diff --git a/spring-security-modules/pom.xml b/spring-security-modules/pom.xml
index a75638d085..2bd6d23058 100644
--- a/spring-security-modules/pom.xml
+++ b/spring-security-modules/pom.xml
@@ -14,8 +14,7 @@
1.0.0-SNAPSHOT
-
- spring-5-security
+
spring-security-acl
spring-security-auth0
spring-security-cognito
@@ -35,6 +34,7 @@
spring-security-web-boot-3
spring-security-web-digest-auth
spring-security-web-login
+ spring-security-web-login-2
spring-security-web-mvc-custom
spring-security-web-mvc
spring-security-web-persistent-login
diff --git a/spring-security-modules/spring-5-security/README.md b/spring-security-modules/spring-5-security/README.md
deleted file mode 100644
index dac2d0f6b8..0000000000
--- a/spring-security-modules/spring-5-security/README.md
+++ /dev/null
@@ -1,13 +0,0 @@
-## Spring 5 Security
-
-This module contains articles about Spring Security 5
-
-## Relevant articles:
-
-- [A Custom Spring SecurityConfigurer](https://www.baeldung.com/spring-security-custom-configurer)
-- [New Password Storage In Spring Security 5](https://www.baeldung.com/spring-security-5-password-storage)
-- [Default Password Encoder in Spring Security 5](https://www.baeldung.com/spring-security-5-default-password-encoder)
-- [Guide to the AuthenticationManagerResolver in Spring Security](https://www.baeldung.com/spring-security-authenticationmanagerresolver)
-- [Manual Logout With Spring Security](https://www.baeldung.com/spring-security-manual-logout)
-- [How to Disable Spring Security Logout Redirects](https://www.baeldung.com/spring-security-disable-logout-redirects)
-- [Prevent Cross-Site Scripting (XSS) in a Spring Application](https://www.baeldung.com/spring-prevent-xss)
diff --git a/spring-security-modules/spring-5-security/src/main/resources/ESAPI.properties b/spring-security-modules/spring-5-security/src/main/resources/ESAPI.properties
deleted file mode 100644
index a2746a4dbc..0000000000
--- a/spring-security-modules/spring-5-security/src/main/resources/ESAPI.properties
+++ /dev/null
@@ -1,545 +0,0 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- PRODUCTION Version
-#
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# https://owasp.org/www-project-enterprise-security-api/
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-# from a name space perspective, we probably should have prefaced
-# all the property names with ESAPI or at least OWASP. Otherwise
-# there could be problems is someone loads this properties file into
-# the System properties. We could also put this file into the
-# esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-# ESAPI properties be defined that would overwrite these defaults.
-# That keeps the application's properties relatively simple as usually
-# they will only want to override a few properties. If looks like we
-# already support multiple override levels of this in the
-# DefaultSecurityConfiguration class, but I'm suggesting placing the
-# defaults in the esapi.jar itself. That way, if the jar is signed,
-# we could detect if those properties had been tampered with. (The
-# code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-# but off course there is an execution penalty (similar to the way
-# that the separate sunjce.jar used to be when a class from it was
-# first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system. Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help.
-# This is 'false' in the src/test/resources/.esapi version. It is 'true' by
-# default for reasons of backward compatibility with earlier ESAPI versions.
-ESAPI.printProperties=true
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-# String ciphertext =
-# ESAPI.encryptor().encrypt("Secret message"); // Deprecated in 2.0
-# CipherText cipherText =
-# ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-# Note that this is now considered deprecated!
-ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
-# To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
-# ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
-# and do whatever other normal SLF4J configuration that you normally would do for your application.
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-# ESAPI.Encoder().canonicalize( "%22hello world"" );
-#
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# ***** IMPORTANT: Do NOT forget to replace these with your own values! *****
-# To calculate these values, you can run:
-# java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-#
-#Encryptor.MasterKey=
-#Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-# as well, so if you are using JCE in your application directly rather than
-# through ESAPI (you wouldn't do that, would you? ;-), it will change the
-# preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# Warning: This property does not control the default reference implementation for
-# ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-# in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-# For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-# DISCUSS: Better name?
-Encryptor.cipher_modes.additional_allowed=CBC
-
-# Default key size to use for cipher specified by Encryptor.EncryptionAlgorithm.
-# Note that this MUST be a valid key size for the algorithm being used
-# (as specified by Encryptor.EncryptionAlgorithm). So for example, if AES is used,
-# it must be 128, 192, or 256. If DESede is chosen, then it must be either 112 or 168.
-#
-# Note that 128-bits is almost always sufficient and for AES it appears to be more
-# somewhat more resistant to related key attacks than is 256-bit AES.)
-#
-# Defaults to 128-bits if left blank.
-#
-# NOTE: If you use a key size > 128-bits, then you MUST have the JCE Unlimited
-# Strength Jurisdiction Policy files installed!!!
-#
-Encryptor.EncryptionKeyLength=128
-
-# This is the _minimum_ key size (in bits) that we allow with ANY symmetric
-# cipher for doing encryption. (There is no minimum for decryption.)
-#
-# Generally, if you only use one algorithm, this should be set the same as
-# the Encryptor.EncryptionKeyLength property.
-Encryptor.MinEncryptionKeyLength=128
-
-# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values: random|fixed|specified 'specified' not yet implemented; planned for 2.3
-# 'fixed' is deprecated as of 2.2
-# and will be removed in 2.3.
-Encryptor.ChooseIVMethod=random
-
-
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an *example* for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-# @Deprecated -- fixed IVs are deprecated as of the 2.2 release and support
-# will be removed in the next release (tentatively, 2.3).
-# If you MUST use this, at least replace this IV with one
-# that your legacy application was using.
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false. That is because ESAPI takes the master key and
-# derives 2 keys from it--a key for the MAC and a key for encryption--and
-# because ESAPI is not itself FIPS 140-2 verified such intermediary aterations
-# to keys from FIPS approved sources would have the effect of making your FIPS
-# approved key generation and thus your FIPS approved JCE provider unapproved!
-# More details in
-# documentation/esapi4java-core-2.0-readme-crypto-changes.html
-# documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# You have been warned.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.MinEncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-# Note: There is also a 112-bit version of DESede. Using the 168-bit version
-# requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.MinEncryptionKeyLength=112
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-
-# This is the Pseudo Random Function (PRF) that ESAPI's Key Derivation Function
-# (KDF) normally uses. Note this is *only* the PRF used for ESAPI's KDF and
-# *not* what is used for ESAPI's MAC. (Currently, HmacSHA1 is always used for
-# the MAC, mostly to keep the overall size at a minimum.)
-#
-# Currently supported choices for JDK 1.5 and 1.6 are:
-# HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-# HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# the JDKs support it. See the ESAPI 2.0 Symmetric Encryption User Guide
-# further details.
-Encryptor.KDF.PRF=HmacSHA256
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP header key--the validator regex may have additional values.
-HttpUtilities.MaxHeaderNameSize=256
-# Maximum size of HTTP header value--the validator regex may have additional values.
-HttpUtilities.MaxHeaderValueSize=4096
-# Maximum size of JSESSIONID for the application--the validator regex may have additional values.
-HttpUtilities.HTTPJSESSIONIDLENGTH=50
-# Maximum length of a URL (see https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers)
-HttpUtilities.URILENGTH=2000
-# Maximum length of a redirect
-HttpUtilities.maxRedirectLength=512
-# Maximum length for an http scheme
-HttpUtilities.HTTPSCHEMELENGTH=10
-# Maximum length for an http host
-HttpUtilities.HTTPHOSTLENGTH=100
-# Maximum length for an http path
-HttpUtilities.HTTPPATHLENGTH=150
-#Maximum length for a context path
-HttpUtilities.contextPathLength=150
-#Maximum length for an httpServletPath
-HttpUtilities.HTTPSERVLETPATHLENGTH=100
-#Maximum length for an http query parameter name
-HttpUtilities.httpQueryParamNameLength=100
-#Maximum length for an http query parameter -- old default was 2000, but that's the max length for a URL...
-HttpUtilities.httpQueryParamValueLength=500
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID"
-HttpUtilities.HttpSessionIdName=JSESSIONID
-#Sets whether or not we will overwrite http status codes to 200.
-HttpUtilities.OverwriteStatusCodes=true
-#Sets the application's base character encoding. This is forked from the Java Encryptor property.
-HttpUtilities.CharacterEncoding=UTF-8
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - This should be made OS independent. Don't use unsafe defaults.
-# # Examples only -- do NOT blindly copy!
-# For Windows:
-# Executor.WorkingDirectory=C:\\Windows\\Temp
-# Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-# For *nux, MacOS:
-# Executor.WorkingDirectory=/tmp
-# Executor.ApprovedExecutables=/bin/bash
-Executor.WorkingDirectory=
-Executor.ApprovedExecutables=
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-# Determines whether ESAPI should log the user info.
-Logger.UserInfo=true
-# Determines whether ESAPI should log the session id and client IP.
-Logger.ClientInfo=true
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-# (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-# that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-# Use '\p{L}' (without the quotes) within the character class to match
-# any Unicode LETTER. You can also use a range, like: \u00C0-\u017F
-# You can also use any of the regex flags as documented at
-# https://docs.oracle.com/javase/tutorial/essential/regex/pattern.html, e.g. (?u)
-#
-Validator.ConfigurationFile=validation.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-
-#the word TEST below should be changed to your application
-#name - only relative URL's are supported
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-# Note that headerName and Value length is also configured in the HTTPUtilities section
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,256}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,32}$
-
-
-# Contributed by Fraenku@gmx.ch
-# Github Issue 126 https://github.com/ESAPI/esapi-java-legacy/issues/126
-Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
-Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
-Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
-
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
-
-# ~~~~~ Important Note ~~~~~
-# This is a workaround to make sure that a commit to address GitHub issue #509
-# doesn't accidentally break someone's production code. So essentially what we
-# are doing is to reverting back to the previous possibly buggy (by
-# documentation intent at least), but, by now, expected legacy behavior.
-# Prior to the code changes for issue #509, if invalid / malicious HTML input was
-# observed, AntiSamy would simply attempt to sanitize (cleanse) it and it would
-# only be logged. However, the code change made ESAPI comply with its
-# documentation, which stated that a ValidationException should be thrown in
-# such cases. Unfortunately, changing this behavior--especially when no one is
-# 100% certain that the documentation was correct--could break existing code
-# using ESAPI so after a lot of debate, issue #521 was created to restore the
-# previous behavior, but still allow the documented behavior. (We did this
-# because it wasn't really causing an security issues since AntiSamy would clean
-# it up anyway and we value backward compatibility as long as it doesn't clearly
-# present security vulnerabilities.)
-# More defaults about this are written up under GitHub issue #521 and
-# the pull request it references. Future major releases of ESAPI (e.g., ESAPI 3.x)
-# will not support this previous behavior, but it will remain for ESAPI 2.x.
-# Set this to 'throw' if you want the originally intended behavior of throwing
-# that was fixed via issue #509. Set to 'clean' if you want want the HTML input
-# sanitized instead.
-#
-# Possible values:
-# clean -- Use the legacy behavior where unsafe HTML input is logged and the
-# sanitized (i.e., clean) input as determined by AntiSamy and your
-# AntiSamy rules is returned. This is the default behavior if this
-# new property is not found.
-# throw -- The new, presumably correct and originally intended behavior where
-# a ValidationException is thrown when unsafe HTML input is
-# encountered.
-#
-#Validator.HtmlValidationAction=clean
-Validator.HtmlValidationAction=throw
-
-# With the fix for #310 to enable loading antisamy-esapi.xml from the classpath
-# also an enhancement was made to be able to use a different filename for the configuration.
-# You don't have to configure the filename here, but in that case the code will keep looking for antisamy-esapi.xml.
-# This is the default behaviour of ESAPI.
-#
-#Validator.HtmlValidationConfigurationFile=antisamy-esapi.xml
\ No newline at end of file
diff --git a/spring-security-modules/spring-5-security/src/main/resources/templates/index.html b/spring-security-modules/spring-5-security/src/main/resources/templates/index.html
deleted file mode 100644
index 4216d74037..0000000000
--- a/spring-security-modules/spring-5-security/src/main/resources/templates/index.html
+++ /dev/null
@@ -1,11 +0,0 @@
-
-
-
- Home
-
-
-
- Home
- Welcome!
-
-
\ No newline at end of file
diff --git a/spring-security-modules/spring-security-core-2/README.md b/spring-security-modules/spring-security-core-2/README.md
index bf70693eb5..8fc705a949 100644
--- a/spring-security-modules/spring-security-core-2/README.md
+++ b/spring-security-modules/spring-security-core-2/README.md
@@ -5,6 +5,9 @@ This module contains articles about core Spring Security
### Relevant Articles:
- [Handle Spring Security Exceptions](https://www.baeldung.com/spring-security-exceptions)
- [Handle Spring Security Exceptions With @ExceptionHandler](https://www.baeldung.com/spring-security-exceptionhandler)
+- [Prevent Cross-Site Scripting (XSS) in a Spring Application](https://www.baeldung.com/spring-prevent-xss)
+- [Guide to the AuthenticationManagerResolver in Spring Security](https://www.baeldung.com/spring-security-authenticationmanagerresolver)
+- [A Custom Spring SecurityConfigurer|https://www.baeldung.com/spring-security-custom-configurer]
### Build the Project
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/authresolver/AuthResolverApplication.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authresolver/AuthResolverApplication.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/authresolver/AuthResolverApplication.java
rename to spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authresolver/AuthResolverApplication.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/authresolver/AuthResolverController.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authresolver/AuthResolverController.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/authresolver/AuthResolverController.java
rename to spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authresolver/AuthResolverController.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/authresolver/CustomWebSecurityConfigurer.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authresolver/CustomWebSecurityConfigurer.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/authresolver/CustomWebSecurityConfigurer.java
rename to spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authresolver/CustomWebSecurityConfigurer.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/dsl/ClientErrorLoggingConfigurer.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/dsl/ClientErrorLoggingConfigurer.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/dsl/ClientErrorLoggingConfigurer.java
rename to spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/dsl/ClientErrorLoggingConfigurer.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/dsl/ClientErrorLoggingFilter.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/dsl/ClientErrorLoggingFilter.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/dsl/ClientErrorLoggingFilter.java
rename to spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/dsl/ClientErrorLoggingFilter.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/dsl/CustomConfigurerApplication.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/dsl/CustomConfigurerApplication.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/dsl/CustomConfigurerApplication.java
rename to spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/dsl/CustomConfigurerApplication.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/dsl/MyController.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/dsl/MyController.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/dsl/MyController.java
rename to spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/dsl/MyController.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/dsl/SecurityConfig.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/dsl/SecurityConfig.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/dsl/SecurityConfig.java
rename to spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/dsl/SecurityConfig.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/Application.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/xss/Application.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/Application.java
rename to spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/xss/Application.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/SecurityConf.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/xss/SecurityConf.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/SecurityConf.java
rename to spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/xss/SecurityConf.java
diff --git a/spring-security-modules/spring-5-security/src/test/java/com/baeldung/SpringContextTest.java b/spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/SpringContextTest.java
similarity index 99%
rename from spring-security-modules/spring-5-security/src/test/java/com/baeldung/SpringContextTest.java
rename to spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/SpringContextTest.java
index 7812a5c063..dc1dbf34f3 100644
--- a/spring-security-modules/spring-5-security/src/test/java/com/baeldung/SpringContextTest.java
+++ b/spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/SpringContextTest.java
@@ -1,5 +1,6 @@
package com.baeldung;
+
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
diff --git a/spring-security-modules/spring-5-security/src/test/java/com/baeldung/authresolver/AuthResolverIntegrationTest.java b/spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/authresolver/AuthResolverIntegrationTest.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/test/java/com/baeldung/authresolver/AuthResolverIntegrationTest.java
rename to spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/authresolver/AuthResolverIntegrationTest.java
diff --git a/spring-security-modules/spring-security-web-login-2/README.md b/spring-security-modules/spring-security-web-login-2/README.md
new file mode 100644
index 0000000000..826301c0fe
--- /dev/null
+++ b/spring-security-modules/spring-security-web-login-2/README.md
@@ -0,0 +1,9 @@
+## Spring Security Login - 2
+
+This module contains articles about login/logout mechanisms with Spring Security.
+
+## Relevant articles:
+
+- [Manual Logout With Spring Security](https://www.baeldung.com/spring-security-manual-logout)
+- [How to Disable Spring Security Logout Redirects](https://www.baeldung.com/spring-security-disable-logout-redirects)
+- More articles: [[<-- prev]](/spring-security-modules/spring-security-web-login)
diff --git a/spring-security-modules/spring-5-security/pom.xml b/spring-security-modules/spring-security-web-login-2/pom.xml
similarity index 66%
rename from spring-security-modules/spring-5-security/pom.xml
rename to spring-security-modules/spring-security-web-login-2/pom.xml
index b487e8b282..d5e5a4426e 100644
--- a/spring-security-modules/spring-5-security/pom.xml
+++ b/spring-security-modules/spring-security-web-login-2/pom.xml
@@ -3,11 +3,10 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
4.0.0
- spring-5-security
+ spring-security-web-login-2
0.0.1-SNAPSHOT
- spring-5-security
- jar
- spring 5 security sample project
+ spring-security-web-login-2
+ jar
com.baeldung
@@ -47,21 +46,6 @@
spring-security-test
test
-
- org.owasp.esapi
- esapi
- ${esapi.version}
-
-
- org.jsoup
- jsoup
- ${jsoup.version}
-
-
- commons-io
- commons-io
- ${commons-io.version}
-
@@ -69,16 +53,8 @@
org.springframework.boot
spring-boot-maven-plugin
-
- com.baeldung.passwordstorage.PasswordStorageApplication
- JAR
-
-
- 1.13.1
-
-
\ No newline at end of file
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/logoutredirects/LogoutApplication.java b/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/logoutredirects/LogoutApplication.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/logoutredirects/LogoutApplication.java
rename to spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/logoutredirects/LogoutApplication.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/logoutredirects/securityconfig/SpringSecurityConfig.java b/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/logoutredirects/securityconfig/SpringSecurityConfig.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/logoutredirects/securityconfig/SpringSecurityConfig.java
rename to spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/logoutredirects/securityconfig/SpringSecurityConfig.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/manuallogout/ManualLogoutApplication.java b/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/manuallogout/ManualLogoutApplication.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/manuallogout/ManualLogoutApplication.java
rename to spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/manuallogout/ManualLogoutApplication.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java b/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java
rename to spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java
diff --git a/spring-security-modules/spring-5-security/src/main/resources/application.properties b/spring-security-modules/spring-security-web-login-2/src/main/resources/application.properties
similarity index 59%
rename from spring-security-modules/spring-5-security/src/main/resources/application.properties
rename to spring-security-modules/spring-security-web-login-2/src/main/resources/application.properties
index 8159ace060..7fc55efed9 100644
--- a/spring-security-modules/spring-5-security/src/main/resources/application.properties
+++ b/spring-security-modules/spring-security-web-login-2/src/main/resources/application.properties
@@ -2,6 +2,4 @@ server.port=8081
logging.level.root=INFO
-logging.level.com.baeldung.dsl.ClientErrorLoggingFilter=DEBUG
-
logging.level.org.springframework.security=DEBUG
\ No newline at end of file
diff --git a/spring-security-modules/spring-5-security/src/main/resources/logback.xml b/spring-security-modules/spring-security-web-login-2/src/main/resources/logback.xml
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/resources/logback.xml
rename to spring-security-modules/spring-security-web-login-2/src/main/resources/logback.xml
diff --git a/spring-security-modules/spring-5-security/src/test/java/com/baeldung/logoutredirects/LogoutApplicationUnitTest.java b/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/logoutredirects/LogoutApplicationUnitTest.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/test/java/com/baeldung/logoutredirects/LogoutApplicationUnitTest.java
rename to spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/logoutredirects/LogoutApplicationUnitTest.java
diff --git a/spring-security-modules/spring-5-security/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java b/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java
rename to spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java
diff --git a/spring-security-modules/spring-5-security/src/test/resources/logback-test.xml b/spring-security-modules/spring-security-web-login-2/src/test/resources/logback-test.xml
similarity index 100%
rename from spring-security-modules/spring-5-security/src/test/resources/logback-test.xml
rename to spring-security-modules/spring-security-web-login-2/src/test/resources/logback-test.xml
diff --git a/spring-security-modules/spring-security-web-login/README.md b/spring-security-modules/spring-security-web-login/README.md
index bbef468944..b6cdc8c1e1 100644
--- a/spring-security-modules/spring-security-web-login/README.md
+++ b/spring-security-modules/spring-security-web-login/README.md
@@ -13,6 +13,7 @@ The "Learn Spring Security" Classes: http://github.learnspringsecurity.com
- [Spring Security – Redirect to the Previous URL After Login](https://www.baeldung.com/spring-security-redirect-login)
- [Spring Security Custom AuthenticationFailureHandler](https://www.baeldung.com/spring-security-custom-authentication-failure-handler)
- [Extra Login Fields with Spring Security](https://www.baeldung.com/spring-security-extra-login-fields)
+- More articles: [[next -->]](/spring-security-modules/spring-security-web-login-2)
### Build the Project
```
diff --git a/spring-security-modules/spring-security-web-rest-basic-auth/README.md b/spring-security-modules/spring-security-web-rest-basic-auth/README.md
index 97f682acd3..ad1bd098bb 100644
--- a/spring-security-modules/spring-security-web-rest-basic-auth/README.md
+++ b/spring-security-modules/spring-security-web-rest-basic-auth/README.md
@@ -11,3 +11,6 @@ The "Learn Spring Security" Classes: http://github.learnspringsecurity.com
- [Basic Authentication with the RestTemplate](https://www.baeldung.com/how-to-use-resttemplate-with-basic-authentication-in-spring)
- [A Custom Filter in the Spring Security Filter Chain](https://www.baeldung.com/spring-security-custom-filter)
- [Spring Security Basic Authentication](https://www.baeldung.com/spring-security-basic-authentication)
+- [New Password Storage In Spring Security 5](https://www.baeldung.com/spring-security-5-password-storage)
+- [Default Password Encoder in Spring Security 5](https://www.baeldung.com/spring-security-5-default-password-encoder)
+
diff --git a/spring-security-modules/spring-security-web-rest-basic-auth/pom.xml b/spring-security-modules/spring-security-web-rest-basic-auth/pom.xml
index 30b92be5ac..41f508c1a3 100644
--- a/spring-security-modules/spring-security-web-rest-basic-auth/pom.xml
+++ b/spring-security-modules/spring-security-web-rest-basic-auth/pom.xml
@@ -10,28 +10,29 @@
com.baeldung
- parent-spring-5
+ parent-boot-2
0.0.1-SNAPSHOT
- ../../parent-spring-5
+ ../../parent-boot-2
+
+ org.springframework.boot
+ spring-boot-starter-web
+
org.springframework.security
spring-security-web
- ${spring-security.version}
org.springframework.security
spring-security-config
- ${spring-security.version}
org.springframework
spring-core
- ${spring.version}
commons-logging
@@ -42,59 +43,48 @@
org.springframework
spring-context
- ${spring.version}
org.springframework
spring-jdbc
- ${spring.version}
org.springframework
spring-beans
- ${spring.version}
org.springframework
spring-aop
- ${spring.version}
org.springframework
spring-tx
- ${spring.version}
org.springframework
spring-expression
- ${spring.version}
org.springframework
spring-web
- ${spring.version}
org.springframework
spring-webmvc
- ${spring.version}
org.springframework
spring-oxm
- ${spring.version}
com.fasterxml.jackson.core
jackson-databind
- ${jackson.version}
org.apache.httpcomponents
httpcore
- ${httpcore.version}
commons-logging
@@ -105,7 +95,6 @@
org.apache.httpcomponents
httpclient
- ${httpclient.version}
commons-logging
@@ -136,7 +125,6 @@
org.springframework
spring-test
- ${spring.version}
test
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthApplication.java b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryAuthApplication.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthApplication.java
rename to spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryAuthApplication.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthController.java b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryAuthController.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthController.java
rename to spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryAuthController.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java
rename to spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryNoOpAuthWebSecurityConfigurer.java b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryNoOpAuthWebSecurityConfigurer.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryNoOpAuthWebSecurityConfigurer.java
rename to spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryNoOpAuthWebSecurityConfigurer.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/passwordstorage/BaeldungPasswordEncoderSetup.java b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/passwordstorage/BaeldungPasswordEncoderSetup.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/passwordstorage/BaeldungPasswordEncoderSetup.java
rename to spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/passwordstorage/BaeldungPasswordEncoderSetup.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/passwordstorage/PasswordStorageApplication.java b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/passwordstorage/PasswordStorageApplication.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/passwordstorage/PasswordStorageApplication.java
rename to spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/passwordstorage/PasswordStorageApplication.java
diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/passwordstorage/PasswordStorageWebSecurityConfigurer.java b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/passwordstorage/PasswordStorageWebSecurityConfigurer.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/main/java/com/baeldung/passwordstorage/PasswordStorageWebSecurityConfigurer.java
rename to spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/passwordstorage/PasswordStorageWebSecurityConfigurer.java
diff --git a/spring-security-modules/spring-5-security/src/test/java/com/baeldung/inmemory/InMemoryAuthControllerIntegrationTest.java b/spring-security-modules/spring-security-web-rest-basic-auth/src/test/java/com/baeldung/inmemory/InMemoryAuthControllerIntegrationTest.java
similarity index 100%
rename from spring-security-modules/spring-5-security/src/test/java/com/baeldung/inmemory/InMemoryAuthControllerIntegrationTest.java
rename to spring-security-modules/spring-security-web-rest-basic-auth/src/test/java/com/baeldung/inmemory/InMemoryAuthControllerIntegrationTest.java