Luke Taylor (Migrated from SEC-1160) said:
The name AuthenticationProcessingFilter dates from a time when it was the only login mechanism available. There are now many and the names are confusing for newcomers to the framework as they are all authentication processing filters (CAS, OpenID, form-based etc). I'd suggest the following name changes (keeping the originals but deprecated for the time being).
AbstractProcessingFilter -> AbstractAuthenticationProcessingFilter (this filter is always responsible for authentication processing)
AuthenticationProcessingFilter -> SimpleAuthenticationProcessingFilter or UsernamePasswordAuthenticationProcessingFilter (always processes a username and password submission).
AuthenticationProcessingFilterEntryPoint -> LoginPageUrlAuthenticationEntryPoint (redirects to a login page URL).
PreAuthenticatedProcessingFilterEntryPoint -> Http403ForbiddenEntryPoint (always sends a 403 forbidden response).