Release 2.0.0.RELEASE

Closes gh-842

.travis.yml

@@ -1,19 +1,20 @@
 language: java
 
-services:
-  - redis-server
+sudo: required
 
-jdk:
-  - oraclejdk8
+services: docker
 
-os:
-  - linux
+jdk: oraclejdk8
 
 before_cache:
   - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
+  - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
+
 cache:
   directories:
     - $HOME/.gradle/caches/
     - $HOME/.gradle/wrapper/
 
-script: ./gradlew build
+install: true
+
+script: ./gradlew clean build --refresh-dependencies --no-daemon

Jenkinsfile

@@ -24,21 +24,6 @@ try {
 			}
 		}
 	},
-	sonar: {
-		stage('Sonar') {
-			node {
-				checkout scm
-				withCredentials([string(credentialsId: 'spring-sonar.login', variable: 'SONAR_LOGIN')]) {
-					try {
-						sh "./gradlew clean sonarqube -PexcludeProjects='**/samples/**' -Dsonar.host.url=$SPRING_SONAR_HOST_URL -Dsonar.login=$SONAR_LOGIN --refresh-dependencies --no-daemon"
-					} catch(Exception e) {
-						currentBuild.result = 'FAILED: sonar'
-						throw e
-					}
-				}
-			}
-		}
-	},
 	springio: {
 		stage('Spring IO') {
 			node {
@@ -95,7 +80,7 @@ try {
 					subject: subject,
 					body: details,
 					recipientProviders: RECIPIENTS,
-					to: "$SPRING_SECURITY_TEAM_EMAILS"
+					to: "$SPRING_SESSION_TEAM_EMAILS"
 				)
 			}
 		}

LICENSE.txt

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

README.adoc

@@ -1,26 +1,32 @@
-image:https://badges.gitter.im/spring-projects/spring-session.svg[link="https://gitter.im/spring-projects/spring-session?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"]
-
-image:https://travis-ci.org/spring-projects/spring-session.svg?branch=master["Build Status", link="https://travis-ci.org/spring-projects/spring-session"]
-
 = Spring Session
-Rob Winch
 
-Spring Session aims to provide a common infrastructure for managing sessions. This provides many benefits including:
+image:https://travis-ci.org/spring-projects/spring-session.svg?branch=master["Build Status", link="https://travis-ci.org/spring-projects/spring-session"] image:https://badges.gitter.im/spring-projects/spring-session.svg[link="https://gitter.im/spring-projects/spring-session?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"]
 
-* Accessing a session from any environment (i.e. web, messaging infrastructure, etc)
-* In a web environment
-** Support for clustering in a vendor neutral way
-** Pluggable strategy for determining the session id
-** Easily keep the HttpSession alive when a WebSocket is active
+Spring Session provides an API and implementations for managing a user's session information, while also making it trivial to support clustered sessions without being tied to an application container specific solution.
+It also provides transparent integration with:
+
+* `HttpSession` - allows replacing the `HttpSession` in an application container (i.e. Tomcat) neutral way, with support for providing session IDs in headers to work with RESTful APIs.
+* `WebSocket` - provides the ability to keep the `HttpSession` alive when receiving WebSocket messages
+* `WebSession` - allows replacing the Spring WebFlux's `WebSession` in an application container neutral way.
+
+== Modules
+
+Spring Session consists of the following modules:
+
+* Spring Session Core - provides core Spring Session functionalities and APIs
+* Spring Session Data Redis - provides `SessionRepository` and `ReactiveSessionRepository` implementation backed by Redis and configuration support
+* Spring Session JDBC - provides `SessionRepository` implementation backed by a relational database and configuration support
+* Spring Session Hazelcast - provides `SessionRepository` implementation backed by Hazelcast and configuration support
 
 == Code of Conduct
+
 This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].
 By participating, you  are expected to uphold this code. Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.
 
-= Spring Session Project Site
+== Spring Session Project Site
 
 You can find the documentation, issue management, support, samples, and guides for using Spring Session at http://projects.spring.io/spring-session/
 
-= License
+== License
 
 Spring Session is Open Source software released under the http://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].

build.gradle

@@ -1,11 +1,10 @@
 buildscript {
 	dependencies {
-		classpath 'io.spring.gradle:spring-build-conventions:0.0.2.RELEASE'
+		classpath 'io.spring.gradle:spring-build-conventions:0.0.8.RELEASE'
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
 	}
 	repositories {
-		maven { url 'https://repo.spring.io/libs-snapshot' }
-		maven { url 'https://repo.spring.io/plugins-snapshot' }
+		maven { url 'https://repo.spring.io/plugins-release' }
 	}
 }
 apply plugin: 'io.spring.convention.root'

docs/spring-session-docs.gradle

@@ -2,22 +2,24 @@ apply plugin: 'io.spring.convention.docs'
 apply plugin: 'io.spring.convention.spring-test'
 
 dependencies {
-	testCompile project(':spring-session')
+	testCompile project(':spring-session-core')
 	testCompile project(':spring-session-data-redis')
-	testCompile "org.springframework:spring-jdbc"
-	testCompile "org.springframework:spring-messaging"
-	testCompile "org.springframework:spring-webmvc"
-	testCompile "org.springframework:spring-websocket"
-	testCompile "org.springframework.security:spring-security-config"
-	testCompile "org.springframework.security:spring-security-web"
-	testCompile "org.springframework.security:spring-security-test"
-	testCompile "junit:junit"
-	testCompile "org.mockito:mockito-core"
-	testCompile "org.springframework:spring-test"
-	testCompile "org.assertj:assertj-core"
-	testCompile "com.hazelcast:hazelcast"
-	testCompile "io.lettuce:lettuce-core"
-	testCompile "javax.servlet:javax.servlet-api"
+	testCompile project(':spring-session-hazelcast')
+	testCompile project(':spring-session-jdbc')
+	testCompile 'org.springframework:spring-jdbc'
+	testCompile 'org.springframework:spring-messaging'
+	testCompile 'org.springframework:spring-webmvc'
+	testCompile 'org.springframework:spring-websocket'
+	testCompile 'org.springframework.security:spring-security-config'
+	testCompile 'org.springframework.security:spring-security-web'
+	testCompile 'org.springframework.security:spring-security-test'
+	testCompile 'junit:junit'
+	testCompile 'org.mockito:mockito-core'
+	testCompile 'org.springframework:spring-test'
+	testCompile 'org.assertj:assertj-core'
+	testCompile 'com.hazelcast:hazelcast'
+	testCompile 'io.lettuce:lettuce-core'
+	testCompile 'javax.servlet:javax.servlet-api'
 }
 
 def versions = dependencyManagement.managedVersions
@@ -25,19 +27,22 @@ def versions = dependencyManagement.managedVersions
 asciidoctor {
 	def ghTag = snapshotBuild ? 'master' : project.version
 	def ghUrl = "https://github.com/spring-projects/spring-session/tree/$ghTag"
-	attributes	'version-snapshot': snapshotBuild,
+
+	attributes 'docs-itest-dir': "$rootProject.projectDir.path/docs/src/integration-test/java/",
+			'docs-test-dir': "$rootProject.projectDir.path/docs/src/test/java/",
+			'docs-test-resources-dir': "$rootProject.projectDir.path/docs/src/test/resources/",
+			'download-url': "https://github.com/spring-projects/spring-session/archive/${ghTag}.zip",
+			'gh-samples-url': "$ghUrl/samples/",
+			'gh-url': ghUrl,
+			'hazelcast-version': versions['com.hazelcast:hazelcast'],
+			'lettuce-version': versions['io.lettuce:lettuce-core'],
+			'samples-dir': "$rootProject.projectDir.path/samples/",
+			'session-jdbc-main-resources-dir': "${project(':spring-session-jdbc').projectDir.path}/src/main/resources/",
+			'spring-data-redis-version': versions['org.springframework.data:spring-data-redis'],
+			'spring-framework-version': versions['org.springframework:spring-core'],
+			'spring-security-version': versions['org.springframework.security:spring-security-core'],
+			'spring-session-version': project.version,
 			'version-milestone': milestoneBuild,
 			'version-release': releaseBuild,
-			'gh-url': ghUrl,
-			'gh-samples-url': "$ghUrl/samples/",
-			'download-url' : "https://github.com/spring-projects/spring-session/archive/${ghTag}.zip",
-			'spring-session-version' : version,
-			'spring-version' : versions['org.springframework:spring-core'],
-			'lettuce-version' : versions['io.lettuce:lettuce-core'],
-			'hazelcast-version' : versions['com.hazelcast:hazelcast'],
-			'docs-itest-dir' : rootProject.projectDir.path + '/docs/src/integration-test/java/',
-			'docs-test-dir' : rootProject.projectDir.path + '/docs/src/test/java/',
-			'docs-test-resources-dir' : rootProject.projectDir.path + '/docs/src/test/resources/',
-			'samples-dir' : rootProject.projectDir.path + '/samples/',
-			'session-main-resources-dir' : rootProject.projectDir.path + '/spring-session/src/main/resources/'
+			'version-snapshot': snapshotBuild
 }

docs/src/docs/asciidoc/guides/boot-findbyusername.adoc

@@ -108,8 +108,9 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 
 [NOTE]
 ====
-For the sample to work, you must http://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `JedisConnectionFactory` to point to a Redis server.
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 ====
 
 ----

docs/src/docs/asciidoc/guides/boot-jdbc.adoc

@@ -54,7 +54,7 @@ spring.session.jdbc.schema=classpath:org/springframework/session/jdbc/schema-@@p
 spring.session.jdbc.table-name=SPRING_SESSION # Name of database table used to store sessions.
 ----
 
-For more information, refer to http://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
+For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
 
 [[httpsession-jdbc-boot-configuration]]
 == Configuring the DataSource
@@ -70,7 +70,7 @@ spring.datasource.username=myapp
 spring.datasource.password=secret
 ----
 
-For more information, refer to http://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-configure-datasource[Configure a DataSource] portion of the Spring Boot documentation.
+For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-configure-datasource[Configure a DataSource] portion of the Spring Boot documentation.
 
 [[httpsession-jdbc-boot-servlet-configuration]]
 == Servlet Container Initialization
@@ -120,7 +120,7 @@ Spring Session replaces the `HttpSession` with an implementation that is backed
 When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into H2 database.
 
 When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
 If you like, you can easily remove the session using H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL)
 

docs/src/docs/asciidoc/guides/boot-redis.adoc

@@ -51,7 +51,7 @@ spring.session.redis.flush-mode= # Sessions flush mode.
 spring.session.redis.namespace= # Namespace for keys used to store sessions.
 ----
 
-For more information, refer to http://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
+For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
 
 [[boot-redis-configuration]]
 == Configuring the Redis Connection
@@ -67,7 +67,7 @@ spring.redis.password=secret
 spring.redis.port=6379
 ----
 
-For more information, refer to http://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
+For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
 
 [[boot-servlet-configuration]]
 == Servlet Container Initialization
@@ -91,8 +91,9 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 
 [NOTE]
 ====
-For the sample to work, you must http://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `JedisConnectionFactory` to point to a Redis server.
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 ====
 
 ----
@@ -121,13 +122,13 @@ Spring Session replaces the `HttpSession` with an implementation that is backed
 When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Redis.
 
 When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
 If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
 
 	$ redis-cli keys '*' | xargs redis-cli del
 
-TIP: The Redis documentation has instructions for http://redis.io/topics/quickstart[installing redis-cli].
+TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
 Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
 

docs/src/docs/asciidoc/guides/boot-websocket.adoc

@@ -83,8 +83,9 @@ server.session.timeout=60
 
 [NOTE]
 ====
-For the sample to work, you must http://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 ====
 
 ----

docs/src/docs/asciidoc/guides/grails3.adoc

@@ -70,7 +70,7 @@ spring:
     port: 6397
 ----
 
-For more information, refer to http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
+For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
 
 [[grails3-sample]]
 == Grails 3 Sample Application
@@ -84,8 +84,9 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 
 [NOTE]
 ====
-For the sample to work, you must http://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `JedisConnectionFactory` to point to a Redis server.
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 ====
 
 ----
@@ -114,16 +115,19 @@ Spring Session replaces the `HttpSession` with an implementation that is backed
 When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Redis.
 
 When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
 If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
 
 	$ redis-cli keys '*' | xargs redis-cli del
 
-TIP: The Redis documentation has instructions for http://redis.io/topics/quickstart[installing redis-cli].
+TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
 Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
 
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
 
 Now visit the application at http://localhost:8080/test/index and observe that we are no longer authenticated.
+
+NOTE: Spring Session will not work with grails flash scope without additional work. +
+See this answer for an explanation: https://stackoverflow.com/a/43311427

docs/src/docs/asciidoc/guides/java-custom-cookie.adoc

@@ -78,8 +78,9 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 
 [NOTE]
 ====
-For the sample to work, you must http://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 ====
 
 ----

docs/src/docs/asciidoc/guides/java-hazelcast.adoc

@@ -26,7 +26,7 @@ If you are using Maven, ensure to add the following dependencies:
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-version}</version>
+		<version>{spring-framework-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -85,7 +85,7 @@ In this instance Spring Session is backed by Hazelcast.
 Spring Session provides `PrincipalNameExtractor` for this purpose.
 <3> We create a `HazelcastInstance` that connects Spring Session to Hazelcast.
 By default, an embedded instance of Hazelcast is started and connected to by the application.
-For more information on configuring Hazelcast, refer to the http://docs.hazelcast.org/docs/latest/manual/html-single/index.html#hazelcast-configuration[reference documentation].
+For more information on configuring Hazelcast, refer to the http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[reference documentation].
 
 == Servlet Container Initialization
 
@@ -130,7 +130,7 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 ====
 Hazelcast will run in embedded mode with your application by default, but if you want to connect
 to a stand alone instance instead, you can configure it by following the instructions in the
-http://docs.hazelcast.org/docs/latest/manual/html-single/index.html#hazelcast-configuration[reference documentation].
+http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[reference documentation].
 ====
 
 ----
@@ -157,13 +157,13 @@ Spring Session replaces the `HttpSession` with an implementation that is backed
 When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Hazelcast.
 
 When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
 === Interact with the data store
 
-If you like, you can remove the session using http://docs.hazelcast.org/docs/latest/manual/html-single/index.html#hazelcast-java-client[a Java client],
-http://docs.hazelcast.org/docs/latest/manual/html-single/index.html#other-client-implementations[one of the other clients], or the
-http://docs.hazelcast.org/docs/latest/manual/html-single/index.html#management-center[management center].
+If you like, you can remove the session using http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-java-client[a Java client],
+http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#other-client-implementations[one of the other clients], or the
+http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#management-center[management center].
 
 ==== Using the console
 
@@ -172,7 +172,7 @@ For example, using the management center console after connecting to your Hazelc
 	default> ns spring:session:sessions
 	spring:session:sessions> m.clear
 
-TIP: The Hazelcast documentation has instructions for http://docs.hazelcast.org/docs/latest/manual/html-single/index.html#executing-console-commands[the console].
+TIP: The Hazelcast documentation has instructions for http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#executing-console-commands[the console].
 
 Alternatively, you can also delete the explicit key. Enter the following into the console ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
 
@@ -183,7 +183,7 @@ Now visit the application at http://localhost:8080/ and observe that we are no l
 ==== Using the REST API
 
 As described in the other clients section of the documentation, there is a 
-http://docs.hazelcast.org/docs/latest/manual/html-single/index.html#rest-client[REST API]
+http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#rest-client[REST API]
 provided by the Hazelcast node(s).
 
 For example, you could delete an individual key as follows (replacing `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie):

docs/src/docs/asciidoc/guides/java-jdbc.adoc

@@ -26,7 +26,7 @@ If you are using Maven, ensure to add the following dependencies:
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-version}</version>
+		<version>{spring-framework-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -85,7 +85,7 @@ In this instance Spring Session is backed by a relational database.
 We configure the H2 database to create database tables using the SQL script which is included in Spring Session.
 <3> We create a `transactionManager` that manages transactions for previously configured `dataSource`.
 
-For additional information on how to configure data access related concerns, please refer to the http://docs.spring.io/spring/docs/current/spring-framework-reference/html/spring-data-tier.html[Spring Framework Reference Documentation].
+For additional information on how to configure data access related concerns, please refer to the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/data-access.html[Spring Framework Reference Documentation].
 
 == Java Servlet Container Initialization
 
@@ -145,7 +145,7 @@ include::{samples-dir}javaconfig/jdbc/src/main/java/sample/SessionServlet.java[t
 
 Instead of using Tomcat's `HttpSession`, we are actually persisting the values in H2 database.
 Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
 If you like, you can easily remove the session using H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL)
 

docs/src/docs/asciidoc/guides/java-redis.adoc

@@ -31,7 +31,7 @@ If you are using Maven, ensure to add the following dependencies:
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-version}</version>
+		<version>{spring-framework-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -88,7 +88,7 @@ The filter is what is in charge of replacing the `HttpSession` implementation to
 In this instance Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
 We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, refer to the http://docs.spring.io/spring-data/data-redis/docs/current/reference/html/[reference documentation].
+For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
 
 == Java Servlet Container Initialization
 
@@ -125,8 +125,9 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 
 [NOTE]
 ====
-For the sample to work, you must http://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 ====
 
 ----
@@ -156,13 +157,13 @@ include::{samples-dir}javaconfig/redis/src/main/java/sample/SessionServlet.java[
 
 Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
 Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
 If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
 
 	$ redis-cli keys '*' | xargs redis-cli del
 
-TIP: The Redis documentation has instructions for http://redis.io/topics/quickstart[installing redis-cli].
+TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
 Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
 

docs/src/docs/asciidoc/guides/java-rest.adoc

@@ -31,7 +31,7 @@ If you are using Maven, ensure to add the following dependencies:
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-version}</version>
+		<version>{spring-framework-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -88,7 +88,7 @@ The filter is what is in charge of replacing the `HttpSession` implementation to
 In this instance Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
 We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, refer to the http://docs.spring.io/spring-data/data-redis/docs/current/reference/html/[reference documentation].
+For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
 <3> We customize Spring Session's HttpSession integration to use HTTP headers to convey the current session information instead of cookies.
 
 == Servlet Container Initialization
@@ -126,8 +126,9 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 
 [NOTE]
 ====
-For the sample to work, you must http://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 ====
 
 ----
@@ -208,7 +209,7 @@ Now remove the session using redis-cli. For example, on a Linux based system you
 
 	$ redis-cli keys '*' | xargs redis-cli del
 
-TIP: The Redis documentation has instructions for http://redis.io/topics/quickstart[installing redis-cli].
+TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
 Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
 

docs/src/docs/asciidoc/guides/java-security.adoc

@@ -32,7 +32,7 @@ If you are using Maven, ensure to add the following dependencies:
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-version}</version>
+		<version>{spring-framework-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -87,7 +87,7 @@ The filter is what is in charge of replacing the `HttpSession` implementation to
 In this instance Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
 We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, refer to the http://docs.spring.io/spring-data/data-redis/docs/current/reference/html/[reference documentation].
+For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
 
 == Servlet Container Initialization
 
@@ -130,8 +130,9 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 
 [NOTE]
 ====
-For the sample to work, you must http://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 ====
 
 ----
@@ -158,13 +159,13 @@ Spring Session replaces the `HttpSession` with an implementation that is backed
 When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Redis.
 
 When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
 If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
 
 	$ redis-cli keys '*' | xargs redis-cli del
 
-TIP: The Redis documentation has instructions for http://redis.io/topics/quickstart[installing redis-cli].
+TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
 Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
 

docs/src/docs/asciidoc/guides/java-users.adoc

@@ -1,161 +0,0 @@
-= Spring Session - Multiple Sessions
-Rob Winch
-:toc:
-
-This guide describes how to use Spring Session to manage multiple simultaneous browser sessions (i.e Google Accounts).
-
-== Integrating with Spring Session
-
-The steps to integrate with Spring Session are exactly the same as those outline in the link:httpsession.html[HttpSession Guide], so we will skip to running the sample application.
-
-[[users-sample]]
-== users Sample Application
-
-The users application demonstrates how to allow an application to manage multiple simultaneous browser sessions (i.e. Google Accounts).
-
-=== Running the users Sample Application
-
-You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
-
-[NOTE]
-====
-For the sample to work, you must http://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
-====
-
-----
-$ ./gradlew :samples:users:tomcatRun
-----
-
-You should now be able to access the application at http://localhost:8080/
-
-=== Exploring the users Sample Application
-
-Try using the application. Authenticate with the following information:
-
-* **Username** _rob_
-* **Password** _rob_
-
-Now click the **Login** button. You should now be authenticated as the user **rob**.
-
-We can click on links and our user information is preserved.
-
-* Click on the **Link** link in the navigation bar at the top
-* Observe we are still authenticated as **rob**
-
-Let's add an another account.
-
-* Return to the *Home* page
-* Click on the arrow next to *rob* in the upper right hand corner
-* Click **Add Account**
-
-The log in form is displayed again. Authenticate with the following information:
-
-* **Username** _luke_
-* **Password** _luke_
-
-Now click the **Login** button. You should now be authenticated as the user **luke**.
-
-We can click on links and our user information is preserved.
-
-* Click on the **Link** link in the navigation bar at the top
-* Observe we are still authenticated as **luke**
-
-Where did our original user go? Let's switch to our original account.
-
-* Click on the arrow next to *luke* in the upper right hand corner.
-* Click on **Switch Account** -> *rob*
-
-We are now using the session associated with *rob*.
-
-== How does it work?
-
-// tag::how-does-it-work[]
-
-Let's take a look at how Spring Session keeps track of multiple sessions.
-
-=== Managing a Single Session
-
-Spring Session keeps track of the `HttpSession` by adding a value to a cookie named SESSION.
-For example, the SESSION cookie might have a value of:
-
-	7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
-
-=== Adding a Session
-
-We can add another session by requesting a URL that contains a special parameter in it.
-By default the parameter name is *_s*. For example, the following URL would create a new session:
-
-http://localhost:8080/?_s=1
-
-NOTE: The parameter value does not indicate the actual session id.
-This is important because we never want to allow the session id to be determined by a client to avoid https://www.owasp.org/index.php/Session_fixation[session fixation attacks].
-Additionally, we do not want the session id to be leaked since it is sent as a query parameter.
-Remember sensitive information should only be transmitted as a header or in the body of the request.
-
-Rather than creating the URL ourselves, we can utilize the `HttpSessionManager` to do this for us.
-We can obtain the `HttpSessionManager` from the `HttpServletRequest` using the following:
-
-.src/main/java/sample/UserAccountsFilter.java
-[source,java,indent=0]
-----
-include::{samples-dir}javaconfig/users/src/main/java/sample/UserAccountsFilter.java[tags=HttpSessionManager]
-----
-
-We can now use it to create a URL to add another session.
-
-.src/main/java/sample/UserAccountsFilter.java
-[source,java,indent=0]
-----
-include::{samples-dir}javaconfig/users/src/main/java/sample/UserAccountsFilter.java[tags=addAccountUrl]
-----
-
-<1> We have an existing variable named `unauthenticatedAlias`.
-The value is an alias that points to an existing unauthenticated session.
-If no such session exists, the value is null.
-This ensures if we have an existing unauthenticated session that we use it instead of creating a new session.
-<2> If all of our sessions are already associated to a user, we create a new session alias.
-<3> If there is an existing session that is not associated to a user, we use its session alias.
-<4> Finally, we create the add account URL.
-The URL contains a session alias that either points to an existing unauthenticated session or is an alias that is unused thus signaling to create a new session associated to that alias.
-
-Now our SESSION cookie looks something like this:
-
-	0 7e8383a4-082c-4ffe-a4bc-c40fd3363c5e 1 1d526d4a-c462-45a4-93d9-84a39b6d44ad
-
-Such that:
-
-* There is a session with the id *7e8383a4-082c-4ffe-a4bc-c40fd3363c5e*
-** The alias for this session is  *0*.
-For example, if the URL is http://localhost:8080/?_s=0 this alias would be used.
-** This is the default session.
-This means that if no session alias is specified, then this session is used.
-For example, if the URL is http://localhost:8080/ this session would be used.
-* There is a session with the id *1d526d4a-c462-45a4-93d9-84a39b6d44ad*
-** The alias for this session is *1*.
-If the session alias is *1*, then this session is used.
-For example, if the URL is http://localhost:8080/?_s=1 this alias would be used.
-
-=== Automatic Session Alias Inclusion with encodeURL
-
-The nice thing about specifying the session alias in the URL is that we can have multiple tabs open with different active sessions.
-The bad thing is that we need to include the session alias in every URL of our application.
-Fortunately, Spring Session will automatically include the session alias in any URL that passes through http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html#encodeURL(java.lang.String)[HttpServletResponse#encodeURL(java.lang.String)]
-
-This means that if you are using standard tag libraries the session alias is automatically included in the URL.
-For example, if we are currently using the session with the alias of *1*, then the following:
-
-.src/main/webapp/index.jsp
-[source,xml,indent=0]
-----
-include::{samples-dir}javaconfig/users/src/main/webapp/index.jsp[tags=link]
-----
-
-will output a link of:
-
-[source,html]
-----
-<a id="navLink" href="/link.jsp?_s=1">Link</a>
-----
-
-// end::how-does-it-work[]

docs/src/docs/asciidoc/guides/xml-jdbc.adoc

@@ -26,7 +26,7 @@ If you are using Maven, ensure to add the following dependencies:
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-version}</version>
+		<version>{spring-framework-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -87,7 +87,7 @@ In this instance Spring Session is backed by a relational database.
 We configure the H2 database to create database tables using the SQL script which is included in Spring Session.
 <3> We create a `transactionManager` that manages transactions for previously configured `dataSource`.
 
-For additional information on how to configure data access related concerns, please refer to the http://docs.spring.io/spring/docs/current/spring-framework-reference/html/spring-data-tier.html[Spring Framework Reference Documentation].
+For additional information on how to configure data access related concerns, please refer to the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/data-access.html[Spring Framework Reference Documentation].
 
 == XML Servlet Container Initialization
 
@@ -105,7 +105,7 @@ include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/web.xml[tags=context-para
 include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/web.xml[tags=listeners]
 ----
 
-The http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/#context-create[ContextLoaderListener] reads the contextConfigLocation and picks up our session.xml configuration.
+The https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/core.html#context-create[ContextLoaderListener] reads the contextConfigLocation and picks up our session.xml configuration.
 
 Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
 The following snippet performs this last step for us:
@@ -116,7 +116,7 @@ The following snippet performs this last step for us:
 include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/web.xml[tags=springSessionRepositoryFilter]
 ----
 
-The http://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy] will look up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
+The https://docs.spring.io/spring-framework/docs/{spring-framework-version}/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy] will look up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
 For every request that `DelegatingFilterProxy` is invoked, the `springSessionRepositoryFilter` will be invoked.
 
 // end::config[]
@@ -155,7 +155,7 @@ include::{samples-dir}xml/jdbc/src/main/java/sample/SessionServlet.java[tags=cla
 
 Instead of using Tomcat's `HttpSession`, we are actually persisting the values in H2 database.
 Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
 If you like, you can easily remove the session using H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL)
 

docs/src/docs/asciidoc/guides/xml-redis.adoc

@@ -31,7 +31,7 @@ If you are using Maven, ensure to add the following dependencies:
 	<dependency>
 		<groupId>org.springframework</groupId>
 		<artifactId>spring-web</artifactId>
-		<version>{spring-version}</version>
+		<version>{spring-framework-version}</version>
 	</dependency>
 </dependencies>
 ----
@@ -90,7 +90,7 @@ The filter is what is in charge of replacing the `HttpSession` implementation to
 In this instance Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
 We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, refer to the http://docs.spring.io/spring-data/data-redis/docs/current/reference/html/[reference documentation].
+For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
 
 == XML Servlet Container Initialization
 
@@ -108,7 +108,7 @@ include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/web.xml[tags=context-par
 include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/web.xml[tags=listeners]
 ----
 
-The http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/#context-create[ContextLoaderListener] reads the contextConfigLocation and picks up our session.xml configuration.
+The https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/core.html#context-create[ContextLoaderListener] reads the contextConfigLocation and picks up our session.xml configuration.
 
 Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
 The following snippet performs this last step for us:
@@ -119,7 +119,7 @@ The following snippet performs this last step for us:
 include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/web.xml[tags=springSessionRepositoryFilter]
 ----
 
-The http://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy] will look up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
+The https://docs.spring.io/spring-framework/docs/{spring-framework-version}/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy] will look up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
 For every request that `DelegatingFilterProxy` is invoked, the `springSessionRepositoryFilter` will be invoked.
 
 // end::config[]
@@ -133,8 +133,9 @@ You can run the sample by obtaining the {download-url}[source code] and invoking
 
 [NOTE]
 ====
-For the sample to work, you must http://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `LettuceConnectionFactory` to point to a Redis server.
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 ====
 
 ----
@@ -164,13 +165,13 @@ include::{samples-dir}xml/redis/src/main/java/sample/SessionServlet.java[tags=cl
 
 Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
 Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
-Go ahead and view the cookies (click for help with https://developer.chrome.com/devtools/docs/resources#cookies[Chrome] or https://getfirebug.com/wiki/index.php/Cookies_Panel#Cookies_List[Firefox]).
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
 If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
 
 	$ redis-cli keys '*' | xargs redis-cli del
 
-TIP: The Redis documentation has instructions for http://redis.io/topics/quickstart[installing redis-cli].
+TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
 Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
 

docs/src/docs/asciidoc/index.adoc

@@ -1,6 +1,5 @@
-
 = Spring Session
-Rob Winch, Vedran Pavić, Jakub Kubrynski
+Rob Winch, Vedran Pavić
 :doctype: book
 :indexdoc-tests: {docs-test-dir}docs/IndexDocTests.java
 :websocketdoc-test-dir: {docs-test-dir}docs/websocket/
@@ -13,30 +12,31 @@ Spring Session provides an API and implementations for managing a user's session
 [[introduction]]
 == Introduction
 
-Spring Session provides an API and implementations for managing a user's session information. It also provides transparent integration with:
-
-* <<httpsession,HttpSession>> - allows replacing the HttpSession in an application container (i.e. Tomcat) neutral way.
-Additional features include:
-** **Clustered Sessions** - Spring Session makes it trivial to support <<httpsession-redis,clustered sessions>> without being tied to an application container specific solution.
-** **Multiple Browser Sessions** - Spring Session supports <<httpsession-multi,managing multiple users' sessions>> in a single browser instance (i.e. multiple authenticated accounts similar to Google).
-** **RESTful APIs** - Spring Session allows providing session ids in headers to work with <<httpsession-rest,RESTful APIs>>
+Spring Session provides an API and implementations for managing a user's session information, while also making it trivial to support clustered sessions without being tied to an application container specific solution.
+It also provides transparent integration with:
 
+* <<httpsession,HttpSession>> - allows replacing the `HttpSession` in an application container (i.e. Tomcat) neutral way, with support for providing session IDs in headers to work with RESTful APIs.
 * <<websocket,WebSocket>> - provides the ability to keep the `HttpSession` alive when receiving WebSocket messages
+* <<websession,WebSession>> - allows replacing the Spring WebFlux's `WebSession` in an application container neutral way.
 
-== What's New in 1.3
+== What's New in 2.0
 
-Below are the highlights of what is new in Spring Session 1.3. You can find a complete list of what's new by referring to the changelogs of
-https://github.com/spring-projects/spring-session/milestone/6?closed=1[1.3.0.M1],
-https://github.com/spring-projects/spring-session/milestone/18?closed=1[1.3.0.M2],
-https://github.com/spring-projects/spring-session/milestone/16?closed=1[1.3.0.RC1], and
-https://github.com/spring-projects/spring-session/milestone/19?closed=1[1.3.0.RELEASE].
+Below are the highlights of what is new in Spring Session 2.0. You can find a complete list of what's new by referring to the changelogs of
+https://github.com/spring-projects/spring-session/milestone/17?closed=1[2.0.0.M1],
+https://github.com/spring-projects/spring-session/milestone/22?closed=1[2.0.0.M2],
+https://github.com/spring-projects/spring-session/milestone/23?closed=1[2.0.0.M3],
+https://github.com/spring-projects/spring-session/milestone/24?closed=1[2.0.0.M4],
+https://github.com/spring-projects/spring-session/milestone/25?closed=1[2.0.0.M5],
+https://github.com/spring-projects/spring-session/milestone/26?closed=1[2.0.0.RC1],
+https://github.com/spring-projects/spring-session/milestone/27?closed=1[2.0.0.RC2], and
+https://github.com/spring-projects/spring-session/milestone/30?closed=1[2.0.0.RELEASE].
 
-* First class support for http://docs.spring.io/spring-session/docs/1.3.0.RELEASE/reference/html5/#httpsession-hazelcast[Hazelcast]
-* First class support for http://docs.spring.io/spring-session/docs/1.3.0.RELEASE/reference/html5/#spring-security-concurrent-sessions-how[Spring Security's concurrent session management]
-* Added https://github.com/maseev/spring-session-orientdb[OrientDB Community Extension]
-* https://github.com/spring-projects/spring-session/tree/1.3.0.RELEASE/samples/httpsession-redis-json[GenericJackson2JsonRedisSerializer sample] with Spring Security's new Jackson Support
-* Guides now https://github.com/spring-projects/spring-session/pull/652[use Lettuce]
-* `spring.session.cleanup.cron.expression` can be used to override the cleanup task’s cron expression
+* Upgraded to Java 8 and Spring Framework 5 as baseline
+* https://github.com/spring-projects/spring-session/issues/683[Added support for managing Spring WebFlux's `WebSession`] with https://github.com/spring-projects/spring-session/issues/816[Redis `ReactiveSessionRepository`]
+* https://github.com/spring-projects/spring-session/issues/768[Extracted `SessionRepository` implementations to separate modules]
+* Improved https://github.com/spring-projects/spring-session/issues/682[`Session`] and https://github.com/spring-projects/spring-session/issues/809[`SessionRepository`] APIs
+* Improved and harmonized configuration support for all supported session stores
+* https://github.com/spring-projects/spring-session/pull/713[Added support for configuring default `CookieSerializer` using `SessionCookieConfig`]
 * Lots of performance improvements and bug fixes
 
 [[samples]]
@@ -64,6 +64,10 @@ If you are looking to get started with Spring Session, the best place to start i
 | Demonstrates how to use Spring Session with WebSockets.
 | link:guides/boot-websocket.html[WebSockets Guide]
 
+| {gh-samples-url}boot/webflux[WebFlux]
+| Demonstrates how to use Spring Session to replace the Spring WebFlux's `WebSession` with Redis.
+| TBD
+
 | {gh-samples-url}boot/redis-json[HttpSession with Redis JSON serialization]
 | Demonstrates how to use Spring Session to replace the `HttpSession` with Redis using JSON serialization.
 | TBD
@@ -98,10 +102,6 @@ If you are looking to get started with Spring Session, the best place to start i
 | Demonstrates how to use Spring Session in a REST application to support authenticating with a header.
 | link:guides/java-rest.html[REST Guide]
 
-| {gh-samples-url}javaconfig/users[Multiple Users]
-| Demonstrates how to use Spring Session to manage multiple simultaneous browser sessions (i.e Google Accounts).
-| link:guides/java-users.html[Multiple Users Guide]
-
 |===
 
 .Sample Applications using Spring XML based configuration
@@ -132,6 +132,27 @@ If you are looking to get started with Spring Session, the best place to start i
 
 |===
 
+[[modules]]
+== Spring Session Modules
+
+In Spring Session 1.x all of the Spring Session's `SessionRepository` implementations were available within the `spring-session` artifact.
+While convenient, this approach wasn't sustainable long-term as more features and `SessionRepository` implementations were added to the project.
+
+Starting with Spring Session 2.0, the project has been split up to Spring Session Core module, and several other modules that carry `SessionRepository` implementations and functionality related to the specific data store.
+The users of Spring Data will find this arrangement familiar, with Spring Session Core module taking a role equivalent to Spring Data Commons and providing core functionalities and APIs with other modules containing data store specific implementations.
+As a part of this split, the Spring Session Data MongoDB and Spring Session Data GemFire modules were moved to separate repositories so the situation with project's repositories/modules is a follows:
+
+* https://github.com/spring-projects/spring-session[`spring-session` repository]
+** Hosts Spring Session Core, Spring Session Data Redis, Spring Session JDBC and Spring Session Hazelcast modules
+* https://github.com/spring-projects/spring-session-data-mongodb[`spring-session-data-mongodb` repository]
+** Hosts Spring Session Data MongoDB module
+* https://github.com/spring-projects/spring-session-data-geode[`spring-session-data-geode` repository]
+** Hosts Spring Session Data Geode/GemFire module
+
+Going forward, the plan is to externalize each of the `SessionRepository` implementations into a dedicated repository and provide a Maven BOM (as in "bill of materials") module in order to help users with version management concerns.
+
+Modules maintained by the members of Spring Team will be hosted within the https://github.com/spring-projects[`spring-projects` organization], while the community maintained modules will continue to be promoted via <<community-extensions,Community Extensions>> section of this manual.
+
 [[httpsession]]
 == HttpSession Integration
 
@@ -144,8 +165,7 @@ This means that developers can switch the `HttpSession` implementation out with
 We have already mentioned that Spring Session provides transparent integration with `HttpSession`, but what benefits do we get out of this?
 
 * **Clustered Sessions** - Spring Session makes it trivial to support <<httpsession-redis,clustered sessions>> without being tied to an application container specific solution.
-* **Multiple Browser Sessions** - Spring Session supports <<httpsession-multi,managing multiple users' sessions>> in a single browser instance (i.e. multiple authenticated accounts similar to Google).
-* **RESTful APIs** - Spring Session allows providing session ids in headers to work with <<httpsession-rest,RESTful APIs>>
+* **RESTful APIs** - Spring Session allows providing session IDs in headers to work with <<httpsession-rest,RESTful APIs>>
 
 [[httpsession-redis]]
 === HttpSession with Redis
@@ -284,17 +304,6 @@ public class SessionRepositoryFilter implements Filter {
 By passing in a custom `HttpServletRequest` implementation into the `FilterChain` we ensure that anything invoked after our `Filter` uses the custom `HttpSession` implementation.
 This highlights why it is important that Spring Session's `SessionRepositoryFilter` must be placed before anything that interacts with the `HttpSession`.
 
-[[httpsession-multi]]
-=== Multiple HttpSessions in Single Browser
-
-Spring Session has the ability to support multiple sessions in a single browser instance.
-This provides the ability to support authenticating with multiple users in the same browser instance (i.e. Google Accounts).
-
-NOTE: The <<samples,Manage Multiple Users Guide>> provides a complete working example of managing multiple users in the same browser instance.
-You can follow the basic steps for integration below, but you are encouraged to follow along with the detailed Manage Multiple Users Guide when integrating with your own application.
-
-include::guides/java-users.adoc[tags=how-does-it-work,leveloffset=+1]
-
 [[httpsession-rest]]
 === HttpSession & RESTful APIs
 
@@ -365,6 +374,116 @@ Before using WebSocket integration, you should be sure that you have <<httpsessi
 
 include::guides/boot-websocket.adoc[tags=config,leveloffset=+2]
 
+[[websession]]
+== WebSession Integration
+
+Spring Session provides transparent integration with Spring WebFlux's `WebSession`.
+This means that developers can switch the `WebSession` implementation out with an implementation that is backed by Spring Session.
+
+[[websession-why]]
+=== Why Spring Session & WebSession?
+
+We have already mentioned that Spring Session provides transparent integration with Spring WebFlux's `WebSession`, but what benefits do we get out of this?
+As with `HttpSession`, Spring Session makes it trivial to support <<websession-redis,clustered sessions>> without being tied to an application container specific solution.
+
+[[websession-redis]]
+=== WebSession with Redis
+
+Using Spring Session with `WebSession` is enabled by simply registering a `WebSessionManager` implementation backed by Spring Session's `ReactiveSessionRepository`.
+The Spring configuration is responsible for creating a `WebSessionManager` that replaces the `WebSession` implementation with an implementation backed by Spring Session.
+Add the following Spring Configuration:
+
+[source, java]
+----
+@EnableRedisWebSession // <1>
+public class SessionConfiguration {
+
+	@Bean
+	public LettuceConnectionFactory redisConnectionFactory() {
+		return new LettuceConnectionFactory(); // <2>
+	}
+
+}
+----
+
+<1> The `@EnableRedisWebSession` annotation creates a Spring Bean with the name of `webSessionManager` that implements the `WebSessionManager`.
+This is what is in charge of replacing the `WebSession` implementation to be backed by Spring Session.
+In this instance Spring Session is backed by Redis.
+<2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
+We configure the connection to connect to localhost on the default port (6379)
+For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
+
+[[websession-how]]
+=== How WebSession Integration Works
+
+With Spring WebFlux and it's `WebSession` things are considerably simpler for Spring Session to integrate with, compared to Servlet API and it's `HttpSession`.
+Spring WebFlux provides `WebSessionStore` API which presents a strategy for persisting `WebSession`.
+
+NOTE: This section describes how Spring Session provides transparent integration with `WebSession`. The intent is so that user's can understand what is happening under the covers. This functionality is already integrated and you do NOT need to implement this logic yourself.
+
+First we create a custom `SpringSessionWebSession` that delegates to Spring Session's `Session`.
+It looks something like the following:
+
+[source, java]
+----
+public class SpringSessionWebSession implements WebSession {
+
+	enum State {
+		NEW, STARTED
+	}
+
+	private final S session;
+
+	private AtomicReference<State> state = new AtomicReference<>();
+
+	SpringSessionWebSession(S session, State state) {
+		this.session = session;
+		this.state.set(state);
+	}
+
+	@Override
+	public void start() {
+		this.state.compareAndSet(State.NEW, State.STARTED);
+	}
+
+	@Override
+	public boolean isStarted() {
+		State value = this.state.get();
+		return (State.STARTED.equals(value)
+				|| (State.NEW.equals(value) && !this.session.getAttributes().isEmpty()));
+	}
+
+	@Override
+	public Mono<Void> changeSessionId() {
+		return Mono.defer(() -> {
+			this.session.changeSessionId();
+			return save();
+		});
+	}
+
+	// ... other methods delegate to the original Session
+}
+----
+
+Next, we create a custom `WebSessionStore` that delegates to the `ReactiveSessionRepository` and wraps `Session` into custom `WebSession` implementation:
+
+[source, java]
+----
+public class SpringSessionWebSessionStore<S extends Session> implements WebSessionStore {
+
+	private final ReactiveSessionRepository<S> sessions;
+
+	public SpringSessionWebSessionStore(ReactiveSessionRepository<S> reactiveSessionRepository) {
+		this.sessions = reactiveSessionRepository;
+	}
+
+	// ...
+}
+----
+
+In order to be detected by Spring WebFlux, this custom `WebSessionStore` needs to be registered with `ApplicationContext` as bean named `webSessionManager`.
+For additional information on Spring WebFlux, refer to the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/web-reactive.html[Spring Framework Reference Documentation].
+
 [[spring-security]]
 == Spring Security Integration
 
@@ -373,7 +492,7 @@ Spring Session provides integration with Spring Security.
 [[spring-security-rememberme]]
 === Spring Security Remember-Me Support
 
-Spring Session provides integration with http://docs.spring.io/spring-security/site/docs/4.2.x/reference/htmlsingle/#remember-me[Spring Security's Remember-Me Authentication].
+Spring Session provides integration with https://docs.spring.io/spring-security/site/docs/{spring-security-version}/reference/htmlsingle/#remember-me[Spring Security's Remember-Me Authentication].
 The support will:
 
 * Change the session expiration length
@@ -416,7 +535,7 @@ include::{docs-test-dir}docs/security/SecurityConfiguration.java[tags=class]
 ----
 
 This assumes that you've also configured Spring Session to provide a `FindByIndexNameSessionRepository` that
-returns `ExpiringSession` instances.
+returns `Session` instances.
 
 When using XML configuration, it would look something like this:
 [source,xml,indent=0]
@@ -458,11 +577,7 @@ include::{indexdoc-tests}[tags=repository-demo]
 <5> We retrieve the `Session` from the `SessionRepository`.
 <6> We obtain the persisted `User` from our `Session` without the need for explicitly casting our attribute.
 
-[[api-expiringsession]]
-=== ExpiringSession
-
-An `ExpiringSession` extends a `Session` by providing attributes related to the `Session` instance's expiration.
-If there is no need to interact with the expiration information, prefer using the more simple `Session` API.
+`Session` API also provides attributes related to the `Session` instance's expiration.
 
 Typical usage might look like the following:
 
@@ -471,17 +586,17 @@ Typical usage might look like the following:
 include::{indexdoc-tests}[tags=expire-repository-demo]
 ----
 
-<1> We create a `SessionRepository` instance with a generic type, `S`, that extends `ExpiringSession`. The generic type is defined in our class.
-<2> We create a new `ExpiringSession` using our `SessionRepository` and assign it to a variable of type `S`.
-<3> We interact with the `ExpiringSession`.
-In our example, we demonstrate updating the amount of time the `ExpiringSession` can be inactive before it expires.
-<4> We now save the `ExpiringSession`.
+<1> We create a `SessionRepository` instance with a generic type, `S`, that extends `Session`. The generic type is defined in our class.
+<2> We create a new `Session` using our `SessionRepository` and assign it to a variable of type `S`.
+<3> We interact with the `Session`.
+In our example, we demonstrate updating the amount of time the `Session` can be inactive before it expires.
+<4> We now save the `Session`.
 This is why we needed the generic type `S`.
-The `SessionRepository` only allows saving `ExpiringSession` instances that were created or retrieved using the same `SessionRepository`.
+The `SessionRepository` only allows saving `Session` instances that were created or retrieved using the same `SessionRepository`.
 This allows for the `SessionRepository` to make implementation specific optimizations (i.e. only writing attributes that have changed).
-The last accessed time is automatically updated when the `ExpiringSession` is saved.
-<5> We retrieve the `ExpiringSession` from the `SessionRepository`.
-If the `ExpiringSession` were expired, the result would be null.
+The last accessed time is automatically updated when the `Session` is saved.
+<5> We retrieve the `Session` from the `SessionRepository`.
+If the `Session` were expired, the result would be null.
 
 [[api-sessionrepository]]
 === SessionRepository
@@ -523,6 +638,14 @@ Once the session is indexed, it can be found using the following:
 include::{docs-test-dir}docs/FindByIndexNameSessionRepositoryTests.java[tags=findby-username]
 ----
 
+[[api-reactivesessionrepository]]
+=== ReactiveSessionRepository
+
+A `ReactiveSessionRepository` is in charge of creating, retrieving, and persisting `Session` instances in a non-blocking and reactive manner.
+
+If possible, developers should not interact directly with a `ReactiveSessionRepository` or a `Session`.
+Instead, developers should prefer interacting with `ReactiveSessionRepository` and `Session` indirectly through the <<websession,WebSession>> integration.
+
 [[api-enablespringhttpsession]]
 === EnableSpringHttpSession
 
@@ -539,6 +662,22 @@ It is important to note that no infrastructure for session expirations is config
 This is because things like session expiration are highly implementation dependent.
 This means if you require cleaning up expired sessions, you are responsible for cleaning up the expired sessions.
 
+[[api-enablespringwebsession]]
+=== EnableSpringWebSession
+
+The `@EnableSpringWebSession` annotation can be added to an `@Configuration` class to expose the `WebSessionManager` as a bean named "webSessionManager".
+In order to leverage the annotation, a single `ReactiveSessionRepository` bean must be provided.
+For example:
+
+[source,java,indent=0]
+----
+include::{docs-test-dir}docs/SpringWebSessionConfig.java[tags=class]
+----
+
+It is important to note that no infrastructure for session expirations is configured for you out of the box.
+This is because things like session expiration are highly implementation dependent.
+This means if you require cleaning up expired sessions, you are responsible for cleaning up the expired sessions.
+
 [[api-redisoperationssessionrepository]]
 === RedisOperationsSessionRepository
 
@@ -566,7 +705,7 @@ Complete example usage can be found in the <<samples>>
 You can use the following attributes to customize the configuration:
 
 * **maxInactiveIntervalInSeconds** - the amount of time before the session will expire in seconds
-* **redisNamespace** - allows configuring an application specific namespace for the sessions. Redis keys and channel ids will start with the prefix of `spring:session:<redisNamespace>:`.
+* **redisNamespace** - allows configuring an application specific namespace for the sessions. Redis keys and channel IDs will start with the prefix of `<redisNamespace>:`.
 * **redisFlushMode** - allows specifying when data will be written to Redis. The default is only when `save` is invoked on `SessionRepository`.
 A value of `RedisFlushMode.IMMEDIATE` will write to Redis as soon as possible.
 
@@ -578,7 +717,7 @@ You can customize the serialization by creating a Bean named `springSessionDefau
 
 `RedisOperationsSessionRepository` is subscribed to receive events from redis using a `RedisMessageListenerContainer`.
 You can customize the way those events are dispatched, by creating a Bean named `springSessionRedisTaskExecutor` and/or a Bean `springSessionRedisSubscriptionExecutor`.
-More details on configuring redis task executors can be found http://docs.spring.io/spring-data-redis/docs/current/reference/html/#redis:pubsub:subscribe:containers[here].
+More details on configuring redis task executors can be found https://docs.spring.io/spring-data-redis/docs/{spring-data-redis-version}/reference/html/#redis:pubsub:subscribe:containers[here].
 
 [[api-redisoperationssessionrepository-storage]]
 ==== Storage Details
@@ -617,7 +756,7 @@ HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe creationTime
 
 In this example, the session following statements are true about the session:
 
-* The session id is 33fdd1b6-b496-4b33-9f7d-df96679d32fe
+* The session ID is 33fdd1b6-b496-4b33-9f7d-df96679d32fe
 * The session was created at 1404360000000 in milliseconds since midnight of 1/1/1970 GMT.
 * The session expires in 1800 seconds (30 minutes).
 * The session was last accessed at 1404360000000 in milliseconds since midnight of 1/1/1970 GMT.
@@ -640,7 +779,7 @@ HMSET spring:session:sessions:33fdd1b6-b496-4b33-9f7d-df96679d32fe sessionAttr:a
 [[api-redisoperationssessionrepository-expiration]]
 ===== Session Expiration
 
-An expiration is associated to each session using the EXPIRE command based upon the `ExpiringSession.getMaxInactiveInterval()`.
+An expiration is associated to each session using the EXPIRE command based upon the `Session.getMaxInactiveInterval()`.
 For example:
 
 ----
@@ -653,11 +792,11 @@ An expiration is set on the session itself five minutes after it actually expire
 
 [NOTE]
 ====
-The `SessionRepository.getSession(String)` method ensures that no expired sessions will be returned.
+The `SessionRepository.findById(String)` method ensures that no expired sessions will be returned.
 This means there is no need to check the expiration before using a session.
 ====
 
-Spring Session relies on the delete and expired http://redis.io/topics/notifications[keyspace notifications] from Redis to fire a <<api-redisoperationssessionrepository-sessiondestroyedevent,SessionDeletedEvent>> and <<api-redisoperationssessionrepository-sessiondestroyedevent,SessionExpiredEvent>> respectively.
+Spring Session relies on the delete and expired https://redis.io/topics/notifications[keyspace notifications] from Redis to fire a <<api-redisoperationssessionrepository-sessiondestroyedevent,SessionDeletedEvent>> and <<api-redisoperationssessionrepository-sessiondestroyedevent,SessionExpiredEvent>> respectively.
 It is the `SessionDeletedEvent` or `SessionExpiredEvent` that ensures resources associated with the Session are cleaned up.
 For example, when using Spring Session's WebSocket support the Redis expired or delete event is what triggers any WebSocket connections associated with the session to be closed.
 
@@ -670,12 +809,12 @@ EXPIRE spring:session:sessions:expires:33fdd1b6-b496-4b33-9f7d-df96679d32fe 1800
 
 When a session expires key is deleted or expires, the keyspace notification triggers a lookup of the actual session and a SessionDestroyedEvent is fired.
 
-One problem with relying on Redis expiration exclusively is that Redis makes no guarantee of when the expired event will be fired if they key has not been accessed.
+One problem with relying on Redis expiration exclusively is that Redis makes no guarantee of when the expired event will be fired if the key has not been accessed.
 Specifically the background task that Redis uses to clean up expired keys is a low priority task and may not trigger the key expiration.
-For additional details see http://redis.io/topics/notifications[Timing of expired events] section in the Redis documentation.
+For additional details see https://redis.io/topics/notifications[Timing of expired events] section in the Redis documentation.
 
 To circumvent the fact that expired events are not guaranteed to happen we can ensure that each key is accessed when it is expected to expire.
-This means that if the TTL is expired on the key, Redis will remove the key and fire the expired event when we try to access they key.
+This means that if the TTL is expired on the key, Redis will remove the key and fire the expired event when we try to access the key.
 
 For this reason, each session expiration is also tracked to the nearest minute.
 This allows a background task to access the potentially expired sessions to ensure that Redis expired events are fired in a more deterministic fashion.
@@ -687,7 +826,7 @@ EXPIRE spring:session:expirations1439245080000 2100
 ----
 
 The background task will then use these mappings to explicitly request each key.
-By accessing they key, rather than deleting it, we ensure that Redis deletes the key for us only if the TTL is expired.
+By accessing the key, rather than deleting it, we ensure that Redis deletes the key for us only if the TTL is expired.
 
 [NOTE]
 ====
@@ -707,7 +846,7 @@ This is necessary to ensure resources associated with the `Session` are properly
 
 For example, when integrating with WebSockets the `SessionDestroyedEvent` is in charge of closing any active WebSocket connections.
 
-Firing `SessionDeletedEvent` or `SessionExpiredEvent` is made available through the `SessionMessageListener` which listens to http://redis.io/topics/notifications[Redis Keyspace events].
+Firing `SessionDeletedEvent` or `SessionExpiredEvent` is made available through the `SessionMessageListener` which listens to https://redis.io/topics/notifications[Redis Keyspace events].
 In order for this to work, Redis Keyspace events for Generic commands and Expired events needs to be enabled.
 For example:
 
@@ -739,14 +878,14 @@ include::{docs-test-resources-dir}docs/HttpSessionConfigurationNoOpConfigureRedi
 ==== SessionCreatedEvent
 
 When a session is created an event is sent to Redis with the channel of `spring:session:channel:created:33fdd1b6-b496-4b33-9f7d-df96679d32fe`
-such that `33fdd1b6-b496-4b33-9f7d-df96679d32fe` is the session id. The body of the event will be the session that was created.
+such that `33fdd1b6-b496-4b33-9f7d-df96679d32fe` is the session ID. The body of the event will be the session that was created.
 
 If registered as a MessageListener (default), then `RedisOperationsSessionRepository` will then translate the Redis message into a `SessionCreatedEvent`.
 
 [[api-redisoperationssessionrepository-cli]]
 ==== Viewing the Session in Redis
 
-After http://redis.io/topics/quickstart[installing redis-cli], you can inspect the values in Redis http://redis.io/commands#hash[using the redis-cli].
+After https://redis.io/topics/quickstart[installing redis-cli], you can inspect the values in Redis https://redis.io/commands#hash[using the redis-cli].
 For example, enter the following into a terminal:
 
 [source,bash]
@@ -758,7 +897,70 @@ redis 127.0.0.1:6379> keys *
 ----
 
 <1> The suffix of this key is the session identifier of the Spring Session.
-<2> This key contains all the session ids that should be deleted at the time `1418772300000`.
+<2> This key contains all the session IDs that should be deleted at the time `1418772300000`.
+
+You can also view the attributes of each session.
+
+[source,bash]
+----
+redis 127.0.0.1:6379> hkeys spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021
+1) "lastAccessedTime"
+2) "creationTime"
+3) "maxInactiveInterval"
+4) "sessionAttr:username"
+redis 127.0.0.1:6379> hget spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021 sessionAttr:username
+"\xac\xed\x00\x05t\x00\x03rob"
+----
+
+[[api-reactiveredisoperationssessionrepository]]
+=== ReactiveRedisOperationsSessionRepository
+
+`ReactiveRedisOperationsSessionRepository` is a `ReactiveSessionRepository` that is implemented using Spring Data's `ReactiveRedisOperations`.
+In a web environment, this is typically used in combination with `WebSessionStore`.
+
+[[api-reactiveredisoperationssessionrepository-new]]
+==== Instantiating a ReactiveRedisOperationsSessionRepository
+
+A typical example of how to create a new instance can be seen below:
+
+[source,java,indent=0]
+----
+include::{indexdoc-tests}[tags=new-reactiveredisoperationssessionrepository]
+----
+
+For additional information on how to create a `ReactiveRedisConnectionFactory`, refer to the Spring Data Redis Reference.
+
+[[api-reactiveredisoperationssessionrepository-config]]
+==== EnableRedisWebSession
+
+In a web environment, the simplest way to create a new `ReactiveRedisOperationsSessionRepository` is to use `@EnableRedisWebSession`.
+You can use the following attributes to customize the configuration:
+
+* **maxInactiveIntervalInSeconds** - the amount of time before the session will expire in seconds
+* **redisNamespace** - allows configuring an application specific namespace for the sessions. Redis keys and channel IDs will start with the prefix of `<redisNamespace>:`.
+* **redisFlushMode** - allows specifying when data will be written to Redis. The default is only when `save` is invoked on `ReactiveSessionRepository`.
+A value of `RedisFlushMode.IMMEDIATE` will write to Redis as soon as possible.
+
+[[api-reactiveredisoperationssessionrepository-writes]]
+===== Optimized Writes
+
+The `Session` instances managed by `ReactiveRedisOperationsSessionRepository` keeps track of the properties that have changed and only updates those.
+This means if an attribute is written once and read many times we only need to write that attribute once.
+
+[[api-reactiveredisoperationssessionrepository-cli]]
+==== Viewing the Session in Redis
+
+After https://redis.io/topics/quickstart[installing redis-cli], you can inspect the values in Redis https://redis.io/commands#hash[using the redis-cli].
+For example, enter the following into a terminal:
+
+[source,bash]
+----
+$ redis-cli
+redis 127.0.0.1:6379> keys *
+1) "spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021" <1>
+----
+
+<1> The suffix of this key is the session identifier of the Spring Session.
 
 You can also view the attributes of each session.
 
@@ -776,7 +978,7 @@ redis 127.0.0.1:6379> hget spring:session:sessions:4fc39ce3-63b3-4e17-b1c4-5e1ed
 [[api-mapsessionrepository]]
 === MapSessionRepository
 
-The `MapSessionRepository` allows for persisting `ExpiringSession` in a `Map` with the key being the `ExpiringSession` id and the value being the `ExpiringSession`.
+The `MapSessionRepository` allows for persisting `Session` in a `Map` with the key being the `Session` ID and the value being the `Session`.
 The implementation can be used with a `ConcurrentHashMap` as a testing or convenience mechanism.
 Alternatively, it can be used with distributed `Map` implementations. For example, it can be used with Hazelcast.
 
@@ -807,6 +1009,13 @@ To run it use the following:
 
 	./gradlew :samples:hazelcast-spring:tomcatRun
 
+[[api-reactivemapsessionrepository]]
+=== ReactiveMapSessionRepository
+
+The `ReactiveMapSessionRepository` allows for persisting `Session` in a `Map` with the key being the `Session` ID and the value being the `Session`.
+The implementation can be used with a `ConcurrentHashMap` as a testing or convenience mechanism.
+Alternatively, it can be used with distributed `Map` implementations with the requirement that the supplied `Map` must be a non-blocking.
+
 [[api-jdbcoperationssessionrepository]]
 === JdbcOperationsSessionRepository
 
@@ -824,7 +1033,7 @@ A typical example of how to create a new instance can be seen below:
 include::{indexdoc-tests}[tags=new-jdbcoperationssessionrepository]
 ----
 
-For additional information on how to create and configure `JdbcTemplate` and `PlatformTransactionManager`, refer to the http://docs.spring.io/spring/docs/current/spring-framework-reference/html/spring-data-tier.html[Spring Framework Reference Documentation].
+For additional information on how to create and configure `JdbcTemplate` and `PlatformTransactionManager`, refer to the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/data-access.html[Spring Framework Reference Documentation].
 
 [[api-jdbcoperationssessionrepository-config]]
 ==== EnableJdbcHttpSession
@@ -860,14 +1069,14 @@ For example, with PostgreSQL database you would use the following schema script:
 
 [source,sql,indent=0]
 ----
-include::{session-main-resources-dir}org/springframework/session/jdbc/schema-postgresql.sql[]
+include::{session-jdbc-main-resources-dir}org/springframework/session/jdbc/schema-postgresql.sql[]
 ----
 
 And with MySQL database:
 
 [source,sql,indent=0]
 ----
-include::{session-main-resources-dir}org/springframework/session/jdbc/schema-mysql.sql[]
+include::{session-jdbc-main-resources-dir}org/springframework/session/jdbc/schema-mysql.sql[]
 ----
 
 ==== Transaction management
@@ -891,12 +1100,12 @@ A typical example of how to create a new instance can be seen below:
 include::{indexdoc-tests}[tags=new-hazelcastsessionrepository]
 ----
 
-For additional information on how to create and configure Hazelcast instance, refer to the http://docs.hazelcast.org/docs/latest/manual/html-single/index.html#hazelcast-configuration[Hazelcast documentation].
+For additional information on how to create and configure Hazelcast instance, refer to the http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[Hazelcast documentation].
 
 [[api-enablehazelcasthttpsession]]
 ==== EnableHazelcastHttpSession
 
-If you wish to use http://hazelcast.org/[Hazelcast] as your backing source for the `SessionRepository`, then the `@EnableHazelcastHttpSession` annotation
+If you wish to use https://hazelcast.org/[Hazelcast] as your backing source for the `SessionRepository`, then the `@EnableHazelcastHttpSession` annotation
 can be added to an `@Configuration` class. This extends the functionality provided by the `@EnableSpringHttpSession` annotation but makes the `SessionRepository` for you in Hazelcast.
 You must provide a single `HazelcastInstance` bean for the configuration to work.
 Complete configuration example can be found in the <<samples>>
@@ -928,6 +1137,70 @@ Note that if you use Hazelcast's `MapStore` to persist your sessions `IMap` ther
 * reload triggers `EntryAddedListener` which results in `SessionCreatedEvent` being re-published
 * reload uses default TTL for a given `IMap` which results in sessions losing their original TTL
 
+[[custom-sessionrepository]]
+== Custom SessionRepository
+
+Implementing a custom <<api-sessionrepository,`SessionRepository`>> API should be a fairly straightforward task.
+Coupling the custom implementation with <<api-enablespringhttpsession,`@EnableSpringHttpSession`>> support allow to easily reuse existing Spring Session configuration facilities and infrastructure.
+There are however a couple of aspects that deserve a closer consideration.
+
+During a lifecycle of an HTTP request, the `HttpSession` is typically is persisted to `SessionRepository` twice.
+First to ensure that the session is available to the clients as soon as the client has access to the session ID, and it is also necessary to write after the session is committed because further modifications to the session might be made.
+Having this in mind, it is generally recommended for a `SessionRepository` implementation to keep track of changes to ensure that only deltas are saved.
+This is in particular very important in highly concurrent environments, where multiple requests operate on the same `HttpSession` and therefore cause race conditions, with requests overriding each others changes to session attributes.
+All of the `SessionRepository` implementations provided by Spring Session use the described approach to persisting session changes and can be used for guidance while implementing custom `SessionRepository`.
+
+Note that the same recommendations apply for implementing a custom <<api-reactivesessionrepository,`ReactiveSessionRepository`>> as well.
+Of course, in this case the <<api-enablespringwebsession,`@EnableSpringWebSession`>> should be used.
+
+[[upgrading-2.0]]
+== Upgrading to 2.x
+
+With the new major release version, the Spring Session team took the opportunity to make some non-passive changes.
+The focus of these changes is to improve and harmonize Spring Session's APIs, as well as remove the deprecated components.
+
+=== Baseline update
+
+Spring Session 2.0 requires Java 8 and Spring Framework 5.0 as a baseline, since its entire codebase is now based on Java 8 source code.
+Refer to guide for https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-5.x[Upgrading to Spring Framework 5.x] for reference on upgrading Spring Framework.
+
+=== Replaced and Removed Modules
+
+As a part of the project's split the modules, the existing `spring-session` has been replaced with `spring-session-core` module.
+The `spring-session-core` module holds only the common set of APIs and components while other modules contain the implementation of appropriate `SessionRepository` and functionality related to that data store.
+This applies to several existing that were previously a simple dependency aggregator helper modules but with new module arrangement actually carry the implementation:
+
+* Spring Session Data Redis
+* Spring Session JDBC
+* Spring Session Hazelcast
+
+Also the following modules were removed from the main project repository:
+
+* Spring Session Data MongoDB
+* Spring Session Data GemFire
+
+Note that these two have moved to separate repositories, and will continue to be available albeit under a changed artifact names:
+
+* https://github.com/spring-projects/spring-session-data-mongodb[`spring-session-data-mongodb`]
+* https://github.com/spring-projects/spring-session-data-geode[`spring-session-data-geode`]
+
+=== Replaced and Removed Packages, Classes and Methods
+
+* `ExpiringSession` API has been merged into `Session` API
+* `Session` API has been enhanced to make full use of Java 8
+* `Session` API has been extended with `changeSessionId` support
+* `SessionRepository` API has been updated to better align with Spring Data method naming conventions
+* `AbstractSessionEvent` and its subclasses are no longer constructable without an underlying `Session` object
+* Redis namespace used by `RedisOperationsSessionRepository` is now fully configurable, instead of being partial configurable
+* Redis configuration support has been updated to avoid registering a Spring Session specific `RedisTemplate` bean
+* JDBC configuration support has been updated to avoid registering a Spring Session specific `JdbcTemplate` bean
+* Previously deprecated classes and methods have been removed across the codebase
+
+=== Dropped Support
+
+As a part of the changes to `HttpSessionStrategy` and it's alignment to the counterpart from the reactive world, the support for managing multiple users' sessions in a single browser instance has been removed.
+This introduction of new API to replace this functionality in consideration for future releases.
+
 [[community]]
 == Spring Session Community
 
@@ -937,18 +1210,18 @@ Please find additional information below.
 [[community-support]]
 === Support
 
-You can get help by asking questions on http://stackoverflow.com/questions/tagged/spring-session[StackOverflow with the tag spring-session].
+You can get help by asking questions on https://stackoverflow.com/questions/tagged/spring-session[StackOverflow with the tag spring-session].
 Similarly we encourage helping others by answering questions on StackOverflow.
 
 [[community-source]]
 === Source Code
 
-Our source code can be found on github at https://github.com/spring-projects/spring-session/
+Our source code can be found on GitHub at https://github.com/spring-projects/spring-session/
 
 [[community-issues]]
 === Issue Tracking
 
-We track issues in github issues at https://github.com/spring-projects/spring-session/issues
+We track issues in GitHub issues at https://github.com/spring-projects/spring-session/issues
 
 [[community-contributing]]
 === Contributing
@@ -958,7 +1231,7 @@ We appreciate https://help.github.com/articles/using-pull-requests/[Pull Request
 [[community-license]]
 === License
 
-Spring Session is Open Source software released under the http://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].
+Spring Session is Open Source software released under the https://www.apache.org/licenses/LICENSE-2.0[Apache 2.0 license].
 
 [[community-extensions]]
 === Community Extensions

docs/src/test/java/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,10 +21,10 @@ import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
-import org.springframework.session.ExpiringSession;
+import org.springframework.session.Session;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -33,12 +33,12 @@ import static org.mockito.Mockito.mock;
 /**
  * @author Rob Winch
  */
-@RunWith(SpringJUnit4ClassRunner.class)
+@RunWith(SpringRunner.class)
 @ContextConfiguration
 @WebAppConfiguration
 public class HttpSessionConfigurationNoOpConfigureRedisActionXmlTests {
 	@Autowired
-	SessionRepositoryFilter<? extends ExpiringSession> filter;
+	SessionRepositoryFilter<? extends Session> filter;
 
 	@Test
 	public void redisConnectionFactoryNotUsedSinceNoValidation() {

docs/src/test/java/docs/IndexDocTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,21 +16,28 @@
 
 package docs;
 
+import java.time.Duration;
+import java.util.concurrent.ConcurrentHashMap;
+
 import com.hazelcast.config.Config;
 import com.hazelcast.core.Hazelcast;
 import com.hazelcast.core.HazelcastInstance;
-import com.hazelcast.core.IMap;
 import org.junit.Test;
 
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.data.redis.core.ReactiveRedisTemplate;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.serializer.JdkSerializationRedisSerializer;
+import org.springframework.data.redis.serializer.RedisSerializationContext;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.jdbc.datasource.DataSourceTransactionManager;
 import org.springframework.mock.web.MockServletContext;
-import org.springframework.session.ExpiringSession;
 import org.springframework.session.MapSession;
 import org.springframework.session.MapSessionRepository;
+import org.springframework.session.ReactiveSessionRepository;
 import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
+import org.springframework.session.data.redis.ReactiveRedisOperationsSessionRepository;
 import org.springframework.session.data.redis.RedisOperationsSessionRepository;
 import org.springframework.session.hazelcast.HazelcastSessionRepository;
 import org.springframework.session.jdbc.JdbcOperationsSessionRepository;
@@ -49,8 +56,8 @@ public class IndexDocTests {
 
 	@Test
 	public void repositoryDemo() {
-		RepositoryDemo<ExpiringSession> demo = new RepositoryDemo<>();
-		demo.repository = new MapSessionRepository();
+		RepositoryDemo<MapSession> demo = new RepositoryDemo<>();
+		demo.repository = new MapSessionRepository(new ConcurrentHashMap<>());
 
 		demo.demo();
 	}
@@ -68,7 +75,7 @@ public class IndexDocTests {
 
 			this.repository.save(toSave); // <4>
 
-			S session = this.repository.getSession(toSave.getId()); // <5>
+			S session = this.repository.findById(toSave.getId()); // <5>
 
 			// <6>
 			User user = session.getAttribute(ATTR_USER);
@@ -81,24 +88,24 @@ public class IndexDocTests {
 
 	@Test
 	public void expireRepositoryDemo() {
-		ExpiringRepositoryDemo<ExpiringSession> demo = new ExpiringRepositoryDemo<>();
-		demo.repository = new MapSessionRepository();
+		ExpiringRepositoryDemo<MapSession> demo = new ExpiringRepositoryDemo<>();
+		demo.repository = new MapSessionRepository(new ConcurrentHashMap<>());
 
 		demo.demo();
 	}
 
 	// tag::expire-repository-demo[]
-	public class ExpiringRepositoryDemo<S extends ExpiringSession> {
+	public class ExpiringRepositoryDemo<S extends Session> {
 		private SessionRepository<S> repository; // <1>
 
 		public void demo() {
 			S toSave = this.repository.createSession(); // <2>
 			// ...
-			toSave.setMaxInactiveIntervalInSeconds(30); // <3>
+			toSave.setMaxInactiveInterval(Duration.ofSeconds(30)); // <3>
 
 			this.repository.save(toSave); // <4>
 
-			S session = this.repository.getSession(toSave.getId()); // <5>
+			S session = this.repository.findById(toSave.getId()); // <5>
 			// ...
 		}
 
@@ -110,17 +117,41 @@ public class IndexDocTests {
 	@SuppressWarnings("unused")
 	public void newRedisOperationsSessionRepository() {
 		// tag::new-redisoperationssessionrepository[]
-		LettuceConnectionFactory factory = new LettuceConnectionFactory();
-		SessionRepository<? extends ExpiringSession> repository = new RedisOperationsSessionRepository(
-				factory);
+		RedisTemplate<Object, Object> redisTemplate = new RedisTemplate<>();
+
+		// ... configure redisTemplate ...
+
+		SessionRepository<? extends Session> repository =
+				new RedisOperationsSessionRepository(redisTemplate);
 		// end::new-redisoperationssessionrepository[]
 	}
 
+	@Test
+	@SuppressWarnings("unused")
+	public void newReactiveRedisOperationsSessionRepository() {
+		LettuceConnectionFactory connectionFactory = new LettuceConnectionFactory();
+		RedisSerializationContext<String, Object> serializationContext = RedisSerializationContext
+				.<String, Object>newSerializationContext(
+						new JdkSerializationRedisSerializer())
+				.build();
+
+		// tag::new-reactiveredisoperationssessionrepository[]
+		// ... create and configure connectionFactory and serializationContext ...
+
+		ReactiveRedisTemplate<String, Object> redisTemplate = new ReactiveRedisTemplate<>(
+				connectionFactory, serializationContext);
+
+		ReactiveSessionRepository<? extends Session> repository =
+				new ReactiveRedisOperationsSessionRepository(redisTemplate);
+		// end::new-reactiveredisoperationssessionrepository[]
+	}
+
 	@Test
 	@SuppressWarnings("unused")
 	public void mapRepository() {
 		// tag::new-mapsessionrepository[]
-		SessionRepository<? extends ExpiringSession> repository = new MapSessionRepository();
+		SessionRepository<? extends Session> repository = new MapSessionRepository(
+				new ConcurrentHashMap<>());
 		// end::new-mapsessionrepository[]
 	}
 
@@ -136,7 +167,7 @@ public class IndexDocTests {
 
 		// ... configure transactionManager ...
 
-		SessionRepository<? extends ExpiringSession> repository =
+		SessionRepository<? extends Session> repository =
 				new JdbcOperationsSessionRepository(jdbcTemplate, transactionManager);
 		// end::new-jdbcoperationssessionrepository[]
 	}
@@ -152,11 +183,8 @@ public class IndexDocTests {
 
 		HazelcastInstance hazelcastInstance = Hazelcast.newHazelcastInstance(config);
 
-		IMap<String, MapSession> sessions = hazelcastInstance
-				.getMap("spring:session:sessions");
-
 		HazelcastSessionRepository repository =
-				new HazelcastSessionRepository(sessions);
+				new HazelcastSessionRepository(hazelcastInstance);
 		// end::new-hazelcastsessionrepository[]
 	}
 

docs/src/test/java/docs/RedisHttpSessionConfigurationNoOpConfigureRedisActionTests.java

@@ -25,7 +25,7 @@ import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.session.data.redis.config.ConfigureRedisAction;
 import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 
 import static org.mockito.Mockito.mock;
@@ -33,7 +33,7 @@ import static org.mockito.Mockito.mock;
 /**
  * @author Rob Winch
  */
-@RunWith(SpringJUnit4ClassRunner.class)
+@RunWith(SpringRunner.class)
 @ContextConfiguration
 @WebAppConfiguration
 public class RedisHttpSessionConfigurationNoOpConfigureRedisActionTests {

docs/src/test/java/docs/SpringHttpSessionConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package docs;
 
+import java.util.concurrent.ConcurrentHashMap;
+
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.session.MapSessionRepository;
@@ -27,7 +29,7 @@ import org.springframework.session.config.annotation.web.http.EnableSpringHttpSe
 public class SpringHttpSessionConfig {
 	@Bean
 	public MapSessionRepository sessionRepository() {
-		return new MapSessionRepository();
+		return new MapSessionRepository(new ConcurrentHashMap<>());
 	}
 }
 // end::class[]

docs/src/test/java/docs/SpringWebSessionConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,25 +14,21 @@
  * limitations under the License.
  */
 
-package sample;
+package docs;
+
+import java.util.concurrent.ConcurrentHashMap;
 
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
-import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
-
-/**
- * @author Rob Winch
- */
+import org.springframework.session.ReactiveMapSessionRepository;
+import org.springframework.session.ReactiveSessionRepository;
+import org.springframework.session.config.annotation.web.server.EnableSpringWebSession;
 
 // tag::class[]
-@Configuration
-@EnableRedisHttpSession
-public class Config {
-
+@EnableSpringWebSession
+public class SpringWebSessionConfig {
 	@Bean
-	public LettuceConnectionFactory connectionFactory() {
-		return new LettuceConnectionFactory();
+	public ReactiveSessionRepository reactiveSessionRepository() {
+		return new ReactiveMapSessionRepository(new ConcurrentHashMap<>());
 	}
 }
 // end::class[]

docs/src/test/java/docs/http/AbstractHttpSessionListenerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package docs.http;
 
+import java.util.Properties;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
@@ -27,18 +29,20 @@ import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.security.core.session.SessionDestroyedEvent;
 import org.springframework.session.MapSession;
 import org.springframework.session.Session;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 
 /**
  * @author Rob Winch
+ * @author Mark Paluch
  * @since 1.2
  */
-@RunWith(SpringJUnit4ClassRunner.class)
+@RunWith(SpringRunner.class)
 @WebAppConfiguration
 public abstract class AbstractHttpSessionListenerTests {
 	@Autowired
@@ -63,6 +67,7 @@ public abstract class AbstractHttpSessionListenerTests {
 		RedisConnection connection = mock(RedisConnection.class);
 
 		given(factory.getConnection()).willReturn(connection);
+		given(connection.getConfig(anyString())).willReturn(new Properties());
 		return factory;
 	}
 
@@ -77,6 +82,7 @@ public abstract class AbstractHttpSessionListenerTests {
 		 * @see org.springframework.context.ApplicationListener#onApplicationEvent(org.
 		 * springframework.context.ApplicationEvent)
 		 */
+		@Override
 		public void onApplicationEvent(SessionDestroyedEvent event) {
 			this.event = event;
 		}

docs/src/test/java/docs/http/HazelcastHttpSessionConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -41,7 +41,7 @@ public class HazelcastHttpSessionConfig {
 
 		Config config = new Config();
 
-		config.getMapConfig("spring:session:sessions") // <2>
+		config.getMapConfig(HazelcastSessionRepository.DEFAULT_SESSION_MAP_NAME) // <2>
 				.addMapAttributeConfig(attributeConfig)
 				.addMapIndexConfig(new MapIndexConfig(
 						HazelcastSessionRepository.PRINCIPAL_NAME_ATTRIBUTE, false));

docs/src/test/java/docs/security/RememberMeSecurityConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package docs.security;
 
+import java.util.concurrent.ConcurrentHashMap;
+
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -65,15 +67,13 @@ public class RememberMeSecurityConfiguration extends WebSecurityConfigurerAdapte
 	@Override
 	@Bean
 	public InMemoryUserDetailsManager userDetailsService() {
-		InMemoryUserDetailsManager uds = new InMemoryUserDetailsManager();
-		uds.createUser(
-				User.withUsername("user").password("password").roles("USER").build());
-		return uds;
+		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
+				.username("user").password("password").roles("USER").build());
 	}
 
 	@Bean
 	MapSessionRepository sessionRepository() {
-		return new MapSessionRepository();
+		return new MapSessionRepository(new ConcurrentHashMap<>());
 	}
 }
 // end::class[]

docs/src/test/java/docs/security/RememberMeSecurityConfigurationTests.java

@@ -16,8 +16,8 @@
 
 package docs.security;
 
+import java.time.Duration;
 import java.util.Base64;
-import java.util.concurrent.TimeUnit;
 
 import javax.servlet.http.Cookie;
 
@@ -26,11 +26,11 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.session.ExpiringSession;
+import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
@@ -44,11 +44,11 @@ import static org.springframework.security.test.web.servlet.setup.SecurityMockMv
 /**
  * @author rwinch
  */
-@RunWith(SpringJUnit4ClassRunner.class)
+@RunWith(SpringRunner.class)
 @ContextConfiguration(classes = RememberMeSecurityConfiguration.class)
 @WebAppConfiguration
 @SuppressWarnings("rawtypes")
-public class RememberMeSecurityConfigurationTests<T extends ExpiringSession> {
+public class RememberMeSecurityConfigurationTests<T extends Session> {
 	@Autowired
 	WebApplicationContext context;
 	@Autowired
@@ -81,9 +81,9 @@ public class RememberMeSecurityConfigurationTests<T extends ExpiringSession> {
 		Cookie cookie = result.getResponse().getCookie("SESSION");
 		assertThat(cookie.getMaxAge()).isEqualTo(Integer.MAX_VALUE);
 		T session = this.sessions
-				.getSession(new String(Base64.getDecoder().decode(cookie.getValue())));
-		assertThat(session.getMaxInactiveIntervalInSeconds())
-				.isEqualTo((int) TimeUnit.DAYS.toSeconds(30));
+				.findById(new String(Base64.getDecoder().decode(cookie.getValue())));
+		assertThat(session.getMaxInactiveInterval())
+				.isEqualTo(Duration.ofDays(30));
 
 	}
 }

docs/src/test/java/docs/security/RememberMeSecurityConfigurationXmlTests.java

@@ -16,8 +16,8 @@
 
 package docs.security;
 
+import java.time.Duration;
 import java.util.Base64;
-import java.util.concurrent.TimeUnit;
 
 import javax.servlet.http.Cookie;
 
@@ -26,11 +26,11 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.session.ExpiringSession;
+import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
@@ -44,11 +44,11 @@ import static org.springframework.security.test.web.servlet.setup.SecurityMockMv
 /**
  * @author rwinch
  */
-@RunWith(SpringJUnit4ClassRunner.class)
+@RunWith(SpringRunner.class)
 @ContextConfiguration
 @WebAppConfiguration
 @SuppressWarnings("rawtypes")
-public class RememberMeSecurityConfigurationXmlTests<T extends ExpiringSession> {
+public class RememberMeSecurityConfigurationXmlTests<T extends Session> {
 	@Autowired
 	WebApplicationContext context;
 	@Autowired
@@ -81,9 +81,9 @@ public class RememberMeSecurityConfigurationXmlTests<T extends ExpiringSession>
 		Cookie cookie = result.getResponse().getCookie("SESSION");
 		assertThat(cookie.getMaxAge()).isEqualTo(Integer.MAX_VALUE);
 		T session = this.sessions
-				.getSession(new String(Base64.getDecoder().decode(cookie.getValue())));
-		assertThat(session.getMaxInactiveIntervalInSeconds())
-				.isEqualTo((int) TimeUnit.DAYS.toSeconds(30));
+				.findById(new String(Base64.getDecoder().decode(cookie.getValue())));
+		assertThat(session.getMaxInactiveInterval())
+				.isEqualTo(Duration.ofDays(30));
 
 	}
 }

docs/src/test/java/docs/security/SecurityConfiguration.java

@@ -21,8 +21,8 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.session.ExpiringSession;
 import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.Session;
 import org.springframework.session.security.SpringSessionBackedSessionRegistry;
 
 /**
@@ -33,7 +33,7 @@ import org.springframework.session.security.SpringSessionBackedSessionRegistry;
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 
 	@Autowired
-	private FindByIndexNameSessionRepository<ExpiringSession> sessionRepository;
+	private FindByIndexNameSessionRepository<Session> sessionRepository;
 
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
@@ -48,8 +48,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 
 	@Bean
 	SpringSessionBackedSessionRegistry sessionRegistry() {
-		return new SpringSessionBackedSessionRegistry<ExpiringSession>(
-				this.sessionRepository);
+		return new SpringSessionBackedSessionRegistry<>(this.sessionRepository);
 	}
 }
 // end::class[]

docs/src/test/java/docs/websocket/WebSocketConfig.java

@@ -32,6 +32,7 @@ import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 @EnableWebSocketMessageBroker
 public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
 
+	@Override
 	public void registerStompEndpoints(StompEndpointRegistry registry) {
 		registry.addEndpoint("/messages").withSockJS();
 	}

docs/src/test/resources/docs/security/RememberMeSecurityConfigurationXmlTests-context.xml

@@ -20,9 +20,13 @@
 
 
 	<security:user-service>
-		<security:user name="user" password="password" authorities="ROLE_USER"/>
+		<security:user name="user" password="{noop}password" authorities="ROLE_USER"/>
 	</security:user-service>
 
 	<bean class="org.springframework.session.config.annotation.web.http.SpringHttpSessionConfiguration"/>
-	<bean id="springSessionRepository" class="org.springframework.session.MapSessionRepository"/>
+	<bean id="springSessionRepository" class="org.springframework.session.MapSessionRepository">
+		<constructor-arg>
+			<bean class="java.util.concurrent.ConcurrentHashMap"/>
+		</constructor-arg>
+	</bean>
 </beans>

gradle.properties

@@ -1,2 +1,2 @@
-springBootVersion=2.0.0.M1
-version=2.0.0.M2
+springBootVersion=2.0.0.M7
+version=2.0.0.RELEASE

gradle/dependency-management.gradle

@@ -1,36 +1,42 @@
 dependencyManagement {
 	imports {
-		mavenBom 'org.springframework:spring-framework-bom:5.0.0.RC2'
-		mavenBom 'org.springframework.data:spring-data-releasetrain:Kay-M4'
-		mavenBom 'org.springframework.security:spring-security-bom:5.0.0.M2'
+		mavenBom 'com.fasterxml.jackson:jackson-bom:2.9.3'
+		mavenBom 'io.projectreactor:reactor-bom:Bismuth-SR4'
+		mavenBom 'org.springframework:spring-framework-bom:5.0.2.RELEASE'
+		mavenBom 'org.springframework.data:spring-data-releasetrain:Kay-SR2'
+		mavenBom 'org.springframework.security:spring-security-bom:5.0.0.RELEASE'
 	}
+
 	dependencies {
-		dependency 'com.fasterxml.jackson.core:jackson-databind:2.9.0.pr3'
-		dependency 'com.h2database:h2:1.4.195'
-		dependency 'com.hazelcast:hazelcast-client:3.8'
-		dependency 'com.hazelcast:hazelcast:3.8'
-		dependency 'com.maxmind.geoip2:geoip2:2.3.1'
-		dependency 'commons-codec:commons-codec:1.10'
+		dependencySet(group: 'com.hazelcast', version: '3.9.1') {
+			entry 'hazelcast'
+			entry 'hazelcast-client'
+		}
+
+		dependencySet(group: 'org.testcontainers', version: '1.5.1') {
+			entry 'mysql'
+			entry 'postgresql'
+			entry 'testcontainers'
+		}
+
+		dependencySet(group: 'org.testcontainers', version: '1.4.3') {
+			entry 'mariadb'
+			entry 'mssqlserver'
+		}
+
+		dependency 'com.h2database:h2:1.4.196'
+		dependency 'com.microsoft.sqlserver:mssql-jdbc:6.2.2.jre8'
 		dependency 'edu.umd.cs.mtc:multithreadedtc:1.01'
-		dependency 'io.lettuce:lettuce-core:5.0.0.M2'
-		dependency 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.2.1'
-		dependency 'javax.servlet.jsp:javax.servlet.jsp-api:2.3.2-b02'
+		dependency 'io.lettuce:lettuce-core:5.0.1.RELEASE'
 		dependency 'javax.servlet:javax.servlet-api:3.1.0'
 		dependency 'junit:junit:4.12'
-		dependency 'org.apache.derby:derby:10.13.1.1'
-		dependency 'org.apache.httpcomponents:httpclient:4.5.3'
-		dependency 'org.apache.taglibs:taglibs-standard-jstlel:1.2.5'
-		dependency 'org.assertj:assertj-core:3.6.2'
+		dependency 'mysql:mysql-connector-java:5.1.45'
+		dependency 'org.apache.derby:derby:10.14.1.0'
+		dependency 'org.assertj:assertj-core:3.9.0'
 		dependency 'org.hsqldb:hsqldb:2.4.0'
-		dependency 'org.mockito:mockito-core:2.7.22'
-		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.26'
-		dependency 'org.webjars:bootstrap:2.3.2'
-		dependency 'org.webjars:html5shiv:3.7.3'
-		dependency 'org.webjars:jquery:1.9.0'
-		dependency 'org.webjars:knockout:2.3.0'
-		dependency 'org.webjars:sockjs-client:0.3.4'
-		dependency 'org.webjars:stomp-websocket:2.3.0'
-		dependency 'org.webjars:webjars-taglib:0.3'
-		dependency 'redis.clients:jedis:2.9.0'
+		dependency 'org.mariadb.jdbc:mariadb-java-client:2.2.1'
+		dependency 'org.mockito:mockito-core:2.13.0'
+		dependency 'org.postgresql:postgresql:42.1.4'
+		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.29.0'
 	}
 }

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,5 @@
-#Wed Jan 11 10:54:44 CST 2017
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-3.5-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.4.1-bin.zip

gradlew

@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
 
 ##############################################################################
 ##
@@ -33,11 +33,11 @@ DEFAULT_JVM_OPTS=""
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD="maximum"
 
-warn ( ) {
+warn () {
     echo "$*"
 }
 
-die ( ) {
+die () {
     echo
     echo "$*"
     echo
@@ -154,16 +154,19 @@ if $cygwin ; then
     esac
 fi
 
-# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
-function splitJvmOpts() {
-    JVM_OPTS=("$@")
+# Escape application args
+save () {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
 }
-eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
-JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
+APP_ARGS=$(save "$@")
+
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
 
 # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
-if [[ "$(uname)" == "Darwin" ]] && [[ "$HOME" == "$PWD" ]]; then
+if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
   cd "$(dirname "$0")"
 fi
 
-exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
+exec "$JAVACMD" "$@"

samples/boot/findbyusername/spring-session-sample-boot-findbyusername.gradle

@@ -5,6 +5,7 @@ dependencies {
 	compile "org.springframework.boot:spring-boot-starter-web"
 	compile "org.springframework.boot:spring-boot-starter-thymeleaf"
 	compile "org.springframework.boot:spring-boot-starter-security"
+	compile "org.springframework.boot:spring-boot-starter-data-redis"
 	compile "org.springframework.boot:spring-boot-devtools"
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
@@ -17,16 +18,5 @@ dependencies {
 	testCompile "org.assertj:assertj-core"
 
 	integrationTestCompile seleniumDependencies
-}
-
-integrationTest {
-	doFirst {
-		systemProperties['spring.session.redis.namespace'] = project.name
-	}
-}
-
-integrationTest {
-	doFirst {
-		systemProperties['spring.session.redis.namespace'] = project.name
-	}
+	integrationTestCompile "org.testcontainers:testcontainers"
 }

samples/boot/findbyusername/src/integration-test/java/sample/FindByUsernameTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,9 +18,11 @@ package sample;
 
 import org.junit.After;
 import org.junit.Before;
+import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
+import org.testcontainers.containers.GenericContainer;
 import sample.pages.HomePage;
 import sample.pages.LoginPage;
 
@@ -28,6 +30,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.util.TestPropertyValues;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
@@ -35,12 +41,20 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
 /**
  * @author Eddú Meléndez
  * @author Rob Winch
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
 @AutoConfigureMockMvc
-@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
+@SpringBootTest(classes = FindByUsernameApplication.class, webEnvironment = WebEnvironment.MOCK)
+@ContextConfiguration(initializers = FindByUsernameTests.Initializer.class)
 public class FindByUsernameTests {
 
+	private static final String DOCKER_IMAGE = "redis:4.0.6";
+
+	@ClassRule
+	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+			.withExposedPorts(6379);
+
 	@Autowired
 	private MockMvc mockMvc;
 
@@ -72,4 +86,18 @@ public class FindByUsernameTests {
 		home.terminateButtonDisabled();
 	}
 
+	static class Initializer
+			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+
+		@Override
+		public void initialize(
+				ConfigurableApplicationContext configurableApplicationContext) {
+			TestPropertyValues
+					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
+							"spring.redis.port=" + redisContainer.getFirstMappedPort())
+					.applyTo(configurableApplicationContext.getEnvironment());
+		}
+
+	}
+
 }

samples/boot/findbyusername/src/main/java/sample/config/SecurityConfig.java

@@ -16,27 +16,45 @@
 
 package sample.config;
 
+import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
+ * Spring Security configuration.
+ *
  * @author Rob Winch
+ * @author Vedran Pavic
  */
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
+	@Bean
+	@Override
+	public UserDetailsService userDetailsService() {
+		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
+				.username("user").password("password").roles("USER").build());
+	}
+
+	// @formatter:off
 	// tag::config[]
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
+			.authorizeRequests()
+				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.anyRequest().authenticated()
+				.and()
 			.formLogin()
 				.loginPage("/login")
-				.permitAll()
-				.and()
-			.authorizeRequests()
-				.anyRequest().authenticated();
+				.permitAll();
 	}
 	// end::config[]
+	// @formatter:on
 
 }

samples/boot/findbyusername/src/main/java/sample/mvc/IndexController.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ import java.util.Collection;
 import java.util.Set;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.session.ExpiringSession;
 import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.Session;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -39,11 +39,11 @@ import org.springframework.web.bind.annotation.RequestMethod;
 public class IndexController {
 	// tag::findbyusername[]
 	@Autowired
-	FindByIndexNameSessionRepository<? extends ExpiringSession> sessions;
+	FindByIndexNameSessionRepository<? extends Session> sessions;
 
 	@RequestMapping("/")
 	public String index(Principal principal, Model model) {
-		Collection<? extends ExpiringSession> usersSessions = this.sessions
+		Collection<? extends Session> usersSessions = this.sessions
 				.findByIndexNameAndIndexValue(
 						FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
 						principal.getName())
@@ -60,7 +60,7 @@ public class IndexController {
 				FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
 				principal.getName()).keySet();
 		if (usersSessionIds.contains(sessionIdToDelete)) {
-			this.sessions.delete(sessionIdToDelete);
+			this.sessions.deleteById(sessionIdToDelete);
 		}
 
 		return "redirect:/";

samples/boot/findbyusername/src/main/java/sample/session/SessionDetailsFilter.java

@@ -57,6 +57,7 @@ public class SessionDetailsFilter extends OncePerRequestFilter {
 	}
 
 	// tag::dofilterinternal[]
+	@Override
 	public void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
 			FilterChain chain) throws IOException, ServletException {
 		chain.doFilter(request, response);

samples/boot/findbyusername/src/main/resources/application.properties

@@ -1,2 +0,0 @@
-spring.session.store-type=redis
-security.user.password=password

samples/boot/findbyusername/src/main/resources/templates/index.html

@@ -21,8 +21,8 @@
 			<tr th:each="sessionElement : ${sessions}" th:with="details=${sessionElement.getAttribute('SESSION_DETAILS')}">
 				<td th:text="${sessionElement.id.substring(30)}"></td>
 				<td th:text="${details?.location}"></td>
-				<td th:text="${#dates.format(new java.util.Date(sessionElement.creationTime),'dd/MMM/yyyy HH:mm:ss')}"></td>
-				<td th:text="${#dates.format(new java.util.Date(sessionElement.lastAccessedTime),'dd/MMM/yyyy HH:mm:ss')}"></td>
+				<td th:text="${#temporals.format(sessionElement.creationTime.atZone(T(java.time.ZoneId).systemDefault()),'dd/MMM/yyyy HH:mm:ss')}"></td>
+				<td th:text="${#temporals.format(sessionElement.lastAccessedTime.atZone(T(java.time.ZoneId).systemDefault()),'dd/MMM/yyyy HH:mm:ss')}"></td>
 				<td th:text="${details?.accessType}"></td>
 				<td>
 					<form th:action="@{'/sessions/' + ${sessionElement.id}}" th:method="delete">

samples/boot/findbyusername/src/test/java/sample/session/SessionDetailsFilterTests.java

@@ -20,12 +20,11 @@ import com.maxmind.geoip2.DatabaseReader;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-
 import sample.config.GeoConfig;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -33,7 +32,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Rob Winch
  *
  */
-@RunWith(SpringJUnit4ClassRunner.class)
+@RunWith(SpringRunner.class)
 @ContextConfiguration(classes = GeoConfig.class)
 public class SessionDetailsFilterTests {
 	@Autowired

samples/boot/jdbc/src/main/java/sample/config/SecurityConfig.java

@@ -16,17 +16,32 @@
 
 package sample.config;
 
+import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
+ * Spring Security configuration.
+ *
  * @author Rob Winch
  * @author Vedran Pavic
  */
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
+	@Bean
+	@Override
+	public UserDetailsService userDetailsService() {
+		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
+				.username("user").password("password").roles("USER").build());
+	}
+
 	// @formatter:off
 	@Override
 	public void configure(WebSecurity web) throws Exception {
@@ -35,4 +50,19 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	}
 	// @formatter:on
 
+	// @formatter:off
+	// tag::config[]
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http
+			.authorizeRequests()
+				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.anyRequest().authenticated()
+				.and()
+			.formLogin()
+				.permitAll();
+	}
+	// end::config[]
+	// @formatter:on
+
 }

samples/boot/jdbc/src/main/resources/application.properties

@@ -1,3 +1 @@
-spring.session.store-type=jdbc
-security.user.password=password
 spring.h2.console.enabled=true

samples/boot/redis-json/spring-session-sample-boot-redis-json.gradle

@@ -1,18 +1,16 @@
 apply plugin: 'io.spring.convention.spring-sample-boot'
 
 dependencies {
-	compile(project(':spring-session-data-redis')) {
-		exclude module: 'jedis'
-	}
+	compile project(':spring-session-data-redis')
 	compile "org.springframework.boot:spring-boot-starter-web"
 	compile "org.springframework.boot:spring-boot-starter-thymeleaf"
 	compile "org.springframework.boot:spring-boot-starter-security"
+	compile "org.springframework.boot:spring-boot-starter-data-redis"
 	compile "org.springframework.boot:spring-boot-devtools"
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:html5shiv"
 	compile "org.webjars:webjars-locator"
-	compile "io.lettuce:lettuce-core"
 	compile "org.apache.httpcomponents:httpclient"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"
@@ -20,4 +18,5 @@ dependencies {
 	testCompile "org.skyscreamer:jsonassert"
 
 	integrationTestCompile seleniumDependencies
+	integrationTestCompile "org.testcontainers:testcontainers"
 }

samples/boot/redis-json/src/integration-test/java/sample/HttpRedisJsonTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,9 +20,11 @@ import java.util.List;
 
 import org.junit.After;
 import org.junit.Before;
+import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
+import org.testcontainers.containers.GenericContainer;
 import sample.pages.HomePage;
 import sample.pages.HomePage.Attribute;
 import sample.pages.LoginPage;
@@ -31,6 +33,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.util.TestPropertyValues;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
@@ -39,12 +45,20 @@ import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Eddú Meléndez
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
+@SpringBootTest(classes = Application.class, webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureMockMvc
+@ContextConfiguration(initializers = HttpRedisJsonTest.Initializer.class)
 public class HttpRedisJsonTest {
 
+	private static final String DOCKER_IMAGE = "redis:4.0.6";
+
+	@ClassRule
+	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+			.withExposedPorts(6379);
+
 	@Autowired
 	private MockMvc mockMvc;
 
@@ -96,4 +110,18 @@ public class HttpRedisJsonTest {
 		assertThat(attributes).extracting("attributeValue").contains("Demo Value");
 	}
 
+	static class Initializer
+			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+
+		@Override
+		public void initialize(
+				ConfigurableApplicationContext configurableApplicationContext) {
+			TestPropertyValues
+					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
+							"spring.redis.port=" + redisContainer.getFirstMappedPort())
+					.applyTo(configurableApplicationContext.getEnvironment());
+		}
+
+	}
+
 }

samples/boot/redis-json/src/integration-test/java/sample/RedisSerializerTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,28 +13,43 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample;
 
+import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.testcontainers.containers.GenericContainer;
 
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.util.TestPropertyValues;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
+import org.springframework.session.data.redis.config.annotation.SpringSessionRedisOperations;
+import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
- * @author jitendra on 8/3/16.
+ * @author jitendra
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest
+@SpringBootTest(classes = Application.class)
+@ContextConfiguration(initializers = RedisSerializerTest.Initializer.class)
 public class RedisSerializerTest {
 
-	@Autowired
-	RedisTemplate<Object, Object> sessionRedisTemplate;
+	private static final String DOCKER_IMAGE = "redis:4.0.6";
+
+	@ClassRule
+	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+			.withExposedPorts(6379);
+
+	@SpringSessionRedisOperations
+	private RedisTemplate<Object, Object> sessionRedisTemplate;
 
 	@Test
 	public void testRedisTemplate() {
@@ -43,4 +58,19 @@ public class RedisSerializerTest {
 		assertThat(this.sessionRedisTemplate.getDefaultSerializer())
 				.isInstanceOf(GenericJackson2JsonRedisSerializer.class);
 	}
+
+	static class Initializer
+			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+
+		@Override
+		public void initialize(
+				ConfigurableApplicationContext configurableApplicationContext) {
+			TestPropertyValues
+					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
+							"spring.redis.port=" + redisContainer.getFirstMappedPort())
+					.applyTo(configurableApplicationContext.getEnvironment());
+		}
+
+	}
+
 }

samples/boot/redis-json/src/main/java/sample/config/SecurityConfig.java

@@ -13,28 +13,45 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package sample.config;
 
+import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
- * @author jitendra on 3/3/16.
+ * Spring Security configuration.
+ *
+ * @author jitendra
+ * @author Vedran Pavic
  */
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
+	@Bean
+	@Override
+	public UserDetailsService userDetailsService() {
+		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
+				.username("user").password("password").roles("USER").build());
+	}
+
 	// @formatter:off
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
+			.authorizeRequests()
+				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.anyRequest().authenticated()
+				.and()
 			.formLogin()
 				.loginPage("/login")
-				.permitAll()
-				.and()
-			.authorizeRequests()
-				.anyRequest().authenticated();
+				.permitAll();
 	}
 	// @formatter:on
 

samples/boot/redis-json/src/main/java/sample/config/SessionConfig.java

@@ -56,6 +56,7 @@ public class SessionConfig implements BeanClassLoaderAware {
 	 * org.springframework.beans.factory.BeanClassLoaderAware#setBeanClassLoader(java.lang
 	 * .ClassLoader)
 	 */
+	@Override
 	public void setBeanClassLoader(ClassLoader classLoader) {
 		this.loader = classLoader;
 	}

samples/boot/redis-json/src/main/resources/application.properties

@@ -1,2 +0,0 @@
-spring.session.store-type=redis
-security.user.password=password

samples/boot/redis/spring-session-sample-boot-redis.gradle

@@ -5,6 +5,7 @@ dependencies {
 	compile "org.springframework.boot:spring-boot-starter-web"
 	compile "org.springframework.boot:spring-boot-starter-thymeleaf"
 	compile "org.springframework.boot:spring-boot-starter-security"
+	compile "org.springframework.boot:spring-boot-starter-data-redis"
 	compile "org.springframework.boot:spring-boot-devtools"
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
@@ -14,4 +15,5 @@ dependencies {
 	testCompile "org.springframework.boot:spring-boot-starter-test"
 
 	integrationTestCompile seleniumDependencies
+	integrationTestCompile "org.testcontainers:testcontainers"
 }

samples/boot/redis/src/integration-test/java/sample/BootTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,9 +18,11 @@ package sample;
 
 import org.junit.After;
 import org.junit.Before;
+import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
+import org.testcontainers.containers.GenericContainer;
 import sample.pages.HomePage;
 import sample.pages.LoginPage;
 
@@ -28,18 +30,30 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.util.TestPropertyValues;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
 
 /**
  * @author Eddú Meléndez
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
 @AutoConfigureMockMvc
-@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
+@SpringBootTest(classes = Application.class, webEnvironment = WebEnvironment.MOCK)
+@ContextConfiguration(initializers = BootTests.Initializer.class)
 public class BootTests {
 
+	private static final String DOCKER_IMAGE = "redis:4.0.6";
+
+	@ClassRule
+	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+			.withExposedPorts(6379);
+
 	@Autowired
 	private MockMvc mockMvc;
 
@@ -78,4 +92,18 @@ public class BootTests {
 		login.assertAt();
 	}
 
+	static class Initializer
+			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+
+		@Override
+		public void initialize(
+				ConfigurableApplicationContext configurableApplicationContext) {
+			TestPropertyValues
+					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
+							"spring.redis.port=" + redisContainer.getFirstMappedPort())
+					.applyTo(configurableApplicationContext.getEnvironment());
+		}
+
+	}
+
 }

samples/boot/redis/src/main/java/sample/config/SecurityConfig.java

@@ -16,12 +16,44 @@
 
 package sample.config;
 
+import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
+ * Spring Security configuration.
+ *
  * @author Rob Winch
+ * @author Vedran Pavic
  */
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+	@Bean
+	@Override
+	public UserDetailsService userDetailsService() {
+		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
+				.username("user").password("password").roles("USER").build());
+	}
+
+	// @formatter:off
+	// tag::config[]
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http
+			.authorizeRequests()
+				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.anyRequest().authenticated()
+				.and()
+			.formLogin()
+				.permitAll();
+	}
+	// end::config[]
+	// @formatter:on
+
 }

samples/boot/redis/src/main/resources/application.properties

@@ -1,2 +0,0 @@
-spring.session.store-type=redis
-security.user.password=password

samples/boot/webflux/spring-session-sample-boot-webflux.gradle

@@ -0,0 +1,15 @@
+apply plugin: 'io.spring.convention.spring-sample-boot'
+
+dependencies {
+	compile project(':spring-session-data-redis')
+	compile "org.springframework.boot:spring-boot-starter-webflux"
+	compile "org.springframework.boot:spring-boot-starter-thymeleaf"
+	compile "org.springframework.boot:spring-boot-starter-data-redis"
+	compile "org.springframework.boot:spring-boot-devtools"
+	compile 'org.webjars:bootstrap'
+
+	testCompile "org.springframework.boot:spring-boot-starter-test"
+
+	integrationTestCompile seleniumDependencies
+	integrationTestCompile "org.testcontainers:testcontainers"
+}

samples/boot/webflux/src/integration-test/java/sample/AttributeTests.java

@@ -0,0 +1,116 @@
+/*
+ * Copyright 2014-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import java.util.List;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.htmlunit.HtmlUnitDriver;
+import org.testcontainers.containers.GenericContainer;
+import sample.pages.HomePage;
+import sample.pages.HomePage.Attribute;
+
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.util.TestPropertyValues;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Eddú Meléndez
+ * @author Rob Winch
+ */
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = HelloWebFluxApplication.class, webEnvironment = WebEnvironment.RANDOM_PORT)
+@ContextConfiguration(initializers = AttributeTests.Initializer.class)
+public class AttributeTests {
+
+	private static final String DOCKER_IMAGE = "redis:4.0.6";
+
+	@ClassRule
+	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+			.withExposedPorts(6379);
+
+	@LocalServerPort
+	private int port;
+
+	private WebDriver driver;
+
+	@Before
+	public void setup() {
+		this.driver = new HtmlUnitDriver();
+	}
+
+	@After
+	public void tearDown() {
+		this.driver.quit();
+	}
+
+	@Test
+	public void home() {
+		HomePage home = HomePage.go(this.driver, this.port);
+		home.assertAt();
+	}
+
+	@Test
+	public void noAttributes() {
+		HomePage home = HomePage.go(this.driver, this.port);
+		assertThat(home.attributes()).isEmpty();
+	}
+
+	@Test
+	public void createAttribute() {
+		HomePage home = HomePage.go(this.driver, this.port);
+		// @formatter:off
+		home = home.form()
+				.attributeName("a")
+				.attributeValue("b")
+				.submit(HomePage.class);
+		// @formatter:on
+
+		List<Attribute> attributes = home.attributes();
+		assertThat(attributes).hasSize(1);
+		Attribute row = attributes.get(0);
+		assertThat(row.getAttributeName()).isEqualTo("a");
+		assertThat(row.getAttributeValue()).isEqualTo("b");
+	}
+
+	static class Initializer
+			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+
+		@Override
+		public void initialize(
+				ConfigurableApplicationContext configurableApplicationContext) {
+			TestPropertyValues
+					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
+							"spring.redis.port=" + redisContainer.getFirstMappedPort())
+					.applyTo(configurableApplicationContext.getEnvironment());
+		}
+
+	}
+
+}

samples/boot/webflux/src/integration-test/java/sample/pages/HomePage.java

@@ -0,0 +1,135 @@
+/*
+ * Copyright 2014-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample.pages;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.openqa.selenium.SearchContext;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.PageFactory;
+import org.openqa.selenium.support.pagefactory.DefaultElementLocatorFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Eddú Meléndez
+ * @author Rob Winch
+ */
+public class HomePage {
+
+	private WebDriver driver;
+
+	@FindBy(css = "form")
+	WebElement form;
+
+	@FindBy(css = "table tbody tr")
+	List<WebElement> trs;
+
+	List<Attribute> attributes;
+
+	public HomePage(WebDriver driver) {
+		this.driver = driver;
+		this.attributes = new ArrayList<>();
+	}
+
+	private static void get(WebDriver driver, int port, String get) {
+		String baseUrl = "http://localhost:" + port;
+		driver.get(baseUrl + get);
+	}
+
+	public static HomePage go(WebDriver driver, int port) {
+		get(driver, port, "/");
+		return PageFactory.initElements(driver, HomePage.class);
+	}
+
+	public void assertAt() {
+		assertThat(this.driver.getTitle()).isEqualTo("Session Attributes");
+	}
+
+	public List<Attribute> attributes() {
+		List<Attribute> rows = new ArrayList<>();
+		for (WebElement tr : this.trs) {
+			rows.add(new Attribute(tr));
+		}
+		this.attributes.addAll(rows);
+		return this.attributes;
+	}
+
+	public Form form() {
+		return new Form(this.form);
+	}
+
+	public class Form {
+		@FindBy(name = "attributeName")
+		WebElement attributeName;
+
+		@FindBy(name = "attributeValue")
+		WebElement attributeValue;
+
+		@FindBy(css = "input[type=\"submit\"]")
+		WebElement submit;
+
+		public Form(SearchContext context) {
+			PageFactory.initElements(new DefaultElementLocatorFactory(context), this);
+		}
+
+		public Form attributeName(String text) {
+			this.attributeName.sendKeys(text);
+			return this;
+		}
+
+		public Form attributeValue(String text) {
+			this.attributeValue.sendKeys(text);
+			return this;
+		}
+
+		public <T> T submit(Class<T> page) {
+			this.submit.click();
+			return PageFactory.initElements(HomePage.this.driver, page);
+		}
+	}
+
+	public static class Attribute {
+		@FindBy(xpath = ".//td[1]")
+		WebElement attributeName;
+
+		@FindBy(xpath = ".//td[2]")
+		WebElement attributeValue;
+
+		public Attribute(SearchContext context) {
+			PageFactory.initElements(new DefaultElementLocatorFactory(context), this);
+		}
+
+		/**
+		 * @return the attributeName
+		 */
+		public String getAttributeName() {
+			return this.attributeName.getText();
+		}
+
+		/**
+		 * @return the attributeValue
+		 */
+		public String getAttributeValue() {
+			return this.attributeValue.getText();
+		}
+	}
+
+}

samples/boot/webflux/src/main/java/sample/HelloWebFluxApplication.java

@@ -14,22 +14,19 @@
  * limitations under the License.
  */
 
-package sample.pages;
+package sample;
 
-import org.openqa.selenium.WebDriver;
-
-import static org.assertj.core.api.Assertions.assertThat;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
 
 /**
- * @author Pool Dolorier
+ * @author Rob Winch
  */
-public class LinkPage  extends BasePage {
+@SpringBootApplication
+public class HelloWebFluxApplication {
 
-	public LinkPage(WebDriver driver) {
-		super(driver);
+	public static void main(String[] args) {
+		SpringApplication.run(HelloWebFluxApplication.class, args);
 	}
 
-	public void assertAt() {
-		assertThat(getDriver().getTitle()).isEqualTo("Linked Page");
-	}
 }

samples/boot/webflux/src/main/java/sample/SessionAttributeForm.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,21 +16,28 @@
 
 package sample;
 
-import javax.servlet.ServletContext;
-
-import org.springframework.session.web.context.AbstractHttpSessionApplicationInitializer;
-
 /**
  * @author Rob Winch
+ * @since 5.0
  */
-public class Initializer extends AbstractHttpSessionApplicationInitializer {
+public class SessionAttributeForm {
+	private String attributeName;
 
-	public Initializer() {
-		super(Config.class);
+	private String attributeValue;
+
+	public String getAttributeName() {
+		return this.attributeName;
 	}
 
-	@Override
-	protected void afterSessionRepositoryFilter(ServletContext servletContext) {
-		appendFilters(servletContext, new UserAccountsFilter());
+	public void setAttributeName(String attributeName) {
+		this.attributeName = attributeName;
+	}
+
+	public String getAttributeValue() {
+		return this.attributeValue;
+	}
+
+	public void setAttributeValue(String attributeValue) {
+		this.attributeValue = attributeValue;
 	}
 }

samples/boot/webflux/src/main/java/sample/SessionController.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.server.WebSession;
+
+// tag::class[]
+@Controller
+public class SessionController {
+
+	@PostMapping("/session")
+	public String setAttribute(@ModelAttribute SessionAttributeForm sessionAttributeForm, WebSession session) {
+		session.getAttributes().put(sessionAttributeForm.getAttributeName(), sessionAttributeForm.getAttributeValue());
+		return "redirect:/";
+	}
+
+	@GetMapping("/")
+	public String index(Model model, WebSession webSession) {
+		model.addAttribute("webSession", webSession);
+		return "index";
+	}
+
+	private static final long serialVersionUID = 2878267318695777395L;
+}
+// tag::end[]

samples/boot/webflux/src/main/resources/templates/index.html

@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+
+<html>
+
+<head>
+    <title>Session Attributes</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+<div class="container">
+    <h1>Description</h1>
+    <p>This application demonstrates how to use a Redis instance to back your session. Notice that there is no JSESSIONID cookie. We are also able to customize the way of identifying what the requested session id is.</p>
+
+    <h1>Try it</h1>
+
+    <form class="form-inline" role="form" action="./session" method="post">
+        <label for="attributeName">Attribute Name</label>
+        <input id="attributeName" type="text" name="attributeName"/>
+        <label for="attributeValue">Attribute Value</label>
+        <input id="attributeValue" type="text" name="attributeValue"/>
+        <input type="submit" value="Set Attribute"/>
+    </form>
+
+    <hr/>
+
+    <table class="table table-striped">
+        <thead>
+        <tr>
+            <th>Attribute Name</th>
+            <th>Attribute Value</th>
+        </tr>
+        </thead>
+        <tbody>
+        <tr th:each="attr : ${webSession.attributes}">
+            <td th:text="${attr.key}"/></td>
+            <td th:text="${attr.value}"/></td>
+        </tr>
+        </tbody>
+    </table>
+</div>
+</body>
+</html>

samples/boot/websocket/spring-session-sample-boot-websocket.gradle

@@ -1,13 +1,12 @@
 apply plugin: 'io.spring.convention.spring-sample-boot'
 
 dependencies {
-	compile(project(':spring-session-data-redis')) {
-		exclude module: 'jedis'
-	}
+	compile project(':spring-session-data-redis')
 	compile "org.springframework.boot:spring-boot-starter-web"
 	compile "org.springframework.boot:spring-boot-starter-thymeleaf"
 	compile "org.springframework.boot:spring-boot-starter-security"
 	compile "org.springframework.boot:spring-boot-starter-data-jpa"
+	compile "org.springframework.boot:spring-boot-starter-data-redis"
 	compile "org.springframework.boot:spring-boot-starter-websocket"
 	compile "org.springframework.boot:spring-boot-devtools"
 	compile "org.springframework:spring-websocket"
@@ -20,9 +19,9 @@ dependencies {
 	compile "org.webjars:sockjs-client"
 	compile "org.webjars:stomp-websocket"
 	compile "org.webjars:webjars-locator"
-	compile "io.lettuce:lettuce-core"
 	compile "com.h2database:h2"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"
 	testCompile "org.springframework.security:spring-security-test"
+	testCompile "org.testcontainers:testcontainers"
 }

samples/boot/websocket/src/main/java/sample/config/WebSecurityConfig.java

@@ -17,25 +17,29 @@
 package sample.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 @Configuration
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
-	// @formatter:off
+	@Bean
 	@Override
-	public void configure(WebSecurity web) throws Exception {
-		web
-			.ignoring().antMatchers("/h2-console/**");
+	public UserDetailsService userDetailsService() {
+		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
+				.username("user").password("password").roles("USER").build());
 	}
-	// @formatter:on
 
 	// @formatter:off
 	@Autowired
@@ -47,4 +51,25 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 	}
 	// @formatter:on
 
+	// @formatter:off
+	@Override
+	public void configure(WebSecurity web) throws Exception {
+		web
+			.ignoring().antMatchers("/h2-console/**");
+	}
+	// @formatter:on
+
+	// @formatter:off
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http
+			.authorizeRequests()
+				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.anyRequest().authenticated()
+				.and()
+			.formLogin()
+				.permitAll();
+	}
+	// @formatter:on
+
 }

samples/boot/websocket/src/main/java/sample/config/WebSocketConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,7 +19,7 @@ package sample.config;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.messaging.simp.config.MessageBrokerRegistry;
 import org.springframework.scheduling.annotation.EnableScheduling;
-import org.springframework.session.ExpiringSession;
+import org.springframework.session.Session;
 import org.springframework.session.web.socket.config.annotation.AbstractSessionWebSocketMessageBrokerConfigurer;
 import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
@@ -29,12 +29,14 @@ import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 @EnableScheduling
 @EnableWebSocketMessageBroker
 public class WebSocketConfig
-		extends AbstractSessionWebSocketMessageBrokerConfigurer<ExpiringSession> { // <1>
+		extends AbstractSessionWebSocketMessageBrokerConfigurer<Session> { // <1>
 
+	@Override
 	protected void configureStompEndpoints(StompEndpointRegistry registry) { // <2>
 		registry.addEndpoint("/messages").withSockJS();
 	}
 
+	@Override
 	public void configureMessageBroker(MessageBrokerRegistry registry) {
 		registry.enableSimpleBroker("/queue/", "/topic/");
 		registry.setApplicationDestinationPrefixes("/app");

samples/boot/websocket/src/main/java/sample/config/WebSocketHandlersConfig.java

@@ -23,7 +23,7 @@ import sample.websocket.WebSocketDisconnectHandler;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.messaging.simp.SimpMessageSendingOperations;
-import org.springframework.session.ExpiringSession;
+import org.springframework.session.Session;
 
 /**
  * These handlers are separated from WebSocketConfig because they are specific to this
@@ -32,7 +32,7 @@ import org.springframework.session.ExpiringSession;
  * @author Rob Winch
  */
 @Configuration
-public class WebSocketHandlersConfig<S extends ExpiringSession> {
+public class WebSocketHandlersConfig<S extends Session> {
 
 	@Bean
 	public WebSocketConnectHandler<S> webSocketConnectHandler(

samples/boot/websocket/src/main/java/sample/data/User.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,9 +23,8 @@ import javax.persistence.Entity;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
-
-import org.hibernate.validator.constraints.Email;
-import org.hibernate.validator.constraints.NotEmpty;
+import javax.validation.constraints.Email;
+import javax.validation.constraints.NotEmpty;
 
 import org.springframework.security.crypto.password.PasswordEncoder;
 

samples/boot/websocket/src/main/java/sample/security/UserRepositoryUserDetailsService.java

@@ -49,6 +49,7 @@ public class UserRepositoryUserDetailsService implements UserDetailsService {
 	 * org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername
 	 * (java.lang.String)
 	 */
+	@Override
 	public UserDetails loadUserByUsername(String username)
 			throws UsernameNotFoundException {
 		User user = this.userRepository.findByEmail(username);
@@ -64,26 +65,32 @@ public class UserRepositoryUserDetailsService implements UserDetailsService {
 			super(user);
 		}
 
+		@Override
 		public Collection<? extends GrantedAuthority> getAuthorities() {
 			return AuthorityUtils.createAuthorityList("ROLE_USER");
 		}
 
+		@Override
 		public String getUsername() {
 			return getEmail();
 		}
 
+		@Override
 		public boolean isAccountNonExpired() {
 			return true;
 		}
 
+		@Override
 		public boolean isAccountNonLocked() {
 			return true;
 		}
 
+		@Override
 		public boolean isCredentialsNonExpired() {
 			return true;
 		}
 
+		@Override
 		public boolean isEnabled() {
 			return true;
 		}

samples/boot/websocket/src/main/java/sample/websocket/WebSocketConnectHandler.java

@@ -41,6 +41,7 @@ public class WebSocketConnectHandler<S>
 		this.repository = repository;
 	}
 
+	@Override
 	public void onApplicationEvent(SessionConnectEvent event) {
 		MessageHeaders headers = event.getMessage().getHeaders();
 		Principal user = SimpMessageHeaderAccessor.getUser(headers);

samples/boot/websocket/src/main/java/sample/websocket/WebSocketDisconnectHandler.java

@@ -36,6 +36,7 @@ public class WebSocketDisconnectHandler<S>
 		this.repository = repository;
 	}
 
+	@Override
 	public void onApplicationEvent(SessionDisconnectEvent event) {
 		String id = event.getSessionId();
 		if (id == null) {

samples/boot/websocket/src/main/resources/application.properties

@@ -1,3 +1,2 @@
-spring.session.store-type=redis
 #server.session.timeout=60
 spring.h2.console.enabled=true

samples/boot/websocket/src/test/java/sample/ApplicationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,14 +20,21 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.ExecutionException;
 
+import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
+import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.util.TestPropertyValues;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.util.concurrent.ListenableFuture;
 import org.springframework.web.socket.TextMessage;
@@ -41,18 +48,27 @@ import org.springframework.web.socket.sockjs.client.WebSocketTransport;
 
 /**
  * @author Rob Winch
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(classes = Application.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@SpringBootTest(classes = Application.class, webEnvironment = WebEnvironment.RANDOM_PORT)
+@ContextConfiguration(initializers = ApplicationTests.Initializer.class)
 public class ApplicationTests {
+
+	private static final String DOCKER_IMAGE = "redis:4.0.6";
+
+	@ClassRule
+	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+			.withExposedPorts(6379);
+
 	@Rule
 	public final ExpectedException thrown = ExpectedException.none();
 
 	@Value("${local.server.port}")
-	String port;
+	private String port;
 
 	@Autowired
-	WebSocketHandler webSocketHandler;
+	private WebSocketHandler webSocketHandler;
 
 	@Test
 	public void run() throws Exception {
@@ -67,4 +83,19 @@ public class ApplicationTests {
 		this.thrown.expect(ExecutionException.class);
 		wsSession.get().sendMessage(new TextMessage("a"));
 	}
+
+	static class Initializer
+			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+
+		@Override
+		public void initialize(
+				ConfigurableApplicationContext configurableApplicationContext) {
+			TestPropertyValues
+					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
+							"spring.redis.port=" + redisContainer.getFirstMappedPort())
+					.applyTo(configurableApplicationContext.getEnvironment());
+		}
+
+	}
+
 }

samples/gradle/dependency-management.gradle

@@ -0,0 +1,18 @@
+dependencyManagement {
+	dependencies {
+		dependency 'ch.qos.logback:logback-classic:1.2.3'
+		dependency 'com.maxmind.geoip2:geoip2:2.3.1'
+		dependency 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.2.1'
+		dependency 'javax.servlet.jsp:javax.servlet.jsp-api:2.3.2-b02'
+		dependency 'org.apache.taglibs:taglibs-standard-jstlel:1.2.5'
+		dependency 'org.slf4j:jcl-over-slf4j:1.7.25'
+		dependency 'org.slf4j:log4j-over-slf4j:1.7.25'
+		dependency 'org.webjars:bootstrap:2.3.2'
+		dependency 'org.webjars:html5shiv:3.7.3'
+		dependency 'org.webjars:jquery:1.12.4'
+		dependency 'org.webjars:knockout:2.3.0'
+		dependency 'org.webjars:sockjs-client:0.3.4'
+		dependency 'org.webjars:stomp-websocket:2.3.0'
+		dependency 'org.webjars:webjars-taglib:0.3'
+	}
+}

samples/javaconfig/custom-cookie/spring-session-sample-javaconfig-custom-cookie.gradle

@@ -1,15 +1,14 @@
 apply plugin: 'io.spring.convention.spring-sample-war'
 
 dependencies {
-	compile(project(':spring-session-data-redis')) {
-		exclude module: 'jedis'
-	}
+	compile project(':spring-session-data-redis')
 	compile "org.springframework:spring-web"
 	compile "io.lettuce:lettuce-core"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:webjars-taglib"
 	compile jstlDependencies
 	compile slf4jDependencies
+	compile "org.testcontainers:testcontainers"
 
 	providedCompile "javax.servlet:javax.servlet-api"
 
@@ -18,3 +17,7 @@ dependencies {
 
 	integrationTestCompile seleniumDependencies
 }
+
+gretty {
+	jvmArgs = ['-Dspring.profiles.active=embedded-redis']
+}

samples/javaconfig/custom-cookie/src/main/java/sample/Config.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,11 +17,13 @@
 package sample;
 
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Import;
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
 import org.springframework.session.web.http.CookieSerializer;
 import org.springframework.session.web.http.DefaultCookieSerializer;
 
+@Import(EmbeddedRedisConfig.class)
 @EnableRedisHttpSession
 public class Config {
 

samples/javaconfig/custom-cookie/src/main/java/sample/EmbeddedRedisConfig.java

@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import java.io.IOException;
+
+import org.testcontainers.containers.GenericContainer;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
+import org.springframework.context.annotation.Profile;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+
+@Configuration
+@Profile("embedded-redis")
+public class EmbeddedRedisConfig {
+
+	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.6";
+
+	@Bean(initMethod = "start")
+	public GenericContainer redisContainer() {
+		return new GenericContainer(REDIS_DOCKER_IMAGE) {
+
+			@Override
+			public void close() {
+				super.close();
+				try {
+					this.dockerClient.close();
+				}
+				catch (IOException ignored) {
+				}
+			}
+
+		}.withExposedPorts(6379);
+	}
+
+	@Bean
+	@Primary
+	public LettuceConnectionFactory redisConnectionFactory() {
+		return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+				redisContainer().getFirstMappedPort());
+	}
+
+}

samples/javaconfig/hazelcast/spring-session-sample-javaconfig-hazelcast.gradle

@@ -1,7 +1,7 @@
 apply plugin: 'io.spring.convention.spring-sample-war'
 
 dependencies {
-	compile project(':spring-session')
+	compile project(':spring-session-hazelcast')
 	compile "org.springframework:spring-web"
 	compile "org.springframework.security:spring-security-config"
 	compile "org.springframework.security:spring-security-web"

samples/javaconfig/hazelcast/src/main/java/sample/ObjectStreamSerializer.java

@@ -36,10 +36,12 @@ import com.hazelcast.nio.serialization.StreamSerializer;
  *
  */
 public class ObjectStreamSerializer implements StreamSerializer<Object> {
+	@Override
 	public int getTypeId() {
 		return 2;
 	}
 
+	@Override
 	public void write(ObjectDataOutput objectDataOutput, Object object)
 			throws IOException {
 		ObjectOutputStream out = new ObjectOutputStream((OutputStream) objectDataOutput);
@@ -47,6 +49,7 @@ public class ObjectStreamSerializer implements StreamSerializer<Object> {
 		out.flush();
 	}
 
+	@Override
 	public Object read(ObjectDataInput objectDataInput) throws IOException {
 		ObjectInputStream in = new ObjectInputStream((InputStream) objectDataInput);
 		try {
@@ -57,6 +60,7 @@ public class ObjectStreamSerializer implements StreamSerializer<Object> {
 		}
 	}
 
+	@Override
 	public void destroy() {
 	}
 

samples/javaconfig/hazelcast/src/main/java/sample/SecurityConfig.java

@@ -16,18 +16,19 @@
 
 package sample;
 
-/**
- * @author Rob Winch
- */
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
 
+/**
+ * @author Rob Winch
+ */
 @EnableWebSecurity
 public class SecurityConfig {
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-		auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
+		auth.inMemoryAuthentication().withUser(User.withDefaultPasswordEncoder()
+				.username("user").password("password").roles("USER").build());
 	}
 }

samples/javaconfig/hazelcast/src/main/java/sample/SessionConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -57,7 +57,7 @@ public class SessionConfig {
 				.setName(HazelcastSessionRepository.PRINCIPAL_NAME_ATTRIBUTE)
 				.setExtractor(PrincipalNameExtractor.class.getName());
 
-		config.getMapConfig("spring:session:sessions")
+		config.getMapConfig(HazelcastSessionRepository.DEFAULT_SESSION_MAP_NAME)
 				.addMapAttributeConfig(attributeConfig)
 				.addMapIndexConfig(new MapIndexConfig(
 						HazelcastSessionRepository.PRINCIPAL_NAME_ATTRIBUTE, false));

samples/javaconfig/jdbc/src/main/java/sample/H2ConsoleInitializer.java

@@ -24,6 +24,7 @@ import org.springframework.web.WebApplicationInitializer;
 
 public class H2ConsoleInitializer implements WebApplicationInitializer {
 
+	@Override
 	public void onStartup(ServletContext servletContext) throws ServletException {
 		servletContext.addServlet("h2Console", new WebServlet()).addMapping("/h2-console/*");
 	}

samples/javaconfig/redis/spring-session-sample-javaconfig-redis.gradle

@@ -1,15 +1,14 @@
 apply plugin: 'io.spring.convention.spring-sample-war'
 
 dependencies {
-	compile(project(':spring-session-data-redis')) {
-		exclude module: 'jedis'
-	}
+	compile project(':spring-session-data-redis')
 	compile "org.springframework:spring-web"
 	compile "io.lettuce:lettuce-core"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:webjars-taglib"
 	compile jstlDependencies
 	compile slf4jDependencies
+	compile "org.testcontainers:testcontainers"
 
 	providedCompile "javax.servlet:javax.servlet-api"
 
@@ -18,3 +17,7 @@ dependencies {
 
 	integrationTestCompile seleniumDependencies
 }
+
+gretty {
+	jvmArgs = ['-Dspring.profiles.active=embedded-redis']
+}

samples/javaconfig/redis/src/main/java/sample/Config.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,9 +17,11 @@
 package sample;
 
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Import;
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
 
+@Import(EmbeddedRedisConfig.class)
 // tag::class[]
 @EnableRedisHttpSession // <1>
 public class Config {

samples/javaconfig/redis/src/main/java/sample/EmbeddedRedisConfig.java

@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import java.io.IOException;
+
+import org.testcontainers.containers.GenericContainer;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
+import org.springframework.context.annotation.Profile;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+
+@Configuration
+@Profile("embedded-redis")
+public class EmbeddedRedisConfig {
+
+	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.6";
+
+	@Bean(initMethod = "start")
+	public GenericContainer redisContainer() {
+		return new GenericContainer(REDIS_DOCKER_IMAGE) {
+
+			@Override
+			public void close() {
+				super.close();
+				try {
+					this.dockerClient.close();
+				}
+				catch (IOException ignored) {
+				}
+			}
+
+		}.withExposedPorts(6379);
+	}
+
+	@Bean
+	@Primary
+	public LettuceConnectionFactory redisConnectionFactory() {
+		return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+				redisContainer().getFirstMappedPort());
+	}
+
+}

samples/javaconfig/rest/spring-session-sample-javaconfig-rest.gradle

@@ -1,9 +1,7 @@
 apply plugin: 'io.spring.convention.spring-sample-war'
 
 dependencies {
-	compile(project(':spring-session-data-redis')) {
-		exclude module: 'jedis'
-	}
+	compile project(':spring-session-data-redis')
 	compile "io.lettuce:lettuce-core"
 	compile "org.springframework:spring-webmvc"
 	compile "org.springframework.security:spring-security-config"
@@ -11,6 +9,7 @@ dependencies {
 	compile "com.fasterxml.jackson.core:jackson-databind"
 	compile jstlDependencies
 	compile slf4jDependencies
+	compile "org.testcontainers:testcontainers"
 
 	providedCompile "javax.servlet:javax.servlet-api"
 
@@ -19,4 +18,10 @@ dependencies {
 	testCompile "org.assertj:assertj-core"
 	testCompile "org.springframework:spring-test"
 	testCompile "commons-codec:commons-codec"
-}
+
+	integrationTestCompile "org.testcontainers:testcontainers"
+}
+
+gretty {
+	jvmArgs = ['-Dspring.profiles.active=embedded-redis']
+}

samples/javaconfig/rest/src/integration-test/java/rest/RestMockMvcTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,19 +17,25 @@
 package rest;
 
 import org.junit.Before;
+import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-
-import sample.HttpSessionConfig;
+import org.testcontainers.containers.GenericContainer;
 import sample.SecurityConfig;
 import sample.mvc.MvcConfig;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.security.test.context.support.WithMockUser;
-import org.springframework.session.ExpiringSession;
+import org.springframework.session.Session;
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.session.web.http.HeaderHttpSessionIdResolver;
+import org.springframework.session.web.http.HttpSessionIdResolver;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@@ -43,19 +49,25 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration(classes = { HttpSessionConfig.class, SecurityConfig.class,
+@RunWith(SpringRunner.class)
+@ContextConfiguration(classes = { RestMockMvcTests.Config.class, SecurityConfig.class,
 		MvcConfig.class })
 @WebAppConfiguration
 public class RestMockMvcTests {
 
-	@Autowired
-	SessionRepositoryFilter<? extends ExpiringSession> sessionRepositoryFilter;
+	private static final String DOCKER_IMAGE = "redis:4.0.6";
+
+	@ClassRule
+	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+			.withExposedPorts(6379);
 
 	@Autowired
-	WebApplicationContext context;
+	private SessionRepositoryFilter<? extends Session> sessionRepositoryFilter;
 
-	MockMvc mvc;
+	@Autowired
+	private WebApplicationContext context;
+
+	private MockMvc mvc;
 
 	@Before
 	public void setup() {
@@ -81,4 +93,21 @@ public class RestMockMvcTests {
 				.andExpect(content().string("{\"username\":\"user\"}"));
 	}
 
+	@Configuration
+	@EnableRedisHttpSession
+	static class Config {
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer.getContainerIpAddress(),
+					redisContainer.getFirstMappedPort());
+		}
+
+		@Bean
+		public HttpSessionIdResolver httpSessionIdResolver() {
+			return HeaderHttpSessionIdResolver.xAuthToken();
+		}
+
+	}
+
 }

samples/javaconfig/rest/src/main/java/sample/EmbeddedRedisConfig.java

@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package sample;
+
+import java.io.IOException;
+
+import org.testcontainers.containers.GenericContainer;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
+import org.springframework.context.annotation.Profile;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+
+@Configuration
+@Profile("embedded-redis")
+public class EmbeddedRedisConfig {
+
+	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.6";
+
+	@Bean(initMethod = "start")
+	public GenericContainer redisContainer() {
+		return new GenericContainer(REDIS_DOCKER_IMAGE) {
+
+			@Override
+			public void close() {
+				super.close();
+				try {
+					this.dockerClient.close();
+				}
+				catch (IOException ignored) {
+				}
+			}
+
+		}.withExposedPorts(6379);
+	}
+
+	@Bean
+	@Primary
+	public LettuceConnectionFactory redisConnectionFactory() {
+		return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+				redisContainer().getFirstMappedPort());
+	}
+
+}

samples/javaconfig/rest/src/main/java/sample/HttpSessionConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,11 +18,13 @@ package sample;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
-import org.springframework.session.web.http.HeaderHttpSessionStrategy;
-import org.springframework.session.web.http.HttpSessionStrategy;
+import org.springframework.session.web.http.HeaderHttpSessionIdResolver;
+import org.springframework.session.web.http.HttpSessionIdResolver;
 
+@Import(EmbeddedRedisConfig.class)
 // tag::class[]
 @Configuration
 @EnableRedisHttpSession // <1>
@@ -34,8 +36,8 @@ public class HttpSessionConfig {
 	}
 
 	@Bean
-	public HttpSessionStrategy httpSessionStrategy() {
-		return new HeaderHttpSessionStrategy(); // <3>
+	public HttpSessionIdResolver httpSessionIdResolver() {
+		return HeaderHttpSessionIdResolver.xAuthToken(); // <3>
 	}
 }
 // end::class[]

samples/javaconfig/rest/src/main/java/sample/SecurityConfig.java

@@ -21,6 +21,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.security.web.savedrequest.NullRequestCache;
 
 @EnableWebSecurity
@@ -40,12 +41,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	}
 	// @formatter:on
 
-	// @formatter:off
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-		auth
-			.inMemoryAuthentication()
-				.withUser("user").password("password").roles("USER");
+		auth.inMemoryAuthentication().withUser(User.withDefaultPasswordEncoder()
+				.username("user").password("password").roles("USER").build());
 	}
-	// @formatter:on
 }

samples/javaconfig/security/spring-session-sample-javaconfig-security.gradle

@@ -1,9 +1,7 @@
 apply plugin: 'io.spring.convention.spring-sample-war'
 
 dependencies {
-	compile(project(':spring-session-data-redis')) {
-		exclude module: 'jedis'
-	}
+	compile project(':spring-session-data-redis')
 	compile "org.springframework:spring-web"
 	compile "org.springframework.security:spring-security-config"
 	compile "org.springframework.security:spring-security-web"
@@ -12,6 +10,7 @@ dependencies {
 	compile "org.webjars:webjars-taglib"
 	compile jstlDependencies
 	compile slf4jDependencies
+	compile "org.testcontainers:testcontainers"
 
 	providedCompile "javax.servlet:javax.servlet-api"
 	providedCompile "javax.servlet.jsp:javax.servlet.jsp-api"
@@ -22,3 +21,7 @@ dependencies {
 
 	integrationTestCompile seleniumDependencies
 }
+
+gretty {
+	jvmArgs = ['-Dspring.profiles.active=embedded-redis']
+}

samples/javaconfig/security/src/main/java/sample/Config.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,9 +18,11 @@ package sample;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
 
+@Import(EmbeddedRedisConfig.class)
 // tag::class[]
 @Configuration
 @EnableRedisHttpSession // <1>