Index: src/main/java/com/sun/enterprise/security/CachedPermissionImpl.java
===================================================================
--- src/main/java/com/sun/enterprise/security/CachedPermissionImpl.java	(révision 21044)
+++ src/main/java/com/sun/enterprise/security/CachedPermissionImpl.java	(copie de travail)
@@ -74,7 +74,7 @@
 
     // used to hold last result obtained from cache and cache epoch.
     // epoch is used by PermissionCache to determine when result is out of date.
-    class Epoch {
+    static class Epoch {
 
 	int epoch;
 	boolean granted;
Index: src/main/java/com/sun/enterprise/security/provider/PolicyConfigurationImpl.java
===================================================================
--- src/main/java/com/sun/enterprise/security/provider/PolicyConfigurationImpl.java	(révision 21044)
+++ src/main/java/com/sun/enterprise/security/provider/PolicyConfigurationImpl.java	(copie de travail)
@@ -642,7 +642,7 @@
         assertStateIsOpen();
 
 	String linkId = link.getContextID();
-	if (this.CONTEXT_ID == linkId) {
+	if (this.CONTEXT_ID.equals(linkId)) {
             String defMsg="Operation attempted to link PolicyConfiguration to itself.";
             String msg=localStrings.getLocalString("pc.unsupported_link_operation",defMsg);
 	    logger.log(Level.WARNING,msg);
Index: src/main/java/com/sun/enterprise/security/provider/BasePolicyWrapper.java
===================================================================
--- src/main/java/com/sun/enterprise/security/provider/BasePolicyWrapper.java	(révision 21044)
+++ src/main/java/com/sun/enterprise/security/provider/BasePolicyWrapper.java	(copie de travail)
@@ -569,7 +569,7 @@
 			    // ignore. 
 			}
 			if (overrideAll) {
-			    return new Long(sum);
+			    return Long.valueOf(sum);
 			}
 		    }
 		}
@@ -619,7 +619,7 @@
 		    }
 		    n++;
 		}
-		return new Long(sum);
+		return Long.valueOf(sum);
 	    }
 	});
 	return l.longValue();
Index: src/main/java/com/sun/enterprise/security/provider/PolicyParser.java
===================================================================
--- src/main/java/com/sun/enterprise/security/provider/PolicyParser.java	(révision 21044)
+++ src/main/java/com/sun/enterprise/security/provider/PolicyParser.java	(copie de travail)
@@ -1208,7 +1208,7 @@
 	    super("line " + line + ": " + msg);
 	    MessageFormat form = new MessageFormat
 		(ResourcesMgr.getString("line number: msg"));
-	    Object[] source = {new Integer(line), msg};
+	    Object[] source = { Integer.valueOf(line), msg };
 	    i18nMessage = form.format(source);
 	}
 
@@ -1217,7 +1217,7 @@
 		"], found [" + actual + "]");
 	    MessageFormat form = new MessageFormat(ResourcesMgr.getString
 		("line number: expected [expect], found [actual]"));
-	    Object[] source = {new Integer(line), expect, actual};
+	    Object[] source = { Integer.valueOf(line), expect, actual };
 	    i18nMessage = form.format(source);
 	}
 
Index: src/main/java/com/sun/enterprise/security/acl/RoleMapper.java
===================================================================
--- src/main/java/com/sun/enterprise/security/acl/RoleMapper.java	(révision 21044)
+++ src/main/java/com/sun/enterprise/security/acl/RoleMapper.java	(copie de travail)
@@ -719,7 +719,7 @@
             try {
                 Class clazz = Class.forName(defaultP2RMappingClassName);
                 Class[] argClasses = new Class[]{String.class};
-                Object[] arg = new Object[]{new String(roleName)};
+                Object[] arg = new Object[]{ roleName };
                 Constructor c = clazz.getConstructor(argClasses);
                 Principal principal = (Principal) c.newInstance(arg);
                 return principal;
Index: src/main/java/com/sun/enterprise/security/auth/login/JDBCLoginModule.java
===================================================================
--- src/main/java/com/sun/enterprise/security/auth/login/JDBCLoginModule.java	(révision 21044)
+++ src/main/java/com/sun/enterprise/security/auth/login/JDBCLoginModule.java	(copie de travail)
@@ -77,8 +77,12 @@
         }
 
         if (_logger.isLoggable(Level.FINEST)) {
-            _logger.finest("JDBC login succeeded for: " + _username
-                + " groups:" + grpList);
+            StringBuffer sb = new StringBuffer("JDBC login succeeded for: ")
+                .append(_username).append(" groups:");
+            for (String group : grpList) {
+                sb.append(" ").append(group);
+            }            
+            _logger.finest(sb.toString());
         }
 
         //make a copy of groupList to pass to LoginModule. This copy is the one
Index: src/main/java/com/sun/enterprise/security/web/integration/WebSecurityManager.java
===================================================================
--- src/main/java/com/sun/enterprise/security/web/integration/WebSecurityManager.java	(révision 21044)
+++ src/main/java/com/sun/enterprise/security/web/integration/WebSecurityManager.java	(copie de travail)
@@ -604,11 +604,11 @@
  	    Principal[] principals = 
  		(Principal []) principalSet.toArray(new Principal[0]);
  	    for (int i =0; i<principals.length; i++) {
- 		if (i == 0) {
- 		    result = principals[i].toString();
- 		} else {
- 		    result = result + ", "+ new String(principals[i].toString());
- 		}
+ 		    if (i == 0) {
+     		    result = principals[i].toString();
+     		} else {
+     		    result = new StringBuffer(result).append(", ").append(principals[i]).toString();
+     		}
  	    }
  	}
  	return result;
Index: src/main/java/com/sun/enterprise/security/SecurityDeployer.java
===================================================================
--- src/main/java/com/sun/enterprise/security/SecurityDeployer.java	(révision 21044)
+++ src/main/java/com/sun/enterprise/security/SecurityDeployer.java	(copie de travail)
@@ -94,6 +94,11 @@
             if (iter.hasNext()) {
                 wbd =  iter.next();
             }
+            
+            if (wbd == null) {
+                // If a WebSecurityManager cannot accomodate with a null value, then an exception should be thrown instead...
+                _logger.log(Level.WARNING, "The web bundle descriptor is null for " + appName);
+            }
 
             WebSecurityManagerFactory wsmf =
                     WebSecurityManagerFactory.getInstance();
Index: src/main/java/com/sun/enterprise/security/authorize/HandlerData.java
===================================================================
--- src/main/java/com/sun/enterprise/security/authorize/HandlerData.java	(révision 21044)
+++ src/main/java/com/sun/enterprise/security/authorize/HandlerData.java	(copie de travail)
@@ -82,7 +82,7 @@
 	    return SecurityContext.getCurrent().getSubject();
 	} else if (PolicyContextHandlerImpl.REUSE.equalsIgnoreCase(key)) {
             PermissionCacheFactory.resetCaches();
-            return new Integer(0);
+            return Integer.valueOf(0);
         }
 
         if (inv == null) {
Index: src/main/java/com/sun/enterprise/security/jmac/config/ConfigHelper.java
===================================================================
--- src/main/java/com/sun/enterprise/security/jmac/config/ConfigHelper.java	(révision 21044)
+++ src/main/java/com/sun/enterprise/security/jmac/config/ConfigHelper.java	(copie de travail)
@@ -262,7 +262,7 @@
         return null;
     }
 
-    private class ConfigData {
+    private static class ConfigData {
 
 	private AuthConfigProvider provider; 
 	private AuthConfig sConfig; 
@@ -294,7 +294,7 @@
     //Adding extra inner class because specializing the Linstener Impl class would 
     //make the GF 196 implementation Non-Replaceable.
     // This class would hold a RegistrationListener within.
-    public class AuthConfigRegistrationWrapper {
+    public static class AuthConfigRegistrationWrapper {
         
         private String layer;
         private String appCtxt;
Index: src/main/java/com/sun/enterprise/security/jmac/AuthMessagePolicy.java
===================================================================
--- src/main/java/com/sun/enterprise/security/jmac/AuthMessagePolicy.java	(révision 21044)
+++ src/main/java/com/sun/enterprise/security/jmac/AuthMessagePolicy.java	(copie de travail)
@@ -238,6 +238,8 @@
                 (MessageSecurityBindingDescriptor.AUTH_LAYER);
             if (SOAP.equals(layer)) {
                 msgSecDescs = binding.getMessageSecurityDescriptors();
+            } else {
+                msgSecDescs = new ArrayList(0);
             }
 
             if (onePolicy) {
Index: src/main/java/com/sun/enterprise/security/jmac/callback/BaseContainerCallbackHandler.java
===================================================================
--- src/main/java/com/sun/enterprise/security/jmac/callback/BaseContainerCallbackHandler.java	(révision 21044)
+++ src/main/java/com/sun/enterprise/security/jmac/callback/BaseContainerCallbackHandler.java	(copie de travail)
@@ -558,26 +558,28 @@
         }
         List list = new ArrayList();
         CollectionCertStoreParameters ccsp;
-        try{
-            Enumeration enu = certStore.aliases();
-            while (enu.hasMoreElements()) {
-                String alias = (String)enu.nextElement();
-                if(certStore.isCertificateEntry(alias)){
-                    try{
-                        Certificate cert = certStore.getCertificate(alias);
-                        list.add(cert);
-                    }catch(KeyStoreException kse){
-                        // ignore and move to next
-                        if (_logger.isLoggable(Level.FINE)) {
-                            _logger.log(Level.FINE, "JAMAC: Cannot retrieve" +
-                                "certificate for alias "+alias);
+        try{            
+            if (certStore != null) {
+                Enumeration enu = certStore.aliases();
+                while (enu.hasMoreElements()) {
+                    String alias = (String)enu.nextElement();
+                    if(certStore.isCertificateEntry(alias)){
+                        try{
+                            Certificate cert = certStore.getCertificate(alias);
+                            list.add(cert);
+                        }catch(KeyStoreException kse){
+                            // ignore and move to next
+                            if (_logger.isLoggable(Level.FINE)) {
+                                _logger.log(Level.FINE, "JAMAC: Cannot retrieve" +
+                                    "certificate for alias "+alias);
+                            }
                         }
                     }
                 }
-            }
+            }            
             ccsp = new CollectionCertStoreParameters(list);
             CertStore certstore = CertStore.getInstance("Collection", ccsp);
-            certStoreCallback.setCertStore(certstore);
+            certStoreCallback.setCertStore(certstore);            
         } catch(KeyStoreException kse){
             if (_logger.isLoggable(Level.FINE)) {
                 _logger.log(Level.FINE,