityFilter implements Initia
        this.authenticationDetailsSource = authenticationDetailsSource;
    }
-    protected void doFilterHttp(final HttpServletRequest request,
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
-            final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException {
+            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        final HttpSession session = request.getSession();
        Integer ntlmState = (Integer) session.getAttribute(STATE_ATTR);
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProcessingFilter.java
@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import org.openid4java.consumer.ConsumerException;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@ -81,10 +82,15 @@ public class OpenIDAuthenticationProcessingFilter extends AbstractAuthentication
    //~ Methods ========================================================================================================
-    public void afterPropertiesSet() throws Exception {
+    @Override
    public void afterPropertiesSet() {
        super.afterPropertiesSet();
        if (consumer == null) {
-            consumer = new OpenID4JavaConsumer();
+            try {
                consumer = new OpenID4JavaConsumer();
            } catch (ConsumerException e) {
                throw new IllegalArgumentException("Failed to initialize OpenID", e);
            }
        }
    }
--- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
+++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java
@ -33,12 +33,12 @@ import javax.servlet.ServletResponse;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
 import org.springframework.security.web.util.AntUrlPathMatcher;
 import org.springframework.security.web.util.UrlMatcher;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.DelegatingFilterProxy;
 import org.springframework.web.filter.GenericFilterBean;
 /**
@ -104,7 +104,7 @@ import org.springframework.web.filter.DelegatingFilterProxy;
 *
 * @version $Id$
 */
-public class FilterChainProxy implements Filter, InitializingBean {
+public class FilterChainProxy extends GenericFilterBean {
    //~ Static fields/initializers =====================================================================================
    private static final Log logger = LogFactory.getLog(FilterChainProxy.class);
@ -123,35 +123,12 @@ public class FilterChainProxy implements Filter, InitializingBean {
    //~ Methods ========================================================================================================
-    public void afterPropertiesSet() throws Exception {
+    @Override
    public void afterPropertiesSet() {
        Assert.notNull(uncompiledFilterChainMap, "filterChainMap must be set");
        filterChainValidator.validate(this);
    }
    public void init(FilterConfig filterConfig) throws ServletException {
        for (Filter filter : obtainAllDefinedFilters()) {
            if (filter != null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Initializing Filter defined in ApplicationContext: '" + filter + "'");
                }
                filter.init(filterConfig);
            }
        }
    }
    public void destroy() {
        for (Filter filter : obtainAllDefinedFilters()) {
            if (filter != null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Destroying Filter defined in ApplicationContext: '" + filter + "'");
                }
                filter.destroy();
            }
        }
    }
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
@ -324,10 +301,10 @@ public class FilterChainProxy implements Filter, InitializingBean {
     * @param filterChainValidator
     */
    public void setFilterChainValidator(FilterChainValidator filterChainValidator) {
-		this.filterChainValidator = filterChainValidator;
+        this.filterChainValidator = filterChainValidator;
-	}
+    }
-	public String toString() {
+    public String toString() {
        StringBuffer sb = new StringBuffer();
        sb.append("FilterChainProxy[");
        sb.append(" UrlMatcher = ").append(matcher);
@ -382,12 +359,12 @@ public class FilterChainProxy implements Filter, InitializingBean {
    }
    public interface FilterChainValidator {
-    	void validate(FilterChainProxy filterChainProxy);
+        void validate(FilterChainProxy filterChainProxy);
    }
    private class NullFilterChainValidator implements FilterChainValidator {
-		public void validate(FilterChainProxy filterChainProxy) {
+        public void validate(FilterChainProxy filterChainProxy) {
-		}
+        }
    }
 }
--- a/web/src/main/java/org/springframework/security/web/SpringSecurityFilter.java
+++ b/web/src/main/java/org/springframework/security/web/SpringSecurityFilter.java
@ -1,61 +0,0 @@
 package org.springframework.security.web;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.core.Ordered;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.ServletException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletResponse;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletRequest;
 import javax.servlet.Filter;
 import java.io.IOException;
 /**
 * Implements Ordered interface as required by security namespace configuration and implements unused filter
 * lifecycle methods and performs casting of request and response to http versions in doFilter method.
 *
 * @author Luke Taylor
 * @version $Id$
 */
 public abstract class SpringSecurityFilter implements Filter, Ordered {
    protected final Log logger = LogFactory.getLog(this.getClass());
    private int order;
    /**
     * Does nothing. We use IoC container lifecycle services instead.
     *
     * @param filterConfig ignored
     * @throws ServletException ignored
     */
    public final void init(FilterConfig filterConfig) throws ServletException {
    }
    /**
     * Does nothing. We use IoC container lifecycle services instead.
     */
    public final void destroy() {
    }
    public final void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        doFilterHttp((HttpServletRequest)request, (HttpServletResponse)response, chain);
    }
    protected abstract void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException;
    public final int getOrder() {
 		return order;
 	}
 	public void setOrder(int order) {
 		this.order = order;
 	}
 	public String toString() {
        return getClass().getName() + "[ order=" + getOrder() + "; ]";
    }
 }
--- a/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/ExceptionTranslationFilter.java
@ -19,10 +19,11 @@ import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
@ -30,12 +31,12 @@ import org.springframework.security.authentication.InsufficientAuthenticationExc
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.util.ThrowableAnalyzer;
 import org.springframework.security.web.util.ThrowableCauseExtractor;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 /**
 * Handles any <code>AccessDeniedException</code> and <code>AuthenticationException</code> thrown within the
@ -68,7 +69,7 @@ import org.springframework.util.Assert;
 * @author colin sampaleanu
 * @version $Id$
 */
-public class ExceptionTranslationFilter extends SpringSecurityFilter implements InitializingBean {
+public class ExceptionTranslationFilter extends GenericFilterBean {
    //~ Instance fields ================================================================================================
@ -82,13 +83,16 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements
    //~ Methods ========================================================================================================
-    public void afterPropertiesSet() throws Exception {
+    @Override
    public void afterPropertiesSet() {
        Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint must be specified");
 //        Assert.notNull(portResolver, "portResolver must be specified");
    }
-    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
-            ServletException {
+            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        try {
            chain.doFilter(request, response);
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
@ -23,15 +23,16 @@ import java.util.Set;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 /**
@ -45,7 +46,7 @@ import org.springframework.util.Assert;
 * @author Ben Alex
 * @version $Id$
 */
-public class ChannelProcessingFilter extends SpringSecurityFilter implements InitializingBean {
+public class ChannelProcessingFilter extends GenericFilterBean {
    //~ Instance fields ================================================================================================
@ -54,7 +55,8 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
    //~ Methods ========================================================================================================
-    public void afterPropertiesSet() throws Exception {
+    @Override
    public void afterPropertiesSet() {
        Assert.notNull(securityMetadataSource, "securityMetadataSource must be specified");
        Assert.notNull(channelDecisionManager, "channelDecisionManager must be specified");
@ -86,8 +88,10 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
        }
    }
-    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        FilterInvocation fi = new FilterInvocation(request, response, chain);
        List<ConfigAttribute> attr = this.securityMetadataSource.getAttributes(fi);
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
@ -19,11 +19,12 @@ import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.context.MessageSource;
@ -36,11 +37,11 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.session.AuthenticatedSessionStrategy;
 import org.springframework.security.web.session.NullAuthenticatedSessionStrategy;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 /**
 * Abstract processor of browser-based HTTP-based authentication requests.
@ -102,7 +103,7 @@ import org.springframework.util.Assert;
 * @author Ben Alex
 * @version $Id$
 */
-public abstract class AbstractAuthenticationProcessingFilter extends SpringSecurityFilter implements InitializingBean,
+public abstract class AbstractAuthenticationProcessingFilter extends GenericFilterBean implements
        ApplicationEventPublisherAware, MessageSourceAware {
    //~ Static fields/initializers =====================================================================================
@ -147,7 +148,8 @@ public abstract class AbstractAuthenticationProcessingFilter extends SpringSecur
    //~ Methods ========================================================================================================
-    public void afterPropertiesSet() throws Exception {
+    @Override
    public void afterPropertiesSet() {
        Assert.hasLength(filterProcessesUrl, "filterProcessesUrl must be specified");
        Assert.isTrue(UrlUtils.isValidRedirectUrl(filterProcessesUrl), filterProcessesUrl + " isn't a valid redirect URL");
        Assert.notNull(authenticationManager, "authenticationManager must be specified");
@ -176,9 +178,12 @@ public abstract class AbstractAuthenticationProcessingFilter extends SpringSecur
     * by this method where the returned <tt>Authentication</tt> object is not null.
     * </ol>
     */
-    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        if (!requiresAuthentication(request, response)) {
            chain.doFilter(request, response);
--- a/web/src/main/java/org/springframework/security/web/authentication/AnonymousProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AnonymousProcessingFilter.java
@ -20,6 +20,8 @@ import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@ -29,8 +31,8 @@ import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.memory.UserAttribute;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 /**
@ -40,7 +42,7 @@ import org.springframework.util.Assert;
 * @author Ben Alex
 * @version $Id$
 */
-public class AnonymousProcessingFilter  extends SpringSecurityFilter  implements InitializingBean {
+public class AnonymousProcessingFilter extends GenericFilterBean  implements InitializingBean {
    //~ Instance fields ================================================================================================
@ -51,7 +53,8 @@ public class AnonymousProcessingFilter  extends SpringSecurityFilter  implements
    //~ Methods ========================================================================================================
-    public void afterPropertiesSet() throws Exception {
+    @Override
    public void afterPropertiesSet() {
        Assert.notNull(userAttribute);
        Assert.hasLength(key);
    }
@ -79,7 +82,11 @@ public class AnonymousProcessingFilter  extends SpringSecurityFilter  implements
        return auth;
    }
-    protected void doFilterHttp(HttpServletRequest request,HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        boolean addedToken = false;
        if (applyAnonymousForThisRequest(request)) {
--- a/web/src/main/java/org/springframework/security/web/authentication/concurrent/ConcurrentSessionFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/concurrent/ConcurrentSessionFilter.java
@ -19,20 +19,21 @@ import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.authentication.concurrent.SessionInformation;
 import org.springframework.security.authentication.concurrent.SessionRegistry;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 /**
@ -52,7 +53,7 @@ import org.springframework.util.Assert;
 * @author Ben Alex
 * @version $Id$
 */
-public class ConcurrentSessionFilter extends SpringSecurityFilter implements InitializingBean {
+public class ConcurrentSessionFilter extends GenericFilterBean {
    //~ Instance fields ================================================================================================
    private SessionRegistry sessionRegistry;
@ -61,14 +62,17 @@ public class ConcurrentSessionFilter extends SpringSecurityFilter implements Ini
    //~ Methods ========================================================================================================
-    public void afterPropertiesSet() throws Exception {
+    @Override
    public void afterPropertiesSet() {
        Assert.notNull(sessionRegistry, "SessionRegistry required");
        Assert.isTrue(expiredUrl == null || UrlUtils.isValidRedirectUrl(expiredUrl),
                expiredUrl + " isn't a valid redirect URL");
    }
-    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        HttpSession session = request.getSession(false);
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
@ -21,15 +21,17 @@ import java.util.List;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import org.springframework.web.filter.GenericFilterBean;
 /**
 * Logs a principal out.
@ -44,7 +46,7 @@ import org.springframework.util.StringUtils;
 * @author Ben Alex
 * @version $Id$
 */
-public class LogoutFilter extends SpringSecurityFilter {
+public class LogoutFilter extends GenericFilterBean {
    //~ Instance fields ================================================================================================
@ -79,8 +81,10 @@ public class LogoutFilter extends SpringSecurityFilter {
    //~ Methods ========================================================================================================
-    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
-            ServletException {
+            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        if (requiresLogout(request, response)) {
            Authentication auth = SecurityContextHolder.getContext().getAuthentication();
--- a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
@ -4,39 +4,41 @@ import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import org.springframework.security.web.SpringSecurityFilter;
+import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+import org.springframework.context.ApplicationEventPublisher;
-import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.beans.factory.InitializingBean;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
-import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 /**
 * Base class for processing filters that handle pre-authenticated authentication requests. Subclasses must implement
 * the getPreAuthenticatedPrincipal() and getPreAuthenticatedCredentials() methods.
 * <p>
- * By default, the filter chain will proceed when an authentication attempt fails in order to allow other 
+ * By default, the filter chain will proceed when an authentication attempt fails in order to allow other
 * authentication mechanisms to process the request. To reject the credentials immediately, set the
 * <tt>continueFilterChainOnUnsuccessfulAuthentication</tt> flag to false. The exception raised by the
 * <tt>AuthenticationManager</tt> will the be re-thrown. Note that this will not affect cases where the principal
 * returned by {@link #getPreAuthenticatedPrincipal} is null, when the chain will still proceed as normal.
- * 
+ *
 *
 * @author Luke Taylor
 * @author Ruud Senden
 * @since 2.0
 */
-public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSecurityFilter implements
+public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFilterBean implements
        InitializingBean, ApplicationEventPublisherAware {
    private ApplicationEventPublisher eventPublisher = null;
@ -44,28 +46,31 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private AuthenticationManager authenticationManager = null;
-    
+
    private boolean continueFilterChainOnUnsuccessfulAuthentication = true;
    /**
     * Check whether all required properties have been set.
     */
-    public void afterPropertiesSet() throws Exception {
+    @Override
    public void afterPropertiesSet() {
        Assert.notNull(authenticationManager, "An AuthenticationManager must be set");
    }
    /**
     * Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.
     */
-    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        if (logger.isDebugEnabled()) {
            logger.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
        }
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
-            doAuthenticate(request, response);
+            doAuthenticate((HttpServletRequest) request, (HttpServletResponse) response);
        }
-        filterChain.doFilter(request, response);
+        chain.doFilter(request, response);
    }
    /**
@ -82,7 +87,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
                logger.debug("No pre-authenticated principal found in request");
            }
-            return;            
+            return;
        }
        if (logger.isDebugEnabled()) {
@ -96,7 +101,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
            successfulAuthentication(request, response, authResult);
        } catch (AuthenticationException failed) {
            unsuccessfulAuthentication(request, response, failed);
-            
+
            if (!continueFilterChainOnUnsuccessfulAuthentication) {
                throw failed;
            }
@ -155,19 +160,19 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }
-    
+
    public void setContinueFilterChainOnUnsuccessfulAuthentication(boolean shouldContinue) {
        continueFilterChainOnUnsuccessfulAuthentication = shouldContinue;
    }
    /**
-     * Override to extract the principal information from the current request 
+     * Override to extract the principal information from the current request
     */
    protected abstract Object getPreAuthenticatedPrincipal(HttpServletRequest request);
    /**
     * Override to extract the credentials (if applicable) from the current request. Some implementations
     * may return a dummy value.
-     */    
+     */
    protected abstract Object getPreAuthenticatedCredentials(HttpServletRequest request);
 }
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilter.java
@ -19,10 +19,11 @@ import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.security.authentication.AuthenticationManager;
@ -30,9 +31,9 @@ import org.springframework.security.authentication.event.InteractiveAuthenticati
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 /**
@ -52,8 +53,7 @@ import org.springframework.util.Assert;
 * @author Ben Alex
 * @version $Id$
 */
-public class RememberMeProcessingFilter extends SpringSecurityFilter implements InitializingBean,
+public class RememberMeProcessingFilter extends GenericFilterBean implements ApplicationEventPublisherAware {
        ApplicationEventPublisherAware {
    //~ Instance fields ================================================================================================
@ -63,13 +63,16 @@ public class RememberMeProcessingFilter extends SpringSecurityFilter implements
    //~ Methods ========================================================================================================
-    public void afterPropertiesSet() throws Exception {
+    @Override
    public void afterPropertiesSet() {
        Assert.notNull(authenticationManager, "authenticationManager must be specified");
        Assert.notNull(rememberMeServices, "rememberMeServices must be specified");
    }
-    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
-        throws IOException, ServletException {
+            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            Authentication rememberMeAuth = rememberMeServices.autoLogin(request, response);
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilter.java
@ -21,11 +21,12 @@ import java.util.List;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.context.MessageSource;
@ -48,7 +49,6 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsChecker;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
@ -57,6 +57,7 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import org.springframework.web.filter.GenericFilterBean;
 /**
@ -97,8 +98,8 @@ import org.springframework.util.StringUtils;
 *
 * @see org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
 */
-public class SwitchUserProcessingFilter extends SpringSecurityFilter implements InitializingBean,
+public class SwitchUserProcessingFilter extends GenericFilterBean implements ApplicationEventPublisherAware,
-        ApplicationEventPublisherAware, MessageSourceAware {
+        MessageSourceAware {
    //~ Static fields/initializers =====================================================================================
    public static final String SPRING_SECURITY_SWITCH_USERNAME_KEY = "j_username";
@ -121,7 +122,8 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
    //~ Methods ========================================================================================================
-    public void afterPropertiesSet() throws Exception {
+    @Override
    public void afterPropertiesSet() {
        Assert.notNull(userDetailsService, "userDetailsService must be specified");
        Assert.isTrue(successHandler != null || targetUrl != null, "You must set either a successHandler or the targetUrl");
        if (targetUrl != null) {
@ -137,8 +139,10 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
        }
    }
-    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        // check for switch or exit request
        if (requiresSwitchUser(request)) {
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
@ -4,16 +4,18 @@ import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import org.springframework.beans.BeanWrapperImpl;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
 import org.springframework.web.filter.GenericFilterBean;
 /**
 * For internal use with namespace configuration in the case where a user doesn't configure a login page.
@ -25,7 +27,7 @@ import org.springframework.security.web.authentication.rememberme.AbstractRememb
 * @version $Id$
 * @since 2.0
 */
-public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
+public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
    public static final String DEFAULT_LOGIN_PAGE_URL = "/spring_security_login";
    public static final String ERROR_PARAMETER_NAME = "login_error";
    boolean formLoginEnabled;
@ -73,7 +75,11 @@ public class DefaultLoginPageGeneratingFilter extends SpringSecurityFilter {
        }
    }
-    protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        if (isLoginUrlRequest(request)) {
            String loginPageHtml = generateLoginPageHtml(request);
            response.setContentType("text/html;charset=UTF-8");
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicProcessingFilter.java
@ -19,11 +19,12 @@ import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.codec.binary.Base64;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
@ -32,11 +33,11 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.authentication.NullRememberMeServices;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 /**
@ -84,7 +85,7 @@ import org.springframework.util.Assert;
 * @author Ben Alex
 * @version $Id$
 */
-public class BasicProcessingFilter extends SpringSecurityFilter implements InitializingBean {
+public class BasicProcessingFilter extends GenericFilterBean {
    //~ Instance fields ================================================================================================
@ -97,7 +98,8 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi
    //~ Methods ========================================================================================================
-    public void afterPropertiesSet() throws Exception {
+    @Override
    public void afterPropertiesSet() {
        Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
        if(!isIgnoreFailure()) {
@ -105,8 +107,10 @@ public class BasicProcessingFilter extends SpringSecurityFilter implements Initi
        }
    }
-    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        String header = request.getHeader("Authorization");
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestProcessingFilter.java
@ -18,9 +18,10 @@ package org.springframework.security.web.authentication.www;
 import java.io.IOException;
 import java.util.Map;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@ -28,7 +29,6 @@ import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
 import org.springframework.context.support.MessageSourceAccessor;
@ -44,10 +44,10 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.core.userdetails.cache.NullUserCache;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import org.springframework.web.filter.GenericFilterBean;
 /**
@ -76,7 +76,7 @@ import org.springframework.util.StringUtils;
 * than Basic authentication. Please see RFC 2617 section 4 for a full discussion on the advantages of Digest
 * authentication over Basic authentication, including commentary on the limitations that it still imposes.
 */
-public class DigestProcessingFilter extends SpringSecurityFilter implements Filter, InitializingBean, MessageSourceAware {
+public class DigestProcessingFilter extends GenericFilterBean implements MessageSourceAware {
    //~ Static fields/initializers =====================================================================================
@ -93,13 +93,17 @@ public class DigestProcessingFilter extends SpringSecurityFilter implements Filt
    //~ Methods ========================================================================================================
-    public void afterPropertiesSet() throws Exception {
+    @Override
    public void afterPropertiesSet() {
        Assert.notNull(userDetailsService, "A UserDetailsService is required");
        Assert.notNull(authenticationEntryPoint, "A DigestProcessingFilterEntryPoint is required");
    }
-    public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        String header = request.getHeader("Authorization");
        if (logger.isDebugEnabled()) {
--- a/web/src/main/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilter.java
@ -186,7 +186,7 @@ public class HttpSessionContextIntegrationFilter extends SecurityContextPersiste
    //~ Methods ========================================================================================================
-    public void afterPropertiesSet() throws Exception {
+    public void afterPropertiesSet() {
        if (forceEagerSessionCreation && !allowSessionCreation) {
            throw new IllegalArgumentException(
                    "If using forceEagerSessionCreation, you must set allowSessionCreation to also be true");
--- a/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
+++ b/web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
@ -4,13 +4,15 @@ import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.SpringSecurityFilter;
+import org.springframework.web.filter.GenericFilterBean;
 /**
 * Populates the {@link SecurityContextHolder} with information obtained from
@ -37,7 +39,7 @@ import org.springframework.security.web.SpringSecurityFilter;
 * @version $Id$
 * @since 3.0
 */
-public class SecurityContextPersistenceFilter extends SpringSecurityFilter {
+public class SecurityContextPersistenceFilter extends GenericFilterBean {
    static final String FILTER_APPLIED = "__spring_security_scpf_applied";
@ -45,9 +47,11 @@ public class SecurityContextPersistenceFilter extends SpringSecurityFilter {
    private boolean forceEagerSessionCreation = false;
-    @Override
+
-    protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        if (request.getAttribute(FILTER_APPLIED) != null) {
            // ensure that filter is only applied once per request
--- a/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/RequestCacheAwareFilter.java
@ -4,10 +4,12 @@ import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import org.springframework.security.web.SpringSecurityFilter;
+import org.springframework.web.filter.GenericFilterBean;
 /**
 * Responsible for reconstituting the saved request if one is cached and it matches the current request.
@ -21,15 +23,15 @@ import org.springframework.security.web.SpringSecurityFilter;
 * @version $Id$
 * @since 3.0
 */
-public class RequestCacheAwareFilter extends SpringSecurityFilter {
+public class RequestCacheAwareFilter extends GenericFilterBean {
    private RequestCache requestCache = new HttpSessionRequestCache();
-    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
    protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws IOException, ServletException {
-        HttpServletRequest wrappedSavedRequest = requestCache.getMatchingRequest(request, response);
+        HttpServletRequest wrappedSavedRequest =
            requestCache.getMatchingRequest((HttpServletRequest)request, (HttpServletResponse)response);
        chain.doFilter(wrappedSavedRequest == null ? request : wrappedSavedRequest, response);
    }
--- a/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
@ -4,6 +4,8 @@ import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@ -11,9 +13,9 @@ import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 /**
 * Detects that a user has been authenticated since the start of the request and, if they have, calls the
@ -27,7 +29,7 @@ import org.springframework.util.Assert;
 * @version $Id$
 * @since 2.0
 */
-public class SessionManagementFilter extends SpringSecurityFilter {
+public class SessionManagementFilter extends GenericFilterBean {
    //~ Static fields/initializers =====================================================================================
    static final String FILTER_APPLIED = "__spring_security_session_fixation_filter_applied";
@ -46,8 +48,10 @@ public class SessionManagementFilter extends SpringSecurityFilter {
        this.securityContextRepository = securityContextRepository;
    }
-    protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        if (request.getAttribute(FILTER_APPLIED) != null) {
            chain.doFilter(request, response);
--- a/web/src/main/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilter.java
+++ b/web/src/main/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilter.java
@ -19,11 +19,12 @@ import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.security.web.SpringSecurityFilter;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;
 /**
@ -37,7 +38,7 @@ import org.springframework.util.Assert;
 * @author Luke Taylor
 * @version $Id$
 */
-public class SecurityContextHolderAwareRequestFilter extends SpringSecurityFilter {
+public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
    //~ Instance fields ================================================================================================
    private String rolePrefix;
@ -49,8 +50,8 @@ public class SecurityContextHolderAwareRequestFilter extends SpringSecurityFilte
        this.rolePrefix = rolePrefix.trim();
    }
-    protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
-        chain.doFilter(new SecurityContextHolderAwareRequestWrapper(request, rolePrefix), response);
+        chain.doFilter(new SecurityContextHolderAwareRequestWrapper((HttpServletRequest) req, rolePrefix), res);
    }
 }
--- a/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
@ -149,9 +149,7 @@ public class ChannelProcessingFilterTests {
        filter.setSecurityMetadataSource(fids);
        assertSame(fids, filter.getSecurityMetadataSource());
        filter.init(null);
        filter.afterPropertiesSet();
        filter.destroy();
    }
    //~ Inner Classes ==================================================================================================
--- a/web/src/test/java/org/springframework/security/web/authentication/AnonymousProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AnonymousProcessingFilterTests.java
@ -58,11 +58,10 @@ public class AnonymousProcessingFilterTests extends TestCase {
    //~ Methods ========================================================================================================
    private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request,
-        ServletResponse response, FilterChain filterChain)
+        ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
-        throws ServletException, IOException {
+//        filter.init(filterConfig);
        filter.init(filterConfig);
        filter.doFilter(request, response, filterChain);
-        filter.destroy();
+//        filter.destroy();
    }
    protected void setUp() throws Exception {
--- a/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AuthenticationProcessingFilterTests.java
@ -52,7 +52,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
        UsernamePasswordAuthenticationProcessingFilter filter = new UsernamePasswordAuthenticationProcessingFilter();
        assertEquals("/j_spring_security_check", filter.getFilterProcessesUrl());
        filter.setAuthenticationManager(createAuthenticationManager());
-        filter.init(null);
+//        filter.init(null);
        Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
        assertTrue(result != null);
--- a/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderPreAuthenticatedProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/header/RequestHeaderPreAuthenticatedProcessingFilterTests.java
@ -37,7 +37,6 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests {
        MockHttpServletResponse response = new MockHttpServletResponse();
        MockFilterChain chain = new MockFilterChain();
        RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter();
        filter.getOrder();
        filter.doFilter(request, response, chain);
    }
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/RememberMeProcessingFilterTests.java
@ -56,11 +56,10 @@ public class RememberMeProcessingFilterTests extends TestCase {
    //~ Methods ========================================================================================================
    private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request,
-        ServletResponse response, FilterChain filterChain)
+        ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
-        throws ServletException, IOException {
+//        filter.init(filterConfig);
        filter.init(filterConfig);
        filter.doFilter(request, response, filterChain);
-        filter.destroy();
+//        filter.destroy();
    }
    protected void setUp() throws Exception {
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserProcessingFilterTests.java
@ -161,7 +161,7 @@ public class SwitchUserProcessingFilterTests {
        // Check it with no url set (should get a text response)
        FilterChain chain = mock(FilterChain.class);
-        filter.doFilterHttp(request, response, chain);
+        filter.doFilter(request, response, chain);
        verify(chain, never()).doFilter(request, response);
        assertEquals("Authentication Failed: User is disabled", response.getErrorMessage());
@ -177,7 +177,7 @@ public class SwitchUserProcessingFilterTests {
        response = new MockHttpServletResponse();
        chain = mock(FilterChain.class);
-        filter.doFilterHttp(request, response, chain);
+        filter.doFilter(request, response, chain);
        verify(chain, never()).doFilter(request, response);
        assertEquals("/mywebapp/switchfailed", response.getRedirectedUrl());
--- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicProcessingFilterTests.java
@ -24,7 +24,6 @@ import java.io.IOException;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@ -63,13 +62,13 @@ public class BasicProcessingFilterTests {
    private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request,
                    final boolean expectChainToProceed) throws ServletException, IOException {
-        filter.init(mock(FilterConfig.class));
+//        filter.init(mock(FilterConfig.class));
        final MockHttpServletResponse response = new MockHttpServletResponse();
        FilterChain chain = mock(FilterChain.class);
        filter.doFilter(request, response, chain);
-        filter.destroy();
+//        filter.destroy();
        verify(chain, expectChainToProceed ? times(1) : never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
        return response;
--- a/web/src/test/java/org/springframework/security/web/authentication/www/DigestProcessingFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/www/DigestProcessingFilterTests.java
@ -87,8 +87,6 @@ public class DigestProcessingFilterTests {
    private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, final ServletRequest request,
                                                                      final boolean expectChainToProceed) throws ServletException, IOException {
        filter.init(mock(FilterConfig.class));
        final MockHttpServletResponse response = new MockHttpServletResponse();
        Mockery jmockContext = new JUnit4Mockery();
@ -99,7 +97,7 @@ public class DigestProcessingFilterTests {
        }});
        filter.doFilter(request, response, chain);
-        filter.destroy();
+
        jmockContext.assertIsSatisfied();
        return response;
    }
--- a/web/src/test/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionContextIntegrationFilterTests.java
@ -59,9 +59,9 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
            FilterConfig filterConfig, Filter filter, ServletRequest request,
            ServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
-        filter.init(filterConfig);
+//        filter.init(filterConfig);
        filter.doFilter(request, response, filterChain);
-        filter.destroy();
+//        filter.destroy();
    }
    public void testDetectsIncompatibleSessionProperties() throws Exception {
--- a/web/src/test/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/wrapper/SecurityContextHolderAwareRequestFilterTests.java
@ -42,7 +42,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
    public void expectedRequestWrapperClassIsUsed() throws Exception {
        SecurityContextHolderAwareRequestFilter filter = new SecurityContextHolderAwareRequestFilter();
        filter.setRolePrefix("ROLE_");
-        filter.init(jmock.mock(FilterConfig.class));
+//        filter.init(jmock.mock(FilterConfig.class));
        final FilterChain filterChain = jmock.mock(FilterChain.class);
        jmock.checking(new Expectations() {{
--- a/web/template.mf
+++ b/web/template.mf
@ -3,18 +3,18 @@ Bundle-Name: Spring Security Web
 Bundle-Vendor: SpringSource
 Bundle-Version: ${version}
 Bundle-ManifestVersion: 2
-Excluded-Exports: 
+Excluded-Exports:
 org.springframework.security.web.authentication.preauth.websphere
-Excluded-Imports: 
+Excluded-Imports:
 javax.naming.*,
 javax.rmi.*,
 javax.sql.*,
 javax.security.auth.*,
 org.aopalliance.*
-Ignored-Existing-Headers: 
+Ignored-Existing-Headers:
 Import-Package,
 Export-Package
-Import-Template: 
+Import-Template:
 org.apache.commons.logging.*;version="[1.0.4, 2.0.0)",
 org.apache.commons.codec.*;version="[1.3, 2.0)";resolution:=optional,
 org.springframework.security.core.*;version="[${version}, 3.1.0)",
@ -31,8 +31,9 @@ Import-Template:
 org.springframework.jdbc.*;version="[3.0.0, 3.1.0)";resolution:=optional,
 org.springframework.mock.web;version="[3.0.0, 3.1.0)";resolution:=optional,
 org.springframework.web.context.*;version="[3.0.0, 3.1.0)";resolution:=optional,
 org.springframework.web.filter.*;version="[3.0.0, 3.1.0)",
 org.springframework.util;version="[3.0.0, 3.1.0)";resolution:=optional,
 org.w3c.dom;version="0";resolution:=optional,
 org.xml.sax;version="0";resolution:=optional,
 javax.servlet.*;version="0",
- javax.xml.parsers.*;version="0";resolution:=optional
+ javax.xml.parsers.*;version="0";resolution:=optional