diff --git a/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java
index bf84b8d53f..be56620196 100644
--- a/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java
@@ -43,30 +43,45 @@ import org.springframework.util.Assert;
/**
* Processes a HTTP request's BASIC authorization headers, putting the result into the
- * SecurityContextHolder.
For a detailed background on what this filter is designed to process, - * refer to RFC 1945, Section 11.1. Any realm name presented in - * the HTTP request is ignored.
- *In summary, this filter is responsible for processing any request that has a HTTP request header of
+ * SecurityContextHolder.
+ *
+ *
+ * For a detailed background on what this filter is designed to process, refer to + * RFC 1945, Section 11.1. Any realm name presented in + * the HTTP request is ignored. + * + *
+ * In summary, this filter is responsible for processing any request that has a HTTP request header of
* Authorization with an authentication scheme of Basic and a Base64-encoded
* username:password token. For example, to authenticate user "Aladdin" with password "open sesame" the
- * following header would be presented:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==.
This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as - * Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape).
- *If authentication is successful, the resulting {@link Authentication} object will be placed into the
- * SecurityContextHolder.
If authentication fails and ignoreFailure is false (the default), an {@link
- * AuthenticationEntryPoint} implementation is called. Usually this should be {@link BasicProcessingFilterEntryPoint},
- * which will prompt the user to authenticate again via BASIC authentication.
Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still + * following header would be presented: + *
+ * + * Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== + *+ * + *
+ * This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as + * Hessian and SOAP) as well as standard user agents (such as Internet Explorer and Netscape). + *
+ * If authentication is successful, the resulting {@link Authentication} object will be placed into the
+ * SecurityContextHolder.
+ *
+ *
+ * If authentication fails and ignoreFailure is false (the default), an {@link
+ * AuthenticationEntryPoint} implementation is called (unless the ignoreFailure property is set to
+ * true). Usually this should be {@link BasicProcessingFilterEntryPoint}, which will prompt the user to
+ * authenticate again via BASIC authentication.
+ *
+ *
+ * Basic authentication is an attractive protocol because it is simple and widely deployed. However, it still * transmits a password in clear text and as such is undesirable in many situations. Digest authentication is also * provided by Spring Security and should be used instead of Basic authentication wherever possible. See {@link - * org.springframework.security.ui.digestauth.DigestProcessingFilter}.
- *Note that if a {@link #rememberMeServices} is set, this filter will automatically send back remember-me + * org.springframework.security.ui.digestauth.DigestProcessingFilter}. + *
+ * Note that if a {@link RememberMeServices} is set, this filter will automatically send back remember-me * details to the client. Therefore, subsequent requests will not need to present a BASIC authentication header as - * they will be authenticated using the remember-me mechanism.
- *Do not use this class directly. Instead configure web.xml to use the {@link
- * org.springframework.security.util.FilterToBeanProxy}.