Upgrade Spring Security from 2.0.7 to 3.1.4

The enclosed patch gets us codewise about (my guess) 95-98% there, but there is some configuration error in the updated security.xml that makes it all for naught. Basically, the app will compile and run via mvn jetty:run at http://localhost:8080/roller but authentication of the first user created at the login screen always fails. I'm attaching the patch of what I have so far in case somebody wants to be a hero and get the remaining 2-5% in--I'll try to work on it more myself as well.

Debugging can be done via IntelliJ by doing Menu item Run -> Edit Configurations, adding a new Maven config item ("debug Roller") with a working directory of /full/path/to/app/folder and a command line option of "jetty:run". Then add breakpoints to the code and choose Menu Item Run -> "debug Roller". It's difficult to debug however, as most of the code is Spring internal via the XML Configuration file and not Roller code.

We don't need to get the OpenID auth method working to commit this patch (AFAICT it needed updating to work in 2.0.7 as it wasn't working right OOTB anyway) – I can look into that later, but just to get the standard username/login at the command prompt working would be good enough to commit this patch. I'm partly inclined to commit this patch anyway and hold Roller trunk hostage, meaning nobody can use trunk until somebody patches it to get Spring Security 3.1 working, but I'll pass on such a drastic step.