Tidying up.

core/src/main/java/org/springframework/security/config/AnonymousBeanDefinitionParser.java

@@ -5,7 +5,6 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.parsing.BeanComponentDefinition;
-import org.springframework.beans.factory.support.ManagedList;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;

core/src/main/java/org/springframework/security/config/ApacheDSContainer.java

@@ -112,7 +112,7 @@ class ApacheDSContainer implements InitializingBean, DisposableBean, Lifecycle,
         configuration.setWorkingDirectory(workingDir);
     }
 
-
+    @SuppressWarnings("unchecked")
     public void start() {
         if (isRunning()) {
             return;
@@ -171,6 +171,7 @@ class ApacheDSContainer implements InitializingBean, DisposableBean, Lifecycle,
 
     }
 
+    @SuppressWarnings("unchecked")
     public void stop() {
         Properties env = new Properties();
         env.setProperty(Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName());

core/src/main/java/org/springframework/security/config/ConcurrentSessionsBeanDefinitionParser.java

@@ -61,7 +61,7 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar
         filterBuilder.addPropertyValue("sessionRegistry", new RuntimeBeanReference(sessionRegistryId));
 
         Object source = parserContext.extractSource(element);
-        filterBuilder.setSource(source);
+        filterBuilder.getRawBeanDefinition().setSource(source);
         filterBuilder.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
 
         String expiryUrl = element.getAttribute(ATT_EXPIRY_URL);
@@ -73,7 +73,7 @@ public class ConcurrentSessionsBeanDefinitionParser implements BeanDefinitionPar
 
         BeanDefinitionBuilder controllerBuilder
             = BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionControllerImpl.class);
-        controllerBuilder.setSource(source);
+        controllerBuilder.getRawBeanDefinition().setSource(source);
         controllerBuilder.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
         controllerBuilder.addPropertyValue("sessionRegistry", new RuntimeBeanReference(sessionRegistryId));
 

core/src/main/java/org/springframework/security/config/ConfigUtils.java

@@ -31,6 +31,7 @@ import org.w3c.dom.Element;
  */
 abstract class ConfigUtils {
 
+    @SuppressWarnings("unchecked")
     static void registerDefaultWebAccessManagerIfNecessary(ParserContext parserContext) {
         if (!parserContext.getRegistry().containsBeanDefinition(BeanIds.WEB_ACCESS_MANAGER)) {
             parserContext.getRegistry().registerBeanDefinition(BeanIds.WEB_ACCESS_MANAGER,
@@ -38,6 +39,7 @@ abstract class ConfigUtils {
         }
     }
 
+    @SuppressWarnings("unchecked")
     static void registerDefaultMethodAccessManagerIfNecessary(ParserContext parserContext) {
         if (!parserContext.getRegistry().containsBeanDefinition(BeanIds.METHOD_ACCESS_MANAGER)) {
             parserContext.getRegistry().registerBeanDefinition(BeanIds.METHOD_ACCESS_MANAGER,
@@ -45,6 +47,7 @@ abstract class ConfigUtils {
         }
     }
 
+    @SuppressWarnings("unchecked")
     private static BeanDefinition createAccessManagerBean(Class<? extends AccessDecisionVoter>... voters) {
         ManagedList defaultVoters = new ManagedList(voters.length);
 
@@ -122,6 +125,7 @@ abstract class ConfigUtils {
         pc.getRegistry().registerBeanDefinition(BeanIds.FILTER_LIST, filterList);
     }
 
+    @SuppressWarnings("unchecked")
     static void addHttpFilter(ParserContext pc, BeanMetadataElement filter) {
         registerFilterChainPostProcessorIfNecessary(pc);
 

core/src/main/java/org/springframework/security/config/CustomAfterInvocationProviderBeanDefinitionDecorator.java

@@ -15,6 +15,7 @@ import org.w3c.dom.Node;
  */
 public class CustomAfterInvocationProviderBeanDefinitionDecorator implements BeanDefinitionDecorator {
 
+    @SuppressWarnings("unchecked")
     public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder holder, ParserContext parserContext) {
         ConfigUtils.getRegisteredAfterInvocationProviders(parserContext).add(holder.getBeanDefinition());
 

core/src/main/java/org/springframework/security/config/CustomAuthenticationProviderBeanDefinitionDecorator.java

@@ -1,13 +1,10 @@
 package org.springframework.security.config;
 
+import org.springframework.beans.factory.config.BeanDefinitionHolder;
 import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
 import org.springframework.beans.factory.xml.ParserContext;
-import org.springframework.beans.factory.config.BeanDefinitionHolder;
-import org.springframework.beans.factory.config.RuntimeBeanReference;
-
 import org.w3c.dom.Node;
 
-
 /**
  * Adds the decorated {@link org.springframework.security.providers.AuthenticationProvider} to the ProviderManager's
  * list.

core/src/main/java/org/springframework/security/config/EntryPointInjectionBeanPostProcessor.java

@@ -22,6 +22,7 @@ public class EntryPointInjectionBeanPostProcessor implements BeanPostProcessor,
     private final Log logger = LogFactory.getLog(getClass());
     private ConfigurableListableBeanFactory beanFactory;
 
+    @SuppressWarnings("unchecked")
     public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
         if (!BeanIds.EXCEPTION_TRANSLATION_FILTER.equals(beanName)) {
             return bean;

core/src/main/java/org/springframework/security/config/FilterChainMapBeanDefinitionDecorator.java

@@ -22,6 +22,8 @@ import java.util.*;
  * @version $Id$
  */
 class FilterChainMapBeanDefinitionDecorator implements BeanDefinitionDecorator {
+
+    @SuppressWarnings("unchecked")
     public BeanDefinitionHolder decorate(Node node, BeanDefinitionHolder holder, ParserContext parserContext) {
         BeanDefinition filterChainProxy = holder.getBeanDefinition();
 
@@ -34,19 +36,17 @@ class FilterChainMapBeanDefinitionDecorator implements BeanDefinitionDecorator {
             filterChainProxy.getPropertyValues().addPropertyValue("matcher", new RegexUrlPathMatcher());
         }
 
-        Iterator filterChainElts = DomUtils.getChildElementsByTagName(elt, Elements.FILTER_CHAIN).iterator();
+        List<Element> filterChainElts = DomUtils.getChildElementsByTagName(elt, Elements.FILTER_CHAIN);
 
-        while (filterChainElts.hasNext()) {
+        for (Element chain : filterChainElts) {
-            Element chain = (Element) filterChainElts.next();
             String path = chain.getAttribute(HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN);
+            String filters = chain.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS);
 
             if(!StringUtils.hasText(path)) {
                 parserContext.getReaderContext().error("The attribute '" + HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN +
                     "' must not be empty", elt);
             }
 
-            String filters = chain.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS);
-
             if(!StringUtils.hasText(filters)) {
                 parserContext.getReaderContext().error("The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS +
                     "'must not be empty", elt);

core/src/main/java/org/springframework/security/config/FilterChainProxyPostProcessor.java

@@ -18,7 +18,7 @@ import org.springframework.core.OrderComparator;
 import org.springframework.core.Ordered;
 import org.springframework.security.ConfigAttribute;
 import org.springframework.security.config.ConfigUtils.FilterChainList;
-import org.springframework.security.context.HttpSessionContextIntegrationFilter;
+import org.springframework.security.context.SecurityContextPersistenceFilter;
 import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;
 import org.springframework.security.intercept.web.FilterSecurityInterceptor;
 import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
@@ -98,7 +98,7 @@ public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFac
      * Checks the filter list for possible errors and logs them
      */
     private void checkFilterStack(List<Filter> filters) {
-        checkForDuplicates(HttpSessionContextIntegrationFilter.class, filters);
+        checkForDuplicates(SecurityContextPersistenceFilter.class, filters);
         checkForDuplicates(AuthenticationProcessingFilter.class, filters);
         checkForDuplicates(SessionFixationProtectionFilter.class, filters);
         checkForDuplicates(BasicProcessingFilter.class, filters);

core/src/main/java/org/springframework/security/config/FilterInvocationDefinitionSourceBeanDefinitionParser.java

@@ -27,6 +27,7 @@ public class FilterInvocationDefinitionSourceBeanDefinitionParser extends Abstra
         return "org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource";
     }
 
+    @SuppressWarnings("unchecked")
     protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
         List<Element> interceptUrls = DomUtils.getChildElementsByTagName(element, "intercept-url");
 

core/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java

@@ -109,7 +109,7 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
 
         BeanDefinitionBuilder entryPointBuilder =
                 BeanDefinitionBuilder.rootBeanDefinition(AuthenticationProcessingFilterEntryPoint.class);
-        entryPointBuilder.setSource(source);
+        entryPointBuilder.getRawBeanDefinition().setSource(source);
         entryPointBuilder.addPropertyValue("loginFormUrl", loginPage != null ? loginPage : DEF_LOGIN_PAGE);
         entryPointBean = (RootBeanDefinition) entryPointBuilder.getBeanDefinition();
 

core/src/main/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParser.java

@@ -1,7 +1,6 @@
 package org.springframework.security.config;
 
 import java.util.ArrayList;
-import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
@@ -30,7 +29,6 @@ import org.springframework.security.intercept.method.aopalliance.MethodSecurityI
 import org.springframework.security.vote.AffirmativeBased;
 import org.springframework.security.vote.AuthenticatedVoter;
 import org.springframework.security.vote.RoleVoter;
-import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
@@ -67,6 +65,7 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
     private static final String ATT_USE_SECURED = "secured-annotations";
     private static final String ATT_USE_EXPRESSIONS = "expression-annotations";
 
+    @SuppressWarnings("unchecked")
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         Object source = parserContext.extractSource(element);
         // The list of method metadata delegates
@@ -92,7 +91,7 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
         delegates.add(mapBasedMethodDefinitionSource);
 
         // Now create a Map<String, ConfigAttribute> for each <protect-pointcut> sub-element
-        Map pointcutMap = parseProtectPointcuts(parserContext,
+        Map<String, List<ConfigAttribute>> pointcutMap = parseProtectPointcuts(parserContext,
                 DomUtils.getChildElementsByTagName(element, Elements.PROTECT_POINTCUT));
 
         if (pointcutMap.size() > 0) {
@@ -122,6 +121,7 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
      * expression voter if expression-based access control is enabled. If expressions are in use, a after-invocation
      * provider will also be registered to handle post-invocation filtering and authorization expression annotations.
      */
+    @SuppressWarnings("unchecked")
     private void registerAccessManager(Element element, ParserContext pc, boolean jsr250Enabled, boolean expressionsEnabled) {
         Element expressionHandlerElt = DomUtils.getChildElementByTagName(element, Elements.EXPRESSION_HANDLER);
         BeanDefinitionBuilder accessMgrBuilder = BeanDefinitionBuilder.rootBeanDefinition(AffirmativeBased.class);
@@ -170,7 +170,8 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
         parserContext.getRegistry().registerBeanDefinition(DELEGATING_METHOD_DEFINITION_SOURCE_ID, delegatingMethodDefinitionSource);
     }
 
-    private void registerProtectPointcutPostProcessor(ParserContext parserContext, Map pointcutMap,
+    private void registerProtectPointcutPostProcessor(ParserContext parserContext,
+            Map<String, List<ConfigAttribute>> pointcutMap,
             MapBasedMethodDefinitionSource mapBasedMethodDefinitionSource, Object source) {
         RootBeanDefinition ppbp = new RootBeanDefinition(ProtectPointcutPostProcessor.class);
         ppbp.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
@@ -180,11 +181,10 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
         parserContext.getRegistry().registerBeanDefinition(BeanIds.PROTECT_POINTCUT_POST_PROCESSOR, ppbp);
     }
 
-    private Map parseProtectPointcuts(ParserContext parserContext, List protectPointcutElts) {
+    private Map<String, List<ConfigAttribute>> parseProtectPointcuts(ParserContext parserContext, List<Element> protectPointcutElts) {
-        Map pointcutMap = new LinkedHashMap();
+        Map<String, List<ConfigAttribute>> pointcutMap = new LinkedHashMap<String, List<ConfigAttribute>>();
 
-        for (Iterator i = protectPointcutElts.iterator(); i.hasNext();) {
+        for (Element childElt : protectPointcutElts) {
-            Element childElt = (Element) i.next();
             String accessConfig = childElt.getAttribute(ATT_ACCESS);
             String expression = childElt.getAttribute(ATT_EXPRESSION);
 

core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java

@@ -1,7 +1,6 @@
 package org.springframework.security.config;
 
 import java.util.Collections;
-import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
@@ -103,6 +102,9 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
     static final String ATT_USE_EXPRESSIONS = "use-expressions";
     static final String DEF_USE_EXPRESSIONS = "false";
 
+    static final String ATT_SECURITY_CONTEXT_REPOSITORY = "security-context-repository-ref";
+
+    @SuppressWarnings("unchecked")
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         ConfigUtils.registerProviderManagerIfNecessary(parserContext);
         final BeanDefinitionRegistry registry = parserContext.getRegistry();
@@ -206,6 +208,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
         }
     }
 
+    @SuppressWarnings("unchecked")
     private void registerFilterChainProxy(ParserContext pc, Map filterChainMap, UrlMatcher matcher, Object source) {
         if (pc.getRegistry().containsBeanDefinition(BeanIds.FILTER_CHAIN_PROXY)) {
             pc.getReaderContext().error("Duplicate <http> element detected", source);
@@ -222,10 +225,23 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
     private boolean registerSecurityContextPersistenceFilter(Element element, ParserContext pc) {
         BeanDefinitionBuilder scpf = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextPersistenceFilter.class);
-        BeanDefinitionBuilder contextRepo = BeanDefinitionBuilder.rootBeanDefinition(HttpSessionSecurityContextRepository.class);
         boolean sessionCreationAllowed = true;
 
+        String repoRef = element.getAttribute(ATT_SECURITY_CONTEXT_REPOSITORY);
         String createSession = element.getAttribute(ATT_CREATE_SESSION);
+
+        if (StringUtils.hasText(repoRef)) {
+            scpf.addPropertyReference("securityContextRepository", repoRef);
+
+            if (OPT_CREATE_SESSION_ALWAYS.equals(createSession)) {
+                scpf.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
+            } else if (StringUtils.hasText(createSession)) {
+                pc.getReaderContext().error("If using security-context-repository-ref, the only value you can set for " +
+                        "'create-session' is 'always'. Other session creation logic should be handled by the " +
+                        "SecurityContextRepository", element);
+            }
+        } else {
+            BeanDefinitionBuilder contextRepo = BeanDefinitionBuilder.rootBeanDefinition(HttpSessionSecurityContextRepository.class);
             if (OPT_CREATE_SESSION_ALWAYS.equals(createSession)) {
                 contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE);
                 scpf.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
@@ -238,8 +254,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
                 contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE);
                 scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
             }
-
             scpf.addPropertyValue("securityContextRepository", contextRepo.getBeanDefinition());
+        }
 
         pc.getRegistry().registerBeanDefinition(BeanIds.SECURITY_CONTEXT_PERSISTENCE_FILTER, scpf.getBeanDefinition());
         ConfigUtils.addHttpFilter(pc, new RuntimeBeanReference(BeanIds.SECURITY_CONTEXT_PERSISTENCE_FILTER));
@@ -292,7 +308,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
     }
 
     private void registerFilterSecurityInterceptor(Element element, ParserContext pc, UrlMatcher matcher,
-            String accessManagerId, LinkedHashMap filterInvocationDefinitionMap) {
+            String accessManagerId, LinkedHashMap<RequestKey, List<ConfigAttribute>> filterInvocationDefinitionMap) {
         BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(FilterSecurityInterceptor.class);
 
         builder.addPropertyReference("accessDecisionManager", accessManagerId);
@@ -311,6 +327,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
         ConfigUtils.addHttpFilter(pc, new RuntimeBeanReference(BeanIds.FILTER_SECURITY_INTERCEPTOR));
     }
 
+    @SuppressWarnings("unchecked")
     private void registerChannelProcessingBeans(ParserContext pc, UrlMatcher matcher, LinkedHashMap channelRequestMap) {
         RootBeanDefinition channelFilter = new RootBeanDefinition(ChannelProcessingFilter.class);
         channelFilter.getPropertyValues().addPropertyValue("channelDecisionManager",
@@ -535,15 +552,13 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
      * Parses the intercept-url elements and populates the FilterChainProxy's filter chain Map and the
      * map used to create the FilterInvocationDefintionSource for the FilterSecurityInterceptor.
      */
-    void parseInterceptUrlsForChannelSecurityAndFilterChain(List urlElts, Map filterChainMap,  Map channelRequestMap,
+    @SuppressWarnings("unchecked")
+    void parseInterceptUrlsForChannelSecurityAndFilterChain(List<Element> urlElts, Map filterChainMap,  Map channelRequestMap,
             boolean useLowerCasePaths, ParserContext parserContext) {
 
-        Iterator urlEltsIterator = urlElts.iterator();
         ConfigAttributeEditor editor = new ConfigAttributeEditor();
 
-        while (urlEltsIterator.hasNext()) {
+        for (Element urlElt : urlElts) {
-            Element urlElt = (Element) urlEltsIterator.next();
-
             String path = urlElt.getAttribute(ATT_PATH_PATTERN);
 
             if(!StringUtils.hasText(path)) {

core/src/main/java/org/springframework/security/config/InterceptMethodsBeanDefinitionDecorator.java

@@ -1,10 +1,7 @@
 package org.springframework.security.config;
 
-import java.util.Iterator;
 import java.util.List;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.springframework.aop.config.AbstractInterceptorDrivenBeanDefinitionDecorator;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.BeanDefinitionHolder;
@@ -45,8 +42,7 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
     static final String ATT_ACCESS = "access";
     private static final String ATT_ACCESS_MGR = "access-decision-manager-ref";
 
-    private Log logger = LogFactory.getLog(getClass());
+    @SuppressWarnings("unchecked")
-
     protected BeanDefinition createInterceptorDefinition(Node node) {
         Element interceptMethodsElt = (Element)node;
         BeanDefinitionBuilder interceptor = BeanDefinitionBuilder.rootBeanDefinition(MethodSecurityInterceptor.class);
@@ -66,16 +62,14 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
         // Lookup parent bean information
         Element parent = (Element) node.getParentNode();
         String parentBeanClass = parent.getAttribute("class");
-        String parentBeanId = parent.getAttribute("id");
         parent = null;
 
         // Parse the included methods
-        List methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, Elements.PROTECT);
+        List<Element> methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, Elements.PROTECT);
 
         StringBuffer sb = new StringBuffer();
 
-        for (Iterator i = methods.iterator(); i.hasNext();) {
+        for (Element protectmethodElt : methods) {
-            Element protectmethodElt = (Element) i.next();
             String accessConfig = protectmethodElt.getAttribute(ATT_ACCESS);
 
             // Support inference of class names

core/src/main/java/org/springframework/security/config/LdapProviderBeanDefinitionParser.java

@@ -6,6 +6,7 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.security.providers.encoding.PasswordEncoder;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 
@@ -47,10 +48,10 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
         } else if (searchBean == null) {
             logger.info("No search information or DN pattern specified. Using default search filter '" + DEF_USER_SEARCH_FILTER + "'");
             BeanDefinitionBuilder searchBeanBuilder = BeanDefinitionBuilder.rootBeanDefinition(LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS);
-            searchBeanBuilder.setSource(elt);
+            searchBeanBuilder.getRawBeanDefinition().setSource(elt);
-            searchBeanBuilder.addConstructorArg("");
+            searchBeanBuilder.addConstructorArgValue("");
-            searchBeanBuilder.addConstructorArg(DEF_USER_SEARCH_FILTER);
+            searchBeanBuilder.addConstructorArgValue(DEF_USER_SEARCH_FILTER);
-            searchBeanBuilder.addConstructorArg(contextSource);
+            searchBeanBuilder.addConstructorArgValue(contextSource);
             searchBean = searchBeanBuilder.getBeanDefinition();
         }
 
@@ -83,12 +84,12 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
                             passwordEncoderElement);
                 }
             } else if (StringUtils.hasText(hash)) {
-                Class encoderClass = (Class) PasswordEncoderParser.ENCODER_CLASSES.get(hash);
+                Class<? extends PasswordEncoder> encoderClass = PasswordEncoderParser.ENCODER_CLASSES.get(hash);
                 authenticatorBuilder.addPropertyValue("passwordEncoder", new RootBeanDefinition(encoderClass));
             }
         }
 
-        authenticatorBuilder.addConstructorArg(contextSource);
+        authenticatorBuilder.addConstructorArgValue(contextSource);
         authenticatorBuilder.addPropertyValue("userDnPatterns", userDnPatternArray);
 
         if (searchBean != null) {
@@ -96,8 +97,8 @@ public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
         }
 
         BeanDefinitionBuilder ldapProvider = BeanDefinitionBuilder.rootBeanDefinition(PROVIDER_CLASS);
-        ldapProvider.addConstructorArg(authenticatorBuilder.getBeanDefinition());
+        ldapProvider.addConstructorArgValue(authenticatorBuilder.getBeanDefinition());
-        ldapProvider.addConstructorArg(LdapUserServiceBeanDefinitionParser.parseAuthoritiesPopulator(elt, parserContext));
+        ldapProvider.addConstructorArgValue(LdapUserServiceBeanDefinitionParser.parseAuthoritiesPopulator(elt, parserContext));
         ldapProvider.addPropertyValue("userDetailsContextMapper",
                 LdapUserServiceBeanDefinitionParser.parseUserDetailsClass(elt, parserContext));
         parserContext.getRegistry().registerBeanDefinition(BeanIds.LDAP_AUTHENTICATION_PROVIDER, ldapProvider.getBeanDefinition());

core/src/main/java/org/springframework/security/config/LdapServerBeanDefinitionParser.java

@@ -96,14 +96,15 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
      *
      * @see ApacheDSContainer
      */
+    @SuppressWarnings("unchecked")
     private RootBeanDefinition createEmbeddedServer(Element element, ParserContext parserContext) {
         Object source = parserContext.extractSource(element);
         BeanDefinitionBuilder configuration =
             BeanDefinitionBuilder.rootBeanDefinition("org.apache.directory.server.configuration.MutableServerStartupConfiguration");
         BeanDefinitionBuilder partition =
             BeanDefinitionBuilder.rootBeanDefinition("org.apache.directory.server.core.partition.impl.btree.MutableBTreePartitionConfiguration");
-        configuration.setSource(source);
+        configuration.getRawBeanDefinition().setSource(source);
-        partition.setSource(source);
+        partition.getRawBeanDefinition().setSource(source);
 
         Attributes rootAttributes = new BasicAttributes("dc", "springsecurity");
         Attribute a = new BasicAttribute("objectClass");
@@ -143,7 +144,7 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
         String url = "ldap://127.0.0.1:" + port + "/" + suffix;
 
         BeanDefinitionBuilder contextSource = BeanDefinitionBuilder.rootBeanDefinition(CONTEXT_SOURCE_CLASS);
-        contextSource.addConstructorArg(url);
+        contextSource.addConstructorArgValue(url);
         contextSource.addPropertyValue("userDn", "uid=admin,ou=system");
         contextSource.addPropertyValue("password", "secret");
 

core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java

@@ -46,8 +46,8 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
             parserContext.getReaderContext().error("User search filter must be supplied", elt);
         }
 
-        builder.addConstructorArg(parseSearchBean(elt, parserContext));
+        builder.addConstructorArgValue(parseSearchBean(elt, parserContext));
-        builder.addConstructorArg(parseAuthoritiesPopulator(elt, parserContext));
+        builder.addConstructorArgValue(parseAuthoritiesPopulator(elt, parserContext));
         builder.addPropertyValue("userDetailsMapper", parseUserDetailsClass(elt, parserContext));
     }
 
@@ -69,10 +69,10 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
         }
 
         BeanDefinitionBuilder searchBuilder = BeanDefinitionBuilder.rootBeanDefinition(LDAP_SEARCH_CLASS);
-        searchBuilder.setSource(source);
+        searchBuilder.getRawBeanDefinition().setSource(source);
-        searchBuilder.addConstructorArg(userSearchBase);
+        searchBuilder.addConstructorArgValue(userSearchBase);
-        searchBuilder.addConstructorArg(userSearchFilter);
+        searchBuilder.addConstructorArgValue(userSearchFilter);
-        searchBuilder.addConstructorArg(parseServerReference(elt, parserContext));
+        searchBuilder.addConstructorArgValue(parseServerReference(elt, parserContext));
 
         return (RootBeanDefinition) searchBuilder.getBeanDefinition();
     }
@@ -119,9 +119,9 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
         }
 
         BeanDefinitionBuilder populator = BeanDefinitionBuilder.rootBeanDefinition(LDAP_AUTHORITIES_POPULATOR_CLASS);
-        populator.setSource(parserContext.extractSource(elt));
+        populator.getRawBeanDefinition().setSource(parserContext.extractSource(elt));
-        populator.addConstructorArg(parseServerReference(elt, parserContext));
+        populator.addConstructorArgValue(parseServerReference(elt, parserContext));
-        populator.addConstructorArg(groupSearchBase);
+        populator.addConstructorArgValue(groupSearchBase);
         populator.addPropertyValue("groupSearchFilter", groupSearchFilter);
         populator.addPropertyValue("searchSubtree", Boolean.TRUE);
 

core/src/main/java/org/springframework/security/config/LogoutBeanDefinitionParser.java

@@ -32,6 +32,7 @@ public class LogoutBeanDefinitionParser implements BeanDefinitionParser {
         this.rememberMeServices = rememberMeServices;
     }
 
+    @SuppressWarnings("unchecked")
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         String logoutUrl = null;
         String logoutSuccessUrl = null;
@@ -41,7 +42,7 @@ public class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 
         if (element != null) {
             Object source = parserContext.extractSource(element);
-        	builder.setSource(source);
+            builder.getRawBeanDefinition().setSource(source);
             logoutUrl = element.getAttribute(ATT_LOGOUT_URL);
             ConfigUtils.validateHttpRedirect(logoutUrl, parserContext, source);
             logoutSuccessUrl = element.getAttribute(ATT_LOGOUT_SUCCESS_URL);
@@ -57,7 +58,7 @@ public class LogoutBeanDefinitionParser implements BeanDefinitionParser {
         if (!StringUtils.hasText(logoutSuccessUrl)) {
             logoutSuccessUrl = DEF_LOGOUT_SUCCESS_URL;
         }
-        builder.addConstructorArg(logoutSuccessUrl);
+        builder.addConstructorArgValue(logoutSuccessUrl);
 
         if (!StringUtils.hasText(invalidateSession)) {
             invalidateSession = DEF_INVALIDATE_SESSION;
@@ -76,7 +77,7 @@ public class LogoutBeanDefinitionParser implements BeanDefinitionParser {
             handlers.add(new RuntimeBeanReference(rememberMeServices));
         }
 
-        builder.addConstructorArg(handlers);
+        builder.addConstructorArgValue(handlers);
 
         parserContext.getRegistry().registerBeanDefinition(BeanIds.LOGOUT_FILTER, builder.getBeanDefinition());
         ConfigUtils.addHttpFilter(parserContext, new RuntimeBeanReference(BeanIds.LOGOUT_FILTER));

core/src/main/java/org/springframework/security/config/OrderedFilterBeanDefinitionDecorator.java

@@ -40,8 +40,8 @@ public class OrderedFilterBeanDefinitionDecorator implements BeanDefinitionDecor
         String order = getOrder(elt, parserContext);
 
         BeanDefinitionBuilder wrapper = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.config.OrderedFilterBeanDefinitionDecorator$OrderedFilterDecorator");
-        wrapper.addConstructorArg(holder.getBeanName());
+        wrapper.addConstructorArgValue(holder.getBeanName());
-        wrapper.addConstructorArg(new RuntimeBeanReference(holder.getBeanName()));
+        wrapper.addConstructorArgValue(new RuntimeBeanReference(holder.getBeanName()));
 
         if (StringUtils.hasText(order)) {
             wrapper.addPropertyValue("order", order);

core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java

@@ -2,6 +2,7 @@ package org.springframework.security.config;
 
 import org.springframework.security.providers.encoding.Md4PasswordEncoder;
 import org.springframework.security.providers.encoding.Md5PasswordEncoder;
+import org.springframework.security.providers.encoding.PasswordEncoder;
 import org.springframework.security.providers.encoding.PlaintextPasswordEncoder;
 import org.springframework.security.providers.encoding.ShaPasswordEncoder;
 import org.springframework.security.providers.encoding.BaseDigestPasswordEncoder;
@@ -40,10 +41,10 @@ public class PasswordEncoderParser {
     static final String OPT_HASH_MD5 = "md5";
     static final String OPT_HASH_LDAP_SHA = "{sha}";
 
-    static final Map ENCODER_CLASSES;
+    static final Map<String, Class<? extends PasswordEncoder>> ENCODER_CLASSES;
 
     static {
-        ENCODER_CLASSES = new HashMap();
+        ENCODER_CLASSES = new HashMap<String, Class<? extends PasswordEncoder>>(6);
         ENCODER_CLASSES.put(OPT_HASH_PLAINTEXT, PlaintextPasswordEncoder.class);
         ENCODER_CLASSES.put(OPT_HASH_SHA, ShaPasswordEncoder.class);
         ENCODER_CLASSES.put(OPT_HASH_SHA256, ShaPasswordEncoder.class);
@@ -74,7 +75,7 @@ public class PasswordEncoderParser {
         if (StringUtils.hasText(ref)) {
             passwordEncoder = new RuntimeBeanReference(ref);
         } else {
-            Class beanClass = (Class) ENCODER_CLASSES.get(hash);
+            Class<? extends PasswordEncoder> beanClass = ENCODER_CLASSES.get(hash);
             RootBeanDefinition beanDefinition = new RootBeanDefinition(beanClass);
 
             if (OPT_HASH_SHA256.equals(hash)) {

core/src/main/java/org/springframework/security/config/PortMappingsBeanDefinitionParser.java

@@ -11,7 +11,6 @@ import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
 
 import java.util.List;
-import java.util.Iterator;
 import java.util.Map;
 import java.util.HashMap;
 
@@ -26,21 +25,20 @@ public class PortMappingsBeanDefinitionParser implements BeanDefinitionParser {
     public static final String ATT_HTTP_PORT = "http";
     public static final String ATT_HTTPS_PORT = "https";
 
+    @SuppressWarnings("unchecked")
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         RootBeanDefinition portMapper = new RootBeanDefinition(PortMapperImpl.class);
         portMapper.setSource(parserContext.extractSource(element));
 
         if (element != null) {
-            List mappingElts = DomUtils.getChildElementsByTagName(element, Elements.PORT_MAPPING);
+            List<Element> mappingElts = DomUtils.getChildElementsByTagName(element, Elements.PORT_MAPPING);
             if(mappingElts.isEmpty()) {
                 parserContext.getReaderContext().error("No port-mapping child elements specified", element);
             }
 
             Map mappings = new HashMap();
 
-            Iterator iterator = mappingElts.iterator();
+            for (Element elt : mappingElts) {
-            while (iterator.hasNext()) {
-                Element elt = (Element) iterator.next();
                 String httpPort = elt.getAttribute(ATT_HTTP_PORT);
                 String httpsPort = elt.getAttribute(ATT_HTTPS_PORT);
 

core/src/main/java/org/springframework/security/config/RememberMeBeanDefinitionParser.java

@@ -4,7 +4,6 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
-import org.springframework.beans.factory.support.ManagedList;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;