Release 2.0.2.RELEASE

Closes gh-998

Jenkinsfile

@@ -41,12 +41,18 @@ try {
 	}
 
 	if(currentBuild.result == 'SUCCESS') {
-		parallel artifactory: {
-			stage('Artifactory Deploy') {
+		parallel artifacts: {
+			stage('Deploy Artifacts') {
 				node {
 					checkout scm
-					withCredentials([usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD')]) {
-						sh "./gradlew artifactoryPublish -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --no-daemon --stacktrace"
+					withCredentials([file(credentialsId: 'spring-signing-secring.gpg', variable: 'SIGNING_KEYRING_FILE')]) {
+						withCredentials([string(credentialsId: 'spring-gpg-passphrase', variable: 'SIGNING_PASSWORD')]) {
+							withCredentials([usernamePassword(credentialsId: 'oss-token', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USERNAME')]) {
+								withCredentials([usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD')]) {
+									sh "./gradlew deployArtifacts finalizeDeployArtifacts -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password='$SIGNING_PASSWORD' -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --refresh-dependencies --no-daemon --stacktrace"
+								}
+							}
+						}
 					}
 				}
 			}

build.gradle

@@ -1,6 +1,6 @@
 buildscript {
 	dependencies {
-		classpath 'io.spring.gradle:spring-build-conventions:0.0.8.RELEASE'
+		classpath 'io.spring.gradle:spring-build-conventions:0.0.13.RELEASE'
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
 	}
 	repositories {

docs/src/docs/asciidoc/guides/boot-findbyusername.adoc

@@ -114,7 +114,7 @@ Another option is to use https://www.docker.com/[Docker] to run Redis on localho
 ====
 
 ----
-$ ./gradlew :samples:findbyusername:tomcatRun
+$ ./gradlew :spring-session-sample-boot-findbyusername:bootRun
 ----
 
 You should now be able to access the application at http://localhost:8080/

docs/src/docs/asciidoc/guides/boot-jdbc.adoc

@@ -95,7 +95,7 @@ The httpsession-jdbc-boot Sample Application demonstrates how to use Spring Sess
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
 ----
-$ ./gradlew :samples:httpsession-jdbc-boot:bootRun
+$ ./gradlew :spring-session-sample-boot-jdbc:bootRun
 ----
 
 You should now be able to access the application at http://localhost:8080/

docs/src/docs/asciidoc/guides/boot-redis.adoc

@@ -97,7 +97,7 @@ Another option is to use https://www.docker.com/[Docker] to run Redis on localho
 ====
 
 ----
-$ ./gradlew :samples:boot:bootRun
+$ ./gradlew :spring-session-sample-boot-redis:bootRun
 ----
 
 You should now be able to access the application at http://localhost:8080/

docs/src/docs/asciidoc/guides/boot-websocket.adoc

@@ -24,7 +24,7 @@ Please make sure you have already integrated Spring Session with the HttpSession
 [[websocket-spring-configuration]]
 == Spring Configuration
 
-In a typical Spring WebSocket application users would extend `AbstractWebSocketMessageBrokerConfigurer`.
+In a typical Spring WebSocket application users would implement `WebSocketMessageBrokerConfigurer`.
 For example, the configuration might look something like the following:
 
 [source,java]
@@ -43,7 +43,7 @@ include::{samples-dir}boot/websocket/src/main/java/sample/config/WebSocketConfig
 
 To hook in the Spring Session support we only need to change two things:
 
-<1> Instead of extending `AbstractWebSocketMessageBrokerConfigurer` we extend `AbstractSessionWebSocketMessageBrokerConfigurer`
+<1> Instead of implementing `WebSocketMessageBrokerConfigurer` we extend `AbstractSessionWebSocketMessageBrokerConfigurer`
 <2> We rename the `registerStompEndpoints` method to `configureStompEndpoints`
 
 What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes?
@@ -89,7 +89,7 @@ Another option is to use https://www.docker.com/[Docker] to run Redis on localho
 ====
 
 ----
-$ ./gradlew :samples:websocket:bootRun
+$ ./gradlew :spring-session-sample-boot-websocket:bootRun
 ----
 
 You should now be able to access the application at http://localhost:8080/

docs/src/docs/asciidoc/guides/grails3.adoc

@@ -90,7 +90,7 @@ Another option is to use https://www.docker.com/[Docker] to run Redis on localho
 ====
 
 ----
-$ ./gradlew :samples:grails3:bootRun
+$ ./gradlew :spring-session-sample-misc-grails3:bootRun
 ----
 
 You should now be able to access the application at http://localhost:8080/test/index

docs/src/docs/asciidoc/guides/java-custom-cookie.adoc

@@ -84,7 +84,7 @@ Another option is to use https://www.docker.com/[Docker] to run Redis on localho
 ====
 
 ----
-$ ./gradlew :samples:custom-cookie:tomcatRun
+$ ./gradlew :spring-session-sample-javaconfig-custom-cookie:tomcatRun
 ----
 
 You should now be able to access the application at http://localhost:8080/

docs/src/docs/asciidoc/guides/java-hazelcast.adoc

@@ -134,7 +134,7 @@ http://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html
 ====
 
 ----
-$ ./gradlew :samples:hazelcast-spring:tomcatRun
+$ ./gradlew :spring-session-sample-javaconfig-hazelcast:tomcatRun
 ----
 
 You should now be able to access the application at http://localhost:8080/

docs/src/docs/asciidoc/guides/java-jdbc.adoc

@@ -119,7 +119,7 @@ This ensures that the Spring Bean by the name `springSessionRepositoryFilter` is
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
 ----
-$ ./gradlew :samples:httpsession-jdbc:tomcatRun
+$ ./gradlew :spring-session-sample-javaconfig-jdbc:tomcatRun
 ----
 
 You should now be able to access the application at http://localhost:8080/

docs/src/docs/asciidoc/guides/java-redis.adoc

@@ -131,7 +131,7 @@ Another option is to use https://www.docker.com/[Docker] to run Redis on localho
 ====
 
 ----
-$ ./gradlew :samples:httpsession:tomcatRun
+$ ./gradlew :spring-session-sample-javaconfig-redis:tomcatRun
 ----
 
 You should now be able to access the application at http://localhost:8080/

docs/src/docs/asciidoc/guides/java-rest.adoc

@@ -132,7 +132,7 @@ Another option is to use https://www.docker.com/[Docker] to run Redis on localho
 ====
 
 ----
-$ ./gradlew :samples:rest:tomcatRun
+$ ./gradlew :spring-session-sample-javaconfig-rest:tomcatRun
 ----
 
 You should now be able to access the application at http://localhost:8080/

docs/src/docs/asciidoc/guides/java-security.adoc

@@ -136,7 +136,7 @@ Another option is to use https://www.docker.com/[Docker] to run Redis on localho
 ====
 
 ----
-$ ./gradlew :samples:security:tomcatRun
+$ ./gradlew :spring-session-sample-javaconfig-security:tomcatRun
 ----
 
 You should now be able to access the application at http://localhost:8080/

docs/src/docs/asciidoc/guides/xml-jdbc.adoc

@@ -129,7 +129,7 @@ For every request that `DelegatingFilterProxy` is invoked, the `springSessionRep
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
 ----
-$ ./gradlew :samples:httpsession-jdbc-xml:tomcatRun
+$ ./gradlew :spring-session-sample-xml-jdbc:tomcatRun
 ----
 
 You should now be able to access the application at http://localhost:8080/

docs/src/docs/asciidoc/guides/xml-redis.adoc

@@ -139,7 +139,7 @@ Another option is to use https://www.docker.com/[Docker] to run Redis on localho
 ====
 
 ----
-$ ./gradlew :samples:httpsession-xml:tomcatRun
+$ ./gradlew :spring-session-sample-xml-redis:tomcatRun
 ----
 
 You should now be able to access the application at http://localhost:8080/

docs/src/test/java/docs/websocket/WebSocketConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,9 +19,9 @@ package docs.websocket;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.messaging.simp.config.MessageBrokerRegistry;
 import org.springframework.scheduling.annotation.EnableScheduling;
-import org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer;
 import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
+import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
 
 /**
  * @author Rob Winch
@@ -30,7 +30,7 @@ import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 @Configuration
 @EnableScheduling
 @EnableWebSocketMessageBroker
-public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
+public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
 
 	@Override
 	public void registerStompEndpoints(StompEndpointRegistry registry) {

gradle.properties

@@ -1,2 +1,2 @@
-springBootVersion=2.0.0.M7
-version=2.0.0.RELEASE
+springBootVersion=2.0.0.RC1
+version=2.0.2.RELEASE

gradle/dependency-management.gradle

@@ -1,33 +1,30 @@
 dependencyManagement {
 	imports {
-		mavenBom 'com.fasterxml.jackson:jackson-bom:2.9.3'
-		mavenBom 'io.projectreactor:reactor-bom:Bismuth-SR4'
-		mavenBom 'org.springframework:spring-framework-bom:5.0.2.RELEASE'
-		mavenBom 'org.springframework.data:spring-data-releasetrain:Kay-SR2'
-		mavenBom 'org.springframework.security:spring-security-bom:5.0.0.RELEASE'
+		mavenBom 'com.fasterxml.jackson:jackson-bom:2.9.4'
+		mavenBom 'io.projectreactor:reactor-bom:Bismuth-SR6'
+		mavenBom 'org.springframework:spring-framework-bom:5.0.4.RELEASE'
+		mavenBom 'org.springframework.data:spring-data-releasetrain:Kay-SR4'
+		mavenBom 'org.springframework.security:spring-security-bom:5.0.2.RELEASE'
 	}
 
 	dependencies {
-		dependencySet(group: 'com.hazelcast', version: '3.9.1') {
+		dependencySet(group: 'com.hazelcast', version: '3.9.3') {
 			entry 'hazelcast'
 			entry 'hazelcast-client'
 		}
 
-		dependencySet(group: 'org.testcontainers', version: '1.5.1') {
+		dependencySet(group: 'org.testcontainers', version: '1.6.0') {
+			entry 'mariadb'
+			entry 'mssqlserver'
 			entry 'mysql'
 			entry 'postgresql'
 			entry 'testcontainers'
 		}
 
-		dependencySet(group: 'org.testcontainers', version: '1.4.3') {
-			entry 'mariadb'
-			entry 'mssqlserver'
-		}
-
 		dependency 'com.h2database:h2:1.4.196'
 		dependency 'com.microsoft.sqlserver:mssql-jdbc:6.2.2.jre8'
 		dependency 'edu.umd.cs.mtc:multithreadedtc:1.01'
-		dependency 'io.lettuce:lettuce-core:5.0.1.RELEASE'
+		dependency 'io.lettuce:lettuce-core:5.0.2.RELEASE'
 		dependency 'javax.servlet:javax.servlet-api:3.1.0'
 		dependency 'junit:junit:4.12'
 		dependency 'mysql:mysql-connector-java:5.1.45'
@@ -35,8 +32,8 @@ dependencyManagement {
 		dependency 'org.assertj:assertj-core:3.9.0'
 		dependency 'org.hsqldb:hsqldb:2.4.0'
 		dependency 'org.mariadb.jdbc:mariadb-java-client:2.2.1'
-		dependency 'org.mockito:mockito-core:2.13.0'
-		dependency 'org.postgresql:postgresql:42.1.4'
-		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.29.0'
+		dependency 'org.mockito:mockito-core:2.15.0'
+		dependency 'org.postgresql:postgresql:42.2.1'
+		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.29.2'
 	}
 }

gradle/wrapper/gradle-wrapper.properties

@@ -2,4 +2,4 @@ distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.4.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.5.1-bin.zip

samples/boot/findbyusername/README.adoc

@@ -1,4 +0,0 @@
-Demonstrates using Spring Session to lookup a user's session by the username.
-The sample provides a hook to add the current username to the session (required for finding the user) by providing a custom implementation of Spring Security's `AuthenticationSuccessHandler`.
-
-NOTE: This product includes GeoLite2 data created by MaxMind, available from http://www.maxmind.com

samples/boot/findbyusername/src/integration-test/java/sample/FindByUsernameTests.java

@@ -49,7 +49,7 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
 @ContextConfiguration(initializers = FindByUsernameTests.Initializer.class)
 public class FindByUsernameTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.6";
+	private static final String DOCKER_IMAGE = "redis:4.0.8";
 
 	@ClassRule
 	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)

samples/boot/findbyusername/src/main/java/sample/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,14 +16,10 @@
 
 package sample.config;
 
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
  * Spring Security configuration.
@@ -34,20 +30,13 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	// tag::config[]
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/findbyusername/src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.security.user.password=password

samples/boot/jdbc/README.adoc

@@ -1 +0,0 @@
-Demonstrates using Spring Session with Spring Boot and Spring Security. You can log in with the username "user" and the password "password".

samples/boot/jdbc/src/main/java/sample/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,15 +16,11 @@
 
 package sample.config;
 
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
  * Spring Security configuration.
@@ -35,16 +31,9 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	@Override
-	public void configure(WebSecurity web) throws Exception {
+	public void configure(WebSecurity web) {
 		web
 			.ignoring().antMatchers("/h2-console/**");
 	}
@@ -56,7 +45,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/jdbc/src/main/resources/application.properties

@@ -1 +1,2 @@
+spring.security.user.password=password
 spring.h2.console.enabled=true

samples/boot/redis-json/src/integration-test/java/sample/HttpRedisJsonTest.java

@@ -53,7 +53,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 @ContextConfiguration(initializers = HttpRedisJsonTest.Initializer.class)
 public class HttpRedisJsonTest {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.6";
+	private static final String DOCKER_IMAGE = "redis:4.0.8";
 
 	@ClassRule
 	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)

samples/boot/redis-json/src/integration-test/java/sample/RedisSerializerTest.java

@@ -42,7 +42,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 @ContextConfiguration(initializers = RedisSerializerTest.Initializer.class)
 public class RedisSerializerTest {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.6";
+	private static final String DOCKER_IMAGE = "redis:4.0.8";
 
 	@ClassRule
 	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)

samples/boot/redis-json/src/main/java/sample/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,14 +16,10 @@
 
 package sample.config;
 
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
  * Spring Security configuration.
@@ -34,19 +30,12 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/redis-json/src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.security.user.password=password

samples/boot/redis/README.adoc

@@ -1 +0,0 @@
-Demonstrates using Spring Session with Spring Boot and Spring Security. You can log in with the username "user" and the password "password".

samples/boot/redis/src/integration-test/java/sample/BootTests.java

@@ -48,7 +48,7 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
 @ContextConfiguration(initializers = BootTests.Initializer.class)
 public class BootTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.6";
+	private static final String DOCKER_IMAGE = "redis:4.0.8";
 
 	@ClassRule
 	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)

samples/boot/redis/src/main/java/sample/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,14 +16,10 @@
 
 package sample.config;
 
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
  * Spring Security configuration.
@@ -34,20 +30,13 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	// tag::config[]
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/redis/src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.security.user.password=password

samples/boot/webflux/src/integration-test/java/sample/AttributeTests.java

@@ -49,7 +49,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 @ContextConfiguration(initializers = AttributeTests.Initializer.class)
 public class AttributeTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.6";
+	private static final String DOCKER_IMAGE = "redis:4.0.8";
 
 	@ClassRule
 	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)

samples/boot/websocket/src/main/java/sample/config/WebSecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,30 +17,20 @@
 package sample.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 @Configuration
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth,
@@ -53,7 +43,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
 	// @formatter:off
 	@Override
-	public void configure(WebSecurity web) throws Exception {
+	public void configure(WebSecurity web) {
 		web
 			.ignoring().antMatchers("/h2-console/**");
 	}
@@ -64,7 +54,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/websocket/src/test/java/sample/ApplicationTests.java

@@ -55,7 +55,7 @@ import org.springframework.web.socket.sockjs.client.WebSocketTransport;
 @ContextConfiguration(initializers = ApplicationTests.Initializer.class)
 public class ApplicationTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.6";
+	private static final String DOCKER_IMAGE = "redis:4.0.8";
 
 	@ClassRule
 	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)

samples/javaconfig/custom-cookie/src/main/java/sample/EmbeddedRedisConfig.java

@@ -30,7 +30,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.6";
+	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.8";
 
 	@Bean(initMethod = "start")
 	public GenericContainer redisContainer() {

samples/javaconfig/redis/src/main/java/sample/EmbeddedRedisConfig.java

@@ -30,7 +30,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.6";
+	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.8";
 
 	@Bean(initMethod = "start")
 	public GenericContainer redisContainer() {

samples/javaconfig/rest/src/integration-test/java/rest/RestMockMvcTests.java

@@ -55,7 +55,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @WebAppConfiguration
 public class RestMockMvcTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.6";
+	private static final String DOCKER_IMAGE = "redis:4.0.8";
 
 	@ClassRule
 	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)

samples/javaconfig/rest/src/main/java/sample/EmbeddedRedisConfig.java

@@ -30,7 +30,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.6";
+	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.8";
 
 	@Bean(initMethod = "start")
 	public GenericContainer redisContainer() {

samples/javaconfig/security/src/main/java/sample/EmbeddedRedisConfig.java

@@ -30,7 +30,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.6";
+	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.8";
 
 	@Bean(initMethod = "start")
 	public GenericContainer redisContainer() {

samples/xml/redis/src/main/java/sample/EmbeddedRedisConfig.java

@@ -30,7 +30,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.6";
+	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.8";
 
 	@Bean(initMethod = "start")
 	public GenericContainer redisContainer() {

spring-session-core/src/main/java/org/springframework/session/web/http/CookieSerializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -78,7 +78,7 @@ public interface CookieSerializer {
 		 * modified by the {@link CookieSerializer} when writing to the actual cookie so
 		 * long as the original value is returned when the cookie is read.
 		 */
-		CookieValue(HttpServletRequest request, HttpServletResponse response,
+		public CookieValue(HttpServletRequest request, HttpServletResponse response,
 				String cookieValue) {
 			this.request = request;
 			this.response = response;

spring-session-core/src/main/java/org/springframework/session/web/socket/config/annotation/AbstractSessionWebSocketMessageBrokerConfigurer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,10 +25,10 @@ import org.springframework.session.SessionRepository;
 import org.springframework.session.web.socket.handler.WebSocketConnectHandlerDecoratorFactory;
 import org.springframework.session.web.socket.handler.WebSocketRegistryListener;
 import org.springframework.session.web.socket.server.SessionRepositoryMessageInterceptor;
-import org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 import org.springframework.web.socket.config.annotation.StompWebSocketEndpointRegistration;
 import org.springframework.web.socket.config.annotation.WebMvcStompEndpointRegistry;
+import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
 import org.springframework.web.socket.config.annotation.WebSocketTransportRegistration;
 import org.springframework.web.socket.messaging.StompSubProtocolErrorHandler;
 import org.springframework.web.socket.server.HandshakeInterceptor;
@@ -75,7 +75,7 @@ import org.springframework.web.util.UrlPathHelper;
  * @since 1.0
  */
 public abstract class AbstractSessionWebSocketMessageBrokerConfigurer<S extends Session>
-		extends AbstractWebSocketMessageBrokerConfigurer {
+		implements WebSocketMessageBrokerConfigurer {
 
 	@Autowired
 	@SuppressWarnings("rawtypes")

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/AbstractRedisITests.java

@@ -30,7 +30,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
  */
 public abstract class AbstractRedisITests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.6";
+	private static final String DOCKER_IMAGE = "redis:4.0.8";
 
 	@ClassRule
 	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/config/annotation/web/http/RedisHttpSessionConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,6 +23,7 @@ import java.util.concurrent.Executor;
 
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.beans.factory.BeanClassLoaderAware;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -70,7 +71,8 @@ import org.springframework.util.StringValueResolver;
 @Configuration
 @EnableScheduling
 public class RedisHttpSessionConfiguration extends SpringHttpSessionConfiguration
-		implements EmbeddedValueResolverAware, ImportAware, SchedulingConfigurer {
+		implements BeanClassLoaderAware, EmbeddedValueResolverAware, ImportAware,
+		SchedulingConfigurer {
 
 	static final String DEFAULT_CLEANUP_CRON = "0 * * * * *";
 
@@ -94,12 +96,13 @@ public class RedisHttpSessionConfiguration extends SpringHttpSessionConfiguratio
 
 	private Executor redisSubscriptionExecutor;
 
+	private ClassLoader classLoader;
+
 	private StringValueResolver embeddedValueResolver;
 
 	@Bean
 	public RedisOperationsSessionRepository sessionRepository() {
-		RedisTemplate<Object, Object> redisTemplate = createRedisTemplate(
-				this.redisConnectionFactory, this.defaultRedisSerializer);
+		RedisTemplate<Object, Object> redisTemplate = createRedisTemplate();
 		RedisOperationsSessionRepository sessionRepository = new RedisOperationsSessionRepository(
 				redisTemplate);
 		sessionRepository.setApplicationEventPublisher(this.applicationEventPublisher);
@@ -205,6 +208,11 @@ public class RedisHttpSessionConfiguration extends SpringHttpSessionConfiguratio
 		this.redisSubscriptionExecutor = redisSubscriptionExecutor;
 	}
 
+	@Override
+	public void setBeanClassLoader(ClassLoader classLoader) {
+		this.classLoader = classLoader;
+	}
+
 	@Override
 	public void setEmbeddedValueResolver(StringValueResolver resolver) {
 		this.embeddedValueResolver = resolver;
@@ -235,16 +243,15 @@ public class RedisHttpSessionConfiguration extends SpringHttpSessionConfiguratio
 				this.cleanupCron);
 	}
 
-	private static RedisTemplate<Object, Object> createRedisTemplate(
-			RedisConnectionFactory redisConnectionFactory,
-			RedisSerializer<Object> defaultRedisSerializer) {
+	private RedisTemplate<Object, Object> createRedisTemplate() {
 		RedisTemplate<Object, Object> redisTemplate = new RedisTemplate<>();
 		redisTemplate.setKeySerializer(new StringRedisSerializer());
 		redisTemplate.setHashKeySerializer(new StringRedisSerializer());
-		if (defaultRedisSerializer != null) {
-			redisTemplate.setDefaultSerializer(defaultRedisSerializer);
+		if (this.defaultRedisSerializer != null) {
+			redisTemplate.setDefaultSerializer(this.defaultRedisSerializer);
 		}
-		redisTemplate.setConnectionFactory(redisConnectionFactory);
+		redisTemplate.setConnectionFactory(this.redisConnectionFactory);
+		redisTemplate.setBeanClassLoader(this.classLoader);
 		redisTemplate.afterPropertiesSet();
 		return redisTemplate;
 	}

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/config/annotation/web/server/RedisWebSessionConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@ package org.springframework.session.data.redis.config.annotation.web.server;
 
 import java.util.Map;
 
+import org.springframework.beans.factory.BeanClassLoaderAware;
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.EmbeddedValueResolverAware;
@@ -53,11 +54,7 @@ import org.springframework.web.server.session.WebSessionManager;
  */
 @Configuration
 public class RedisWebSessionConfiguration extends SpringWebSessionConfiguration
-		implements EmbeddedValueResolverAware, ImportAware {
-
-	private static final RedisSerializer<String> keySerializer = new StringRedisSerializer();
-
-	private static final RedisSerializer<Object> valueSerializer = new JdkSerializationRedisSerializer();
+		implements BeanClassLoaderAware, EmbeddedValueResolverAware, ImportAware {
 
 	private Integer maxInactiveIntervalInSeconds = MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS;
 
@@ -67,12 +64,15 @@ public class RedisWebSessionConfiguration extends SpringWebSessionConfiguration
 
 	private ReactiveRedisConnectionFactory redisConnectionFactory;
 
+	private ClassLoader classLoader;
+
 	private StringValueResolver embeddedValueResolver;
 
 	@Bean
 	public ReactiveRedisOperationsSessionRepository sessionRepository() {
+		ReactiveRedisTemplate<String, Object> reactiveRedisTemplate = createReactiveRedisTemplate();
 		ReactiveRedisOperationsSessionRepository sessionRepository = new ReactiveRedisOperationsSessionRepository(
-				createDefaultTemplate(this.redisConnectionFactory));
+				reactiveRedisTemplate);
 		sessionRepository
 				.setDefaultMaxInactiveInterval(this.maxInactiveIntervalInSeconds);
 		if (StringUtils.hasText(this.redisNamespace)) {
@@ -107,6 +107,11 @@ public class RedisWebSessionConfiguration extends SpringWebSessionConfiguration
 		this.redisConnectionFactory = redisConnectionFactoryToUse;
 	}
 
+	@Override
+	public void setBeanClassLoader(ClassLoader classLoader) {
+		this.classLoader = classLoader;
+	}
+
 	@Override
 	public void setEmbeddedValueResolver(StringValueResolver resolver) {
 		this.embeddedValueResolver = resolver;
@@ -127,12 +132,15 @@ public class RedisWebSessionConfiguration extends SpringWebSessionConfiguration
 		this.redisFlushMode = attributes.getEnum("redisFlushMode");
 	}
 
-	private static ReactiveRedisTemplate<String, Object> createDefaultTemplate(
-			ReactiveRedisConnectionFactory connectionFactory) {
+	private ReactiveRedisTemplate<String, Object> createReactiveRedisTemplate() {
+		RedisSerializer<String> keySerializer = new StringRedisSerializer();
+		RedisSerializer<Object> valueSerializer = new JdkSerializationRedisSerializer(
+				this.classLoader);
 		RedisSerializationContext<String, Object> serializationContext = RedisSerializationContext
 				.<String, Object>newSerializationContext(valueSerializer)
 				.key(keySerializer).hashKey(keySerializer).build();
-		return new ReactiveRedisTemplate<>(connectionFactory, serializationContext);
+		return new ReactiveRedisTemplate<>(this.redisConnectionFactory,
+				serializationContext);
 	}
 
 }

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/MariaDB10JdbcOperationsSessionRepositoryITests.java

@@ -46,7 +46,7 @@ import org.springframework.test.context.web.WebAppConfiguration;
 public class MariaDB10JdbcOperationsSessionRepositoryITests
 		extends AbstractJdbcOperationsSessionRepositoryITests {
 
-	private static final String DOCKER_IMAGE = "mariadb:10.2.11";
+	private static final String DOCKER_IMAGE = "mariadb:10.2.13";
 
 	@ClassRule
 	public static MariaDBContainer mariaDBContainer = new MariaDBContainer(DOCKER_IMAGE);

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/MariaDB5JdbcOperationsSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -46,7 +46,7 @@ import org.springframework.test.context.web.WebAppConfiguration;
 public class MariaDB5JdbcOperationsSessionRepositoryITests
 		extends AbstractJdbcOperationsSessionRepositoryITests {
 
-	private static final String DOCKER_IMAGE = "mariadb:5.5.58";
+	private static final String DOCKER_IMAGE = "mariadb:5.5.59";
 
 	@ClassRule
 	public static MariaDBContainer mariaDBContainer = new MariaDBContainer(DOCKER_IMAGE);

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/MySQL5JdbcOperationsSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,7 +43,7 @@ import org.springframework.test.context.web.WebAppConfiguration;
 public class MySQL5JdbcOperationsSessionRepositoryITests
 		extends AbstractJdbcOperationsSessionRepositoryITests {
 
-	private static final String DOCKER_IMAGE = "mysql:5.7.20";
+	private static final String DOCKER_IMAGE = "mysql:5.7.21";
 
 	@ClassRule
 	public static MySQLContainer mySQLContainer = new MySQLContainer(DOCKER_IMAGE);

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/PostgreSQL10JdbcOperationsSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -44,7 +44,7 @@ import org.springframework.test.context.web.WebAppConfiguration;
 public class PostgreSQL10JdbcOperationsSessionRepositoryITests
 		extends AbstractJdbcOperationsSessionRepositoryITests {
 
-	private static final String DOCKER_IMAGE = "postgres:10.1";
+	private static final String DOCKER_IMAGE = "postgres:10.2";
 
 	@ClassRule
 	public static PostgreSQLContainer postgreSQLContainer = new PostgreSQLContainer(

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/PostgreSQL9JdbcOperationsSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -44,7 +44,7 @@ import org.springframework.test.context.web.WebAppConfiguration;
 public class PostgreSQL9JdbcOperationsSessionRepositoryITests
 		extends AbstractJdbcOperationsSessionRepositoryITests {
 
-	private static final String DOCKER_IMAGE = "postgres:9.6.6";
+	private static final String DOCKER_IMAGE = "postgres:9.6.7";
 
 	@ClassRule
 	public static PostgreSQLContainer postgreSQLContainer = new PostgreSQLContainer(

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/SQLServerJdbcOperationsSessionRepositoryITests.java

@@ -46,7 +46,7 @@ import org.springframework.test.context.web.WebAppConfiguration;
 public class SQLServerJdbcOperationsSessionRepositoryITests
 		extends AbstractJdbcOperationsSessionRepositoryITests {
 
-	private static final String DOCKER_IMAGE = "microsoft/mssql-server-linux:2017-CU2";
+	private static final String DOCKER_IMAGE = "microsoft/mssql-server-linux:2017-CU3";
 
 	@ClassRule
 	public static MSSQLServerContainer container = new MSSQLServerContainer(DOCKER_IMAGE);