Release 2.0.5.RELEASE

Closes gh-1122

.editorconfig

@@ -0,0 +1,19 @@
+root = true
+
+[*]
+end_of_line = lf
+trim_trailing_whitespace = true
+insert_final_newline = true
+max_line_length = 120
+
+[*.java]
+indent_style = tab
+indent_size = 4
+charset = latin1
+continuation_indent_size = 8
+
+[*.xml]
+indent_style = tab
+indent_size = 4
+charset = latin1
+continuation_indent_size = 8

.github/ISSUE_TEMPLATE.md

@@ -1,3 +1,7 @@
+<!--
+For Security Vulnerabilities, please use https://pivotal.io/security#reporting
+-->
+
 <!--
 Thanks for raising a Spring Session issue. Please provide a brief description of your problem along with the version of Spring Session that you are using. If possible, please also consider putting together a sample application that reproduces the issue.
 -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,3 +1,7 @@
+<!--
+For Security Vulnerabilities, please use https://pivotal.io/security#reporting
+-->
+
 <!--
 Thanks for contributing to Spring Session. Please provide a brief description of your pull-request and reference any related issue numbers (prefix references with #).
 -->

.gitignore

@@ -10,6 +10,6 @@ target
 out
 .springBeans
 *.rdb
-!eclispe/.checkstyle
 .checkstyle
+!etc/eclipse/.checkstyle
 !**/src/**/build

build.gradle

@@ -1,6 +1,6 @@
 buildscript {
 	dependencies {
-		classpath 'io.spring.gradle:spring-build-conventions:0.0.9.RELEASE'
+		classpath 'io.spring.gradle:spring-build-conventions:0.0.17.RELEASE'
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
 	}
 	repositories {

docs/spring-session-docs.gradle

@@ -38,6 +38,7 @@ asciidoctor {
 			'lettuce-version': versions['io.lettuce:lettuce-core'],
 			'samples-dir': "$rootProject.projectDir.path/samples/",
 			'session-jdbc-main-resources-dir': "${project(':spring-session-jdbc').projectDir.path}/src/main/resources/",
+			'spring-boot-version': project.springBootVersion,
 			'spring-data-redis-version': versions['org.springframework.data:spring-data-redis'],
 			'spring-framework-version': versions['org.springframework:spring-core'],
 			'spring-security-version': versions['org.springframework.security:spring-security-core'],

docs/src/docs/asciidoc/guides/boot-jdbc.adoc

@@ -37,7 +37,7 @@ Thanks to first-class auto configuration support, setting up Spring Session back
 
 .src/main/resources/application.properties
 ----
-spring.session.store-type=jdbc
+spring.session.store-type=jdbc # Session store type.
 ----
 
 Under the hood, Spring Boot will apply configuration that is equivalent to manually adding `@EnableJdbcHttpSession` annotation.
@@ -48,10 +48,10 @@ Further customization is possible using `application.properties`:
 
 .src/main/resources/application.properties
 ----
-server.session.timeout= # Session timeout in seconds.
-spring.session.jdbc.initializer.enabled= # Create the required session tables on startup if necessary. Enabled automatically if the default table name is set or a custom schema is configured.
+server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
+spring.session.jdbc.initialize-schema=embedded # Database schema initialization mode.
 spring.session.jdbc.schema=classpath:org/springframework/session/jdbc/schema-@@platform@@.sql # Path to the SQL file to use to initialize the database schema.
-spring.session.jdbc.table-name=SPRING_SESSION # Name of database table used to store sessions.
+spring.session.jdbc.table-name=SPRING_SESSION # Name of the database table used to store sessions.
 ----
 
 For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
@@ -65,9 +65,9 @@ For example, you can include the following in your *application.properties*
 
 .src/main/resources/application.properties
 ----
-spring.datasource.url=jdbc:postgresql://localhost:5432/myapp
-spring.datasource.username=myapp
-spring.datasource.password=secret
+spring.datasource.url= # JDBC URL of the database.
+spring.datasource.username= # Login username of the database.
+spring.datasource.password= # Login password of the database.
 ----
 
 For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-configure-datasource[Configure a DataSource] portion of the Spring Boot documentation.

docs/src/docs/asciidoc/guides/boot-redis.adoc

@@ -35,7 +35,7 @@ Thanks to first-class auto configuration support, setting up Spring Session back
 
 .src/main/resources/application.properties
 ----
-spring.session.store-type=redis
+spring.session.store-type=redis # Session store type.
 ----
 
 Under the hood, Spring Boot will apply configuration that is equivalent to manually adding `@EnableRedisHttpSession` annotation.
@@ -46,9 +46,9 @@ Further customization is possible using `application.properties`:
 
 .src/main/resources/application.properties
 ----
-server.session.timeout= # Session timeout in seconds.
-spring.session.redis.flush-mode= # Sessions flush mode.
-spring.session.redis.namespace= # Namespace for keys used to store sessions.
+server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
+spring.session.redis.flush-mode=on-save # Sessions flush mode.
+spring.session.redis.namespace=spring:session # Namespace for keys used to store sessions.
 ----
 
 For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
@@ -62,9 +62,9 @@ For example, you can include the following in your *application.properties*
 
 .src/main/resources/application.properties
 ----
-spring.redis.host=localhost
-spring.redis.password=secret
-spring.redis.port=6379
+spring.redis.host=localhost # Redis server host.
+spring.redis.password= # Login password of the redis server.
+spring.redis.port=6379 # Redis server port.
 ----
 
 For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.

docs/src/docs/asciidoc/guides/boot-websocket.adoc

@@ -24,7 +24,7 @@ Please make sure you have already integrated Spring Session with the HttpSession
 [[websocket-spring-configuration]]
 == Spring Configuration
 
-In a typical Spring WebSocket application users would extend `AbstractWebSocketMessageBrokerConfigurer`.
+In a typical Spring WebSocket application users would implement `WebSocketMessageBrokerConfigurer`.
 For example, the configuration might look something like the following:
 
 [source,java]
@@ -43,7 +43,7 @@ include::{samples-dir}boot/websocket/src/main/java/sample/config/WebSocketConfig
 
 To hook in the Spring Session support we only need to change two things:
 
-<1> Instead of extending `AbstractWebSocketMessageBrokerConfigurer` we extend `AbstractSessionWebSocketMessageBrokerConfigurer`
+<1> Instead of implementing `WebSocketMessageBrokerConfigurer` we extend `AbstractSessionWebSocketMessageBrokerConfigurer`
 <2> We rename the `registerStompEndpoints` method to `configureStompEndpoints`
 
 What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes?
@@ -77,7 +77,7 @@ For the purposes of testing session expiration, you may want to change the sessi
 
 .src/main/resources/application.properties
 ----
-server.session.timeout=60
+server.servlet.session.timeout=1m # Session timeout. If a duration suffix is not specified, seconds will be used.
 ----
 ====
 

docs/src/docs/asciidoc/index.adoc

@@ -147,11 +147,12 @@ As a part of this split, the Spring Session Data MongoDB and Spring Session Data
 * https://github.com/spring-projects/spring-session-data-mongodb[`spring-session-data-mongodb` repository]
 ** Hosts Spring Session Data MongoDB module
 * https://github.com/spring-projects/spring-session-data-geode[`spring-session-data-geode` repository]
-** Hosts Spring Session Data Geode/GemFire module
+** Hosts Spring Session Data Geode and Spring Session Data Geode modules
 
-Going forward, the plan is to externalize each of the `SessionRepository` implementations into a dedicated repository and provide a Maven BOM (as in "bill of materials") module in order to help users with version management concerns.
+Finally, Spring Session now also provides a Maven BOM (as in "bill of materials") module in order to help users with version management concerns:
 
-Modules maintained by the members of Spring Team will be hosted within the https://github.com/spring-projects[`spring-projects` organization], while the community maintained modules will continue to be promoted via <<community-extensions,Community Extensions>> section of this manual.
+* https://github.com/spring-projects/spring-session-bom[`spring-session-bom` repository]
+** Hosts Spring Session BOM module
 
 [[httpsession]]
 == HttpSession Integration
@@ -1199,7 +1200,7 @@ Note that these two have moved to separate repositories, and will continue to be
 === Dropped Support
 
 As a part of the changes to `HttpSessionStrategy` and it's alignment to the counterpart from the reactive world, the support for managing multiple users' sessions in a single browser instance has been removed.
-This introduction of new API to replace this functionality in consideration for future releases.
+The introduction of a new API to replace this functionality is under consideration for future releases.
 
 [[community]]
 == Spring Session Community

docs/src/test/java/docs/security/RememberMeSecurityConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -67,8 +67,8 @@ public class RememberMeSecurityConfiguration extends WebSecurityConfigurerAdapte
 	@Override
 	@Bean
 	public InMemoryUserDetailsManager userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
+		return new InMemoryUserDetailsManager(User.withUsername("user")
+				.password("{noop}password").roles("USER").build());
 	}
 
 	@Bean

docs/src/test/java/docs/websocket/WebSocketConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,9 +19,9 @@ package docs.websocket;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.messaging.simp.config.MessageBrokerRegistry;
 import org.springframework.scheduling.annotation.EnableScheduling;
-import org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer;
 import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
+import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
 
 /**
  * @author Rob Winch
@@ -30,7 +30,7 @@ import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 @Configuration
 @EnableScheduling
 @EnableWebSocketMessageBroker
-public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
+public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
 
 	@Override
 	public void registerStompEndpoints(StompEndpointRegistry registry) {

etc/checkstyle/checkstyle.xml

@@ -2,165 +2,11 @@
 <!DOCTYPE module PUBLIC "-//Puppy Crawl//DTD Check Configuration 1.3//EN"
 		"http://www.puppycrawl.com/dtds/configuration_1_3.dtd">
 <module name="Checker">
-	<!-- Suppressions -->
+	<!-- Supressions -->
 	<module name="SuppressionFilter">
 		<property name="file" value="${configDir}/suppressions.xml"/>
 	</module>
 
 	<!-- Root Checks -->
-	<module name="RegexpHeader">
-		<property name="headerFile" value="${configDir}/header.txt"/>
-		<property name="fileExtensions" value="java"/>
-	</module>
-	<module name="NewlineAtEndOfFile">
-		<property name="lineSeparator" value="lf"/>
-		<property name="fileExtensions" value="java,xml"/>
-	</module>
-
-	<!-- TreeWalker Checks -->
-	<module name="TreeWalker">
-		<!-- Annotations -->
-		<module name="AnnotationUseStyle">
-			<property name="elementStyle" value="compact"/>
-		</module>
-		<module name="MissingOverride"/>
-		<module name="PackageAnnotation"/>
-		<module name="AnnotationLocation">
-			<property name="allowSamelineSingleParameterlessAnnotation" value="false" />
-		</module>
-
-		<!-- Block Checks -->
-		<module name="EmptyBlock">
-			<property name="option" value="text"/>
-		</module>
-		<module name="LeftCurly"/>
-		<module name="RightCurly">
-			<property name="option" value="alone"/>
-		</module>
-		<module name="NeedBraces"/>
-		<module name="AvoidNestedBlocks"/>
-
-		<!-- Class Design -->
-		<module name="FinalClass"/>
-		<module name="InterfaceIsType"/>
-		<module name="HideUtilityClassConstructor"/>
-		<module name="MutableException"/>
-		<module name="InnerTypeLast"/>
-		<module name="OneTopLevelClass"/>
-
-		<!-- Coding -->
-		<module name="CovariantEquals"/>
-		<module name="EmptyStatement"/>
-		<module name="EqualsHashCode"/>
-		<module name="InnerAssignment"/>
-		<module name="SimplifyBooleanExpression"/>
-		<module name="SimplifyBooleanReturn"/>
-		<module name="StringLiteralEquality"/>
-		<module name="NestedForDepth">
-			<property name="max" value="3"/>
-		</module>
-		<module name="NestedIfDepth">
-			<property name="max" value="3"/>
-		</module>
-		<module name="NestedTryDepth">
-			<property name="max" value="3"/>
-		</module>
-		<module name="MultipleVariableDeclarations"/>
-		<module name="RequireThis">
-			<property name="checkMethods" value="false"/>
-		</module>
-		<module name="OneStatementPerLine"/>
-
-		<!-- Imports -->
-		<module name="AvoidStarImport"/>
-		<module name="AvoidStaticImport">
-			<property name="excludes"
-					value="org.assertj.core.api.Assertions.*, org.mockito.Mockito.*, org.mockito.BDDMockito.*, org.mockito.AdditionalMatchers.*, org.mockito.ArgumentMatchers.*, org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*, org.springframework.test.web.servlet.result.MockMvcResultHandlers.*, org.springframework.test.web.servlet.result.MockMvcResultMatchers.*, org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*, org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*, org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.*, org.springframework.hateoas.mvc.ControllerLinkBuilder.linkTo"/>
-		</module>
-		<module name="IllegalImport"/>
-		<module name="RedundantImport"/>
-		<module name="UnusedImports">
-			<property name="processJavadoc" value="true"/>
-		</module>
-		<module name="ImportOrder">
-			<property name="groups" value="java,/^javax?\./,*,org.springframework"/>
-			<property name="ordered" value="true"/>
-			<property name="separated" value="true"/>
-			<property name="option" value="bottom"/>
-			<property name="sortStaticImportsAlphabetically" value="true"/>
-		</module>
-
-		<!-- Javadoc Comments -->
-		<module name="JavadocType">
-			<property name="scope" value="package"/>
-			<property name="authorFormat" value=".+\s.+"/>
-		</module>
-		<module name="JavadocMethod">
-			<property name="allowMissingJavadoc" value="true"/>
-		</module>
-		<module name="JavadocVariable">
-			<property name="scope" value="public"/>
-		</module>
-		<module name="JavadocStyle">
-			<property name="checkEmptyJavadoc" value="true"/>
-		</module>
-		<module name="NonEmptyAtclauseDescription"/>
-		<module name="JavadocTagContinuationIndentation">
-			<property name="offset" value="0"/>
-		</module>
-		<module name="AtclauseOrder">
-			<property name="target" value="CLASS_DEF, INTERFACE_DEF, ENUM_DEF"/>
-			<property name="tagOrder" value="@param, @author, @since, @see, @version, @serial, @deprecated"/>
-		</module>
-		<module name="AtclauseOrder">
-			<property name="target" value="METHOD_DEF, CTOR_DEF, VARIABLE_DEF"/>
-			<property name="tagOrder" value="@param, @return, @throws, @since, @deprecated, @see"/>
-		</module>
-
-		<!-- Miscellaneous -->
-		<module name="CommentsIndentation"/>
-		<module name="UpperEll"/>
-		<module name="ArrayTypeStyle"/>
-		<module name="OuterTypeFilename"/>
-
-		<!-- Modifiers -->
-		<module name="RedundantModifier"/>
-
-		<!-- Regexp -->
-		<module name="RegexpSinglelineJava">
-			<property name="format" value="^\t* +\t*\S"/>
-			<property name="message" value="Line has leading space characters; indentation should be performed with tabs only."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-		<module name="RegexpSinglelineJava">
-			<property name="maximum" value="0"/>
-			<property name="format" value="org\.mockito\.Mockito\.(when|doThrow|doAnswer)"/>
-			<property name="message"
-				value="Please use BDDMockto imports."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-		<module name="RegexpSinglelineJava">
-			<property name="maximum" value="0"/>
-			<property name="format" value="org\.junit\.Assert\.assert"/>
-			<property name="message" value="Please use AssertJ imports."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-		<module name="Regexp">
-			<property name="format" value="[ \t]+$"/>
-			<property name="illegalPattern" value="true"/>
-			<property name="message" value="Trailing whitespace"/>
-		</module>
-
-		<!-- Whitespace -->
-		<module name="GenericWhitespace"/>
-		<module name="MethodParamPad"/>
-		<module name="NoWhitespaceAfter">
-			<property name="tokens" value="BNOT, DEC, DOT, INC, LNOT, UNARY_MINUS, UNARY_PLUS, ARRAY_DECLARATOR"/>
-		</module>
-		<module name="NoWhitespaceBefore"/>
-		<module name="ParenPad"/>
-		<module name="TypecastParenPad"/>
-		<module name="WhitespaceAfter"/>
-		<module name="WhitespaceAround"/>
-	</module>
+	<module name="io.spring.javaformat.checkstyle.SpringChecks"/>
 </module>

etc/checkstyle/suppressions.xml

@@ -2,17 +2,15 @@
 <!DOCTYPE suppressions PUBLIC "-//Puppy Crawl//DTD Suppressions 1.1//EN"
 		"http://www.puppycrawl.com/dtds/suppressions_1_1.dtd">
 <suppressions>
-	<suppress files=".+Application\.java" checks="HideUtilityClassConstructor"/>
-	<suppress files=".+Configuration\.java" checks="HideUtilityClassConstructor"/>
+	<!-- global -->
+	<suppress files="[\\/]src[\\/]integration-test[\\/]java[\\/]" checks="Javadoc*"/>
 
-	<suppress files="[\\/]src[\\/]test[\\/]java[\\/]" checks="Javadoc"/>
-	<suppress files="[\\/]src[\\/]integration-test[\\/]java[\\/]" checks="Javadoc"/>
-
-	<suppress files="[\\/]docs[\\/]" checks="Javadoc"/>
-	<suppress files="[\\/]docs[\\/]" checks="CommentsIndentation"/>
+	<!-- docs -->
+	<suppress files="[\\/]docs[\\/]" checks="Javadoc*"/>
+	<suppress files="[\\/]docs[\\/]" checks="AvoidStaticImport"/>
 	<suppress files="[\\/]docs[\\/]" checks="InnerTypeLast"/>
 
-	<suppress files="[\\/]samples[\\/]" checks="Javadoc"/>
-	<suppress files="[\\/]samples[\\/]" checks="CommentsIndentation"/>
-	<suppress files="[\\/]samples[\\/]" checks="InnerTypeLast"/>
+	<!-- samples -->
+	<suppress files="[\\/]samples[\\/]" checks="Javadoc*"/>
+	<suppress files="[\\/]samples[\\/].+Application\.java" checks="HideUtilityClassConstructor"/>
 </suppressions>

gradle.properties

@@ -1,2 +1,2 @@
-springBootVersion=2.0.0.M7
-version=2.0.1.RELEASE
+springBootVersion=2.0.3.RELEASE
+version=2.0.5.RELEASE

gradle/dependency-management.gradle

@@ -1,39 +1,31 @@
 dependencyManagement {
 	imports {
-		mavenBom 'com.fasterxml.jackson:jackson-bom:2.9.4'
-		mavenBom 'io.projectreactor:reactor-bom:Bismuth-SR5'
-		mavenBom 'org.springframework:spring-framework-bom:5.0.3.RELEASE'
-		mavenBom 'org.springframework.data:spring-data-releasetrain:Kay-SR3'
-		mavenBom 'org.springframework.security:spring-security-bom:5.0.1.RELEASE'
+		mavenBom 'com.fasterxml.jackson:jackson-bom:2.9.6'
+		mavenBom 'io.projectreactor:reactor-bom:Bismuth-SR10'
+		mavenBom 'org.springframework:spring-framework-bom:5.0.8.RELEASE'
+		mavenBom 'org.springframework.data:spring-data-releasetrain:Kay-SR9'
+		mavenBom 'org.springframework.security:spring-security-bom:5.0.7.RELEASE'
+		mavenBom 'org.testcontainers:testcontainers-bom:1.8.1'
 	}
 
 	dependencies {
-		dependencySet(group: 'com.hazelcast', version: '3.9.2') {
+		dependencySet(group: 'com.hazelcast', version: '3.9.4') {
 			entry 'hazelcast'
 			entry 'hazelcast-client'
 		}
 
-		dependencySet(group: 'org.testcontainers', version: '1.5.1') {
-			entry 'mariadb'
-			entry 'mssqlserver'
-			entry 'mysql'
-			entry 'postgresql'
-			entry 'testcontainers'
-		}
-
-		dependency 'com.h2database:h2:1.4.196'
-		dependency 'com.microsoft.sqlserver:mssql-jdbc:6.2.2.jre8'
+		dependency 'com.h2database:h2:1.4.197'
+		dependency 'com.microsoft.sqlserver:mssql-jdbc:6.4.0.jre8'
 		dependency 'edu.umd.cs.mtc:multithreadedtc:1.01'
-		dependency 'io.lettuce:lettuce-core:5.0.1.RELEASE'
+		dependency 'io.lettuce:lettuce-core:5.0.4.RELEASE'
 		dependency 'javax.servlet:javax.servlet-api:3.1.0'
 		dependency 'junit:junit:4.12'
-		dependency 'mysql:mysql-connector-java:5.1.45'
-		dependency 'org.apache.derby:derby:10.14.1.0'
-		dependency 'org.assertj:assertj-core:3.9.0'
-		dependency 'org.hsqldb:hsqldb:2.4.0'
-		dependency 'org.mariadb.jdbc:mariadb-java-client:2.2.1'
-		dependency 'org.mockito:mockito-core:2.13.0'
-		dependency 'org.postgresql:postgresql:42.2.0'
-		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.29.0'
+		dependency 'mysql:mysql-connector-java:8.0.11'
+		dependency 'org.apache.derby:derby:10.14.2.0'
+		dependency 'org.assertj:assertj-core:3.10.0'
+		dependency 'org.hsqldb:hsqldb:2.4.1'
+		dependency 'org.mariadb.jdbc:mariadb-java-client:2.2.6'
+		dependency 'org.mockito:mockito-core:2.20.1'
+		dependency 'org.postgresql:postgresql:42.2.4'
 	}
 }

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.9-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.4.1-bin.zip

samples/boot/findbyusername/README.adoc

@@ -1,4 +0,0 @@
-Demonstrates using Spring Session to lookup a user's session by the username.
-The sample provides a hook to add the current username to the session (required for finding the user) by providing a custom implementation of Spring Security's `AuthenticationSuccessHandler`.
-
-NOTE: This product includes GeoLite2 data created by MaxMind, available from http://www.maxmind.com

samples/boot/findbyusername/spring-session-sample-boot-findbyusername.gradle

@@ -10,7 +10,7 @@ dependencies {
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:html5shiv"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 	compile "com.maxmind.geoip2:geoip2"
 	compile "org.apache.httpcomponents:httpclient"
 

samples/boot/findbyusername/src/integration-test/java/sample/FindByUsernameTests.java

@@ -18,7 +18,6 @@ package sample;
 
 import org.junit.After;
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
@@ -30,10 +29,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
@@ -45,15 +43,10 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
  */
 @RunWith(SpringRunner.class)
 @AutoConfigureMockMvc
-@SpringBootTest(classes = FindByUsernameApplication.class, webEnvironment = WebEnvironment.MOCK)
-@ContextConfiguration(initializers = FindByUsernameTests.Initializer.class)
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 public class FindByUsernameTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.10";
 
 	@Autowired
 	private MockMvc mockMvc;
@@ -86,16 +79,21 @@ public class FindByUsernameTests {
 		home.terminateButtonDisabled();
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/findbyusername/src/main/java/sample/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,14 +16,10 @@
 
 package sample.config;
 
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
  * Spring Security configuration.
@@ -34,20 +30,13 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	// tag::config[]
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/findbyusername/src/main/java/sample/session/SessionDetailsFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -92,7 +92,7 @@ public class SessionDetailsFilter extends OncePerRequestFilter {
 			}
 			return cityName + ", " + countryName;
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
 			return UNKNOWN;
 
 		}

samples/boot/findbyusername/src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.security.user.password=password

samples/boot/jdbc/README.adoc

@@ -1 +0,0 @@
-Demonstrates using Spring Session with Spring Boot and Spring Security. You can log in with the username "user" and the password "password".

samples/boot/jdbc/spring-session-sample-boot-jdbc.gradle

@@ -9,7 +9,7 @@ dependencies {
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:html5shiv"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 	compile "com.h2database:h2"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"

samples/boot/jdbc/src/main/java/sample/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,15 +16,11 @@
 
 package sample.config;
 
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
  * Spring Security configuration.
@@ -35,18 +31,11 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	@Override
-	public void configure(WebSecurity web) throws Exception {
+	public void configure(WebSecurity web) {
 		web
-			.ignoring().antMatchers("/h2-console/**");
+			.ignoring().requestMatchers(PathRequest.toH2Console());
 	}
 	// @formatter:on
 
@@ -56,7 +45,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/jdbc/src/main/resources/application.properties

@@ -1 +1,2 @@
+spring.security.user.password=password
 spring.h2.console.enabled=true

samples/boot/redis-json/spring-session-sample-boot-redis-json.gradle

@@ -10,7 +10,7 @@ dependencies {
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:html5shiv"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 	compile "org.apache.httpcomponents:httpclient"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"

samples/boot/redis-json/src/integration-test/java/sample/HttpRedisJsonTest.java

@@ -20,7 +20,6 @@ import java.util.List;
 
 import org.junit.After;
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
@@ -33,10 +32,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
@@ -48,16 +46,11 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(classes = Application.class, webEnvironment = WebEnvironment.MOCK)
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureMockMvc
-@ContextConfiguration(initializers = HttpRedisJsonTest.Initializer.class)
 public class HttpRedisJsonTest {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.10";
 
 	@Autowired
 	private MockMvc mockMvc;
@@ -110,16 +103,21 @@ public class HttpRedisJsonTest {
 		assertThat(attributes).extracting("attributeValue").contains("Demo Value");
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/redis-json/src/integration-test/java/sample/RedisSerializerTest.java

@@ -16,19 +16,17 @@
 
 package sample;
 
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
 import org.springframework.session.data.redis.config.annotation.SpringSessionRedisOperations;
-import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -38,15 +36,10 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(classes = Application.class)
-@ContextConfiguration(initializers = RedisSerializerTest.Initializer.class)
+@SpringBootTest
 public class RedisSerializerTest {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.10";
 
 	@SpringSessionRedisOperations
 	private RedisTemplate<Object, Object> sessionRedisTemplate;
@@ -59,16 +52,21 @@ public class RedisSerializerTest {
 				.isInstanceOf(GenericJackson2JsonRedisSerializer.class);
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/redis-json/src/main/java/sample/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,14 +16,10 @@
 
 package sample.config;
 
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
  * Spring Security configuration.
@@ -34,19 +30,12 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/redis-json/src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.security.user.password=password

samples/boot/redis/README.adoc

@@ -1 +0,0 @@
-Demonstrates using Spring Session with Spring Boot and Spring Security. You can log in with the username "user" and the password "password".

samples/boot/redis/spring-session-sample-boot-redis.gradle

@@ -10,7 +10,7 @@ dependencies {
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:html5shiv"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"
 

samples/boot/redis/src/integration-test/java/sample/BootTests.java

@@ -18,7 +18,6 @@ package sample;
 
 import org.junit.After;
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
@@ -30,10 +29,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
@@ -44,15 +42,10 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
  */
 @RunWith(SpringRunner.class)
 @AutoConfigureMockMvc
-@SpringBootTest(classes = Application.class, webEnvironment = WebEnvironment.MOCK)
-@ContextConfiguration(initializers = BootTests.Initializer.class)
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 public class BootTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.10";
 
 	@Autowired
 	private MockMvc mockMvc;
@@ -92,16 +85,21 @@ public class BootTests {
 		login.assertAt();
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/redis/src/main/java/sample/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,14 +16,10 @@
 
 package sample.config;
 
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
  * Spring Security configuration.
@@ -34,20 +30,13 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	// tag::config[]
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/redis/src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.security.user.password=password

samples/boot/webflux/src/integration-test/java/sample/AttributeTests.java

@@ -20,7 +20,6 @@ import java.util.List;
 
 import org.junit.After;
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
@@ -31,11 +30,10 @@ import sample.pages.HomePage.Attribute;
 
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
+import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.boot.web.server.LocalServerPort;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -43,17 +41,13 @@ import static org.assertj.core.api.Assertions.assertThat;
 /**
  * @author Eddú Meléndez
  * @author Rob Winch
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(classes = HelloWebFluxApplication.class, webEnvironment = WebEnvironment.RANDOM_PORT)
-@ContextConfiguration(initializers = AttributeTests.Initializer.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 public class AttributeTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.10";
 
 	@LocalServerPort
 	private int port;
@@ -99,16 +93,21 @@ public class AttributeTests {
 		assertThat(row.getAttributeValue()).isEqualTo("b");
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/websocket/spring-session-sample-boot-websocket.gradle

@@ -18,7 +18,7 @@ dependencies {
 	compile "org.webjars:knockout"
 	compile "org.webjars:sockjs-client"
 	compile "org.webjars:stomp-websocket"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 	compile "com.h2database:h2"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"

samples/boot/websocket/src/main/java/sample/config/WebSecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,30 +17,20 @@
 package sample.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 @Configuration
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth,
@@ -53,9 +43,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
 	// @formatter:off
 	@Override
-	public void configure(WebSecurity web) throws Exception {
+	public void configure(WebSecurity web) {
 		web
-			.ignoring().antMatchers("/h2-console/**");
+			.ignoring().requestMatchers(PathRequest.toH2Console());
 	}
 	// @formatter:on
 
@@ -64,7 +54,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/websocket/src/main/java/sample/security/UserRepositoryUserDetailsService.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -59,7 +59,7 @@ public class UserRepositoryUserDetailsService implements UserDetailsService {
 		return new CustomUserDetails(user);
 	}
 
-	private final static class CustomUserDetails extends User implements UserDetails {
+	private static final class CustomUserDetails extends User implements UserDetails {
 
 		private CustomUserDetails(User user) {
 			super(user);

samples/boot/websocket/src/main/java/sample/websocket/WebSocketDisconnectHandler.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -42,7 +42,7 @@ public class WebSocketDisconnectHandler<S>
 		if (id == null) {
 			return;
 		}
-		this.repository.findById(id).ifPresent(user -> {
+		this.repository.findById(id).ifPresent((user) -> {
 			this.repository.deleteById(id);
 			this.messagingTemplate.convertAndSend("/topic/friends/signout",
 					Arrays.asList(user.getUsername()));

samples/boot/websocket/src/main/resources/application.properties

@@ -1,2 +1,2 @@
-#server.session.timeout=60
+#server.servlet.session.timeout=1m
 spring.h2.console.enabled=true

samples/boot/websocket/src/test/java/sample/ApplicationTests.java

@@ -20,10 +20,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.ExecutionException;
 
-import org.junit.ClassRule;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.testcontainers.containers.GenericContainer;
 
@@ -31,10 +28,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.util.concurrent.ListenableFuture;
 import org.springframework.web.socket.TextMessage;
@@ -46,23 +42,17 @@ import org.springframework.web.socket.sockjs.client.SockJsClient;
 import org.springframework.web.socket.sockjs.client.Transport;
 import org.springframework.web.socket.sockjs.client.WebSocketTransport;
 
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
 /**
  * @author Rob Winch
  * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(classes = Application.class, webEnvironment = WebEnvironment.RANDOM_PORT)
-@ContextConfiguration(initializers = ApplicationTests.Initializer.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 public class ApplicationTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
-
-	@Rule
-	public final ExpectedException thrown = ExpectedException.none();
+	private static final String DOCKER_IMAGE = "redis:4.0.10";
 
 	@Value("${local.server.port}")
 	private String port;
@@ -71,7 +61,7 @@ public class ApplicationTests {
 	private WebSocketHandler webSocketHandler;
 
 	@Test
-	public void run() throws Exception {
+	public void run() {
 		List<Transport> transports = new ArrayList<>(2);
 		transports.add(new WebSocketTransport(new StandardWebSocketClient()));
 		transports.add(new RestTemplateXhrTransport());
@@ -80,20 +70,25 @@ public class ApplicationTests {
 		ListenableFuture<WebSocketSession> wsSession = sockJsClient.doHandshake(
 				this.webSocketHandler, "ws://localhost:" + this.port + "/sockjs");
 
-		this.thrown.expect(ExecutionException.class);
-		wsSession.get().sendMessage(new TextMessage("a"));
+		assertThatThrownBy(() -> wsSession.get().sendMessage(new TextMessage("a")))
+				.isInstanceOf(ExecutionException.class);
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/gradle/dependency-management.gradle

@@ -5,6 +5,7 @@ dependencyManagement {
 		dependency 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.2.1'
 		dependency 'javax.servlet.jsp:javax.servlet.jsp-api:2.3.2-b02'
 		dependency 'org.apache.taglibs:taglibs-standard-jstlel:1.2.5'
+		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.29.3'
 		dependency 'org.slf4j:jcl-over-slf4j:1.7.25'
 		dependency 'org.slf4j:log4j-over-slf4j:1.7.25'
 		dependency 'org.webjars:bootstrap:2.3.2'

samples/javaconfig/custom-cookie/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.7";
+	private static final String DOCKER_IMAGE = "redis:4.0.10";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

samples/javaconfig/hazelcast/src/main/java/sample/ObjectStreamSerializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -55,8 +55,8 @@ public class ObjectStreamSerializer implements StreamSerializer<Object> {
 		try {
 			return in.readObject();
 		}
-		catch (ClassNotFoundException e) {
-			throw new IOException(e);
+		catch (ClassNotFoundException ex) {
+			throw new IOException(ex);
 		}
 	}
 

samples/javaconfig/hazelcast/src/main/java/sample/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,7 +28,7 @@ import org.springframework.security.core.userdetails.User;
 public class SecurityConfig {
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-		auth.inMemoryAuthentication().withUser(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
+		auth.inMemoryAuthentication().withUser(User.withUsername("user")
+				.password("{noop}password").roles("USER").build());
 	}
 }

samples/javaconfig/redis/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.7";
+	private static final String DOCKER_IMAGE = "redis:4.0.10";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

samples/javaconfig/rest/spring-session-sample-javaconfig-rest.gradle

@@ -17,7 +17,6 @@ dependencies {
 	testCompile "org.springframework.security:spring-security-test"
 	testCompile "org.assertj:assertj-core"
 	testCompile "org.springframework:spring-test"
-	testCompile "commons-codec:commons-codec"
 
 	integrationTestCompile "org.testcontainers:testcontainers"
 }

samples/javaconfig/rest/src/integration-test/java/rest/RestMockMvcTests.java

@@ -17,7 +17,6 @@
 package rest;
 
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.testcontainers.containers.GenericContainer;
@@ -55,11 +54,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @WebAppConfiguration
 public class RestMockMvcTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.10";
 
 	@Autowired
 	private SessionRepositoryFilter<? extends Session> sessionRepositoryFilter;
@@ -97,10 +92,18 @@ public class RestMockMvcTests {
 	@EnableRedisHttpSession
 	static class Config {
 
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
 		@Bean
 		public LettuceConnectionFactory redisConnectionFactory() {
-			return new LettuceConnectionFactory(redisContainer.getContainerIpAddress(),
-					redisContainer.getFirstMappedPort());
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 		@Bean

samples/javaconfig/rest/src/integration-test/java/sample/RestTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,8 +17,8 @@
 package sample;
 
 import java.util.Arrays;
+import java.util.Base64;
 
-import org.apache.commons.codec.binary.Base64;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -32,6 +32,7 @@ import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * @author Pool Dolorier
@@ -52,13 +53,14 @@ public class RestTests {
 		this.restTemplate = new RestTemplate();
 	}
 
-	@Test(expected = HttpClientErrorException.class)
+	@Test
 	public void unauthenticatedUserSentToLogInPage() {
 		HttpHeaders headers = new HttpHeaders();
 		headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
-		ResponseEntity<String> entity = getForUser(this.baseUrl + "/",
-				headers, String.class);
-		assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
+		assertThatThrownBy(() -> getForUser(this.baseUrl + "/", headers, String.class))
+				.isInstanceOf(HttpClientErrorException.class)
+				.satisfies((e) -> assertThat(((HttpClientErrorException) e).getStatusCode())
+						.isEqualTo(HttpStatus.UNAUTHORIZED));
 	}
 
 	@Test
@@ -122,6 +124,6 @@ public class RestTests {
 
 	private String getAuth(String user, String password) {
 		String auth = user + ":" + password;
-		return new String(Base64.encodeBase64(auth.getBytes()));
+		return Base64.getEncoder().encodeToString(auth.getBytes());
 	}
 }

samples/javaconfig/rest/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.7";
+	private static final String DOCKER_IMAGE = "redis:4.0.10";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

samples/javaconfig/rest/src/main/java/sample/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,7 +43,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-		auth.inMemoryAuthentication().withUser(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
+		auth.inMemoryAuthentication().withUser(User.withUsername("user")
+				.password("{noop}password").roles("USER").build());
 	}
 }

samples/javaconfig/security/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.7";
+	private static final String DOCKER_IMAGE = "redis:4.0.10";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

samples/javaconfig/security/src/main/java/sample/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,7 +28,7 @@ import org.springframework.security.core.userdetails.User;
 public class SecurityConfig {
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-		auth.inMemoryAuthentication().withUser(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
+		auth.inMemoryAuthentication().withUser(User.withUsername("user")
+				.password("{noop}password").roles("USER").build());
 	}
 }

samples/misc/hazelcast/src/main/java/sample/Initializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -78,14 +78,14 @@ public class Initializer implements ServletContextListener {
 			socket = new ServerSocket(0);
 			return socket.getLocalPort();
 		}
-		catch (IOException e) {
-			throw new RuntimeException(e);
+		catch (IOException ex) {
+			throw new RuntimeException(ex);
 		}
 		finally {
 			try {
 				socket.close();
 			}
-			catch (IOException e) {
+			catch (IOException ex) {
 			}
 		}
 	}

samples/xml/redis/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.7";
+	private static final String DOCKER_IMAGE = "redis:4.0.10";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

spring-session-core/src/main/java/org/springframework/session/MapSession.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import java.io.Serializable;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
@@ -122,7 +123,12 @@ public final class MapSession implements Session, Serializable {
 		return this.id;
 	}
 
-	String getOriginalId() {
+	/**
+	 * Get the original session id.
+	 * @return the original session id
+	 * @see #changeSessionId()
+	 */
+	public String getOriginalId() {
 		return this.originalId;
 	}
 
@@ -172,7 +178,7 @@ public final class MapSession implements Session, Serializable {
 
 	@Override
 	public Set<String> getAttributeNames() {
-		return this.sessionAttrs.keySet();
+		return new HashSet<>(this.sessionAttrs.keySet());
 	}
 
 	@Override

spring-session-core/src/main/java/org/springframework/session/MapSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

spring-session-core/src/main/java/org/springframework/session/ReactiveMapSessionRepository.java

@@ -86,7 +86,7 @@ public class ReactiveMapSessionRepository implements ReactiveSessionRepository<M
 	public Mono<MapSession> findById(String id) {
 		// @formatter:off
 		return Mono.defer(() -> Mono.justOrEmpty(this.sessions.get(id))
-				.filter(session -> !session.isExpired())
+				.filter((session) -> !session.isExpired())
 				.map(MapSession::new)
 				.switchIfEmpty(deleteById(id).then(Mono.empty())));
 		// @formatter:on

spring-session-core/src/main/java/org/springframework/session/Session.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -47,7 +47,7 @@ public interface Session {
 	 * Gets the Object associated with the specified name or null if no Object is
 	 * associated to that name.
 	 *
-	 * @param <T> The return type of the attribute
+	 * @param <T> the return type of the attribute
 	 * @param attributeName the name of the attribute to get
 	 * @return the Object associated with the specified name or null if no Object is
 	 * associated to that name
@@ -81,7 +81,7 @@ public interface Session {
 	@SuppressWarnings("unchecked")
 	default <T> T getAttributeOrDefault(String name, T defaultValue) {
 		T result = getAttribute(name);
-		return result == null ? defaultValue : result;
+		return (result != null ? result : defaultValue);
 	}
 
 	/**

spring-session-core/src/main/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -110,8 +110,8 @@ public class SpringHttpSessionConfiguration implements ApplicationContextAware {
 
 	@PostConstruct
 	public void init() {
-		CookieSerializer cookieSerializer = this.cookieSerializer != null
-				? this.cookieSerializer : createDefaultCookieSerializer();
+		CookieSerializer cookieSerializer = (this.cookieSerializer != null
+				? this.cookieSerializer : createDefaultCookieSerializer());
 		this.defaultHttpSessionIdResolver.setCookieSerializer(cookieSerializer);
 	}
 
@@ -169,9 +169,9 @@ public class SpringHttpSessionConfiguration implements ApplicationContextAware {
 			try {
 				sessionCookieConfig = this.servletContext.getSessionCookieConfig();
 			}
-			catch (UnsupportedOperationException e) {
+			catch (UnsupportedOperationException ex) {
 				this.logger
-						.warn("Unable to obtain SessionCookieConfig: " + e.getMessage());
+						.warn("Unable to obtain SessionCookieConfig: " + ex.getMessage());
 			}
 			if (sessionCookieConfig != null) {
 				if (sessionCookieConfig.getName() != null) {

spring-session-core/src/main/java/org/springframework/session/events/AbstractSessionEvent.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -45,7 +45,7 @@ public abstract class AbstractSessionEvent extends ApplicationEvent {
 	 * implementations it may not be possible to get the original session in which case
 	 * this may be null.
 	 *
-	 * @param <S> The type of Session
+	 * @param <S> the type of Session
 	 * @return the expired {@link Session} or null if the data store does not support
 	 * obtaining it
 	 */

spring-session-core/src/main/java/org/springframework/session/security/SpringSessionBackedSessionInformation.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -63,7 +63,7 @@ class SpringSessionBackedSessionInformation<S extends Session>
 	/**
 	 * Tries to determine the principal's name from the given Session.
 	 *
-	 * @param session Spring Session session
+	 * @param session the session
 	 * @return the principal's name, or empty String if it couldn't be determined
 	 */
 	private static String resolvePrincipal(Session session) {

spring-session-core/src/main/java/org/springframework/session/web/http/CookieSerializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -78,7 +78,7 @@ public interface CookieSerializer {
 		 * modified by the {@link CookieSerializer} when writing to the actual cookie so
 		 * long as the original value is returned when the cookie is read.
 		 */
-		CookieValue(HttpServletRequest request, HttpServletResponse response,
+		public CookieValue(HttpServletRequest request, HttpServletResponse response,
 				String cookieValue) {
 			this.request = request;
 			this.response = response;

spring-session-core/src/main/java/org/springframework/session/web/http/DefaultCookieSerializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,11 +22,13 @@ import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import javax.servlet.ServletRequest;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 /**
  * The default implementation of {@link CookieSerializer}.
  *
@@ -37,11 +39,13 @@ import javax.servlet.http.HttpServletResponse;
  */
 public class DefaultCookieSerializer implements CookieSerializer {
 
+	private static final Log logger = LogFactory.getLog(DefaultCookieSerializer.class);
+
 	private String cookieName = "SESSION";
 
 	private Boolean useSecureCookie;
 
-	private boolean useHttpOnlyCookie = isServlet3();
+	private boolean useHttpOnlyCookie = true;
 
 	private String cookiePath;
 
@@ -70,8 +74,8 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		if (cookies != null) {
 			for (Cookie cookie : cookies) {
 				if (this.cookieName.equals(cookie.getName())) {
-					String sessionId = this.useBase64Encoding
-							? base64Decode(cookie.getValue()) : cookie.getValue();
+					String sessionId = (this.useBase64Encoding
+							? base64Decode(cookie.getValue()) : cookie.getValue());
 					if (sessionId == null) {
 						continue;
 					}
@@ -98,8 +102,8 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		HttpServletResponse response = cookieValue.getResponse();
 
 		String requestedCookieValue = cookieValue.getCookieValue();
-		String actualCookieValue = this.jvmRoute == null ? requestedCookieValue
-				: requestedCookieValue + this.jvmRoute;
+		String actualCookieValue = (this.jvmRoute != null
+				? requestedCookieValue + this.jvmRoute : requestedCookieValue);
 
 		Cookie sessionCookie = new Cookie(this.cookieName, this.useBase64Encoding
 				? base64Encode(actualCookieValue) : actualCookieValue);
@@ -141,7 +145,8 @@ public class DefaultCookieSerializer implements CookieSerializer {
 			byte[] decodedCookieBytes = Base64.getDecoder().decode(base64Value);
 			return new String(decodedCookieBytes);
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
+			logger.debug("Unable to Base64 decode value: " + base64Value);
 			return null;
 		}
 	}
@@ -168,16 +173,11 @@ public class DefaultCookieSerializer implements CookieSerializer {
 	}
 
 	/**
-	 * Sets if a Cookie marked as HTTP Only should be used. The default is true in Servlet
-	 * 3+ environments, else false.
+	 * Sets if a Cookie marked as HTTP Only should be used. The default is true.
 	 *
 	 * @param useHttpOnlyCookie determines if the cookie should be marked as HTTP Only.
 	 */
 	public void setUseHttpOnlyCookie(boolean useHttpOnlyCookie) {
-		if (useHttpOnlyCookie && !isServlet3()) {
-			throw new IllegalArgumentException(
-					"You cannot set useHttpOnlyCookie to true in pre Servlet 3 environment");
-		}
 		this.useHttpOnlyCookie = useHttpOnlyCookie;
 	}
 
@@ -337,19 +337,4 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		return this.cookiePath;
 	}
 
-	/**
-	 * Returns true if the Servlet 3 APIs are detected.
-	 *
-	 * @return whether the Servlet 3 APIs are detected
-	 */
-	private boolean isServlet3() {
-		try {
-			ServletRequest.class.getMethod("startAsync");
-			return true;
-		}
-		catch (NoSuchMethodException e) {
-		}
-		return false;
-	}
-
 }

spring-session-core/src/main/java/org/springframework/session/web/http/HeaderHttpSessionIdResolver.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -98,8 +98,8 @@ public class HeaderHttpSessionIdResolver implements HttpSessionIdResolver {
 	@Override
 	public List<String> resolveSessionIds(HttpServletRequest request) {
 		String headerValue = request.getHeader(this.headerName);
-		return headerValue != null ? Collections.singletonList(headerValue)
-				: Collections.emptyList();
+		return (headerValue != null ? Collections.singletonList(headerValue)
+				: Collections.emptyList());
 	}
 
 	@Override

spring-session-core/src/main/java/org/springframework/session/web/http/OnCommittedResponseWrapper.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -174,11 +174,11 @@ abstract class OnCommittedResponseWrapper extends HttpServletResponseWrapper {
 	}
 
 	private void trackContentLength(byte[] content) {
-		checkContentLength(content == null ? 0 : content.length);
+		checkContentLength(content != null ? content.length : 0);
 	}
 
 	private void trackContentLength(char[] content) {
-		checkContentLength(content == null ? 0 : content.length);
+		checkContentLength(content != null ? content.length : 0);
 	}
 
 	private void trackContentLength(int content) {

spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@ package org.springframework.session.web.http;
 
 import java.io.IOException;
 import java.time.Instant;
+import java.util.List;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletContext;
@@ -196,14 +197,18 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 	private final class SessionRepositoryRequestWrapper
 			extends HttpServletRequestWrapper {
 
-		private Boolean requestedSessionIdValid;
-
-		private boolean requestedSessionInvalidated;
-
 		private final HttpServletResponse response;
 
 		private final ServletContext servletContext;
 
+		private S requestedSession;
+
+		private boolean requestedSessionCached;
+
+		private Boolean requestedSessionIdValid;
+
+		private boolean requestedSessionInvalidated;
+
 		private SessionRepositoryRequestWrapper(HttpServletRequest request,
 				HttpServletResponse response, ServletContext servletContext) {
 			super(request);
@@ -225,6 +230,7 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 			}
 			else {
 				S session = wrappedSession.getSession();
+				clearRequestedSessionCache();
 				SessionRepositoryFilter.this.sessionRepository.save(session);
 				String sessionId = session.getId();
 				if (!isRequestedSessionIdValid()
@@ -265,9 +271,11 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 		@Override
 		public boolean isRequestedSessionIdValid() {
 			if (this.requestedSessionIdValid == null) {
-				String sessionId = getRequestedSessionId();
-				S session = sessionId == null ? null : getSession(sessionId);
-				return isRequestedSessionIdValid(session);
+				S requestedSession = getRequestedSession();
+				if (requestedSession != null) {
+					requestedSession.setLastAccessedTime(Instant.now());
+				}
+				return isRequestedSessionIdValid(requestedSession);
 			}
 
 			return this.requestedSessionIdValid;
@@ -284,28 +292,18 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 			return getCurrentSession() == null && this.requestedSessionInvalidated;
 		}
 
-		private S getSession(String sessionId) {
-			S session = SessionRepositoryFilter.this.sessionRepository
-					.findById(sessionId);
-			if (session == null) {
-				return null;
-			}
-			session.setLastAccessedTime(Instant.now());
-			return session;
-		}
-
 		@Override
 		public HttpSessionWrapper getSession(boolean create) {
 			HttpSessionWrapper currentSession = getCurrentSession();
 			if (currentSession != null) {
 				return currentSession;
 			}
-			String requestedSessionId = getRequestedSessionId();
-			if (requestedSessionId != null) {
+			S requestedSession = getRequestedSession();
+			if (requestedSession != null) {
 				if (getAttribute(INVALID_SESSION_ID_ATTR) == null) {
-					S session = getSession(requestedSessionId);
+					requestedSession.setLastAccessedTime(Instant.now());
 					this.requestedSessionIdValid = true;
-					currentSession = new HttpSessionWrapper(session, getServletContext());
+					currentSession = new HttpSessionWrapper(requestedSession, getServletContext());
 					currentSession.setNew(false);
 					setCurrentSession(currentSession);
 					return currentSession;
@@ -353,11 +351,30 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 
 		@Override
 		public String getRequestedSessionId() {
-			return SessionRepositoryFilter.this.httpSessionIdResolver
-					.resolveSessionIds(this).stream()
-					.filter(sessionId -> SessionRepositoryFilter.this.sessionRepository
-							.findById(sessionId) != null)
-					.findFirst().orElse(null);
+			S requestedSession = getRequestedSession();
+			return (requestedSession != null ? requestedSession.getId() : null);
+		}
+
+		private S getRequestedSession() {
+			if (!this.requestedSessionCached) {
+				List<String> sessionIds = SessionRepositoryFilter.this.httpSessionIdResolver
+						.resolveSessionIds(this);
+				for (String sessionId : sessionIds) {
+					S session = SessionRepositoryFilter.this.sessionRepository
+							.findById(sessionId);
+					if (session != null) {
+						this.requestedSession = session;
+						break;
+					}
+				}
+				this.requestedSessionCached = true;
+			}
+			return this.requestedSession;
+		}
+
+		private void clearRequestedSessionCache() {
+			this.requestedSessionCached = false;
+			this.requestedSession = null;
 		}
 
 		/**
@@ -377,6 +394,7 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 				super.invalidate();
 				SessionRepositoryRequestWrapper.this.requestedSessionInvalidated = true;
 				setCurrentSession(null);
+				clearRequestedSessionCache();
 				SessionRepositoryFilter.this.sessionRepository.deleteById(getId());
 			}
 		}

spring-session-core/src/main/java/org/springframework/session/web/server/session/SpringSessionWebSessionStore.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -46,6 +46,7 @@ import org.springframework.web.server.session.WebSessionStore;
  *
  * @param <S> the {@link Session} type
  * @author Rob Winch
+ * @author Vedran Pavic
  * @since 2.0
  */
 public class SpringSessionWebSessionStore<S extends Session> implements WebSessionStore {
@@ -94,7 +95,9 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 
 	@Override
 	public Mono<WebSession> retrieveSession(String sessionId) {
-		return this.sessions.findById(sessionId).map(this::existingSession);
+		return this.sessions.findById(sessionId)
+				.doOnNext((session) -> session.setLastAccessedTime(this.clock.instant()))
+				.map(this::existingSession);
 	}
 
 	@Override
@@ -161,6 +164,7 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 
 		@Override
 		public Mono<Void> invalidate() {
+			this.state.set(State.EXPIRED);
 			return SpringSessionWebSessionStore.this.sessions.deleteById(this.session.getId());
 		}
 
@@ -171,7 +175,14 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 
 		@Override
 		public boolean isExpired() {
-			return this.session.isExpired();
+			if (this.state.get().equals(State.EXPIRED)) {
+				return true;
+			}
+			if (this.session.isExpired()) {
+				this.state.set(State.EXPIRED);
+				return true;
+			}
+			return false;
 		}
 
 		@Override
@@ -196,7 +207,7 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 	}
 
 	private enum State {
-		NEW, STARTED
+		NEW, STARTED, EXPIRED
 	}
 
 	private static class SpringSessionMap implements Map<String, Object> {
@@ -228,7 +239,7 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 		@Override
 		public boolean containsValue(Object value) {
 			return this.session.getAttributeNames().stream()
-					.anyMatch(attrName -> this.session.getAttribute(attrName) != null);
+					.anyMatch((attrName) -> this.session.getAttribute(attrName) != null);
 		}
 
 		@Override

spring-session-core/src/main/java/org/springframework/session/web/socket/config/annotation/AbstractSessionWebSocketMessageBrokerConfigurer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,10 +25,10 @@ import org.springframework.session.SessionRepository;
 import org.springframework.session.web.socket.handler.WebSocketConnectHandlerDecoratorFactory;
 import org.springframework.session.web.socket.handler.WebSocketRegistryListener;
 import org.springframework.session.web.socket.server.SessionRepositoryMessageInterceptor;
-import org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 import org.springframework.web.socket.config.annotation.StompWebSocketEndpointRegistration;
 import org.springframework.web.socket.config.annotation.WebMvcStompEndpointRegistry;
+import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
 import org.springframework.web.socket.config.annotation.WebSocketTransportRegistration;
 import org.springframework.web.socket.messaging.StompSubProtocolErrorHandler;
 import org.springframework.web.socket.server.HandshakeInterceptor;
@@ -75,7 +75,7 @@ import org.springframework.web.util.UrlPathHelper;
  * @since 1.0
  */
 public abstract class AbstractSessionWebSocketMessageBrokerConfigurer<S extends Session>
-		extends AbstractWebSocketMessageBrokerConfigurer {
+		implements WebSocketMessageBrokerConfigurer {
 
 	@Autowired
 	@SuppressWarnings("rawtypes")

spring-session-core/src/main/java/org/springframework/session/web/socket/handler/WebSocketRegistryListener.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -71,8 +71,9 @@ public final class WebSocketRegistryListener
 			SessionDisconnectEvent e = (SessionDisconnectEvent) event;
 			Map<String, Object> sessionAttributes = SimpMessageHeaderAccessor
 					.getSessionAttributes(e.getMessage().getHeaders());
-			String httpSessionId = sessionAttributes == null ? null
-					: SessionRepositoryMessageInterceptor.getSessionId(sessionAttributes);
+			String httpSessionId = (sessionAttributes != null
+					? SessionRepositoryMessageInterceptor.getSessionId(sessionAttributes)
+					: null);
 			afterConnectionClosed(httpSessionId, e.getSessionId());
 		}
 	}
@@ -140,10 +141,10 @@ public final class WebSocketRegistryListener
 			try {
 				toClose.close(SESSION_EXPIRED_STATUS);
 			}
-			catch (IOException e) {
+			catch (IOException ex) {
 				logger.debug(
 						"Failed to close WebSocketSession (this is nothing to worry about but for debugging only)",
-						e);
+						ex);
 			}
 		}
 	}

spring-session-core/src/main/java/org/springframework/session/web/socket/server/SessionRepositoryMessageInterceptor.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,7 +31,6 @@ import org.springframework.messaging.MessageChannel;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
 import org.springframework.messaging.simp.SimpMessageType;
 import org.springframework.messaging.support.ChannelInterceptor;
-import org.springframework.messaging.support.ChannelInterceptorAdapter;
 import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
 import org.springframework.util.Assert;
@@ -63,7 +62,7 @@ import org.springframework.web.socket.server.HandshakeInterceptor;
  * @since 1.0
  */
 public final class SessionRepositoryMessageInterceptor<S extends Session>
-		extends ChannelInterceptorAdapter implements HandshakeInterceptor {
+		implements ChannelInterceptor, HandshakeInterceptor {
 
 	private static final String SPRING_SESSION_ID_ATTR_NAME = "SPRING.SESSION.ID";
 
@@ -114,12 +113,12 @@ public final class SessionRepositoryMessageInterceptor<S extends Session>
 		SimpMessageType messageType = SimpMessageHeaderAccessor
 				.getMessageType(message.getHeaders());
 		if (!this.matchingMessageTypes.contains(messageType)) {
-			return super.preSend(message, channel);
+			return message;
 		}
 		Map<String, Object> sessionHeaders = SimpMessageHeaderAccessor
 				.getSessionAttributes(message.getHeaders());
-		String sessionId = sessionHeaders == null ? null
-				: (String) sessionHeaders.get(SPRING_SESSION_ID_ATTR_NAME);
+		String sessionId = (sessionHeaders != null
+				? (String) sessionHeaders.get(SPRING_SESSION_ID_ATTR_NAME) : null);
 		if (sessionId != null) {
 			S session = this.sessionRepository.findById(sessionId);
 			if (session != null) {
@@ -128,7 +127,7 @@ public final class SessionRepositoryMessageInterceptor<S extends Session>
 				this.sessionRepository.save(session);
 			}
 		}
-		return super.preSend(message, channel);
+		return message;
 	}
 
 	@Override

spring-session-core/src/test/java/org/springframework/session/MapSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -100,4 +100,17 @@ public class MapSessionRepositoryTests {
 		assertThat(this.repository.findById(createSession.getId())).isNotNull();
 	}
 
+	@Test // gh-1120
+	public void getAttributeNamesAndRemove() {
+		MapSession session = this.repository.createSession();
+		session.setAttribute("attribute1", "value1");
+		session.setAttribute("attribute2", "value2");
+
+		for (String attributeName : session.getAttributeNames()) {
+			session.removeAttribute(attributeName);
+		}
+
+		assertThat(session.getAttributeNames()).isEmpty();
+	}
+
 }

spring-session-core/src/test/java/org/springframework/session/MapSessionTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@ import org.junit.Before;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 public class MapSessionTests {
 
@@ -35,9 +36,11 @@ public class MapSessionTests {
 		this.session.setLastAccessedTime(Instant.ofEpochMilli(1413258262962L));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullSession() {
-		new MapSession((Session) null);
+		assertThatThrownBy(() -> new MapSession((Session) null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("session cannot be null");
 	}
 
 	@Test
@@ -65,9 +68,11 @@ public class MapSessionTests {
 		assertThat(result).isEqualTo(attrValue);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void getRequiredAttributeWhenNullThenException() {
-		this.session.getRequiredAttribute("attrName");
+		assertThatThrownBy(() -> this.session.getRequiredAttribute("attrName"))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("Required attribute 'attrName' is missing.");
 	}
 
 	@Test
@@ -128,6 +133,18 @@ public class MapSessionTests {
 		assertThat(this.session.isExpired(now)).isTrue();
 	}
 
+	@Test // gh-1120
+	public void getAttributeNamesAndRemove() {
+		this.session.setAttribute("attribute1", "value1");
+		this.session.setAttribute("attribute2", "value2");
+
+		for (String attributeName : this.session.getAttributeNames()) {
+			this.session.removeAttribute(attributeName);
+		}
+
+		assertThat(this.session.getAttributeNames()).isEmpty();
+	}
+
 	static class CustomSession implements Session {
 
 		@Override

spring-session-core/src/test/java/org/springframework/session/ReactiveMapSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,6 +27,7 @@ import org.junit.Before;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * Tests for {@link ReactiveMapSessionRepository}.
@@ -57,10 +58,11 @@ public class ReactiveMapSessionRepositoryTests {
 		assertThat(findByIdSession.getId()).isEqualTo(this.session.getId());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorMapWhenNullThenThrowsIllegalArgumentException() {
-		Map<String, Session> sessions = null;
-		new ReactiveMapSessionRepository(sessions);
+		assertThatThrownBy(() -> new ReactiveMapSessionRepository(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("sessions cannot be null");
 	}
 
 	@Test
@@ -142,4 +144,17 @@ public class ReactiveMapSessionRepositoryTests {
 		assertThat(this.repository.findById(createSession.getId()).block()).isNotNull();
 	}
 
+	@Test // gh-1120
+	public void getAttributeNamesAndRemove() {
+		MapSession session = this.repository.createSession().block();
+		session.setAttribute("attribute1", "value1");
+		session.setAttribute("attribute2", "value2");
+
+		for (String attributeName : session.getAttributeNames()) {
+			session.removeAttribute(attributeName);
+		}
+
+		assertThat(session.getAttributeNames()).isEmpty();
+	}
+
 }

spring-session-core/src/test/java/org/springframework/session/config/annotation/web/http/EnableSpringHttpSessionCustomCookieSerializerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -49,6 +49,7 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.verify;
 
 /**
@@ -82,6 +83,9 @@ public class EnableSpringHttpSessionCustomCookieSerializerTests {
 	@Before
 	public void setup() {
 		this.chain = new MockFilterChain();
+
+		reset(this.sessionRepository);
+		reset(this.cookieSerializer);
 	}
 
 	@Test
@@ -99,7 +103,7 @@ public class EnableSpringHttpSessionCustomCookieSerializerTests {
 
 	@Test
 	public void usesWrite() throws Exception {
-		given(this.sessionRepository.findById(anyString())).willReturn(new MapSession());
+		given(this.sessionRepository.createSession()).willReturn(new MapSession());
 
 		this.sessionRepositoryFilter.doFilter(this.request, this.response,
 				new MockFilterChain() {

spring-session-core/src/test/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,11 +21,7 @@ import java.util.concurrent.ConcurrentHashMap;
 import javax.servlet.ServletContext;
 
 import org.junit.After;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
-import org.junit.runner.RunWith;
-import org.mockito.junit.MockitoJUnitRunner;
 
 import org.springframework.beans.factory.UnsatisfiedDependencyException;
 import org.springframework.context.annotation.AnnotationConfigApplicationContext;
@@ -42,18 +38,15 @@ import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * Tests for {@link SpringHttpSessionConfiguration}.
  *
  * @author Vedran Pavic
  */
-@RunWith(MockitoJUnitRunner.class)
 public class SpringHttpSessionConfigurationTests {
 
-	@Rule
-	public final ExpectedException thrown = ExpectedException.none();
-
 	private AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
 
 	@After
@@ -70,10 +63,9 @@ public class SpringHttpSessionConfigurationTests {
 
 	@Test
 	public void noSessionRepositoryConfiguration() {
-		this.thrown.expect(UnsatisfiedDependencyException.class);
-		this.thrown.expectMessage("org.springframework.session.SessionRepository");
-
-		registerAndRefresh(EmptyConfiguration.class);
+		assertThatThrownBy(() -> registerAndRefresh(EmptyConfiguration.class))
+				.isInstanceOf(UnsatisfiedDependencyException.class)
+				.hasMessageContaining("org.springframework.session.SessionRepository");
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/security/web/authentication/SpringSessionRememberMeServicesTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,15 +20,14 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -43,9 +42,6 @@ import static org.mockito.Mockito.verifyZeroInteractions;
  */
 public class SpringSessionRememberMeServicesTests {
 
-	@Rule
-	public ExpectedException thrown = ExpectedException.none();
-
 	private SpringSessionRememberMeServices rememberMeServices;
 
 	@Test
@@ -71,10 +67,10 @@ public class SpringSessionRememberMeServicesTests {
 
 	@Test
 	public void createWithNullParameter() {
-		this.thrown.expect(IllegalArgumentException.class);
-		this.thrown.expectMessage("rememberMeParameterName cannot be empty or null");
 		this.rememberMeServices = new SpringSessionRememberMeServices();
-		this.rememberMeServices.setRememberMeParameterName(null);
+		assertThatThrownBy(() -> this.rememberMeServices.setRememberMeParameterName(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("rememberMeParameterName cannot be empty or null");
 	}
 
 	@Test
@@ -114,7 +110,8 @@ public class SpringSessionRememberMeServicesTests {
 		this.rememberMeServices = new SpringSessionRememberMeServices();
 		this.rememberMeServices.loginFail(request, response);
 		verify(request, times(1)).getSession(eq(false));
-		verify(session, times(1)).removeAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
+		verify(session, times(1)).removeAttribute(
+				HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
 		verifyZeroInteractions(request, response, session);
 	}
 

spring-session-core/src/test/java/org/springframework/session/web/http/DefaultCookieSerializerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,9 +21,7 @@ import java.util.Base64;
 import javax.servlet.http.Cookie;
 
 import org.junit.Before;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 import org.junit.runners.Parameterized.Parameters;
@@ -34,6 +32,7 @@ import org.springframework.session.web.http.CookieSerializer.CookieValue;
 import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * Tests for {@link DefaultCookieSerializer}.
@@ -50,9 +49,6 @@ public class DefaultCookieSerializerTests {
 		return new Object[] { false, true };
 	}
 
-	@Rule
-	public ExpectedException thrown = ExpectedException.none();
-
 	private boolean useBase64Encoding;
 
 	private String cookieName;
@@ -214,10 +210,12 @@ public class DefaultCookieSerializerTests {
 		assertThat(getCookie().getDomain()).isEqualTo(domainName);
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void setDomainNameAndDomainNamePatternThrows() {
 		this.serializer.setDomainName("example.com");
-		this.serializer.setDomainNamePattern(".*");
+		assertThatThrownBy(() -> this.serializer.setDomainNamePattern(".*"))
+				.isInstanceOf(IllegalStateException.class)
+				.hasMessage("Cannot set both domainName and domainNamePattern");
 	}
 
 	// --- domainNamePattern ---
@@ -246,10 +244,12 @@ public class DefaultCookieSerializerTests {
 		}
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void setDomainNamePatternAndDomainNameThrows() {
 		this.serializer.setDomainNamePattern(".*");
-		this.serializer.setDomainName("example.com");
+		assertThatThrownBy(() -> this.serializer.setDomainName("example.com"))
+				.isInstanceOf(IllegalStateException.class)
+				.hasMessage("Cannot set both domainName and domainNamePattern");
 	}
 
 	// --- cookieName ---
@@ -271,9 +271,11 @@ public class DefaultCookieSerializerTests {
 		assertThat(getCookie().getName()).isEqualTo(cookieName);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setCookieNameNullThrows() {
-		this.serializer.setCookieName(null);
+		assertThatThrownBy(() -> this.serializer.setCookieName(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("cookieName cannot be null");
 	}
 
 	// --- cookiePath ---

spring-session-core/src/test/java/org/springframework/session/web/http/HeaderHttpSessionIdResolverTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,15 +20,14 @@ import java.util.Collections;
 import java.util.UUID;
 
 import org.junit.Before;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * Tests for {@link HeaderHttpSessionIdResolver}.
@@ -37,9 +36,6 @@ public class HeaderHttpSessionIdResolverTests {
 
 	private static final String HEADER_X_AUTH_TOKEN = "X-Auth-Token";
 
-	@Rule
-	public ExpectedException thrown = ExpectedException.none();
-
 	private MockHttpServletRequest request;
 
 	private MockHttpServletResponse response;
@@ -47,7 +43,7 @@ public class HeaderHttpSessionIdResolverTests {
 	private HeaderHttpSessionIdResolver resolver;
 
 	@Before
-	public void setup() throws Exception {
+	public void setup() {
 		this.request = new MockHttpServletRequest();
 		this.response = new MockHttpServletResponse();
 		this.resolver = HeaderHttpSessionIdResolver.xAuthToken();
@@ -78,9 +74,9 @@ public class HeaderHttpSessionIdResolverTests {
 
 	@Test
 	public void createResolverWithNullHeaderName() {
-		this.thrown.expect(IllegalArgumentException.class);
-		this.thrown.expectMessage("headerName cannot be null");
-		new HeaderHttpSessionIdResolver(null);
+		assertThatThrownBy(() -> new HeaderHttpSessionIdResolver(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("headerName cannot be null");
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -58,6 +58,7 @@ import org.springframework.session.SessionRepository;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -66,6 +67,7 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
 
@@ -1334,6 +1336,32 @@ public class SessionRepositoryFilterTests {
 		verifyZeroInteractions(sessionRepository);
 	}
 
+	@Test
+	public void doFilterSessionRetrievalIsCached() throws Exception {
+		MapSession session = this.sessionRepository.createSession();
+		this.sessionRepository.save(session);
+		SessionRepository<MapSession> sessionRepository = spy(this.sessionRepository);
+		setSessionCookie(session.getId());
+
+		this.filter = new SessionRepositoryFilter<>(sessionRepository);
+
+		doFilter(new DoInFilter() {
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest,
+					HttpServletResponse wrappedResponse) {
+				wrappedRequest.getSession().invalidate();
+				wrappedRequest.getSession();
+			}
+		});
+
+		// 3 invocations expected: initial resolution, after invalidation, after commit
+		verify(sessionRepository, times(3)).findById(eq(session.getId()));
+		verify(sessionRepository).deleteById(eq(session.getId()));
+		verify(sessionRepository).createSession();
+		verify(sessionRepository).save(any());
+		verifyZeroInteractions(sessionRepository);
+	}
+
 	// --- order
 
 	@Test
@@ -1343,15 +1371,19 @@ public class SessionRepositoryFilterTests {
 	}
 
 	// We want the filter to work without any dependencies on Spring
-	@Test(expected = ClassCastException.class)
+	@Test
 	@SuppressWarnings("unused")
 	public void doesNotImplementOrdered() {
-		Ordered o = (Ordered) this.filter;
+		assertThatThrownBy(() -> {
+			Ordered o = (Ordered) this.filter;
+		}).isInstanceOf(ClassCastException.class);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setHttpSessionIdResolverNull() {
-		this.filter.setHttpSessionIdResolver(null);
+		assertThatThrownBy(() -> this.filter.setHttpSessionIdResolver(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("httpSessionIdResolver cannot be null");
 	}
 
 	// --- helper methods

spring-session-core/src/test/java/org/springframework/session/web/server/session/SpringSessionWebSessionStoreTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -33,6 +33,7 @@ import org.springframework.session.Session;
 import org.springframework.web.server.WebSession;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
@@ -41,7 +42,7 @@ import static org.mockito.Mockito.verify;
  * Tests for {@link SpringSessionWebSessionStore}.
  *
  * @author Rob Winch
- * @since 5.0
+ * @author Vedran Pavic
  */
 @RunWith(MockitoJUnitRunner.class)
 public class SpringSessionWebSessionStoreTests<S extends Session> {
@@ -66,9 +67,11 @@ public class SpringSessionWebSessionStoreTests<S extends Session> {
 				.willReturn(Mono.just(this.createSession));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenNullRepositoryThenThrowsIllegalArgumentException() {
-		new SpringSessionWebSessionStore<S>(null);
+		assertThatThrownBy(() -> new SpringSessionWebSessionStore<S>(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("reactiveSessionRepository cannot be null");
 	}
 
 	@Test
@@ -268,6 +271,7 @@ public class SpringSessionWebSessionStoreTests<S extends Session> {
 				.retrieveSession(id).block();
 
 		assertThat(retrievedWebSession.isStarted()).isTrue();
+		verify(this.findByIdSession).setLastAccessedTime(any());
 	}
 
 	@Test
@@ -280,8 +284,28 @@ public class SpringSessionWebSessionStoreTests<S extends Session> {
 		verify(this.sessionRepository).deleteById(sessionId);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setClockWhenNullThenException() {
-		this.webSessionStore.setClock(null);
+		assertThatThrownBy(() -> this.webSessionStore.setClock(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("clock cannot be null");
 	}
+
+	@Test // gh-1114
+	public void createSessionThenSessionIsNotExpired() {
+		WebSession createdWebSession = this.webSessionStore.createWebSession().block();
+
+		assertThat(createdWebSession.isExpired()).isFalse();
+	}
+
+	@Test // gh-1114
+	public void invalidateSessionThenSessionIsExpired() {
+		WebSession createdWebSession = this.webSessionStore.createWebSession().block();
+		given(createdWebSession.invalidate()).willReturn(Mono.empty());
+
+		createdWebSession.invalidate().block();
+
+		assertThat(createdWebSession.isExpired()).isTrue();
+	}
+
 }

spring-session-core/src/test/java/org/springframework/session/web/socket/handler/WebSocketConnectHandlerDecoratorFactoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@ import org.springframework.web.socket.WebSocketHandler;
 import org.springframework.web.socket.WebSocketSession;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.any;
 import static org.mockito.Mockito.verify;
@@ -53,9 +54,11 @@ public class WebSocketConnectHandlerDecoratorFactoryTests {
 		this.factory = new WebSocketConnectHandlerDecoratorFactory(this.eventPublisher);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullEventPublisher() {
-		new WebSocketConnectHandlerDecoratorFactory(null);
+		assertThatThrownBy(() -> new WebSocketConnectHandlerDecoratorFactory(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("eventPublisher cannot be null");
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/web/socket/server/SessionRepositoryMessageInterceptorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,6 +43,7 @@ import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.argThat;
@@ -79,9 +80,11 @@ public class SessionRepositoryMessageInterceptorTests {
 		given(this.sessionRepository.findById(sessionId)).willReturn(this.session);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void preSendconstructorNullRepository() {
-		new SessionRepositoryMessageInterceptor<>(null);
+		assertThatThrownBy(() -> new SessionRepositoryMessageInterceptor<>(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("sessionRepository cannot be null");
 	}
 
 	@Test
@@ -129,14 +132,19 @@ public class SessionRepositoryMessageInterceptorTests {
 		verifyZeroInteractions(this.sessionRepository);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setMatchingMessageTypesNull() {
-		this.interceptor.setMatchingMessageTypes(null);
+		assertThatThrownBy(() -> this.interceptor.setMatchingMessageTypes(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("matchingMessageTypes cannot be null or empty");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setMatchingMessageTypesEmpty() {
-		this.interceptor.setMatchingMessageTypes(Collections.emptySet());
+		assertThatThrownBy(
+				() -> this.interceptor.setMatchingMessageTypes(Collections.emptySet()))
+						.isInstanceOf(IllegalArgumentException.class)
+						.hasMessage("matchingMessageTypes cannot be null or empty");
 	}
 
 	@Test

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/SessionEventRegistry.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -66,6 +66,6 @@ public class SessionEventRegistry implements ApplicationListener<AbstractSession
 	}
 
 	private Object getLock(String sessionId) {
-		return this.locks.computeIfAbsent(sessionId, k -> new Object());
+		return this.locks.computeIfAbsent(sessionId, (k) -> new Object());
 	}
 }

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/AbstractRedisITests.java

@@ -16,7 +16,6 @@
 
 package org.springframework.session.data.redis;
 
-import org.junit.ClassRule;
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,19 +29,23 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
  */
 public abstract class AbstractRedisITests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.10";
 
 	protected static class BaseConfig {
 
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
 		@Bean
 		public LettuceConnectionFactory redisConnectionFactory() {
 			RedisStandaloneConfiguration configuration = new RedisStandaloneConfiguration(
-					redisContainer.getContainerIpAddress(),
-					redisContainer.getFirstMappedPort());
+					redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 			return new LettuceConnectionFactory(configuration);
 		}
 

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/taskexecutor/RedisListenerContainerTaskExecutorITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -95,7 +95,7 @@ public class RedisListenerContainerTaskExecutorITests extends AbstractRedisITest
 			synchronized (this.lock) {
 				this.lock.wait(TimeUnit.SECONDS.toMillis(1));
 			}
-			return this.taskDispatched == null ? Boolean.FALSE : this.taskDispatched;
+			return (this.taskDispatched != null ? this.taskDispatched : Boolean.FALSE);
 		}
 	}
 

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/ReactiveRedisOperationsSessionRepository.java

@@ -22,7 +22,6 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
 import java.util.function.Function;
-import java.util.stream.Collectors;
 
 import org.reactivestreams.Publisher;
 import reactor.core.publisher.Mono;
@@ -135,7 +134,7 @@ public class ReactiveRedisOperationsSessionRepository implements
 
 	@Override
 	public Mono<Void> save(RedisSession session) {
-		return session.saveDelta().and(s -> {
+		return session.saveDelta().and((s) -> {
 			if (session.isNew) {
 				session.setNew(false);
 			}
@@ -149,10 +148,9 @@ public class ReactiveRedisOperationsSessionRepository implements
 		String sessionKey = getSessionKey(id);
 
 		return this.sessionRedisOperations.opsForHash().entries(sessionKey)
-				.collect(
-						Collectors.toMap(e -> e.getKey().toString(), Map.Entry::getValue))
-				.filter(map -> !map.isEmpty()).map(new SessionMapper(id))
-				.filter(session -> !session.isExpired()).map(RedisSession::new)
+				.collectMap((e) -> e.getKey().toString(), Map.Entry::getValue)
+				.filter((map) -> !map.isEmpty()).map(new SessionMapper(id))
+				.filter((session) -> !session.isExpired()).map(RedisSession::new)
 				.switchIfEmpty(Mono.defer(() -> deleteById(id).then(Mono.empty())));
 	}
 
@@ -313,7 +311,7 @@ public class ReactiveRedisOperationsSessionRepository implements
 			Mono<Boolean> setTtl = ReactiveRedisOperationsSessionRepository.this.sessionRedisOperations
 					.expire(sessionKey, getMaxInactiveInterval());
 
-			return changeSessionId.and(update).and(setTtl).and(s -> {
+			return changeSessionId.and(update).and(setTtl).and((s) -> {
 				this.delta.clear();
 				s.onComplete();
 			}).then();
@@ -324,7 +322,7 @@ public class ReactiveRedisOperationsSessionRepository implements
 				return Mono.empty();
 			}
 
-			Publisher<Void> replaceSessionId = s -> {
+			Publisher<Void> replaceSessionId = (s) -> {
 				this.originalSessionId = sessionId;
 				s.onComplete();
 			};

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/RedisOperationsSessionRepository.java

@@ -316,7 +316,7 @@ public class RedisOperationsSessionRepository implements
 	/**
 	 * Creates a new instance. For an example, refer to the class level javadoc.
 	 *
-	 * @param sessionRedisOperations The {@link RedisOperations} to use for managing the
+	 * @param sessionRedisOperations the {@link RedisOperations} to use for managing the
 	 * sessions. Cannot be null.
 	 */
 	public RedisOperationsSessionRepository(
@@ -797,8 +797,9 @@ public class RedisOperationsSessionRepository implements
 
 			this.delta = new HashMap<>(this.delta.size());
 
-			Long originalExpiration = this.originalLastAccessTime == null ? null
-					: this.originalLastAccessTime.plus(getMaxInactiveInterval()).toEpochMilli();
+			Long originalExpiration = (this.originalLastAccessTime != null
+					? this.originalLastAccessTime.plus(getMaxInactiveInterval()).toEpochMilli()
+					: null);
 			RedisOperationsSessionRepository.this.expirationPolicy
 					.onExpirationUpdated(originalExpiration, this);
 		}
@@ -808,7 +809,12 @@ public class RedisOperationsSessionRepository implements
 				if (!isNew()) {
 					String originalSessionIdKey = getSessionKey(this.originalSessionId);
 					String sessionIdKey = getSessionKey(sessionId);
-					RedisOperationsSessionRepository.this.sessionRedisOperations.rename(originalSessionIdKey, sessionIdKey);
+					RedisOperationsSessionRepository.this.sessionRedisOperations.rename(
+							originalSessionIdKey, sessionIdKey);
+					String originalExpiredKey = getExpiredKey(this.originalSessionId);
+					String expiredKey = getExpiredKey(sessionId);
+					RedisOperationsSessionRepository.this.sessionRedisOperations.rename(
+							originalExpiredKey, expiredKey);
 				}
 				this.originalSessionId = sessionId;
 			}

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/config/ConfigureNotifyKeyspaceEventsAction.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -79,10 +79,10 @@ public class ConfigureNotifyKeyspaceEventsAction implements ConfigureRedisAction
 			}
 			return config.getProperty(config.stringPropertyNames().iterator().next());
 		}
-		catch (InvalidDataAccessApiUsageException e) {
+		catch (InvalidDataAccessApiUsageException ex) {
 			throw new IllegalStateException(
 					"Unable to configure Redis to keyspace notifications. See http://docs.spring.io/spring-session/docs/current/reference/html5/#api-redisoperationssessionrepository-sessiondestroyedevent",
-					e);
+					ex);
 		}
 	}
 

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/config/ConfigureRedisAction.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,7 +31,7 @@ public interface ConfigureRedisAction {
 	/**
 	 * A do nothing implementation of {@link ConfigureRedisAction}.
 	 */
-	ConfigureRedisAction NO_OP = connection -> {
+	ConfigureRedisAction NO_OP = (connection) -> {
 	};
 
 }

spring-session-data-redis/src/main/java/org/springframework/session/data/redis/config/annotation/web/http/RedisHttpSessionConfiguration.java

@@ -289,9 +289,9 @@ public class RedisHttpSessionConfiguration extends SpringHttpSessionConfiguratio
 				try {
 					connection.close();
 				}
-				catch (Exception e) {
+				catch (Exception ex) {
 					LogFactory.getLog(getClass()).error("Error closing RedisConnection",
-							e);
+							ex);
 				}
 			}
 		}

spring-session-data-redis/src/test/java/org/springframework/session/data/redis/ReactiveRedisOperationsSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,9 +23,7 @@ import java.util.HashMap;
 import java.util.Map;
 
 import org.junit.Before;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.mockito.ArgumentCaptor;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
@@ -34,13 +32,16 @@ import reactor.test.StepVerifier;
 import org.springframework.data.redis.core.ReactiveHashOperations;
 import org.springframework.data.redis.core.ReactiveRedisOperations;
 import org.springframework.session.MapSession;
+import org.springframework.session.data.redis.ReactiveRedisOperationsSessionRepository.RedisSession;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
 
 /**
@@ -50,9 +51,6 @@ import static org.mockito.Mockito.verifyZeroInteractions;
  */
 public class ReactiveRedisOperationsSessionRepositoryTests {
 
-	@Rule
-	public ExpectedException thrown = ExpectedException.none();
-
 	@SuppressWarnings("unchecked")
 	private ReactiveRedisOperations<String, Object> redisOperations = mock(
 			ReactiveRedisOperations.class);
@@ -67,18 +65,24 @@ public class ReactiveRedisOperationsSessionRepositoryTests {
 
 	private ReactiveRedisOperationsSessionRepository repository;
 
+	private MapSession cached;
+
 	@Before
-	public void setUp() throws Exception {
+	public void setUp() {
 		this.repository = new ReactiveRedisOperationsSessionRepository(
 				this.redisOperations);
+
+		this.cached = new MapSession();
+		this.cached.setId("session-id");
+		this.cached.setCreationTime(Instant.ofEpochMilli(1404360000000L));
+		this.cached.setLastAccessedTime(Instant.ofEpochMilli(1404360000000L));
 	}
 
 	@Test
 	public void constructorWithNullReactiveRedisOperations() {
-		this.thrown.expect(IllegalArgumentException.class);
-		this.thrown.expectMessage("sessionRedisOperations cannot be null");
-
-		new ReactiveRedisOperationsSessionRepository(null);
+		assertThatThrownBy(() -> new ReactiveRedisOperationsSessionRepository(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("sessionRedisOperations cannot be null");
 	}
 
 	@Test
@@ -91,18 +95,16 @@ public class ReactiveRedisOperationsSessionRepositoryTests {
 
 	@Test
 	public void nullRedisKeyNamespace() {
-		this.thrown.expect(IllegalArgumentException.class);
-		this.thrown.expectMessage("namespace cannot be null or empty");
-
-		this.repository.setRedisKeyNamespace(null);
+		assertThatThrownBy(() -> this.repository.setRedisKeyNamespace(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("namespace cannot be null or empty");
 	}
 
 	@Test
 	public void emptyRedisKeyNamespace() {
-		this.thrown.expect(IllegalArgumentException.class);
-		this.thrown.expectMessage("namespace cannot be null or empty");
-
-		this.repository.setRedisKeyNamespace("");
+		assertThatThrownBy(() -> this.repository.setRedisKeyNamespace(""))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("namespace cannot be null or empty");
 	}
 
 	@Test
@@ -123,148 +125,147 @@ public class ReactiveRedisOperationsSessionRepositoryTests {
 
 	@Test
 	public void nullRedisFlushMode() {
-		this.thrown.expect(IllegalArgumentException.class);
-		this.thrown.expectMessage("redisFlushMode cannot be null");
-
-		this.repository.setRedisFlushMode(null);
+		assertThatThrownBy(() -> this.repository.setRedisFlushMode(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("redisFlushMode cannot be null");
 	}
 
 	@Test
 	public void createSessionDefaultMaxInactiveInterval() {
-		Mono<ReactiveRedisOperationsSessionRepository.RedisSession> session = this.repository
-				.createSession();
-
-		StepVerifier.create(session).expectNextMatches(predicate -> {
-			assertThat(predicate.getMaxInactiveInterval()).isEqualTo(
-					Duration.ofSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS));
-			return true;
-		});
+		StepVerifier.create(this.repository.createSession()).consumeNextWith(
+				(session) -> assertThat(session.getMaxInactiveInterval()).isEqualTo(Duration
+						.ofSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS)))
+				.verifyComplete();
 	}
 
 	@Test
 	public void createSessionCustomMaxInactiveInterval() {
 		this.repository.setDefaultMaxInactiveInterval(600);
-		Mono<ReactiveRedisOperationsSessionRepository.RedisSession> session = this.repository
-				.createSession();
 
-		StepVerifier.create(session).expectNextMatches(predicate -> {
-			assertThat(predicate.getMaxInactiveInterval())
-					.isEqualTo(Duration.ofSeconds(600));
-			return true;
-		});
+		StepVerifier.create(this.repository.createSession())
+				.consumeNextWith((session) -> assertThat(session.getMaxInactiveInterval())
+						.isEqualTo(Duration.ofSeconds(600)))
+				.verifyComplete();
 	}
 
 	@Test
 	public void saveNewSession() {
 		given(this.redisOperations.opsForHash()).willReturn(this.hashOperations);
-		given(this.hashOperations.putAll(anyString(), this.delta.capture()))
-				.willReturn(Mono.just(true));
+		given(this.hashOperations.putAll(anyString(), any())).willReturn(Mono.just(true));
 		given(this.redisOperations.expire(anyString(), any()))
 				.willReturn(Mono.just(true));
 
-		ReactiveRedisOperationsSessionRepository.RedisSession session = this.repository.new RedisSession();
-		Mono<Void> result = this.repository.save(session);
+		StepVerifier
+				.create(this.repository.createSession().doOnNext(this.repository::save))
+				.consumeNextWith((session) -> {
+					verify(this.redisOperations).opsForHash();
+					verify(this.hashOperations).putAll(anyString(), this.delta.capture());
+					verify(this.redisOperations).expire(anyString(), any());
+					verifyZeroInteractions(this.redisOperations);
+					verifyZeroInteractions(this.hashOperations);
 
-		StepVerifier.create(result).expectNextMatches(predicate -> {
-			Map<String, Object> delta = this.delta.getAllValues().get(0);
-			assertThat(delta.size()).isEqualTo(3);
-			Object creationTime = delta
-					.get(ReactiveRedisOperationsSessionRepository.CREATION_TIME_KEY);
-			assertThat(creationTime).isEqualTo(session.getCreationTime().toEpochMilli());
-			assertThat(delta.get(
-					ReactiveRedisOperationsSessionRepository.MAX_INACTIVE_INTERVAL_KEY))
-							.isEqualTo((int) Duration.ofSeconds(
-									MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS)
-									.getSeconds());
-			assertThat(delta
-					.get(ReactiveRedisOperationsSessionRepository.LAST_ACCESSED_TIME_KEY))
-							.isEqualTo(session.getCreationTime().toEpochMilli());
-			return true;
-		});
+					Map<String, Object> delta = this.delta.getAllValues().get(0);
+					assertThat(delta.size()).isEqualTo(3);
+					assertThat(delta.get(
+							ReactiveRedisOperationsSessionRepository.CREATION_TIME_KEY))
+									.isEqualTo(session.getCreationTime().toEpochMilli());
+					assertThat(delta.get(
+							ReactiveRedisOperationsSessionRepository.MAX_INACTIVE_INTERVAL_KEY))
+									.isEqualTo((int) Duration.ofSeconds(
+											MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS)
+											.getSeconds());
+					assertThat(delta.get(
+							ReactiveRedisOperationsSessionRepository.LAST_ACCESSED_TIME_KEY))
+									.isEqualTo(
+											session.getLastAccessedTime().toEpochMilli());
+				}).verifyComplete();
 	}
 
 	@Test
 	public void saveSessionNothingChanged() {
-		ReactiveRedisOperationsSessionRepository.RedisSession session = this.repository.new RedisSession(
-				new MapSession());
+		given(this.redisOperations.expire(anyString(), any()))
+				.willReturn(Mono.just(true));
 
-		Mono<Void> result = this.repository.save(session);
+		RedisSession session = this.repository.new RedisSession(
+				new MapSession(this.cached));
 
-		StepVerifier.create(result).expectNextMatches(predicate -> {
-			verifyZeroInteractions(this.redisOperations);
-			return true;
-		});
+		StepVerifier.create(this.repository.save(session)).verifyComplete();
+
+		verifyZeroInteractions(this.redisOperations);
+		verifyZeroInteractions(this.hashOperations);
 	}
 
 	@Test
 	public void saveLastAccessChanged() {
 		given(this.redisOperations.opsForHash()).willReturn(this.hashOperations);
-		given(this.hashOperations.putAll(anyString(), this.delta.capture()))
-				.willReturn(Mono.just(true));
+		given(this.hashOperations.putAll(anyString(), any())).willReturn(Mono.just(true));
 		given(this.redisOperations.expire(anyString(), any()))
 				.willReturn(Mono.just(true));
 
-		ReactiveRedisOperationsSessionRepository.RedisSession session = this.repository.new RedisSession(
-				new MapSession());
+		RedisSession session = this.repository.new RedisSession(this.cached);
 		session.setLastAccessedTime(Instant.ofEpochMilli(12345678L));
-		Mono<Void> result = this.repository.save(session);
+		Mono.just(session).subscribe(this.repository::save);
 
-		StepVerifier.create(result).expectNextMatches(predicate -> {
-			assertThat(this.delta.getAllValues().get(0))
-					.isEqualTo(map(RedisOperationsSessionRepository.LAST_ACCESSED_ATTR,
-							session.getLastAccessedTime().toEpochMilli()));
-			return true;
-		});
+		verify(this.redisOperations).opsForHash();
+		verify(this.hashOperations).putAll(anyString(), this.delta.capture());
+		verify(this.redisOperations).expire(anyString(), any());
+		verifyZeroInteractions(this.redisOperations);
+		verifyZeroInteractions(this.hashOperations);
+
+		assertThat(this.delta.getAllValues().get(0))
+				.isEqualTo(map(RedisOperationsSessionRepository.LAST_ACCESSED_ATTR,
+						session.getLastAccessedTime().toEpochMilli()));
 	}
 
 	@Test
 	public void saveSetAttribute() {
 		given(this.redisOperations.opsForHash()).willReturn(this.hashOperations);
-		given(this.hashOperations.putAll(anyString(), this.delta.capture()))
-				.willReturn(Mono.just(true));
+		given(this.hashOperations.putAll(anyString(), any())).willReturn(Mono.just(true));
 		given(this.redisOperations.expire(anyString(), any()))
 				.willReturn(Mono.just(true));
 
 		String attrName = "attrName";
-		ReactiveRedisOperationsSessionRepository.RedisSession session = this.repository.new RedisSession(
-				new MapSession());
+		RedisSession session = this.repository.new RedisSession(this.cached);
 		session.setAttribute(attrName, "attrValue");
-		Mono<Void> result = this.repository.save(session);
+		Mono.just(session).subscribe(this.repository::save);
 
-		StepVerifier.create(result).expectNextMatches(predicate -> {
-			assertThat(this.delta.getAllValues().get(0)).isEqualTo(
-					map(RedisOperationsSessionRepository.getSessionAttrNameKey(attrName),
-							session.getAttribute(attrName)));
-			return true;
-		});
+		verify(this.redisOperations).opsForHash();
+		verify(this.hashOperations).putAll(anyString(), this.delta.capture());
+		verify(this.redisOperations).expire(anyString(), any());
+		verifyZeroInteractions(this.redisOperations);
+		verifyZeroInteractions(this.hashOperations);
+
+		assertThat(this.delta.getAllValues().get(0)).isEqualTo(
+				map(RedisOperationsSessionRepository.getSessionAttrNameKey(attrName),
+						session.getAttribute(attrName)));
 	}
 
 	@Test
 	public void saveRemoveAttribute() {
 		given(this.redisOperations.opsForHash()).willReturn(this.hashOperations);
-		given(this.hashOperations.putAll(anyString(), this.delta.capture()))
-				.willReturn(Mono.just(true));
+		given(this.hashOperations.putAll(anyString(), any())).willReturn(Mono.just(true));
 		given(this.redisOperations.expire(anyString(), any()))
 				.willReturn(Mono.just(true));
 
 		String attrName = "attrName";
-		ReactiveRedisOperationsSessionRepository.RedisSession session = this.repository.new RedisSession(
-				new MapSession());
+		RedisSession session = this.repository.new RedisSession(new MapSession());
 		session.removeAttribute(attrName);
-		Mono<Void> result = this.repository.save(session);
+		Mono.just(session).subscribe(this.repository::save);
 
-		StepVerifier.create(result).expectNextMatches(predicate -> {
-			assertThat(this.delta.getAllValues().get(0)).isEqualTo(
-					map(RedisOperationsSessionRepository.getSessionAttrNameKey(attrName),
-							null));
-			return true;
-		});
+		verify(this.redisOperations).opsForHash();
+		verify(this.hashOperations).putAll(anyString(), this.delta.capture());
+		verify(this.redisOperations).expire(anyString(), any());
+		verifyZeroInteractions(this.redisOperations);
+		verifyZeroInteractions(this.hashOperations);
+
+		assertThat(this.delta.getAllValues().get(0)).isEqualTo(map(
+				RedisOperationsSessionRepository.getSessionAttrNameKey(attrName), null));
 	}
 
 	@Test
 	public void redisSessionGetAttributes() {
 		String attrName = "attrName";
-		ReactiveRedisOperationsSessionRepository.RedisSession session = this.repository.new RedisSession();
+		RedisSession session = this.repository.new RedisSession(this.cached);
 		assertThat(session.getAttributeNames()).isEmpty();
 
 		session.setAttribute(attrName, "attrValue");
@@ -278,87 +279,106 @@ public class ReactiveRedisOperationsSessionRepositoryTests {
 	public void delete() {
 		given(this.redisOperations.delete(anyString())).willReturn(Mono.just(1L));
 
-		ReactiveRedisOperationsSessionRepository.RedisSession session = this.repository.new RedisSession(
-				new MapSession());
-		Mono<Void> result = this.repository.deleteById(session.getId());
+		StepVerifier.create(this.repository.deleteById("test")).verifyComplete();
 
-		StepVerifier.create(result).expectNextMatches(predicate -> {
-			assertThat(result).isEqualTo(1);
-			return true;
-		});
+		verify(this.redisOperations).delete(anyString());
+		verifyZeroInteractions(this.redisOperations);
+		verifyZeroInteractions(this.hashOperations);
 	}
 
 	@Test
 	public void getSessionNotFound() {
 		given(this.redisOperations.opsForHash()).willReturn(this.hashOperations);
 		given(this.hashOperations.entries(anyString())).willReturn(Flux.empty());
+		given(this.redisOperations.delete(anyString())).willReturn(Mono.just(0L));
 
-		Mono<ReactiveRedisOperationsSessionRepository.RedisSession> session = this.repository
-				.findById("test");
+		StepVerifier.create(this.repository.findById("test")).verifyComplete();
 
-		StepVerifier.create(session).expectNextMatches(predicate -> {
-			assertThat(predicate).isEqualTo(Mono.empty());
-			return true;
-		});
+		verify(this.redisOperations).opsForHash();
+		verify(this.hashOperations).entries(anyString());
+		verify(this.redisOperations).delete(anyString());
+		verifyZeroInteractions(this.redisOperations);
+		verifyZeroInteractions(this.hashOperations);
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void getSessionFound() {
 		given(this.redisOperations.opsForHash()).willReturn(this.hashOperations);
-		String attrName = "attrName";
-		MapSession expected = new MapSession();
+		String attribute1 = "attribute1";
+		String attribute2 = "attribute2";
+		MapSession expected = new MapSession("test");
 		expected.setLastAccessedTime(Instant.now().minusSeconds(60));
-		expected.setAttribute(attrName, "attrValue");
-		Map map = map(RedisOperationsSessionRepository.getSessionAttrNameKey(attrName),
-				expected.getAttribute(attrName),
-				RedisOperationsSessionRepository.CREATION_TIME_ATTR,
+		expected.setAttribute(attribute1, "test");
+		expected.setAttribute(attribute2, null);
+		Map map = map(
+				ReactiveRedisOperationsSessionRepository.ATTRIBUTE_PREFIX + attribute1,
+				expected.getAttribute(attribute1),
+				ReactiveRedisOperationsSessionRepository.ATTRIBUTE_PREFIX + attribute2,
+				expected.getAttribute(attribute2),
+				ReactiveRedisOperationsSessionRepository.CREATION_TIME_KEY,
 				expected.getCreationTime().toEpochMilli(),
-				RedisOperationsSessionRepository.MAX_INACTIVE_ATTR,
+				ReactiveRedisOperationsSessionRepository.MAX_INACTIVE_INTERVAL_KEY,
 				(int) expected.getMaxInactiveInterval().getSeconds(),
-				RedisOperationsSessionRepository.LAST_ACCESSED_ATTR,
+				ReactiveRedisOperationsSessionRepository.LAST_ACCESSED_TIME_KEY,
 				expected.getLastAccessedTime().toEpochMilli());
 		given(this.hashOperations.entries(anyString()))
 				.willReturn(Flux.fromIterable(map.entrySet()));
 
-		Mono<ReactiveRedisOperationsSessionRepository.RedisSession> session = this.repository
-				.findById("test");
+		StepVerifier.create(this.repository.findById("test")).consumeNextWith((session) -> {
+			verify(this.redisOperations).opsForHash();
+			verify(this.hashOperations).entries(anyString());
+			verifyZeroInteractions(this.redisOperations);
+			verifyZeroInteractions(this.hashOperations);
 
-		StepVerifier.create(session).expectNextMatches(predicate -> {
-			assertThat(predicate.getId()).isEqualTo(expected.getId());
-			assertThat(predicate.getAttributeNames())
+			assertThat(session.getId()).isEqualTo(expected.getId());
+			assertThat(session.getAttributeNames())
 					.isEqualTo(expected.getAttributeNames());
-			assertThat(predicate.<String>getAttribute(attrName))
-					.isEqualTo(expected.getAttribute(attrName));
-			assertThat(predicate.getCreationTime()).isEqualTo(expected.getCreationTime());
-			assertThat(predicate.getMaxInactiveInterval())
+			assertThat(session.<String>getAttribute(attribute1))
+					.isEqualTo(expected.getAttribute(attribute1));
+			assertThat(session.<String>getAttribute(attribute2))
+					.isEqualTo(expected.getAttribute(attribute2));
+			assertThat(session.getCreationTime()).isEqualTo(expected.getCreationTime());
+			assertThat(session.getMaxInactiveInterval())
 					.isEqualTo(expected.getMaxInactiveInterval());
-			assertThat(predicate.getLastAccessedTime())
+			assertThat(session.getLastAccessedTime())
 					.isEqualTo(expected.getLastAccessedTime());
-			return true;
-		});
+		}).verifyComplete();
 	}
 
 	@Test
 	@SuppressWarnings("unchecked")
 	public void getSessionExpired() {
 		given(this.redisOperations.opsForHash()).willReturn(this.hashOperations);
-		Map map = map(RedisOperationsSessionRepository.MAX_INACTIVE_ATTR, 1,
-				RedisOperationsSessionRepository.LAST_ACCESSED_ATTR,
+		Map map = map(ReactiveRedisOperationsSessionRepository.CREATION_TIME_KEY, 0L,
+				ReactiveRedisOperationsSessionRepository.MAX_INACTIVE_INTERVAL_KEY, 1,
+				ReactiveRedisOperationsSessionRepository.LAST_ACCESSED_TIME_KEY,
 				Instant.now().minus(5, ChronoUnit.MINUTES).toEpochMilli());
 		given(this.hashOperations.entries(anyString()))
 				.willReturn(Flux.fromIterable(map.entrySet()));
+		given(this.redisOperations.delete(anyString())).willReturn(Mono.just(0L));
 
-		Mono<ReactiveRedisOperationsSessionRepository.RedisSession> session = this.repository
-				.findById("test");
+		StepVerifier.create(this.repository.findById("test")).verifyComplete();
 
-		StepVerifier.create(session).expectNextMatches(predicate -> {
-			assertThat(predicate).isNull();
-			return true;
-		});
+		verify(this.redisOperations).opsForHash();
+		verify(this.hashOperations).entries(anyString());
+		verify(this.redisOperations).delete(anyString());
+		verifyZeroInteractions(this.redisOperations);
+		verifyZeroInteractions(this.hashOperations);
 	}
 
-	// TODO
+	@Test // gh-1120
+	public void getAttributeNamesAndRemove() {
+		RedisSession session = this.repository.new RedisSession(this.cached);
+		session.setAttribute("attribute1", "value1");
+		session.setAttribute("attribute2", "value2");
+
+		for (String attributeName : session.getAttributeNames()) {
+			session.removeAttribute(attributeName);
+		}
+
+		assertThat(session.getAttributeNames()).isEmpty();
+	}
 
 	private Map<String, Object> map(Object... objects) {
 		Map<String, Object> result = new HashMap<>();