Added a customized checkstyle configuration file to tame the Maven 2 checkstyle report to the extent that it gives some useful infomation. Tidied up comments, excessively long lines, use of tabs etc. to match.

acegi_checkstyle.xml

@@ -0,0 +1,205 @@
+<?xml version="1.0"?>
+<!--
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ -->
+
+<!DOCTYPE module PUBLIC
+    "-//Puppy Crawl//DTD Check Configuration 1.2//EN"
+    "http://www.puppycrawl.com/dtds/configuration_1_2.dtd">
+
+<!--
+
+  Checkstyle is very configurable. Be sure to read the documentation at
+  http://checkstyle.sf.net (or in your downloaded distribution).
+
+  Most Checks are configurable, be sure to consult the documentation.
+
+  To completely disable a check, just comment it out or delete it from the file.
+
+  Finally, it is worth reading the documentation.
+
+-->
+
+<module name="Checker">
+
+    <!-- Checks that a package.html file exists for each package.     -->
+    <!-- See http://checkstyle.sf.net/config_javadoc.html#PackageHtml -->
+    <!-- module name="PackageHtml"/ -->
+
+    <!-- Checks whether files end with a new line.                        -->
+    <!-- See http://checkstyle.sf.net/config_misc.html#NewlineAtEndOfFile -->
+    <module name="NewlineAtEndOfFile"/>
+
+    <!-- Checks that property files contain the same keys.         -->
+    <!-- See http://checkstyle.sf.net/config_misc.html#Translation -->
+    <module name="Translation"/>
+
+
+    <module name="TreeWalker">
+
+        <property name="cacheFile" value="${checkstyle.cache.file}"/>
+
+        <!-- Checks for Javadoc comments.                     -->
+        <!-- See http://checkstyle.sf.net/config_javadoc.html -->
+<!--
+        <module name="JavadocMethod"/>
+        <module name="JavadocType"/>
+        <module name="JavadocVariable"/>
+        <module name="JavadocStyle"/>
+-->
+
+        <!-- Checks for Naming Conventions.                  -->
+        <!-- See http://checkstyle.sf.net/config_naming.html -->
+        <module name="ConstantName">
+            <!-- logger variables break normal constant syntax. We need to allow lower case too -->
+            <property name="format" value="^[a-zA-Z][a-zA-Z0-9]*(_[A-Z0-9]+)*$"/>
+        </module>
+        <module name="LocalFinalVariableName"/>
+        <module name="LocalVariableName"/>
+        <module name="MemberName"/>
+        <module name="MethodName"/>
+        <module name="PackageName"/>
+        <module name="ParameterName"/>
+        <module name="StaticVariableName"/>
+        <module name="TypeName"/>
+
+
+        <!-- Checks for Headers                                -->
+        <!-- See http://checkstyle.sf.net/config_header.html   -->
+        <!-- <module name="Header">                            -->
+            <!-- The follow property value demonstrates the ability     -->
+            <!-- to have access to ANT properties. In this case it uses -->
+            <!-- the ${basedir} property to allow Checkstyle to be run  -->
+            <!-- from any directory within a project. See property      -->
+            <!-- expansion,                                             -->
+            <!-- http://checkstyle.sf.net/config.html#properties        -->
+            <!-- <property                                              -->
+            <!--     name="headerFile"                                  -->
+            <!--     value="${basedir}/java.header"/>                   -->
+        <!-- </module> -->
+
+        <!-- Following interprets the header file as regular expressions. -->
+        <!-- <module name="RegexpHeader"/>                                -->
+
+
+        <!-- Checks for imports                              -->
+        <!-- See http://checkstyle.sf.net/config_imports.html -->
+        <module name="AvoidStarImport">
+            <property name="excludes" value="javax.servlet,java.util"/>
+        </module>
+        <module name="IllegalImport"/> <!-- defaults to sun.* packages -->
+        <module name="RedundantImport"/>
+        <!--module name="UnusedImports"/ -->
+
+
+        <!-- Checks for Size Violations.                    -->
+        <!-- See http://checkstyle.sf.net/config_sizes.html -->
+        <module name="FileLength"/>
+        <module name="LineLength">
+            <property name="max" value="125"/>
+        </module>
+        <module name="MethodLength"/>
+        <module name="ParameterNumber"/>
+
+
+        <!-- Checks for whitespace                               -->
+        <!-- See http://checkstyle.sf.net/config_whitespace.html -->
+        <module name="EmptyForIteratorPad"/>
+        <module name="MethodParamPad"/>
+        <module name="NoWhitespaceAfter"/>
+        <module name="NoWhitespaceBefore"/>
+        <module name="OperatorWrap"/>
+        <module name="ParenPad"/>
+        <module name="TypecastParenPad"/>
+        <module name="TabCharacter"/>
+        <module name="WhitespaceAfter"/>
+      <!--
+        <module name="WhitespaceAround">
+            <property name="allowEmptyMethods" value="true"/>
+            <property name="allowEmptyConstructors" value="true"/>
+        </module>
+        -->
+
+        <!-- Modifier Checks                                    -->
+        <!-- See http://checkstyle.sf.net/config_modifiers.html -->
+        <module name="ModifierOrder"/>
+        <module name="RedundantModifier"/>
+
+
+        <!-- Checks for blocks. You know, those {}'s         -->
+        <!-- See http://checkstyle.sf.net/config_blocks.html -->
+        <module name="AvoidNestedBlocks"/>
+        <!-- module name="EmptyBlock"/ -->
+        <module name="LeftCurly"/>
+        <module name="NeedBraces"/>
+        <module name="RightCurly"/>
+
+
+        <!-- Checks for common coding problems               -->
+        <!-- See http://checkstyle.sf.net/config_coding.html -->
+        <!-- module name="AvoidInlineConditionals"/ -->
+        <module name="DoubleCheckedLocking"/>    <!-- MY FAVOURITE -->
+        <module name="EmptyStatement"/>
+        <!-- module name="EqualsHashCode"/ -->
+      <!--
+        <module name="HiddenField">
+            <property name="ignoreConstructorParameter" value="true"/>
+            <property name="ignoreSetter" value="true"/>
+        </module>
+        -->
+        <module name="IllegalInstantiation"/>
+        <module name="InnerAssignment"/>
+        <!-- module name="MagicNumber"/ -->
+        <module name="MissingSwitchDefault"/>
+      <!--
+        <module name="RedundantThrows">
+            <property name="allowUnchecked" value="true"/>
+        </module>
+       -->
+      <!--
+        <module name="SimplifyBooleanExpression"/>
+        <module name="SimplifyBooleanReturn"/>
+      -->
+        <!-- Checks for class design                         -->
+        <!-- See http://checkstyle.sf.net/config_design.html -->
+        <!-- module name="DesignForExtension"/ -->
+        <module name="FinalClass"/>
+        <module name="HideUtilityClassConstructor"/>
+        <module name="InterfaceIsType"/>
+        <module name="VisibilityModifier">
+            <!-- logger variables are often protected -->
+            <property name="protectedAllowed" value="true"/>
+        </module>
+
+
+        <!-- Miscellaneous other checks.                   -->
+        <!-- See http://checkstyle.sf.net/config_misc.html -->
+        <module name="ArrayTypeStyle"/>
+        <!-- module name="FinalParameters"/ -->
+        <!--
+        <module name="GenericIllegalRegexp">
+            <property name="format" value="\s+$"/>
+            <property name="message" value="Line has trailing spaces."/>
+        </module>
+        -->
+        <!-- module name="TrailingComment"/ -->
+        <!-- module name="TodoComment"/ -->
+        <module name="UpperEll"/>
+
+    </module>
+
+</module>

core/src/main/java/org/acegisecurity/AccessDecisionManager.java

@@ -36,7 +36,7 @@ public interface AccessDecisionManager {
      * @throws InsufficientAuthenticationException if access is denied as the authentication does not provide a
      *         sufficient level of trust
      */
-    public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
+    void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
         throws AccessDeniedException, InsufficientAuthenticationException;
 
     /**
@@ -51,7 +51,7 @@ public interface AccessDecisionManager {
      *
      * @return true if this <code>AccessDecisionManager</code> can support the passed configuration attribute
      */
-    public boolean supports(ConfigAttribute attribute);
+    boolean supports(ConfigAttribute attribute);
 
     /**
      * Indicates whether the <code>AccessDecisionManager</code> implementation is able to provide access
@@ -61,5 +61,5 @@ public interface AccessDecisionManager {
      *
      * @return <code>true</code> if the implementation can process the indicated class
      */
-    public boolean supports(Class clazz);
+    boolean supports(Class clazz);
 }

core/src/main/java/org/acegisecurity/AfterInvocationManager.java

@@ -19,7 +19,7 @@ package org.acegisecurity;
  * Reviews the <code>Object</code> returned from a secure object invocation,
  * being able to modify the <code>Object</code> or throw an {@link
  * AccessDeniedException}.
- * 
+ *
  * <p>
  * Typically used to ensure the principal is permitted to access the domain
  * object instance returned by a service layer bean. Can also be used to
@@ -28,7 +28,7 @@ package org.acegisecurity;
  * in conjunction with an {@link org.acegisecurity.acl.AclManager} to
  * obtain the access control list applicable for the domain object instance.
  * </p>
- * 
+ *
  * <p>
  * Special consideration should be given to using an
  * <code>AfterInvocationManager</code> on bean methods that modify a database.
@@ -60,7 +60,7 @@ public interface AfterInvocationManager {
      *
      * @throws AccessDeniedException if access is denied
      */
-    public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+    Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
         Object returnedObject) throws AccessDeniedException;
 
     /**
@@ -75,7 +75,7 @@ public interface AfterInvocationManager {
      *
      * @return true if this <code>AfterInvocationManager</code> can support the passed configuration attribute
      */
-    public boolean supports(ConfigAttribute attribute);
+    boolean supports(ConfigAttribute attribute);
 
     /**
      * Indicates whether the <code>AfterInvocationManager</code> implementation is able to provide access
@@ -85,5 +85,5 @@ public interface AfterInvocationManager {
      *
      * @return <code>true</code> if the implementation can process the indicated class
      */
-    public boolean supports(Class clazz);
+    boolean supports(Class clazz);
 }

core/src/main/java/org/acegisecurity/Authentication.java

@@ -22,12 +22,12 @@ import java.security.Principal;
 
 /**
  * Represents an authentication request.
- * 
+ *
  * <p>
  * An <code>Authentication</code> object is not considered authenticated until
  * it is processed by an {@link AuthenticationManager}.
  * </p>
- * 
+ *
  * <p>
  * Stored in a request {@link org.acegisecurity.context.SecurityContext}.
  * </p>
@@ -46,7 +46,7 @@ public interface Authentication extends Principal, Serializable {
      *
      * @return the authorities granted to the principal, or <code>null</code> if authentication has not been completed
      */
-    public GrantedAuthority[] getAuthorities();
+    GrantedAuthority[] getAuthorities();
 
     /**
      * The credentials that prove the principal is correct. This is usually a password, but could be anything
@@ -54,7 +54,7 @@ public interface Authentication extends Principal, Serializable {
      *
      * @return the credentials that prove the identity of the <code>Principal</code>
      */
-    public Object getCredentials();
+    Object getCredentials();
 
     /**
      * Stores additional details about the authentication request. These might be an IP address, certificate
@@ -62,7 +62,7 @@ public interface Authentication extends Principal, Serializable {
      *
      * @return additional details about the authentication request, or <code>null</code> if not used
      */
-    public Object getDetails();
+    Object getDetails();
 
     /**
      * The identity of the principal being authenticated. This is usually a username. Callers are expected to
@@ -70,7 +70,7 @@ public interface Authentication extends Principal, Serializable {
      *
      * @return the <code>Principal</code> being authenticated
      */
-    public Object getPrincipal();
+    Object getPrincipal();
 
     /**
      * Used to indicate to <code>AbstractSecurityInterceptor</code> whether it should present the
@@ -85,7 +85,7 @@ public interface Authentication extends Principal, Serializable {
      * @return true if the token has been authenticated and the <code>AbstractSecurityInterceptor</code> does not need
      *         to represent the token for re-authentication to the <code>AuthenticationManager</code>
      */
-    public boolean isAuthenticated();
+    boolean isAuthenticated();
 
     /**
      * See {@link #isAuthenticated()} for a full description.<p>Implementations should <b>always</b> allow this
@@ -101,6 +101,6 @@ public interface Authentication extends Principal, Serializable {
      *         <code>true</code> as the argument) is rejected due to the implementation being immutable or
      *         implementing its own alternative approach to {@link #isAuthenticated()}
      */
-    public void setAuthenticated(boolean isAuthenticated)
+    void setAuthenticated(boolean isAuthenticated)
         throws IllegalArgumentException;
 }

core/src/main/java/org/acegisecurity/AuthenticationManager.java

@@ -44,6 +44,6 @@ public interface AuthenticationManager {
      *
      * @throws AuthenticationException if authentication fails
      */
-    public Authentication authenticate(Authentication authentication)
+    Authentication authenticate(Authentication authentication)
         throws AuthenticationException;
 }

core/src/main/java/org/acegisecurity/AuthenticationTrustResolver.java

@@ -37,7 +37,7 @@ public interface AuthenticationTrustResolver {
      * @return <code>true</code> the passed authentication token represented an anonymous principal, <code>false</code>
      *         otherwise
      */
-    public boolean isAnonymous(Authentication authentication);
+    boolean isAnonymous(Authentication authentication);
 
     /**
      * Indicates whether the passed <code>Authentication</code> token represents user that has been remembered
@@ -52,5 +52,5 @@ public interface AuthenticationTrustResolver {
      * @return <code>true</code> the passed authentication token represented a principal authenticated using a
      *         remember-me token, <code>false</code> otherwise
      */
-    public boolean isRememberMe(Authentication authentication);
+    boolean isRememberMe(Authentication authentication);
 }

core/src/main/java/org/acegisecurity/ConfigAttribute.java

@@ -20,7 +20,7 @@ import java.io.Serializable;
 
 /**
  * Stores a security system related configuration attribute.
- * 
+ *
  * <p>
  * When an {@link org.acegisecurity.intercept.AbstractSecurityInterceptor}
  * is setup, a list of configuration attributes is defined for secure object
@@ -28,7 +28,7 @@ import java.io.Serializable;
  * RunAsManager}, {@link AccessDecisionManager} or
  * <code>AccessDecisionManager</code> delegate.
  * </p>
- * 
+ *
  * <P>
  * Stored at runtime with other <code>ConfigAttribute</code>s for the same
  * secure object target within a {@link ConfigAttributeDefinition}.
@@ -52,5 +52,5 @@ public interface ConfigAttribute extends Serializable {
      * @return a representation of the configuration attribute (or <code>null</code> if the configuration attribute
      *         cannot be expressed as a <code>String</code> with sufficient precision).
      */
-    public String getAttribute();
+    String getAttribute();
 }

core/src/main/java/org/acegisecurity/GrantedAuthority.java

@@ -19,7 +19,7 @@ import java.io.Serializable;
 
 /**
  * Represents an authority granted to an {@link Authentication} object.
- * 
+ *
  * <p>
  * A <code>GrantedAuthority</code> must either represent itself as a
  * <code>String</code> or be specifically supported by an  {@link
@@ -44,5 +44,5 @@ public interface GrantedAuthority extends Serializable {
      * @return a representation of the granted authority (or <code>null</code> if the granted authority cannot be
      *         expressed as a <code>String</code> with sufficient precision).
      */
-    public String getAuthority();
+    String getAuthority();
 }

core/src/main/java/org/acegisecurity/GrantedAuthorityImpl.java

@@ -28,7 +28,7 @@ import java.io.Serializable;
 public class GrantedAuthorityImpl implements GrantedAuthority, Serializable {
     //~ Instance fields ================================================================================================
 
-	private static final long serialVersionUID = 1L;
+    private static final long serialVersionUID = 1L;
     private String role;
 
     //~ Constructors ===================================================================================================

core/src/main/java/org/acegisecurity/RunAsManager.java

@@ -18,7 +18,7 @@ package org.acegisecurity;
 /**
  * Creates a new temporary {@link Authentication} object for the current secure
  * object invocation only.
- * 
+ *
  * <p>
  * This interface permits implementations to replace the
  * <code>Authentication</code> object that applies to the current secure
@@ -29,7 +29,7 @@ package org.acegisecurity;
  * for the duration of  the secure object callback only, returning it to
  * the original <code>Authentication</code> object when the callback ends.
  * </p>
- * 
+ *
  * <p>
  * This is provided so that systems with two layers of objects can be
  * established. One layer is public facing and has normal secure methods with
@@ -43,7 +43,7 @@ package org.acegisecurity;
  * <code>RunAsManager</code> interface provides a mechanism to elevate
  * security in this manner.
  * </p>
- * 
+ *
  * <p>
  * It is expected implementations will provide a corresponding concrete
  * <code>Authentication</code> and <code>AuthenticationProvider</code> so that
@@ -71,7 +71,7 @@ public interface RunAsManager {
      * @return a replacement object to be used for duration of the secure object invocation, or <code>null</code> if
      *         the <code>Authentication</code> should be left as is
      */
-    public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config);
+    Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config);
 
     /**
      * Indicates whether this <code>RunAsManager</code> is able to process the passed
@@ -84,7 +84,7 @@ public interface RunAsManager {
      *
      * @return <code>true</code> if this <code>RunAsManager</code> can support the passed configuration attribute
      */
-    public boolean supports(ConfigAttribute attribute);
+    boolean supports(ConfigAttribute attribute);
 
     /**
      * Indicates whether the <code>RunAsManager</code> implementation is able to provide run-as replacement for
@@ -94,5 +94,5 @@ public interface RunAsManager {
      *
      * @return true if the implementation can process the indicated class
      */
-    public boolean supports(Class clazz);
+    boolean supports(Class clazz);
 }

core/src/main/java/org/acegisecurity/acl/AclEntry.java

@@ -21,7 +21,7 @@ import java.io.Serializable;
 /**
  * Marker interface representing an access control list entry associated with a
  * specific domain object instance.
- * 
+ *
  * @author Ben Alex
  * @version $Id$
  */

core/src/main/java/org/acegisecurity/acl/AclManager.java

@@ -35,7 +35,7 @@ public interface AclManager {
      *
      * @return the ACLs that apply, or <code>null</code> if no ACLs apply to the specified domain instance
      */
-    public AclEntry[] getAcls(Object domainInstance);
+    AclEntry[] getAcls(Object domainInstance);
 
     /**
      * Obtains the ACLs that apply to the specified domain instance, but only including those ACLs which have
@@ -47,5 +47,5 @@ public interface AclManager {
      * @return only those ACLs applying to the domain instance that have been granted to the principal (or
      *         <code>null</code>) if no such ACLs are found
      */
-    public AclEntry[] getAcls(Object domainInstance, Authentication authentication);
+    AclEntry[] getAcls(Object domainInstance, Authentication authentication);
 }

core/src/main/java/org/acegisecurity/acl/AclProvider.java

@@ -21,7 +21,7 @@ import org.acegisecurity.Authentication;
 /**
  * Indicates a class can process a given domain object instance and
  * authoritatively return the ACLs that apply.
- * 
+ *
  * <P>
  * Implementations are typically called from the {@link AclProviderManager}.
  * </p>
@@ -40,7 +40,7 @@ public interface AclProvider {
      *
      * @return the ACLs that apply, or <code>null</code> if no ACLs apply to the specified domain instance
      */
-    public AclEntry[] getAcls(Object domainInstance);
+    AclEntry[] getAcls(Object domainInstance);
 
     /**
      * Obtains the ACLs that apply to the specified domain instance and presented <code>Authentication</code>
@@ -52,7 +52,7 @@ public interface AclProvider {
      * @return only those ACLs applying to the domain instance that have been granted to the principal (or
      *         <code>null</code>) if no such ACLs are found
      */
-    public AclEntry[] getAcls(Object domainInstance, Authentication authentication);
+    AclEntry[] getAcls(Object domainInstance, Authentication authentication);
 
     /**
      * Indicates whether this <code>AclProvider</code> can authoritatively return ACL information for the
@@ -63,5 +63,5 @@ public interface AclProvider {
      * @return <code>true</code> if this provider is authoritative for the specified domain object instance,
      *         <code>false</code> otherwise
      */
-    public boolean supports(Object domainInstance);
+    boolean supports(Object domainInstance);
 }

core/src/main/java/org/acegisecurity/acl/basic/AclObjectIdentity.java

@@ -20,7 +20,7 @@ import java.io.Serializable;
 
 /**
  * Interface representing the identity of an individual domain object instance.
- * 
+ *
  * <P>
  * It should be noted that <code>AclObjectIdentity</code> instances are created
  * in various locations throughout the package. As
@@ -31,7 +31,7 @@ import java.io.Serializable;
  * <code>identity1.equals(identity2)</code>, rather than reference-equality of
  * <code>identity1==identity2</code>.
  * </p>
- * 
+ *
  * <P>
  * In practical terms this means you must implement the standard
  * <code>java.lang.Object</code> methods shown below. Depending on your
@@ -53,12 +53,12 @@ public interface AclObjectIdentity extends Serializable {
      *
      * @return <code>true</code> if the objects are equal, <code>false</code> otherwise
      */
-    public boolean equals(Object obj);
+    boolean equals(Object obj);
 
     /**
      * Refer to the <code>java.lang.Object</code> documentation for the interface contract.
      *
      * @return a hash code representation of this object
      */
-    public int hashCode();
+    int hashCode();
 }

core/src/main/java/org/acegisecurity/acl/basic/AclObjectIdentityAware.java

@@ -18,7 +18,7 @@ package org.acegisecurity.acl.basic;
 /**
  * Indicates a domain object instance is able to provide {@link
  * AclObjectIdentity} information.
- * 
+ *
  * <P>
  * Domain objects must implement this interface if they wish to provide an
  * <code>AclObjectIdentity</code> rather than it being determined by relying
@@ -37,5 +37,5 @@ public interface AclObjectIdentityAware {
      *
      * @return the ACL object identity for this instance (can never be <code>null</code>)
      */
-    public AclObjectIdentity getAclObjectIdentity();
+    AclObjectIdentity getAclObjectIdentity();
 }

core/src/main/java/org/acegisecurity/acl/basic/BasicAclDao.java

@@ -18,13 +18,13 @@ package org.acegisecurity.acl.basic;
 /**
  * Represents a data access object that can return the {@link BasicAclEntry}s
  * applying to a given ACL object identity.
- * 
+ *
  * <P>
  * <code>BasicAclDao</code> implementations are responsible for interpreting a
  * given {@link AclObjectIdentity} and being able to lookup and return the
  * corresponding {@link BasicAclEntry}[]s.
  * </p>
- * 
+ *
  * <P>
  * <code>BasicAclDao</code>s many, but are not required to, allow the backend
  * ACL repository to specify the class of <code>BasicAclEntry</code>
@@ -48,5 +48,5 @@ public interface BasicAclDao {
      * @return the ACLs that apply (no <code>null</code>s are permitted in the array), or <code>null</code> if no ACLs
      *         could be found for the specified ACL object identity
      */
-    public BasicAclEntry[] getAcls(AclObjectIdentity aclObjectIdentity);
+    BasicAclEntry[] getAcls(AclObjectIdentity aclObjectIdentity);
 }

core/src/main/java/org/acegisecurity/acl/basic/BasicAclEntry.java

@@ -35,7 +35,7 @@ public interface BasicAclEntry extends AclEntry {
      *
      * @return the ACL object identity that is subject of this ACL entry (never <code>null</code>)
      */
-    public AclObjectIdentity getAclObjectIdentity();
+    AclObjectIdentity getAclObjectIdentity();
 
     /**
      * Indicates any ACL parent of the domain object instance. This is used by <code>BasicAclProvider</code> to
@@ -44,7 +44,7 @@ public interface BasicAclEntry extends AclEntry {
      * @return the ACL object identity that is the parent of this ACL entry (may be <code>null</code> if no parent
      *         should be consulted)
      */
-    public AclObjectIdentity getAclObjectParentIdentity();
+    AclObjectIdentity getAclObjectParentIdentity();
 
     /**
      * Access control lists in this package are based on bit masking. The integer value of the bit mask can be
@@ -53,7 +53,7 @@ public interface BasicAclEntry extends AclEntry {
      * @return the bit mask applicable to this ACL entry (zero indicates a bit mask where no permissions have been
      *         granted)
      */
-    public int getMask();
+    int getMask();
 
     /**
      * A domain object instance will usually have multiple <code>BasicAclEntry</code>s. Each separate
@@ -65,12 +65,12 @@ public interface BasicAclEntry extends AclEntry {
      * object type will vary depending on the type of recipient. For instance, it might be a <code>String</code>
      * containing a username, or a <code>GrantedAuthorityImpl</code> containing a complex granted authority that is
      * being granted the permissions contained in this access control entry. The {@link EffectiveAclsResolver} and
-     * {@link BasicAclProvider#getAcls(Object, Authentication)} can process the different recipient types and return
+     * {@link BasicAclProvider#getAcls(Object,org.acegisecurity.Authentication)} can process the different recipient
-     * only those that apply to a specified <code>Authentication</code> object.</p>
+     * types and return only those that apply to a specified <code>Authentication</code> object.</p>
      *
      * @return the recipient of this access control list entry (never <code>null</code>)
      */
-    public Object getRecipient();
+    Object getRecipient();
 
     /**
      * Determine if the mask of this entry includes this permission or not
@@ -79,7 +79,7 @@ public interface BasicAclEntry extends AclEntry {
      *
      * @return if the entry's mask includes this permission
      */
-    public boolean isPermitted(int permissionToCheck);
+    boolean isPermitted(int permissionToCheck);
 
     /**
      * This setter should <B>only</B> be used by DAO implementations.
@@ -87,7 +87,7 @@ public interface BasicAclEntry extends AclEntry {
      * @param aclObjectIdentity an object which can be used to uniquely identify the domain object instance subject of
      *        this ACL entry
      */
-    public void setAclObjectIdentity(AclObjectIdentity aclObjectIdentity);
+    void setAclObjectIdentity(AclObjectIdentity aclObjectIdentity);
 
     /**
      * This setter should <B>only</B> be used by DAO implementations.
@@ -96,14 +96,14 @@ public interface BasicAclEntry extends AclEntry {
      *        this ACL entry, or <code>null</code> if either the domain object instance has no parent or its parent
      *        should be not used to compute an inheritance hierarchy
      */
-    public void setAclObjectParentIdentity(AclObjectIdentity aclObjectParentIdentity);
+    void setAclObjectParentIdentity(AclObjectIdentity aclObjectParentIdentity);
 
     /**
      * This setter should <B>only</B> be used by DAO implementations.
      *
      * @param mask the integer representing the permissions bit mask
      */
-    public void setMask(int mask);
+    void setMask(int mask);
 
     /**
      * This setter should <B>only</B> be used by DAO implementations.
@@ -111,5 +111,5 @@ public interface BasicAclEntry extends AclEntry {
      * @param recipient a representation of the recipient of this ACL entry that makes sense to an
      *        <code>EffectiveAclsResolver</code> implementation
      */
-    public void setRecipient(Object recipient);
+    void setRecipient(Object recipient);
 }

core/src/main/java/org/acegisecurity/acl/basic/BasicAclEntryCache.java

@@ -17,7 +17,7 @@ package org.acegisecurity.acl.basic;
 
 /**
  * Provides a cache of {@link BasicAclEntry} objects.
- * 
+ *
  * <P>
  * Implementations should provide appropriate methods to set their cache
  * parameters (eg time-to-live) and/or force removal of entities before their
@@ -41,7 +41,7 @@ public interface BasicAclEntryCache {
      * @return any applicable <code>BasicAclEntry</code>s (no <code>null</code>s are permitted in the returned array)
      *         or <code>null</code> if the object identity could not be found or if the cache entry has expired
      */
-    public BasicAclEntry[] getEntriesFromCache(AclObjectIdentity aclObjectIdentity);
+    BasicAclEntry[] getEntriesFromCache(AclObjectIdentity aclObjectIdentity);
 
     /**
      * Places an array of {@link BasicAclEntry}s in the cache.<P>No <code>null</code>s are allowed in the
@@ -50,12 +50,12 @@ public interface BasicAclEntryCache {
      * @param basicAclEntry the ACL entries to cache (the key will be extracted from the {@link
      *        BasicAclEntry#getAclObjectIdentity()} method
      */
-    public void putEntriesInCache(BasicAclEntry[] basicAclEntry);
+    void putEntriesInCache(BasicAclEntry[] basicAclEntry);
 
     /**
      * Removes all ACL entries related to an {@link AclObjectIdentity} from the cache.
      *
      * @param aclObjectIdentity which should be removed from the cache
      */
-    public void removeEntriesFromCache(AclObjectIdentity aclObjectIdentity);
+    void removeEntriesFromCache(AclObjectIdentity aclObjectIdentity);
 }

core/src/main/java/org/acegisecurity/acl/basic/BasicAclExtendedDao.java

@@ -21,12 +21,12 @@ import org.springframework.dao.DataAccessException;
 /**
  * Represents a more extensive data access object
  * for {@link BasicAclEntry}s.
- * 
+ *
- * <P>
+ * <p>
  * <code>BasicAclExtendedDao</code> implementations are responsible for interpreting a
  * a given {@link AclObjectIdentity}.
  * </p>
- * 
+ *
  * @author Ben Alex
  * @version $Id$
  */
@@ -43,10 +43,10 @@ public interface BasicAclExtendedDao extends BasicAclDao {
      *
      * @throws DataAccessException DOCUMENT ME!
      */
-    public void changeMask(AclObjectIdentity aclObjectIdentity, Object recipient, Integer newMask)
+    void changeMask(AclObjectIdentity aclObjectIdentity, Object recipient, Integer newMask)
         throws DataAccessException;
 
-    public void create(BasicAclEntry basicAclEntry) throws DataAccessException;
+    void create(BasicAclEntry basicAclEntry) throws DataAccessException;
 
     /**
      * Deletes <b>all</b> entries associated with the specified <code>AclObjectIdentity</code>.
@@ -55,7 +55,7 @@ public interface BasicAclExtendedDao extends BasicAclDao {
      *
      * @throws DataAccessException DOCUMENT ME!
      */
-    public void delete(AclObjectIdentity aclObjectIdentity)
+    void delete(AclObjectIdentity aclObjectIdentity)
         throws DataAccessException;
 
     /**
@@ -67,6 +67,6 @@ public interface BasicAclExtendedDao extends BasicAclDao {
      *
      * @throws DataAccessException DOCUMENT ME!
      */
-    public void delete(AclObjectIdentity aclObjectIdentity, Object recipient)
+    void delete(AclObjectIdentity aclObjectIdentity, Object recipient)
         throws DataAccessException;
 }

core/src/main/java/org/acegisecurity/acl/basic/EffectiveAclsResolver.java

@@ -23,14 +23,14 @@ import org.acegisecurity.acl.AclEntry;
 /**
  * Determines the ACLs that are effective for a given
  * <code>Authentication</code> object.
- * 
+ *
  * <P>
  * Implementations will vary depending on their ability to interpret the
  * "recipient" object types contained in {@link BasicAclEntry} instances, and
  * how those recipient object types correspond to
  * <code>Authentication</code>-presented principals and granted authorities.
  * </p>
- * 
+ *
  * <P>
  * Implementations should not filter the resulting ACL list from lower-order
  * permissions. So if a resulting ACL list grants a "read" permission, an
@@ -57,5 +57,5 @@ public interface EffectiveAclsResolver {
      *
      * @return the ACLs that apply to the presented principal, or <code>null</code> if there are none after filtering
      */
-    public AclEntry[] resolveEffectiveAcls(AclEntry[] allAcls, Authentication filteredBy);
+    AclEntry[] resolveEffectiveAcls(AclEntry[] allAcls, Authentication filteredBy);
 }

core/src/main/java/org/acegisecurity/acl/basic/GrantedAuthorityEffectiveAclsResolver.java

@@ -96,9 +96,8 @@ public class GrantedAuthorityEffectiveAclsResolver implements EffectiveAclsResol
 
                 if ((authorities == null) || (authorities.length == 0)) {
                     if (logger.isDebugEnabled()) {
-                        logger.debug(
+                        logger.debug("Did not match principal and there are no granted authorities, "
-                            "Did not match principal and there are no granted authorities, so cannot compare with recipient: "
+                                + "so cannot compare with recipient: " + recipient);
-                            + recipient);
                     }
 
                     continue;

core/src/main/java/org/acegisecurity/acl/basic/SimpleAclEntry.java

@@ -50,15 +50,15 @@ public class SimpleAclEntry extends AbstractBasicAclEntry {
         };
 
     private static final String[] VALID_PERMISSIONS_AS_STRING = {
-            "NOTHING", "ADMINISTRATION", "READ", "WRITE", "CREATE", "DELETE", "READ_WRITE_CREATE_DELETE", "READ_WRITE_CREATE",
+            "NOTHING", "ADMINISTRATION", "READ", "WRITE", "CREATE", "DELETE", "READ_WRITE_CREATE_DELETE",
-            "READ_WRITE", "READ_WRITE_DELETE" };
+            "READ_WRITE_CREATE", "READ_WRITE", "READ_WRITE_DELETE" };
 
     //~ Constructors ===================================================================================================
 
     /**
      * Allows {@link BasicAclDao} implementations to construct this object
      * using <code>newInstance()</code>.
-     * 
+     *
      * <P>
      * Normal classes should <B>not</B> use this default constructor.
      * </p>
@@ -119,7 +119,7 @@ public class SimpleAclEntry extends AbstractBasicAclEntry {
 
     /**
      * Parse a permission {@link String} literal and return associated value.
-     * 
+     *
      * @param permission one of the field names that represent a permission: <code>ADMINISTRATION</code>,
      * <code>READ</code>, <code>WRITE</code>,...
      * @return the value associated to that permission
@@ -136,7 +136,7 @@ public class SimpleAclEntry extends AbstractBasicAclEntry {
 
     /**
      * Parse a list of permission {@link String} literals and return associated values.
-     * 
+     *
      * @param permissions array with permissions as {@link String}
      * @see #parsePermission(String) for valid values
      */

core/src/main/java/org/acegisecurity/acl/basic/jdbc/JdbcDaoImpl.java

@@ -42,17 +42,27 @@ import javax.sql.DataSource;
 
 
 /**
- * <p>Retrieves ACL details from a JDBC location.</p>
+ * Retrieves ACL details from a JDBC location.
- *  <p>A default database structure is assumed. This may be overridden by setting the default query strings to use.
+ * <p>
+ * A default database structure is assumed. This may be overridden by setting the default query strings to use.
  * If this does not provide enough flexibility, another strategy would be to subclass this class and override the
- * {@link MappingSqlQuery} instance used, via the {@link #initMappingSqlQueries()} extension point.</p>
+ * {@link MappingSqlQuery} instance used, via the {@link #initMappingSqlQueries()} extension point.
+ * </p>
  */
 public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
     //~ Static fields/initializers =====================================================================================
 
     public static final String RECIPIENT_USED_FOR_INHERITENCE_MARKER = "___INHERITENCE_MARKER_ONLY___";
-    public static final String DEF_ACLS_BY_OBJECT_IDENTITY_QUERY = "SELECT RECIPIENT, MASK FROM acl_permission WHERE acl_object_identity = ?";
+    public static final String DEF_ACLS_BY_OBJECT_IDENTITY_QUERY =
-    public static final String DEF_OBJECT_PROPERTIES_QUERY = "SELECT CHILD.ID, CHILD.OBJECT_IDENTITY, CHILD.ACL_CLASS, PARENT.OBJECT_IDENTITY as PARENT_OBJECT_IDENTITY FROM acl_object_identity as CHILD LEFT OUTER JOIN acl_object_identity as PARENT ON CHILD.parent_object=PARENT.id WHERE CHILD.object_identity = ?";
+            "SELECT RECIPIENT, MASK FROM acl_permission WHERE acl_object_identity = ?";
+    public static final String DEF_OBJECT_PROPERTIES_QUERY =
+            "SELECT CHILD.ID, "
+                + "CHILD.OBJECT_IDENTITY, "
+                + "CHILD.ACL_CLASS, "
+                + "PARENT.OBJECT_IDENTITY as PARENT_OBJECT_IDENTITY "
+                + "FROM acl_object_identity as CHILD "
+                + "LEFT OUTER JOIN acl_object_identity as PARENT ON CHILD.parent_object=PARENT.id "
+                + "WHERE CHILD.object_identity = ?";
     private static final Log logger = LogFactory.getLog(JdbcDaoImpl.class);
 
     //~ Instance fields ================================================================================================
@@ -382,7 +392,8 @@ public class JdbcDaoImpl extends JdbcDaoSupport implements BasicAclDao {
                 throw new IllegalArgumentException(cnf.getMessage());
             }
 
-            return new AclDetailsHolder(id, buildIdentity(objectIdentity), buildIdentity(parentObjectIdentity), aclClazz);
+            return new AclDetailsHolder(id,
+                    buildIdentity(objectIdentity), buildIdentity(parentObjectIdentity), aclClazz);
         }
     }
 }

core/src/main/java/org/acegisecurity/acl/basic/jdbc/JdbcExtendedDaoImpl.java

@@ -48,8 +48,8 @@ import javax.sql.DataSource;
 
 /**
  * <p>Extension of the base {@link JdbcDaoImpl}, which implements {@link BasicAclExtendedDao}.</p>
- *  <p>A default database structure is assumed. This may be overridden by setting the default query strings to use.</p>
+ * <p>A default database structure is assumed. This may be overridden by setting the default query strings to use.</p>
- *  <p>If you are using a cache with <code>BasicAclProvider</code>, you should specify that cache via {@link
+ * <p>If you are using a cache with <code>BasicAclProvider</code>, you should specify that cache via {@link
  * #setBasicAclEntryCache(BasicAclEntryCache)}. This will cause cache evictions (removals) to take place whenever a
  * DAO mutator method is called.</p>
  *  <p>This implementation works with <code>String</code> based recipients and {@link
@@ -63,12 +63,18 @@ public class JdbcExtendedDaoImpl extends JdbcDaoImpl implements BasicAclExtended
     //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(JdbcExtendedDaoImpl.class);
-    public static final String DEF_ACL_OBJECT_IDENTITY_DELETE_STATEMENT = "DELETE FROM acl_object_identity WHERE id = ?";
+    public static final String DEF_ACL_OBJECT_IDENTITY_DELETE_STATEMENT =
-    public static final String DEF_ACL_OBJECT_IDENTITY_INSERT_STATEMENT = "INSERT INTO acl_object_identity (object_identity, parent_object, acl_class) VALUES (?, ?, ?)";
+            "DELETE FROM acl_object_identity WHERE id = ?";
-    public static final String DEF_ACL_PERMISSION_DELETE_STATEMENT = "DELETE FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?";
+    public static final String DEF_ACL_OBJECT_IDENTITY_INSERT_STATEMENT =
-    public static final String DEF_ACL_PERMISSION_INSERT_STATEMENT = "INSERT INTO acl_permission (acl_object_identity, recipient, mask) VALUES (?, ?, ?)";
+            "INSERT INTO acl_object_identity (object_identity, parent_object, acl_class) VALUES (?, ?, ?)";
-    public static final String DEF_ACL_PERMISSION_UPDATE_STATEMENT = "UPDATE acl_permission SET mask = ? WHERE id = ?";
+    public static final String DEF_ACL_PERMISSION_DELETE_STATEMENT =
-    public static final String DEF_LOOKUP_PERMISSION_ID_QUERY = "SELECT id FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?";
+            "DELETE FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?";
+    public static final String DEF_ACL_PERMISSION_INSERT_STATEMENT =
+            "INSERT INTO acl_permission (acl_object_identity, recipient, mask) VALUES (?, ?, ?)";
+    public static final String DEF_ACL_PERMISSION_UPDATE_STATEMENT =
+            "UPDATE acl_permission SET mask = ? WHERE id = ?";
+    public static final String DEF_LOOKUP_PERMISSION_ID_QUERY =
+            "SELECT id FROM acl_permission WHERE acl_object_identity = ? AND recipient = ?";
 
     //~ Instance fields ================================================================================================
 

core/src/main/java/org/acegisecurity/acls/AccessControlEntry.java

@@ -19,32 +19,33 @@ import org.acegisecurity.acls.sid.Sid;
 import java.io.Serializable;
 
 
-/**
+/**
- * Represents an individual permission assignment within an {@link Acl}. 
+ * Represents an individual permission assignment within an {@link Acl}.
- * 
+ *
- * <p>
+ * <p>
- * Instances MUST be immutable, as they are returned by <code>Acl</code>
+ * Instances MUST be immutable, as they are returned by <code>Acl</code>
- * and should not allow client modification.
+ * and should not allow client modification.
- * 
+ * </p>
- * @author Ben Alex
+ *
- * @version $Id$
+ * @author Ben Alex
- *
+ * @version $Id$
+ *
  */
 public interface AccessControlEntry {
     //~ Methods ========================================================================================================
 
-    public Acl getAcl();
+    Acl getAcl();
 
     /**
      * Obtains an identifier that represents this ACE.
      *
      * @return the identifier, or <code>null</code> if unsaved
      */
-    public Serializable getId();
+    Serializable getId();
 
-    public Permission getPermission();
+    Permission getPermission();
 
-    public Sid getSid();
+    Sid getSid();
 
     /**
      * Indicates the a Permission is being granted to the relevant Sid. If false, indicates the permission is
@@ -52,5 +53,5 @@ public interface AccessControlEntry {
      *
      * @return true if being granted, false otherwise
      */
-    public boolean isGranting();
+    boolean isGranting();
 }

core/src/main/java/org/acegisecurity/acls/Acl.java

@@ -20,25 +20,25 @@ import org.acegisecurity.acls.sid.Sid;
 import java.io.Serializable;
 
 
-/**
+/**
- * Represents an access control list (ACL) for a domain object.
+ * Represents an access control list (ACL) for a domain object.
- * 
+ *
- * <p>
+ * <p>
- * An <code>Acl</code> represents all ACL entries for a given domain object. In
+ * An <code>Acl</code> represents all ACL entries for a given domain object. In
- * order to avoid needing references to the domain object itself, this
+ * order to avoid needing references to the domain object itself, this
- * interface handles indirection between a domain object and an ACL object
+ * interface handles indirection between a domain object and an ACL object
- * identity via the {@link
+ * identity via the {@link
- * org.acegisecurity.acls.objectidentity.ObjectIdentity} interface.
+ * org.acegisecurity.acls.objectidentity.ObjectIdentity} interface.
- * </p>
+ * </p>
- * 
+ *
- * <p>
+ * <p>
- * An implementation represents the {@link org.acegisecurity.acls.Permission}
+ * An implementation represents the {@link org.acegisecurity.acls.Permission}
- * list applicable for some or all {@link org.acegisecurity.acls.sid.Sid}
+ * list applicable for some or all {@link org.acegisecurity.acls.sid.Sid}
- * instances.
+ * instances.
- * </p>
+ * </p>
- *
+ *
- * @author Ben Alex
+ * @author Ben Alex
- * @version $Id$
+ * @version $Id$
  */
 public interface Acl extends Serializable {
     //~ Methods ========================================================================================================
@@ -50,14 +50,14 @@ public interface Acl extends Serializable {
      * particular ordering logic in authorization decisions, the entries returned by this method <em>MUST</em> be
      * ordered in that manner.</p>
      *  <p>Do <em>NOT</em> use this method for making authorization decisions. Instead use {@link
-     * #isGranted(Permission[], Sid[])}.</p>
+     * #isGranted(Permission[], Sid[], boolean)}.</p>
      *  <p>This method must operate correctly even if the <code>Acl</code> only represents a subset of
      * <code>Sid</code>s. The caller is responsible for correctly handling the result if only a subset of
      * <code>Sid</code>s is represented.</p>
      *
      * @return the list of entries represented by the <code>Acl</code>
      */
-    public AccessControlEntry[] getEntries();
+    AccessControlEntry[] getEntries();
 
     /**
      * Obtains the domain object this <code>Acl</code> provides entries for. This is immutable once an
@@ -65,7 +65,7 @@ public interface Acl extends Serializable {
      *
      * @return the object identity
      */
-    public ObjectIdentity getObjectIdentity();
+    ObjectIdentity getObjectIdentity();
 
     /**
      * Determines the owner of the <code>Acl</code>. The meaning of ownership varies by implementation and is
@@ -73,7 +73,7 @@ public interface Acl extends Serializable {
      *
      * @return the owner (may be null if the implementation does not use ownership concepts)
      */
-    public Sid getOwner();
+    Sid getOwner();
 
     /**
      * A domain object may have a parent for the purpose of ACL inheritance. If there is a parent, its ACL can
@@ -87,7 +87,7 @@ public interface Acl extends Serializable {
      *
      * @return the parent <code>Acl</code>
      */
-    public Acl getParentAcl();
+    Acl getParentAcl();
 
     /**
      * Indicates whether the ACL entries from the {@link #getParentAcl()} should flow down into the current
@@ -98,7 +98,7 @@ public interface Acl extends Serializable {
      *
      * @return <code>true</code> if parent ACL entries inherit into the current <code>Acl</code>
      */
-    public boolean isEntriesInheriting();
+    boolean isEntriesInheriting();
 
     /**
      * This is the actual authorization logic method, and must be used whenever ACL authorization decisions are
@@ -131,22 +131,25 @@ public interface Acl extends Serializable {
      * @throws UnloadedSidException thrown if the <code>Acl</code> does not have details for one or more of the
      *         <code>Sid</code>s passed as arguments
      */
-    public boolean isGranted(Permission[] permission, Sid[] sids, boolean administrativeMode)
+    boolean isGranted(Permission[] permission, Sid[] sids, boolean administrativeMode)
         throws NotFoundException, UnloadedSidException;
 
     /**
      * For efficiency reasons an <code>Acl</code> may be loaded and <em>not</em> contain entries for every
      * <code>Sid</code> in the system. If an <code>Acl</code> has been loaded and does not represent every
      * <code>Sid</code>, all methods of the <code>Sid</code> can only be used within the limited scope of the
-     * <code>Sid</code> instances it actually represents.<p>It is normal to load an <code>Acl</code> for only
+     * <code>Sid</code> instances it actually represents.
-     * particular <code>Sid</code>s if read-only authorization decisions are being made. However, if user interface
+     * <p>
-     * reporting or modification of <code>Acl</code>s are desired, an <code>Acl</code> should be loaded with all
+     * It is normal to load an <code>Acl</code> for only particular <code>Sid</code>s if read-only authorization
-     * <code>Sid</code>s. This method denotes whether or not the specified <code>Sid</code>s have been loaded or not.</p>
+     * decisions are being made. However, if user interface reporting or modification of <code>Acl</code>s are
+     * desired, an <code>Acl</code> should be loaded with all <code>Sid</code>s. This method denotes whether or
+     * not the specified <code>Sid</code>s have been loaded or not.
+     * </p>
      *
      * @param sids one or more security identities the caller is interest in knowing whether this <code>Sid</code>
      *        supports
      *
      * @return <code>true</code> if every passed <code>Sid</code> is represented by this <code>Acl</code> instance
      */
-    public boolean isSidLoaded(Sid[] sids);
+    boolean isSidLoaded(Sid[] sids);
 }

core/src/main/java/org/acegisecurity/acls/AclFormattingUtils.java

@@ -23,7 +23,12 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  * @version $Id$
  */
-public class AclFormattingUtils {
+public final class AclFormattingUtils {
+    //~ Constructors ===================================================================================================
+
+    private AclFormattingUtils() {
+    }
+
     //~ Methods ========================================================================================================
 
     public static String demergePatterns(String original, String removeBits) {

core/src/main/java/org/acegisecurity/acls/AclService.java

@@ -20,11 +20,11 @@ import org.acegisecurity.acls.sid.Sid;
 import java.util.Map;
 
 
-/**
+/**
- * Provides retrieval of {@link Acl} instances.
+ * Provides retrieval of {@link Acl} instances.
- *
+ *
- * @author Ben Alex
+ * @author Ben Alex
- * @version $Id$
+ * @version $Id$
  */
 public interface AclService {
     //~ Methods ========================================================================================================
@@ -36,7 +36,7 @@ public interface AclService {
      *
      * @return the children (or <code>null</code> if none were found)
      */
-    public ObjectIdentity[] findChildren(ObjectIdentity parentIdentity);
+    ObjectIdentity[] findChildren(ObjectIdentity parentIdentity);
 
     /**
      * Same as {@link #readAclsById(ObjectIdentity[])} except it returns only a single Acl.<p>This method
@@ -49,7 +49,7 @@ public interface AclService {
      *
      * @throws NotFoundException DOCUMENT ME!
      */
-    public Acl readAclById(ObjectIdentity object) throws NotFoundException;
+    Acl readAclById(ObjectIdentity object) throws NotFoundException;
 
     /**
      * Same as {@link #readAclsById(ObjectIdentity[], Sid[])} except it returns only a single Acl.
@@ -61,7 +61,7 @@ public interface AclService {
      *
      * @throws NotFoundException DOCUMENT ME!
      */
-    public Acl readAclById(ObjectIdentity object, Sid[] sids)
+    Acl readAclById(ObjectIdentity object, Sid[] sids)
         throws NotFoundException;
 
     /**
@@ -75,7 +75,7 @@ public interface AclService {
      *
      * @throws NotFoundException DOCUMENT ME!
      */
-    public Map readAclsById(ObjectIdentity[] objects) throws NotFoundException;
+    Map readAclsById(ObjectIdentity[] objects) throws NotFoundException;
 
     /**
      * Obtains all the <code>Acl</code>s that apply for the passed <code>Object</code>s, but only for the
@@ -95,6 +95,6 @@ public interface AclService {
      *
      * @throws NotFoundException DOCUMENT ME!
      */
-    public Map readAclsById(ObjectIdentity[] objects, Sid[] sids)
+    Map readAclsById(ObjectIdentity[] objects, Sid[] sids)
         throws NotFoundException;
 }

core/src/main/java/org/acegisecurity/acls/AuditableAccessControlEntry.java

@@ -14,17 +14,17 @@
  */
 package org.acegisecurity.acls;
 
-/**
+/**
- * Represents an ACE that provides auditing information.
+ * Represents an ACE that provides auditing information.
- * 
+ *
- * @author Ben Alex
+ * @author Ben Alex
- * @version $Id$
+ * @version $Id$
- *
+ *
  */
 public interface AuditableAccessControlEntry extends AccessControlEntry {
     //~ Methods ========================================================================================================
 
-    public boolean isAuditFailure();
+    boolean isAuditFailure();
 
-    public boolean isAuditSuccess();
+    boolean isAuditSuccess();
 }

core/src/main/java/org/acegisecurity/acls/AuditableAcl.java

@@ -17,15 +17,15 @@ package org.acegisecurity.acls;
 import java.io.Serializable;
 
 
-/**
+/**
- * A mutable ACL that provides audit capabilities.
+ * A mutable ACL that provides audit capabilities.
- * 
+ *
- * @author Ben Alex
+ * @author Ben Alex
- * @version $Id$
+ * @version $Id$
- *
+ *
  */
 public interface AuditableAcl extends MutableAcl {
     //~ Methods ========================================================================================================
 
-    public void updateAuditing(Serializable aceId, boolean auditSuccess, boolean auditFailure);
+    void updateAuditing(Serializable aceId, boolean auditSuccess, boolean auditFailure);
 }

core/src/main/java/org/acegisecurity/acls/MutableAcl.java

@@ -19,21 +19,21 @@ import org.acegisecurity.acls.sid.Sid;
 import java.io.Serializable;
 
 
-/**
+/**
- * A mutable <code>Acl</code>.
+ * A mutable <code>Acl</code>.
- * 
+ *
- * <p>
+ * <p>
- * A mutable ACL must ensure that appropriate security checks are performed
+ * A mutable ACL must ensure that appropriate security checks are performed
- * before allowing access to its methods.
+ * before allowing access to its methods.
- * </p>
+ * </p>
- *
+ *
- * @author Ben Alex
+ * @author Ben Alex
- * @version $Id$
+ * @version $Id$
  */
 public interface MutableAcl extends Acl {
     //~ Methods ========================================================================================================
 
-    public void deleteAce(Serializable aceId) throws NotFoundException;
+    void deleteAce(Serializable aceId) throws NotFoundException;
 
     /**
      * Retrieves all of the non-deleted {@link AccessControlEntry} instances currently stored by the
@@ -44,16 +44,16 @@ public interface MutableAcl extends Acl {
      *
      * @return DOCUMENT ME!
      */
-    public AccessControlEntry[] getEntries();
+    AccessControlEntry[] getEntries();
 
     /**
      * Obtains an identifier that represents this <code>MutableAcl</code>.
      *
      * @return the identifier, or <code>null</code> if unsaved
      */
-    public Serializable getId();
+    Serializable getId();
 
-    public void insertAce(Serializable afterAceId, Permission permission, Sid sid, boolean granting)
+    void insertAce(Serializable afterAceId, Permission permission, Sid sid, boolean granting)
         throws NotFoundException;
 
     /**
@@ -61,15 +61,15 @@ public interface MutableAcl extends Acl {
      *
      * @param entriesInheriting the new value
      */
-    public void setEntriesInheriting(boolean entriesInheriting);
+    void setEntriesInheriting(boolean entriesInheriting);
 
     /**
      * Changes the parent of this ACL.
      *
      * @param newParent the new parent
      */
-    public void setParent(MutableAcl newParent);
+    void setParent(MutableAcl newParent);
 
-    public void updateAce(Serializable aceId, Permission permission)
+    void updateAce(Serializable aceId, Permission permission)
         throws NotFoundException;
 }

core/src/main/java/org/acegisecurity/acls/MutableAclService.java

@@ -17,11 +17,11 @@ package org.acegisecurity.acls;
 import org.acegisecurity.acls.objectidentity.ObjectIdentity;
 
 
-/**
+/**
- * Provides support for creating and storing <code>Acl</code> instances.
+ * Provides support for creating and storing <code>Acl</code> instances.
- *
+ *
- * @author Ben Alex
+ * @author Ben Alex
- * @version $Id$
+ * @version $Id$
  */
 public interface MutableAclService extends AclService {
     //~ Methods ========================================================================================================
@@ -36,7 +36,7 @@ public interface MutableAclService extends AclService {
      *
      * @throws AlreadyExistsException if the passed object identity already has a record
      */
-    public MutableAcl createAcl(ObjectIdentity objectIdentity)
+    MutableAcl createAcl(ObjectIdentity objectIdentity)
         throws AlreadyExistsException;
 
     /**
@@ -47,7 +47,7 @@ public interface MutableAclService extends AclService {
      *
      * @throws ChildrenExistException if the deleteChildren argument was <code>false</code> but children exist
      */
-    public void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren)
+    void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren)
         throws ChildrenExistException;
 
     /**
@@ -61,5 +61,5 @@ public interface MutableAclService extends AclService {
      *         #createAcl(ObjectIdentity)} to create the object, rather than creating it with the <code>new</code>
      *         keyword?)
      */
-    public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException;
+    MutableAcl updateAcl(MutableAcl acl) throws NotFoundException;
 }

core/src/main/java/org/acegisecurity/acls/OwnershipAcl.java

@@ -17,19 +17,19 @@ package org.acegisecurity.acls;
 import org.acegisecurity.acls.sid.Sid;
 
 
-/**
+/**
- * A mutable ACL that provides ownership capabilities.
+ * A mutable ACL that provides ownership capabilities.
- * 
+ *
- * <p>
+ * <p>
- * Generally the owner of an ACL is able to call any ACL mutator method, as
+ * Generally the owner of an ACL is able to call any ACL mutator method, as
- * well as assign a new owner.
+ * well as assign a new owner.
- * </p>
+ * </p>
- *
+ *
- * @author Ben Alex
+ * @author Ben Alex
- * @version $Id$
+ * @version $Id$
  */
 public interface OwnershipAcl extends MutableAcl {
     //~ Methods ========================================================================================================
 
-    public void setOwner(Sid newOwner);
+    void setOwner(Sid newOwner);
 }

core/src/main/java/org/acegisecurity/acls/Permission.java

@@ -14,21 +14,18 @@
  */
 package org.acegisecurity.acls;
 
-import org.acegisecurity.acls.sid.Sid;
+/**
-
+ * Represents a permission granted to a {@link org.acegisecurity.acls.sid.Sid Sid} for a given domain object.
-
+ *
-/**
+ * @author Ben Alex
- * Represents a permission granted to a {@link Sid} for a given domain object.
+ * @version $Id$
- *
- * @author Ben Alex
- * @version $Id$
  */
 public interface Permission {
     //~ Static fields/initializers =====================================================================================
 
-    public static final char RESERVED_ON = '~';
+    char RESERVED_ON = '~';
-    public static final char RESERVED_OFF = '.';
+    char RESERVED_OFF = '.';
-    public static final String THIRTY_TWO_RESERVED_OFF = "................................";
+    String THIRTY_TWO_RESERVED_OFF = "................................";
 
     //~ Methods ========================================================================================================
 
@@ -37,20 +34,22 @@ public interface Permission {
      *
      * @return the bits that represent the permission
      */
-    public int getMask();
+    int getMask();
 
     /**
-     * Returns a 32-character long bit pattern <code>String</code> representing this permission.<p>Implementations
+     * Returns a 32-character long bit pattern <code>String</code> representing this permission.
-     * are free to format the pattern as they see fit, although under no circumstances may {@link #RESERVED_OFF} or
+     * <p>
-     * {@link #RESERVED_ON} be used within the pattern. An exemption is in the case of {@link #RESERVED_OFF} which is
+     * Implementations are free to format the pattern as they see fit, although under no circumstances may
-     * used to denote a bit that is off (clear). Implementations may also elect to use {@link #RESERVED_ON} internally
+     * {@link #RESERVED_OFF} or {@link #RESERVED_ON} be used within the pattern. An exemption is in the case of
-     * for computation purposes, although this method may not return any <code>String</code> containing {@link
+     * {@link #RESERVED_OFF} which is used to denote a bit that is off (clear).
-     * #RESERVED_ON}.</p>
+     * Implementations may also elect to use {@link #RESERVED_ON} internally for computation purposes,
+     * although this method may not return any <code>String</code> containing {@link #RESERVED_ON}.
+     * </p>
      *  <p>The returned String must be 32 characters in length.</p>
      *  <p>This method is only used for user interface and logging purposes. It is not used in any permission
      * calculations. Therefore, duplication of characters within the output is permitted.</p>
      *
      * @return a 32-character bit pattern
      */
-    public String getPattern();
+    String getPattern();
 }

core/src/main/java/org/acegisecurity/acls/domain/AclAuthorizationStrategy.java

@@ -21,18 +21,18 @@ import org.acegisecurity.acls.Acl;
 /**
  * Strategy used by {@link AclImpl} to determine whether a principal is permitted to call
  * adminstrative methods on the <code>AclImpl</code>.
- * 
+ *
  * @author Ben Alex
  * @version $Id$
  */
 public interface AclAuthorizationStrategy {
     //~ Static fields/initializers =====================================================================================
 
-    public static final int CHANGE_OWNERSHIP = 0;
+    int CHANGE_OWNERSHIP = 0;
-    public static final int CHANGE_AUDITING = 1;
+    int CHANGE_AUDITING = 1;
-    public static final int CHANGE_GENERAL = 2;
+    int CHANGE_GENERAL = 2;
 
     //~ Methods ========================================================================================================
 
-    public void securityCheck(Acl acl, int changeType);
+    void securityCheck(Acl acl, int changeType);
 }

core/src/main/java/org/acegisecurity/acls/domain/AclAuthorizationStrategyImpl.java

@@ -53,7 +53,7 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
 /**
      * Constructor. The only mandatory parameter relates to the system-wide {@link GrantedAuthority} instances that
      * can be held to always permit ACL changes.
-     * 
+     *
      * @param auths an array of <code>GrantedAuthority</code>s that have
      * special permissions (index 0 is the authority needed to change
      * ownership, index 1 is the authority needed to modify auditing details,
@@ -81,7 +81,8 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
         // Check if authorized by virtue of ACL ownership
         Sid currentUser = new PrincipalSid(authentication);
 
-        if (currentUser.equals(acl.getOwner()) && ((changeType == CHANGE_GENERAL) || (changeType == CHANGE_OWNERSHIP))) {
+        if (currentUser.equals(acl.getOwner())
+                && ((changeType == CHANGE_GENERAL) || (changeType == CHANGE_OWNERSHIP))) {
             return;
         }
 

core/src/main/java/org/acegisecurity/acls/domain/AuditLogger.java

@@ -17,15 +17,15 @@ package org.acegisecurity.acls.domain;
 import org.acegisecurity.acls.AccessControlEntry;
 
 
-/**
+/**
- * Used by <code>AclImpl</code> to log audit events.
+ * Used by <code>AclImpl</code> to log audit events.
- * 
+ *
- * @author Ben Alex
+ * @author Ben Alex
- * @version $Id$
+ * @version $Id$
- *
+ *
  */
 public interface AuditLogger {
     //~ Methods ========================================================================================================
 
-    public void logIfNeeded(boolean granted, AccessControlEntry ace);
+    void logIfNeeded(boolean granted, AccessControlEntry ace);
 }

core/src/main/java/org/acegisecurity/acls/domain/BasePermission.java

@@ -33,7 +33,7 @@ import java.util.Vector;
  * @author Ben Alex
  * @version $Id$
  */
-public class BasePermission implements Permission {
+public final class BasePermission implements Permission {
     //~ Static fields/initializers =====================================================================================
 
     public static final Permission READ = new BasePermission(1 << 0, 'R'); // 1

core/src/main/java/org/acegisecurity/acls/domain/ConsoleAuditLogger.java

@@ -31,9 +31,9 @@ public class ConsoleAuditLogger implements AuditLogger {
 
     public void logIfNeeded(boolean granted, AccessControlEntry ace) {
         Assert.notNull(ace, "AccessControlEntry required");
-        
+
         if (ace instanceof AuditableAccessControlEntry) {
-        	AuditableAccessControlEntry auditableAce = (AuditableAccessControlEntry) ace;
+            AuditableAccessControlEntry auditableAce = (AuditableAccessControlEntry) ace;
 
             if (granted && auditableAce.isAuditSuccess()) {
                 System.out.println("GRANTED due to ACE: " + ace);

core/src/main/java/org/acegisecurity/acls/jdbc/AclCache.java

@@ -20,23 +20,23 @@ import org.acegisecurity.acls.objectidentity.ObjectIdentity;
 import java.io.Serializable;
 
 
-/**
+/**
- * A caching layer for {@link JdbcAclService}.
+ * A caching layer for {@link JdbcAclService}.
- * 
+ *
- * @author Ben Alex
+ * @author Ben Alex
- * @version $Id$
+ * @version $Id$
- *
+ *
  */
 public interface AclCache {
     //~ Methods ========================================================================================================
 
-    public void evictFromCache(Serializable pk);
+    void evictFromCache(Serializable pk);
 
-    public void evictFromCache(ObjectIdentity objectIdentity);
+    void evictFromCache(ObjectIdentity objectIdentity);
 
-    public MutableAcl getFromCache(ObjectIdentity objectIdentity);
+    MutableAcl getFromCache(ObjectIdentity objectIdentity);
 
-    public MutableAcl getFromCache(Serializable pk);
+    MutableAcl getFromCache(Serializable pk);
 
-    public void putInCache(MutableAcl acl);
+    void putInCache(MutableAcl acl);
 }

core/src/main/java/org/acegisecurity/acls/jdbc/BasicLookupStrategy.java

@@ -79,12 +79,12 @@ public final class BasicLookupStrategy implements LookupStrategy {
 
     //~ Constructors ===================================================================================================
 
-/**
+/**
-     * Constructor accepting mandatory arguments
+     * Constructor accepting mandatory arguments
-     *
+     *
-     * @param dataSource to access the database
+     * @param dataSource to access the database
-     * @param aclCache the cache where fully-loaded elements can be stored
+     * @param aclCache the cache where fully-loaded elements can be stored
-     * @param aclAuthorizationStrategy authorization strategy (required)
+     * @param aclAuthorizationStrategy authorization strategy (required)
      */
     public BasicLookupStrategy(DataSource dataSource, AclCache aclCache,
         AclAuthorizationStrategy aclAuthorizationStrategy, AuditLogger auditLogger) {
@@ -106,7 +106,8 @@ public final class BasicLookupStrategy implements LookupStrategy {
         String startSql = "select ACL_OBJECT_IDENTITY.OBJECT_ID_IDENTITY, ACL_ENTRY.ACE_ORDER, "
             + "ACL_OBJECT_IDENTITY.ID as ACL_ID, " + "ACL_OBJECT_IDENTITY.PARENT_OBJECT, "
             + "ACL_OBJECT_IDENTITY,ENTRIES_INHERITING, "
-            + "ACL_ENTRY.ID as ACE_ID, ACL_ENTRY.MASK, ACL_ENTRY.GRANTING, ACL_ENTRY.AUDIT_SUCCESS, ACL_ENTRY.AUDIT_FAILURE, "
+            + "ACL_ENTRY.ID as ACE_ID, ACL_ENTRY.MASK, ACL_ENTRY.GRANTING, "
+            + "ACL_ENTRY.AUDIT_SUCCESS, ACL_ENTRY.AUDIT_FAILURE, "
             + "ACL_SID.PRINCIPAL as ACE_PRINCIPAL, ACL_SID.SID as ACE_SID, "
             + "ACLI_SID.PRINCIPAL as ACL_PRINCIPAL, ACLI_SID.SID as ACL_SID, " + "ACL_CLASS.CLASS "
             + "from ACL_OBJECT_IDENTITY, ACL_SID ACLI_SID, ACL_CLASS "
@@ -387,7 +388,8 @@ public final class BasicLookupStrategy implements LookupStrategy {
                     continue; // now in results, so move to next element
                 } else {
                     throw new IllegalStateException(
-                        "Error: SID-filtered element detected when implementation does not perform SID filtering - have you added something to the cache manually?");
+                        "Error: SID-filtered element detected when implementation does not perform SID filtering "
+                                + "- have you added something to the cache manually?");
                 }
             }
 

core/src/main/java/org/acegisecurity/acls/jdbc/JdbcMutableAclService.java

@@ -128,7 +128,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
                 }
 
                 public void setValues(PreparedStatement stmt, int i)
-                    throws SQLException {
+                        throws SQLException {
                     AccessControlEntry entry_ = (AccessControlEntry) Array.get(acl.getEntries(), i);
                     Assert.isTrue(entry_ instanceof AccessControlEntryImpl, "Unknown ACE class");
 
@@ -176,7 +176,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
             if (allowCreate) {
                 classId = null;
                 jdbcTemplate.update(insertClass, new Object[] {clazz.getName()});
-                Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(), "Transaction must be running");
+                Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(),
+                        "Transaction must be running");
                 classId = new Long(jdbcTemplate.queryForLong(identityQuery));
             }
         } else {
@@ -220,7 +221,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
             if (allowCreate) {
                 sidId = null;
                 jdbcTemplate.update(insertSid, new Object[] {new Boolean(principal), sidName});
-                Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(), "Transaction must be running");
+                Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(),
+                        "Transaction must be running");
                 sidId = new Long(jdbcTemplate.queryForLong(identityQuery));
             }
         } else {
@@ -263,7 +265,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
      * @param oid the rows in acl_entry to delete
      */
     protected void deleteEntries(ObjectIdentity oid) {
-        jdbcTemplate.update(deleteEntryByObjectIdentityForeignKey, new Object[] {retrieveObjectIdentityPrimaryKey(oid)});
+        jdbcTemplate.update(deleteEntryByObjectIdentityForeignKey,
+                new Object[] {retrieveObjectIdentityPrimaryKey(oid)});
     }
 
     /**

core/src/main/java/org/acegisecurity/acls/jdbc/LookupStrategy.java

@@ -20,11 +20,11 @@ import org.acegisecurity.acls.sid.Sid;
 import java.util.Map;
 
 
-/**
+/**
- * Performs optimised lookups for {@link JdbcAclService}.
+ * Performs optimised lookups for {@link JdbcAclService}.
- *
+ *
- * @author Ben Alex
+ * @author Ben Alex
- * @version $Id$
+ * @version $Id$
  */
 public interface LookupStrategy {
     //~ Methods ========================================================================================================
@@ -39,5 +39,5 @@ public interface LookupStrategy {
      * @return the <code>Map</code> pursuant to the interface contract for {@link
      *         org.acegisecurity.acls.AclService#readAclsById(ObjectIdentity[], Sid[])}
      */
-    public Map readAclsById(ObjectIdentity[] objects, Sid[] sids);
+    Map readAclsById(ObjectIdentity[] objects, Sid[] sids);
 }

core/src/main/java/org/acegisecurity/acls/objectidentity/ObjectIdentity.java

@@ -17,20 +17,20 @@ package org.acegisecurity.acls.objectidentity;
 import java.io.Serializable;
 
 
-/**
+/**
- * Interface representing the identity of an individual domain object instance.
+ * Interface representing the identity of an individual domain object instance.
- * 
+ *
- * <P>
+ * <P>
- * As implementations are used as the key for caching and lookup, it is
+ * As implementations are used as the key for caching and lookup, it is
- * essential that implementations provide methods so that object-equality
+ * essential that implementations provide methods so that object-equality
- * rather than reference-equality can be relied upon by caches. In other
+ * rather than reference-equality can be relied upon by caches. In other
- * words, a cache can consider two <code>ObjectIdentity</code>s equal if
+ * words, a cache can consider two <code>ObjectIdentity</code>s equal if
- * <code>identity1.equals(identity2)</code>, rather than reference-equality of
+ * <code>identity1.equals(identity2)</code>, rather than reference-equality of
- * <code>identity1==identity2</code>.
+ * <code>identity1==identity2</code>.
- * </p>
+ * </p>
- *
+ *
- * @author Ben Alex
+ * @author Ben Alex
- * @version $Id$
+ * @version $Id$
  */
 public interface ObjectIdentity extends Serializable {
     //~ Methods ========================================================================================================
@@ -42,7 +42,7 @@ public interface ObjectIdentity extends Serializable {
      *
      * @return <code>true</code> if the objects are equal, <code>false</code> otherwise
      */
-    public boolean equals(Object obj);
+    boolean equals(Object obj);
 
     /**
      * Obtains the actual identifier. This identifier must not be reused to represent other domain objects with
@@ -52,19 +52,19 @@ public interface ObjectIdentity extends Serializable {
      *
      * @return the identifier (unique within this <code>javaType</code>
      */
-    public Serializable getIdentifier();
+    Serializable getIdentifier();
 
     /**
      * Obtains the Java type represented by the domain object.
      *
      * @return the Java type of the domain object
      */
-    public Class getJavaType();
+    Class getJavaType();
 
     /**
      * Refer to the <code>java.lang.Object</code> documentation for the interface contract.
      *
      * @return a hash code representation of this object
      */
-    public int hashCode();
+    int hashCode();
 }

core/src/main/java/org/acegisecurity/acls/objectidentity/ObjectIdentityImpl.java

@@ -14,8 +14,6 @@
  */
 package org.acegisecurity.acls.objectidentity;
 
-import org.acegisecurity.acl.basic.AclObjectIdentity;
-
 import org.acegisecurity.acls.IdentityUnavailableException;
 
 import org.springframework.util.Assert;
@@ -27,8 +25,11 @@ import java.lang.reflect.Method;
 
 
 /**
- * Simple implementation of {@link AclObjectIdentity}.<P>Uses <code>String</code>s to store the identity of the
+ * Simple implementation of {@link org.acegisecurity.acl.basic.AclObjectIdentity AclObjectIdentity}.
- * domain object instance. Also offers a constructor that uses reflection to build the identity information.</p>
+ * <p>
+ * Uses <code>String</code>s to store the identity of the domain object instance. Also offers a constructor that uses
+ * reflection to build the identity information.
+ * </p>
  */
 public class ObjectIdentityImpl implements ObjectIdentity {
     //~ Instance fields ================================================================================================
@@ -58,16 +59,16 @@ public class ObjectIdentityImpl implements ObjectIdentity {
         this.identifier = identifier;
     }
 
-/**
+/**
-     * Creates the <code>ObjectIdentityImpl</code> based on the passed
+     * Creates the <code>ObjectIdentityImpl</code> based on the passed
-     * object instance. The passed object must provide a <code>getId()</code>
+     * object instance. The passed object must provide a <code>getId()</code>
-     * method, otherwise an exception will be thrown. The object passed will
+     * method, otherwise an exception will be thrown. The object passed will
-     * be considered the {@link #javaType}, so if more control is required,
+     * be considered the {@link #javaType}, so if more control is required,
-     * an alternate constructor should be used instead.
+     * an alternate constructor should be used instead.
-     *
+     *
-     * @param object the domain object instance to create an identity for
+     * @param object the domain object instance to create an identity for
-     *
+     *
-     * @throws IdentityUnavailableException if identity could not be extracted
+     * @throws IdentityUnavailableException if identity could not be extracted
      */
     public ObjectIdentityImpl(Object object) throws IdentityUnavailableException {
         Assert.notNull(object, "object cannot be null");

core/src/main/java/org/acegisecurity/acls/objectidentity/ObjectIdentityRetrievalStrategy.java

@@ -18,7 +18,7 @@ package org.acegisecurity.acls.objectidentity;
 /**
  * Strategy interface that provides the ability to determine which {@link ObjectIdentity}
  * will be returned for a particular domain object
- * 
+ *
  * @author Ben Alex
  * @version $Id$
  *
@@ -26,5 +26,5 @@ package org.acegisecurity.acls.objectidentity;
 public interface ObjectIdentityRetrievalStrategy {
     //~ Methods ========================================================================================================
 
-    public ObjectIdentity getObjectIdentity(Object domainObject);
+    ObjectIdentity getObjectIdentity(Object domainObject);
 }

core/src/main/java/org/acegisecurity/acls/sid/Sid.java

@@ -14,20 +14,20 @@
  */
 package org.acegisecurity.acls.sid;
 
-/**
+/**
- * A security identity recognised by the ACL system.
+ * A security identity recognised by the ACL system.
- * 
+ *
- * <p>
+ * <p>
- * This interface provides indirection between actual security objects (eg
+ * This interface provides indirection between actual security objects (eg
- * principals, roles, groups etc) and what is stored inside an
+ * principals, roles, groups etc) and what is stored inside an
- * <code>Acl</code>. This is because an <code>Acl</code> will not store an
+ * <code>Acl</code>. This is because an <code>Acl</code> will not store an
- * entire security object, but only an abstraction of it. This interface
+ * entire security object, but only an abstraction of it. This interface
- * therefore provides a simple way to compare these abstracted security
+ * therefore provides a simple way to compare these abstracted security
- * identities with other security identities and actual security objects.
+ * identities with other security identities and actual security objects.
- * </p>
+ * </p>
- *
+ *
- * @author Ben Alex
+ * @author Ben Alex
- * @version $Id$
+ * @version $Id$
  */
 public interface Sid {
     //~ Methods ========================================================================================================
@@ -39,12 +39,12 @@ public interface Sid {
      *
      * @return <code>true</code> if the objects are equal, <code>false</code> otherwise
      */
-    public boolean equals(Object obj);
+    boolean equals(Object obj);
 
     /**
      * Refer to the <code>java.lang.Object</code> documentation for the interface contract.
      *
      * @return a hash code representation of this object
      */
-    public int hashCode();
+    int hashCode();
 }

core/src/main/java/org/acegisecurity/acls/sid/SidRetrievalStrategy.java

@@ -21,12 +21,12 @@ import org.acegisecurity.Authentication;
 /**
  * Strategy interface that provides an ability to determine the {@link Sid} instances applicable
  * for an {@link Authentication}.
- * 
+ *
  * @author Ben Alex
  * @version $Id$
  */
 public interface SidRetrievalStrategy {
     //~ Methods ========================================================================================================
 
-    public Sid[] getSids(Authentication authentication);
+    Sid[] getSids(Authentication authentication);
 }

core/src/main/java/org/acegisecurity/adapters/AuthByAdapter.java

@@ -21,7 +21,7 @@ import org.acegisecurity.Authentication;
 /**
  * Indicates a specialized, immutable, server-side only {@link Authentication}
  * class.
- * 
+ *
  * <P>
  * Automatically considered valid by the {@link AuthByAdapterProvider},
  * provided the hash code presented by the implementation objects matches that
@@ -41,5 +41,5 @@ public interface AuthByAdapter extends Authentication {
      *
      * @return the hash code of the key used when the object was created.
      */
-    public int getKeyHash();
+    int getKeyHash();
 }

core/src/main/java/org/acegisecurity/adapters/PrincipalAcegiUserToken.java

@@ -29,7 +29,7 @@ import java.security.Principal;
 public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken implements Principal {
     //~ Instance fields ================================================================================================
 
-	private static final long serialVersionUID = 1L;
+    private static final long serialVersionUID = 1L;
     private Object principal;
     private String password;
     private String username;

core/src/main/java/org/acegisecurity/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java

@@ -20,7 +20,6 @@ import org.acegisecurity.AuthorizationServiceException;
 import org.acegisecurity.ConfigAttribute;
 import org.acegisecurity.ConfigAttributeDefinition;
 
-import org.acegisecurity.acls.Acl;
 import org.acegisecurity.acls.AclService;
 import org.acegisecurity.acls.Permission;
 
@@ -39,7 +38,9 @@ import java.util.Iterator;
  * each <code>Collection</code> domain object instance element for the current <code>Authentication</code> object.</p>
  *  <p>This after invocation provider will fire if any {@link ConfigAttribute#getAttribute()} matches the {@link
  * #processConfigAttribute}. The provider will then lookup the ACLs from the <code>AclService</code> and ensure the
- * principal is {@link Acl#isGranted(org.acegisecurity.acls.Permission[], org.acegisecurity.acls.sid.Sid[], boolean)}
+ * principal is
+ * {@link org.acegisecurity.acls.Acl#isGranted(org.acegisecurity.acls.Permission[],
+ * org.acegisecurity.acls.sid.Sid[], boolean) Acl.isGranted(Permission[], Sid[], boolean)}
  * when presenting the {@link #requirePermission} array to that method.</p>
  *  <p>If the principal does not have permission, that element will not be included in the returned
  * <code>Collection</code>.</p>
@@ -94,9 +95,8 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
                     Object[] array = (Object[]) returnedObject;
                     filterer = new ArrayFilterer(array);
                 } else {
-                    throw new AuthorizationServiceException(
+                    throw new AuthorizationServiceException("A Collection or an array (or null) was required as the "
-                        "A Collection or an array (or null) was required as the returnedObject, but the returnedObject was: "
+                            + "returnedObject, but the returnedObject was: " + returnedObject);
-                        + returnedObject);
                 }
 
                 // Locate unauthorised Collection elements

core/src/main/java/org/acegisecurity/afterinvocation/AclEntryAfterInvocationProvider.java

@@ -20,7 +20,6 @@ import org.acegisecurity.Authentication;
 import org.acegisecurity.ConfigAttribute;
 import org.acegisecurity.ConfigAttributeDefinition;
 
-import org.acegisecurity.acls.Acl;
 import org.acegisecurity.acls.AclService;
 import org.acegisecurity.acls.Permission;
 
@@ -37,19 +36,20 @@ import java.util.Iterator;
 /**
  * <p>Given a domain object instance returned from a secure object invocation, ensures the principal has
  * appropriate permission as defined by the {@link AclService}.</p>
- *  <p>The <code>AclService</code> is used to retrieve the access control list (ACL) permissions associated with a
+ * <p>The <code>AclService</code> is used to retrieve the access control list (ACL) permissions associated with a
  * domain object instance for the current <code>Authentication</code> object.</p>
- *  <p>This after invocation provider will fire if any  {@link ConfigAttribute#getAttribute()} matches the {@link
+ * <p>This after invocation provider will fire if any  {@link ConfigAttribute#getAttribute()} matches the {@link
  * #processConfigAttribute}. The provider will then lookup the ACLs from the <code>AclService</code> and ensure the
- * principal is {@link Acl#isGranted(org.acegisecurity.acls.Permission[], org.acegisecurity.acls.sid.Sid[], boolean)}
+ * principal is {@link org.acegisecurity.acls.Acl#isGranted(org.acegisecurity.acls.Permission[],
+   org.acegisecurity.acls.sid.Sid[], boolean) Acl.isGranted(Permission[], Sid[], boolean)}
  * when presenting the {@link #requirePermission} array to that method.</p>
- *  <p>Often users will setup an <code>AclEntryAfterInvocationProvider</code> with a {@link
+ * <p>Often users will setup an <code>AclEntryAfterInvocationProvider</code> with a {@link
  * #processConfigAttribute} of <code>AFTER_ACL_READ</code> and a {@link #requirePermission} of
  * <code>BasePermission.READ</code>. These are also the defaults.</p>
- *  <p>If the principal does not have sufficient permissions, an <code>AccessDeniedException</code> will be thrown.</p>
+ * <p>If the principal does not have sufficient permissions, an <code>AccessDeniedException</code> will be thrown.</p>
- *  <p>If the provided <code>returnObject</code> is <code>null</code>, permission will always be granted and
+ * <p>If the provided <code>returnObject</code> is <code>null</code>, permission will always be granted and
  * <code>null</code> will be returned.</p>
- *  <p>All comparisons and prefixes are case sensitive.</p>
+ * <p>All comparisons and prefixes are case sensitive.</p>
  */
 public class AclEntryAfterInvocationProvider extends AbstractAclProvider implements MessageSourceAware {
     //~ Static fields/initializers =====================================================================================
@@ -113,7 +113,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
         return returnedObject;
     }
 
-    public void setMessageSource(MessageSource messages) {
+    public void setMessageSource(MessageSource messageSource) {
-        this.messages = new MessageSourceAccessor(messages);
+        this.messages = new MessageSourceAccessor(messageSource);
     }
 }

core/src/main/java/org/acegisecurity/afterinvocation/AfterInvocationProvider.java

@@ -31,7 +31,7 @@ import org.acegisecurity.ConfigAttributeDefinition;
 public interface AfterInvocationProvider {
     //~ Methods ========================================================================================================
 
-    public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+    Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
         Object returnedObject) throws AccessDeniedException;
 
     /**
@@ -46,7 +46,7 @@ public interface AfterInvocationProvider {
      *
      * @return true if this <code>AfterInvocationProvider</code> can support the passed configuration attribute
      */
-    public boolean supports(ConfigAttribute attribute);
+    boolean supports(ConfigAttribute attribute);
 
     /**
      * Indicates whether the <code>AfterInvocationProvider</code> is able to provide "after invocation"
@@ -56,5 +56,5 @@ public interface AfterInvocationProvider {
      *
      * @return true if the implementation can process the indicated class
      */
-    public boolean supports(Class clazz);
+    boolean supports(Class clazz);
 }

core/src/main/java/org/acegisecurity/afterinvocation/ArrayFilterer.java

@@ -36,7 +36,8 @@ import java.util.Set;
 class ArrayFilterer implements Filterer {
     //~ Static fields/initializers =====================================================================================
 
-    protected static final Log logger = LogFactory.getLog(BasicAclEntryAfterInvocationCollectionFilteringProvider.class);
+    protected static final Log logger =
+            LogFactory.getLog(BasicAclEntryAfterInvocationCollectionFilteringProvider.class);
 
     //~ Instance fields ================================================================================================
 
@@ -57,7 +58,7 @@ class ArrayFilterer implements Filterer {
     //~ Methods ========================================================================================================
 
     /**
-     * 
+     *
      * @see org.acegisecurity.afterinvocation.Filterer#getFilteredObject()
      */
     public Object getFilteredObject() {
@@ -84,7 +85,7 @@ class ArrayFilterer implements Filterer {
     }
 
     /**
-     * 
+     *
      * @see org.acegisecurity.afterinvocation.Filterer#iterator()
      */
     public Iterator iterator() {
@@ -92,7 +93,7 @@ class ArrayFilterer implements Filterer {
     }
 
     /**
-     * 
+     *
      * @see org.acegisecurity.afterinvocation.Filterer#remove(java.lang.Object)
      */
     public void remove(Object object) {

core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java

@@ -116,9 +116,8 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider implements
                     Object[] array = (Object[]) returnedObject;
                     filterer = new ArrayFilterer(array);
                 } else {
-                    throw new AuthorizationServiceException(
+                    throw new AuthorizationServiceException("A Collection or an array (or null) was required as the "
-                        "A Collection or an array (or null) was required as the returnedObject, but the returnedObject was: "
+                            + "returnedObject, but the returnedObject was: " + returnedObject);
-                        + returnedObject);
                 }
 
                 // Locate unauthorised Collection elements
@@ -207,12 +206,12 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider implements
      * Allow setting permissions with String literals instead of integers as {@link
      * #setRequirePermission(int[])}
      *
-     * @param requirePermission permission literals
+     * @param requiredPermissions permission literals
      *
      * @see SimpleAclEntry#parsePermissions(String[]) for valid values
      */
-    public void setRequirePermissionFromString(String[] requirePermission) {
+    public void setRequirePermissionFromString(String[] requiredPermissions) {
-        setRequirePermission(SimpleAclEntry.parsePermissions(requirePermission));
+        setRequirePermission(SimpleAclEntry.parsePermissions(requiredPermissions));
     }
 
     public boolean supports(ConfigAttribute attribute) {

core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationProvider.java

@@ -146,7 +146,8 @@ public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProv
                 throw new AccessDeniedException(messages.getMessage(
                         "BasicAclEntryAfterInvocationProvider.insufficientPermission",
                         new Object[] {authentication.getName(), returnedObject},
-                        "Authentication {0} has ACL permissions to the domain object, but not the required ACL permission to the domain object {1}"));
+                        "Authentication {0} has ACL permissions to the domain object, "
+                        + "but not the required ACL permission to the domain object {1}"));
             }
         }
 
@@ -188,12 +189,12 @@ public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProv
 
     /**
      * Allow setting permissions with String literals instead of integers as {@link #setRequirePermission(int[])}
-     * 
+     *
-     * @param requirePermission Permission literals
+     * @param requiredPermissions Permission literals
      * @see SimpleAclEntry#parsePermissions(String[]) for valid values
      */
-    public void setRequirePermissionFromString(String[] requirePermission) {
+    public void setRequirePermissionFromString(String[] requiredPermissions) {
-        setRequirePermission(SimpleAclEntry.parsePermissions(requirePermission));
+        setRequirePermission(SimpleAclEntry.parsePermissions(requiredPermissions));
     }
 
     public boolean supports(ConfigAttribute attribute) {

core/src/main/java/org/acegisecurity/afterinvocation/Filterer.java

@@ -20,7 +20,7 @@ import java.util.Iterator;
 
 /**
  * Filter strategy interface.
- * 
+ *
  * @author Ben Alex
  * @author Paulo Neves
  * @version $Id$
@@ -33,19 +33,19 @@ interface Filterer {
      *
      * @return the filtered collection or array
      */
-    public Object getFilteredObject();
+    Object getFilteredObject();
 
     /**
      * Returns an iterator over the filtered collection or array.
      *
      * @return an Iterator
      */
-    public Iterator iterator();
+    Iterator iterator();
 
     /**
      * Removes the the given object from the resulting list.
      *
      * @param object the object to be removed
      */
-    public void remove(Object object);
+    void remove(Object object);
 }

core/src/main/java/org/acegisecurity/captcha/CaptchaEntryPoint.java

@@ -44,11 +44,15 @@ import javax.servlet.http.HttpServletResponse;
 
 
 /**
- * The captcha entry point : redirect to the captcha test page. <br><p>This entry point can force the use of SSL :
+ * The captcha entry point : redirect to the captcha test page.
- * see {@link #getForceHttps()}<br></p>
+ * <p>
- *  This entry point allows internal OR external redirect : see {@link #setOutsideWebApp(boolean)}<br>
+ * This entry point can force the use of SSL : see {@link #getForceHttps()}
- * / Original request can be added to the redirect path using a custom translation : see {@link #setIncludeOriginalRequest(boolean)}<br>
+ * </p>
- * Original request is translated using URLEncoding and the following translation mapping in the redirect url :
+ * <p>
+ * This entry point allows internal OR external redirect : see {@link #setOutsideWebApp(boolean)}<br />
+ * / Original request can be added to the redirect path using a custom translation : see
+ * {@link #setIncludeOriginalRequest(boolean)}<br />
+ * The original request is translated using URLEncoding and the following translation mapping in the redirect url :
  *  <ul>
  *      <li>original url => {@link #getOriginalRequestUrlParameterName()}</li>
  *      <li>If {@link #isIncludeOriginalParameters()}</li>
@@ -63,17 +67,20 @@ import javax.servlet.http.HttpServletResponse;
  *      </li>
  *  </ul>
  *  <br><br>
- * Default values :<br>
+ * Default values :
- * forceHttps = false<br>
+ * <pre>
- * includesOriginalRequest = true<br>
+ * forceHttps = false
- * includesOriginalParameters = false<br>
+ * includesOriginalRequest = true
- * isOutsideWebApp=false<br>
+ * includesOriginalParameters = false
- * originalRequestUrlParameterName  =original_requestUrl <br>
+ * isOutsideWebApp = false
- * originalRequestParametersParameterName = original_request_parameters<br>
+ * originalRequestUrlParameterName = original_requestUrl
- * originalRequestParametersNameValueSeparator =   __ <br>
+ * originalRequestParametersParameterName = original_request_parameters
- * originalRequestParametersSeparator =  ;; <br>
+ * originalRequestParametersNameValueSeparator = __
- * originalRequestMethodParameterName =  original_request_method    <br>
+ * originalRequestParametersSeparator = ;;
- * urlEncodingCharset = UTF-8<br>
+ * originalRequestMethodParameterName = original_request_method
+ * urlEncodingCharset = UTF-8
+ * </pre>
+ * </p>
  *
  * @author marc antoine Garrigue
  * @version $Id$
@@ -81,8 +88,6 @@ import javax.servlet.http.HttpServletResponse;
 public class CaptchaEntryPoint implements ChannelEntryPoint, InitializingBean {
     //~ Static fields/initializers =====================================================================================
 
-    // ~ Static fields/initializers
-    // =============================================
     private static final Log logger = LogFactory.getLog(CaptchaEntryPoint.class);
 
     //~ Instance fields ================================================================================================

core/src/main/java/org/acegisecurity/captcha/CaptchaValidationProcessingFilter.java

@@ -44,14 +44,10 @@ import javax.servlet.http.HttpSession;
 public class CaptchaValidationProcessingFilter implements InitializingBean, Filter {
     //~ Static fields/initializers =====================================================================================
 
-    // ~ Static fields/initializers
-    // =============================================
     protected static final Log logger = LogFactory.getLog(CaptchaValidationProcessingFilter.class);
 
     //~ Instance fields ================================================================================================
 
-    // ~ Instance fields
-    // ========================================================
     private CaptchaServiceProxy captchaService;
     private String captchaValidationParameter = "_captcha_parameter";
 
@@ -74,9 +70,9 @@ public class CaptchaValidationProcessingFilter implements InitializingBean, Filt
 
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
         throws IOException, ServletException {
-        String captcha_reponse = request.getParameter(captchaValidationParameter);
+        String captchaResponse = request.getParameter(captchaValidationParameter);
 
-        if ((request != null) && request instanceof HttpServletRequest && (captcha_reponse != null)) {
+        if ((request != null) && request instanceof HttpServletRequest && (captchaResponse != null)) {
             logger.debug("captcha validation parameter found");
 
             // validate the request against CaptchaServiceProxy
@@ -89,7 +85,7 @@ public class CaptchaValidationProcessingFilter implements InitializingBean, Filt
 
             if (session != null) {
                 String id = session.getId();
-                valid = this.captchaService.validateReponseForId(id, captcha_reponse);
+                valid = this.captchaService.validateReponseForId(id, captchaResponse);
                 logger.debug("captchaServiceProxy says : request is valid = " + valid);
 
                 if (valid) {
@@ -114,8 +110,6 @@ public class CaptchaValidationProcessingFilter implements InitializingBean, Filt
         chain.doFilter(request, response);
     }
 
-    // ~ Methods
-    // ================================================================
     public CaptchaServiceProxy getCaptchaService() {
         return captchaService;
     }

core/src/main/java/org/acegisecurity/concurrent/ConcurrentSessionController.java

@@ -41,7 +41,7 @@ public interface ConcurrentSessionController {
      *
      * @throws AuthenticationException if the user has exceeded their maximum allowed current sessions
      */
-    public void checkAuthenticationAllowed(Authentication request)
+    void checkAuthenticationAllowed(Authentication request)
         throws AuthenticationException;
 
     /**
@@ -51,5 +51,5 @@ public interface ConcurrentSessionController {
      *
      * @param authentication the successfully authenticated user (never <code>null</code>)
      */
-    public void registerSuccessfulAuthentication(Authentication authentication);
+    void registerSuccessfulAuthentication(Authentication authentication);
 }

core/src/main/java/org/acegisecurity/concurrent/ConcurrentSessionControllerImpl.java

@@ -67,14 +67,16 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl
         SessionRegistry registry) {
         if (exceptionIfMaximumExceeded || (sessions == null)) {
             throw new ConcurrentLoginException(messages.getMessage("ConcurrentSessionControllerImpl.exceededAllowed",
-                    new Object[] {new Integer(allowableSessions)}, "Maximum sessions of {0} for this principal exceeded"));
+                    new Object[] {new Integer(allowableSessions)},
+                    "Maximum sessions of {0} for this principal exceeded"));
         }
 
         // Determine least recently used session, and mark it for invalidation
         SessionInformation leastRecentlyUsed = null;
 
         for (int i = 0; i < sessions.length; i++) {
-            if ((leastRecentlyUsed == null) || sessions[i].getLastRequest().before(leastRecentlyUsed.getLastRequest())) {
+            if ((leastRecentlyUsed == null)
+                    || sessions[i].getLastRequest().before(leastRecentlyUsed.getLastRequest())) {
                 leastRecentlyUsed = sessions[i];
             }
         }
@@ -98,8 +100,8 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl
         }
 
         int allowableSessions = getMaximumSessionsForThisUser(request);
-        Assert.isTrue(allowableSessions != 0,
+        Assert.isTrue(allowableSessions != 0, "getMaximumSessionsForThisUser() must return either -1 to allow "
-            "getMaximumSessionsForThisUser() must return either -1 to allow unlimited logins, or a positive integer to specify a maximum");
+                + "unlimited logins, or a positive integer to specify a maximum");
 
         if (sessionCount < allowableSessions) {
             // They haven't got too many login sessions running at present

core/src/main/java/org/acegisecurity/concurrent/SessionIdentifierAware.java

@@ -18,7 +18,7 @@ package org.acegisecurity.concurrent;
 /**
  * Implemented by {@link org.acegisecurity.Authentication#getDetails()}
  * implementations that are capable of returning a session ID.
- * 
+ *
  * <p>
  * This interface is used by {@link
  * org.acegisecurity.concurrent.SessionRegistryUtils} to extract the session
@@ -40,5 +40,5 @@ public interface SessionIdentifierAware {
      *
      * @return the session ID, or <code>null</code> if not known.
      */
-    public String getSessionId();
+    String getSessionId();
 }

core/src/main/java/org/acegisecurity/concurrent/SessionRegistry.java

@@ -29,7 +29,7 @@ public interface SessionRegistry {
      *
      * @return each of the unique principals, which can then be presented to {@link #getAllSessions(Object, boolean)}.
      */
-    public Object[] getAllPrincipals();
+    Object[] getAllPrincipals();
 
     /**
      * Obtains all the known sessions for the specified principal. Sessions that have been destroyed are not
@@ -41,7 +41,7 @@ public interface SessionRegistry {
      *
      * @return the matching sessions for this principal, or <code>null</code> if none were found
      */
-    public SessionInformation[] getAllSessions(Object principal, boolean includeExpiredSessions);
+    SessionInformation[] getAllSessions(Object principal, boolean includeExpiredSessions);
 
     /**
      * Obtains the session information for the specified <code>sessionId</code>. Even expired sessions are
@@ -51,7 +51,7 @@ public interface SessionRegistry {
      *
      * @return the session information, or <code>null</code> if not found
      */
-    public SessionInformation getSessionInformation(String sessionId);
+    SessionInformation getSessionInformation(String sessionId);
 
     /**
      * Updates the given <code>sessionId</code> so its last request time is equal to the present date and time.
@@ -59,7 +59,7 @@ public interface SessionRegistry {
      *
      * @param sessionId for which to update the date and time of the last request (should never be <code>null</code>)
      */
-    public void refreshLastRequest(String sessionId);
+    void refreshLastRequest(String sessionId);
 
     /**
      * Registers a new session for the specified principal. The newly registered session will not be marked for
@@ -70,7 +70,7 @@ public interface SessionRegistry {
      *
      * @throws SessionAlreadyUsedException DOCUMENT ME!
      */
-    public void registerNewSession(String sessionId, Object principal)
+    void registerNewSession(String sessionId, Object principal)
         throws SessionAlreadyUsedException;
 
     /**
@@ -79,5 +79,5 @@ public interface SessionRegistry {
      *
      * @param sessionId to delete information for (should never be <code>null</code>)
      */
-    public void removeSessionInformation(String sessionId);
+    void removeSessionInformation(String sessionId);
 }

core/src/main/java/org/acegisecurity/concurrent/SessionRegistryUtils.java

@@ -28,7 +28,12 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  * @version $Id$
  */
-public class SessionRegistryUtils {
+public final class SessionRegistryUtils {
+    //~ Constructors ===================================================================================================
+
+    private SessionRegistryUtils() {
+    }
+
     //~ Methods ========================================================================================================
 
     public static Object obtainPrincipalFromAuthentication(Authentication auth) {

core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java

@@ -35,16 +35,22 @@ import org.springframework.util.ReflectionUtils;
 
 
 /**
- * <p>Populates the {@link SecurityContextHolder} with information obtained from the <code>HttpSession</code>.</p>
+ * Populates the {@link SecurityContextHolder} with information obtained from the <code>HttpSession</code>.
- *  <p>The <code>HttpSession</code> will be queried to retrieve the <code>SecurityContext</code> that should be
+ *
+ * <p>
+ * The <code>HttpSession</code> will be queried to retrieve the <code>SecurityContext</code> that should be
  * stored against the <code>SecurityContextHolder</code> for the duration of the web request. At the end of the web
  * request, any updates made to the <code>SecurityContextHolder</code> will be persisted back to the
- * <code>HttpSession</code> by this filter.</p>
+ * <code>HttpSession</code> by this filter.
- *  <p>If a valid <code>SecurityContext</code> cannot be obtained from the <code>HttpSession</code> for whatever
+ * </p>
+ * <p>
+ * If a valid <code>SecurityContext</code> cannot be obtained from the <code>HttpSession</code> for whatever
  * reason, a fresh <code>SecurityContext</code> will be created and used instead. The created object will be of the
  * instance defined by the {@link #setContext(Class)} method (which defaults to {@link
- * org.acegisecurity.context.SecurityContextImpl}.</p>
+ * org.acegisecurity.context.SecurityContextImpl}.
- *  <p>No <code>HttpSession</code> will be created by this filter if one does not already exist. If at the end of
+ * </p>
+ * <p>
+ * No <code>HttpSession</code> will be created by this filter if one does not already exist. If at the end of
  * the web request the <code>HttpSession</code> does not exist, a <code>HttpSession</code> will <b>only</b> be created
  * if the current contents of the <code>SecurityContextHolder</code> are not {@link
  * java.lang.Object#equals(java.lang.Object)} to a <code>new</code> instance of {@link #setContext(Class)}. This
@@ -52,19 +58,25 @@ import org.springframework.util.ReflectionUtils;
  * <code>SecurityContextHolder</code>. There is one exception to this rule, that is if the {@link
  * #forceEagerSessionCreation} property is <code>true</code>, in which case sessions will always be created
  * irrespective of normal session-minimisation logic (the default is <code>false</code>, as this is resource intensive
- * and not recommended).</p>
+ * and not recommended).
- *  <p>This filter will only execute once per request, to resolve servlet container (specifically Weblogic)
+ * </p>
+ * <p>
+ * This filter will only execute once per request, to resolve servlet container (specifically Weblogic)
  * incompatibilities.</p>
- *  <p>If for whatever reason no <code>HttpSession</code> should <b>ever</b> be created (eg this filter is only
+ * <p>
+ * If for whatever reason no <code>HttpSession</code> should <b>ever</b> be created (eg this filter is only
  * being used with Basic authentication or similar clients that will never present the same <code>jsessionid</code>
  * etc), the {@link #setAllowSessionCreation(boolean)} should be set to <code>false</code>. Only do this if you really
  * need to conserve server memory and ensure all classes using the <code>SecurityContextHolder</code> are designed to
  * have no persistence of the <code>SecurityContext</code> between web requests. Please note that if {@link
  * #forceEagerSessionCreation} is <code>true</code>, the <code>allowSessionCreation</code> must also be
- * <code>true</code> (setting it to <code>false</code> will cause a startup time error).</p>
+ * <code>true</code> (setting it to <code>false</code> will cause a startup time error).
- *  <p>This filter MUST be executed BEFORE any authentication processing mechanisms. Authentication processing
+ * </p>
+ * <p>
+ * This filter MUST be executed BEFORE any authentication processing mechanisms. Authentication processing
  * mechanisms (eg BASIC, CAS processing filters etc) expect the <code>SecurityContextHolder</code> to contain a valid
- * <code>SecurityContext</code> by the time they execute.</p>
+ * <code>SecurityContext</code> by the time they execute.
+ * </p>
  *
  * @author Ben Alex
  * @author Patrick Burleson
@@ -101,28 +113,28 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
      * are conscious of the session creation overhead.
      */
     private boolean forceEagerSessionCreation = false;
-    
+
     /**
      * Indicates whether the <code>SecurityContext</code> will be cloned from the <code>HttpSession</code>. The
      * default is to simply reference (ie the default is <code>false</code>). The default may cause issues if
      * concurrent threads need to have a different security identity from other threads being concurrently processed
      * that share the same <code>HttpSession</code>. In most normal environments this does not represent an issue,
      * as changes to the security identity in one thread is allowed to affect the security identitiy in other
-     * threads associated with the same <code>HttpSession</code>. For unusual cases where this is not permitted, 
+     * threads associated with the same <code>HttpSession</code>. For unusual cases where this is not permitted,
      * change this value to <code>true</code> and ensure the {@link #context} is set to a <code>SecurityContext</code>
      * that implements {@link Cloneable} and overrides the <code>clone()</code> method.
      */
     private boolean cloneFromHttpSession = false;
 
     public boolean isCloneFromHttpSession() {
-		return cloneFromHttpSession;
+        return cloneFromHttpSession;
-	}
+    }
 
-	public void setCloneFromHttpSession(boolean cloneFromHttpSession) {
+    public void setCloneFromHttpSession(boolean cloneFromHttpSession) {
-		this.cloneFromHttpSession = cloneFromHttpSession;
+        this.cloneFromHttpSession = cloneFromHttpSession;
-	}
+    }
 
-	public HttpSessionContextIntegrationFilter() throws ServletException {
+    public HttpSessionContextIntegrationFilter() throws ServletException {
         this.contextObject = generateNewContext();
     }
 
@@ -131,7 +143,8 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
     public void afterPropertiesSet() throws Exception {
         if ((this.context == null) || (!SecurityContext.class.isAssignableFrom(this.context))) {
             throw new IllegalArgumentException(
-                "context must be defined and implement SecurityContext (typically use org.acegisecurity.context.SecurityContextImpl; existing class is "
+                "context must be defined and implement SecurityContext "
+                + "(typically use org.acegisecurity.context.SecurityContextImpl; existing class is "
                 + this.context + ")");
         }
 
@@ -167,27 +180,27 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
                 httpSessionExistedAtStartOfRequest = true;
 
                 Object contextFromSessionObject = httpSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY);
-                
+
                 // Clone if required (see SEC-356)
                 if (cloneFromHttpSession) {
-                	Assert.isInstanceOf(Cloneable.class, contextFromSessionObject, "Context must implement Clonable and provide a Object.clone() method");
+                    Assert.isInstanceOf(Cloneable.class, contextFromSessionObject,
-                	try {
+                            "Context must implement Clonable and provide a Object.clone() method");
-                		Method m = contextFromSessionObject.getClass().getMethod("clone", new Class[] {});
+                    try {
-                		if (!m.isAccessible()) {
+                        Method m = contextFromSessionObject.getClass().getMethod("clone", new Class[] {});
-                    		m.setAccessible(true);
+                        if (!m.isAccessible()) {
-                		}
+                            m.setAccessible(true);
-                		contextFromSessionObject = m.invoke(contextFromSessionObject, new Object[] {});
+                        }
-                	} catch (Exception ex) {
+                        contextFromSessionObject = m.invoke(contextFromSessionObject, new Object[] {});
-                		ReflectionUtils.handleReflectionException(ex);
+                    } catch (Exception ex) {
-                	}
+                        ReflectionUtils.handleReflectionException(ex);
+                    }
                 }
-                
+
                 if (contextFromSessionObject != null) {
                     if (contextFromSessionObject instanceof SecurityContext) {
                         if (logger.isDebugEnabled()) {
-                            logger.debug(
+                            logger.debug("Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and "
-                                "Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: '"
+                                + "set to SecurityContextHolder: '" + contextFromSessionObject + "'");
-                                + contextFromSessionObject + "'");
                         }
 
                         SecurityContextHolder.setContext((SecurityContext) contextFromSessionObject);
@@ -195,23 +208,26 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
                         if (logger.isWarnEnabled()) {
                             logger.warn("ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
                                 + contextFromSessionObject
-                                + "'; are you improperly modifying the HttpSession directly (you should always use SecurityContextHolder) or using the HttpSession attribute reserved for this class? - new SecurityContext instance associated with SecurityContextHolder");
+                                + "'; are you improperly modifying the HttpSession directly "
+                                + "(you should always use SecurityContextHolder) or using the HttpSession attribute "
+                                + "reserved for this class? - new SecurityContext instance associated with "
+                                + "SecurityContextHolder");
                         }
 
                         SecurityContextHolder.setContext(generateNewContext());
                     }
                 } else {
                     if (logger.isDebugEnabled()) {
-                        logger.debug(
+                        logger.debug("HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new "
-                            "HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder");
+                            + "SecurityContext instance associated with SecurityContextHolder");
                     }
 
                     SecurityContextHolder.setContext(generateNewContext());
                 }
             } else {
                 if (logger.isDebugEnabled()) {
-                    logger.debug(
+                    logger.debug("No HttpSession currently exists - new SecurityContext instance "
-                        "No HttpSession currently exists - new SecurityContext instance associated with SecurityContextHolder");
+                        + "associated with SecurityContextHolder");
                 }
 
                 SecurityContextHolder.setContext(generateNewContext());
@@ -240,8 +256,8 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
 
                 if ((httpSession == null) && httpSessionExistedAtStartOfRequest) {
                     if (logger.isDebugEnabled()) {
-                        logger.debug(
+                        logger.debug("HttpSession is now null, but was not null at start of request; "
-                            "HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session");
+                                + "session was invalidated, so do not create a new session");
                     }
                 }
 
@@ -249,8 +265,10 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
                 if ((httpSession == null) && !httpSessionExistedAtStartOfRequest) {
                     if (!allowSessionCreation) {
                         if (logger.isDebugEnabled()) {
-                            logger.debug(
+                            logger.debug("The HttpSession is currently null, and the "
-                                "The HttpSession is currently null, and the HttpSessionContextIntegrationFilter is prohibited from creating a HttpSession (because the allowSessionCreation property is false) - SecurityContext thus not stored for next request");
+                                   + "HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession "
+                                   + "(because the allowSessionCreation property is false) - SecurityContext thus not "
+                                   + "stored for next request");
                         }
                     } else if (!contextObject.equals(SecurityContextHolder.getContext())) {
                         if (logger.isDebugEnabled()) {
@@ -263,17 +281,15 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
                     } else {
                         if (logger.isDebugEnabled()) {
                             logger.debug(
-                                "HttpSession is null, but SecurityContextHolder has not changed from default: ' "
+                                    "HttpSession is null, but SecurityContextHolder has not changed from default: ' "
-                                + SecurityContextHolder.getContext()
+                                    + SecurityContextHolder.getContext()
-                                + "'; not creating HttpSession or storing SecurityContextHolder contents");
+                                    + "'; not creating HttpSession or storing SecurityContextHolder contents");
                         }
                     }
                 }
 
-                // If HttpSession exists, store current SecurityContextHolder
+                // If HttpSession exists, store current SecurityContextHolder contents but only if SecurityContext has
-                // contents
+                // actually changed (see JIRA SEC-37)
-                // but only if SecurityContext has actually changed (see JIRA
-                // SEC-37)
                 if ((httpSession != null)
                     && (SecurityContextHolder.getContext().hashCode() != contextWhenChainProceeded)) {
                     httpSession.setAttribute(ACEGI_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());

core/src/main/java/org/acegisecurity/context/SecurityContext.java

@@ -23,7 +23,7 @@ import java.io.Serializable;
 /**
  * Interface defining the minimum security information associated with the
  * current thread of execution.
- * 
+ *
  * <p>
  * The security context is stored in a {@link SecurityContextHolder}.
  * </p>
@@ -39,7 +39,7 @@ public interface SecurityContext extends Serializable {
      *
      * @return the <code>Authentication</code> or <code>null</code> if no authentication information is available
      */
-    public Authentication getAuthentication();
+    Authentication getAuthentication();
 
     /**
      * Changes the currently authenticated principal, or removes the authentication information.
@@ -47,5 +47,5 @@ public interface SecurityContext extends Serializable {
      * @param authentication the new <code>Authentication</code> token, or <code>null</code> if no further
      *        authentication information should be stored
      */
-    public void setAuthentication(Authentication authentication);
+    void setAuthentication(Authentication authentication);
 }

core/src/main/java/org/acegisecurity/context/SecurityContextHolderStrategy.java

@@ -17,7 +17,7 @@ package org.acegisecurity.context;
 
 /**
  * A strategy for storing security context information against a thread.
- * 
+ *
  * <p>
  * The preferred strategy is loaded by {@link
  * org.acegisecurity.context.SecurityContextHolder}.
@@ -32,14 +32,14 @@ public interface SecurityContextHolderStrategy {
     /**
      * Clears the current context.
      */
-    public void clearContext();
+    void clearContext();
 
     /**
      * Obtains the current context.
      *
      * @return a context (never <code>null</code> - create a default implementation if necessary)
      */
-    public SecurityContext getContext();
+    SecurityContext getContext();
 
     /**
      * Sets the current context.
@@ -47,5 +47,5 @@ public interface SecurityContextHolderStrategy {
      * @param context to the new argument (should never be <code>null</code>, although implementations must check if
      *        <code>null</code> has been passed and throw an <code>IllegalArgumentException</code> in such cases)
      */
-    public void setContext(SecurityContext context);
+    void setContext(SecurityContext context);
 }

core/src/main/java/org/acegisecurity/context/httpinvoker/AuthenticationSimpleHttpInvokerRequestExecutor.java

@@ -85,9 +85,8 @@ public class AuthenticationSimpleHttpInvokerRequestExecutor extends SimpleHttpIn
             }
         } else {
             if (logger.isDebugEnabled()) {
-                logger.debug(
+                logger.debug("Unable to set BASIC authentication header as SecurityContext did not provide "
-                    "Unable to set BASIC authentication header as SecurityContext did not provide valid Authentication: "
+                        + "valid Authentication: " + auth);
-                    + auth);
             }
         }
 

core/src/main/java/org/acegisecurity/event/authorization/AuthorizationFailureEvent.java

@@ -15,9 +15,7 @@
 
 package org.acegisecurity.event.authorization;
 
-import org.acegisecurity.AccessDecisionManager;
 import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.AfterInvocationManager;
 import org.acegisecurity.Authentication;
 import org.acegisecurity.ConfigAttributeDefinition;
 
@@ -27,7 +25,8 @@ import org.acegisecurity.ConfigAttributeDefinition;
  * be authorized for the request.
  *
  * <p>This event might be thrown as a result of either an
- * {@link AccessDecisionManager} or an {@link AfterInvocationManager}.
+ * {@link org.acegisecurity.AccessDecisionManager AccessDecisionManager} or an
+ * {@link org.acegisecurity.AfterInvocationManager AfterInvocationManager}.
  *
  * @author Ben Alex
  * @version $Id$
@@ -41,7 +40,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
 
     //~ Constructors ===================================================================================================
 
-/**
+    /**
      * Construct the event.
      *
      * @param secureObject the secure object

core/src/main/java/org/acegisecurity/event/authorization/LoggerListener.java

@@ -23,8 +23,11 @@ import org.springframework.context.ApplicationListener;
 
 
 /**
- * Outputs interceptor-related application events to Commons Logging.<P>All failures are logged at the warning
+ * Outputs interceptor-related application events to Commons Logging.
- * level, with success events logged at the information level, and public invocation events logged at the debug level.</p>
+ * <p>
+ * All failures are logged at the warning level, with success events logged at the information level,
+ * and public invocation events logged at the debug level.
+ * </p>
  *
  * @author Ben Alex
  * @version $Id$
@@ -52,8 +55,9 @@ public class LoggerListener implements ApplicationListener {
 
             if (logger.isWarnEnabled()) {
                 logger.warn("Security authorization failed due to: " + authEvent.getAccessDeniedException()
-                    + "; authenticated principal: " + authEvent.getAuthentication() + "; secure object: "
+                    + "; authenticated principal: " + authEvent.getAuthentication()
-                    + authEvent.getSource() + "; configuration attributes: " + authEvent.getConfigAttributeDefinition());
+                    + "; secure object: " + authEvent.getSource()
+                    + "; configuration attributes: " + authEvent.getConfigAttributeDefinition());
             }
         }
 

core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java

@@ -154,7 +154,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
                         token.getAttr(), returnedObject);
             } catch (AccessDeniedException accessDeniedException) {
                 AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(),
-                		token.getAttr(), token.getAuthentication(), accessDeniedException);
+                        token.getAttr(), token.getAuthentication(), accessDeniedException);
                 publishEvent(event);
 
                 throw accessDeniedException;
@@ -196,7 +196,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
             if (iter == null) {
                 if (logger.isWarnEnabled()) {
                     logger.warn(
-                        "Could not validate configuration attributes as the MethodDefinitionSource did not return a ConfigAttributeDefinition Iterator");
+                        "Could not validate configuration attributes as the MethodDefinitionSource did not return a "
+                                + "ConfigAttributeDefinition Iterator");
                 }
             } else {
                 Set set = new HashSet();
@@ -239,8 +240,9 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
         ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource().getAttributes(object);
 
         if ((attr == null) && rejectPublicInvocations) {
-            throw new IllegalArgumentException(
+            throw new IllegalArgumentException("No public invocations are allowed via this AbstractSecurityInterceptor. "
-                "No public invocations are allowed via this AbstractSecurityInterceptor. This indicates a configuration error because the AbstractSecurityInterceptor.rejectPublicInvocations property is set to 'true'");
+                    + "This indicates a configuration error because the "
+                    + "AbstractSecurityInterceptor.rejectPublicInvocations property is set to 'true'");
         }
 
         if (attr != null) {
@@ -306,7 +308,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
                     logger.debug("RunAsManager did not change Authentication object");
                 }
 
-                return new InterceptorStatusToken(authenticated, false, attr, object); // no further work post-invocation
+                // no further work post-invocation
+                return new InterceptorStatusToken(authenticated, false, attr, object);
             } else {
                 if (logger.isDebugEnabled()) {
                     logger.debug("Switching to RunAs Authentication: " + runAs.toString());
@@ -314,7 +317,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
 
                 SecurityContextHolder.getContext().setAuthentication(runAs);
 
-                return new InterceptorStatusToken(authenticated, true, attr, object); // revert to token.Authenticated post-invocation
+                // revert to token.Authenticated post-invocation
+                return new InterceptorStatusToken(authenticated, true, attr, object);
             }
         } else {
             if (logger.isDebugEnabled()) {
@@ -406,8 +410,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
         this.alwaysReauthenticate = alwaysReauthenticate;
     }
 
-    public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) {
+    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
-        this.eventPublisher = eventPublisher;
+        this.eventPublisher = applicationEventPublisher;
     }
 
     public void setAuthenticationManager(AuthenticationManager newManager) {

core/src/main/java/org/acegisecurity/intercept/ObjectDefinitionSource.java

@@ -42,7 +42,7 @@ public interface ObjectDefinitionSource {
      * @throws IllegalArgumentException if the passed object is not of a type supported by the
      *         <code>ObjectDefinitionSource</code> implementation
      */
-    public ConfigAttributeDefinition getAttributes(Object object)
+    ConfigAttributeDefinition getAttributes(Object object)
         throws IllegalArgumentException;
 
     /**
@@ -52,7 +52,7 @@ public interface ObjectDefinitionSource {
      *
      * @return an iterator over all the <code>ConfigAttributeDefinition</code>s or <code>null</code> if unsupported
      */
-    public Iterator getConfigAttributeDefinitions();
+    Iterator getConfigAttributeDefinitions();
 
     /**
      * Indicates whether the <code>ObjectDefinitionSource</code> implementation is able to provide
@@ -62,5 +62,5 @@ public interface ObjectDefinitionSource {
      *
      * @return true if the implementation can process the indicated class
      */
-    public boolean supports(Class clazz);
+    boolean supports(Class clazz);
 }

core/src/main/java/org/acegisecurity/intercept/method/MethodDefinitionAttributes.java

@@ -86,7 +86,7 @@ public class MethodDefinitionAttributes extends AbstractMethodDefinitionSource {
                 Method m = clazz.getDeclaredMethod(method.getName(), (Class[]) method.getParameterTypes());
                 addMethodAttributes(definition, m);
             } catch (Exception e) {
-                // this won't happen since we are getting a method from an interface that 
+                // this won't happen since we are getting a method from an interface that
                 // the declaring class implements
             }
         }

core/src/main/java/org/acegisecurity/intercept/method/MethodDefinitionMap.java

@@ -207,7 +207,8 @@ public class MethodDefinitionMap extends AbstractMethodDefinitionSource {
             try {
                 // Look for the method on the current interface
                 Method interfaceMethod = clazz.getDeclaredMethod(method.getName(), (Class[]) method.getParameterTypes());
-                ConfigAttributeDefinition interfaceAssigned = (ConfigAttributeDefinition) this.methodMap.get(interfaceMethod);
+                ConfigAttributeDefinition interfaceAssigned =
+                        (ConfigAttributeDefinition) this.methodMap.get(interfaceMethod);
                 merge(definition, interfaceAssigned);
             } catch (Exception e) {
                 // skip this interface
@@ -236,7 +237,7 @@ public class MethodDefinitionMap extends AbstractMethodDefinitionSource {
 
     /**
      * Easier configuration of the instance, using {@link MethodDefinitionSourceMapping}.
-     * 
+     *
      * @param mappings {@link List} of {@link MethodDefinitionSourceMapping} objects.
      */
     public void setMappings(List mappings) {

core/src/main/java/org/acegisecurity/intercept/method/MethodDefinitionSourceEditor.java

@@ -30,8 +30,8 @@ import java.util.Properties;
 
 
 /**
- * Property editor to assist with the setup of a {@link MethodDefinitionSource}.<p>The class creates and populates
+ * Property editor to assist with the setup of a {@link MethodDefinitionSource}.
- * a {@link MethodDefinitionMap}.</p>
+ * <p>The class creates and populates a {@link MethodDefinitionMap}.</p>
  *
  * @author Ben Alex
  * @version $Id$

core/src/main/java/org/acegisecurity/intercept/method/aopalliance/MethodDefinitionSourceAdvisor.java

@@ -68,11 +68,12 @@ public class MethodDefinitionSourceAdvisor extends StaticMethodMatcherPointcutAd
     //~ Inner Classes ==================================================================================================
 
     /**
-     * Represents a <code>MethodInvocation</code>.<p>Required as <code>MethodDefinitionSource</code> only
+     * Represents a <code>MethodInvocation</code>.
-     * supports lookup of configuration attributes for <code>MethodInvocation</code>s.</p>
+     * <p>Required as <code>MethodDefinitionSource</code> only supports lookup of configuration attributes for
+     * <code>MethodInvocation</code>s.</p>
      */
     class InternalMethodInvocation implements MethodInvocation {
-        Method method;
+        private Method method;
 
         public InternalMethodInvocation(Method method) {
             this.method = method;

core/src/main/java/org/acegisecurity/intercept/method/aspectj/AspectJCallback.java

@@ -27,5 +27,5 @@ package org.acegisecurity.intercept.method.aspectj;
 public interface AspectJCallback {
     //~ Methods ========================================================================================================
 
-    public Object proceedWithObject();
+    Object proceedWithObject();
 }

core/src/main/java/org/acegisecurity/intercept/web/AbstractFilterInvocationDefinitionSource.java

@@ -28,9 +28,6 @@ import org.apache.commons.logging.LogFactory;
  * @version $Id$
  */
 public abstract class AbstractFilterInvocationDefinitionSource implements FilterInvocationDefinitionSource {
-    //~ Static fields/initializers =====================================================================================
-
-    private static final Log logger = LogFactory.getLog(AbstractFilterInvocationDefinitionSource.class);
 
     //~ Methods ========================================================================================================
 
@@ -47,9 +44,11 @@ public abstract class AbstractFilterInvocationDefinitionSource implements Filter
 
     /**
      * Performs the actual lookup of the relevant <code>ConfigAttributeDefinition</code> for the specified
-     * <code>FilterInvocation</code>.<P>Provided so subclasses need only to provide one basic method to
+     * <code>FilterInvocation</code>.
-     * properly interface with the <code>FilterInvocationDefinitionSource</code>.</p>
+     * <p>Provided so subclasses need only to provide one basic method to properly interface with the
-     *  <P>Public visiblity so that tablibs or other view helper classes can access the
+     * <code>FilterInvocationDefinitionSource</code>.
+     * </p>
+     * <p>Public visiblity so that tablibs or other view helper classes can access the
      * <code>ConfigAttributeDefinition</code> applying to a given URI pattern without needing to construct a mock
      * <code>FilterInvocation</code> and retrieving the attibutes via the {@link #getAttributes(Object)} method.</p>
      *
@@ -60,10 +59,6 @@ public abstract class AbstractFilterInvocationDefinitionSource implements Filter
     public abstract ConfigAttributeDefinition lookupAttributes(String url);
 
     public boolean supports(Class clazz) {
-        if (FilterInvocation.class.isAssignableFrom(clazz)) {
+        return FilterInvocation.class.isAssignableFrom(clazz);
-            return true;
-        } else {
-            return false;
-        }
     }
 }

core/src/main/java/org/acegisecurity/intercept/web/FilterInvocationDefinitionMap.java

@@ -28,9 +28,9 @@ import org.acegisecurity.ConfigAttributeDefinition;
 public interface FilterInvocationDefinitionMap {
     //~ Methods ========================================================================================================
 
-    public void addSecureUrl(String expression, ConfigAttributeDefinition attr);
+    void addSecureUrl(String expression, ConfigAttributeDefinition attr);
 
-    public boolean isConvertUrlToLowercaseBeforeComparison();
+    boolean isConvertUrlToLowercaseBeforeComparison();
 
-    public void setConvertUrlToLowercaseBeforeComparison(boolean convertUrlToLowercaseBeforeComparison);
+    void setConvertUrlToLowercaseBeforeComparison(boolean convertUrlToLowercaseBeforeComparison);
 }

core/src/main/java/org/acegisecurity/intercept/web/FilterInvocationDefinitionSourceEditor.java

@@ -43,7 +43,8 @@ public class FilterInvocationDefinitionSourceEditor extends PropertyEditorSuppor
     //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(FilterInvocationDefinitionSourceEditor.class);
-    public static final String DIRECTIVE_CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON = "CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON";
+    public static final String DIRECTIVE_CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON =
+            "CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON";
     public static final String DIRECTIVE_PATTERN_TYPE_APACHE_ANT = "PATTERN_TYPE_APACHE_ANT";
 
     //~ Methods ========================================================================================================
@@ -79,7 +80,7 @@ public class FilterInvocationDefinitionSourceEditor extends PropertyEditorSuppor
             BufferedReader br = new BufferedReader(new StringReader(s));
             int counter = 0;
             String line;
-            
+
             List mappings = new ArrayList();
 
             while (true) {

core/src/main/java/org/acegisecurity/intercept/web/FilterInvocationDefinitionSourceMapping.java

@@ -24,7 +24,7 @@ import org.acegisecurity.ConfigAttribute;
  * Configuration entry for {@link FilterInvocationDefinitionSource}, that holds
  * the url to be protected and the {@link ConfigAttribute}s as {@link String}
  * that apply to that url.
- * 
+ *
  * @author <a href="mailto:carlos@apache.org">Carlos Sanchez</a>
  * @version $Id$
  * @since 1.1
@@ -37,7 +37,7 @@ public class FilterInvocationDefinitionSourceMapping {
 
     /**
      * Url to be secured.
-     * 
+     *
      * @param url
      */
     public void setUrl(String url) {
@@ -46,7 +46,7 @@ public class FilterInvocationDefinitionSourceMapping {
 
     /**
      * Url to be secured.
-     * 
+     *
      * @return the url
      */
     public String getUrl() {
@@ -55,15 +55,14 @@ public class FilterInvocationDefinitionSourceMapping {
 
     /**
      * 
-     * @param roles
+     * @param roles {@link List}&lt;{@link String}>
-     *            {@link List}&lt;{@link String}>
      */
     public void setConfigAttributes(List roles) {
         this.configAttributes = roles;
     }
 
     /**
-     * 
+     *
      * @return {@link List}&lt;{@link String}>
      */
     public List getConfigAttributes() {
@@ -72,7 +71,7 @@ public class FilterInvocationDefinitionSourceMapping {
 
     /**
      * Add a {@link ConfigAttribute} as {@link String}
-     * 
+     *
      * @param configAttribute
      */
     public void addConfigAttribute(String configAttribute) {

core/src/main/java/org/acegisecurity/ldap/DefaultInitialDirContextFactory.java

@@ -42,15 +42,19 @@ import javax.naming.directory.InitialDirContext;
 
 /**
  * Encapsulates the information for connecting to an LDAP server and provides an access point for obtaining
- * <tt>DirContext</tt> references.<p>The directory location is configured using by setting the constructor argument
+ * <tt>DirContext</tt> references.
+ * <p>
+ * The directory location is configured using by setting the constructor argument
  * <tt>providerUrl</tt>. This should be in the form <tt>ldap://monkeymachine.co.uk:389/dc=acegisecurity,dc=org</tt>.
  * The Sun JNDI provider also supports lists of space-separated URLs, each of which will be tried in turn until a
- * connection is obtained.</p>
+ * connection is obtained.
- *  <p>To obtain an initial context, the client calls the <tt>newInitialDirContext</tt> method. There are two
+ * </p>
- * signatures - one with no arguments and one which allows binding with a specific username and password.</p>
+ * <p>To obtain an initial context, the client calls the <tt>newInitialDirContext</tt> method. There are two
- *  <p>The no-args version will bind anonymously unless a manager login has been configured using the properties
+ * signatures - one with no arguments and one which allows binding with a specific username and password.
+ * </p>
+ * <p>The no-args version will bind anonymously unless a manager login has been configured using the properties
  * <tt>managerDn</tt> and <tt>managerPassword</tt>, in which case it will bind as the manager user.</p>
- *  <p>Connection pooling is enabled by default for anonymous or manager connections, but not when binding as a
+ * <p>Connection pooling is enabled by default for anonymous or manager connections, but not when binding as a
  * specific user.</p>
  *
  * @author Robert Sanders
@@ -113,7 +117,7 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
 
     /**
      * Create and initialize an instance to the LDAP url provided
-     * 
+     *
      * @param providerUrl a String of the form <code>ldap://localhost:389/base_dn<code>
      */
     public DefaultInitialDirContextFactory(String providerUrl) {
@@ -124,7 +128,7 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
 
     /**
      * Set the LDAP url
-     * 
+     *
      * @param providerUrl a String of the form <code>ldap://localhost:389/base_dn<code>
      */
     private void setProviderUrl(String providerUrl) {
@@ -154,7 +158,7 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
 
     /**
      * Get the LDAP url
-     * 
+     *
      * @return the url
      */
     private String getProviderUrl() {
@@ -175,8 +179,8 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
         try {
             return useLdapContext ? new InitialLdapContext(env, null) : new InitialDirContext(env);
         } catch (NamingException ne) {
-            if ((ne instanceof javax.naming.AuthenticationException) ||
+            if ((ne instanceof javax.naming.AuthenticationException)
-                    (ne instanceof OperationNotSupportedException)) {
+                    || (ne instanceof OperationNotSupportedException)) {
                 throw new BadCredentialsException(messages.getMessage("DefaultIntitalDirContextFactory.badCredentials",
                         "Bad credentials"), ne);
             }

core/src/main/java/org/acegisecurity/ldap/LdapCallback.java

@@ -27,6 +27,6 @@ import javax.naming.directory.DirContext;
 public interface LdapCallback {
     //~ Methods ========================================================================================================
 
-    public Object doInDirContext(DirContext dirContext)
+    Object doInDirContext(DirContext dirContext)
         throws NamingException;
 }

core/src/main/java/org/acegisecurity/ldap/LdapEntryMapper.java

@@ -19,16 +19,16 @@ import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
 
 
-/**
+/**
- * A mapper for use with {@link LdapTemplate}. Creates a customized object from
+ * A mapper for use with {@link LdapTemplate}. Creates a customized object from
- * a set of attributes retrieved from a directory entry.
+ * a set of attributes retrieved from a directory entry.
- *
+ *
- * @author Luke Taylor
+ * @author Luke Taylor
- * @version $Id$
+ * @version $Id$
  */
 public interface LdapEntryMapper {
     //~ Methods ========================================================================================================
 
-    public Object mapAttributes(String dn, Attributes attributes)
+    Object mapAttributes(String dn, Attributes attributes)
         throws NamingException;
 }

core/src/main/java/org/acegisecurity/ldap/LdapTemplate.java

@@ -238,7 +238,8 @@ public class LdapTemplate {
      *
      * @return the object created by the mapper from the matching entry
      *
-     * @throws IncorrectResultSizeDataAccessException if no results are found or the search returns more than one result.
+     * @throws IncorrectResultSizeDataAccessException if no results are found or the search returns more than one
+     *         result.
      */
     public Object searchForSingleEntry(final String base, final String filter, final Object[] params,
         final LdapEntryMapper mapper) {

core/src/main/java/org/acegisecurity/ldap/LdapUtils.java

@@ -32,11 +32,16 @@ import javax.naming.NamingException;
  * @author Luke Taylor
  * @version $Id$
  */
-public class LdapUtils {
+public final class LdapUtils {
     //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(LdapUtils.class);
 
+    //~ Constructors ===================================================================================================
+
+    private LdapUtils() {
+    }
+
     //~ Methods ========================================================================================================
 
     public static void closeContext(Context ctx) {

core/src/main/java/org/acegisecurity/ldap/search/FilterBasedLdapUserSearch.java

@@ -124,7 +124,7 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
 
             return user.createUserDetails();
         } catch (IncorrectResultSizeDataAccessException notFound) {
-            if(notFound.getActualSize() == 0) {
+            if (notFound.getActualSize() == 0) {
                 throw new UsernameNotFoundException("User " + username + " not found in directory.");
             }
             // Search should never return multiple results if properly configured, so just rethrow

core/src/main/java/org/acegisecurity/providers/AuthenticationProvider.java

@@ -42,17 +42,20 @@ public interface AuthenticationProvider {
      *
      * @throws AuthenticationException if authentication fails.
      */
-    public Authentication authenticate(Authentication authentication)
+    Authentication authenticate(Authentication authentication)
         throws AuthenticationException;
 
     /**
      * Returns <code>true</code> if this <Code>AuthenticationProvider</code> supports the indicated
-     * <Code>Authentication</code> object.<p>Returning <code>true</code> does not guarantee an
+     * <Code>Authentication</code> object.
-     * <code>AuthenticationProvider</code> will be able to authenticate the presented instance of the
+     * <p>
-     * <code>Authentication</code> class. It simply indicates it can support closer evaluation of it. An
+     * Returning <code>true</code> does not guarantee an <code>AuthenticationProvider</code> will be able to
-     * <code>AuthenticationProvider</code> can still return <code>null</code> from the {@link
+     * authenticate the presented instance of the <code>Authentication</code> class. It simply indicates it can support
-     * #authenticate(Authentication)} method to indicate another <code>AuthenticationProvider</code> should be tried.</p>
+     * closer evaluation of it. An <code>AuthenticationProvider</code> can still return <code>null</code> from the
-     *  <P>Selection of an <code>AuthenticationProvider</code> capable of performing authentication is
+     * {@link #authenticate(Authentication)} method to indicate another <code>AuthenticationProvider</code> should be
+     * tried.
+     * </p>
+     * <p>Selection of an <code>AuthenticationProvider</code> capable of performing authentication is
      * conducted at runtime the <code>ProviderManager</code>.</p>
      *
      * @param authentication DOCUMENT ME!
@@ -60,5 +63,5 @@ public interface AuthenticationProvider {
      * @return <code>true</code> if the implementation can more closely evaluate the <code>Authentication</code> class
      *         presented
      */
-    public boolean supports(Class authentication);
+    boolean supports(Class authentication);
 }

core/src/main/java/org/acegisecurity/providers/ProviderManager.java

@@ -69,17 +69,22 @@ import java.util.Properties;
 
 
 /**
- * Iterates an {@link Authentication} request through a list of {@link AuthenticationProvider}s. Can optionally be
+ * Iterates an {@link Authentication} request through a list of {@link AuthenticationProvider}s.
- * configured with a {@link ConcurrentSessionController} to limit the number of sessions a user can have.<p><code>AuthenticationProvider</code>s
+ *
- * are tried in order until one provides a non-null response. A non-null response indicates the provider had authority
+ * Can optionally be configured with a {@link ConcurrentSessionController} to limit the number of sessions a user can
- * to decide on the authentication request and no further providers are tried. If an
+ * have.
- * <code>AuthenticationException</code> is thrown by a provider, it is retained until subsequent providers are tried.
+ * <p>
- * If a subsequent provider successfully authenticates the request, the earlier authentication exception is
+ * <code>AuthenticationProvider</code>s are tried in order until one provides a non-null response.
- * disregarded and the successful authentication will be used. If no subsequent provider provides a non-null response,
+ * A non-null response indicates the provider had authority to decide on the authentication request and no further
- * or a new <code>AuthenticationException</code>, the last <code>AuthenticationException</code> received will be used.
+ * providers are tried. If an <code>AuthenticationException</code> is thrown by a provider, it is retained until
- * If no provider returns a non-null response, or indicates it can even process an <code>Authentication</code>, the
+ * subsequent providers are tried. If a subsequent provider successfully authenticates the request, the earlier
- * <code>ProviderManager</code> will throw a <code>ProviderNotFoundException</code>.</p>
+ * authentication exception is disregarded and the successful authentication will be used. If no subsequent provider
- *  <p>If a valid <code>Authentication</code> is returned by an <code>AuthenticationProvider</code>, the
+ * provides a non-null response, or a new <code>AuthenticationException</code>, the last
+ * <code>AuthenticationException</code> received will be used. If no provider returns a non-null response, or indicates
+ * it can even process an <code>Authentication</code>, the <code>ProviderManager</code> will throw a
+ * <code>ProviderNotFoundException</code>.</p>
+ *
+ * <p>If a valid <code>Authentication</code> is returned by an <code>AuthenticationProvider</code>, the
  * <code>ProviderManager</code> will publish an {@link
  * org.acegisecurity.event.authentication.AuthenticationSuccessEvent}. If an <code>AuthenticationException</code> is
  * detected, the final <code>AuthenticationException</code> thrown will be used to publish an appropriate failure
@@ -108,23 +113,25 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
 
     static {
         DEFAULT_EXCEPTION_MAPPINGS.put(AccountExpiredException.class.getName(),
-            AuthenticationFailureExpiredEvent.class.getName());
+                AuthenticationFailureExpiredEvent.class.getName());
         DEFAULT_EXCEPTION_MAPPINGS.put(AuthenticationServiceException.class.getName(),
-            AuthenticationFailureServiceExceptionEvent.class.getName());
+                AuthenticationFailureServiceExceptionEvent.class.getName());
-        DEFAULT_EXCEPTION_MAPPINGS.put(LockedException.class.getName(), AuthenticationFailureLockedEvent.class.getName());
+        DEFAULT_EXCEPTION_MAPPINGS.put(LockedException.class.getName(),
+                AuthenticationFailureLockedEvent.class.getName());
         DEFAULT_EXCEPTION_MAPPINGS.put(CredentialsExpiredException.class.getName(),
-            AuthenticationFailureCredentialsExpiredEvent.class.getName());
+                AuthenticationFailureCredentialsExpiredEvent.class.getName());
-        DEFAULT_EXCEPTION_MAPPINGS.put(DisabledException.class.getName(), AuthenticationFailureDisabledEvent.class.getName());
+        DEFAULT_EXCEPTION_MAPPINGS.put(DisabledException.class.getName(),
+                AuthenticationFailureDisabledEvent.class.getName());
         DEFAULT_EXCEPTION_MAPPINGS.put(BadCredentialsException.class.getName(),
-            AuthenticationFailureBadCredentialsEvent.class.getName());
+                AuthenticationFailureBadCredentialsEvent.class.getName());
         DEFAULT_EXCEPTION_MAPPINGS.put(UsernameNotFoundException.class.getName(),
-            AuthenticationFailureBadCredentialsEvent.class.getName());
+                AuthenticationFailureBadCredentialsEvent.class.getName());
         DEFAULT_EXCEPTION_MAPPINGS.put(ConcurrentLoginException.class.getName(),
-            AuthenticationFailureConcurrentLoginEvent.class.getName());
+                AuthenticationFailureConcurrentLoginEvent.class.getName());
         DEFAULT_EXCEPTION_MAPPINGS.put(ProviderNotFoundException.class.getName(),
-            AuthenticationFailureProviderNotFoundEvent.class.getName());
+                AuthenticationFailureProviderNotFoundEvent.class.getName());
         DEFAULT_EXCEPTION_MAPPINGS.put(ProxyUntrustedException.class.getName(),
-            AuthenticationFailureProxyUntrustedEvent.class.getName());
+                AuthenticationFailureProxyUntrustedEvent.class.getName());
     }
 
     public ProviderManager() {
@@ -274,7 +281,8 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
 
         while (iter.hasNext()) {
             Object currentObject = iter.next();
-            Assert.isInstanceOf(AuthenticationProvider.class, currentObject, "Can only provide AuthenticationProvider instances");
+            Assert.isInstanceOf(AuthenticationProvider.class, currentObject,
+                    "Can only provide AuthenticationProvider instances");
         }
 
         this.providers = newList;
@@ -290,9 +298,9 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
         this.sessionController = sessionController;
     }
 
-    private void publishEvent( ApplicationEvent event ) {
+    private void publishEvent(ApplicationEvent event) {
-        if ( applicationEventPublisher != null ) {
+        if (applicationEventPublisher != null) {
-            applicationEventPublisher.publishEvent( event );
+            applicationEventPublisher.publishEvent(event);
         }
     }
 }

core/src/main/java/org/acegisecurity/providers/TestingAuthenticationToken.java

@@ -28,7 +28,7 @@ import org.acegisecurity.GrantedAuthority;
 public class TestingAuthenticationToken extends AbstractAuthenticationToken {
     //~ Instance fields ================================================================================================
 
-	private static final long serialVersionUID = 1L;
+    private static final long serialVersionUID = 1L;
     private Object credentials;
     private Object principal;
 

core/src/main/java/org/acegisecurity/providers/UsernamePasswordAuthenticationToken.java

@@ -30,7 +30,7 @@ import org.acegisecurity.GrantedAuthority;
 public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken {
     //~ Instance fields ================================================================================================
 
-	private static final long serialVersionUID = 1L;
+    private static final long serialVersionUID = 1L;
     private Object credentials;
     private Object principal;
 

core/src/main/java/org/acegisecurity/providers/anonymous/AnonymousAuthenticationToken.java

@@ -31,7 +31,7 @@ import java.io.Serializable;
 public class AnonymousAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
     //~ Instance fields ================================================================================================
 
-	private static final long serialVersionUID = 1L;
+    private static final long serialVersionUID = 1L;
     private Object principal;
     private int keyHash;
 

core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationToken.java

@@ -35,7 +35,7 @@ import java.util.List;
 public class CasAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
     //~ Instance fields ================================================================================================
 
-	private static final long serialVersionUID = 1L;
+    private static final long serialVersionUID = 1L;
     private final List proxyList;
     private final Object credentials;
     private final Object principal;

core/src/main/java/org/acegisecurity/providers/cas/CasAuthoritiesPopulator.java

@@ -23,16 +23,16 @@ import org.acegisecurity.userdetails.UserDetails;
 /**
  * Populates the <code>UserDetails</code> associated with a CAS authenticated
  * user.
- * 
+ *
- * <P>
+ * <p>
  * CAS does not provide the authorities (roles) granted to a user. It merely
  * authenticates their identity. As the Acegi Security System for Spring needs
  * to know the authorities granted to a user in order to construct a valid
  * <code>Authentication</code> object, implementations of this interface will
  * provide this information.
  * </p>
- * 
+ *
- * <P>
+ * <p>
  * A {@link UserDetails} is returned by implementations. The
  * <code>UserDetails</code> must, at minimum, contain the username and
  * <code>GrantedAuthority[]</code> objects applicable to the CAS-authenticated
@@ -43,8 +43,8 @@ import org.acegisecurity.userdetails.UserDetails;
  * generated <code>CasAuthenticationToken</code>, so additional properties
  * such as email addresses, telephone numbers etc can easily be stored.
  * </p>
- * 
+ *
- * <P>
+ * <p>
  * Implementations should not perform any caching. They will only be called
  * when a refresh is required.
  * </p>
@@ -65,6 +65,6 @@ public interface CasAuthoritiesPopulator {
      *
      * @throws AuthenticationException DOCUMENT ME!
      */
-    public UserDetails getUserDetails(String casUserId)
+    UserDetails getUserDetails(String casUserId)
         throws AuthenticationException;
 }

core/src/main/java/org/acegisecurity/providers/cas/CasProxyDecider.java

@@ -20,8 +20,8 @@ import java.util.List;
 
 /**
  * Decides whether a proxy list presented via CAS is trusted or not.
- * 
+ *
- * <P>
+ * <p>
  * CAS 1.0 allowed services to receive a service ticket and then validate it.
  * CAS 2.0 allows services to receive a service ticket and then validate it
  * with a proxy callback URL. The callback will enable the CAS server to
@@ -30,22 +30,22 @@ import java.util.List;
  * internal record that a proxy-granting ticket is due to be received via the
  * callback URL.
  * </p>
- * 
+ *
- * <P>
+ * <p>
  * With a proxy-granting ticket, a service can request the CAS server provides
  * it with a proxy ticket. A proxy ticket is just a service ticket, but the
  * CAS server internally tracks the list (chain) of services used to build the
  * proxy ticket. The proxy ticket is then presented to the target service.
  * </p>
- * 
+ *
- * <P>
+ * <p>
  * If this application is a target service of a proxy ticket, the
  * <code>CasProxyDecider</code> resolves whether or not the proxy list is
  * trusted. Applications should only trust services they allow to impersonate
  * an end user.
  * </p>
- * 
+ *
- * <P>
+ * <p>
  * If this application is a service that should never accept proxy-granting
  * tickets, the implementation should reject tickets that present a proxy list
  * with any members. If the list has no members, it indicates the CAS server
@@ -60,13 +60,14 @@ public interface CasProxyDecider {
     //~ Methods ========================================================================================================
 
     /**
-     * Decides whether the proxy list is trusted.<P>Must throw any <code>ProxyUntrustedException</code> if the
+     * Decides whether the proxy list is trusted.
+     * <p>Must throw any <code>ProxyUntrustedException</code> if the
      * proxy list is untrusted.</p>
      *
-     * @param proxyList DOCUMENT ME!
+     * @param proxyList the list of proxies to be checked.
      *
      * @throws ProxyUntrustedException DOCUMENT ME!
      */
-    public void confirmProxyListTrusted(List proxyList)
+    void confirmProxyListTrusted(List proxyList)
         throws ProxyUntrustedException;
 }

core/src/main/java/org/acegisecurity/providers/cas/StatelessTicketCache.java

@@ -17,7 +17,7 @@ package org.acegisecurity.providers.cas;
 
 /**
  * Caches CAS service tickets and CAS proxy tickets for stateless connections.
- * 
+ *
  * <p>
  * When a service ticket or proxy ticket is validated against the CAS server,
  * it is unable to be used again. Most types of callers are stateful and are
@@ -26,14 +26,14 @@ package org.acegisecurity.providers.cas;
  * <code>HttpSession</code>, meaning the removal of the ticket from the CAS
  * server is not an issue.
  * </p>
- * 
+ *
  * <P>
  * Stateless callers, such as remoting protocols, cannot take advantage of
  * <code>HttpSession</code>. If the stateless caller is located a significant
  * network distance from the CAS server, acquiring a fresh service ticket or
  * proxy ticket for each invocation would be expensive.
  * </p>
- * 
+ *
  * <P>
  * To avoid this issue with stateless callers, it is expected stateless callers
  * will obtain a single service ticket or proxy ticket, and then present this
@@ -41,7 +41,7 @@ package org.acegisecurity.providers.cas;
  * occasion. As no <code>HttpSession</code> is available for such callers, the
  * affirmative CAS validation outcome cannot be stored in this location.
  * </p>
- * 
+ *
  * <P>
  * The <code>StatelessTicketCache</code> enables the service tickets and proxy
  * tickets belonging to stateless callers to be placed in a cache. This
@@ -49,7 +49,7 @@ package org.acegisecurity.providers.cas;
  * providing the same capability as a <code>HttpSession</code> with the ticket
  * identifier being the key rather than a session identifier.
  * </p>
- * 
+ *
  * <P>
  * Implementations should provide a reasonable timeout on stored entries, such
  * that the stateless caller are not required to unnecessarily acquire fresh
@@ -65,7 +65,7 @@ public interface StatelessTicketCache {
     /**
      * Retrieves the <code>CasAuthenticationToken</code> associated with the
      * specified ticket.
-     * 
+     *
      * <P>
      * If not found, returns a
      * <code>null</code><code>CasAuthenticationToken</code>.
@@ -73,11 +73,11 @@ public interface StatelessTicketCache {
      *
      * @return the fully populated authentication token
      */
-    public CasAuthenticationToken getByTicketId(String serviceTicket);
+    CasAuthenticationToken getByTicketId(String serviceTicket);
 
     /**
      * Adds the specified <code>CasAuthenticationToken</code> to the cache.
-     * 
+     *
      * <P>
      * The {@link CasAuthenticationToken#getCredentials()} method is used to
      * retrieve the service ticket number.
@@ -85,12 +85,12 @@ public interface StatelessTicketCache {
      *
      * @param token to be added to the cache
      */
-    public void putTicketInCache(CasAuthenticationToken token);
+    void putTicketInCache(CasAuthenticationToken token);
 
     /**
      * Removes the specified ticket from the cache, as per  {@link
      * #removeTicketFromCache(String)}.
-     * 
+     *
      * <P>
      * Implementations should use {@link
      * CasAuthenticationToken#getCredentials()} to obtain the ticket and then
@@ -99,12 +99,12 @@ public interface StatelessTicketCache {
      *
      * @param token to be removed
      */
-    public void removeTicketFromCache(CasAuthenticationToken token);
+    void removeTicketFromCache(CasAuthenticationToken token);
 
     /**
      * Removes the specified ticket from the cache, meaning that future calls
      * will require a new service ticket.
-     * 
+     *
      * <P>
      * This is in case applications wish to provide a session termination
      * capability for their stateless clients.
@@ -112,5 +112,5 @@ public interface StatelessTicketCache {
      *
      * @param serviceTicket to be removed
      */
-    public void removeTicketFromCache(String serviceTicket);
+    void removeTicketFromCache(String serviceTicket);
 }

core/src/main/java/org/acegisecurity/providers/cas/TicketValidator.java

@@ -20,14 +20,14 @@ import org.acegisecurity.AuthenticationException;
 
 /**
  * Validates a CAS service ticket.
- * 
+ *
- * <P>
+ * <p>
  * Implementations must accept CAS proxy tickets, in addition to CAS service
  * tickets. If proxy tickets should be rejected, this is resolved by a {@link
  * CasProxyDecider} implementation (not by the <code>TicketValidator</code>).
  * </p>
- * 
+ *
- * <P>
+ * <p>
  * Implementations may request a proxy granting ticket if wish,  although this
  * behaviour is not mandatory.
  * </p>
@@ -48,6 +48,6 @@ public interface TicketValidator {
      *
      * @throws AuthenticationException DOCUMENT ME!
      */
-    public TicketResponse confirmTicketValid(String serviceTicket)
+    TicketResponse confirmTicketValid(String serviceTicket)
         throws AuthenticationException;
 }

core/src/main/java/org/acegisecurity/providers/cas/proxy/RejectProxyTickets.java

@@ -66,7 +66,8 @@ public class RejectProxyTickets implements CasProxyDecider, MessageSourceAware,
             logger.debug("Proxies are unacceptable; proxy list provided: " + proxyList.toString());
         }
 
-        throw new ProxyUntrustedException(messages.getMessage("RejectProxyTickets.reject", "Proxy tickets are rejected"));
+        throw new ProxyUntrustedException(
+                messages.getMessage("RejectProxyTickets.reject", "Proxy tickets are rejected"));
     }
 
     public void setMessageSource(MessageSource messageSource) {

core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/CasProxyTicketValidator.java

@@ -55,7 +55,9 @@ public class CasProxyTicketValidator extends AbstractTicketValidator {
 
         if (super.getServiceProperties().isSendRenew()) {
             logger.warn(
-                "The current CAS ProxyTicketValidator does not support the 'renew' property. The ticket cannot be validated as having been issued by a 'renew' authentication. It is expected this will be corrected in a future version of CAS' ProxyTicketValidator.");
+                  "The current CAS ProxyTicketValidator does not support the 'renew' property. "
+                + "The ticket cannot be validated as having been issued by a 'renew' authentication. "
+                + "It is expected this will be corrected in a future version of CAS' ProxyTicketValidator.");
         }
 
         if ((this.proxyCallbackUrl != null) && (!"".equals(this.proxyCallbackUrl))) {
@@ -66,11 +68,13 @@ public class CasProxyTicketValidator extends AbstractTicketValidator {
     }
 
     /**
-     * Optional callback URL to obtain a proxy-granting ticket from CAS.<P>This callback URL belongs to the
+     * Optional callback URL to obtain a proxy-granting ticket from CAS.
-     * Acegi Security System for Spring secured application. We suggest you use CAS' <code>ProxyTicketReceptor</code>
+     * <p>This callback URL belongs to the Acegi Security System for Spring secured application. We suggest you use
-     * servlet to receive this callback and manage the proxy-granting ticket list. The callback URL is usually
+     * CAS' <code>ProxyTicketReceptor</code> servlet to receive this callback and manage the proxy-granting ticket list.
-     * something like <code>https://www.mycompany.com/application/casProxy/receptor</code>.</p>
+     * The callback URL is usually something like
-     *  <P>If left <code>null</code>, the <code>CasAuthenticationToken</code> will not have a proxy granting
+     * <code>https://www.mycompany.com/application/casProxy/receptor</code>.
+     * </p>
+     * <p>If left <code>null</code>, the <code>CasAuthenticationToken</code> will not have a proxy granting
      * ticket IOU and there will be no proxy-granting ticket callback. Accordingly, the Acegi Securty System for
      * Spring secured application will be unable to obtain a proxy ticket to call another CAS-secured service on
      * behalf of the user. This is not really an issue for most applications.</p>

core/src/main/java/org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider.java

@@ -44,15 +44,19 @@ import org.springframework.util.Assert;
 /**
  * A base {@link AuthenticationProvider} that allows subclasses to override and work with {@link
  * org.acegisecurity.userdetails.UserDetails} objects. The class is designed to respond to {@link
- * UsernamePasswordAuthenticationToken} authentication requests.<p>Upon successful validation, a
+ * UsernamePasswordAuthenticationToken} authentication requests.
- * <code>UsernamePasswordAuthenticationToken</code> will be created and returned to the caller. The token will include
+ *
- * as its principal either a <code>String</code> representation of the username, or the {@link UserDetails} that was
+ * <p>
- * returned from the authentication repository. Using <code>String</code> is appropriate if a container adapter is
+ * Upon successful validation, a <code>UsernamePasswordAuthenticationToken</code> will be created and returned to the
- * being used, as it expects <code>String</code> representations of the username. Using <code>UserDetails</code> is
+ * caller. The token will include as its principal either a <code>String</code> representation of the username, or the
- * appropriate if you require access to additional properties of the authenticated user, such as email addresses,
+ * {@link UserDetails} that was returned from the authentication repository. Using <code>String</code> is appropriate
- * human-friendly names etc. As container adapters are not recommended to be used, and <code>UserDetails</code>
+ * if a container adapter is being used, as it expects <code>String</code> representations of the username.
- * implementations provide additional flexibility, by default a <code>UserDetails</code> is returned. To override this
+ * Using <code>UserDetails</code> is appropriate if you require access to additional properties of the authenticated
- * default, set the {@link #setForcePrincipalAsString} to <code>true</code>.</p>
+ * user, such as email addresses, human-friendly names etc. As container adapters are not recommended to be used,
+ * and <code>UserDetails</code> implementations provide additional flexibility, by default a <code>UserDetails</code>
+ * is returned. To override this
+ * default, set the {@link #setForcePrincipalAsString} to <code>true</code>.
+ * </p>
  *  <p>Caching is handled via the <code>UserDetails</code> object being placed in the {@link UserCache}. This
  * ensures that subsequent requests with the same username can be validated without needing to query the {@link
  * UserDetailsService}. It should be noted that if a user appears to present an incorrect password, the {@link
@@ -145,15 +149,15 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
         try {
             additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
         } catch (AuthenticationException exception) {
-        	if(cacheWasUsed) {
+            if (cacheWasUsed) {
                 // There was a problem, so try again after checking
-        		// we're using latest data (ie not from the cache)
+                // we're using latest data (ie not from the cache)
                 cacheWasUsed = false;
                 user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
                 additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
-        	} else {
+            } else {
-        		throw exception;
+                throw exception;
-		    }
+            }
         }
 
         if (!user.isCredentialsNonExpired()) {