From 23dbe0dff56f8a5ca659d68b985ff8a361213907 Mon Sep 17 00:00:00 2001
From: DOHA <dohae243@gmail.com>
Date: Sun, 7 Dec 2014 22:03:28 +0200
Subject: [PATCH] Modify fop

---
 .../baeldung/java/ApacheFOPHeroldTest.java    |    2 +-
 .../src/test/resources/final_output.pdf       |  Bin 0 -> 76708 bytes
 apache-fop/src/test/resources/input.xml       | 1713 ++++++++---------
 3 files changed, 758 insertions(+), 957 deletions(-)
 create mode 100644 apache-fop/src/test/resources/final_output.pdf

diff --git a/apache-fop/src/test/java/org/baeldung/java/ApacheFOPHeroldTest.java b/apache-fop/src/test/java/org/baeldung/java/ApacheFOPHeroldTest.java
index a2b2b17b88..24a657b73a 100644
--- a/apache-fop/src/test/java/org/baeldung/java/ApacheFOPHeroldTest.java
+++ b/apache-fop/src/test/java/org/baeldung/java/ApacheFOPHeroldTest.java
@@ -32,7 +32,7 @@ import org.w3c.dom.Document;
 
 public class ApacheFOPHeroldTest {
     private String[] inputUrls = {// @formatter:off
-            // "http://www.baeldung.com/2011/10/20/bootstraping-a-web-application-with-spring-3-1-and-java-based-configuration-part-1/",
+             "http://www.baeldung.com/2011/10/20/bootstraping-a-web-application-with-spring-3-1-and-java-based-configuration-part-1/",
             // "http://www.baeldung.com/2011/10/25/building-a-restful-web-service-with-spring-3-1-and-java-based-configuration-part-2/",
            // "http://www.baeldung.com/2011/10/31/securing-a-restful-web-service-with-spring-security-3-1-part-3/",
              "http://www.baeldung.com/spring-security-basic-authentication",
diff --git a/apache-fop/src/test/resources/final_output.pdf b/apache-fop/src/test/resources/final_output.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..cf548e5cf8bdc0a7038cb120e1d0aa34423ff35e
GIT binary patch
literal 76708
zcmd43Wk6Niw?0glNP~cM_f9sOZUF&l1OdrScSv_C5+b04q|&7zC@D%whXK+^Nl1f$
zz<+^y^uEV?ujl=p5BJmBbLE(0%sKXWo-yWRSC_lQ4-tS9uoo4VloG(1z)VhNwgh5g
z1Rz;gl&QOuD-)Nrv#Gf?is_P?I+HHS)y>AqkqIII;U)m7yE<8Tn4|uuTh3krJRxW5
zj$-1H6M=#ua0nDE1ceA91);oPC?^=q$xR?3L4b0!IQ_EVPYIZqKv$Sx1i(QB<!I$@
z%>;n}7d1~$T(Yru2fhosWDmSo4rT6SfjWJMn>!%01A$ligJe%Vtp$emNw+JzCTz_1
zc)k&jq|ok=<^>Us<d7twp_4JO5$;K8SL76QXku~S(yO=@@#ZEM(XE+@^O{(R*Ggty
z4#;KX@9geQjE=4`F8F0k9v(I<9L4N;6QMl}QYiyp&_$QxN{C|p+CcNzWrJ`9EeM^#
zBuE^M&e5^@s-7M=p11#APe+nyaNt038k%N(IfT+T_(ZK}%>FSJ8kb6MrPo)(vh?WL
z^c2u*-C@o-73E%a@NLZsy#Og;J1(S0M5*LqcSU}Pw+yLT?;Y3Pd3<kz&q-SmV%)~P
zQ7rdn#Ly*;d*9F5r*l&h%znK@$~)^eE1acBP#4yxdbjdHy3$MsUUm8cS`h1_facf6
z6=B9q8f>k-odOi+G>6y--O8|EO|*u$;!Q1BZL*VDQb(pWlWtM3@R=eMwDDf3^k&Ly
zyh&yTJ-OQueV2Twx$QVw=IDKE6SusR)uQ~Dg$(KKV@dnKxqENX(CjW>PvZ|9PAEoO
zG{g;R8<(_i^F>on-YfmMd11ewaw~!3jz!&v5AzEPqj+BoFUm^?zCUsQa`9ls7jbJf
z07U#MGV|pf%gfZaYF#R!l@HA>IU*vvtiUH?EhotJ@;+1gX0_?)eHL%ID!)#w9BuD9
zd9h%*cy=>9xs$@1C*T#e)D*kt1u=~1`~x@zhI#0-3jsknWatSM28|d;6E!A&aP_fz
z>Z5^_=O=uNlb+#S6mf>qOAE*wa%`czlnXs2+-2-im>B9f@GSi8AW|@{$`o39@Wpkk
zMiT}+>^n?Ed^m>jIAKzRo6XP)T8dE33hWiMw^>B+5X*i7qR=bOgy}d7FW8;2$I$kI
z2yX}Fn~>FG43S`&GDGFU;mrOWSWiOen5f_vHp4@*@wkXChiEdBvV|v0+huDO&=o~2
zWm_&9EONQi)}o!4@yuejraPeY!DR*G=QY<>aND1&Gyx&;V#6*p7djKwV+n)^y-IS%
z^dtEkr1t9G)Wr(I00K2;G-ej}7Bo{9zOa}umJLM$mP@)!?26cfK~*f{ij1!3?=X{h
z7*OEI%R|&v5-;+gQHIatxT^E2r>Va!I4U601})Lr;tAe7h~mig=-0Kr>dquW_25>o
z!i8Mke$~Yr+xpw*xA6`raYD1ryTQHp(NyR-=qo8I@hi^_MF@w}v=Ex-Rp^y)ydzkS
zJ>TkDL1quBCh#TkCG({e4e<|Uo!NFFLP{EnT?sP?Eq+1&;=v1})|i>R4IVG@dR_^N
zzE>A!y4GX9IDSQa#S2Kyx(sH0M$Ur&DeP_7Wf|USzG;bR>^q8Zwpx-`H!)^-%-A<b
zHpE<_z9h>r>n999#7ao4N~wx-zvUje9iqaKmLUFm!vfzM_B_Qe;%ofZOE-%waw!U0
zw5}Cu=f25y*ZGtJy*?s0qU`;6lWdM)j<xe%5~ub$PacmwWo#!w5^Yj0PmOk-c45(O
zQFf8cTh$_5ZBRk1Mg@h|El{`uch1VA^lU;c(jw9%)j7@gnimVL3R&TVJ-4Y8mGhGZ
z8?(>%bG+rUt$dsFmf(%;o7m#li+JOS42pdZ?+p+SISo!0E*JS0ZoL&Mswpzo2`tSn
zoi1#C&oy8@^elVh%H8Zw#VOg(bt<*Cf~hWdY4RHK8r#*p(=Ww$NUcsoT&<Hktk^Z8
z*K610l(8!8z5XEJ0k@I3QQ)}!IL|n&mfXi(T&=;qVbzCoyKSfNz-<TnV01@qNz$|c
zQcs<7`|>4_`Jhxg(+eqEbtkY1*umP88uhHLqGvsrv^ffuXjU~|&~81bH;HWVN^yza
zFe0zV?_%q*$XCjIZKnkrq8{4Gdyr>tNoyHwsoZ_7`*Yge9`SCs?u*^!1}1!ZR5Vm|
zd}VqslVg)@k_D6Rm74H!@&>;ZD3-RXdK&$-qqg~g>Tb)n**wJHzAVB$%_L0_@c_|h
zALH=Rq2|NxNI;caRacc=Rh^aE<4mijw#L!ptGLRzWwJ4^cJycU11fcUmr{59s^8il
zuZ&kZiE7fz(!CemMFu##-XIfwDiR}lQIu2oy~w25fSzfIYRQ&>^#!MUNdoPL6SX4G
zFB=lq9nZA6cR7nrArS5MM1fa6rki@oddB)T)Y%J|I}VPCyP+6x80g|~;uJD2Wr+20
z^l5<3mAjXRUhk`4t#6%JohTnETbWzYl8B0HQoGp~1ZoxPtog8)otbT1WE?&DuqpRM
z^F#}MF(@mj6ukz+1M_)sPw?HX^acLR_ZQ^|u90ZdZ*vVp_2|avF(SLqjZnD;Hoo>7
z_}Z&ZLQ7rCzb$=VU+>EB-t_(TiuKg>cG6waE|vo-^$TnQ$cibQhn^PtvkhEZTsGQj
zRj%$b?rz)5)S34;sr5@7RyK!~U9P!=JS+3E_jC8t`uav@GF+4@mJP{4!8vAVQC(m%
z5Z-z%8g_wEP5a6$8-tPzXDb`MqE8?G9NalC0rRfiUC!tBpRat@%HVVobxL3B1uewo
zJ<Ctbzx}8--%*)fZA-COF^!}G`)$a=C-hGqpUPn}uw9g2=k3?_<TGJPFLPOLaml_(
zdvs4HUhuv{l2JN;mrKvc9T+zenb4ff^Jv#PHu!#@cGDZf+AAW7LPF&nYpMb6$9FK^
zVrWPQW}~LtUJkGaC^ufeb*<CrLuI$g$P!Ant0DP)d5|t!`J%o})f4Nv4xSU8!>i=F
zRwc)#G2^M5f}r<pC9491{MU5g^}T^c%8xZ4Kl}2|r)J0FqWVRwi#Ukh4|-2G%<;=-
z%?gcd<Ubv%j;UT~dU8^<S*(_(g&<B8PFkG^8DaV0>Q>zT?r5%PPPsF(Cft5`xOe#a
zlcTxV7WxZ3mRH}bvaKY3PSnA<dP9fiszafV@dI7|+_t*BQr-L;=Bvv_^+s1ceLp*v
z4wdqj`qn5^EZk@a^j8SAk!`)+JyG8fcQN<kVWXx0_}Ig@+8?$}Gp#f216z(KEEneI
zF-34YuT4?ebbV<K3%%O7v7c9*G;(e7k`u2u7LgLM_&(y(Xj)__(H@;Cz0FbYY~6<&
zw!TWZZ#0G>BPs8=mv1f8iixaQtJN5I9_}F~*F-IyOXi<_*my!7MlR1O@xaj4bxC`-
z@a9lqek9<PKR>uB?$#hw?>S}PKeDy(wfDiNttC<KiKDNN&y`(>y>4N&Qa|fnm^=Bn
z=?J%-@dIu;j);J$@#oqZ*GIn2y;C=f8Lp}sZ#}>9*=K4;S!jNex}L^kYqvDa;K^wH
zsJSO}O{^)+)AL}W=y36nomiVeTkMVZ@Oo}*oCB0|WP>>~`&i)|!}!H{BFQ7}z5G2^
z`MB3{yq9(q(%R|TVq*?tjJ=<%zwQ`X$sZzbl`K9sJna5D;@RYNJSa&cD!gg<_3Kc1
z+I8#3;XT*gu8hKp!pQQl@;u{v^#gvDC;ZC}lXdq!bBFfV9<T9A>iI1mQ*Un^b57^0
zHKD(r*`7I#HNS_7-=j{%_o&kVq$DdVW9o*oU^)#%HI06Rr9%HDEY<dQMlpd@QSPP|
zrtYSv0jZXUnfuvEJyn%oBUb2H#QHNd6_fM=qG>ynJChm8%EnQgWv#A>g~`T3oaL&Z
zDp=K77G-Ut=;Mmg^0}gI?qg>zY{4QaK|mnpCF14a>;Qa_$;-js(M`lloW&G~mr)|X
z@6*#D76}3|R|`uKO}R_oZvk53EY|Ms&LSX?r>CcYCrrS})d~a=78VA9p&%%fAGm|x
z&D+u4)QjKIjrGSH<WO$rt~So@r*Zzbk6D=i^&)2vSNpTqSeS!Q_9zFGqq`djKm#Ba
zrqi#RnmKv6i?f`*%EDa4(#h4q)Lp{V+1cL4-1PK?AZH6pG0@LTXSdm#I$C*{TA?IR
zj%U~YYM)&NG>nosg$?`=C_h+88wwE-M2ehY2N5v%?18ge2*g0A68s|lca8jV=6int
zA^z%+qnp5)A_dHy98RSJIs^NAXMhVLKhTcE@9~h>>C-=NA`m-k%3b;nnIr&^_5GHg
z=l+4rfcbwfvzMteAT#*yG6PSDe8+IwPEPj!t=RwH`+&g)Jo#gAp8~i4N&SDj_uJ!V
zA4dJj!@u15TXmdS6&TfkH9>#P0-*8NL;|L;IE(AqH2M3)hJgQ?xIbYe>~vE87DO`r
zoT*;vt$GGdqX>$Cy>g}yad+Z8uIp?NXUwWsPf8alH{PKeF;b*dzg^N*s@9@7ToX;S
z7@@KeR?{bwdPCaew%;2r*QjbJH|1Hx*!Ym^GUud7O0?gt`|odtMH<EyN^vi}!(jJ$
zKM?Zy>bkX1vssM9l_&VpO{x<95pn0_&??g6vuknug!Y{+j02g~98ZQZ=Lb((F;`{p
zCUJl$j{U~i7G^`IX1BXEW_<RgKTung60(&#9C3fT|2d<Sb@fS1zJEqcDBVk@8w_=L
znY~Eq;@4gKEzc=C*sUAI-aH3YBu@ujK9U^}lh4c;$dt_8FMeI_#(JdIopR@r!=WEs
zObXqSGyAJ-p>?i{<I!}0>1Ty?*~ifX3>MV*aFpzDv8qmc7m{EZ*{9wpw{vZWr#_qD
zeeQiX8N9hMb;{C&FUKVwLe#-I;XK;a>iXLaI?mmMNqXRz**J5{XHBSx>t>dCX>nxI
z)KnM<m>CO*L|P$BK`sj^>nTrT#oJ<n6E=b|UcBaA4W=Q(I_$m&ji30)1x2$DqwjlS
ze0PgyEMifj<PFB^8}VD4_B7=Pl$KInTw^qQe%P~>J2r5%_)CcEQ{7lL3eBQl<2mxw
z$hKXGq0^F2J`tiZF7ynaC}+sO&Re2!b)<1MZNXK?_>51>fg8Soqa!mWKoxZ~uA4Nf
zx7te^USLQRsgBlzEq+70a~<DzQNN*Z3rckNItk~L`gt2I9gx979VXM-J*z?&abg&E
z_Vb%P$6aFOPjBYDr`RoyQx`ehiOx~n&9w%Nw(ish+8j>Xuivh_kNe^g=fl>RP>;n&
z0S~kz(Jr`9IutEI$!)&qr0ig|zj*O5BhMIN6WptbTiG7jn-J{u3e+VgAK2s_^P>85
z&6XB6R7ww5aED3Nys>aVWNhgs#!`+LKbcPPtmx&BNxgxvLml1rN4EAE?(hJ)W*oxW
zKHLND<zDmK?yC*>H9WHN84Mr#pC>62@!lh|HYU)(`&2_<DW4Lkp%H_2U#GA9orjU3
z=#?VMnF_qzr!T#qyG}Iuesop=KbJ|yY<V>N-j;nNQz)i(Ig;nI&gUDV_2w~9aY;I+
zDWa<UX?SmuNH>cIYM{hQc+O$mGqw0jt!+^GR&`?LXb|CNR$8vHSRQu>+`z)n<f_7@
z!@Jw*sgbq=1o<&g!nLbHR53Dynn9K}jq0zBi{6+o=Slaalc&g^Py86PIa1Uu)XErr
zaouu$#h6ch68B09VSQF)1iPW;%K{v!!Xlq}I($Cb5EI4E_M^{>WIgjeos8?74v)tD
z=I#3;ndah0Y5MmC4W%*1S6;f#(_L3ZhJF&a$dVj0*BN0-rww5IjEM*`iHKI<`&dMC
zuM4X3Rshr#`?yzZ(WqjzHc?;CNl<l~O|@nK`yiz+rehC&vYq=jOtiVloW|tfI-&q;
zr~g5wF2*A(l3`4~L*b3{$FVY@_$eXTHVNhK381hZQ$8Y^u`LH{kxaZRn4#iUa6FFl
z$>|!YNW+B)xNvTGo4BW9BI<6V-+4S|fkd%;-Ok4W<eUggEQsa2J&l#=Ce>11+PO&2
za~TA$npj4pWb8BWEw5DEsBwS^S-o>%z2WwZzVkuPV-^w_H86)i(}d>zRl4`MUg-s{
zA9(83GhPmTyiJbu{!+nfdh7O1_WC2~vDf1-BJRw8Dc)42DZF^W7nX03CPn-iO_pc5
z!mzLw`-a`Q{zo`g>Yn>DeG8HcHA840%uXDGwJg^^8r~W-pMT@tt9!G(r+G15*JLX*
zn)vPsTK&n($iMqy<X^7%G(yruxjA{bnxov9&fM|osc&JGIuHt+wp39THl{L8UQ7n3
zJ{$poG6@MojZUw~x;i=k_JWK(3T5%zE84C$4!^yiZt4oeFid|ji?U9R?x#Tw)7d|V
z<|(WABL+O9A5S?-sGu<Pual<{-swps;^(>39-W?pz~Jz|Zv4q?GJ$k7m6*6rV>34(
zIJ32JH5G7kcC~S|`lgbz0L#qP$<qx5(o)yt7e*k20lHP|+jD?K-=kK@kFZrt?1%EC
z9UYzAfm?rsqbfFzb_9T~&E1&{nBWMQ01V0m6&4gg2tt?y!3f|e$OHq!&)P-+=L_6*
zs%<b6(2#L*wE#%gU(QG~LC(Tr0+1pTNQvMV+7|NDxPK&yAOtD^h5Qr+4i*6aJAw#*
z*Zm*r1R$e<FGG>AGZjFEkl!=}{f{*Q{WbFVr}l>Z*4}`^e$exOq+~b@=nbG`L9l=z
z5((HFCV&(|0Bzy3_Mh1MtQVSpw>R|1u>V6fpV=EM{8JW~umAu={vBC<Ot(Lj<-5rN
z<(z8ehsohW|G83rrcZvE;@{zynJLQN!o$((3~1Pz-Y`Y}Zc0Oc^%CFw;r~3P1z`e$
za3Ln>_udHp(Ca_x&Z*eHv++N4FW>bFMVu)T0!VbKUYOvY>-E1A<R|+6qj3*`!v%zZ
zasOQss1TqdV5t2YlKkrCzGtPNryl1|-~`R6<0x`>+*o?M(1`6e+fr%@{dS0ZycvUt
zYEW|yH&vC&s4eRCTlQGUV$<5R>O-~<{PWqO^h^utv(G0L1C73Pga+RGs+NGwHOb#t
zB*@5)&hq%$EwkB3WK=&9H&TXu5``WdF%>t4^@8f?X#o|(f&az^xt}33F%ccrL}EJ9
zujb3pOkb0i<bx)D^o`JyXe>jVY0Bw)Xvb<5&b^DW6h0q8$sZ#;DtV~Mp5yQ)2%Tv2
zC>J+rlHgzVpPjtx<8|qLpM%1q=|1z%**!BmM>9(fVSdEp<*MnNr1N&j^U!1CpwFI*
zAKf-*$ZG>@o;}Zee!@9wKYyv$x1U3HL@@;{j~^S-za=JlCpF8sJlS8PEZ{Efh(Rdf
zp_voKr-sA4iOM`)z2#vwXgW65?L-Toz&fW}wxNvrLsT9+22s+CU#I8e(yn?6HC<P2
z?B%}1a0N>qMEy{lSBA{wB{AD&v&ToUF43oZOZ=n^oozQZ)Tuu5?TCXE{k@?tBrfe4
zL~N?+^9|fu)qiTH6CkHtU3M|zbJ%*+l+@jfRwBIFLmG~-ViIztFOnW{*R#6tUe4~v
zGT?qu$2@AwGT2grMdcIvfxT%DrNlSsOTrd8A8qAUM&f>!7Y%X`;`3d66v-6TlkJFB
z*H}n+v$m$uo`!mpFH_+fRWZ69wZn2}dU?+@59pB6ZG-VOHXrVN9ixE?Z<76%Oxh=9
z?^^SmtZ`j#xn9%ph<xXtbndIVyFr=mfT?@krSqe2<Lo`MS!dM~*_WzS{hvvEQtTBB
z8SWwLV-*pc>~BOFdPgmhh#NDM<9>npKYaEuUaSW78c|ihY~Ajd;aa`Gk`m(-aPo0?
zCkUThxx&=gw|^r3LR%u!tV-{-%DuU?JI6l4Ae+%ARK(|mu=fgHWw{_VV#;(CZ{gTK
zSHmh5U#%{1OvG+Is1@isc+rC-HG6H1t^Zu0DCFbn2%8EkU7LExj2vpO0WXxPO6C^p
zxUODQs6lNc-uvN-?u=b_ejd{rDI^M6#LZA}T??J*4rT76yqBz(f;nYFzF<Y7Q`nM`
zMdFydrN7BwqnUretD42tSIEW8r{+pgGW2AFGg7P4Lgsd-#TByjknDGMTy?Fiym6Ly
zL`xgM$Wq<i_H^8O{et&6x*0TJON~<M%8rhlETwDpM6CO5Ev3XJ?_<S1@*mpk)#0{w
z%cRLl(mLF5*94^v7tN=<RPAm*XL=9aW+YYy)%i%YWw7Cva<Cp#PYt$jVlx*$J+8Ay
z$zoZDjehD=x|{|rW^VlZYB@bNggh_q3g^AjVS2zH4Yp;s3pWg&K)xWH6}`F{^5Vow
zV^!AiA$}&@gd$bz&f8fGhiu8$P^iPq@N_OXXaLVuK8C2gv$|1Agp1km*~|sST|S1(
z6s05RwmPGN;nrCEWSyCs$e@7ba30G1u>f$|5gsR&ZOFYIC8mMotn(%Dmp|A=CPSJv
zXoD#<xZ<RJZ*v^7yl-^b*P+94xSJCFk~*K;i(SR&&9%k*a|9a_1WE)t>B$Q`Uhxq~
zq9MMRp{bJLO8>ojZ7xTHgN|{WaXP<u3-n&fVK;O_WrdE2a6)!P-B^NEu6+4IsF9D`
zI@OY;r~NKI%8OF}iFxUAsDXwI#)|yZOt)4guKVt#IeR+uAu%>+74=Pw+-P)CSUkok
zy4dPtYMgj#?JKgA%nCZhY@M|qqL$bPZf)2EBic<L!F;{*-&d4DmZI+{X-nd7;uy>(
zFScdnug*&gcgQ$jrWR&v$K=;hutI3)e||O?HvNYF!_+;t=EoV=C=F?z6%p@7lFd^b
z4u85Mu?az<J)x~#OF#0wbTGSO`s#XL3z?{Ww4YtJp9wvfI>cuL$v)v=V+FQ#qLgpW
zQs!yD8h$GS3JuA~GHqLn&Huu<G#~v6q9LXct2UK$8CF%2X<?SO?MC5;aeg#XSv@&^
zK%3e}>>)A1AcS|y=aCRzjT>59v!V6tJJ*e-kz?muBH~F8ZH~hoho8!*c}BOu2zup9
z)6OTqU+|FiynPWrGw%EqR(2_{l0U9Admknt(vY3CVj$P?R*X@B5&wgSBVo?1B4cGu
ztcEx)X`6eL3BrnE^;6t_pU7Ww@_k~DN#V`D7LOU#Ry$yc^0Q-~e97K<J$}DL?LCzY
zqn$V9TZL?9nZl(N%pwG_LQ!t`1BRXEiyCxZjeVKwR!f2H<s&1nr~-F-&AOD8D<+qa
zYD8Rl<T5LT*7A%Pc5#mOv2O@M(GKyern#ykx$mDN7nXT~o}9ulZHhxl-8_NTbw`V#
zpa(rb5@B(8l$Xsbd_FqdLu)NvWm$8+uq7*$czw}GRzUoPTrVFqnUA~&KMWGgn|3eW
z#4*&fhVi;S!PBFXNfPSoED&Z96(rpeQk=?%T7X&~hxPr};p*kx)t$FVuasUmR_(YA
zsOxBdsC9CU$nG@cPdn&;Qe3ykC{T&)<#5LURcmKxeua-dX!hb5@~hTY=@UJ!sy3tN
z@1z=>VD_Mx4w{UX&ACo9xtXfX&>DVT;MsA%FMG~mQj5xAvKLo~3Nv(%y=0>BO=M?Y
zJ0V7?EeewSwk1cC%J{y&drS5ciH+L2Vn&50G00D2>IFB4A}<iJw!UsrT>5-bF2ftC
z)iHRC@$tf#BWhGvxi*h`o8JE+RqD0%g~nCBM1+U&NMfQ4LDzC#0&#||G%-7YcxR+$
zgF$yxs7h6rLw4RxJahVK?mJS>Ju%rwSwv~~`*~zox?Radv@vSBTijCKi}<mKi!+w7
z$KJKtyem0=d-qr>Bw-6*gw-1%YgP9=RUfYMh2Z$*@WjEO)Lp>>KP!#QhbQc2B?24O
zlWWVD8tXbJcRsV+DU8%&R4^rE*d>e1V!a|_#-2>Oj(OM8z1}fgy|bNd4~$gVl}<cg
zPO^n*O^dIDc2z-Q)=S_(jD(4ZC=&C!rf%7RZRnPdXKSX<P|7{2Lv1njNFq(Q{0QVn
z;-kXMXIR))1dKP_N0xSbyEv)^UXj#%MXafPesw2vh7E&N?r|!4RQ>sLxm_1u7~9`W
zU%MEana@J@F)XZ~QqlcD$=aPItPGFSL|wz_9LUL2ETPJiF(bEWpwiTE|NRbSVC8<f
z-%z_+-6qXJgrN@nmZpm0EOtOL;S;n^w{*to->@=uQ~H4-JE@K?ihnd0&Oh!}1xI`$
z#PiY5!Ee0RWJ$l4SWx}&eL5MU$y2<pLXu&4@HnDTSXjo=!h}u(4@JGFOnq%`JL3B4
z-e7HDUtF75+oc=wAY<6ly3`6TxhQiOMP@Z-&75_K<za?#YPA``&_wtZlPd3^JB-gQ
z2s&DVUKE;sy};3e`<l`8mCeZv(|OE|VNI!nG;_wWqIUFyo&)|beXS>GtE)$hrzriu
zW|<&A;#dQMGw7~Ka0Z)!!&wMPaE9+R3C^$;aQMcHoFM|BbsCHVhtpSR68x2yg8YOW
z|A$GHGYA7vD&K@ZWpIA5EYQ<{`oFL&XW{fWmIaRZ!E^v9_9ycF3rqvZ%FP|fE1CbD
zJ^4nbfGnKM-9Rt_h=3R9+ZldKS5pU+r<1E4zbncT1#my+D3G<ggFVO$WeVhiPJgnV
z{p3HzXupGK0E6;VmOp@K5J9*AfY1;Kh=3py6yRLoP$q;B0Lf1|mj9J-IqUgvz!~hP
z;r|E|K_P$?!r!G3JfmCw1tI<+TK$F)5paNiV1hz`OdFsUK>&vTXPWpGrv5cH{)kvZ
zBEi2!;ecHK$i#3YSU?yK2N)KJz$sCAre82{gn-Z5e`M%y6Z~(?8thld`6t5-3Xps-
zCOA^~?9(u?umB(#Tp0PEOY$qV_Lri6M{fY>TIgwx8H@lq16(c2)!hc=#_wt4Zq5IF
zV*YMo!GC4U{-CEYU`7E>5-NxgKtfNI4;KI&DHI`i*8C%#fAhP4(>eTCck>652tp77
zr##ztLC$8^zaqy!bv56}Oo0A4RR|1z%J%_c0SBP@A1UNlitRh^0gS3Y<2`8Y;>M~s
z4vz??4_dh$pOfu0&L<#a%N66%u6({l<xCiwKR3bi?y{YRukUEiNrNnryk?wH9oLiy
zx)_Wla%)EH*|8U?m&Dha_`pZPJGWL_6;#jFC;FJ?D7nmFlV(4z*@4sfCK=A5RYgvL
z46$Cc9UjX2Px}TocpVZ+l!-AS=mfq(M4#?|p1Hc<x8Hg)vrtDChJMtf$b?eAt`U&E
z9(Xy?4To{2gE7E`&T28ah=}kG4uzOOKvC7Bok=ddkOJake@)`aqUpX-4ZAOMM0*YG
z(Q9j<<eJA9zDyi_X!E8eS7N2<nPXfUcWS5s<&;l&?@1cfH)cLNIX7xQbIE(x#v!M>
zOA)C)S8XrvIp;seZ=EbfSiguEYgQkaa}cpi!e#3*n<Tz#@p7x~s%nD(;~xKVXWnOh
zm52BVL2RV!QPv{U(;Y9CYClo%Mt%`}^jd036S;^+V_SuK)D`*E=((l*Li}z>Io<ZO
zSHgR>m7C9bN1PYN%lMZS-c0VG?<jOql{Fk=&`pWtWyxDfPpe~>zrz{djODMo`R0?N
zMB;cGQ^UE0$LF|ul*kmkGakXrf*EV-^5#7}2P5IpiWz93Y`60W%Sw=GPbxO;M{pe}
zWzty0bRHJmC+S_fOG=|;M8+uV%5rN_ufc59b}1%40UYKaO*J!!+iUBh`7tp8Z@cHN
zScW4u_p5j|&A6oSaP-#3VZ#yPBx^#=7s;;JMWb(*^PXn<Ue&u^ksI-aCBn6w@MZ;(
zo7|1V8}IQBAM0OSx3CV&vW|ZgK+^G2LU$Wh?nPnQqLv`0{FO%5V6MMiYf^5&`rP#u
zra0{>IML<{dO7%E_0;EUkDeHH+2R^)c<A5LB=y9-Hktm^W&dN(4LnIiIUV8cq2MEL
zWxAQwAV#+-hoQ}2WX1EBDrSl~)?E)MHf(JlA!+oLoVzvQPiT~1=9bcgx$^93h|CR?
zyhmv~>9oHt*g7mLO?`(es4E`(Q)1}I{*8M6kWe>0f)uM-har!;<vGocL}QX{zL;Y+
z)x&3UFEuY$5-Le$2%;W4jwCat?!L;Ivzyqgo$6ApDNWW2Wgi(!;&k1~q<HoP6M85&
zk{*W7by4;~rn8q&Zmwa;W{ZVjN@wES6yfll2%56sQN!YwbSO5-yL*FCUzqh^Q3>34
z*8;+-25vODR84)lMi<FO_)zVIDY<|yL46?Jo(CDE{<cq&$eaBLNEBY6fPB6avF7nc
zS05Ebo<hTSh=eimve~D-i&v}oMMdcL-+TyWyzNd0PENb4{%*a|*@l8xn!2ihCtAXp
zpDSl{^YPno6|Hv;l~3>M(vrd%UOp*&_Jqswygv(dwaB&lnYa??b#f8+i|_PThF7ds
zNW)lt=`Lq)_bR^Y%6~zez82MdT{f-RAe3Qvqmzjm`vaHaCq6w<F%Lhk;n^#7+SKu~
zDFvbrk|^Y@Y_MUN(htJ7LGOI)NRF7v3yh3)dQ7Wj&smE>BZptws=51dij5cu9`<6M
zuU7AGsHR|y;w%Q8JOgFwv3FH%mk&MXVGQEnpVTP{s^DtfdHsQxJ&G)$pXA_PW9a_1
z$s*m!xr^4ptUAJ;C8J;WeefA;_oy*uy$xRXO>CwOJ*6R1%6fF!Ur{q4HuCGBm`&sW
zo96UYQM_6eR!(wF67_^f+}h#b4B?kIl05sH(|Z+#*-iW>)n@!6qFJM8u&d&axPq($
zIiFFNOoy^p*DTrid(Oq{qPn8X{AR8a-6?;sSP}~}O`K<aJaCjyPJwRLf+hWVj(l&H
zB;4OE27>m%{p<5O1Pkb4R)$JyG(E3Gg+hQEJ}RNZ<k{D-LmM>n%V->V*|CrB4Jv}S
zaB59u`e#k#vX`#YVDaBvf9*villjFatkv0PX`wgTBvvf;@$D<msUdoH@-uz%PmK%t
zZeu+NBZbtotJBr6N~;Fq$)t7c>R36`d-||4jy7NW5DBG_*E7g>UG{1%l|1?~svMdq
zvtng?;n7G`>$B!tn4?ZASG#bOr6P9}MxNLN?(`#Yo9}r#1sGVQWX2$e!0gwOtRr@w
zoy)lc0-?oz8Jc?%+rc~2@Fk=CG5)1Dm(pdJX9)SU)^cfceA3U=4P1$iI;Uq;N?2>E
zc4HNDVdu7o^lWw_N5q${vXG2t#jy*H{4vZbm;{6~7B8l%OGG9J*4hs538{o&Ngf@)
zyf}uHQ?(Ir(s{TyVwWycs5o`q!o}j6LQ2lydiMhrG8Q-Zm1A<EOkZ}>yh_+!m@+7A
z=ax*276lIb6I{mI!}gPc#hMg7<nEiihYcparc}Ypah9@nd%FBqyj$`sUK(Y}UD#G`
z*qu~2IIy1BKg4T9XMawo>#-_j(O=3`2vUgJ5pOd&dDl#PP7--rdO7$Y)nJvWU*>6#
zt?@c@sW5ZV>O<1^k6Orx{6&kgN#a*5GnD-TEz+Opw%U(x7j0HMe5f2(Rm4narq_r&
zck4B;WyZK!rlK)pIlW3UTt&ySoAnyHSsfosE>&59y+~7}@Mm1ua8rQ5Gulj}JWx+t
z>+K9vB-y}uHftBMt=J&N^R6^lAxy}1+<N&S^)2j+?^2GuMtoNsj9Z?5n4NQs9Ge)S
zzh+RU+;qS^NPO+8Zi}~SuGhoD6@eE5#FTr9QM<t{q194~@=4WDI*k?BOop;iJR<Ai
z0=UkyR@&z#DTCCg0!xLi{;TsZvvcxS<xh5V@Jamh(=-<8LJ4_v(=Wl=pW8RyWp+Dw
z1PjVp>MEns9QVHT3fGPm_0cSkpPqXrhck&_h#~@$3nKiWa=Ogn1|0|J2rcjV&7&*5
z#8%^XELnB^q0xnhIFRRqE;4?p(t`M}XgHkIGd|Kcb~fC>?9VIItzRuBbm|)xXLiXk
z=E$orbspZa)4Rl5+!<(g`O{4*%gk(w9_FEa5)o5|?sPv1Lz#UH`pmHv#hH39yTN4H
zyOp)B?8Zsh%L+EC%Y1yWz3v8_ea>L!<?xjt&7F^t!S=6`W(*=Ot3=uBpEqyq3=pGL
z_dFqB5c6SClI&#C+zJhDC#F;!2iJY*e(k0(qB*1`0a22dsN!&0#B~8@JlsYJ3*12P
zSux~bF8T%stGOM8T@?&ZIG!I=A$|WsQK~mdEw1JIOWwY+pwub9=jp<Vh}V!Fw<fi=
zIrH<S8)n8`%}qXL@kvesbvODzeQKT>iRAY)m`fLGiQj_y3lGlImIp-~Ua*dtQ61<Y
zAXsQ?%?6E}%dSl0Ac}uAzX)9(Q&U0e^~~{}w;P|k&*A%Aui@VQB=gg+8mYr?TV9{I
z^;}BCVwL^sgpc3$9GUn$b{<x*gF9#C6<J1@mpMy0R)ZpAAXd@8!WE`Jwcyr0NeHbo
z%TktLxe~`Y;JcV(&=L9(99m}7v~y_zP92w|L2(DIdS3}#soFH!7v@eIo6JCjyZOTF
z=?B?-w4OGyRN~t0=@SbZr*@g5>i)GObJ0irQoC^*Lzo<HT!e2Z0zctdCf}VH$v!}r
zWSl3SjNZJBMf!{_Xw^3I>zs7Mm)GZx>PvfPGmt^18Eqn~e&?baI8!(+me4L<_lXxU
zc~{8jBye&gu&zU(>Bw@PlYu~%9b4GMawvUj7JGD6%tS9bEk&Cw5<JtK0gpW_%JpXp
z9A`2!<{f=?jN+$=*%C%*T%Pix;k)LocC69f>373zU#U!)fBA5|K`o=z_H&}%@wp&s
zak#{se&Rd@jcBC0xK5BlD7(dR9mXY|YA(BdRwqa?W;eVI_f|PqdH9Fj%GV!Zql11H
zJ8A~~X{MOrUz$8xtnL%Cc(p<1mgdPAPgD}6pBeYIXv@g9bNNdfu28G!xpkQ`(b9ah
zdwPS}D%fdz_v({3{tfOD-OeFm&?k}e+bu=@O|nPJsm7pV%=Bt=v%j-W02urRW(^3=
zs0&SkGwuL5e5>U+1G_-$8xwN|!ZZoa5D;)U1t7oBO|YL3?f*XAbk^~+<${0FP4I7=
z+Al>tXDH^3ZW4wff6z_vUnzwjaOaG?`h%)beFvawl;rrcadX@!^)43fTVzyN%e5Xa
z;vKkBv#~z}m{<twvMQIcwXZf!ZpgE+4|q36@SV4vQ1Yzz{T!~au#AyQa?C%6tA^is
zBf2~yl9V&5Euz&dEH?;TC2QHE&OPZ$_0YIEG60{-U^_sAUuJuB=A)I@vrEi)bQh+z
zACLvqcrCAhGQ;{Bo9xhAX9FKgeaOnmnUR^ghs%S^#pNStS4)3!-mgpNqGk_f?1X^?
z&-uZ5t&2JLJ}@46561P^k{-Cg86+m>nQQgG`aRWaFvW{pv^C#Kuaw#h346F1nN>`G
z;MI2B@6y#KP(VX!_(=*REnMTXxYykr_gR%hCI&EBxM|e$U91MF`-4F*iA9Rj(z3>d
z<UJ~FS_CBD^*A_pmxq>=)qXX&P!)O9=vX_Yqx1H`;;mXAqpN8%^Zo%xwoRbul7-hb
zf^wfHkoa8LL1q@a62`08_Eq)dbIeWm&&9)EbY5%2!8h;HRPwQ~rhRBjp0NuhzF7gD
zy3EGb5LI1_K_YOwYIpm|JBi)oVxf6jb3$-vTUd*E%m=NTZg*=Qpo>~B)%xO{y8`$6
zx}nbIj$^D}WpsTmW??lE!+9MM6WOgd$Q2ukj1?BSD0fev`@`-`wjo5{SwGri!jN`k
zD~Xf$r8UNh1!o+drAUm@eM0N8kF<Go@j?8GB681q((0gVeohL8`6SBwvkvr5G__lA
zqvi%)Cg|(#uy7vT8Y(o-H$fDI7~i@9s<lrOT7$P=y}|sD$QpH@$XeX`@-3@)N*x!G
z5ydF00`DS4$33YH5|t}&KE9TaUZkk8vbPJn<mSf+Mw-FgukO9-8YY}L#LjX(`B-)d
zdDVgcCb^S|rGx6**O-cIuj%R!>6M3QZm_$jpp5uOufWGm1B0{aRrE6MvZ&~^zshpB
zcA@e8>#z40i>*0#eb<LM<u?c`^M%N1@6cS1%)`1}E8tWVoiu!*n6dY&Kwob7fcHD`
zm)H^x{fl4k-_vjCx|f#IeecQE!7LfVZ9GYqcWr~dZ)+M-ClBOGx#!C6O(lDe!p4<^
zsj2nC&?)S3B823JZh+=C6!b{4D;?7eWEkEiLv<`@<n7)s`)O(Ke}Kw8Ww<FbM^C#K
zURJ#<yS(y2lthi5$=R$$iLE_k_+uxzNGdTsEiSjE>HUh1+_8<?kld>!;?kyGEZR;F
z^%7q=<l^d*2PGpDAE45=X(IWUAh?;{vm?{5%KTE(utL+Ywl#Xi4>0TolkA+67`Nt0
z=M$(!=*(?ini8fJpVTmi&?-}_q;^M!3#wV@H?DoStJ`VP>dtaJWOw&rXY$=kCMuy}
zU3V@za=7t#;(0HJW2iSSCBEkq44f_9imenVI?Aq`&2!`%;EZEoQ^B~^<DKz5uZ{zm
zcA@vWPDZ)WD*}ZA$9HA6MtMHt2OMRJ6SNA{bi20c9MVv|vYV5w4=Ua~wSIa&bp@BA
zYrl>s+Cbr}`yDoyc(%>X%UW^bYM=x-I%T|7`r&p%6$j-5BUyW5QF^1E0^7P9JOR$0
zbkJAH+%xFH)8wp|VQp2Nv>BcCPIh&O7j`pnSLgT_@z@=Z&m*(sglQAg_zZI7y!f{X
z;Yw3DRF4>RZgdNu7u6<DZXlvfR0#EGe-qKJ;RdR>J)Z4RV7H*7IR8TPs(}$>st6Uz
zrqJI=J2t`b_7hIMPutsHa>z4z99Zfog}l`mrV%ib4;Op_J6N98bw&%^Wa-n5vp2_@
zZw?Ehx^h!N*(rQg?-s>7?WDl{1BJLxX|nnOYd6brHK@{LbZX5y3fG484?oHGsprpX
zxBHp*U8V8z!HOcg{9?>`(_@M>*q6*4jBKU0yCcb5qk|8balfXTejB}e11*b=%%4Zi
zP|H73i4JEl7~VXV+i@-Du2y;bt3*g$wH-{w`>PGQkMcNGQm%9#&nu#F>SXf)2Q{uz
zUP^n}(&!!>vf9o|2)w@M%~RKqH)<BMO5>?sj}odZSdXzB-Y%F<#4^WTs#%KX<~FW3
zUu1z?Y-Bt<r{Y9Ht=$}my?te_^R*@`9jzu;6UQy9qS;3Wqh<9%)mWj<-5V;@rOWk6
zMv3kPuft335#A1|uCQ66NA69>DPu`fDn3X#D4?4r-M*-WC7#~V7_D#^8P&YQ^3ViB
zx%<7LMo^Zx#awnnxlqU2wgrq6+}=!DAm4+;v$r;Nj>8=Dz~CV=6idBkVbI0Zbudiy
z@YC?YK!vTRb8`i>LE7(K2@{dn!~RXpC5Xe-v0-y<o59y5$q&r;L_KsEJ61FvBy^fB
zK+kD13cQo2d6p4BeUYyq@)6;@a-UE^Vz=ReCEwgst@td3#yvab`!s!9wB0Mgk0LOy
zXyoo(sa7_PMYb*x4+qqZF*ElYZ<fH^BF*S)!igF<JZI|It7m#2D-EOcMK3M|eR|q_
zg`8(gJW755>#<8^JU=eV7E8f-ahWjKFT6@_9m_UrjcTcn*6G3tn)&iap}$8n@SiD%
z|HBc;&w%3_tN&}j@guhYK?*_s3ON1=wGIJ6z#ym~$jrmW-U28Z<~Id$S#Iu@9`^j6
zC^LRHl<N%}bJVYNJ3ovc!f)zmahB8KH#=S5#&7QAXlY~R;d-_%i{IJQ)tw&-`W-DV
z_%r7Fqf8S71|+(Kfy@pPC<FvpaU@(o5C}XGK-DqO{1X-$$Wxt0oqwa{1^*!(4iyGg
zrUCiH?~?qejr=zx`4Ln9qmomE5TFVO6AZ{uz>$DdKw08{sE}WifPZCVPE%hF-U9Y0
zQwwLHmflUk5#<g#ZJ9ZFfgo@plrRb|1hW)^nnKxO(h!)b5X9762w?_C0E_wrh2Vlh
z5HOHCfFXq;NciuE#Lr3iXG7vFFM$ARQvnlxOO8R95O5&#2mPY~A$XQ*_|1U$HBSG7
zJk9s~BNQn0g#xAQU;!YVj(`Ef^gk5i$CUol(Euchfc}3ILlBrQV8p*7#;=*ezeWQv
z7~Fx(8?ar<S>>^tHL&2}x6}Mr7xc%v6g*92pC)sG`gveQfe>KfKg;F{euJBTo8yRI
zz0I$kI9<Z}Uuvk`O|3wuIr{&`Z2{u^qa5zHu>sUl3kV{ZAi$tNAeaOJLjkQn@mXhb
z|Hfw_{-Mu;z@evk`tNc;g@G1Ox&JT7@vF!BU-kMwWN8t<`kX%)ConKr00|6@Z;FKh
zgZ>|O=o@7J`#|}JJ_rT_^5TEV0SBD#Y3m;-_P>+kS0D73V*eK(jDR7bKw0{K>w{r}
zNCe=C0cS0UgoA(UgAxDK>6}&o0D~Edga`-$h53Mk7Z3&<4^$X@*8ZbG{w<pMyDfh8
zJby4I;NLRj-zE80jq<O^@&C(*K@q}d8h{BS1i;@Ggq$kqKT(L#AA7OyWl0V<%=z6t
zfbF(yOznT?oq^>H|Hzx2)*^s~gqeUKQ$QGoII9H^0>hagKp#)rf6}?LPW;BD3H?Kt
z1_SDSAV}a3_q!~DFrZKac*(ya%dc+jJ5wk0r-cc64soN;NKctMTCQ5$66;1Sf>Z{C
zjjO7Qw41)Mn^Y?ClkTS;kJ&O6%ikaE&@Z(nu$PV=CVZv^N7D5YM!vGL{5pD@1>+?6
zWRO%=32|7OlB)=7(Sfm3=3u~XLf_nG|KMFV5%iSxOHqnRg?y&v{_QMA%gm-1Gqj|`
z&gplupV@95t>k9}G|4nRKW@ZMe{vFyJrS{_TjXoHKJctIJsO+4WA5_WOz+mX{iFEz
zZeXqDUFEvAp&m~MMe&k8tw2d%qCxslmBYuv(=}RG`Ym^Dg$?SHqR6WJ7H15VR~DQ*
zSWepep|Y7yZ#<3rH`gkKx(0Rv%`;=l29^Vk;Vg2@^A{BK9krrkH$G84627I8?AST{
zNIoEX>|K`e#7UGcM=$^78M;f>#)-Wp;^jRv<3u=0Hqg7G(RP{J9xk_pcWSk@d42EY
zuBm5HzFV|>A;8MVs)~os8N2JP)qBxxYgU9uz$kUar%PU~y<KRpD^?`Waa3dP5ZWVz
z$xDsW^BKRUdVkX4SnR_E(@vRTp~nu(W5=y#E@BKDJczm-=E<pt9aOi~YqKnxXU#km
zJ?+4pQK5r+d(Oky3Y7$H0+fDCW2u`ERh22?3&Tq)=)~3}3(HgQzd(p|9}6xsac@St
zyA`Y<hC|<DR8ups%;<$VW3t_9yVZF686{CLY>*_8^|QemZxNhmpr>vE$<3fTl3VIR
zr1H6kZdZKfNYZ$(0KP`5ssex0$QK}ZvyR?Zr8C&(LYY*nEahULfq*2_vYBU)I_O>7
zM2^4T2g(gvl#5Lb$?}BCIuG9h5eCDYrPi~m1SshtEyK0t2lLt9zRx31(%_?OMOU>(
z`>%xZulDa-jgURvZZ#0}>(jO+>_2aHZeQ<XagOu5q>W=fE{V9MMajFF-AiJPqn;O&
zajz!Y)Z6h>GZSzURN`egaJ3GHRMN#Uta`oOH#MSjTQiqRth{;S<p*<(fYmfR^R*X`
zhghNDEd1!{qo8b+{dje=dffAjo?I1HQ8L->W5+HAUgIP9Ybx~<?HA2m9LHX270=j6
zha>Kgrb=2<RZ4D(cABexlq*hBU$$U=8lOrgfFx$6y)|7-5p-J)!K1JgSx%NN#VvN}
z8R^TLE2d(8Q)Cltb?#2*i`3Ddmg9_IJR%x#a2YNY?@k-eh!1_;jTu0>JBPj*x?}%|
z;@vCA<G2<sEWDLh8JHHXc_k#o6B@!U4%)JsTf?CHWqUrewCmi#Nt^kawq~yu2ZLn8
zCbXt04&CBcW_ogDdH}aVve?Hdm`Q?^QD_r&r>n#iBiesu_jTwsLDuRmCDwaj`MSk@
ze~Ci!E-v^donWoU_}mfuCR7RUR8GvmAu3$`#k$<Jp)Y65Yez()C1^9Jx@l|hT7qfp
z1ejHg&`8lQTrOdo1!e0@+AU77MM6C|`%Q+h#_7@4-3n-V*8QnQUR>j#vG7o22!X#H
zRQO1Q`fS{`EOPF4Tt}A0!#7sxyHV$hA56u_sNl!QteY$oaYQB!P%ySGGR8^lq<xed
zZ{=d5LM9m|iI|yF@AC<|k1hwiOz-DFW0b`aA~y9>9gm7L2aPg7%gY8=bT9;@2|gH&
z^@U4xe31(cReD&yba4a!_5{P_XGfcxDtK50ok2p+dDRwW?_3$@!`)`@yy}o@q$4(S
z_o?}0dmM*CprG&Fa@CB7mMm;oSweTF*lCR#>LHm$^(iYvHwGO-cvY~TVPe!4w)sCN
z1&3qT3R6Z(CgtV2xvk(i-+#W^5o}LTdHH275lv=4MnYYwzTZ-md3s%Jh>!<^lZq4b
zvO`J@rN8Qgzn7KoX6iv>-V#@aCppeib~)y#u#}k`Q)!2~>hOdEgBkZ#Ee8K;>if@#
zNQn@h*r7Ab=2r=Dh~CMJpmAS~2q6r2!&xI73|UA~hsmLcN}IA&&FCu+J7TuVsl+MR
zeN-Hlx^^VLdcvtlTVHyns)YARy@M}aCcyS@$t7`>FZT;h3)(ATx{{hul@|PDZrB{H
zsNHD$%Thtn%~!|OtRIqJxN9}eetJjzj#B?%ZNkSFOI$2uE$11<RA1B;y1ZU#E6Baq
z1!+#^&+`sG1$NpQniKUB32Kn@xNt7sMTeVe3EsCDFd5CWzU+8Y|6_;GVw#R;-qP`-
z=@HK%;&J!!eQk4trxI4Kc<haD-l<nhTd3*15#)b6Un^YFK5tXRZjx%Iie-U}>U&(j
z^;zT5L%}==okDe$72h&V+Yf6i5d1Ouk8gypNy|^WC2;u2tQVMRk}1y=vlej-=hqrZ
z<Elu+J0x8#zO=XC>Cm-2e!=r5l@9a5g<2>+iX-@a=7;VYg1ADbH@f+z!TrTOOuKrD
zZPsY?MDvEy`!az}g&TyI<>KA5wh7rKg@i5R--?@^r$kH8yC>tn-*w1nTt&b_aej`s
zGpj1RL!;{Pm%d3!lqeS3{LpfjaN-p=ET#H&$<g}slX}04VOwh_&_+`12Waf)8Qvrm
z8Na#yrl~l%f2=WmPo^j~ClcCwd(GEHL+0p#y($&R-tG2&7;P`}-3_iBhkawEfDMbG
zbDtEh<8Oz*!tir8#wQvat3|4H`widodaYh#6JNqgY7|vQwBD3@9n$C9ly(e1BqlnX
zB>6ir2v8|M(wt|El_mjz>Q8AT!Eb>(fJ@I>-$Gcyvuqv#uq^cS<QY~34&NR)LpVU|
z+XH8DHqiQpR}tSHI19%#3C<#+U(%xhviT9E{U0VLzgOd*DeS+dM}@wr>KC^1ES5Uk
z%0L+T*Zu~;8uB0A{AHc<Dde#NN_;)c&WHxBvkeWj&h~itQGD-)GWT$`arZvsA-@rj
zzYTW(A+&)*A;4mC1QT2c3P2j568IEefFVE)G;khh|532}-#{B6hW^>tKY%vhXaqO{
zC<s3dw}IN*(_(A@Vf?3pAb*7ve<BF5${$!|@<S4su#f;?w|_;FA2aQg?)nSy{;m%E
zJGlAF?DkH;o@cB8No@>lEcQFg11RAiX<HEBonQdN3j-_-J1xBbzWf~qfZEgcpI9Cs
zCw|K|BY%Y!f1>a+k`o4)`t-{XU`YV5xCM5)p~QbG$UkIUAOP_W>{aqZ5;z1{0Ra1V
zB>9zd`PK67zy@P(0yZdj%d@>p&KA_TTAD+I;exDy^-s5c;|JD4KoGw*`mgTf4-^f9
z2my=|u#X9_bObC61(*y$0AB)y|3YWYKeG8Z-~Klu11OjON8=9;2gqCG={6SMMENoP
z{uNn%{+av(k{t>MfIpxVD4=d&%@|Zr@IP0|uP*RA#uh&HMt`*F!HDZ<^{$a|u#53v
zti0)TQHy7rOL{d;zLK5CSPI)vHn-x;`3vFEsJ&%hsUSAF5L-7!S8_E%x|tQ;cn~ZE
z{PjV!@pUPU#NI|OYH0@fZXKp}`IhQ}P|b($h%UEqJ4laGeocrpc`WN$X&*5VS4o^X
z^^w+83fa9LZy4$)dZ_ae)HvnTYkV(=^dRt#R7bzpqm6UnjD5E0Zrja|H#RQxxX{-}
zA_!B$(B(F%GRaUjI|c+S_cR&zeKm>4ii3M@XwwFW&Qm*Bfv#4z+ToJk)=iV>6>ld4
zcjX6vksaWXXUy=P43sGrs$72CaWpw>$tpxJ@c@BN5S#eee^#I9DWt9CZfaIL^m_6@
zZ2q(=L%2@5)ded}QTmuKRJnwNCcITfI;;1hTc@2XI{itlMpa4kzQ$k3EUh0FU~83s
zom(4K%n8p^#Ega~AbU^bT$%g2M~~9=TYUK5n_uCp2)T3v^o8fjo>=$g&{?AD`Ur+R
zW3_V1x{;u6?GC@)Ovr_}%hA52-q-O23Iz7kB|o3Lo;+2wIa9)8>-chSq`wg~Q!*pp
zviG)LfUJs`cQ~Zxg5+1{h?iU#2^Xwfy!Ee&X6Qh$FpUHKb~g@TRp5TkVTRP~JI(=&
z$u1U`m}75C+&ZE{F*~bRrQmL2degekzPb+W_s@vXe>NA6KeGF<>%ogOsfi2wvh@ga
z(PKpz*cUxpSFD9pDEnEnA}lxr8WkE1d(38KvhgG=OON-3?{LVpbQv86a^B=<a$?-@
zWdCq=$B7)V2f@OwaKT$9{GyhFZDG;T+9ZV2YGKjId{D*8g~F_>kGH9?Kh~j+c*5)K
za1kl0?&{a-{WO}H@y^F<5<YqSTetU?Rco+l>O9Djb!tZ1=|aZC$mT{kCf>>CUhOL~
zo<NKgKgRQYf}-S9s_8-+d!|WFOt>${CDx8xnm{dOO9>1sE(k83aQNYgcJt;Iq}5Y*
z*g6yVNpScT+b&L(sPVPQm9M9u<NH%HMBc_8fVdgGa=Ej>PVw5oaCOO-w{s|*VjWSQ
z%@xzRA1JN=DK<N%z}!1TZOR)*BJ)x^=DEZ8Zh=bGYf^Md?cs_P_E^0U?!&h*>}c#4
zZhnx$nA|l|nz|D4B3(VYpg?;$g!3zNcU8IQb>}U8nqu1_%W%<d0&sb&A+dQHHjYNs
zf#?JML~vJT-heXtV7}o!iQdaxWaQ9%)4S{^579&SJ1S{7)N}IT_mdxtFo{OQ6M_##
zM$+hnUW<2oVN)sDrs}T;q1crN$ATk<e6-8Fli!aTHI=&_8F*!`2b?^yNg3bWEU4dg
zP8s8Gpns3A>yo|t>PSLkQJ2{06PK3CM5kF9FN(SlOi#_y_2_9s<7QD0N8HkrNglNV
zx5vAWig>NVOkF2JJL`=Z;i;zC4ojNJv%3cG%FP`fY{EeqRsQ7#W@t$^GLd=r?C9Pd
z<vA>gTl5IIw5f&`;2pCT-!!`$W+vcULijcU^4>M;lX;{Ef5n~7O8!H+<mY8`*!`9M
zF6@j0$aUXkh$=@VA0FRibt`2v%w%un5$9a(;2Z|d(WP^(48v?eo2g;$F;B-mg(9h*
zoKudm)m(Qj^>0`(%x#KQ#;bku=>-9W75N}hkE87SP&rN$w9o@B)ufT*sae&=o@Ijn
zN8MXSRk?O;!$^0RNQ;0VvFL6D6al3{knZl5?ots@LPEN`kxr!qLAoTRyT5Azy1lpD
z&x_ydkLMj@kIg>aj>Wv@HP<|69!JSzUIDV9vUEInk~iUEpKuUUMFl8>)wDSB#spS{
z<Fl7dMv8|t6(4Py#=63x9u@^b<WxFE(&bk4vj(sjWlt0L?@n!4W`!{LlG3F!%=srX
zHu^iFr{yBCB`oQ++=I4$q?|^ME0WEw31L?KJ$a%3Bm85e0wkdW$<8P&Lr)@5zJ`7<
zf=ilgQ`$*7bAyP+zFa>%wHf0`f@vtt#w#jux%G5e8E?%D?0(u^j!KgUbc2*{Q`B2U
zmE)4V6?-xb0%)jB>ry748KEYd**-9z#(cDavDi#6eL!rKT#_Xffq-a@kAt!3)Fc2C
zU`2x|pib{ytGVl4iRS@djC(>Q*`eFnxUR0rOyVmOJ>=55O5`<X>AWblNiAvTs7&Yj
zedcjp8rq9k|GDYDO$K=^m$<r3e36`GYM)h|Pv~@(ompnCB=_G{JyKPA8-H9r|2XAA
zIE3U;qb9Co8slrOrn({DCPTyH_>80JXQo~trxuuQfv3Z$tUb&A8GNY-gRk<5I;ke5
z2klTOY<OF}M4)PieIy!+=tv?_qLiCt<>$OD8X?=Bf?AI}(EMR}a8SrQAJEPXq&hlc
zsH@}mwcm!?*22PIJhMk<|MWUiLwsEm!B+;`9&RxeBS6!YqDMS-cN)a!#<Va+qsxq#
z=8Ch;pQEsbXYoRe9KS`-!kf@N8u_VyRd&rd4qCO65C%#z(Yt5gq#c`KSU->8D&6G3
z8m`?Q+eBpC>;^qUoRDe3r=ZYY_!={^JTmfb;$(9xE68}h?|E~s|52YU{l=Y^@qy*e
z&aBSmWn*@Tg{>P)NBP5Q#T7>3o^|k$G!D_2cbnz-_{I1=W+rso*H>xM8IcWPDxsAY
zt?cdD2j7)Nic5_%KBQP|e)CqavRBxc%a`gg+_Cd_3IjEq@c6v=T>+JkHjg0q!t693
zZ!RU}vRO|Ev?W6Mm3W(xKF=J(+#F#&Kx9IIikCLsDcs8JT@20Zp33wb_m!SLfIZAB
zqS(beT4*iHl4b4Q&?MEe)3;$Y5i-QH&22+7LX315R;OBa8{wf}MN+<bC!J{R8@&;d
z5ZV(MakB*J_s%F)Un~YbiD4{p`%#7vjN?qXDYq>0^*ZF<V3>$E4jg#x#uem?^H7P>
zBJ7^^WYTiO9g#8KR2pZ}O(kU0;9!GTLPq$}KB5h$ASkW|9<dPJ878bJZF(d=ci53p
z={>X{nB&4sS))!~k`xyRzQgNa{02cCvxnc$Ba2`$!gS|-LFCKfTdc$rD}KWu<DHMx
z-&W!{T*v$zno1MqU|_AZ#$R-Qq0U7gMMdS2ka{hTw<Il)=!uz$;yCFtUFL%@7nr>A
zbnMtkX3M7PJF!Jrt?P=o)_N4Li~KtR)wgHPhqk-y{L3Q#zgH*Ne*|-?i0l`ohx5ep
z3F3KL2mH7wJ)Gwp!0BS%f#V`4Jr7EOKfI_w{9OHK|0fv#-(PGvfBye0HUMEWIPdzU
z*l-?Hp3h=4asFKW2V&WOLh@g8j^73X{+(@}?;D$H+Uc5Im346bVS2{`4DYZ3B_$w_
zW&vsqKO%h)c%dISUnlE0f0Qd4YMlSP$v=qnIe;l5;1`3tXe@wDaf0{z|1ahE!$gdU
zk%^uiFvCkpz-1Ul4%WXS$*+0XkCfxw{;x5Be^bqRgl$vp1LO>qzR_b+@%6?G^Q9rF
znQ>0L+qyi~mUF&IqydV7a^gLKtEp!-NS+h|h<&57^pC`b?${MfR0-6En0QZpDA?Z+
z_MHB-pz2lhLOOhgm3oP6qy%2{R)6;02hH@Rg2On+ZIAMmlII_@H7pGFM&+$rdN87Y
zzwgkNOBo;PHrR#tY#ojNSyWv?`<W;tnefW%VFu{aLxq*tak!=FQ*hp)uDJ|F6aW>>
zqw4bD)<bpxX{{pSux%pQNh1Z8ZKR-gy_G1m*J#^}?QL~hTZ=)doaL(Q!^v!S?`br_
zB9ucb;_8Dyy$>O)dT^^}^=#Z0$s9-JY-a9|or@Wppb0h7TD^3QZ*1KUd?Q6`GeCD}
z)s;P7VoKOjt<{hTb8piPw%~Ke+t<C-2qr!o?<0m67T17L>d|r%2ufn<RxpTKXAKN}
zCk@$3jvB5xO}Jj(zQvDex9!qeO1IQ_P%DgTz@S=)?jwwaIoQwyBQz2f!~aoF8fyg7
zk|o3zvDF6x5^<#9PIEEa%ALyb`x|dV%r{-T-e_2gFF)zbl1?s8`KFyQe8<VFrOA>I
z>D0dG!2EO7;`Zsr%*o1YFH@m~kms)R6Z@;&gx(bJE>sXGy!;7e=5X(&F`hkp)M5HU
zCu<`Sy}xL5xXX>&hg$h54#Gqjd)|fv@oNd5P@3BKYEcr72|m5W)9?T|)>KP{<%Hm(
z;4u9ox`l?X_I%1)j}F<?#YEfp2Tryv387gCZ+)DG>qCHsbJaWZFO<j0aVP6+d6(uF
zal<<fy)g|+C^BdN5YuNroDvyMsyu`vcKstRp1=13*|67|DIDf@A1Xr}#K|EeH-ST4
zH)W}hCH%B=h~Pv}Hq^Tz^3X2PL)*IQHv8}(JTX485!1I#7}A@PWHaJWbHl6nR@KA#
zJ`FmK1p$3Fd5jF+4q~XC%&s%!%Jj<hg-Ro29X{kC<&^0vsRuN@(4(FoY*77B^U0nZ
z!FF!Gg?vz?5tWnh#Ma_{B>Dp+7@Y5_udz*_P8Hgi3~|Dn3^UzZc2i2LhRwEwZa=3=
zdgd`04qK<b=dTlEXeD=t`9YO<!fFooN7g%K=wzy9j3{#cwT9lUlirYYTae8#s_>3U
z#l^$n-U2>Pv6}~1MJbChNDwoF$he1}d{bF)m51nr6imJMN?u<4lTO5TGg+y=4<ANw
zfX5&*bXBKAfta-8%Z*nzA>*3sWnK||$S7PBnZytmVZ>6sFW<qy<sJOEf^R(ALgOGl
z-96rTn&Eh8Pn~Yr@NuHAO6>wU{RWC8cSfCao&*BVa{sIHiarAsMRgdqZzaOm!HS{^
zb{73Pk@7@&nCRbRiS8C<evQQQOBA-?2rmn5c3R*x6GJ4rYvV&C3<Za$l{vG)iKRxy
z@bWCb`7zcoBRtD-x<}&lmk??qJ>ur))Z%&%i`0!rrde*JsUU(>JDKhzwiu1wRpo%+
zwMV$Oaj*$*uYm2C_*p+FRZF}nG=<<uMEmB=r;u@pc^}kI>z^dWD?YsuP}*gMVi5LP
zM)}TD1y=-yls3$^<!uFL?MPA4mr;0JuGI=Maz@4_$2RP7cNY#9)nCC%Y1~hG9@W=@
z$yHq2WKP~FLiW;J<DRcO@mowe-cA9Cf*`0TXs($Q0hqKjCb*`g4M|FxZ}li6J0o1B
z=Q0jk3aeFe2J8)coIVW_XtvmmISoBu+RQ60rO)!nMKTUa82_N;?(<+v(>1AtK8L!B
zt{8_k$4f(rF&eR@q&B0jlv6TCw9wtx%1QtgzF!1Qyit$i$Pq<0F&67FU3+<?26ApC
z*T{G2$Z=+tgOLoWDUHEG-diI>_OGRV22#47DCT3>gos2uV|4I-fQq905!M<vPOhau
zm^J}>$nTN!$v0R65ccNBo?s$4Rbn44-2ITH5u^By1NUKc*N7+2u-}V2$u#oDvNdY3
zBX`Q^Bfok%GaQM82~BK@v|w0!#=5?)F^s8#p4SU`vPrGhja-%3y+`Lwkn(Ix$79;1
z2;+8=2crdC%gX~)VefgzgxSuD@<;xiPdfIg+K3c3>m!A<7+@EO<CX|`g#v0B+i?04
z5#YWY5f_=Ny%TY+Iy&9d<A4tcy0tr*DW%B-ud=eQ(r;yRHUugc2#E+xsVAWiHimi*
zuj@k6_Yp0E9=G2Y?VjiEmX+J?@iEVrCOv&T*Q6pdi-DV>i*rlgzJ1RQJIg@J^_JJ1
z7o(15m=`)4*YkpGBJpi|!}0CgC)GwhDtuqjG}5O?X*~p)o6WOY#!g##-6VPZ-F!T5
zm1px~Id5uiq1GHhH{w0_^+2kelsbKy!7QkH@F?9#Yhfxe`3}}YWLut3bvLI2ASBvf
zM2EL5AfNP$gmFyXpy3KOo`&AKS<4&j&W}<h#8f;QP@OV#lR&6@!~lVY2j?IXhez{U
z#K!QzBjk6%iYgzZckeyf6@t|YO9`S;eRJC#ldB&$S4~5vNRkp2)yExbEPt7#49_-^
zz&)12L}m0{8Ue}<BvO!{7X<g=Yw!M?TRgy=gUI+SBJP%)X*#z<QAF8mCpEbHNCqjH
zQ<;&<waZ_Y7vx<H7$8_72A$P`zlSp7u=-^5uwuB3WtGMk^3zuH>GSgYedtE-&<4q-
z9sA_^g_7v_-DhuB>Z*b$^g;XU5zV}w%|~+h0ul=$#?V}T25(r|VHj9y2`Xc3jnk`)
zY~gLc8a)p2P_^hfY^BhB`dXJ;id}UQJC3sVu7mV<AVqmm!e|IH#GLLTr{0JZBMjTL
z14R=qlmPd(h5}y@vw1O}X{f2>sipKT5tf+fsjfJDQP`UB7p_DPDM|OJSM6qHMRSif
zRT&A2%|pk$lENLTF+5R+xMj*LA-<aqGOwR;jY<W48<z1(K#rA5CVF#6PXB3@)GP;m
zVz7kYLxcEbUtT9gySSdh`huZdQ!i{WlBc|bL}n|<O><(_l+aiKir*nJ$H|c7J_r)I
z5*I)P1+q&KVtzh=;&0y3?%A-%xOb{6;I9=U>KO8p1#|Cix{xRgbBC|;Fn`uD-yxE~
z%jxvr^9{})Jp)z5^Fa3r;(3q>{J6*|er6Gz|1@*{_h%93PxYT!1h8oE?=0d+s>Q^_
z$^2u%0>t=h`|M{L@vokxuC2bVnFYg-K|E^)fKO7F!Bo>4n4bQvhY74v7;4jL+S(Z0
z23RL`Os|}(1_5ozf6|xhG&g|3JrE->md?ZkG&O*R9ROksU}ORF;lM5faK28Saq+NM
zBpSe6|DQ?2!VI2227ddcG#6RVUz6sCkzRLh{$h;)+(-g6!3^|XfQ~&I(BAqBiupAK
z`)M9PPt(L)ThqkA+}ef<zzSph%?QAAoBtRBgMqoJE_mnS97pb|tP@BV|LhH1j-|5$
z&{BY@GXqOBKvxIgPCY+f&ltducBL`=nq*zWG=EIUvjH7VpyhQr@((naz{l%|^516u
zLBQ1QKVOnxwf|d=4<7pe(N4Z{EE)uW%>VOQ*MBM|pijmO^y>ke0w?z@;L~-U=|c9a
z)cYUQL)Q_66<k>$WxbGu8NllU$QJ&NB!B9IfNwi^NdHn2@c8Z@Ny2t9M)F&C6$CVG
z|LEN?1JH?_KLr5;yn#>Ge>wkMkU#W;pv&QT5U`KI0Rjd(ehkk8fPdigbu0z2tE<0<
zzhHP?tNe2@J^w?L%jx;QBFL{!@H!TI?vKHf4qzQzj?aSt;KBcUmHg@@FY7;`3;57$
z6oBwm^FFif*L-Nue%nG};TkX#&AzHV%tAj9-Q*x{?J_Jtul7CG>hy$<TjEs<r*0nw
ztoV-p^F8N%XHg7~4`^dya>%;hmex)~$=lJxj%YD%6KGP(1RNF#_%yyH9J26yhl+se
zyzM5R1MgIExQ;=bhknCzCh+4|$7%a4cC3R{9~bKbSriW4vmjV0I1(HZJlHde-Fi-E
zbPUetZ=hFg_{W_*s;j(Wq)MG>oTT?Y#F38`6r~;2d`4w@D;Rk)q`JT2ja975`!)Lu
z19TF!X>Kb|6l4{5EaSIR#^SrZen(4bVFp{BO9zzjXY9Mm==Z6PbWp^w8{VP|ExdWm
zS6s-RQAFLcV5p`mYP?ywl&!jcKY}z~gPuGA>#^8DrVxMqEqer;iB)Un8#__OJlIZF
z*0GTH^-YuWDA^YyzM4PhiQ^+e6^&29-HzGpTycY}<z{g#iBadksHow61$w<t!Rp8c
z0L0nl(T+T9conr*xz*W!%kyKk<?EPi)>P&|gzQ-9ZTRDZk-XdC0|U0T#xbuRkJ;vF
zz!C1;tTpW9cI@Wq|GbB~MEVMCV}Y~u5$M~qNYc^CjU`d_6j94tD#S%^zLn<kL#cVD
zDE712g4}m@ES9!+#M(kW#=ECx#N41R0WGe2JE*biIyD>z73_N}P1y9VuD`8(8m@gW
zI)Y6R>UgWgj}+TEx~+J};(;_<Ny``A1$YD;252%u-)HmiC(Yy<N9_WHT;D9kQ=vm|
z=SIADg)tM*C5glA%R?gH|AZ&^ZlJWp_Ej28M}lN2fkRpNT~6quSnh}9k`mc+*jqB8
z)}K&cCXFQt%RcXW6Zb+`$@1R&2NCcYy?&f_k`@sHVF5mfy?bAXKPK-~V)>KRf2kZ>
zT*^lU($Ltf;aetON_(BuQd^evOsm<6-_{nAn5n_=OD39qFt>4%@9K<bMr`fZ&0OyG
z2oJNiY0vj`c+#=}$@SjLGnHpHk$+FE`(5j+HQm!~9@<T>UMP6PBZ6H45-&I?lO-%F
z=gN^mQ_G|w`faiY1Cr8lZ&jfUk?+d0<5tA?72`ZWfvn|>*mpLtZo4C#=i$tjp3bbe
zhISmZSh+VInHKx7Nb+bma##$>NCcV|)%s4r4Cn^wY5Ynp+wNl_Oib_m>UK)ar)$ek
zs*IYXHa)Q=3KFn|DEi-EBYi?;YD#<aHSN>OWb8&WQcNikF>Y#5<Lk+up(&3$WRGQF
z1Kerc3178iI^|7lI5dsO;VGJyY&{sZDI=ckru7s>mL1fnP?^NnF@;7HkD7hSkiZY`
z1TC41w6E5RKqIW)Lv4ZZFd-bm53|Jkc`uc^OV90nQD5sQf#RFrIVm1{izH2qo@zm|
z+|D=Tzv-RSD(W#lS5?Ehki%A4(W~g7<iSCz-7Z=#RM55}(|}U<e&%HNpbEt)ZdF6)
za2F-cajEs2YlkgWbh7u87H78M(nsHn@YtA;8a3+aVQ$@(P7rGkO>Jc%qq&!Y-&3bW
zfJU#O<x3U0&bEjfNTSyRGZ#AppULQ9Ro%u@myCbn29?{jW9dOBNh(3UKrW=Nb88ax
z9Wp^J#!Kdl=_^AUZAyDTSn|>CL74jd)v9e@M_e^*!b!{EQHbZmbbLN$xY4v_!OZ-M
z3>)#uqWHXCIfbzHDI?Vuo%c*|+Vn@JB1{vj{VA2|cw|J>wzd4J>hMkPIenRRt9Nph
zKvd)iNF-NoVt9bCKFyu-aYZeh;Ik}kC525WCCDiw$9CFfV2`sfd>F$f&tLc<-m%u0
zw*$g`ZK@%%5AGix(YDpSV~-g$K;sTH!=*rM0J-?l;!xr7-ki=@pIHe8Wp8>vXn6TP
zuU2u;tuf5fdv)T=N>~W-)B_SRjl5eY8qoUHcSl<wRWu-LXd@tF#rl|Ph&;4azG7^4
z+C3j%Y!~JvtC)9nf+YFirb~J38%Bs``)F_6A@N;ZnM8islWcfNhZ|Vj{jL<Kc;k1%
zP=m}IgOK3!N7RvXi`9m#VO*r*vA6?GPjnw?YD(k3I#wx+IH@C%jeqb~j|r$W%a{5p
z(>=`#GN2H}e8Fkmr7<cou+u2>(M7<DGLd$VTgrcxOGU+%t#)K|meO8#YitlM*`3t`
zT?sNk2al?KQy>_j8Iz9^Ten_P`9ruhVu8qw&)=jlHZbeQim3GnvGx)>r)QsKV#(y^
zrDLHVN8QA2RBsqdgV1UJAjgp~`Rp+VsnT25)90<@*{3&<VD5kTJwFEl=)f1D5P$`K
zo+AP%;OE&H_~%9Y?;=+KpD%LUi_jK0Us98S&I!rDXYgl%e_q60p!0wNe7=bM|H<|L
z361~v=lT~K`p;w^bP1dOOV98kDmb4|X5;vWZ0#IT9sH-@)bd9FaY1HvjR4|j2k8}+
z^L?Ki=#yeji)yci7F$bfiFOWU_B<j<1MIOg!V~15Q34GlObS6vxs!;}xDER9iK-#B
zbP`-_jQu^N6Dogv6%t&Mk2ghc2*;a;dWTWBN+v)t<qKq_7D9XxT2CW`)ChA^(?Rka
zr*k_Z;xj|P;rrP$xOw2?8Xmvu;SS#B*PRhuhlmq8T!ULn+5L{1>(AVmXOa2frF@@d
zH`&gg80PdCcTK+U&EZd>?3**!7KdUxWqGcDLRxdHiAZc_Y981MGuv<~DX+u;w!(&Y
zZHXN$JcV%=pW~|#^_b&DJUtCnn4rs5eD(eLT==8HblYz3Mqz9%^T|$L?WB#lB})9y
zL3epu)9<|V-%Fb{e`OWN-$Cvs-Y3GFXsVu2wY*1b6KpSmn?=!0U|AYMTwlB9fo`#<
zd|wK`$&r?7n^u`-yHuR`m5HBOcQhq_Xi_-(gLnF0qsRHphoW6t=vfe#`?~}*y0yL0
z(<k(Aa%sYMsd6Pgr+VF|;1-v<AQkB-pRLQudJmCwn{VB*ehWE<(R&^xrf2Y*LaUjd
zRKT$P=xKC}l?RMR;iM<mY|~e%E~C^N%_0!y5Ui|Iq7&H)Wd;m0A@>Lc6N7me@QDC6
zVtAsl7#`I$`L6?;11Q_f20Jp^-l*j^RcMyzu-^H*Dl)-to;1#qvxW*WZ2aqtRI%v%
zMr)t>?)Kg}B=2cl6_Tf6c*(IMEhS;3IpU(GJS#K7yR5$3W};JkLuk){(!25PtcBz^
zLA}fho|+_6w6LQWjj~}flDE+%@$C&3b?-!mmcuOzeb3J`|Dd*u{~o@hNO*!I=*DT|
z^Km8eqL5^7Ay8p!o5QUv{4?9lo09Ydf*aO)`!~Oo-A^k2zRK)$FQ-VGtdlK$zQfCr
z3{?Um<kMP5au*E_bn3Tewz~<PJNtf!mGKf0oLnm@A!a&nzB6HwS%0DG;gU2FK`GAN
zl5FQUsd>bSPf@B7S8n=x_*u{n-(#zs%!bIX*skWx2KP*$HVwz|T?k;|kZG|Nu+mHI
zb7zy`m!)ugcr4mDzDRV)Amg^U^5184JyR9TpLu+UzRzbgoQpJRO?Y31dlU~fWoU|M
z6tm+ldO_R!+VBD+CaR=UUv>*qyC90ph{aOjnL;@3bOWO0XeRmD7{qD|nYFFTE&_@*
zQIeqJ8w4WVPZXAG9$H4)YrJh_q2}5a9Oi2#&9%?h&n$!v<hK223_EC#PfhJ1d1oXo
z)s1l_j_xQKE<>uYhTu?xD9tdy`6>H!$_{5<0*=|CmmX=UlD#lXq0e*ye{%<Bgbwpl
zF?<V&44u+a)X)18xSgD#l#4kUomKY~L&fVYi0&iy*=NfN?o_%YHm1gNZ6`h<BDC+}
zlV-;a+szd=!Xl8F5S5oRmT%4GWUfgUWI{Ngo|!iMN<=h$*53E>p0nW*kMbV1c<8G!
z^?E6nz@Sf^tBv1N=7}5c^#qB|B6{aM6dNc}7Mo$B)x=?lFoSqo<DjmXRvRY#jG<?J
z?hT@?4P<w6wAW&P@{|EQBT-8!R*~hIzH0#}%W9~2rpS)*7-uG7r>J(L$n8G+cU`!y
z)TS9m_KL*-S*k>(Ky}M8M3v7P3?prht#+aKR^}9Z?FkO3^VTr0JfBeCoR;<TjzVRv
zb?-7$_}Z(&<zV}0fplEoPho*G+O6UU_kqmHd{Bs^%#PC+82S{3?t9z!nv&Ey(qa`y
zcs}&ueG7~qc~;HnjcqM-6Hk8zl*oN6*nLWXKY>~sRe=bn9KQLpi&DCs6hD){1w6+s
zTr|IUg&ZuVsea9aG}O+lBF(8D0|yAl4dE^5WA%<?<qi&W^LM_e5~YTkpN)(i+!FU(
z2z`2<l&^7OH|Mz9+4V1V;Cfc{dJ^eYjeT@#;%Ii86nq#2>DQr43s0$9TTsn{XRr0>
zIdj@ZzJpCX5o)nak)GrlwY~`<meO>nN?h`RmBACTYJ|HeAJ>>Ze1U~0N=$;Xuh@8a
z`%zw>jJzFoiv>y~;y4*&smd`ne~HFtY2zdw*J9nb`iZ`u`UaBFi1u8vd~!%l+^jTE
zqrNu<o0t+91%*8MOvvd;dHli`-?nV?CIbyBZJfW50Y}riGyY;CoVk_Klh4JUvW}b(
zs0Ht9esLbnKZ|}Bxr1gf%*^7{FZ6J88ExgWC4FG9pkX7XG;|o@gYAb!?D-0Nv1tY9
zL)%PC=z*jwGp1>;aS{!txv-S@MWMnr@7H};)v3WbMklfLs~8M3RT6ZWK<jDNj#cR6
zbI`rbFpW}7GWJ>hp62I(W!8yDhn96|=37DECetNP8J-PMy^Dl%nEe)`{9-Lvk<ID(
z;=TlilNton+g|F0YPzs|$Bw~+mJJ1To;o4vZE8m3)+Mq>Ulu0v9nPS}W;qWLO%uPp
zB|-i+ciKQE>OFKTSh)ZGfr1}`)~Gkc*fVkmg+-?D&byDWu!NIeqzFf$al<bl`snK+
zAEt<p&%&)^(v-WX-Pz$%#|gL*wQwsXbWL|7`oVxNRH-b~=rcDPgMc>b@SQLmQxW%y
z2l6Ld&9rh$&q}^vhBfHK_M5qfGNf^7*b+1o-%)L3@A0sIl4FIFMsRnHY|AX!wWGyQ
z=7^j>Q8K=g>L9G5vOUYh`lMCm3$J>owKANSEB3rJDoyt-H3kY2GL*8)zz0f78wDP@
zJ9jzK9xZy>C{`(rOUP5ym1YD;1`|~#JPNb23J@B4SrKox2Zby$X-g2b<5j|4V%)%G
z_E6JeNXJ~9H74waW}M|nVJF#c%Fc5aH}zu#-R|+)D?+?qI8px>hg(0PszB#4(|-(P
z0TtiNC>2;I___WC`VaEYf0t`5bZx8*jWrF;Y)ycF>6)FR4*@I?`T+5YDS%e>qlEsG
zh~>v0=xEw#(ivH3{=`AJ0Hw0l1qQf){{%LN&Y`NVuKJ#n<@|{Eu2H&T0v5EGz@!nt
zt_%l&a>~pCaN+{dB`Z*12cNG~(7VvXRi)oQW$|QY1=w(ze+qL^()&xI{8~x7hGKs7
z8vqIkuv&n<Dn_983!tU^1+DzrZ}_*_7;2hnp6?E6T3Z|Ho0)<+m>Em}_F@3r%;fyV
z|NBV)Uv|hq=bS=+U<>E#gFtbS1sLt)1h8>g0AMI~pxFZEM+Tp-XA2iO+V3^*pL|Bw
zY;v&x4L~+v+w_MtKU!{oN19&%e6Lk&zAy(Cpx?v}tb#Ie0<8eBq5ytX;P`*1nE%S@
z^jp&hppyYG?|^@p8NfhyKN0S946U`z?R2d)wG2(bTcy7c%v|^m)~lVxpE5WB<CXL*
zK=X=)5pWV<TA%YRL*NYbXu#)d>EXW-Ie~uSGhfp{E?x;UCxEyG{B9;-*Oe96+hqY}
zG5>-rf7p>_0{UejW?=vFQkoxAv42UL|6lzGu+IW(0t5`~0u0mORnWhnm|xxKk9xud
za`rXq2>=7mXYtLW<3QYZuxfplWfRU^i%PhtQvSO7dOlLfBu=qX)6E55Bv`&!XD6A@
z%z)e$CWiypG;?@t$4=h%O&A`u<NCyt<EFc!Ur(o#)o)X$wuNm!!6(DiAV}ivv+zeO
zFouwUst+56u0yS<p=RLO&I__%o0=kUw3u|53Tba|9K`#8vL8e>jyBI9QAf3XM(z<V
z=p=gR(=dVma6Xm?9%^m7z0UHaQtdUeYY8lEV3~uQ!NcWecl;q=^DWscpmk?XRjj15
z9$S9oEw0%=nA6(f5or=;zjbTA0F9O-F$36y`$Sw*MKQbKY_qi%q|c7EcBb*_Q8l&0
zUdMZC-rhUn=o0zTt}=IIG85jGsi`$cf5ut4Rr<}La|Fo6Hw$ZOs$GxmQ<lPEAAu4*
z<{dTD{aqeA6Mpd;BU1_!i5Gh*w^IAnvY(iCyI^JqiYx!^ieu+8Y{A>)>SHf`x@S;5
z3h6#MLXnj;i0Ze8%Cf#J@aeZ%1h){n!p~B}+PO_iJDzO;JQc9mFuD7&L!jmiF+mB^
z+hMie$|9biZ-B_}R_ch#8p^cCMyZBO$gfCw3EhCHF&OcJ&2z9$??_FP%cZK)A4n!k
z$8$eBwxO9`vpp>yhB94O+p><rGgj|jTJVGRYY39Smz1~}5FE;_j=vG+m={k*ERDQy
zz=16I5ue;n=s2pnJ=0mesH(bc#LwDH+_P8NLI`>^N&^nE@cX6-yFi7HGOxfFo~%mY
zM3?u2I`}(PbkVktR9EP_*6L%2rWx3A&Fr&Fl*X0HvsI{eOq&sd<f)2bA^9D*tTYS!
zGH<oDJ_uqtIF;d1s-APs|GpjfDES2u40}$79C`p_^^5^ZuUFbU0!1iGz-JbT+oF?>
z>V-mulzdEP7^DVWtm&VU1&Ycu-1B@>PM0jrz9@~&DQnv8b;^HbE-KEASDT2|USj2P
zbeXj$pc#Uq2oK1nsdb&gMakym-{#iEB*0QDisVF|b=F8|+Dej{Cy3Ooeu05O#UT(C
zzNiv(w>ySPl~FH7F-7e&y`sNeh0y(KiI*BQvXx>)PjtBBUGei*V3`b(jU`81MdDld
zLgA}B3Zw~VS2pZtyb$DQNUZXrQbWDC+x&n9oYol(5(m|J5+!vznB%ah^4XOo8Aa8$
zUS|hgMO0%r8<9ND{(RdCjDcCD0TKl#K?mc5Ru8(7+?=IYoQG3>y0<;u3{m*!rkwBY
zl6F&C#&VU{keE|p9|btnU`AQ^k0CUEC~%9E*j5Sjce{acqyoJHYoq0f&DriFGo>v)
z#NtU$@mLNj`2HJg(@cVP`vxOB`l^>KO%jM*Av|=8s^JgyC8i%Q@JXul;pcNBTjI13
zyrF|@^27HLUr(Uth(1Nol$f63*zHfe>(eYFlF)BL++_%&rAE<;_3hzvD0tX|Cv6sg
zayaWGaMw#{{0n;NO6+5A?ztcfOf5tPxWodlG53!6qQaY#)jIagBBEk>bIrGtlwVli
z$q9P|tB_Fo!aMPFXeSeHkZU|vUoQrioJr(?=!OIl=Idiw?lp&eM1+9g!^PhCvX0Yd
zFT8~8iG9}1U@T`z?a~ii)onjz-(zuqAKu`&P}JQ9IrTAyxJnzPtS|$cAEfqWV5f)H
zQzUG5mHAFpciCo6{mJlFrd<<+gjmwsCKCV1sh$D9%&8!^DFbe`lKdQ-_Y#smUeHx7
zW_?K#4tyBz`BJBM5J@M~tZF(s(Rg3rv9p^y>9l^W(2Hy#LzR7@B?PCO_4YgDYwn25
z%&54}b+u`e2NC|GNTzEMf+b&PZ}vxS-1R@=@R2Q;?<>`3qmSdWsd<bYgp{^CnqV`R
zty7+<cIV|GwlnbXM7NCJx~Q%;f75`em}xAW^9g<j3glmD&6FuuKsfpA-GtgV;{@+R
z@}$p(#ItQP1n*S<-U&Y3^aCNUI?H{N_yjVYC%u!H4~X<(CYlw?#Vqn*Ak{?(p+&5s
z_2Wf2FuowP+cWvyM`)!FGTp3vGdS$0N0x9{x~xOk)^f_TM%q+hM5-o&XeZ^~)<_X&
z`vzM88jq>oXV?$QoRA%vprHy~AW1qsbSsK!O>`YKgQhZn!NgPIN!z**-h@5C#q*Gt
z_cbcc$9vHO^2`n|ZF6epVtg_`I`B@E^Z>2r@j@(1Si}OTQ7Pv1#nIeF+V?_0k5rom
zj<%e0{hr@3^AHj{{to3xNmVWpvHcK#;QeU{>2~3ank=L8dG{4^Y?7dLX=Jn1%*+Lx
z)Z8UR<1OAY{Gv%5^UT~XShOt<bmdRVor6$?T*kDsds$It9-l;AL&b`+Dz!{ExD^>-
z7LWUdmigil)uNjB=M&+MtWffosw~2u&Fi+nac`xH8J!k%PEk(SLuY_I-JY&HvpJMz
z7_mRp%pNT!%rM=BaM?WM=Qa6QkUx6QQupQ{cF!$kVM#O&S{2(0!*cwU62b-r9a3Ho
zkKw9}teV*GD~YDWp?hqiwl);7mSvusP%w<3WDd0wvd7Odx%(RuT0(oj(t9_UvUnFS
za<{)j4I;ngp%pIodbF<91HZco`J3cC{6PCd5lVj-xK?$SFU(vj`D6071E%&|H_!)s
z?L$^+Q`}R=K1%P9e4G^`^j~F{@)w5ve6pLw(R!mng9V@HH5Sol@<2zAMQhgS*ga))
z0VzanL=WgsBN6-VUFFi`pz16>xpy4FL{xCDeMB?Om9%9XS-Z3bSnUsvcNAI8o9-pl
zb~D#LeHU1PeX7Q_y_bw}o7X7Z%g16gFknRat^eC-k<g-<t^fy&-GKce^pwyQE!b~w
zD&C}FrtPzOF+$|M=2A*73`7)=&gTJ18SO`h*LX2d9u2t5)ayCS#Z~Ad6v*~IIC$|;
zmlt+wnf9PJu>y08WU?TVp|`>jraJGo$`e8d-o!^QNl<jO+D)WhSby;85J;XzOKVz}
zOI7BeozT<MOA;L~uEv%?u*#C8>4WFLxk&g<;TV4Nj?Hr6NL0g^;sHUyj>=PG^){rB
zc`5r%g=`3l#$ACU?VX6*(-5r!3<#K?d8=TL)3dBm=)?CrNROYbm!5UV7;8*vyr?UY
zu=&&@W`rx9IA$!Pkl+0dZ~As{G=(KhiF_v_+4JOe%CnEXD>G+Oi?9})l%8h%Swe$3
zv9<#$TZ70QXZ+YC8_kO<l|tEpVN&He{ca)EnW5Egh>y9qL}}dF_WQS?vL>O7?aQJT
zdINLz94nl>Pwi-YW8S|DeUvQ1q{rZt=1F{qKb|ihi)A~X0ea_&FzbZ73HO(3-;oeT
zdX0|RFQcSW!Ev{lwDn~s(6RL*Wi#oGKM_Fpt$dT1rH&s?p>Nk_Vk;<t@ZEhKWlWlJ
z$b4%(Fi5jXAgt-m>We3B&36)KqR*y>ULR^t;M3Oj%A07kD=+(~Guru<#FMg=#w#D$
zE&EUqazA*3tUk}{T;cesxeQW)e-!l-mvE5p#2P{}q=OLlv7@wic<G1L07n0MEQ*k+
zUB=BOYfH-$Su^-%cEhE|n37)QX-wO~A2@8AZsPg3oaR~GU;(xoJ=LAoJ*vmvSwe0P
zJ+l{@eZfgpt@VkW>b1B_XY`gI8HbIZa*UI<5@?PW>+u=GmgH<$&^o(A3pHdYhH#kU
z2a)>sEYEKqzY3qAKZRq4rA@h_ss$8Hel{*IDT+at9L1nZlH!XD9B4qE=f1$t^Q;s6
z^RiKS$;<+}B%%RbGSU2ORD#Z#kS|jB|HY-VAGF5jD*0EZ62RE}*IY8_C#x(IJIhb1
z8F2RW&rICUs>sD)vb7EUFNjJYU<#L$ll{uE(m&-+1=l>-0E8<x0B)EK0K8%ar;otv
zV>=&!yk=^DF8WpVuXEa<Kd8X4f`IxLFu3_snoAg;za-6{4*OlAl>>Prpcy9c2|()x
zL;@eLm+N1ww*FoW`pGr~&h>x3?5m)Ye$+ew3f-%~{r_G1ILGh58mt}k3uVIfYCb?M
zlml!NY(RMf3?;+J0n|!?+9*3vasbZPQo#i~?C+56p#R`jx<*0roVXeoLH{AmkK)T;
zlIFkFB(=?Tbm{fY&Gk)m&*980E=o^8b<);KSLf=w(l79D*HknMfItt_eSz}txuStD
zB?mD4!3q!?UtiJxt?+oxqVNY_LMA5QH3PQtLmF@$g%xlSe@B}CV3GJyK)HaRyG8-!
z=7`xS+pcS^=en?FGTWyh5eYiau~geqWoQW_>0Uoc83T&0;8Fs^q#&ZTq_c717tBc%
z9m}iqg%a*$8P@!M^9?R4G9r^}uMZK(eP5nTzv4`$*6>HNo<$Pj{peCGrni#(R8Seo
z?rD7(tY<UoNg*{Z^oi-l)NL0@j2qs5FgIT<hp*xCD<2QwZ8jf_U|MvXGGJ2Q<jS*g
z(_Ck$iv#F`UBZw*D1~yz?WGY3=XOtuY$?36(l*@6g6Vyj6LuOm;I(apUPct+`z(}G
zaHP5O+w|e<FlxchM<nw%{ICcM#ZNR1D#S>-?pE#lM?QZxdXH-StbsDd;qeCFU93cd
zgdn^mh@+3Uy?X?*JZY3kI+7weq&}1A#&#IlhIWnXG@I*3QTvg&`p0bMW)x~waXnK@
z7-%jVhGa7&(CXq)YXAKH`5-B33}imsTSqeZ29)h(NVNpodJFfiWi@30F`@QryW1;$
z+uKOWJ5=pblph98_(nb^;BL5<hQwqSJ2X40^C`8(^d%AQbtW@uWg{c;5+Wix9ob|m
zknyt@*-d(Ta^nklaZ{#8b!&7<xM$$qPlW#((UACZPx<SYEl3Aa0r&+Btg}Q2;#m|L
z?3cpsj}!)^(-}DCM#GYN_EO6u@dCFwU%Hdjg?sNO3P<s{JqV|6f*|toSmVFbMmFBz
zbUzmd3X4ma(Kyw<S^qYrAwmQz%57c7b`i+zlw7m6w0#R_<M*C5FDt6Uf?!WvjtHbW
zR%O)mw`Z&lh!;nAj1h3TbQ)z3ph#rNu!Gxgn|G#G84%W5*sf@~dVCrmr72R)DmNiE
zbszk~Mf<Y)k**QZYtd5!Q*C2c|18QN>t%|&vZ|3><0Mu`b^D*b-|w(wXb{@>PEUwU
z2e@<|XR$r^T$56;GU1fU*AQSNMZKj`PSWC!{yJDhWNhc|bgm)l4*TGsEWb}ZybaP<
zEb}70!CcEHt9cn3GQ*x2l==1E>2j!?rb06__`_-FZy@MMwJ3Y`@l9mJ$rRJ;lDwk5
zhDBlYo-SYylO5pG>5e6kWPT?OM0FxDFG}hhmBztATnx5qt`A~~i_$Gx{@78#fdf_Z
zwN<%yZPO~|&PnO$_Htu@{c}6yM6*|Vwok@8Y1H*Oy-Q%^m5;g54HI+d+MLjA7YZlL
zJKpD*PG%d-mJ&$xx(6(o)47!-(;T_zVC9syCQfjxh?w7RyWv*}YlgzRlwg%j$6HzH
zC&7p6*im1G{IZ$=FIC5B+p<kIOz;V;(v%pg2+kJzCK?)=15qcBX^<&iPq2&=%9($;
z@0U~$TBjY-LB*2n)glq~5Et8&!q(UG<(zW+w?k+0*OJC(XYLl$$D@b2qV<`!+}DeS
z5daW4NRwE~1D7jVJ(4A6zg7ljwFcCX6JidG_|$sIh4F!k(TF#BY!99?;R|QY`j+Wd
zeA3mQZ!Do39deHq8B$cnhUagL=;54U+)P087+sI}t~{0(hS!8&@qG}1rFccX%VBbN
z&g|=&qy`5hDg1q{^oM9Bq)vsOlJAz<#;}(p3kdQ1C&swP8uU$CQ7ucsw<M<Vr@|I3
zM%_B-F`u26UF?J7qFdZyq+2X{9NFXN8p(LihAzI4Z6LdK$=)`Gb+d57p04bUqH#Te
z_Hqb4Yh=It0oof5F7o?}JsMfotgZ>=i}&d2cN1z<-trVx?$0S95n7{qIVv>UP>?_S
ze3V5)jathi2lcwkaD~f{#^RaYU8kY;X@xJks&@)cb6=KWwvae7$Wn_ko!~&<O|X2f
zHqjxXXOTUZ^qjM;F^8g-#;=J{uuN~7D@1((W*9PHx~lZ+T_y+GTlfvAmPJ_uhw{p&
zE=Q@is%!7-KYy&YfV3$ecOqM>p}(pe4AWyky>qaESTFiozR0`QL>I+X;3PL7ru39J
zw`|%XppXDU0N{C;F9_E{lS>Njt$)uB5jfPI%^W%JtzE9#V+;3U<g}xIjZKQ7+Bn8O
zCQ4WJz3n_wn8Vo@yjUSo*;@4bX79yR`V}fRJx2QU^Rp+HqK?YKWi#(7#~mFW^}?Xu
zvYZR~9u~iBkKSTvw;J$D^z1!*Jx9^_tQ+H|XJgD$XyMLJ6)f<6Mz_K;$<f*%k80tt
zURdQraR%SFO!;KJdG<-)K>fMA$Hs$CuW7g<x*v(yXeM;kG6caoRULY>W1*5hHt%`=
z((-l~HDaSCZCLMP2-kqB?}E=+3WMy<vN-ZmR?ckS@YzXff7@Zt9FW#n_o?56)Zh7Z
z+QZYuKjBbo&(ylOs8_4MC**ruoY|WgD?57SYcE=3?s5k4I2F24;O(IDj93A=UI1l+
z_}-3@om8m10QQX=(@AX9F|~`-E>!{irTMuV(cbv0ka9RJgvG2Wxq0j<@~=C1UWqd6
zzzTEuTQFEdsj$n(n%bj8%=wi+U_kMx{`z{w&c6St9j}*Yi$&W*;o4CSbpivHmsYA7
z#R&MBn{Qeq7`UM(Kihr9v4To@>;GBGp22A>jK*o=<`+_BXuYxK=(-#1WkxhBiP_9E
zbi&VP-oGoBPg%*{ThfbTQw|&daHC6%i~@E-5j0!;%p7JUFp}D^^sD%t;Kp0Aq3MhI
z1ULh%9Nf~qD&*X_y{R;N;w|l{M2|M)CZG;*j)L#sz?yECLqXK)!q;S6uF6`w+ujv1
zNk26%VNfa?7dX+;{Yf%+N7OsRX)#!7pGtO~)X?puI$}`_8cxHf2dTLoNP4{*NNmhH
zYF+ykz81<MRu5W!e(newx*>u?h2pUCZ6@cVqHu%V9X{UF5r{)gSBv+V+YlnWH^T%8
zxdK-=hIWhZBC)?yp+>fjOcv`@OG@lAqhyRmNp9*Tf;U+4>xv8Dtmo`U#t(tSJjMg<
zmAaS{lVHzEHX(H1@~b=Jnyx%MJuuvWV>BhWeMM4yPL~RfwSZ~fO9oYd$mKi(1YL5D
zUWDO55_}#2gMVJ&`G79juKr1W&zV^NpGkf%nPN#v8UC3hxddSTbxijsJTnupxCGW9
z_yGZU-0LR4m#euP09gkoi1o@G_?#u`4+7rH-Zl_yGXaGO;JwfTnr8tBjljoiB{`SS
z(!b|<0ME)lN&PjF91wT_1OP0)l!X}tBmh94{qM-~-%_04`t0E0n|}svuGaCdo0`{o
zu=8B{93Ti#F_=~95~=9A8vbwD%{g-SpS)~<ZHx&Rq`wq}8Q5M00W%)ws7e2~vRt3D
z%D_-d*9w?p()~Z_`A^xaz{}7~037*`#{+iq*nuASpFG}wW3U3sPJd?1%)pW)6Hptv
zl;y`vz~7POSBG(J`vVFWEI{D`coLwHLCOJU*t+IB|L;oqQ3m~W!QcWi{{NiMjuEI?
zkCtwLA*%dBd3j|a1Tl4<l*to}JZ>q#S!8ncXCexOTU6R=W9EOK9(TI83Q3AUTwgTm
zr;}RPIt+swbkYL3orZOv`q(kxgUIwN6Z_5fU=X=W!)<2l``$3|Brl0T7UGES3n4!E
zO-4~dYCJr3dlE0RxjQ@mOv6f;`kn(vqTl!a>8w{IIVYCBr*lU@N;`K(kC}knLEFK=
zcZ?Hn)uls@ykOH}HOj~rnu$_D?1fRoE``(5H&=!$;-x}z;`|tmD^qaHj)maVE=JbM
ze)H4e?DivZ{5#7dpe`6c42E5-<BfJFF*moa{h()Uhexjlm*4C?*M9Y>+TR(igM#AC
z0%ntUGw~j0I;Meq8xlI_F8*=&yrOAbl>Mv3+^)d^QMxsTK5ou8j;!^wd8ToCE7DQ(
z6Fll2(@q`bk)LX5ZY_?r?{dE}({UA8|E{L)=E8Qf(yid_%kP4L!Y}hmZkwQ-G-<mD
z+(i*i)*5ChG@G!831pRTYxkg1Pcosv{4~XH{Wjc5s8<FH>$zHIYTRehk4P`*cW*x`
zTQdvfxxFV}ONOSZtlpkY!%qFtZ{*=uIkmX<x$MX&%viFuZ*wGcGBxeXsiH|+u)5t@
zxfQTGXS@?K`@{7~gQtB%@!L|Qd2MQL44p-}W8_#ii1@IluCns{YPF38{Cr29#CFcj
zr#-W0FY}J|%^uz%ya!V{*L!Bn0wN&f820|WEUl)(^3X21W=ugEfulvpA2UB$dZyW5
z+l^)CyHFE|p7e%$*IMUmgbF;0z-sD1Xvf^7?gkM0L<(0!HY1OD>f`-dC$#up&3)5x
zoq?L{&oM&u-sDK$Qtuft{OTQoZk*hCAs!}1jx;08|7KryckQ(o(R@LQ&Ku}g2&Bkw
z^<nO*4YQ<9Vy>&U?c?c<$kEu7C4cX6k(S6C7yV%F^g6#)Hjs5|Y*ANnS@1SH(z~ix
zt(MWZ9U)E>F=c5!`mSZ+ntl@&r0O0q9ad@MuteHK7Jtke%&61K@k;)d@gsRO3x+2)
z)R+&W@x&1NW%#02>K+F<9boK4`@h0J^t$;<(ASs*HIW#k-bLmb2N{!N>;Gxx201H~
z)z-cvFBJc}0fZLJz1U7AlE?IuiLF8}ngX;FQ>0&%I?8iFQUq&+h+}?X=XDe=EsTVF
z52?cLk;b>JxWzg<4`tQn`c6w$Tus$v#BRdH*2yVK+pvAa)P6>HU{%h}zHs!N5I02A
z)QyMY(9~^pOnMFVTT#NB?%e6s<KaE!LeglZNhVs-503G(+b|JbUvfV578~zSa6CeW
zbmh1as*9Oc;Ahl?VCMdmFJdw@3RIqjhU>+$*wrv>loxv2OQGyGata^AYm(N2;?dwX
zJr27~a&r<zq+5C;G~M@H23c49$A*{}TN<n$M)qqd&K4Hq&xVL92ylkqQmq*`YS3kc
zAIumqvTh;w3wL~>#YujjAp|+}rr)NON2#NUN`-3fO?0ArnBfo5p{+CS84hFQc1Y&l
zD=wWaR}0r>iEqKnX-q`H#CS9fZ#4BZiNvi^g~6yXkx_)qOGEl8TWPT&UuauS4g`G7
zEf7|K)l7)?yetk8JKQRX2@kAR#I~iE42d0ljBsmR<GKO6Pl~QGN;DC(e~iDN1tvMi
zI>dl}!m<bKlbZ0`RnkN(ud+NO(+E932glOffaElRh>spl7@pb0zJt9~zA#MO6tbma
zrf>pL`i6H@Tyk6Ujo#;N1C`Dj)zVw!15|JD(U?HQDh+%wa~@(-@BxWP0YXv7!nA`$
z*}fsp5GpB}+0-U0zQkklB2#R{>+oGo)E3{DcU<@)tc;-j2Brw3b79#%640sD)G*O)
zBpiJ^W)iUy(V5w9ptP~FNz6VPcpbBh7c|UxBRC<xrw$MGKD1XR6fI5IJ&BnaL*nTp
zkv2lf{4MXITQPm#8YuV6JILUabfet*trm>o)fwAbDtlZ?hFY35Zj<pClu#$TaXi>r
zl6IJF40tA|tYVUtdP0*5;`Ny{l>Y4M_SVeK(a}j&{`1ktcOP0zHlc9SiRW-w3<W<p
z^C02V+#ArdqBae+(Xdc$^}{eoA`H^huI2h}>CTu)jN%c#H`vY~7x9=c^H3SZ5!*Q&
zJ>vey0@m?n+?^SaA1YSxZINlEphF^KeMnzv))#z&{ejHs<~>xN&mmp>m@C*5GEt3W
z<e^dCdf)0r=`YJBf|bO|eevzRBxE_xWYyz3!k3mEV!qvZ?+NqKs5h*Pydj;QZm}`y
zJD)VrrKZHwrxAQ<|E#@WVqVt;YoItV^AdU4z!h!2{e(kFQH@&*O<vJt4u)Q4kVjQz
zVOk)ca$+T@wYIAs;(<YEm$p2^F0aAZ)DkfT>i7+m#HAC`5z`VfrQ<G}DEs%v2NJW7
zT_{6+9;$fiV|MKB?!1lmnnK9oiV$RgC;eu429NGMySX#)_UUB3i&+1n+nY$4`dZaI
z21!ev;c__0L%C|^rv6zzC))SK%XyD2Qd|jr*$!6dMkD2Dlf;PoEER0m2t=gYh|rfF
zCKJbQqxt6E6u?pTHI#o&h%r`#PmW_vpw8Dgwb~?-Q1m=EvG7s1NK95MpD{?PhQgb;
zUb@_CtFHC^N4YLXoR-0F=nat2widEUbU~Ot>hP>Fh)Y&8MvjW4Va+!VCNc|Q%xidR
zsl1HU@r4Yml-Tt><5cmTP7A0|eJfylKSg`hAFRwn*XcLmM~Z1~@*|=jYQJNhw}{lW
zGXI!Q2)i$b!zgJ;Pbdj{_mEM>-|T(b^e1OxdLEOym(-TZ<!EZn?+rhf8pC2w#6*hD
zIW!{)&N7C^-z$_B+jsh!%2PLQFp29!Z~gSWZA{j<nl)2FDdE@sXmlt)_bMUz4-7^M
zH)f<U&<R&9+e)ETvp8EHR<XaEm3T=QUh5n9MXTBQrZ+KF_n<s0`C8wh(swO2v^uET
zHI3{NreM<2`?LP)(WtQ?|434+brz>ZID}8x4EC_Dd3i4gDm?o}N9TsNi4D`SvX(fC
z*YCR>W@?2WJ>?6It`#&YA6rs=-_mzdo7-o?9XeEWvQyrgjl#%EI5C${U@0eG@==i?
zrqJZ0{F4x#Hm7LTC=+OF<gXzG@A<27Njc(;vfSE6-(V0@DCE0*pVAAec@#E=?7Z5C
z`8LgRx>se?OR<No-AOlKQHHQGG-LWuS0N?Pu||IVtJ|~LH!mk{!FH#$mJ!DiPB<-4
znnq+36j6RBlI-mhH+KtJ+_Dp(TI~@&fREgVg$PFa%7W^1FoiMHVWR431jE93l=*mV
zg!UzFPn)g1DzKlatI}vP9G*SABH-pOvz_SLyEN^ZZ!9xFc=#Y#@t&bF*}I++9}Esi
z5~Z2b+cwh})E>&ctc^QkW3hr6Eo(O<Fqy0^m1CX;3>3)@DwNP?JCQQD>#L?w&I}AG
zxV~dV%6w6*Xn|i5%~uxM9e^kaC(atnYh`E2SErWjC919Hd`wY7a5ExVGMRJi30G`P
z6I`T$&cn(YCvk(smKWw}VfFDdTUFA$T~h=LLA4`wyfCB5nuD#GMfrYmsx1k_7O)jX
z7^dW2CJDAfDh|5RQY76^J0JP(ZTI-i$y9fKB$j^{t?)&l^z~OU=k6|Cm%W92sJ%41
z{nP31?lg!k=4i}TIwXiYiQm?_{r!2~O&5htZrRRdOioSJS4rp=EOv13+?;)PwEfK>
z_NzUL{D;J;Euwq#&jcZ>jq2mRB&Oaeb6mptqEEAYq&$7l;P<5~<=FlpBzuEyUjxSt
z0s~uWni2Iwo6eH!TVcn^7ur>KVoaSu>RiW2_oEq=S<E0+kCX}%ZokRlDmHCs{qp?2
zWcI>p=aU)bGv=k%S7(sip91BssLPy_K7q4Dpe}PsA`Lpv&4K#MB^nXvk^>5KNdk3|
z?g0P)5<KRgy39GB)J4kq|G-efCEwM5)MbFC?!Si;&QlifLjnA&|Ey16MJ{{J;)2K^
zOUfW-E@zI&AVR7Ny1=v{Wl&O9AqB{n7|&T|Sb$#xZ2y?3fw7%`RC><&v;LK@U+WWr
z`q(+{^6#Jc>)^z-Q$aQWuZj~8kO@Ha0Rg>Npr?O+zE-{Gk_+tjde5KIv$6t}5Efuh
z<%cw^K>B`u{yWnAVZwe<2xDUbK(7GgaWK{q2!I6yz^?y5GZ)3oD>U<m2|Ft@z~Td-
zg|o2$^u*vH1Ykhr{QP&M`88|5w3#cc@cdzZv1&FZpjrf|<~JMs1%v(C9e+k(mIQdF
zb4{}WRX<?p2H4>MKkKz@@Pgg;iouHiU}d|;_W`VFV4&z6S@4IZ&(D8HnqRAq*Vi;F
zu$Ko+K>V)gKdn20jTwL~1U?N=G%(gc&jQrj*?<v;>nr-dl^*|;5)S-j=KzB!0!W1y
ziU!6!&OsIbhBR04!d+p~7nmTw*fbLu-3^f9H&vhWq5aEKo0*y00IuIw%f`_{7XZ`%
z_VN%Jo&dyNq^dyS{9M(*kPuka%!~m48BloymMO2V>Pr%Y-@V5l^TC1rDlmG)#t5wP
zoqG?!uY%8iN17{q*%hijpSJ?Iv3_2PK&uDf-n+u80e$^ho8Vm4tmi!CfK>xCdmI2`
z1REF^@4D{el40TsRsZ3#71(`%fKLOjsa~iW3|RWtq`9Jja+Rw8?WtJ-PYqQ0e>dtY
z+|mDN)aQK*@ZKx<*_hbDqfp@O;6Jz$0f^G8@&14>-5<Smu>Syl_oXc0P~ophazzMr
z9W65fP?bOc^}CvXGI;#aE+Z>AbOhgrz)!#}0gw6z_u(at$nOUI3$pRG?&kCR5V#~*
zftUTmpqaquzaz~RG1+xg4c=m80fvcxv*<tNFS&5j=lAQmn+9NpfsP|9+aKIPK-1)E
zi~fl=ea+W?9{vIu0V}{!dZB8-O@q&WN17`<*%hijkKKNC)64*YB$!w7cU52EjQ&UG
zap9%`uYZ0c0$ak&EWkQBu-FZL*lR_3muTHrSoI$|vU61f@0sP73lTW}9a*k$WLGHq
z{EPUjqQT!VX2AG<SM(MB=o*R!{NuTz0bp2gIL!*E|N4qPzd?Qvr<wi(F#KBKG!V=K
zZy6vX{bADJ<KL0x3IN~hC>k7i01^Jb^$Y|Ke|7_1`VOXx1d)ji&^J&WVFl8d>*^U8
zXTREaF#RbcIoP1tff*X`P5(pD=jXp8%@q;ZRhm8@@c$*mV?U1<epmDruIL&D4Xi_e
z4f;ob#|nJ-^%Z?l<N3{VF#Rd=_|E_j7)H5J^hJR8m!!GEk6lO6;6)WCVCLv|RbSzZ
z{zp}xzcCg7(E|K%OaQz-Con(33ZyaDSM`6%5W%Y~e;na)fB_~hr2)ry;Pc;+<|-ia
z>!=z8j2|%qyG_5T`W$!iPcp;{RdZb2hd=5|09)DhRecG0`MXvBDWo{qs=@Un7LFem
z;zfPwFG+K~3=wn=4fP*aBA^UlEADqyU*V7bN2@*$Jy-y`fb)PF_*4*pfx*IY{TmU$
z_5UxP`W#O54_-U?egN3%fHAfoSK{UQ??`h+P<Dk?U!iJdz?%Z=Ouy^;3YT;ZT>~ZC
z^XLPpF#$It@U(w$D_-K6USZaM=*?Kc^dP`5XZz<;1Rwv7ELV85YiXJZ2=7?|Q~yoV
zKVikLnJ-+#A1pu#`21P~+zBv53Owu|T#J|BX1{CtmsQhirip+QKv2a3Y)byP7SGRr
zN17`lv#WG{F7<ynkpHi`Cy&Q6Yx|w0nzWZlD@7>Fvo9rvvSsZ-s4%h=g;A6eW@=g_
zTL~#zc!-qHZhNOJZCaEhVPaJFBqZB+o%?<sdG6c1!~4x2-`B67+qs<koa<cYTF-sX
zbzqMh9kv{kX+4Ze8Ua_sA~43)XrCl3Im7Dd$dxsgA8wd)p(x?nDD5Hy3g8Ga(0Nd>
z(#S4i<$ng7VVtw!XpQa19!hH#4bor%I%HZ8qmxEJYgm=W_?pR4;lL_Bg!`kQH5$aQ
zv>v54LmGq)TRj;xp<xu1{~2tC(Ptx~H4XM`!quz8(0UlHGy+<~LNLbHu=)*`rZOO;
z8L_*E<&_(b)T2$RhDeQ;&lpspVHA}A8Ei%tEW(y^#5qG^7zU_oHf((-u{CyVe-wsa
zpsrzA8fR-zCCIsjsAj~p{;O<hw9#fuL$v0ALSj(9T1Kq=&tNl*LK}{)NwlV+i)4oR
z&_%;iA&i>VXv;Om*5Gn6VXUJtjDj2tWW$JMFc<|U7*{hP-<r@a0#pBExD2DrMnq>S
z9AZXkC&)ZKj6(W*^+AWVV2r2Hrx$Sc=n&J4oTvXPTog$GF`}g=aHN6KY@t=ei~k5N
zqfI0+cry~Xnr!&;CA=945gwICvf7F7A{k~4Ztz&u2>nFC%}4@N@HDFb3?jq0W&e>|
zu!xrmE+L|U@Ma_y=-2->Nrt*}f^+mVJlVqEpF1e1wDFj8?|5OGZ-AKlF9pl~eZb7(
z-KmsizU*UBmEZqByEp5u_R$HiR#s>^>W4dW+ncW&n@!i=Veodr1V{Qesfls!xxKQ7
z-+6hLYS`9U%pT}l*zaPywpBgnOHrTOuG0If8~TjaT3VMCtUbN9%dVn9jc1apFvTu7
zV8_|Ef}+yXb~f3oFAVs1MCAp0^xs(Ra8Na^r0q>&Y=BQkk$l&JYW;zaJpo^Skc}FM
z(w!P=&pWZ<{^x-8CY*8A6r+RHyT0x6>FIw_KiO$##SN#O)omBsdn~{7S66;l?swBy
zJuBd}-+Y$=M#;xUpMi-3-aF&gF0l3MdRxlQOSdq-z;5l*cvt+wv*MOy=)m#PlO`AP
zvL9&-R5TQ~+V*`ZJ~Cj}8&f>1Hh014;M9*lH7oM>d`Ku+{pFQKAv>lu?&-<miuUG)
zk9`eMQIgjyf+|i{(l_{MUrBSd?OIo~CbOxtzvbh{&bOVrw_p9z-5{wPI<9Yb=D^3t
z71w)$J<={cdR*n^{#Zq|lkLyV>bp_><xRtvrkXqc>vx9MwM~oQmE8>1O)GyJ>XcW#
zm2GDbYPr%cx8e&&c?^FNf4Tk^9T)9-osvk?b*8t@F)~u`W-NSgSZPki*1H)p4?>id
zXEfc-SY)6Z8KM+xwR&OX(L;RMjfy9%Rxge`8pwCtsJP#1wM-;0j4y4V8M#+!ruC8x
zbI0VnC1HFSgO!mpt=BqQhdZr|oMg>%EDv+ijhtt_!?FHuNjQIofl)qhM*8zrO3Y~n
z#rfOzoYQgHn7rT0RVH$su(dIwtu0#f@w3v}+2_Z2XE$y!FN|}{UGJ~pU!m2uyo&G3
z>{{IIQm@vcC~uQ9U+&YLC_82TcJYk3q7^$&FX(FH=!UKcUAE&l-jWrMyO#O;eLU}=
z|H|~%u}|<^x8_zj_WXMaM6OaYSQsfc?ZMH&I-fFKmyOo6bfx`Pky=XF@W)t-VZ-Nz
z^B2PK4=5=s9qV%5p>@kSVr_)GY~}RT6INSB>^RzjXdli;bTw9zn`WS&&zqh;SM%tj
zd>$=5!cd7n)j%<yCzc`ZsCXBnt#;&LpzZ7ohNBBUK}*q0$vij!GleDyW@?`GvJ5ZB
z`k_SS(bJzBDqWpwpq$T}kp6tH62ea$re_epN!B5cI~N!GWk)3Kgrt+puBxX@it4s~
zyi<9-b@1bBy7e7is<mCImuv^#xcmC;yw>+oD~VSYzt`BMw?1w`<Gpa_ocq^WcpJ}z
zKkPc$HDiWgeDhCl(!;3xS#4#>;gY{YIYV}%_4IV5K&wbYC4<G0ax)(A4mm02)5ba<
zWe91o&;Ze3k|+%@COsfvQXvgCO4U;JW2_2&48tDf(+VAqGSZK<MN8Wpayn8Z>mo|g
zB^X6Z!kn}*UIi8v@M<{5t2jjm+mJO<a!^~WKjXoy(D5bvQ4dFTBG0$R|MmYFvBfcR
z{P2abx8J*k9H#KwB<R&?+0QGEbOqn}^t|HJjgroelc5!Tg{|zJ6+wM(OY4$4G&Ev0
zsypTed}Dsn*MyZ9)#vH#7T31uU9B9&rM>d4k&Jx(XS08m94LuRs5SXUZ|Q1wm`YpH
zzY@mq1D*8qGaNCVJc03~Or$_AhcG6R%L7Un|Bxgd<WiI;ffwOc=zGA6=@D8OTjKnv
ziSeV5dVCpB8Dx%Jj`;CzNg#jm#^gXN*M*TWfqdtU$tSE_7e}r;#FyBZjPoP#IFc9P
z{HE@@xJ*4r|I!)e^s>s%gIj#x`JIfqrN(t_+;_teC}D3izd|i5xZ16S)pPOs$&<~Y
zJ;evh&nE`k+1h4n^nB>v9TVD6u5P-ao1w0k7*Q!Pzo`G`%-hNrFTVE)-(!D$*9mzA
zn>DZWclZ7gcIB*>eElr>@xY|P2?C`j<R^jBD`c9&yw}cFIJ!8}bCNjB{*AF>2@}$f
zY&oMh8<QtYM!(|EKq^m!pLRHwBYqOd=tilsAH#tsx19NL8EWisLZH)z@3c$uX_tOo
zNZ?Og;%UzAOSpWMg!3_p?z81~t=5h@d|PtMUC!fOQ_CuyOsV`==96-l5A12@DROMi
zi67HkUp(QU@3zbF2V<Sonk204cF!$RHJ&dg9~ioNM#27qr9sONhq}%v2rgKDSl4b}
z{s~v7l;C7m;;U#^hm_dl9f_|_q|hxkrG%I}+z>mwsC3rly)}Bw1F2^?ykO0xvbJHa
z6W42cCN43wh)$tc*r(h#Kc2kAjG5?aSgLh3QR(LC>1lz2Zm!?1DXf`S;Op$^<eAuD
zSc)3fO`)C{QxNVt(M6{1h`EF51k}X~)Wz6qXE<gv@rG#@PS9|0@@%Z(tF+Sl=1a}o
z46jm43(c3CH5*=~mp(F&O<rc^oiKZmt?At4!f46qkM)>3IS5TpRfOh|Jzvp8tqr0X
z?K;u<eT%L3npVoC;QKa(eM&DlJLa}#-3*_s)uUZnxZcAyr{BJ(rM;uP*`#MZ+~##E
zr^3U(r@OPZv!>Jk;x+3BcgiG+%6O73TLU7jv(6sbY@i>ntybYt6-$w5RhYjhLw|#H
z_F12a_ZNHGx81J^skv>wKUvJoA~D6#;zSD7!Xc#)2DdhG-4Nn$5+#0;;(EQg$;QX7
z{o<pO^6ZMTY>0VM;QAl4rAu8JB&Kgl5owV&Y>R~HOyb(07Bg>!ad@$By=6QTmK8UB
zTQervczagZAmu3-<&O&}&(!g_nRF^BZ1Rs2t5aNh)86i{Y*5L`{#eEE{HWP$KfQ5!
z)NDV$>5Xljyp2BV%C7x<S^nU%mL2(XieI*#m=|gnGuMM5+oCWZe!44Ftx>DmtcOu1
z`{~QR&==!fH0uwS7?-py{tnk@^TsC3<j>K!6bcdMH>||`hH_jxAy34(*fnf%q}hcp
zpS<7^KRY3??s?)^myKLzvgV*r;!5R!z-S1BQlvehP^O>S{Z!gWDarU#eZ8Slk~%|g
z#)ISue!Fi?eULnEQi-U}GY1=t{2Ni72c`&FVWG~ed+v&%6QdbpW$fmRkUiG@$x9~E
zEJ!LLT&|%<;jjN2K06p%a%sKg^Z3}eQ_4DDhdgFS)@J;)K2B3@aa*~GGSjW;;L}PE
z4Jn=LS#{49`ChTLHSaRKx_aV^R~KKCxRBNH_FYeL<L~)3w`-0U%qu98pDNClXkFx<
zRkzIKQ0M{!aZ3pgg{tX66M`%yc8a&|2SqR_@Vq7BAfL)JK_;W4#Xw38jkJM53jZ`$
zc!Y5<CY~o!ka!{vo^5u~a5&)v^?`{eFWBV*63%=J**Iv-W<QAe;xsMKgxSw5&knNO
zP+_0#aJJCyOGE{)xos<xZRBL3Tl|V=^Rl%r=Bhe<-nPR9S9PZCZts4!lE19-lWC#x
z9JBJ>8cRQV-MMaQ`EFd)ZspR{wp~9~DAcu=^tDc5E$!XvCb3=n`nAi|*~U!@^PgEB
zy^-NFr%kg_-#D;nVx+8!lCAaYHEPc3vYrlYAvM%+xxl4CNc{=$@76;2?~y_HKa@mj
z>g@zgz`uR}f2XX_d%WOoEj=|LvFi6g;)jx2h{Stj21$%52_cDfVxtSw{y2X|?;B=m
zphJ@ERh6bP+te97ZC)~2ilMr7PuHdew0D02)wDa{&hO<9`icXT`7PH&=2tPYQj#id
z9=5jTet6ydr7@_Y@pR|OYP&d_*XnjZhvXfUD{IU4t`Ah}`DNqXq*cL|4zBg({_V?>
z<9!||T~ewt&6bytlt@!*QE1r@90FRpKM-l@Uyg!8qJA%qbojS&ZF|ifW+@z|gCRf~
zX^E(gTZ;2Xq4^wKc|XFGx4;g>grzJ_NEx5(s+AHGp5mO4B9-i_nX)b{MPgXv65a55
zdsv;lQRK4+zbRZ;?cEv|+1aQXY2mNt{VVW^;i`V0OK#WOdWtJMH|BL;XfExnDQYgr
z%4{yqJZ_TuV|astQi0c-+)mw-$2Zolm3o})YV*>gQ;HjTPFkR()5XUG&I#Hn9?Dk$
zEp-YMHpv<V^A!q{icU#Zo4mC-EEF*ZMX~81VhZyO)`Z>2;Fx*iwr)|W3;aPh<rz<0
zIxf873bZ~1Br6ms!EECuVNjq%2zC``$a%@e&;uy%$aDV!+nEGtf<8A`^NWur>V()L
zE}}XH*}=Q34CE*6d;crrVpgN+rmUQo-<B&s`oORqPz|boG-YSa##`;6t55AK@G?21
zVPn`8apSU&lc#Q5Qc!&yHnM&%YNc5X67}JyavZ9tn?im}Rn_bG342%IE!@V;um$oK
zq8pz5O^5euaGwD=BU2=vt&qbXGC<AWH{MFh7k!+-+>xOjV3zhcZf6~EC+CDKZf7xX
zWKk&^GRz7#@=Xc5FGsg1dSZ|9z}Q%qglQ7$J-=JgD)sZ`D<v+kei~Za=Py^5bXKG9
z%R#p16!pmieQ)oS7u43#JRg+TT4t4hyUB=Q=X=G~VfOy+^aY)<-dTkvTKDJoRdyS<
zS6OMh$k!|E{}F{uUe7h9FDg{(Ejuh7rh`S@h0`Tb;1M_hg)@;iq+K>j8Egmx2U1Su
zs{{Jg*6G|lR@mcX(vff@-X~%?ZgcO?n~qfe{JP136M}~LO;Kv+KouFx*9TQ}<Iiaz
z&l^7KAyp(7I=m_(GN;fL!?fi*?7a~4+M~K)Lp<*-0vmGU&+z;SsEakj3KKJNcEIGq
zac^8|P8{>qTc#ZHd}n*aqpn*Xe#)x3YRcDrrUqp0^3AR6DEI34^0BWrDla?xMy2g*
zNUm3Ves5-x5~osfa<9*s+82d-Ay3=`4|cm}8s9yCaLsG0?D)?LfoqVf@%jAWH5;t5
zK`aHPYIw<t{LS1zD@9JG^k}&2J-w@r3F~M)<uS>Td(91S%{J)0;l7r#`7`&1ju|z~
zOt2>_+aj${A3$_fC3mGk&vXL)EKqp=31mWU8!CWDZNGTBsvc9qS!;L)IvRZO;rJE&
zT%=RNU6mgG20B>6c_H$h?H2>3(<w86(pJ&qK}REZT$KMyXUQr+fPe1H(^)IOH*1V{
z^t682+^z1iVdll6_PcdO7tZ;0e3`Pdq7n3Dl;rOCTaT)W`mg<*Dz6*E)E##$G-;h%
zz2?J;sD1Z}%${d^X|xM8!{^T{G1tDfb_&=_ws_j#xB=fJqR}5x4BV73d!OMNpa;ba
zkf%No9~NzJXNM!h4xwV5we2vF;lL@(6#a>rA}(f%?kfIQridzNLmMpnN@Ijxm>HU=
z1E<b$%$#!MhWpRo91>&M`f6#zJXfQ}CZ<y<zu#$hdbLZ@F`dZdYHt6FKkIAWH~Vkd
zo;mQvq~hd*$7QW?d%9ZQUg^7Z={g%$`qEM@H2VJ);bV34&;3O=G^$c5=NsGD{r${S
z&Fr*Aa|;}D<Z!dns2mPVwy15E<FDY<feE$_Lnip{x5xx%{0KPjQ_|ajM`MKPM`07j
z_X53*#DDo$1BF@~zCF`Hi4}T#y7pl)tuN+{TX3Ls&%6g7CXFGFyLwjJn}#N>J=*i@
zRBj|E&u(F>|56pHtXwsXYFmw-K=nrtHmTMs=Kp4rxle=p@@Z!DqbH$Bt#XA&9_~={
zPfw(OlC3gTd-UX(fU7twO)##)BRov4K#a$Wg&JV>9zEHILLsT$$fgedBt$|ew(>ln
z-Vw3xu{?OcwG&t1CLOv$J`LU(2O>y;6EfJ))W>?>%b<Vsa|#NIHoey;&_EcFVo}?1
zVaObeh0I`9aF1~iSsY~{;$WcxWg)UN@jwu%5<u2qwf?-0%QX}IW-nN};`;u++>%3E
zie{{+e}3q~v!?fX%d&Ru+;u&tDtpCpjjTSGf#9yFvYz0B;~(!_Zy9P9r%`b+=%^~&
zlkG7f^rwK-{jWTF-$<#3eZK8)aCJeTZgoVyAm)EH1&jGZ;dx>()E~q<7{KAK&;603
z``jO-HNJBZ*uePCm4m8^5Jcmu3R^b7)(>#gim56+rmF^s_nIE0|AY-gNDd7P?J2Au
z2sx|SzhwP&eoRyOVTG~wdJFP`_$rk~k5pgy_xXGjJL#I&cFBBgTJ=^B_pbGMx74$i
zXMMh$_ogQ;Y8Q3sW)JV@dC97;%loZ#O_mr(OKyo*OWkFkS6ilH932l%jC>o%J_KW`
z?XU{bb^zJ8@!J76&)cW+QA|E$Dnufh;mw53Gvu-}jF9`jIR?4%iQ@w$6J{ID5Ess^
zAjlt4NFMKkB8r&Bh}?o-(aHtG=&SfeW5E_;y+Xy(`R^VqZ%|$JETMGG%OD_<iYn8n
zW=5rbZi{hrMXu9yI}MlU{I_qk{xJLF!|N}ZHW4mIJcBk_zq*~HG1vX<wp)4gbtF31
zrJT~+V{WW~0&?_3a)F*IV7LUjA>36KY?e;lsv0TyiA>HCd87}Q$p3f4+=fEF<H%5*
zKP6~*4A!u45$UViVj8ozm~dw<&q+LVD_QL!hgIFU)Z0uwPUeh}x7n3VYtsgN;h&vy
zv-{`H-aUD3lzA^F1QlM(HD1H*TqoJ$8gM>7NnG;q7IDj)N-Oef%am2bbz$1$a07kJ
z=Tw&t7U@YP7w+;vd{8w9W)wk%Q3uZE_{vkM&>{=i9IcLF9;ATH)#o7|XqklU+IVQ~
zX^spM8sB|2!ja+YPPoIHLdDjxKp~@bER4g3DCBTgFAqeVuCaiS;MW7le`=XDXw(M1
z5Nhf9$shY32AwIN)_2lY$NqG-a#K`YLBA0<_i}dYBj2bS3;Wupe{k8dth~=YudlAD
zv-Vii+l}mi9{2Wus_bt6ybjN-ZcpF7J@HA;uUy+dE>q)n>fCT|<t|AXSk1RoMQaD^
z?J-iVz<eA}6Wp=k9skW-PR2rC&w|D~e#BgEk%gk3g&6PnUUNR~e+Z+%(rCd-*Kj6i
zPyq|0KuAuZ6k^U?WKpbVF@aaQ*ZitzYiQl9lw)C&pYxeF?PJrs{(8p_9{<B}nr=wi
z+0LH8`iegDPpyzEHQT4O{ruqtp%jhR$M(%zQ8Txhmvj1#e{OBtgk$kGVl_`y<OJ~^
z`V9sB=!ur%1R+ASXozq$%vE3Ss%*l#={#kr<j5oD20AHx=~7;ptD<m@zj7~(dB1C?
zZEgF#vRY=kz^tvcLJq0V#DYa4>!43VR)JJB>!EeaSK&wn%tHY-{3_IuqX`XlmQM$^
zxv~g(^P6>%XTL)hX{Khq;Y60IAMh+fX+lFwfoz|3rOh7uJU=tuTDURi^U27Mn(L`X
zt#AA6SKo6<YgJM8@NiFKTV5z`fNzc$@K27-&Qj5Z8+w2Cp7$N~Q@Jz0)8(SAq^F64
z!?LE+*RG#VQ(b#K>Vnm-?Y^GAz2;vS_wU{JQCd-2Y25Yn<o+g~YuwOH?l+q<0+b6v
zwq1+xMNYnrO|D(e&mXMB<qhuhb9|a=t!&f!f4-iRyS&2RnzQ+#)ae7E*T2-P*>p3*
zw%`>%ullu{>RQXF(=XuCG<A*Kf~#ig{TKQQEFI&HRkj6Ozgdx5<?en>!?>lkZdX9(
zoA!=l^_(d!D(XdrrS_p3oX4*#m694uJ&St&_;>t6lS<w_|ACDDPQTu<`QzS{Hl9||
z7%1x4k>{7*mr?!sMov}#JOB0@b`qO9-Lfy|+`XN1WKrwRzAN1>d2LSHJ+rE3Yy2K+
z7w}TOyD&*UtGCI%sl>g#qBX#`{ZF5+MNvD}XW1p4ZuWQ?QvL6|$Ld~nSCf`i$?UfA
zY3hj`pbcEP7B=AH>+9WaSG}jbKB=R7M|*AQ+dG}ke(5=V&cEJy_4HACQN@D*|6^BI
ztMc#ltYy_z*HtK;jAXa2^SjVdw6pr9&mAcbJ)=xkV@${t6>W#$pF$truIzP_@aXx*
zwcV$8qK8Vqf97F}RV|O)AJvrP1@wHGbEezJA^7;=Ess=lHI?$7mRfB$D$?B6T$DF<
zg8aU%E}?DL+L~;h^XJ6{97|4*4$M#6c_QbYTKmt=z7c6^r^+Wk&gR0`?F$+q1O1Yw
zv$w|$lO%;LyyO>>q_D7qEn-wGp#>yCfg=%Udm+k{fj{x>hEy!s0D_}!H0UXK4?8>#
zW$fTKdg7;1s2st29DEN96*~h9f5#4tq9=Ylh>D$RL}kHyuzehBA5wMVPrM)ebQVtx
zKgooiIDRy^tQOV754)fzjvsy^1IpOZ1@y$n1(!?U^|8I}2#)td!#C)Q!Q~(L-|_vn
zP!{wfxbg*Ei-GkAN4@Z;06)QvHz<=V1{d6TgKzJGegxOU(D1#bP!_x=NFIz%xM1%I
zk_dlILWAv<!FOf-KS)A@v6kq~I5a^%<RQs{@%<}kP#nm~Dohze8|_UYf;1*9CTxL&
zQw(sQvos4%&yH*lk{}xpc^e#@0RFmX`9EIS;$^={bu;94^|0SQ?EN6L(cZ`*%*#TD
zF+i#vxPJyq$}+M6p`*))g~%fkxr$>1+s*J}*>JKSQnJ8iCfFa0&WND&F#l^zhS{q6
zpSD%e;cz7lRF41?v;!XmY2=vvRW?`Jkkn2iIs`z61MqNIOMnOyvQ04H9Qr?j$k6Rw
zf6Hy?W}x9&ZM3<tnXnZZE`AXX2<`qyNjyeA$A6Uyn>Lt&YlM6FsBo?mv?UAn?SdG?
z?r+$pjS}RHkk|eikD+_>|CX{|Kv{HI{cuUJA^X7)l`sMULg^#W4N};M;F9rCjtDm~
z!^rVa%`^fu=&%JEqy<BR0co(nW{rlhe~AV%UBZ3B!X1gYq>W%l;#wn<iXW%u^jJQe
zCi}7}sjOv^?B-H~F;)%Va5#a1!M)RJCb<mwZE|opS@~OvWX!5p_nJ<gV0-9z+I|bU
z5Z`q^p&rzpnf*z9Y|OqNe51sE)xSN{{7Hq_>Y$iey~VfVzdIX#=kb}z3VSBCENI&{
zUi`Zq-*`W3-q*VKq`sf;N{yWUh+lu|&7)kN+i6z*cz><#vA&<HY!vjXs}0ApKkK&U
zo_W9LeZ6bNg$&DE8p{{PmUldh)$KXsFz3_d5Wj<`El=HEa>H<M`PFZAWOmK&+A!f$
z*rB4%0-5AL`hUCkOjj>=oMj-p&m{8U$#WO|vZbUnSLJ8f9#z|C_S4*?0G@dx?Lx+@
zgv8AazgMbFa$Xm?&+TLCJcmrX<Y0H*%{g<Mv@_?1yV<0cosbHTjn3TCTvA7s<1Jmi
z@@<=K!lK{1qkEIfjT<BuC4N~Eec|?>72O}ab6nyw_wRCe6SP?NDed-ss|r5Van~Pe
zr}WH@G|zO4+P!Ryaje?Q;?i?UFV4SLbIX+bl=|q5+ZoD}x5d{se7hrt-|RtopZcP>
z@R#GeGB3)wDW`4@v@`Tv_&q;D``psVIhp;mlP7HK4X?=rCB|Icb?aWQsdDTS56OF_
zp+U>XNf}H(@WTxI_Xp2RRg;}<+!Cvx;~91HxTcFns{GB0=DTXe_v^0NHlK*`Vm>fC
z#&lV}efl>351XP*4eI6he0nl%O-bataraM8x>9-BbSnBt_>EuOv$E%to=^kFjJ^Be
zUl-yVKIl!8>e|v}(qJ|D-RqgUVh<$?A_71Bn01N6TP3@Zs`dGs65WDu-c&wE%c1UI
zrER5Le~9+k@3tQ|-TJ-HAECd!biC;4^zXPsFQPSTp66`6G;tz(PT7^7G24DWzc(l(
zG=9=i#fIa{oi3@L`L2rhgU)S-nd(Q+rM0BUEZp#x64GqjYcpxCM11&nyZ;c|wWham
zTlZRVl@C<U^{Lx>!}AIb=D%gGKYDLb`{K{v=`Yp|AUoSMNCbgP%X%@~!2xGba03KQ
zaBTuys*YK1+$zD}1(^$RRf@_2XH(#_3_6GC_Aa3){@-^FaZ(VRLqRgeq0S+uN|1hG
z(^-SQ;gJ0JXr#FI)A4ZkLZ!hxRR~N)5H0)dPUx>t)5XncyRyEQ{Z<zT^cQV+xakcv
zy|k*Oi@T=#b{8Q4B`^Hi-Pir!|4nyV9$Otp(b-oY;J@u`)Z_blj%9RRuJrKU=Hj$%
z6oV6G(UDJ_p3~MHPF^k!_R6EA=2yEvx}o8m!t-#mcOUWa$o{OU{U)dFVsJN#H*g=7
zA*O2J;<){5=1j~-2RIUV$eo5gFe&E2p>3=rNK+$7q5?iAswq6xj9-)rWx*Lm;h`>E
z6Y!*Mq`#)%9FB!o+Jhi?Y(nG15S7L?4-^gUK_(QO+!fK^jGVme9igf;u6P8s4ed8N
zZQU-7N3KJpMU;Ipu~Sn+&FHYep&RT$hmG7jG#u=294O(zHLA&l5+0hP5*<o-V2?`3
zEySG>)G0trw|O|2IYBNuRnt{E(yIDyKyxj@b0vtplaH4Ts<+Z(tH(C8pY0u-q>(ea
z%E{T@d#e{uS4$de4$*3;)DQJ*jJ@4p)+pF}rqT*jMN}E6h1!8K4KLG#WjbD_3(E|=
z%n+8Dc$q0Iv+y!YSZ3p8wy?~>%N${ui<h~=GL?b@AWeb*BdQR^K^&<9Bw^`8SVw>+
zL~}w2jwr@9LgnYP&B<Ae0yJlfQ3n4(XaJdRq@AU47@NXCD?sR<wEG~8g$}b3U~II)
zAp(N}T74nFu<MdUVKfd}eIde7I$u#36K=93z}OTnxnDTUMXX1GbfYBvAcqeyEujy%
zs)q>UqWfV<_0UQf;azmACIQA}qLnj3J)kNH#u)||E?R{XeV0Wc;|JL=Nn>Nt$#h{c
zAV49u2SgyjSZH;R&@TtAlo4QDWYtAsTn@@(DguLxvQTnD5g3KbL7A{bU{nf)#8>bx
zWc?%7!&Wm1@1oq4#Ci;JdlZznfLM=(94<n8Y_vj2fN@ZwG*K9pf|NS}hNVv?z#vE?
z)`N4oBp3^BWhK>PAv+@49*d2fM-dpTZ6a$S0;96n$j%U8TyzRo1P1G)D2<Q^41tLA
z3rj}i`Cy~`1jKh4$OI7DW5U^JB8-hzPzm)oD5*37#wF94Lm|l<910}UfP?PhCA7z3
zpj<wpeQ+2gnWl1BWPah0X%Fk(WWMK8$n(afqF_L@UoH);o)chnG7Y$pHi%S@h1>~|
zcVTUt41-*vL>fRn()`jO&l-_mAlnCW)d_vj(TY3)#vt(lWPL<AU<vhD=qm&P#z8Ci
z1Q?e*4mt&;-xRG!$G&C|U~ttMsUD>EAi<dEi-qXBEE-yD5`}TGFCC&V7TotvtjD60
z_@2gvbMvHnOq4i{&>jojBu{{m<(I~#lXNGYjyYhW?{XO^4GjSXY1RlZI(-=YxGa+G
zfy@RZ8w&T<lWYK;LLu2p(9R_N2O5!N^XL=?`cfl;GjJM7*U^D>iTVXt1Jbt;-v#4M
zgi)y^9Y&{O-zr4=1yw@o0}?(Gd4tXbWlZdY&LGbblY>5+i1fjrkaZ%RNwza|76pAt
zBD~8$U(ZBfbWm4BzM?}~a$>)978oDWyG-P$6WU{w<Qy~;TI?Xy<C5f(&Zd&|6`hSO
zhKRn)rlYTg1Q;ZlBEiUdgFzwd4af^kvinevWM{wvka!ZkO4J7oDg{MuBKR>NP$SZS
z0r?1syv6|0BGMGHgP^abg!b6zOCte>5=jtYT=ex!v>tp6CE*NrHIQH&P#nZ}87wkS
zLRuCQE*uU?uR-b{(ws9OjUNd=COApNewj3qf68Ej<4&pvnXgDN5C#&AO{O!bc2av_
ze~Em>f}2N)Fa{STM<URfOC!Z33@)AIZ?M3JBjLwokn|~JrX$HENHodT!uKeWZwoMz
zZUT#f5;TeM2AU4yIGCV!iTE+WWgx@A5R%#>`-$L{ka&^_4nC3pfDK6g1`|Go5_ytI
zrIYM569NIEUV~3tBtL=)PAj=RHc7uQVM79uHz5Bd+7%&6KN@zGEdd4=m{gCfbC|H+
zOOypBtap%M<XD3VE+J6{nRE)tHbQO|v}i1fADu?>BbaphFzo>qNbi#E5oA^*@i>So
zNw(lVP*UsyiM>dE4us-l{$tS5&I{3TFwliFL>L6XWEe>oGr^T7(FFvKG+rhIgv9oM
zEMypXNu+w9@kuaPJ|V$aBwv8ZWRvHE2}+0fE(;t45{ydno0xC|1_?hFgS4&!D-<Mq
z4hir{{wcULB;5{4yh$+$lT9Jnc#uj`j02hAN%ow{rju+BlMPyeI9@iS=O@8XLMsAq
zusLM;<xt3T#2E%Z4vnO*SP<(H^&iY6iOx`u#A_@FU5NUR1>ZS{a|HWXNd7o@lO(+c
zVLVB%!4#47E{n}2>2VeZ9B2ZqSg;|7$fqn0o#a1*t4H!dSR9aaQhP8GB8<yMyS+qY
zn#Bd;lVB)or)WK3E0Pb#hUG*eZ@^v1Bz?-J(1*&o*EV~Xt?(rSU#jMLcz8(z=irOe
z`tHsi(tx9&1UFx)(N}3}YHLzBt5)eS8JeruY;E=`x)zP2MW^a$X|pxerT@MPwkU1p
gvfBw;T!jVY?OyiVys-6FHW)m*n4FxpiH_L+0L}C+p8x;=

literal 0
HcmV?d00001

diff --git a/apache-fop/src/test/resources/input.xml b/apache-fop/src/test/resources/input.xml
index 1a71e1aaec..3794963360 100644
--- a/apache-fop/src/test/resources/input.xml
+++ b/apache-fop/src/test/resources/input.xml
@@ -1,84 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <article version="5.0" xml:lang="en-US" xmlns="http://docbook.org/ns/docbook" xmlns:xl="http://www.w3.org/1999/xlink">
   <info>
-    <title>Spring Security for a REST API</title>
-    <abstract>
-      <para>How to Secure a REST API with Spring Security 3 - the XML Configuration, the web.xml, the HTTP status codes for authentication, etc.</para>
-    </abstract>
+    <title>Bootstrap a Web Application with Spring 4</title>
   </info>
-  <!--
-Mobile viewport scale
--->
-  <anchor xml:id="ois_bootstrap-css"/>
-  <anchor xml:id="ois_reset-css"/>
-  <anchor xml:id="ois_design_8-css"/>
-  <anchor xml:id="ois_design_19-css"/>
-  <anchor xml:id="ois_design_22-css"/>
-  <anchor xml:id="contact-form-7-css"/>
-  <anchor xml:id="digg-digg-css"/>
-  <anchor xml:id="foobox-min-css"/>
-  <anchor xml:id="scrollup-css-css"/>
-  <anchor xml:id="onp-sociallocker-css"/>
-  <anchor xml:id="toc-screen-css"/>
-  <anchor xml:id="js_composer_custom_css-css"/>
-  <anchor xml:id="theme-stylesheet-css"/>
-  <anchor xml:id="core3.0-css"/>
-  <anchor xml:id="core-Default3.0-css"/>
-  <anchor xml:id="theme-Default3.0-css"/>
-  <!--
-[if lt IE 9]>
-<link href="http://www.baeldung.com/wp-content/themes/canvas/css/non-responsive.css" rel="stylesheet" type="text/css" />
-<style type="text/css">.col-full, #wrapper { width: 1150px; max-width: 1150px; } #inner-wrapper { padding: 0; } body.full-width #header, #nav-container, body.full-width #content, body.full-width #footer-widgets, body.full-width #footer { padding-left: 0; padding-right: 0; } body.fixed-mobile #top, body.fixed-mobile #header-container, body.fixed-mobile #footer-container, body.fixed-mobile #nav-container, body.fixed-mobile #footer-widgets-container { min-width: 1150px; padding: 0 1em; } body.full-width #content { width: auto; padding: 0 1em;}</style>
-<![endif]
--->
-  <!--
-Adjust the website width
--->
-  <!--
-<meta name="NextGEN" version="2.0.66.33" />
--->
-  <!--
-WP SyntaxHighlighter Ver.1.7.3 CSS for code Begin
--->
-  <!--
-WP SyntaxHighlighter Ver.1.7.3 CSS for code End
--->
-  <!--
-Custom CSS Styling
--->
-  <!--
-Custom Favicon
--->
-  <!--
-Woo Shortcodes CSS
--->
-  <!--
-Custom Stylesheet
--->
-  <!--
-Theme version
--->
-  <!--
-[if IE 8]><link rel="stylesheet" type="text/css" href="http://www.baeldung.com/wp-content/plugins/js_composer/assets/css/vc-ie8.css" media="screen"><![endif]
--->
-  <!--
-All in One SEO Pack 2.2.3.1 by Michael Torbert of Semper Fi Web Design[240,288]
--->
-  <!--
-/all in one seo pack
--->
-  <!--
-Facebook SDK
-        
-            Created by the Social Locker plugin (c) OnePress Ltd
-            http://sociallocker.org
--->
-  <!--
-/
--->
-  <!--
-Clean Archives Reloaded v3.2.0 | http://www.viper007bond.com/wordpress-plugins/clean-archives-reloaded/
--->
   <anchor xml:id="wrapper"/>
   <anchor xml:id="inner-wrapper"/>
   <!--
@@ -106,16 +30,13 @@ Clean Archives Reloaded v3.2.0 | http://www.viper007bond.com/wordpress-plugins/c
       <para><link linkend="dbdoclet.1_Overview">1. Overview</link></para>
     </listitem>
     <listitem>
-      <para><link linkend="dbdoclet.2_Spring_Security_in_the_webxml">2. Spring Security in the web.xml</link></para>
+      <para><link linkend="dbdoclet.2_The_Maven_pomxml">2. The Maven pom.xml</link></para>
     </listitem>
     <listitem>
-      <para><link linkend="dbdoclet.3_The_Security_Configuration">3. The Security Configuration</link></para>
+      <para><link linkend="dbdoclet.3_The_Java_based_Web_Configuration">3. The Java based Web Configuration</link></para>
     </listitem>
     <listitem>
-      <para><link linkend="dbdoclet.4_Maven_and_other_trouble">4. Maven and other trouble</link></para>
-    </listitem>
-    <listitem>
-      <para><link linkend="dbdoclet.5_Conclusion">5. Conclusion</link></para>
+      <para><link linkend="dbdoclet.4_Conclusion">4. Conclusion</link></para>
     </listitem>
   </itemizedlist>
   <para>If you&apos;re new here, <link xl:href="https://my.leadpages.net/leadbox/146382273f72a2%3A13a71ac76b46dc/5735865741475840/">you may want to get my &quot;REST APIs with Spring&quot; eBook</link>. Thanks for visiting!</para>
@@ -123,924 +44,804 @@ Clean Archives Reloaded v3.2.0 | http://www.viper007bond.com/wordpress-plugins/c
   <!--
 Start Shortcoder content
 -->
-  <section>
-    <title><emphasis role="bold">I usually post about Security on Google+ - you can follow me there:  </emphasis></title>
-    <!--
+  <!--
 End Shortcoder content
 -->
-    <section>
-      <title><anchor xml:id="Table_of_Contents"/><emphasis role="bold">Table of Contents</emphasis></title>
-      <itemizedlist>
-        <listitem>
-          <para><link linkend="overview"><emphasis role="bold">1. </emphasis>Overview</link></para>
-        </listitem>
-        <listitem>
-          <para><link linkend="springsec"><emphasis role="bold">2. </emphasis>Introducing Spring Security in the <literal>web.xml</literal></link></para>
-        </listitem>
-        <listitem>
-          <para><link linkend="config"><emphasis role="bold">3. </emphasis>The Security Configuration</link></para>
-        </listitem>
-        <listitem>
-          <para><link linkend="ch_3_1"><emphasis role="bold">    3.1. </emphasis>The basics</link></para>
-        </listitem>
-        <listitem>
-          <para><link linkend="ch_3_2"><emphasis role="bold">    3.2. </emphasis>The Entry Point</link></para>
-        </listitem>
-        <listitem>
-          <para><link linkend="ch_3_3"><emphasis role="bold">    3.3. </emphasis>The Login</link></para>
-        </listitem>
-        <listitem>
-          <para><link linkend="ch_3_4"><emphasis role="bold">    3.4. </emphasis>Authentication should return <emphasis role="bold">200</emphasis> instead of <emphasis role="bold">301</emphasis></link></para>
-        </listitem>
-        <listitem>
-          <para><link linkend="ch_3_5"><emphasis role="bold">    3.5. </emphasis>Failed Authentication should return <emphasis role="bold">401</emphasis> instead of <emphasis role="bold">302</emphasis></link></para>
-        </listitem>
-        <listitem>
-          <para><link linkend="ch_3_6"><emphasis role="bold">    3.6. </emphasis>The Authentication Manager and Provider</link></para>
-        </listitem>
-        <listitem>
-          <para><link linkend="ch_3_7"><emphasis role="bold">    3.7. </emphasis>Finally – Authentication against the running REST Service</link></para>
-        </listitem>
-        <listitem>
-          <para><link linkend="maven"><emphasis role="bold">4. </emphasis>Maven and other trouble</link></para>
-        </listitem>
-        <listitem>
-          <para><link linkend="conclusion"><emphasis role="bold">5. </emphasis>Conclusion</link></para>
-        </listitem>
-      </itemizedlist>
-    </section>
+  <section>
+    <title><anchor xml:id="Table_of_Contents"/><emphasis role="bold">Table of Contents</emphasis></title>
+    <itemizedlist>
+      <listitem>
+        <para><link linkend="overview"><emphasis role="bold">1. </emphasis>Overview</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="maven"><emphasis role="bold">2. </emphasis>The Maven pom.xml</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="cglib"><emphasis role="bold">    2.1. </emphasis>Justification of the <emphasis>cglib</emphasis> dependency</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="cglib_gone"><emphasis role="bold">    2.2. </emphasis>The <emphasis>cglib</emphasis> dependency in Spring 3.2 and beyond</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="java_config"><emphasis role="bold">3. </emphasis>The Java based web configuration</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="web_xml"><emphasis role="bold">   3.1. </emphasis>The web.xml</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="conclusion"><emphasis role="bold">4. </emphasis>Conclusion</link></para>
+      </listitem>
+    </itemizedlist>
     <section xml:id="overview.1">
       <title><anchor xml:id="dbdoclet.1_Overview"/><emphasis role="bold">1. Overview</emphasis></title>
-      <para>This tutorial shows how to <emphasis role="bold">Secure a REST Service using Spring and Spring Security 3.1</emphasis> with Java based configuration. The article will focus on how to set up the Security Configuration specifically for the REST API using a Login and Cookie approach.</para>
-    </section>
-    <section xml:id="springsec.1">
-      <title><anchor xml:id="dbdoclet.2_Spring_Security_in_the_webxml"/><emphasis role="bold">2. Spring Security in the web.xml</emphasis></title>
-      <para>The architecture of Spring Security is based entirely on Servlet Filters and, as such, comes before Spring MVC in regards to the processing of HTTP requests. Keeping this in mind, to begin with, a <emphasis role="bold">filter</emphasis> needs to be declared in the <emphasis>web.xml</emphasis> of the application:</para>
-      <screen>&lt;filter&gt;
-   &lt;filter-name&gt;springSecurityFilterChain&lt;/filter-name&gt;
-   &lt;filter-class&gt;org.springframework.web.filter.DelegatingFilterProxy&lt;/filter-class&gt;
-&lt;/filter&gt;
-&lt;filter-mapping&gt;
-   &lt;filter-name&gt;springSecurityFilterChain&lt;/filter-name&gt;
-   &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
-&lt;/filter-mapping&gt;</screen>
-      <para>The filter must necessarily be named <emphasis>‘springSecurityFilterChain’</emphasis>  to match the default bean created by Spring Security in the container.</para>
-      <para>Note that the defined filter is not the actual class implementing the security logic but a <emphasis>DelegatingFilterProxy</emphasis> with the purpose of delegating the Filter’s methods to an internal bean. This is done so that the target bean can still benefit from the Spring context lifecycle and flexibility.</para>
-      <para>The URL pattern used to configure the Filter is <emphasis role="bold">/*</emphasis> even though the entire web service is mapped to <emphasis role="bold">/api/*</emphasis> so that the security configuration has the option to secure other possible mappings as well, if required.</para>
-    </section>
-    <section xml:id="config.1">
-      <title><anchor xml:id="dbdoclet.3_The_Security_Configuration"/><emphasis role="bold">3. The Security Configuration</emphasis></title>
-      <screen>&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
-&lt;beans:beans
-   xmlns=&quot;http://www.springframework.org/schema/security&quot;
-   xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;
-   xmlns:beans=&quot;http://www.springframework.org/schema/beans&quot;
-   xmlns:sec=&quot;http://www.springframework.org/schema/security&quot;
-   xsi:schemaLocation=&quot;
-      http://www.springframework.org/schema/security 
-      http://www.springframework.org/schema/security/spring-security-3.2.xsd
-      http://www.springframework.org/schema/beans 
-      http://www.springframework.org/schema/beans/spring-beans-4.0.xsd&quot;&gt;
-
-   &lt;http entry-point-ref=&quot;restAuthenticationEntryPoint&quot;&gt;
-      &lt;intercept-url pattern=&quot;/api/admin/**&quot; access=&quot;ROLE_ADMIN&quot;/&gt;
-
-      &lt;form-login 
-         authentication-success-handler-ref=&quot;mySuccessHandler&quot; 
-         authentication-failure-handler-ref=&quot;myFailureHandler&quot;
-      /&gt;
-
-      &lt;logout /&gt;
-   &lt;/http&gt;
-
-   &lt;beans:bean id=&quot;mySuccessHandler&quot;
-      class=&quot;org.rest.security.MySavedRequestAwareAuthenticationSuccessHandler&quot;/&gt;
-   &lt;beans:bean id=&quot;myFailureHandler&quot; 
-      class=&quot;org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler&quot;/&gt;
-
-   &lt;authentication-manager alias=&quot;authenticationManager&quot;&gt;
-      &lt;authentication-provider&gt;
-         &lt;user-service&gt;
-            &lt;user name=&quot;temporary&quot; password=&quot;temporary&quot; authorities=&quot;ROLE_ADMIN&quot;/&gt;
-            &lt;user name=&quot;user&quot; password=&quot;user&quot; authorities=&quot;ROLE_USER&quot;/&gt;
-         &lt;/user-service&gt;
-      &lt;/authentication-provider&gt;
-   &lt;/authentication-manager&gt;
-
-&lt;/beans:beans&gt;</screen>
-       <para> Most of the configuration is done using the <emphasis role="bold">security namespace</emphasis> – for this to be enabled, the schema locations must be defined and pointed to the correct 3.1 or 3.2 XSD versions. The namespace is designed so that it expresses the common uses of Spring Security while still providing hooks raw beans to accommodate more advanced scenarios. <link xl:href="http://products.baeldung.com/rest-api-with-spring"><emphasis role="bold">&gt;&gt; Signup for my upcoming Video Course on Building a REST API with Spring 4</emphasis></link></para>
-      <section xml:id="ch_3_1.1">
-        <title><emphasis role="bold">3.1. The &lt;http&gt; element</emphasis></title>
-        <para>The <emphasis>&lt;http&gt;</emphasis> element is the main container element for HTTP security configuration. In the current implementation, it only secured a single mapping: <emphasis>/api/admin/**</emphasis>. Note that the mapping is <emphasis role="bold">relative to the root context</emphasis> of the web application, not to the <emphasis>rest</emphasis> Servlet; this is because the entire security configuration lives in the root Spring context and not in the child context of the Servlet.</para>
-      </section>
-      <section xml:id="ch_3_2.1">
-        <title><emphasis role="bold">3.2. The Entry Point</emphasis></title>
-        <para>In a standard web application, the authentication process may be automatically triggered when the client tries to access a secured resource without being authenticated – this is usually done by redirecting to a login page so that the user can enter credentials. However, for a <emphasis role="bold">REST Web Service </emphasis>this behavior doesn’t make much sense – Authentication should only be done by a request to the correct URI and all other requests should simply fail with a <emphasis role="bold">401 UNAUTHORIZED</emphasis> status code if the user is not authenticated.</para>
-        <para>Spring Security handles this automatic triggering of the authentication process with the concept of an <emphasis role="bold">Entry Point</emphasis> – this is a required part of the configuration, and can be injected via the <emphasis>entry-point-ref</emphasis> attribute of the <emphasis>&lt;http&gt;</emphasis> element. Keeping in mind that this functionality doesn’t make sense in the context of the REST Service, the new custom entry point is defined to simply return 401 whenever it is triggered:</para>
-        <screen>@Component( &quot;restAuthenticationEntryPoint&quot; )
-public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint{
-
-   @Override
-   public void commence( HttpServletRequest request, HttpServletResponse response, 
-    AuthenticationException authException ) throws IOException{
-      response.sendError( HttpServletResponse.SC_UNAUTHORIZED, &quot;Unauthorized&quot; );
-   }
-}</screen>
-        <para>A quick sidenote here is that the 401 is sent without the <emphasis>WWW-Authenticate</emphasis> header, as required by the HTTP Spec – we can of course set the value manually if we need to.</para>
-      </section>
-      <section xml:id="ch_3_3.1">
-        <title><emphasis role="bold">3.3. The Login Form for REST</emphasis></title>
-        <para>There are multiple ways to do Authentication for a REST API – one of the default Spring Security provides is <emphasis role="bold">Form Login</emphasis> – which uses an authentication processing filter – <emphasis>org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter</emphasis>.</para>
-        <para>The <emphasis>&lt;form-login&gt;</emphasis> element will create this filter and will also allow us to set our custom authentication success handler on it. This can also be done manually by using the <emphasis>&lt;custom-filter&gt;</emphasis> element to register a filter at the position <emphasis>FORM_LOGIN_FILTER</emphasis> – but the namespace support is flexible enough.</para>
-        <para>Note that for a standard web application, the <emphasis role="bold">auto-config </emphasis>attribute of the <emphasis>&lt;http&gt; element </emphasis>is shorthand syntax for some useful security configuration. While this may be appropriate for some very simple configurations, it doesn’t fit and should not be used for a REST API.</para>
-      </section>
-      <section xml:id="ch_3_4.1">
-        <title><emphasis role="bold">3.4. Authentication should return 200 instead of 301</emphasis></title>
-        <para>By default, form login will answer a successful authentication request with a <emphasis role="bold">301 MOVED PERMANENTLY</emphasis> status code; this makes sense in the context of an actual login form which needs to redirect after login. For a RESTful web service however, the desired response for a successful authentication should be <emphasis role="bold">200 OK</emphasis>.</para>
-        <para>This is done by injecting a <emphasis role="bold">custom authentication success handler</emphasis> in the form login filter, to replace the default one. The new handler implements the exact same login as the default <emphasis>org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler</emphasis> with one notable difference – the redirect logic is removed:</para>
-        <screen>public class MySavedRequestAwareAuthenticationSuccessHandler 
-      extends SimpleUrlAuthenticationSuccessHandler {
-
-    private RequestCache requestCache = new HttpSessionRequestCache();
-
-    @Override
-    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, 
-      Authentication authentication) throws ServletException, IOException {
-        SavedRequest savedRequest = requestCache.getRequest(request, response);
-
-        if (savedRequest == null) {
-            clearAuthenticationAttributes(request);
-            return;
-        }
-        String targetUrlParam = getTargetUrlParameter();
-        if (isAlwaysUseDefaultTargetUrl() || 
-          (targetUrlParam != null &amp;&amp; 
-          StringUtils.hasText(request.getParameter(targetUrlParam)))) {
-            requestCache.removeRequest(request, response);
-            clearAuthenticationAttributes(request);
-            return;
-        }
-
-        clearAuthenticationAttributes(request);
-    }
-
-    public void setRequestCache(RequestCache requestCache) {
-        this.requestCache = requestCache;
-    }
-}</screen>
-      </section>
-      <section xml:id="ch_3_5.1">
-        <title><emphasis role="bold">3.5. Failed Authentication should return 401 instead of 302</emphasis></title>
-        <para>Similarly – we configured the authentication failure handler – same way we did with the success handler.</para>
-        <para>Luckily – in this case, we don’t need to actually define a new class for this handler – the standard implementation – <emphasis>SimpleUrlAuthenticationFailureHandler</emphasis> – does just fine.</para>
-        <para>The only difference is that – now that we’re defining this explicitly in our XML config – it’s <emphasis role="bold">not going to get a default defaultFailureUrl from Spring</emphasis> – and so it won’t redirect.</para>
-      </section>
-      <section xml:id="ch_3_6.1">
-        <title><emphasis role="bold">3.6. The Authentication Manager and Provider</emphasis></title>
-        <para>The authentication process uses an <emphasis role="bold">in-memory provider</emphasis> to perform authentication – this is meant to simplify the configuration as a production implementation of these artifacts is outside the scope of this post.</para>
-      </section>
-      <section xml:id="ch_3_7.1">
-        <title><emphasis role="bold">3.7 Finally – Authentication against the running REST Service</emphasis></title>
-        <para>Now let’s see how we can authenticate against the REST API – the URL for login is <emphasis>/j_spring_security_check</emphasis> – and a simple <emphasis>curl</emphasis> command performing login would be:</para>
-        <screen>curl -i -X POST -d j_username=user -d j_password=userPass
-http://localhost:8080/spring-security-rest/j_spring_security_check</screen>
-        <para>This request will return the Cookie which will then be used by any subsequent request against the REST Service.</para>
-        <para>We can use <emphasis>curl</emphasis> to authentication and <emphasis role="bold">store the cookie it receives in a file</emphasis>:</para>
-        <screen>curl -i -X POST -d j_username=user -d j_password=userPass -c /opt/cookies.txt 
-http://localhost:8080/spring-security-rest/j_spring_security_check</screen>
-        <para>Then <emphasis role="bold">we can use the cookie from the file</emphasis> to do further authenticated requests:</para>
-        <screen>curl -i --header &quot;Accept:application/json&quot; -X GET -b /opt/cookies.txt 
-http://localhost:8080/spring-security-rest/api/foos</screen>
-        <para>This authenticated request will correctly <emphasis role="bold">result in a 200 OK</emphasis>:</para>
-        <screen>HTTP/1.1 200 OK
-Server: Apache-Coyote/1.1
-Content-Type: application/json;charset=UTF-8
-Transfer-Encoding: chunked
-Date: Wed, 24 Jul 2013 20:31:13 GMT
-
-[{&quot;id&quot;:0,&quot;name&quot;:&quot;JbidXc&quot;}]</screen>
-      </section>
+      <para>The tutorial illustrates how to <emphasis role="bold">Bootstrap a Web Application with Spring</emphasis> and also discusses how to make the jump <emphasis role="bold">from XML to Java</emphasis> without having to completely migrate the entire XML configuration.</para>
     </section>
     <section xml:id="maven.1">
-      <title><anchor xml:id="dbdoclet.4_Maven_and_other_trouble"/><emphasis role="bold">4. Maven and other trouble</emphasis></title>
-      <para>The Spring <link xl:href="http://www.baeldung.com/spring-with-maven#mvc">core dependencies</link> necessary for a web application and for the REST Service have been discussed in detail. For security, we’ll need to add: <emphasis>spring-security-web</emphasis> and <emphasis>spring-security-config</emphasis> – all of these have also been covered in the <link xl:href="http://www.baeldung.com/spring-security-with-maven">Maven for Spring Security</link> tutorial.</para>
-      <para>It’s worth paying close attention to the way Maven will resolve the older Spring dependencies – the resolution strategy will start <link xl:href="http://www.baeldung.com/spring-security-with-maven#maven_problem">causing problems</link> once the security artifacts are added to the pom. To address this problem, some of the core dependencies will need to be overridden in order to keep them at the right version.</para>
+      <title><anchor xml:id="dbdoclet.2_The_Maven_pomxml"/><emphasis role="bold">2. The Maven pom.xml</emphasis></title>
+      <screen>&lt;project xmlns=&quot;http://maven.apache.org/POM/4.0.0&quot; 
+   xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;
+   xsi:schemaLocation=&quot;
+      http://maven.apache.org/POM/4.0.0 
+      http://maven.apache.org/xsd/maven-4.0.0.xsd&quot;&gt;
+   &lt;modelVersion&gt;4.0.0&lt;/modelVersion&gt;
+   &lt;groupId&gt;org&lt;/groupId&gt;
+   &lt;artifactId&gt;rest&lt;/artifactId&gt;
+   &lt;version&gt;0.0.1-SNAPSHOT&lt;/version&gt;
+   &lt;packaging&gt;war&lt;/packaging&gt;
+
+   &lt;dependencies&gt;
+
+      &lt;dependency&gt;
+         &lt;groupId&gt;org.springframework&lt;/groupId&gt;
+         &lt;artifactId&gt;spring-webmvc&lt;/artifactId&gt;
+         &lt;version&gt;${spring.version}&lt;/version&gt;
+         &lt;exclusions&gt;
+            &lt;exclusion&gt;
+               &lt;artifactId&gt;commons-logging&lt;/artifactId&gt;
+               &lt;groupId&gt;commons-logging&lt;/groupId&gt;
+            &lt;/exclusion&gt;
+         &lt;/exclusions&gt;
+      &lt;/dependency&gt;
+      
+   &lt;/dependencies&gt;
+
+   &lt;build&gt;
+      &lt;finalName&gt;rest&lt;/finalName&gt;
+
+      &lt;plugins&gt;
+         &lt;plugin&gt;
+            &lt;groupId&gt;org.apache.maven.plugins&lt;/groupId&gt;
+            &lt;artifactId&gt;maven-compiler-plugin&lt;/artifactId&gt;
+            &lt;version&gt;3.1&lt;/version&gt;
+            &lt;configuration&gt;
+               &lt;source&gt;1.6&lt;/source&gt;
+               &lt;target&gt;1.6&lt;/target&gt;
+               &lt;encoding&gt;UTF-8&lt;/encoding&gt;
+            &lt;/configuration&gt;
+         &lt;/plugin&gt;
+      &lt;/plugins&gt;
+   &lt;/build&gt;
+
+   &lt;properties&gt;
+      &lt;spring.version&gt;4.0.5.RELEASE&lt;/spring.version&gt;
+   &lt;/properties&gt;
+
+&lt;/project&gt;</screen>
+      <section xml:id="cglib.1">
+        <title><emphasis role="bold">2.1. The cglib dependency before Spring 3.2</emphasis></title>
+        <para>You may wonder why <emphasis>cglib</emphasis> is a dependency – it turns out there is a valid reason to include it – the entire configuration cannot function without it. If removed, Spring will throw:</para>
+        <para><emphasis>Caused by: java.lang.IllegalStateException: CGLIB is required to process @Configuration classes. Either add CGLIB to the classpath or remove the following @Configuration bean definitions</emphasis></para>
+        <para>The reason this happens is explained by the way Spring deals with <emphasis>@Configuration</emphasis> classes. These classes are effectively beans, and because of this they need to be aware of the Context, and respect scope and other bean semantics. This is achieved by dynamically creating a cglib proxy with this awareness for each <emphasis>@Configuration</emphasis> class, hence the cglib dependency.</para>
+        <para>Also, because of this, there are a few restrictions for <emphasis>Configuration</emphasis> annotated classes:</para>
+        <itemizedlist>
+          <listitem>
+            <para> Configuration classes <emphasis role="bold">should not be final</emphasis></para>
+          </listitem>
+          <listitem>
+            <para> They should have a constructor with no arguments</para>
+          </listitem>
+        </itemizedlist>
+      </section>
+      <section xml:id="cglib_gone.1">
+        <title><emphasis role="bold">2.2. The cglib dependency in Spring 3.2 and beyond</emphasis></title>
+        <para>Starting with Spring 3.2, it is <emphasis role="bold">no longer necessary to add cglib as an explicit dependency</emphasis>. This is because Spring is in now inlining <emphasis>cglib</emphasis> – which will ensure that all class based proxying functionality will work out of the box with Spring 3.2.</para>
+        <para>The new cglib code is placed under the Spring package: <emphasis>org.springframework.cglib</emphasis> (replacing the original <emphasis>net.sf.cglib</emphasis>). The reason for the package change is to avoid conflicts with any <emphasis>cglib</emphasis> versions already existing on the classpath.</para>
+        <para>Also, the new cglib 3.0 is now used, upgraded from the older 2.2 dependency (see this <link xl:href="https://jira.springsource.org/browse/SPR-9669">JIRA issue</link> for more details).</para>
+        <para>Finally, now that Spring 4.0 is out in the wild, changes like this one (removing the cglib dependency) are to be expected with Java 8 just around the corner – you can watch <link xl:href="https://jira.springsource.org/browse/SPR-9639">this Spring Jira</link> to keep track of the Spring support, and <link xl:href="http://www.baeldung.com/java8">the Java 8 Resources page</link> to keep tabs on the that.</para>
+      </section>
+    </section>
+    <section xml:id="java_config.1">
+      <title><anchor xml:id="dbdoclet.3_The_Java_based_Web_Configuration"/><emphasis role="bold">3. The Java based Web Configuration</emphasis></title>
+      <screen>@Configuration
+@ImportResource( { &quot;classpath*:/rest_config.xml&quot; } )
+@ComponentScan( basePackages = &quot;org.rest&quot; )
+@PropertySource({ &quot;classpath:rest.properties&quot;, &quot;classpath:web.properties&quot; })
+public class AppConfig{
+
+   @Bean
+   public static PropertySourcesPlaceholderConfigurer properties() {
+      return new PropertySourcesPlaceholderConfigurer();
+   }
+}</screen>
+      <para>First, the <emphasis role="bold">@Configuration</emphasis> annotation – this is the main artifact used by the Java based Spring configuration; it is itself meta-annotated with <emphasis>@Component</emphasis>, which makes the annotated classes <emphasis role="bold">standard beans</emphasis> and as such, also candidates for component scanning. The main purpose of <emphasis>@Configuration</emphasis> classes is to be sources of bean definitions for the Spring IoC Container. For a more detailed description, see the <link xl:href="http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/beans.html#beans-java">official docs</link>.</para>
+      <para>Then, <emphasis role="bold">@ImportResource</emphasis> is used to import the existing XML based Spring configuration. This may be configuration which is still being migrated from XML to Java, or simply legacy configuration that you wish to keep. Either way, importing it into the Container is essential for a successful migration, allowing small steps without to much risk. The equivalent XML annotation that is replaced is:</para>
+      <para><emphasis>&lt;import resource=”classpath*:/rest_config.xml” /&gt;</emphasis></para>
+      <para>Moving on to <emphasis role="bold">@ComponentScan</emphasis> – this configures the component scanning directive, effectively replacing the XML:</para>
+      <screen>&lt;context:component-scan base-package=&quot;org.rest&quot; /&gt;</screen>
+      <para>As of Spring 3.1, the <emphasis>@Configuration</emphasis> are excluded from classpath scanning by default – see <link xl:href="https://jira.springsource.org/browse/SPR-8808">this JIRA issue</link>. Before Spring 3.1 though, these classes should have been excluded explicitly:</para>
+      <screen>excludeFilters = { @ComponentScan.Filter( Configuration.class ) }</screen>
+      <para>The <emphasis>@Configuration</emphasis> classes should not be autodiscovered because they are already specified and used by the Container – allowing them to be rediscovered and introduced into the Spring context will result in the following error:</para>
+      <para><emphasis>Caused by: org.springframework.context.annotation.ConflictingBeanDefinitionException: Annotation-specified bean name ‘webConfig’ for bean class [org.rest.spring.AppConfig] conflicts with existing, non-compatible bean definition of same name and class [org.rest.spring.AppConfig]</emphasis></para>
+      <para>And finally, using the<emphasis role="bold"> @Bean</emphasis> annotation to configure the <emphasis role="bold">properties support</emphasis> – <emphasis>PropertySourcesPlaceholderConfigurer</emphasis> is initialized in a <emphasis>@Bean</emphasis> annotated method, indicating it will produce a Spring bean managed by the Container. This new configuration has replaced the following XML:</para>
+      <screen>&lt;context:property-placeholder
+location=&quot;classpath:persistence.properties, classpath:web.properties&quot;
+ignore-unresolvable=&quot;true&quot;/&gt;</screen>
+      <para>For a more in depth discussion on why it was necessary to manually register the <emphasis>PropertySourcesPlaceholderConfigurer</emphasis> bean, see the <link xl:href="http://www.baeldung.com/2012/02/06/properties-with-spring/">Properties with Spring Tutorial</link>.</para>
+      <section xml:id="web_xml.1">
+        <title><emphasis role="bold">3.1. The web.xml</emphasis></title>
+        <screen>&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
+&lt;web-app xmlns=&quot;
+       http://java.sun.com/xml/ns/javaee&quot;
+       xmlns:web=&quot;http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd&quot;
+       xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;
+    xsi:schemaLocation=&quot;
+       http://java.sun.com/xml/ns/javaee 
+       http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd&quot;
+    id=&quot;rest&quot; version=&quot;3.0&quot;&gt;
+
+   &lt;context-param&gt;
+      &lt;param-name&gt;contextClass&lt;/param-name&gt;
+      &lt;param-value&gt;
+         org.springframework.web.context.support.AnnotationConfigWebApplicationContext
+      &lt;/param-value&gt;
+   &lt;/context-param&gt;
+   &lt;context-param&gt;
+      &lt;param-name&gt;contextConfigLocation&lt;/param-name&gt;
+      &lt;param-value&gt;org.rest.spring.root&lt;/param-value&gt;
+   &lt;/context-param&gt;
+   &lt;listener&gt;
+      &lt;listener-class&gt;org.springframework.web.context.ContextLoaderListener&lt;/listener-class&gt;
+   &lt;/listener&gt;
+
+   &lt;servlet&gt;
+      &lt;servlet-name&gt;rest&lt;/servlet-name&gt;
+      &lt;servlet-class&gt;
+         org.springframework.web.servlet.DispatcherServlet
+      &lt;/servlet-class&gt;
+      &lt;init-param&gt;
+         &lt;param-name&gt;contextClass&lt;/param-name&gt;
+         &lt;param-value&gt;
+            org.springframework.web.context.support.AnnotationConfigWebApplicationContext
+         &lt;/param-value&gt;
+      &lt;/init-param&gt;
+      &lt;init-param&gt;
+         &lt;param-name&gt;contextConfigLocation&lt;/param-name&gt;
+         &lt;param-value&gt;org.rest.spring.rest&lt;/param-value&gt;
+      &lt;/init-param&gt;
+      &lt;load-on-startup&gt;1&lt;/load-on-startup&gt;
+   &lt;/servlet&gt;
+   &lt;servlet-mapping&gt;
+      &lt;servlet-name&gt;rest&lt;/servlet-name&gt;
+      &lt;url-pattern&gt;/api/*&lt;/url-pattern&gt;
+   &lt;/servlet-mapping&gt;
+
+   &lt;welcome-file-list&gt;
+      &lt;welcome-file /&gt;
+   &lt;/welcome-file-list&gt;
+
+&lt;/web-app&gt;</screen>
+         <para> First, the root context is defined and configured to use <emphasis>AnnotationConfigWebApplicationContext</emphasis> instead of the default <emphasis>XmlWebApplicationContext</emphasis>. The newer <emphasis>AnnotationConfigWebApplicationContext</emphasis> accepts <emphasis>@Configuration</emphasis> annotated classes as input for the Container configuration and is needed in order to set up the Java based context. Unlike <emphasis>XmlWebApplicationContext</emphasis>, it assumes no default configuration class locations, so the <emphasis>“contextConfigLocation”</emphasis><emphasis>init-param</emphasis> for the Servlet must be set. This will point to the java package where the <emphasis>@Configuration</emphasis> classes are located; the fully qualified name(s) of the classes are also supported.</para>
+        <para>Next, the <emphasis>DispatcherServlet</emphasis> is configured to use the same kind of context, with the only difference that it’s loading configuration classes out of a different package.</para>
+        <para>Other than this, the <emphasis>web.xml</emphasis> doesn’t really change from a XML to a Java based configuration.</para>
+      </section>
     </section>
     <section xml:id="conclusion.1">
-      <title><anchor xml:id="dbdoclet.5_Conclusion"/><emphasis role="bold">5. Conclusion</emphasis></title>
-      <para>This post covered the basic security configuration and implementation for a RESTful Service using <emphasis role="bold">Spring Security 3.1</emphasis>, discussing the <emphasis>web.xml</emphasis>, the security configuration, the HTTP status codes for the authentication process and the Maven resolution of the security artifacts.</para>
-      <para><link xl:href="https://my.leadpages.net/leadbox/14476c373f72a2%3A13a71ac76b46dc/5664530495438848/">The implementation of this Spring Security REST Tutorial can be downloaded as a working sample project.</link>This is an Eclipse based project, so it should be easy to import and run as it is.</para>
+      <title><anchor xml:id="dbdoclet.4_Conclusion"/><emphasis role="bold">4. Conclusion</emphasis></title>
+      <para>The presented approach allows for a smooth <emphasis role="bold">migration of the Spring configuration</emphasis> from XML to Java, mixing the old and the new. This is important for older projects, which may have a lot of XML based configuration that cannot be migrated all at once.</para>
+      <para>This way, in a migration, the XML beans can be ported in small increments.</para>
+      <para>In <link xl:href="http://www.baeldung.com/2011/10/25/building-a-restful-web-service-with-spring-3-1-and-java-based-configuration-part-2/">the next article on REST with Spring</link>, I cover setting up MVC in the project, configuration of the HTTP status codes, payload marshalling and content negotiation.</para>
+      <para><link xl:href="https://my.leadpages.net/leadbox/147e9e473f72a2%3A13a71ac76b46dc/5745710343389184/">The implementation of this <emphasis>Bootstrap a Spring Web App Tutorial</emphasis> can be downloaded as a working sample project.</link></para>
+      <para>This is an Eclipse based project, so it should be easy to import and run as it is.</para>
       <!--
 Start Shortcoder content
 -->
-      <section>
-        <title><emphasis role="bold">I usually post about Security on Google+ - you can follow me there:  </emphasis></title>
-        <!--
+      <!--
 End Shortcoder content
 -->
-        <para><link xl:href=""/></para>
-        <anchor xml:id="dd_ajax_float"/>
-        <para><link xl:href="http://twitter.com/share"/></para>
-        <!--
+      <para><link xl:href=""/></para>
+      <anchor xml:id="dd_ajax_float"/>
+      <para><link xl:href="http://twitter.com/share"/></para>
+      <!--
 OptinSkin
 -->
-        <anchor xml:id="ois_12"/>
-        <!--
+      <anchor xml:id="ois_12"/>
+      <!--
 End OptinSkin
 -->
-        <!--
+      <!--
 /.entry
 -->
-        <para><emphasis role="italic"/><link xl:href="http://www.baeldung.com/tag/rest/">REST</link>, <link xl:href="http://www.baeldung.com/tag/security/">security</link>, <link xl:href="http://www.baeldung.com/tag/spring/">Spring</link></para>
-        <!--
+      <para><emphasis role="italic"/><link xl:href="http://www.baeldung.com/tag/java-2/">java</link>, <link xl:href="http://www.baeldung.com/tag/spring/">Spring</link></para>
+      <!--
 /.post
 -->
-        <anchor xml:id="disqus_thread"/>
-        <anchor xml:id="dsq-content"/>
-        <itemizedlist>
-          <listitem xml:id="dsq-comment-37">
-            <para><anchor xml:id="dsq-comment-header-37"/><anchor xml:id="dsq-cite-37"/> http://www.toptreadmillsforhome.com/ <anchor xml:id="dsq-author-user-37"/>top 10 treadmills for home<anchor xml:id="dsq-comment-body-37"/><anchor xml:id="dsq-comment-message-37"/> Great information, thanks for the share!</para>
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-80">
-            <para><anchor xml:id="dsq-comment-header-80"/><anchor xml:id="dsq-cite-80"/><anchor xml:id="dsq-author-user-80"/>Ben<anchor xml:id="dsq-comment-body-80"/><anchor xml:id="dsq-comment-message-80"/> The issue for me is having users inside my xml. How would you redirect the user auth to an external resource. Would you overwrite authenticationManager?</para>
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-83">
-            <para><anchor xml:id="dsq-comment-header-83"/><anchor xml:id="dsq-cite-83"/><anchor xml:id="dsq-author-user-83"/>Eugen<anchor xml:id="dsq-comment-body-83"/><anchor xml:id="dsq-comment-message-83"/> As it is mentioned in the article, the in memory authentication provider is only used because using a real provider is outside the scope of this post. Thanks for the feedback.</para>
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1489">
-            <para><anchor xml:id="dsq-comment-header-1489"/><anchor xml:id="dsq-cite-1489"/><anchor xml:id="dsq-author-user-1489"/>Sigmund Lundgren<anchor xml:id="dsq-comment-body-1489"/><anchor xml:id="dsq-comment-message-1489"/> Hmm successful auth still redirects for my, done in the spring base class. Had to comment this line in the successhandler:</para>
-            <para> //super.onAuthenticationSuccess(request, response, authentication);</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-1558">
-                <para><anchor xml:id="dsq-comment-header-1558"/><anchor xml:id="dsq-cite-1558"/><anchor xml:id="dsq-author-user-1558"/>René Fleischhauer<anchor xml:id="dsq-comment-body-1558"/><anchor xml:id="dsq-comment-message-1558"/> Hi Sigmund, all,</para>
-                <para>I have the same problem…</para>
-                <para>super.onAuthenticationSuccess(request, response, authentication) calls SimpleUrlAuthenticationSuccessHandler#handle which contains the following line</para>
-                <para>redirectStrategy.sendRedirect(request, response, targetUrl);</para>
-                <para>Seems to be pretty non-sense to call the super method and therefore, I also removed it. Additionally I added a response.setStatus(200) for safety purposes…</para>
-                <para>Best,</para>
-                <para> René</para>
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1523">
-            <para><anchor xml:id="dsq-comment-header-1523"/><anchor xml:id="dsq-cite-1523"/><anchor xml:id="dsq-author-user-1523"/>fadi<anchor xml:id="dsq-comment-body-1523"/><anchor xml:id="dsq-comment-message-1523"/> Hi, </para>
-            <para>Am having a problem in understanding one thing, how the actual login will be done. I added the configuration and when trying to access a rest method/url I get 401 error, but am unable to figure out how and where to login. can help me pleas?</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-1639">
-                <para><anchor xml:id="dsq-comment-header-1639"/><anchor xml:id="dsq-cite-1639"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1639"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1639"/><anchor xml:id="dsq-comment-message-1639"/> The article is now updated with the exact process of how to perform the login and how to use the cookie in further requests.</para>
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-455">
-            <para><anchor xml:id="dsq-comment-header-455"/><anchor xml:id="dsq-cite-455"/><anchor xml:id="dsq-author-user-455"/>Naama<anchor xml:id="dsq-comment-body-455"/><anchor xml:id="dsq-comment-message-455"/> Great article!</para>
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1554">
-            <para><anchor xml:id="dsq-comment-header-1554"/><anchor xml:id="dsq-cite-1554"/> http://profile.yahoo.com/DULVM64SMPX6Q74MRXYD4TFHPA <anchor xml:id="dsq-author-user-1554"/>Marc de Verdelhan<anchor xml:id="dsq-comment-body-1554"/><anchor xml:id="dsq-comment-message-1554"/> Your article was just what I needed. But I tested your solution and it always returned a “401 Unauthorized”.</para>
-            <para> Finally I used the following config:</para>
-            <para>Now it’s simpler and it works fine. Could you explain why?</para>
-            <para>Thank you.</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-1638">
-                <para><anchor xml:id="dsq-comment-header-1638"/><anchor xml:id="dsq-cite-1638"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1638"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1638"/><anchor xml:id="dsq-comment-message-1638"/> Hey – thanks for the feedback – I updated the article and explained how exactly to authentication and then how to use the resulting cookie in further requests against the REST API – hope it helps.</para>
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1560">
-            <para><anchor xml:id="dsq-comment-header-1560"/><anchor xml:id="dsq-cite-1560"/><anchor xml:id="dsq-author-user-1560"/>René Fleischhauer<anchor xml:id="dsq-comment-body-1560"/><anchor xml:id="dsq-comment-message-1560"/> Hi all,</para>
-            <para>thanks for the tutorial. Great stuff! I have a minor question:</para>
-            <para>I added within the element in order to customize the login url. After starting the application again the following exception occurs:</para>
-            <para>org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Filter beans ” and ” have the same ‘order’ value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from and avoiding the use of .</para>
-            <para>The problem is clear, however I’m not sure how I can avoid the use of j_spring_security_check. I’d highly appreciate any hint.</para>
-            <para>Best,</para>
-            <para> René</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-1637">
-                <para><anchor xml:id="dsq-comment-header-1637"/><anchor xml:id="dsq-cite-1637"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1637"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1637"/><anchor xml:id="dsq-comment-message-1637"/> Hi – yes, using the element is a good alternative as it does keep the configuration simple – please check out the updated configuration section and the new github project for a working implementation. Thanks.</para>
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1571">
-            <para><anchor xml:id="dsq-comment-header-1571"/><anchor xml:id="dsq-cite-1571"/><anchor xml:id="dsq-author-user-1571"/>glz<anchor xml:id="dsq-comment-body-1571"/><anchor xml:id="dsq-comment-message-1571"/> Great article, however every time I get 401 Unauthorized, regardless sending or not valid username and password (temporary/temporary) in username or j_username and password or j_password. Tried to figure it out looking at your git project, but there seems to be a lot of other stuff, and the only authentication used in this project is Digest authentication. Did I miss something important here?</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-1636">
-                <para><anchor xml:id="dsq-comment-header-1636"/><anchor xml:id="dsq-cite-1636"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1636"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1636"/><anchor xml:id="dsq-comment-message-1636"/> Hi – I updated the article to better explain how to perform login and how to interact with the service; I also added a specific github project to only cover this article – should be simpler to understand. Thanks.</para>
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1573">
-            <para><anchor xml:id="dsq-comment-header-1573"/><anchor xml:id="dsq-cite-1573"/><anchor xml:id="dsq-author-user-1573"/>bhecht<anchor xml:id="dsq-comment-body-1573"/><anchor xml:id="dsq-comment-message-1573"/> This was very helpful.</para>
-            <para>I as well got an 401 Unauthorized.</para>
-            <para> After dubugging i found out the problem is at UsernamePasswordAuthenticationFilter.requiresAuthentication() which returns true only if the URI ends with /j_spring_security_check.</para>
-            <para> I had to override this class and return true in the requiresAuthentication(), so it will work.</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-1635">
-                <para><anchor xml:id="dsq-comment-header-1635"/><anchor xml:id="dsq-cite-1635"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1635"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1635"/><anchor xml:id="dsq-comment-message-1635"/> Hi – the article is now updated to better explain how to interact with the REST Service – in short, yes, the first request is to /j_spring_security_check – this will return the Cookie which will be used in any further requests against the service.</para>
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1665">
-            <para><anchor xml:id="dsq-comment-header-1665"/><anchor xml:id="dsq-cite-1665"/><anchor xml:id="dsq-author-user-1665"/>Stephane<anchor xml:id="dsq-comment-body-1665"/><anchor xml:id="dsq-comment-message-1665"/> Hi,</para>
-            <para>I already have in place a working form based authentication for non-REST requests with a custom provider against a legacy database table of existing administrator credentials.</para>
-            <para>Now, I’m trying to add an authentication, for the REST requests this time.</para>
-            <para>I wish to use the same authentication provider if possible.</para>
-            <para>My existing setup is:</para>
-            <para>I added another http element:</para>
-            <para>before the previous one but it still gives me a: A universal match pattern (‘/**’) is defined before other patterns in the filter chain…</para>
-            <para>I wonder what to do at this point.</para>
-            <para>You’d have some tips on how to have two authentication setups, one for browser web page authentication and one for REST based ?</para>
-            <para>Thanks for the cool article !</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-1666">
-                <para><anchor xml:id="dsq-comment-header-1666"/><anchor xml:id="dsq-cite-1666"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1666"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1666"/><anchor xml:id="dsq-comment-message-1666"/> I suggest using two different patterns for the 2 http elements – map the rest one on /rest or something similar and the standard one to /mvc or similar. This should keep things nice and separate.</para>
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1667">
-            <para><anchor xml:id="dsq-comment-header-1667"/><anchor xml:id="dsq-cite-1667"/><anchor xml:id="dsq-author-user-1667"/>Stephane<anchor xml:id="dsq-comment-body-1667"/><anchor xml:id="dsq-comment-message-1667"/> Hello,</para>
-            <para> I was trying to use a as you suggested. But it kept doing a redirect if no user credentials were given. This issue is explained and solved (thank you Rob Winch  at <link xl:href="http://forum.springsource.org/showthread.php?139586-Two-lt-http-gt-container-elements-with-one-for-the-browser-and-one-for-REST">http://forum.springsource.org/showthread.php?139586-Two-lt-http-gt-container-elements-with-one-for-the-browser-and-one-for-REST</link></para>
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1714">
-            <para><anchor xml:id="dsq-comment-header-1714"/><anchor xml:id="dsq-cite-1714"/><anchor xml:id="dsq-author-user-1714"/>Franklin Antony<anchor xml:id="dsq-comment-body-1714"/><anchor xml:id="dsq-comment-message-1714"/> “Authentication should return 200 instead of 301″ portion doesn’t work as expected. In “MySavedRequestAwareAuthenticationSuccessHandler” the super.onAuthenticationSuccess(request, response, authentication) actually triggers a redirectStrategy.sendRedirect(request, response, targetUrl) from the parent AbstractAuthenticationTargetUrlRequestHandler. Just commenting out works, but am not sure if that is expected. Any suggestions ?</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-1715">
-                <para><anchor xml:id="dsq-comment-header-1715"/><anchor xml:id="dsq-cite-1715"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1715"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1715"/><anchor xml:id="dsq-comment-message-1715"/> Actually, the sending of the redirect should already be commented</para>
-                <para> out: <link xl:href="https://github.com/eugenp/tutorials/blob/master/spring-security-rest/src/main/java/org/baeldung/security/MySavedRequestAwareAuthenticationSuccessHandler.java">MySavedRequestAwareAuthenticationSuccessHandler</link>.</para>
-                <para> Please let me know if it still doesn’t work.</para>
-                <para> Thanks. Eugen.</para>
-                <itemizedlist>
-                  <listitem xml:id="dsq-comment-1716">
-                    <para><anchor xml:id="dsq-comment-header-1716"/><anchor xml:id="dsq-cite-1716"/><anchor xml:id="dsq-author-user-1716"/>Franklin Antony<anchor xml:id="dsq-comment-body-1716"/><anchor xml:id="dsq-comment-message-1716"/> The sending of redirect is commented out as required but the problem lies in the parent class “AbstractAuthenticationTargetUrlRequestHandler” which “SimpleUrlAuthenticationSuccessHandler” extends from. When the “super.onAuthenticationSuccess(request, response, authentication) ” is called from “MySavedRequestAwareAuthenticationSuccessHandler” it triggers “redirectStrategy.sendRedirect(request, response, targetUrl);” in the “AbstractAuthenticationTargetUrlRequestHandler”.</para>
-                    <para>I have seen in this article “http://www.petrikainulainen.net/programming/spring-framework/integration-testing-of-spring-mvc-applications-security” that the author is not calling the “super.onAuthenticationSuccess(request, response, authentication) ” and is just calling “response.setStatus(HttpServletResponse.SC_OK);”</para>
-                    <para>Regards,</para>
-                    <para> Franklin</para>
-                    <itemizedlist>
-                      <listitem xml:id="dsq-comment-1717">
-                        <para><anchor xml:id="dsq-comment-header-1717"/><anchor xml:id="dsq-cite-1717"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1717"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1717"/><anchor xml:id="dsq-comment-message-1717"/> Nice spot on the redirect still possibly occurring in this example – I have updated the example by preserving the exact functionality from the parent classes and just removing the redirect.</para>
-                        <para> Thanks. Eugen.</para>
-                        <itemizedlist>
-                          <listitem xml:id="dsq-comment-1718">
-                            <para><anchor xml:id="dsq-comment-header-1718"/><anchor xml:id="dsq-cite-1718"/><anchor xml:id="dsq-author-user-1718"/>Franklin Antony<anchor xml:id="dsq-comment-body-1718"/><anchor xml:id="dsq-comment-message-1718"/> Cool. Looks fine now. Any idea why “clearAuthenticationAttributes(request)” is being reported as a compilation error “The method clearAuthenticationAttributes(HttpServletRequest) is undefined for the type” ? </para>
-                            <para>Its supposed to be a protected method in</para>
-                            <para><link xl:href="http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.html#clearAuthenticationAttributes(javax.servlet.http.HttpServletRequest)">http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/authentication/SimpleUrlAuthenticationSuccessHandler.html#clearAuthenticationAttributes(javax.servlet.http.HttpServletRequest)</link></para>
-                            <para>I am using Spring Security 3.0.2 but somehow its not there in my parent class . Aaarg!!</para>
-                          </listitem>
-                          <!--
-#comment-##
--->
-                          <listitem xml:id="dsq-comment-1719">
-                            <para><anchor xml:id="dsq-comment-header-1719"/><anchor xml:id="dsq-cite-1719"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1719"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1719"/><anchor xml:id="dsq-comment-message-1719"/> I’m compiling against 3.1.4, so the implementation has probably been opened up a bit.</para>
-                          </listitem>
-                          <!--
-#comment-##
--->
-                          <listitem xml:id="dsq-comment-1720">
-                            <para><anchor xml:id="dsq-comment-header-1720"/><anchor xml:id="dsq-cite-1720"/><anchor xml:id="dsq-author-user-1720"/>Franklin Antony<anchor xml:id="dsq-comment-body-1720"/><anchor xml:id="dsq-comment-message-1720"/> Ok. Thanks. Should be fine.</para>
-                          </listitem>
-                          <!--
-#comment-##
--->
-                        </itemizedlist>
-                        <!--
-.children
--->
-                      </listitem>
-                      <!--
-#comment-##
--->
-                    </itemizedlist>
-                    <!--
-.children
--->
-                  </listitem>
-                  <!--
-#comment-##
--->
-                </itemizedlist>
-                <!--
-.children
--->
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1735">
-            <para><anchor xml:id="dsq-comment-header-1735"/><anchor xml:id="dsq-cite-1735"/><anchor xml:id="dsq-author-user-1735"/>kiran<anchor xml:id="dsq-comment-body-1735"/><anchor xml:id="dsq-comment-message-1735"/> This is very helpful.But when ever login fails with bad credentials it’s returing 302 .</para>
-            <para>And for logout too it’s returning 302.</para>
-            <para> Shouln’t that be changed ?</para>
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1739">
-            <para><anchor xml:id="dsq-comment-header-1739"/><anchor xml:id="dsq-cite-1739"/><anchor xml:id="dsq-author-user-1739"/>Sebastian<anchor xml:id="dsq-comment-body-1739"/><anchor xml:id="dsq-comment-message-1739"/> I am using a combination of form-based login and basic authentication. So the REST endpoints can be used with the users session if he has one but falls back to basic auth if no session exists. So I like your approach with the “restAuthenticationEntryPoint”. The problem however is, that according to the HTTP documentation, a HTTP 401 response must include a WWW-Authenticate header, which you are not sending. On the other hand, this is good, because it means the browser will not display a basic authentication login dialog as it would if the WWW-Authenticate header was present. While my solution now works I am thinking if there is a better solution that allows me to use basic authentication fallback but does not violate the HTTP specification.</para>
-            <para>Update: I have now found a better solution. Instead of calling response.setError(…) I set the Header and Status code individually: </para>
-            <para> response.setHeader(“WWW-Authenticate”, “FormBased”);</para>
-            <para> response.setStatus( HttpServletResponse.SC_UNAUTHORIZED );</para>
-            <para>Setting WWW-Authenticate to “FormBased” still prevents the browser from showing the login screen.</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-1873">
-                <para><anchor xml:id="dsq-comment-header-1873"/><anchor xml:id="dsq-cite-1873"/><anchor xml:id="dsq-author-user-1873"/>Abhishek Amte<anchor xml:id="dsq-comment-body-1873"/><anchor xml:id="dsq-comment-message-1873"/> Hello Sebastian,</para>
-                <para> How did you configure your basic authentication to use the credentials from the form-based?</para>
-                <itemizedlist>
-                  <listitem xml:id="dsq-comment-1877">
-                    <para><anchor xml:id="dsq-comment-header-1877"/><anchor xml:id="dsq-cite-1877"/><anchor xml:id="dsq-author-user-1877"/>Sebastian<anchor xml:id="dsq-comment-body-1877"/><anchor xml:id="dsq-comment-message-1877"/> Hello Abhishek,</para>
-                    <para>I did not. Sending WWW-Authenticate to “FormBased” is only a means to prevent the browser from showing the basic authentication login dialog, so I can implement it in HTML. You could also set it to “Foobar” or “Custom”, it just has to be different than “Basic”.</para>
-                    <para>I now have the following in my spring security:</para>
-                    <para>authenticationFailureHandler is just an instance of SimpleUrlAuthenticationFailureHandler (without any properties set).</para>
-                    <para>This allows me to login in two ways:</para>
-                    <para>1. By HTTP Basic Auth, sending a HTTP header:</para>
-                    <para>Authorization: Basic </para>
-                    <para>2. With a POST to /session:</para>
-                    <para>method: ‘POST’,</para>
-                    <para> url: ‘../rest/session’,</para>
-                    <para> data: “j_username=” + username + “&amp;j_password=” + password,</para>
-                    <para> headers: {‘Content-Type&apos;: ‘application/x-www-form-urlencoded’ }</para>
-                    <itemizedlist>
-                      <listitem xml:id="dsq-comment-1880">
-                        <para><anchor xml:id="dsq-comment-header-1880"/><anchor xml:id="dsq-cite-1880"/><anchor xml:id="dsq-author-user-1880"/>Abhishek Amte<anchor xml:id="dsq-comment-body-1880"/><anchor xml:id="dsq-comment-message-1880"/> Thanks a lot Sebastian</para>
-                      </listitem>
-                      <!--
-#comment-##
--->
-                    </itemizedlist>
-                    <!--
-.children
--->
-                  </listitem>
-                  <!--
-#comment-##
--->
-                </itemizedlist>
-                <!--
-.children
--->
-              </listitem>
-              <!--
-#comment-##
--->
-              <listitem xml:id="dsq-comment-1881">
-                <para><anchor xml:id="dsq-comment-header-1881"/><anchor xml:id="dsq-cite-1881"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1881"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1881"/><anchor xml:id="dsq-comment-message-1881"/> Yes, the WWW-Authenticate header is not included as the spec requires. This is because the current solution is a hybrid between a REST API secured with Basic/Digest authentication (for example) and a form-based authentication mechanism.</para>
-                <para> Now – setting your own custom value for WWW-Authenticate is defninitly an option but what may be better – and what I’ve been doing – is to separate the two responsibilities – the API and the UI.</para>
-                <para> What I mean is – the REST API is secured with Basic Auth (for this example – in practice I would suggest Digest) – and that’s it. No fallback and no complexity. Now – the UI is a form-based web application – again, no additional complexity. The bridget between them is a proxy for all of the requests from the UI to the API.</para>
-                <para> Hope that makes sense.</para>
-                <para> Cheers,</para>
-                <para> Eugen.</para>
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem>
-            <para> Pingback: <link xl:href="http://notesofguclu.wordpress.com/2013/09/30/spring-mvc-token-based-authentication-to-a-rest-service-part-2/">Spring MVC Token Based Authentication to a REST Service – Part 2 | notesofguclu</link>()</para>
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1838">
-            <para><anchor xml:id="dsq-comment-header-1838"/><anchor xml:id="dsq-cite-1838"/><anchor xml:id="dsq-author-user-1838"/>Himalay<anchor xml:id="dsq-comment-body-1838"/><anchor xml:id="dsq-comment-message-1838"/> Whenever login fails with bad credentials it’s returing 302, shouldn’t it return 401?</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-1845">
-                <para><anchor xml:id="dsq-comment-header-1845"/><anchor xml:id="dsq-cite-1845"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1845"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1845"/><anchor xml:id="dsq-comment-message-1845"/> You’re right – for correct semantics, it would have to return the 401 – I updated the article and the github project – thanks for the suggestion.</para>
-                <para> Cheers,</para>
-                <para> Eugen.</para>
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1934">
-            <para><anchor xml:id="dsq-comment-header-1934"/><anchor xml:id="dsq-cite-1934"/><anchor xml:id="dsq-author-user-1934"/>Alessandro Scuderetti<anchor xml:id="dsq-comment-body-1934"/><anchor xml:id="dsq-comment-message-1934"/> Very useful article. I’m also interesting in =&gt; How to use the “login rest” with restful @Controller that accept and response in json format?</para>
-            <para>This: <link xl:href="http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2002229">http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&amp;cmd=displayKC&amp;externalId=2002229</link> according to you, is ti good?</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-1936">
-                <para><anchor xml:id="dsq-comment-header-1936"/><anchor xml:id="dsq-cite-1936"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1936"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1936"/><anchor xml:id="dsq-comment-message-1936"/> Hey Alessandro – a few notes on that particular article:</para>
-                <para> – first, it doesn’t really handle authentication for a RESTful API – but instead for a more standard webapp; a REST API will have additional architectural constraints which will impact what you’ll be able to do with Spring Security</para>
-                <para> – next – Spring Security already has all the elements necessary for authentication in place – so adding a custom controller to replace these elements is not really necessary; what’s more – using the framework will help you deal with all of the corner cases and potential vulnerabilities that you will need to keep in mind when rolling your own controller – so, without a solid reason to do so, I would stay away from doing that</para>
-                <para> – and finally, both the framework as well as AJAX are powerful/flexible enough to do this without a custom auth controller; what I mean is – from AJAX – you can definitely handle the default (non-json) response of Spring Security if you need to; also, from Spring Security, you can hook into the authentication process and only override the success handler if you really need to return json to the client</para>
-                <para> Hope that helps.</para>
-                <para> Cheers,</para>
-                <para> Eugen.</para>
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1979">
-            <para><anchor xml:id="dsq-comment-header-1979"/><anchor xml:id="dsq-cite-1979"/><anchor xml:id="dsq-author-user-1979"/>Richard<anchor xml:id="dsq-comment-body-1979"/><anchor xml:id="dsq-comment-message-1979"/> Have you tried to implement this in spring security 3.2 with the java config? I’ve put most of it together, but the form does not render on accessing /login as a GET request. I wonder if anyone has had the same experience? (Or have I missed the point and you can’t get to the login form with this configuration?)</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-1981">
-                <para><anchor xml:id="dsq-comment-header-1981"/><anchor xml:id="dsq-cite-1981"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1981"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1981"/><anchor xml:id="dsq-comment-message-1981"/> Hey Richard – everything should work fine, but just to be on the safe side, I’m going to go through the implementation again and will get back to you. Cheers,</para>
-                <para> Eugen.</para>
-                <itemizedlist>
-                  <listitem xml:id="dsq-comment-2099">
-                    <para><anchor xml:id="dsq-comment-header-2099"/><anchor xml:id="dsq-cite-2099"/><anchor xml:id="dsq-author-user-2099"/>elysch<anchor xml:id="dsq-comment-body-2099"/><anchor xml:id="dsq-comment-message-2099"/> Hi.</para>
-                    <para>How did you register the restAuthenticationEntryPoint using only java config?</para>
-                    <para>Thanks</para>
-                    <itemizedlist>
-                      <listitem xml:id="dsq-comment-2101">
-                        <para><anchor xml:id="dsq-comment-header-2101"/><anchor xml:id="dsq-cite-2101"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-2101"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-2101"/><anchor xml:id="dsq-comment-message-2101"/> I didn’t – there’s some XML configuration for security in the project. That being said, if you do want to only use Java config, that’s possible now with the new release. Cheers, </para>
-                        <para>Eugen.</para>
-                      </listitem>
-                      <!--
-#comment-##
--->
-                    </itemizedlist>
-                    <!--
-.children
--->
-                  </listitem>
-                  <!--
-#comment-##
--->
-                </itemizedlist>
-                <!--
-.children
--->
-              </listitem>
-              <!--
-#comment-##
--->
-              <listitem xml:id="dsq-comment-1999">
-                <para><anchor xml:id="dsq-comment-header-1999"/><anchor xml:id="dsq-cite-1999"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1999"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1999"/><anchor xml:id="dsq-comment-message-1999"/> Hey Richard – I checked and everything works well. The project is indeed using Spring 3.2, and some java config. However, note that the security configuration is still XML, so if that is what you meant by java config – that support is still very new and I have not integrated it into these tutorials yet. Hope this helps. Cheers, </para>
-                <para>Eugen.</para>
-              </listitem>
-              <!--
-#comment-##
--->
-              <listitem xml:id="dsq-comment-2100">
-                <para><anchor xml:id="dsq-comment-header-2100"/><anchor xml:id="dsq-cite-2100"/><anchor xml:id="dsq-author-user-2100"/>elysch<anchor xml:id="dsq-comment-body-2100"/><anchor xml:id="dsq-comment-message-2100"/> Hi Richard.</para>
-                <para>I asked this to Eugen by mistake, but it was intended for you:</para>
-                <para>How did you register the restAuthenticationEntryPoint using only java config?</para>
-                <para>Thanks</para>
-                <itemizedlist>
-                  <listitem xml:id="dsq-comment-2103">
-                    <para><anchor xml:id="dsq-comment-header-2103"/><anchor xml:id="dsq-cite-2103"/><anchor xml:id="dsq-author-user-2103"/>Richard<anchor xml:id="dsq-comment-body-2103"/><anchor xml:id="dsq-comment-message-2103"/> http.exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint())</para>
-                  </listitem>
-                  <!--
-#comment-##
--->
-                </itemizedlist>
-                <!--
-.children
--->
-              </listitem>
-              <!--
-#comment-##
--->
-              <listitem xml:id="dsq-comment-2104">
-                <para><anchor xml:id="dsq-comment-header-2104"/><anchor xml:id="dsq-cite-2104"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-2104"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-2104"/><anchor xml:id="dsq-comment-message-2104"/> I haven’t yet, no. I’ll use the java config variant at some point, but I didn’t have the chance yet. Cheers,</para>
-                <para> Eugen.</para>
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-2038">
-            <para><anchor xml:id="dsq-comment-header-2038"/><anchor xml:id="dsq-cite-2038"/><anchor xml:id="dsq-author-user-2038"/>ohadr dev<anchor xml:id="dsq-comment-body-2038"/><anchor xml:id="dsq-comment-message-2038"/> what about logout? </para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-2042">
-                <para><anchor xml:id="dsq-comment-header-2042"/><anchor xml:id="dsq-cite-2042"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-2042"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-2042"/><anchor xml:id="dsq-comment-message-2042"/> Hey Ohadr – logout is indeed enabled in the Spring Security config – notice the – so you’ll be able to log out at /j_spring_security_logout. Hope this helps. Cheers,</para>
-                <para> Eugen.</para>
-                <itemizedlist>
-                  <listitem xml:id="dsq-comment-2043">
-                    <para><anchor xml:id="dsq-comment-header-2043"/><anchor xml:id="dsq-cite-2043"/><anchor xml:id="dsq-author-user-2043"/>OhadR<anchor xml:id="dsq-comment-body-2043"/><anchor xml:id="dsq-comment-message-2043"/> thanks for your reply! the regular logout redirects to a default target URL. it needs a special treatment… </para>
-                  </listitem>
-                  <!--
-#comment-##
--->
-                  <listitem xml:id="dsq-comment-2058">
-                    <para><anchor xml:id="dsq-comment-header-2058"/><anchor xml:id="dsq-cite-2058"/><anchor xml:id="dsq-author-user-2058"/>ohadr dev<anchor xml:id="dsq-comment-body-2058"/><anchor xml:id="dsq-comment-message-2058"/> i solved it. you can see here… <link xl:href="http://www.codeproject.com/Tips/521847/Logout-Spring-s-LogoutFilter">http://www.codeproject.com/Tips/521847/Logout-Spring-s-LogoutFilter</link>. thanks!</para>
-                  </listitem>
-                  <!--
-#comment-##
--->
-                </itemizedlist>
-                <!--
-.children
--->
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-2133">
-            <para><anchor xml:id="dsq-comment-header-2133"/><anchor xml:id="dsq-cite-2133"/><anchor xml:id="dsq-author-user-2133"/>Kaan<anchor xml:id="dsq-comment-body-2133"/><anchor xml:id="dsq-comment-message-2133"/> Can someone give an example how to use restTemplate instead of ‘curl -i -X POST -d j_username=user -d j_password=userPass -c /opt/cookies.txt’ . I am able to do it without cookie file but other requests gives me 401 unauthorized response. Or does anyone know how i can handle the problem? Thanks</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-2161">
-                <para><anchor xml:id="dsq-comment-header-2161"/><anchor xml:id="dsq-cite-2161"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-2161"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-2161"/><anchor xml:id="dsq-comment-message-2161"/> Hey Kann – sending the cookie with RestTemplate is nothing special – just a matter of adding the cookie header with the cookie value – that should allow you to correctly send the cookie in the request. Cheers,</para>
-                <para> Eugen.</para>
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-2219">
-            <para><anchor xml:id="dsq-comment-header-2219"/><anchor xml:id="dsq-cite-2219"/> http://justincalleja.com/ <anchor xml:id="dsq-author-user-2219"/>Justin<anchor xml:id="dsq-comment-body-2219"/><anchor xml:id="dsq-comment-message-2219"/> Hi Eugen,</para>
-            <para>This post is really helpful – thanks a bunch </para>
-            <para>I would love to hear your opinion regarding the following: I have a login page which I would like to use in a “normal” fashion – i.e. I want spring security to redirect sending back a 301 on success and have the browser take care of storing the session.</para>
-            <para>The idea is that the page which the browser is redirected to is an SPA in which I’ll be making use of Javascript to get the JSESSIONID out of the the cookie and basically replicate the same kind of request a browser would make but using Javascript to access the protected endpoints.</para>
-            <para>The thing that’s annoying me is that I only want this behaviour when hitting security/session (a re-map of j_spring_security_check) from a browser (say login.html). I would love to have the behaviour you illustrated in this post when I’m trying to get the JSESSIONID from a non-browser environment i.e. 200 or 401.</para>
-            <para>What do you think about this situation? Personally, I don’t think I’ll be going down the 2 servers route, one maintaing session state and proxying for the “real” REST server.</para>
-            <para>I was thinking maybe Spring Security can be configured to have 2 or something of the sort. Note that the endpoints they affect would be the same, it’s just that it would be awesome if I could have something like security/session for the browser and api/security/session for REST clients (with different behaviours). I’m not familiar enough with Spring Security to know if this is possible. Is it? Or perhaps you would tackle it differently?</para>
-            <para>Regards,</para>
-            <para> Justin</para>
-            <para>Edit:</para>
-            <para>Note, I am just exploring options. I am currently thinking I will ditch the whole browser shortcut and just store it in a cookie or local storage using Javascript. But I was just curious about the two endpoint for security approach.</para>
-            <itemizedlist>
-              <listitem xml:id="dsq-comment-2220">
-                <para><anchor xml:id="dsq-comment-header-2220"/><anchor xml:id="dsq-cite-2220"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-2220"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-2220"/><anchor xml:id="dsq-comment-message-2220"/> Hey Justin,</para>
-                <para> Two notes about your usecase. First thing is that – since you’re basically replicating some of the browser behavior in js – why do you need the server response to be a 301? You could simply do a redirect, or hide the login popup regardless of the status code.</para>
-                <para> Second – you probably don’t need 2 services, but yes – you can have 2 authentication paths if you really need to – one for the standard login and the other that’s more focused on the API. Keep in mind that now (since 3.1) you can have multiple elements. If that’s not an option you can always do it manually (but your intuition is right – it would be quite low level and would require a solid understanding of the framework). Hope it helps. Cheers,</para>
-                <para> Eugen.</para>
-                <itemizedlist>
-                  <listitem xml:id="dsq-comment-2221">
-                    <para><anchor xml:id="dsq-comment-header-2221"/><anchor xml:id="dsq-cite-2221"/> http://justincalleja.com/ <anchor xml:id="dsq-author-user-2221"/>Justin<anchor xml:id="dsq-comment-body-2221"/><anchor xml:id="dsq-comment-message-2221"/> Cheers Eugen </para>
-                    <para>True, I was leaning towards sticking to the more REST-like behaviour and doing the rest with Javascript. I was thinking that maybe it would be a shortcut to let the browser handle that part – was considering using a normal for the login. Also, the thought “I could have 2 endpoints for session management one of which is easier to work with in a browser – maybe that would be useful to other people building apps against the REST API. So that’s why I asked.</para>
-                    <para>I will continue with the Javascript approach. Maybe later I’ll do some research on the 2 endpoint approach.</para>
-                    <para>Thanks a lot!</para>
-                    <para>Regards,</para>
-                    <para> Justin</para>
-                    <itemizedlist>
-                      <listitem xml:id="dsq-comment-2222">
-                        <para><anchor xml:id="dsq-comment-header-2222"/><anchor xml:id="dsq-cite-2222"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-2222"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-2222"/><anchor xml:id="dsq-comment-message-2222"/> Sounds good Justin. Also – it’s probably the kind of thing that will help someone else, so you can always write about it as well. Cheers,</para>
-                        <para> Eugen.</para>
-                        <itemizedlist>
-                          <listitem xml:id="dsq-comment-2223">
-                            <para><anchor xml:id="dsq-comment-header-2223"/><anchor xml:id="dsq-cite-2223"/> http://justincalleja.com/ <anchor xml:id="dsq-author-user-2223"/>Justin<anchor xml:id="dsq-comment-body-2223"/><anchor xml:id="dsq-comment-message-2223"/> hehe yes I have been meaning to set up a blog for quite some time. It will happen eventually (even if just to keep track of things).</para>
-                            <para>Thanks for the suggestion </para>
-                            <para>Regards,</para>
-                            <para> Justin</para>
-                          </listitem>
-                          <!--
-#comment-##
--->
-                          <listitem xml:id="dsq-comment-2239">
-                            <para><anchor xml:id="dsq-comment-header-2239"/><anchor xml:id="dsq-cite-2239"/> http://justincalleja.com/ <anchor xml:id="dsq-author-user-2239"/>Justin<anchor xml:id="dsq-comment-body-2239"/><anchor xml:id="dsq-comment-message-2239"/> btw, as an update – I ended up going for the page for login and page for SPA approach using a normal no JS for the login page. I came up against problems with server sending back HttpOnly with cookies so couldn’t access from JS. I figured it would be more work (and code) than I liked to change the behaviour on the server side (overriding Spring Security classes – maybe haven’t actually done it). </para>
-                            <para>The 2 page approach is working for now and I can keep a simple Spring Security config.</para>
-                            <para>Regards,</para>
-                            <para> Justin</para>
-                          </listitem>
-                          <!--
-#comment-##
--->
-                          <listitem xml:id="dsq-comment-2240">
-                            <para><anchor xml:id="dsq-comment-header-2240"/><anchor xml:id="dsq-cite-2240"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-2240"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-2240"/><anchor xml:id="dsq-comment-message-2240"/> Glad it worked out – I’m getting these kinds of questions a lot lately, so I’m thinking of covering the various options in a series. Cheers,</para>
-                            <para> Eugen.</para>
-                          </listitem>
-                          <!--
-#comment-##
--->
-                          <listitem xml:id="dsq-comment-2241">
-                            <para><anchor xml:id="dsq-comment-header-2241"/><anchor xml:id="dsq-cite-2241"/> http://justincalleja.com/ <anchor xml:id="dsq-author-user-2241"/>Justin<anchor xml:id="dsq-comment-body-2241"/><anchor xml:id="dsq-comment-message-2241"/> +1 to that </para>
-                            <para>Regards,</para>
-                            <para> Justin</para>
-                          </listitem>
-                          <!--
-#comment-##
--->
-                        </itemizedlist>
-                        <!--
-.children
--->
-                      </listitem>
-                      <!--
-#comment-##
--->
-                    </itemizedlist>
-                    <!--
-.children
--->
-                  </listitem>
-                  <!--
-#comment-##
--->
-                </itemizedlist>
-                <!--
-.children
--->
-              </listitem>
-              <!--
-#comment-##
--->
-            </itemizedlist>
-            <!--
-.children
--->
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1525">
-            <para><anchor xml:id="dsq-comment-header-1525"/><anchor xml:id="dsq-cite-1525"/><anchor xml:id="dsq-author-user-1525"/>fadi<anchor xml:id="dsq-comment-body-1525"/><anchor xml:id="dsq-comment-message-1525"/> Thank you for the response, but am using FF plugin and I added the Authorization header to the url, the only place fired in my code is the EntryPoint and it never enters my AuthenticationProvider. which makes wounder if am doing something wrong!</para>
-            <para>Thanks</para>
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1549">
-            <para><anchor xml:id="dsq-comment-header-1549"/><anchor xml:id="dsq-cite-1549"/><anchor xml:id="dsq-author-user-1549"/>DropDeadFred<anchor xml:id="dsq-comment-body-1549"/><anchor xml:id="dsq-comment-message-1549"/> If you are using the REST service through AJAX from a browser can you had the necessary Authentication headers? For example, if you are using form based authentication to your website and want to retrieve data from your REST service. I guess I must just be missing something here.</para>
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1563">
-            <para><anchor xml:id="dsq-comment-header-1563"/><anchor xml:id="dsq-cite-1563"/><anchor xml:id="dsq-author-user-1563"/>Branislav Vidovic<anchor xml:id="dsq-comment-body-1563"/><anchor xml:id="dsq-comment-message-1563"/> This is the most interesting part in my opinion…. I am interested which other additional component of spring security you have extended to read request headers and build a required authentication object. Besides i had a look into your git project but in there you did not do it totally like in this post..</para>
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1550">
-            <para><anchor xml:id="dsq-comment-header-1550"/><anchor xml:id="dsq-cite-1550"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1550"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1550"/><anchor xml:id="dsq-comment-message-1550"/> You can take a look at: <link xl:href="http://code.google.com/p/crypto-js/">http://code.google.com/p/crypto-js/</link></para>
-          </listitem>
-          <!--
-#comment-##
--->
-          <listitem xml:id="dsq-comment-1552">
-            <para><anchor xml:id="dsq-comment-header-1552"/><anchor xml:id="dsq-cite-1552"/> http://www.baeldung.com/ <anchor xml:id="dsq-author-user-1552"/>Eugen Paraschiv<anchor xml:id="dsq-comment-body-1552"/><anchor xml:id="dsq-comment-message-1552"/> Not sure how you can add the header to the URL – do you mean you added the header to the request? Also, to follow some working examples, you can always clone the project from github and run the tests. </para>
-          </listitem>
-          <!--
-#comment-##
--->
-        </itemizedlist>
-        <!--
+      <!--
 /#main
 -->
-        <anchor xml:id="optinskin-widget-3"/>
-        <!--
+      <anchor xml:id="optinskin-widget-3"/>
+      <!--
 OptinSkin
 -->
-        <anchor xml:id="ois_5"/>
-        <!--
+      <anchor xml:id="ois_5"/>
+      <!--
 End OptinSkin
 -->
-        <!--
+      <!--
 /#sidebar
 -->
-        <!--
+      <!--
 /#main-sidebar-container
 -->
-        <!--
+      <!--
 /#content
 -->
-        <anchor xml:id="copyright"/>
-        <para>© 2014 Baeldung. All Rights Reserved. </para>
-        <anchor xml:id="credit"/>
-        <!--
+      <anchor xml:id="copyright"/>
+      <para>© 2014 Baeldung. All Rights Reserved. </para>
+      <anchor xml:id="credit"/>
+      <!--
 /#inner-wrapper
 -->
-        <!--
+      <!--
 /#wrapper
 -->
-        <!--
+      <!--
 /.fix
 -->
-        <!--
+      <!--
 ngg_resource_manager_marker
 -->
-        <!--
+      <!--
 WP SyntaxHighlighter Ver.1.7.3 Begin
 -->
-        <!--
+      <!--
+WP SyntaxHighlighter Ver.1.7.3 End
+-->
+    </section>
+  </section>
+</article>
+<?xml version="1.0" encoding="UTF-8"?>
+<article version="5.0" xml:lang="en-US" xmlns="http://docbook.org/ns/docbook" xmlns:xl="http://www.w3.org/1999/xlink">
+  <info>
+    <title>Spring Security Basic Authentication</title>
+  </info>
+  <anchor xml:id="wrapper"/>
+  <anchor xml:id="inner-wrapper"/>
+  <!--
+/#side-nav
+-->
+  <!--
+/.menus
+-->
+  <para><link linkend="top">Return to Content</link></para>
+  <!--
+#content Starts
+-->
+  <anchor xml:id="content"/>
+  <anchor xml:id="main-sidebar-container"/>
+  <!--
+#main Starts
+-->
+  <anchor xml:id="toc_container"/>
+  <para>Contents</para>
+  <itemizedlist>
+    <listitem>
+      <para><link linkend="dbdoclet.1_Overview">1. Overview</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.2_The_Spring_Security_Configuration">2. The Spring Security Configuration</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.3_Consuming_The_Secured_Application">3. Consuming The Secured Application</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.4_Further_Configuration_8211_The_Entry_Point">4. Further Configuration – The Entry Point</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.5_The_Maven_Dependencies">5. The Maven Dependencies</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.6_Conclusion">6. Conclusion</link></para>
+    </listitem>
+  </itemizedlist>
+  <para>If you&apos;re new here, <link xl:href="https://my.leadpages.net/leadbox/146382273f72a2%3A13a71ac76b46dc/5735865741475840/">you may want to get my &quot;REST APIs with Spring&quot; eBook</link>. Thanks for visiting!</para>
+  <para><link xl:href=""/></para>
+  <!--
+Start Shortcoder content
+-->
+  <!--
+End Shortcoder content
+-->
+  <section xml:id="overview.1">
+    <title><anchor xml:id="dbdoclet.1_Overview"/><emphasis role="bold">1. Overview</emphasis></title>
+    <para>This tutorial shows how to set up, configure and customize <emphasis role="bold">Basic Authentication with Spring</emphasis>. We’re going to built on top of the simple <link xl:href="http://www.baeldung.com/spring-mvc-tutorial">Spring MVC example</link>, and secure the UI of the MVC application with the Basic Auth mechanism provided by Spring Security.</para>
+    <section xml:id="configuration.1">
+      <title><anchor xml:id="dbdoclet.2_The_Spring_Security_Configuration"/><emphasis role="bold">2. The Spring Security Configuration</emphasis></title>
+      <para>The Configuration for Spring Security is still XML:</para>
+      <screen>&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
+&lt;beans:beans xmlns=&quot;http://www.springframework.org/schema/security&quot;
+    xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot; 
+    xmlns:beans=&quot;http://www.springframework.org/schema/beans&quot;
+    xsi:schemaLocation=&quot;
+        http://www.springframework.org/schema/security 
+        http://www.springframework.org/schema/security/spring-security-3.1.xsd
+        http://www.springframework.org/schema/beans 
+        http://www.springframework.org/schema/beans/spring-beans-3.2.xsd&quot;&gt;
+
+    &lt;http use-expressions=&quot;true&quot;&gt;
+        &lt;intercept-url pattern=&quot;/**&quot; access=&quot;isAuthenticated()&quot; /&gt;
+
+        &lt;http-basic /&gt;
+    &lt;/http&gt;
+
+    &lt;authentication-manager&gt;
+        &lt;authentication-provider&gt;
+            &lt;user-service&gt;
+                &lt;user name=&quot;user1&quot; password=&quot;user1Pass&quot; authorities=&quot;ROLE_USER&quot; /&gt;
+            &lt;/user-service&gt;
+        &lt;/authentication-provider&gt;
+    &lt;/authentication-manager&gt;
+
+&lt;/beans:beans&gt;</screen>
+      <para>This is one of the last pieces of configuration in Spring that still need XML – <link xl:href="https://github.com/SpringSource/spring-security-javaconfig">Java Configuration for Spring Security</link> is still a work in progress.</para>
+      <para>What is relevant here is the <emphasis>&lt;http-basic&gt;</emphasis> element inside the main <emphasis>&lt;http&gt;</emphasis> element of the configuration – this is enough to enable Basic Authentication for the entire application. The Authentication Manager is not the focus of this tutorial, so we are using an in memory manager with the user and password defined in plaintext.</para>
+      <para>The <emphasis>web.xml</emphasis> of the web application enabling Spring Security has already been discussed in the <link xl:href="http://www.baeldung.com/spring-security-login#web_xml">Spring Logout tutorial</link>.</para>
+    </section>
+    <section xml:id="usage.1">
+      <title><anchor xml:id="dbdoclet.3_Consuming_The_Secured_Application"/><emphasis role="bold">3. Consuming The Secured Application</emphasis></title>
+      <para>The <emphasis>curl</emphasis> command is our go to tool for consuming the secured application.</para>
+      <para>First, let’s try to request the <emphasis>/homepage.html</emphasis> without providing any security credentials:</para>
+      <screen>curl -i http://localhost:8080/spring-security-mvc-basic-auth/homepage.html</screen>
+      <para>We get back the expected <emphasis>401 Unauthorized</emphasis> and <link xl:href="http://tools.ietf.org/html/rfc1945#section-10.16">the Authentication Challenge</link>:</para>
+      <screen>HTTP/1.1 401 Unauthorized
+Server: Apache-Coyote/1.1
+Set-Cookie: JSESSIONID=E5A8D3C16B65A0A007CFAACAEEE6916B; Path=/spring-security-mvc-basic-auth/; HttpOnly
+WWW-Authenticate: Basic realm=&quot;Spring Security Application&quot;
+Content-Type: text/html;charset=utf-8
+Content-Length: 1061
+Date: Wed, 29 May 2013 15:14:08 GMT</screen>
+      <para>The browser would interpret this challenge and prompt us for credentials with a simple dialog, but since we’re using <emphasis>curl</emphasis>, this isn’t the case.</para>
+      <para>Now, let’s request the same resource – the homepage – but <emphasis role="bold">provide the credentials</emphasis> to access it as well:</para>
+      <screen>curl -i --user user1:user1Pass http://localhost:8080/spring-security-mvc-basic-auth/homepage.html</screen>
+      <para>Now, the response from the server is <emphasis>200 OK</emphasis> along with a <emphasis>Cookie</emphasis>:</para>
+      <screen>HTTP/1.1 200 OK
+Server: Apache-Coyote/1.1
+Set-Cookie: JSESSIONID=301225C7AE7C74B0892887389996785D; Path=/spring-security-mvc-basic-auth/; HttpOnly
+Content-Type: text/html;charset=ISO-8859-1
+Content-Language: en-US
+Content-Length: 90
+Date: Wed, 29 May 2013 15:19:38 GMT</screen>
+      <para>From the browser, the application can be consumed normally – the only difference is that a login page is no longer a hard requirement since all browsers support Basic Authentication and use a dialog to prompt the user for credentials.</para>
+    </section>
+    <section xml:id="advanced_config.1">
+      <title><anchor xml:id="dbdoclet.4_Further_Configuration_8211_The_Entry_Point"/><emphasis role="bold">4. Further Configuration – </emphasis><emphasis role="bold">The Entry Point</emphasis></title>
+      <para>By default, the <emphasis>BasicAuthenticationEntryPoint</emphasis> provisioned by Spring Security returns a full html page for a <emphasis>401 Unauthorized</emphasis> response back to the client. This html representation of the error renders well in a browser, but it not well suited for other scenarios, such as a REST API where a json representation may be preferred.</para>
+      <para>The namespace is flexible enough for this new requirement as well – to address this – the entry point can be overridden:</para>
+      <screen>&lt;http-basic entry-point-ref=&quot;myBasicAuthenticationEntryPoint&quot; /&gt;</screen>
+      <para>The new entry point is defined as a standard bean:</para>
+      <screen>@Component
+public class MyBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
+
+    @Override
+    public void commence
+      (HttpServletRequest request, HttpServletResponse response, AuthenticationException authEx) 
+      throws IOException, ServletException {
+        response.addHeader(&quot;WWW-Authenticate&quot;, &quot;Basic realm=\&quot;&quot; + getRealmName() + &quot;\&quot;&quot;);
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        PrintWriter writer = response.getWriter();
+        writer.println(&quot;HTTP Status 401 - &quot; + authEx.getMessage());
+    }
+
+    @Override
+    public void afterPropertiesSet() throws Exception {
+        setRealmName(&quot;Baeldung&quot;);
+        super.afterPropertiesSet();
+    }
+}</screen>
+      <para>By writing directly to the HTTP Response we now have full control over the format of the response body.</para>
+    </section>
+    <section xml:id="maven.1">
+      <title><anchor xml:id="dbdoclet.5_The_Maven_Dependencies"/><emphasis role="bold">5. The Maven Dependencies</emphasis></title>
+      <para>The Maven dependencies for Spring Security have been discussed before in the <link xl:href="http://www.baeldung.com/spring-security-with-maven">Spring Security with Maven article</link> – we will need both <emphasis>spring-security-web</emphasis> and <emphasis>spring-security-config</emphasis> available at runtime.</para>
+    </section>
+    <section xml:id="conclusion.1">
+      <title><anchor xml:id="dbdoclet.6_Conclusion"/><emphasis role="bold">6. Conclusion</emphasis></title>
+      <para>In this example we secured an MVC application with Spring Security and Basic Authentication. We discussed the XML configuration and we consumed the application with simple curl commands. Finally took control of the exact error message format – moving from the standard HTML error page to a custom text or json format.</para>
+      <para>The implementation of this Spring tutorial can be found in <link xl:href="https://github.com/eugenp/tutorials/tree/master/spring-security-basic-auth#readme">the github project</link> – this is an Eclipse based project, so it should be easy to import and run as it is. When the project runs locally, the sample html can be accessed at:</para>
+      <para><link xl:href="http://localhost:8080/spring-security-mvc-basic-auth/homepage.html">http://localhost:8080/spring-security-mvc-basic-auth/homepage.html</link></para>
+      <!--
+Start Shortcoder content
+-->
+      <!--
+End Shortcoder content
+-->
+      <para><link xl:href=""/></para>
+      <anchor xml:id="dd_ajax_float"/>
+      <para><link xl:href="http://twitter.com/share"/></para>
+      <!--
+OptinSkin
+-->
+      <anchor xml:id="ois_12"/>
+      <!--
+End OptinSkin
+-->
+      <!--
+/.entry
+-->
+      <para><emphasis role="italic"/><link xl:href="http://www.baeldung.com/tag/security/">security</link>, <link xl:href="http://www.baeldung.com/tag/spring/">Spring</link></para>
+      <!--
+/.post
+-->
+      <!--
+/#main
+-->
+      <anchor xml:id="optinskin-widget-3"/>
+      <!--
+OptinSkin
+-->
+      <anchor xml:id="ois_5"/>
+      <!--
+End OptinSkin
+-->
+      <!--
+/#sidebar
+-->
+      <!--
+/#main-sidebar-container
+-->
+      <!--
+/#content
+-->
+      <anchor xml:id="copyright"/>
+      <para>© 2014 Baeldung. All Rights Reserved. </para>
+      <anchor xml:id="credit"/>
+      <!--
+/#inner-wrapper
+-->
+      <!--
+/#wrapper
+-->
+      <!--
+/.fix
+-->
+      <!--
+ngg_resource_manager_marker
+-->
+      <!--
+WP SyntaxHighlighter Ver.1.7.3 Begin
+-->
+      <!--
+WP SyntaxHighlighter Ver.1.7.3 End
+-->
+    </section>
+  </section>
+</article>
+<?xml version="1.0" encoding="UTF-8"?>
+<article version="5.0" xml:lang="en-US" xmlns="http://docbook.org/ns/docbook" xmlns:xl="http://www.w3.org/1999/xlink">
+  <info>
+    <title>REST Pagination in Spring</title>
+  </info>
+  <anchor xml:id="wrapper"/>
+  <anchor xml:id="inner-wrapper"/>
+  <!--
+/#side-nav
+-->
+  <!--
+/.menus
+-->
+  <para><link linkend="top">Return to Content</link></para>
+  <!--
+#content Starts
+-->
+  <anchor xml:id="content"/>
+  <anchor xml:id="main-sidebar-container"/>
+  <!--
+#main Starts
+-->
+  <anchor xml:id="toc_container"/>
+  <para>Contents</para>
+  <itemizedlist>
+    <listitem>
+      <para><link linkend="Table_of_Contents">Table of Contents</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.1_Overview">1. Overview</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.2_Page_as_Resource_vs_Page_as_Representation">2. Page as Resource vs Page as Representation</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.3_The_Controller">3. The Controller</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.4_Discoverability_for_REST_pagination">4. Discoverability for REST pagination</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.5_Test_Driving_Pagination">5. Test Driving Pagination</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.6_Test_Driving_Pagination_Discoverability">6. Test Driving Pagination Discoverability</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.7_Getting_All_Resources">7. Getting All Resources</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.8_REST_Paging_with_Range_HTTP_headers">8. REST Paging with Range HTTP headers</link></para>
+    </listitem>
+    <listitem>
+      <para><link linkend="dbdoclet.9_Conclusion">9. Conclusion</link></para>
+    </listitem>
+  </itemizedlist>
+  <para>If you&apos;re new here, <link xl:href="https://my.leadpages.net/leadbox/146382273f72a2%3A13a71ac76b46dc/5735865741475840/">you may want to get my &quot;REST APIs with Spring&quot; eBook</link>. Thanks for visiting!</para>
+  <para><link xl:href=""/></para>
+  <!--
+Start Shortcoder content
+-->
+  <!--
+End Shortcoder content
+-->
+  <section>
+    <title><anchor xml:id="Table_of_Contents"/><emphasis role="bold">Table of Contents</emphasis></title>
+    <itemizedlist>
+      <listitem>
+        <para><link linkend="overview"><emphasis role="bold">1. </emphasis>Overview</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="page"><emphasis role="bold">2. </emphasis>Page as Resource vs Page as Representation</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="controller"><emphasis role="bold">3. </emphasis>The Controller</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="discoverability"><emphasis role="bold">4. </emphasis>Discoverability for REST pagination</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="tdd"><emphasis role="bold">5. </emphasis>Test Driving Pagination</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="driving"><emphasis role="bold">6. </emphasis>Test Driving Pagination Discoverability</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="getall"><emphasis role="bold">7. </emphasis>Getting All Resources</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="httpheaders"><emphasis role="bold">8. </emphasis>REST Paging with <emphasis>Range</emphasis> HTTP headers</link></para>
+      </listitem>
+      <listitem>
+        <para><link linkend="conclusion"><emphasis role="bold">9. </emphasis>Conclusion</link></para>
+      </listitem>
+    </itemizedlist>
+    <section xml:id="overview.1">
+      <title><anchor xml:id="dbdoclet.1_Overview"/><emphasis role="bold">1. Overview</emphasis></title>
+      <para>This tutorial will focus on the <emphasis role="bold">implementation of pagination</emphasis> in a REST API, using Spring MVC and Spring Data.<anchor xml:id="more-1047"/></para>
+    </section>
+    <section xml:id="page.1">
+      <title><anchor xml:id="dbdoclet.2_Page_as_Resource_vs_Page_as_Representation"/><emphasis role="bold">2. Page as Resource vs Page as Representation</emphasis></title>
+      <para>The first question when designing pagination in the context of a RESTful architecture is whether to consider the <emphasis role="bold">page an actual Resource or just a Representation of Resources</emphasis>.</para>
+      <para>Treating the page itself as a resource introduces a host of problems such as no longer being able to uniquely identify resources between calls. This, coupled with the fact that, in the persistence layer, the page is not proper entity but a holder that is constructed when necessary, makes the choice straightforward: <emphasis role="bold">the page is part of the representation</emphasis>.</para>
+      <para>The next question in the pagination design in the context of REST is <emphasis role="bold">where to include the paging information</emphasis>:</para>
+      <itemizedlist>
+        <listitem>
+          <para> in the <emphasis role="bold">URI path</emphasis>: <emphasis>/foo/page/1</emphasis></para>
+        </listitem>
+        <listitem>
+          <para> the <emphasis role="bold">URI query</emphasis>: <emphasis>/foo?page=1</emphasis></para>
+        </listitem>
+      </itemizedlist>
+      <para>Keeping in mind that <emphasis role="bold">a page is not a Resource</emphasis>, encoding the page information in the URI is no longer an option.</para>
+      <para>We are going to use the standard way of solving this problem by <emphasis role="bold">encoding the paging information in a URI query.</emphasis></para>
+    </section>
+    <section xml:id="controller.1">
+      <title><anchor xml:id="dbdoclet.3_The_Controller"/><emphasis role="bold">3. The Controller</emphasis></title>
+      <para>Now, for the  implementation – the Spring <emphasis role="bold">MVC Controller for pagination</emphasis> is straightforward:</para>
+      <screen>@RequestMapping( value = &quot;admin/foo&quot;,params = { &quot;page&quot;, &quot;size&quot; },method = GET )
+@ResponseBody
+public List&lt; Foo &gt; findPaginated(
+ @RequestParam( &quot;page&quot; ) int page, @RequestParam( &quot;size&quot; ) int size,
+ UriComponentsBuilder uriBuilder, HttpServletResponse response ){
+
+   Page&lt; Foo &gt; resultPage = service.findPaginated( page, size );
+   if( page &gt; resultPage.getTotalPages() ){
+      throw new ResourceNotFoundException();
+   }
+   eventPublisher.publishEvent( new PaginatedResultsRetrievedEvent&lt; Foo &gt;
+    ( Foo.class, uriBuilder, response, page, resultPage.getTotalPages(), size ) );
+
+   return resultPage.getContent();
+}</screen>
+      <para>The two query parameters are injected into the Controller method via <emphasis>@RequestParam. </emphasis></para>
+      <para>We’re also injecting both the Http Response and the <emphasis>UriComponentsBuilder</emphasis> to help with <emphasis role="bold">Discoverability</emphasis> – which we are decoupling via a custom event. If that is not a goal of the API, you can simply remove the custom event and be done.</para>
+      <para>Finally – note that the focus of this article is only the REST and the web layer – to go deeper into the data access part of pagination you can <link xl:href="http://www.petrikainulainen.net/programming/spring-framework/spring-data-jpa-tutorial-part-seven-pagination/">check out this article</link> about Pagination with Spring Data.</para>
+    </section>
+    <section xml:id="discoverability.1">
+      <title><anchor xml:id="dbdoclet.4_Discoverability_for_REST_pagination"/><emphasis role="bold">4. Discoverability for REST pagination</emphasis></title>
+      <para>Withing the scope of <emphasis role="bold">pagination</emphasis>, satisfying the <emphasis role="bold">HATEOAS constraint of REST</emphasis> means enabling the client of the API to discover the <emphasis>next</emphasis> and <emphasis>previous</emphasis> pages based on the current page in the navigation. For this purpose, we’re going to use the <emphasis role="bold">Link HTTP header</emphasis>, coupled with the <link xl:href="http://www.iana.org/assignments/link-relations/link-relations.xml">official</link> “<emphasis><emphasis role="bold">next</emphasis></emphasis>“, “<emphasis><emphasis role="bold">prev</emphasis></emphasis>“, “<emphasis><emphasis role="bold">first</emphasis></emphasis>” and “<emphasis><emphasis role="bold">last</emphasis></emphasis>” link relation types.</para>
+      <para>In REST, <emphasis role="bold">Discoverability is a cross cutting concern</emphasis>, applicable not only to specific operations but to types of operations. For example, each time a Resource is created, the URI of that Resource should be discoverable by the client. Since this requirement is relevant for the creation of ANY Resource, it should be dealt with separately and decoupled from the main Controller flow.</para>
+      <para>With Spring, this <emphasis role="bold">decoupling is done with Events</emphasis>, as was thoroughly discussed in the <link xl:href="http://www.baeldung.com/2011/11/13/rest-service-discoverability-with-spring-part-5/">previous article focusing on Discoverability</link> of a REST Service. In the case of pagination, the event – <emphasis>PaginatedResultsRetrievedEvent</emphasis> – is fired in the controller layer, and discoverability is implemented with a custom listener for this event:</para>
+      <screen>void addLinkHeaderOnPagedResourceRetrieval(
+ UriComponentsBuilder uriBuilder, HttpServletResponse response,
+ Class clazz, int page, int totalPages, int size ){
+
+   String resourceName = clazz.getSimpleName().toString().toLowerCase();
+   uriBuilder.path( &quot;/admin/&quot; + resourceName );
+
+   StringBuilder linkHeader = new StringBuilder();
+   if( hasNextPage( page, totalPages ) ){
+      String uriNextPage = constructNextPageUri( uriBuilder, page, size );
+      linkHeader.append( createLinkHeader( uriNextPage, &quot;next&quot; ) );
+   }
+   if( hasPreviousPage( page ) ){
+      String uriPrevPage = constructPrevPageUri( uriBuilder, page, size );
+      appendCommaIfNecessary( linkHeader );
+      linkHeader.append( createLinkHeader( uriPrevPage, &quot;prev&quot; ) );
+   }
+   if( hasFirstPage( page ) ){
+      String uriFirstPage = constructFirstPageUri( uriBuilder, size );
+      appendCommaIfNecessary( linkHeader );
+      linkHeader.append( createLinkHeader( uriFirstPage, &quot;first&quot; ) );
+   }
+   if( hasLastPage( page, totalPages ) ){
+      String uriLastPage = constructLastPageUri( uriBuilder, totalPages, size );
+      appendCommaIfNecessary( linkHeader );
+      linkHeader.append( createLinkHeader( uriLastPage, &quot;last&quot; ) );
+   }
+   response.addHeader( &quot;Link&quot;, linkHeader.toString() );
+}</screen>
+      <para>In short, the listener checks if the navigation allows for a <emphasis>next</emphasis>, <emphasis>previous</emphasis>, <emphasis>first</emphasis> and <emphasis>last</emphasis> pages and – if it does – <emphasis role="bold">adds the relevant URIs to the Link HTTP Header</emphasis>.</para>
+      <para>Note that, for brevity, I included only a partial code sample and <link xl:href="https://gist.github.com/1622997">the full code here</link>.</para>
+    </section>
+    <section xml:id="tdd.1">
+      <title><anchor xml:id="dbdoclet.5_Test_Driving_Pagination"/><emphasis role="bold">5. Test Driving Pagination</emphasis></title>
+      <para>Both the main logic of pagination and discoverability are covered by small, focused integration tests; as in the <link xl:href="http://www.baeldung.com/2011/11/06/restful-web-service-discoverability-part-4/">previous article</link>, the <link xl:href="http://code.google.com/p/rest-assured/">rest-assured library</link> is used to consume the REST service and to verify the results.</para>
+      <para>These are a few example of pagination integration tests; for a full test suite, check out the github project (link at the end of the article):</para>
+      <screen>@Test
+public void whenResourcesAreRetrievedPaged_then200IsReceived(){
+   Response response = givenAuth().get( paths.getFooURL() + &quot;?page=0&amp;size=2&quot; );
+
+   assertThat( response.getStatusCode(), is( 200 ) );
+}
+@Test
+public void whenPageOfResourcesAreRetrievedOutOfBounds_then404IsReceived(){
+   String url = getFooURL() + &quot;?page=&quot; + randomNumeric(5) + &quot;&amp;size=2&quot;;
+   Response response = givenAuth().get(url);
+
+   assertThat( response.getStatusCode(), is( 404 ) );
+}
+@Test
+public void givenResourcesExist_whenFirstPageIsRetrieved_thenPageContainsResources(){
+   createResource();
+
+   Response response = givenAuth().get( paths.getFooURL() + &quot;?page=0&amp;size=2&quot; );
+
+   assertFalse( response.body().as( List.class ).isEmpty() );
+}</screen>
+    </section>
+    <section xml:id="driving.1">
+      <title><anchor xml:id="dbdoclet.6_Test_Driving_Pagination_Discoverability"/><emphasis role="bold">6. Test Driving Pagination Discoverability</emphasis></title>
+      <para>Testing that <emphasis role="bold">pagination is discoverable</emphasis> by a client is relatively straightforward, although there is a lot of ground to cover. The tests are focused on the <emphasis role="bold">position of the current page in navigation</emphasis> and the different URIs that should be discoverable from each position:</para>
+      <screen>@Test
+public void whenFirstPageOfResourcesAreRetrieved_thenSecondPageIsNext(){
+   Response response = givenAuth().get( getFooURL()+&quot;?page=0&amp;size=2&quot; );
+
+   String uriToNextPage = extractURIByRel( response.getHeader( &quot;Link&quot; ), &quot;next&quot; );
+   assertEquals( getFooURL()+&quot;?page=1&amp;size=2&quot;, uriToNextPage );
+}
+@Test
+public void whenFirstPageOfResourcesAreRetrieved_thenNoPreviousPage(){
+   Response response = givenAuth().get( getFooURL()+&quot;?page=0&amp;size=2&quot; );
+
+   String uriToPrevPage = extractURIByRel( response.getHeader( &quot;Link&quot; ), &quot;prev&quot; );
+   assertNull( uriToPrevPage );
+}
+@Test
+public void whenSecondPageOfResourcesAreRetrieved_thenFirstPageIsPrevious(){
+   Response response = givenAuth().get( getFooURL()+&quot;?page=1&amp;size=2&quot; );
+
+   String uriToPrevPage = extractURIByRel( response.getHeader( &quot;Link&quot; ), &quot;prev&quot; );
+   assertEquals( getFooURL()+&quot;?page=0&amp;size=2&quot;, uriToPrevPage );
+}
+@Test
+public void whenLastPageOfResourcesIsRetrieved_thenNoNextPageIsDiscoverable(){
+   Response first = givenAuth().get( getFooURL()+&quot;?page=0&amp;size=2&quot; );
+   String uriToLastPage = extractURIByRel( first.getHeader( &quot;Link&quot; ), &quot;last&quot; );
+
+   Response response = givenAuth().get( uriToLastPage );
+
+   String uriToNextPage = extractURIByRel( response.getHeader( &quot;Link&quot; ), &quot;next&quot; );
+   assertNull( uriToNextPage );
+}</screen>
+      <para>Note that the full low level code for <emphasis>extractURIByRel</emphasis> – responsible for extracting the URIs by <emphasis>rel</emphasis> relation <link xl:href="https://gist.github.com/eugenp/8269915">is here</link>.</para>
+    </section>
+    <section xml:id="getall.1">
+      <title><anchor xml:id="dbdoclet.7_Getting_All_Resources"/><emphasis role="bold">7. Getting All Resources</emphasis></title>
+      <para>On the same topic of pagination and discoverability, the choice must be made if a client is allowed to <emphasis role="bold">retrieve all the Resources in the system</emphasis> at once, or if the client <emphasis role="bold">MUST</emphasis> ask for them paginated. If the choice is made that the client cannot retrieve all Resources with a single request, and pagination is not optional but required, then several options are available for the <emphasis role="bold">response to a get all request</emphasis>. One option is to return a <emphasis role="bold">404 (Not Found)</emphasis> and use the <emphasis role="bold">Link header</emphasis> to make the first page discoverable:</para>
+      <blockquote>
+        <para> <emphasis>Link=&lt;http://localhost:8080/rest/api/admin/foo?page=0&amp;size=2&gt;; rel=”<emphasis role="bold">first</emphasis>“, &lt;http://localhost:8080/rest/api/admin/foo?page=103&amp;size=2&gt;; rel=”<emphasis role="bold">last</emphasis>“</emphasis></para>
+      </blockquote>
+      <para>Another option is to return redirect – <emphasis role="bold">303 (See Other</emphasis>) – to the first page. A more conservative route would be to simply return to the client a <emphasis role="bold">405 (Method Not Allowed)</emphasis> for the GET request.</para>
+    </section>
+    <section xml:id="httpheaders.1">
+      <title><anchor xml:id="dbdoclet.8_REST_Paging_with_Range_HTTP_headers"/><emphasis role="bold">8. REST Paging with Range HTTP headers</emphasis></title>
+      <para>A relatively different way of implementing pagination is to work with the <emphasis role="bold">HTTP Range headers</emphasis> – <emphasis>Range</emphasis>, <emphasis>Content-Range</emphasis>, <emphasis>If-Range</emphasis>, <emphasis>Accept-Ranges</emphasis> – and <emphasis role="bold">HTTP status codes</emphasis> – 206 (<emphasis>Partial Content</emphasis>), 413 (<emphasis>Request Entity Too Large</emphasis>), 416 (<emphasis>Requested Range Not Satisfiable</emphasis>). One view on this approach is that the HTTP Range extensions were not intended for pagination, and that they should be managed by the Server, not by the Application. Implementing pagination based on the HTTP Range header extensions is nevertheless technically possible, although not nearly as common as the implementation discussed in this article.</para>
+    </section>
+    <section xml:id="conclusion.1">
+      <title><anchor xml:id="dbdoclet.9_Conclusion"/><emphasis role="bold">9. Conclusion</emphasis></title>
+      <para>This tutorial illustrated how to implement Pagination in a REST API using Spring, and discussed how to set up and test Discoverability.</para>
+      <para>If you want to go in depth on pagination in the persistence level, check out my <link xl:href="http://www.baeldung.com/jpa-pagination">JPA</link> or <link xl:href="http://www.baeldung.com/hibernate-pagination">Hibernate</link> pagination tutorials.</para>
+      <para>The implementation of all these examples and code snippets <emphasis role="bold">can be found in my github project</emphasis> – this is an Eclipse based project, so it should be easy to import and run as it is.</para>
+      <!--
+Start Shortcoder content
+-->
+      <!--
+End Shortcoder content
+-->
+      <para><link xl:href=""/></para>
+      <anchor xml:id="dd_ajax_float"/>
+      <para><link xl:href="http://twitter.com/share"/></para>
+      <!--
+OptinSkin
+-->
+      <anchor xml:id="ois_12"/>
+      <!--
+End OptinSkin
+-->
+      <!--
+/.entry
+-->
+      <para><emphasis role="italic"/><link xl:href="http://www.baeldung.com/tag/hateoas/">HATEOAS</link>, <link xl:href="http://www.baeldung.com/tag/java-2/">java</link>, <link xl:href="http://www.baeldung.com/tag/rest/">REST</link>, <link xl:href="http://www.baeldung.com/tag/testing/">testing</link></para>
+      <!--
+/.post
+-->
+      <!--
+/#main
+-->
+      <anchor xml:id="optinskin-widget-3"/>
+      <!--
+OptinSkin
+-->
+      <anchor xml:id="ois_5"/>
+      <!--
+End OptinSkin
+-->
+      <!--
+/#sidebar
+-->
+      <!--
+/#main-sidebar-container
+-->
+      <!--
+/#content
+-->
+      <anchor xml:id="copyright"/>
+      <para>© 2014 Baeldung. All Rights Reserved. </para>
+      <anchor xml:id="credit"/>
+      <!--
+/#inner-wrapper
+-->
+      <!--
+/#wrapper
+-->
+      <!--
+/.fix
+-->
+      <!--
+ngg_resource_manager_marker
+-->
+      <!--
+WP SyntaxHighlighter Ver.1.7.3 Begin
+-->
+      <!--
 WP SyntaxHighlighter Ver.1.7.3 End
 -->
-        <!--
-Creater Script for Social Locker
-        
-            Created by the Social Locker plugin (c) OnePress Ltd
-            http://sociallocker.org
--->
-        <!--
-/
--->
-      </section>
     </section>
   </section>
 </article>