Release 2.0.8.RELEASE

Resolves: #1263

.editorconfig

@@ -0,0 +1,19 @@
+root = true
+
+[*]
+end_of_line = lf
+trim_trailing_whitespace = true
+insert_final_newline = true
+max_line_length = 120
+
+[*.java]
+indent_style = tab
+indent_size = 4
+charset = latin1
+continuation_indent_size = 8
+
+[*.xml]
+indent_style = tab
+indent_size = 4
+charset = latin1
+continuation_indent_size = 8

.github/ISSUE_TEMPLATE.md

@@ -1,3 +1,7 @@
+<!--
+For Security Vulnerabilities, please use https://pivotal.io/security#reporting
+-->
+
 <!--
 Thanks for raising a Spring Session issue. Please provide a brief description of your problem along with the version of Spring Session that you are using. If possible, please also consider putting together a sample application that reproduces the issue.
 -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,3 +1,7 @@
+<!--
+For Security Vulnerabilities, please use https://pivotal.io/security#reporting
+-->
+
 <!--
 Thanks for contributing to Spring Session. Please provide a brief description of your pull-request and reference any related issue numbers (prefix references with #).
 -->

.gitignore

@@ -10,6 +10,6 @@ target
 out
 .springBeans
 *.rdb
-!eclispe/.checkstyle
 .checkstyle
+!etc/eclipse/.checkstyle
 !**/src/**/build

Jenkinsfile

@@ -1,9 +1,9 @@
-def projectProperties = [
-	[$class: 'BuildDiscarderProperty',
-		strategy: [$class: 'LogRotator', numToKeepStr: '5']],
-	pipelineTriggers([cron('@daily')])
-]
-properties(projectProperties)
+properties([
+		buildDiscarder(logRotator(numToKeepStr: '10')),
+		pipelineTriggers([
+				cron('@daily')
+		]),
+])
 
 def SUCCESS = hudson.model.Result.SUCCESS.toString()
 currentBuild.result = SUCCESS
@@ -11,15 +11,19 @@ currentBuild.result = SUCCESS
 try {
 	parallel check: {
 		stage('Check') {
-			node {
-				checkout scm
-				try {
-					sh "./gradlew clean check  --refresh-dependencies --no-daemon"
-				} catch(Exception e) {
-					currentBuild.result = 'FAILED: check'
-					throw e
-				} finally {
-					junit '**/build/*-results/*.xml'
+			timeout(time: 30, unit: 'MINUTES') {
+				node('ubuntu1804') {
+					checkout scm
+					try {
+						sh './gradlew clean check --no-daemon --refresh-dependencies'
+					}
+					catch (e) {
+						currentBuild.result = 'FAILED: check'
+						throw e
+					}
+					finally {
+						junit '**/build/test-results/*/*.xml'
+					}
 				}
 			}
 		}
@@ -29,31 +33,39 @@ try {
 			node {
 				checkout scm
 				try {
-					sh "./gradlew clean springIoCheck -PplatformVersion=Cairo-BUILD-SNAPSHOT -PexcludeProjects='**/samples/**' --refresh-dependencies --no-daemon --stacktrace"
-				} catch(Exception e) {
+					sh "./gradlew clean springIoCheck --stacktrace --no-daemon --refresh-dependencies -PplatformVersion=Cairo-BUILD-SNAPSHOT -PexcludeProjects='**/samples/**'"
+				}
+				catch(e) {
 					currentBuild.result = 'FAILED: springio'
 					throw e
-				} finally {
+				}
+				finally {
 					junit '**/build/spring-io*-results/*.xml'
 				}
 			}
 		}
 	}
 
-	if(currentBuild.result == 'SUCCESS') {
+	if (currentBuild.result == 'SUCCESS') {
 		parallel artifacts: {
 			stage('Deploy Artifacts') {
 				node {
 					checkout scm
-					withCredentials([file(credentialsId: 'spring-signing-secring.gpg', variable: 'SIGNING_KEYRING_FILE')]) {
-						withCredentials([string(credentialsId: 'spring-gpg-passphrase', variable: 'SIGNING_PASSWORD')]) {
-							withCredentials([usernamePassword(credentialsId: 'oss-token', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USERNAME')]) {
-								withCredentials([usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD')]) {
-									sh "./gradlew deployArtifacts finalizeDeployArtifacts -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password='$SIGNING_PASSWORD' -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --refresh-dependencies --no-daemon --stacktrace"
+					try {
+						withCredentials([file(credentialsId: 'spring-signing-secring.gpg', variable: 'SIGNING_KEYRING_FILE')]) {
+							withCredentials([string(credentialsId: 'spring-gpg-passphrase', variable: 'SIGNING_PASSWORD')]) {
+								withCredentials([usernamePassword(credentialsId: 'oss-token', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USERNAME')]) {
+									withCredentials([usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD')]) {
+										sh './gradlew deployArtifacts finalizeDeployArtifacts --stacktrace --no-daemon --refresh-dependencies -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password=$SIGNING_PASSWORD -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD'
+									}
 								}
 							}
 						}
 					}
+					catch (e) {
+						currentBuild.result = 'FAILED: artifacts'
+						throw e
+					}
 				}
 			}
 		},
@@ -61,32 +73,38 @@ try {
 			stage('Deploy Docs') {
 				node {
 					checkout scm
-					withCredentials([file(credentialsId: 'docs.spring.io-jenkins_private_ssh_key', variable: 'DEPLOY_SSH_KEY')]) {
-						sh "./gradlew deployDocs -PdeployDocsSshKeyPath=$DEPLOY_SSH_KEY -PdeployDocsSshUsername=$SPRING_DOCS_USERNAME --refresh-dependencies --no-daemon --stacktrace"
+					try {
+						withCredentials([file(credentialsId: 'docs.spring.io-jenkins_private_ssh_key', variable: 'DEPLOY_SSH_KEY')]) {
+							sh './gradlew deployDocs --stacktrace --no-daemon --refresh-dependencies -PdeployDocsSshKeyPath=$DEPLOY_SSH_KEY -PdeployDocsSshUsername=$SPRING_DOCS_USERNAME'
+						}
+					}
+					catch (e) {
+						currentBuild.result = 'FAILED: docs'
+						throw e
 					}
 				}
 			}
 		}
 	}
-} finally {
+}
+finally {
 	def buildStatus = currentBuild.result
-	def buildNotSuccess =  !SUCCESS.equals(buildStatus)
+	def buildNotSuccess = !SUCCESS.equals(buildStatus)
 	def lastBuildNotSuccess = !SUCCESS.equals(currentBuild.previousBuild?.result)
 
-	if(buildNotSuccess || lastBuildNotSuccess) {
-
-		stage('Notifiy') {
+	if (buildNotSuccess || lastBuildNotSuccess) {
+		stage('Notify') {
 			node {
 				final def RECIPIENTS = [[$class: 'DevelopersRecipientProvider'], [$class: 'RequesterRecipientProvider']]
 
 				def subject = "${buildStatus}: Build ${env.JOB_NAME} ${env.BUILD_NUMBER} status is now ${buildStatus}"
-				def details = """The build status changed to ${buildStatus}. For details see ${env.BUILD_URL}"""
+				def details = "The build status changed to ${buildStatus}. For details see ${env.BUILD_URL}"
 
-				emailext (
-					subject: subject,
-					body: details,
-					recipientProviders: RECIPIENTS,
-					to: "$SPRING_SESSION_TEAM_EMAILS"
+				emailext(
+						subject: subject,
+						body: details,
+						recipientProviders: RECIPIENTS,
+						to: "$SPRING_SESSION_TEAM_EMAILS"
 				)
 			}
 		}

build.gradle

@@ -1,6 +1,6 @@
 buildscript {
 	dependencies {
-		classpath 'io.spring.gradle:spring-build-conventions:0.0.9.RELEASE'
+		classpath 'io.spring.gradle:spring-build-conventions:0.0.18.RELEASE'
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
 	}
 	repositories {

docs/spring-session-docs.gradle

@@ -38,6 +38,7 @@ asciidoctor {
 			'lettuce-version': versions['io.lettuce:lettuce-core'],
 			'samples-dir': "$rootProject.projectDir.path/samples/",
 			'session-jdbc-main-resources-dir': "${project(':spring-session-jdbc').projectDir.path}/src/main/resources/",
+			'spring-boot-version': project.springBootVersion,
 			'spring-data-redis-version': versions['org.springframework.data:spring-data-redis'],
 			'spring-framework-version': versions['org.springframework:spring-core'],
 			'spring-security-version': versions['org.springframework.security:spring-security-core'],

docs/src/docs/asciidoc/guides/boot-jdbc.adoc

@@ -37,7 +37,7 @@ Thanks to first-class auto configuration support, setting up Spring Session back
 
 .src/main/resources/application.properties
 ----
-spring.session.store-type=jdbc
+spring.session.store-type=jdbc # Session store type.
 ----
 
 Under the hood, Spring Boot will apply configuration that is equivalent to manually adding `@EnableJdbcHttpSession` annotation.
@@ -48,10 +48,10 @@ Further customization is possible using `application.properties`:
 
 .src/main/resources/application.properties
 ----
-server.session.timeout= # Session timeout in seconds.
-spring.session.jdbc.initializer.enabled= # Create the required session tables on startup if necessary. Enabled automatically if the default table name is set or a custom schema is configured.
+server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
+spring.session.jdbc.initialize-schema=embedded # Database schema initialization mode.
 spring.session.jdbc.schema=classpath:org/springframework/session/jdbc/schema-@@platform@@.sql # Path to the SQL file to use to initialize the database schema.
-spring.session.jdbc.table-name=SPRING_SESSION # Name of database table used to store sessions.
+spring.session.jdbc.table-name=SPRING_SESSION # Name of the database table used to store sessions.
 ----
 
 For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
@@ -65,9 +65,9 @@ For example, you can include the following in your *application.properties*
 
 .src/main/resources/application.properties
 ----
-spring.datasource.url=jdbc:postgresql://localhost:5432/myapp
-spring.datasource.username=myapp
-spring.datasource.password=secret
+spring.datasource.url= # JDBC URL of the database.
+spring.datasource.username= # Login username of the database.
+spring.datasource.password= # Login password of the database.
 ----
 
 For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-configure-datasource[Configure a DataSource] portion of the Spring Boot documentation.

docs/src/docs/asciidoc/guides/boot-redis.adoc

@@ -35,7 +35,7 @@ Thanks to first-class auto configuration support, setting up Spring Session back
 
 .src/main/resources/application.properties
 ----
-spring.session.store-type=redis
+spring.session.store-type=redis # Session store type.
 ----
 
 Under the hood, Spring Boot will apply configuration that is equivalent to manually adding `@EnableRedisHttpSession` annotation.
@@ -46,9 +46,9 @@ Further customization is possible using `application.properties`:
 
 .src/main/resources/application.properties
 ----
-server.session.timeout= # Session timeout in seconds.
-spring.session.redis.flush-mode= # Sessions flush mode.
-spring.session.redis.namespace= # Namespace for keys used to store sessions.
+server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
+spring.session.redis.flush-mode=on-save # Sessions flush mode.
+spring.session.redis.namespace=spring:session # Namespace for keys used to store sessions.
 ----
 
 For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
@@ -62,9 +62,9 @@ For example, you can include the following in your *application.properties*
 
 .src/main/resources/application.properties
 ----
-spring.redis.host=localhost
-spring.redis.password=secret
-spring.redis.port=6379
+spring.redis.host=localhost # Redis server host.
+spring.redis.password= # Login password of the redis server.
+spring.redis.port=6379 # Redis server port.
 ----
 
 For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.

docs/src/docs/asciidoc/guides/boot-websocket.adoc

@@ -24,7 +24,7 @@ Please make sure you have already integrated Spring Session with the HttpSession
 [[websocket-spring-configuration]]
 == Spring Configuration
 
-In a typical Spring WebSocket application users would extend `AbstractWebSocketMessageBrokerConfigurer`.
+In a typical Spring WebSocket application users would implement `WebSocketMessageBrokerConfigurer`.
 For example, the configuration might look something like the following:
 
 [source,java]
@@ -43,7 +43,7 @@ include::{samples-dir}boot/websocket/src/main/java/sample/config/WebSocketConfig
 
 To hook in the Spring Session support we only need to change two things:
 
-<1> Instead of extending `AbstractWebSocketMessageBrokerConfigurer` we extend `AbstractSessionWebSocketMessageBrokerConfigurer`
+<1> Instead of implementing `WebSocketMessageBrokerConfigurer` we extend `AbstractSessionWebSocketMessageBrokerConfigurer`
 <2> We rename the `registerStompEndpoints` method to `configureStompEndpoints`
 
 What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes?
@@ -77,7 +77,7 @@ For the purposes of testing session expiration, you may want to change the sessi
 
 .src/main/resources/application.properties
 ----
-server.session.timeout=60
+server.servlet.session.timeout=1m # Session timeout. If a duration suffix is not specified, seconds will be used.
 ----
 ====
 

docs/src/docs/asciidoc/index.adoc

@@ -147,11 +147,12 @@ As a part of this split, the Spring Session Data MongoDB and Spring Session Data
 * https://github.com/spring-projects/spring-session-data-mongodb[`spring-session-data-mongodb` repository]
 ** Hosts Spring Session Data MongoDB module
 * https://github.com/spring-projects/spring-session-data-geode[`spring-session-data-geode` repository]
-** Hosts Spring Session Data Geode/GemFire module
+** Hosts Spring Session Data Geode and Spring Session Data Geode modules
 
-Going forward, the plan is to externalize each of the `SessionRepository` implementations into a dedicated repository and provide a Maven BOM (as in "bill of materials") module in order to help users with version management concerns.
+Finally, Spring Session now also provides a Maven BOM (as in "bill of materials") module in order to help users with version management concerns:
 
-Modules maintained by the members of Spring Team will be hosted within the https://github.com/spring-projects[`spring-projects` organization], while the community maintained modules will continue to be promoted via <<community-extensions,Community Extensions>> section of this manual.
+* https://github.com/spring-projects/spring-session-bom[`spring-session-bom` repository]
+** Hosts Spring Session BOM module
 
 [[httpsession]]
 == HttpSession Integration
@@ -1199,7 +1200,7 @@ Note that these two have moved to separate repositories, and will continue to be
 === Dropped Support
 
 As a part of the changes to `HttpSessionStrategy` and it's alignment to the counterpart from the reactive world, the support for managing multiple users' sessions in a single browser instance has been removed.
-This introduction of new API to replace this functionality in consideration for future releases.
+The introduction of a new API to replace this functionality is under consideration for future releases.
 
 [[community]]
 == Spring Session Community

docs/src/test/java/docs/security/RememberMeSecurityConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,7 +24,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
-import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.session.MapSessionRepository;
 import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
 import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices;
@@ -54,7 +53,7 @@ public class RememberMeSecurityConfiguration extends WebSecurityConfigurerAdapte
 
 	// tag::rememberme-bean[]
 	@Bean
-	RememberMeServices rememberMeServices() {
+	public SpringSessionRememberMeServices rememberMeServices() {
 		SpringSessionRememberMeServices rememberMeServices =
 				new SpringSessionRememberMeServices();
 		// optionally customize
@@ -67,8 +66,8 @@ public class RememberMeSecurityConfiguration extends WebSecurityConfigurerAdapte
 	@Override
 	@Bean
 	public InMemoryUserDetailsManager userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
+		return new InMemoryUserDetailsManager(User.withUsername("user")
+				.password("{noop}password").roles("USER").build());
 	}
 
 	@Bean

docs/src/test/java/docs/websocket/WebSocketConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,9 +19,9 @@ package docs.websocket;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.messaging.simp.config.MessageBrokerRegistry;
 import org.springframework.scheduling.annotation.EnableScheduling;
-import org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer;
 import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
+import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
 
 /**
  * @author Rob Winch
@@ -30,7 +30,7 @@ import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 @Configuration
 @EnableScheduling
 @EnableWebSocketMessageBroker
-public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
+public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
 
 	@Override
 	public void registerStompEndpoints(StompEndpointRegistry registry) {

etc/checkstyle/checkstyle.xml

@@ -2,165 +2,11 @@
 <!DOCTYPE module PUBLIC "-//Puppy Crawl//DTD Check Configuration 1.3//EN"
 		"http://www.puppycrawl.com/dtds/configuration_1_3.dtd">
 <module name="Checker">
-	<!-- Suppressions -->
+	<!-- Supressions -->
 	<module name="SuppressionFilter">
-		<property name="file" value="${configDir}/suppressions.xml"/>
+		<property name="file" value="${config_loc}/suppressions.xml"/>
 	</module>
 
 	<!-- Root Checks -->
-	<module name="RegexpHeader">
-		<property name="headerFile" value="${configDir}/header.txt"/>
-		<property name="fileExtensions" value="java"/>
-	</module>
-	<module name="NewlineAtEndOfFile">
-		<property name="lineSeparator" value="lf"/>
-		<property name="fileExtensions" value="java,xml"/>
-	</module>
-
-	<!-- TreeWalker Checks -->
-	<module name="TreeWalker">
-		<!-- Annotations -->
-		<module name="AnnotationUseStyle">
-			<property name="elementStyle" value="compact"/>
-		</module>
-		<module name="MissingOverride"/>
-		<module name="PackageAnnotation"/>
-		<module name="AnnotationLocation">
-			<property name="allowSamelineSingleParameterlessAnnotation" value="false" />
-		</module>
-
-		<!-- Block Checks -->
-		<module name="EmptyBlock">
-			<property name="option" value="text"/>
-		</module>
-		<module name="LeftCurly"/>
-		<module name="RightCurly">
-			<property name="option" value="alone"/>
-		</module>
-		<module name="NeedBraces"/>
-		<module name="AvoidNestedBlocks"/>
-
-		<!-- Class Design -->
-		<module name="FinalClass"/>
-		<module name="InterfaceIsType"/>
-		<module name="HideUtilityClassConstructor"/>
-		<module name="MutableException"/>
-		<module name="InnerTypeLast"/>
-		<module name="OneTopLevelClass"/>
-
-		<!-- Coding -->
-		<module name="CovariantEquals"/>
-		<module name="EmptyStatement"/>
-		<module name="EqualsHashCode"/>
-		<module name="InnerAssignment"/>
-		<module name="SimplifyBooleanExpression"/>
-		<module name="SimplifyBooleanReturn"/>
-		<module name="StringLiteralEquality"/>
-		<module name="NestedForDepth">
-			<property name="max" value="3"/>
-		</module>
-		<module name="NestedIfDepth">
-			<property name="max" value="3"/>
-		</module>
-		<module name="NestedTryDepth">
-			<property name="max" value="3"/>
-		</module>
-		<module name="MultipleVariableDeclarations"/>
-		<module name="RequireThis">
-			<property name="checkMethods" value="false"/>
-		</module>
-		<module name="OneStatementPerLine"/>
-
-		<!-- Imports -->
-		<module name="AvoidStarImport"/>
-		<module name="AvoidStaticImport">
-			<property name="excludes"
-					value="org.assertj.core.api.Assertions.*, org.mockito.Mockito.*, org.mockito.BDDMockito.*, org.mockito.AdditionalMatchers.*, org.mockito.ArgumentMatchers.*, org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*, org.springframework.test.web.servlet.result.MockMvcResultHandlers.*, org.springframework.test.web.servlet.result.MockMvcResultMatchers.*, org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*, org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*, org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.*, org.springframework.hateoas.mvc.ControllerLinkBuilder.linkTo"/>
-		</module>
-		<module name="IllegalImport"/>
-		<module name="RedundantImport"/>
-		<module name="UnusedImports">
-			<property name="processJavadoc" value="true"/>
-		</module>
-		<module name="ImportOrder">
-			<property name="groups" value="java,/^javax?\./,*,org.springframework"/>
-			<property name="ordered" value="true"/>
-			<property name="separated" value="true"/>
-			<property name="option" value="bottom"/>
-			<property name="sortStaticImportsAlphabetically" value="true"/>
-		</module>
-
-		<!-- Javadoc Comments -->
-		<module name="JavadocType">
-			<property name="scope" value="package"/>
-			<property name="authorFormat" value=".+\s.+"/>
-		</module>
-		<module name="JavadocMethod">
-			<property name="allowMissingJavadoc" value="true"/>
-		</module>
-		<module name="JavadocVariable">
-			<property name="scope" value="public"/>
-		</module>
-		<module name="JavadocStyle">
-			<property name="checkEmptyJavadoc" value="true"/>
-		</module>
-		<module name="NonEmptyAtclauseDescription"/>
-		<module name="JavadocTagContinuationIndentation">
-			<property name="offset" value="0"/>
-		</module>
-		<module name="AtclauseOrder">
-			<property name="target" value="CLASS_DEF, INTERFACE_DEF, ENUM_DEF"/>
-			<property name="tagOrder" value="@param, @author, @since, @see, @version, @serial, @deprecated"/>
-		</module>
-		<module name="AtclauseOrder">
-			<property name="target" value="METHOD_DEF, CTOR_DEF, VARIABLE_DEF"/>
-			<property name="tagOrder" value="@param, @return, @throws, @since, @deprecated, @see"/>
-		</module>
-
-		<!-- Miscellaneous -->
-		<module name="CommentsIndentation"/>
-		<module name="UpperEll"/>
-		<module name="ArrayTypeStyle"/>
-		<module name="OuterTypeFilename"/>
-
-		<!-- Modifiers -->
-		<module name="RedundantModifier"/>
-
-		<!-- Regexp -->
-		<module name="RegexpSinglelineJava">
-			<property name="format" value="^\t* +\t*\S"/>
-			<property name="message" value="Line has leading space characters; indentation should be performed with tabs only."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-		<module name="RegexpSinglelineJava">
-			<property name="maximum" value="0"/>
-			<property name="format" value="org\.mockito\.Mockito\.(when|doThrow|doAnswer)"/>
-			<property name="message"
-				value="Please use BDDMockto imports."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-		<module name="RegexpSinglelineJava">
-			<property name="maximum" value="0"/>
-			<property name="format" value="org\.junit\.Assert\.assert"/>
-			<property name="message" value="Please use AssertJ imports."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-		<module name="Regexp">
-			<property name="format" value="[ \t]+$"/>
-			<property name="illegalPattern" value="true"/>
-			<property name="message" value="Trailing whitespace"/>
-		</module>
-
-		<!-- Whitespace -->
-		<module name="GenericWhitespace"/>
-		<module name="MethodParamPad"/>
-		<module name="NoWhitespaceAfter">
-			<property name="tokens" value="BNOT, DEC, DOT, INC, LNOT, UNARY_MINUS, UNARY_PLUS, ARRAY_DECLARATOR"/>
-		</module>
-		<module name="NoWhitespaceBefore"/>
-		<module name="ParenPad"/>
-		<module name="TypecastParenPad"/>
-		<module name="WhitespaceAfter"/>
-		<module name="WhitespaceAround"/>
-	</module>
+	<module name="io.spring.javaformat.checkstyle.SpringChecks"/>
 </module>

etc/checkstyle/header.txt

@@ -1,16 +0,0 @@
-^\Q/*\E$
-^\Q * Copyright 2014-\E20\d\d\Q the original author or authors.\E$
-^\Q *\E$
-^\Q * Licensed under the Apache License, Version 2.0 (the "License");\E$
-^\Q * you may not use this file except in compliance with the License.\E$
-^\Q * You may obtain a copy of the License at\E$
-^\Q *\E$
-^\Q *      http://www.apache.org/licenses/LICENSE-2.0\E$
-^\Q *\E$
-^\Q * Unless required by applicable law or agreed to in writing, software\E$
-^\Q * distributed under the License is distributed on an "AS IS" BASIS,\E$
-^\Q * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\E$
-^\Q * See the License for the specific language governing permissions and\E$
-^\Q * limitations under the License.\E$
-^\Q */\E$
-^.*$

etc/checkstyle/suppressions.xml

@@ -2,17 +2,14 @@
 <!DOCTYPE suppressions PUBLIC "-//Puppy Crawl//DTD Suppressions 1.1//EN"
 		"http://www.puppycrawl.com/dtds/suppressions_1_1.dtd">
 <suppressions>
-	<suppress files=".+Application\.java" checks="HideUtilityClassConstructor"/>
-	<suppress files=".+Configuration\.java" checks="HideUtilityClassConstructor"/>
+	<!-- global -->
+	<suppress files="[\\/]src[\\/]integration-test[\\/]java[\\/]" checks="Javadoc*"/>
 
-	<suppress files="[\\/]src[\\/]test[\\/]java[\\/]" checks="Javadoc"/>
-	<suppress files="[\\/]src[\\/]integration-test[\\/]java[\\/]" checks="Javadoc"/>
-
-	<suppress files="[\\/]docs[\\/]" checks="Javadoc"/>
-	<suppress files="[\\/]docs[\\/]" checks="CommentsIndentation"/>
+	<!-- docs -->
+	<suppress files="[\\/]docs[\\/]" checks="Javadoc*"/>
 	<suppress files="[\\/]docs[\\/]" checks="InnerTypeLast"/>
 
-	<suppress files="[\\/]samples[\\/]" checks="Javadoc"/>
-	<suppress files="[\\/]samples[\\/]" checks="CommentsIndentation"/>
-	<suppress files="[\\/]samples[\\/]" checks="InnerTypeLast"/>
+	<!-- samples -->
+	<suppress files="[\\/]samples[\\/]" checks="Javadoc*"/>
+	<suppress files="[\\/]samples[\\/].+Application\.java" checks="HideUtilityClassConstructor"/>
 </suppressions>

gradle.properties

@@ -1,2 +1,2 @@
-springBootVersion=2.0.0.M7
-version=2.0.1.RELEASE
+springBootVersion=2.0.6.RELEASE
+version=2.0.8.RELEASE

gradle/dependency-management.gradle

@@ -1,39 +1,32 @@
 dependencyManagement {
 	imports {
-		mavenBom 'com.fasterxml.jackson:jackson-bom:2.9.4'
-		mavenBom 'io.projectreactor:reactor-bom:Bismuth-SR5'
-		mavenBom 'org.springframework:spring-framework-bom:5.0.3.RELEASE'
-		mavenBom 'org.springframework.data:spring-data-releasetrain:Kay-SR3'
-		mavenBom 'org.springframework.security:spring-security-bom:5.0.1.RELEASE'
+		mavenBom 'com.fasterxml.jackson:jackson-bom:2.9.6'
+		mavenBom 'io.projectreactor:reactor-bom:Bismuth-SR14'
+		mavenBom 'org.springframework:spring-framework-bom:5.0.11.RELEASE'
+		mavenBom 'org.springframework.data:spring-data-releasetrain:Kay-SR12'
+		mavenBom 'org.springframework.security:spring-security-bom:5.0.10.RELEASE'
+		mavenBom 'org.testcontainers:testcontainers-bom:1.10.2'
 	}
 
 	dependencies {
-		dependencySet(group: 'com.hazelcast', version: '3.9.2') {
+		dependencySet(group: 'com.hazelcast', version: '3.9.4') {
 			entry 'hazelcast'
 			entry 'hazelcast-client'
 		}
 
-		dependencySet(group: 'org.testcontainers', version: '1.5.1') {
-			entry 'mariadb'
-			entry 'mssqlserver'
-			entry 'mysql'
-			entry 'postgresql'
-			entry 'testcontainers'
-		}
-
-		dependency 'com.h2database:h2:1.4.196'
-		dependency 'com.microsoft.sqlserver:mssql-jdbc:6.2.2.jre8'
+		dependency 'com.h2database:h2:1.4.197'
+		dependency 'com.microsoft.sqlserver:mssql-jdbc:7.0.0.jre8'
 		dependency 'edu.umd.cs.mtc:multithreadedtc:1.01'
-		dependency 'io.lettuce:lettuce-core:5.0.1.RELEASE'
+		dependency 'io.lettuce:lettuce-core:5.1.3.RELEASE'
+		dependency 'javax.annotation:javax.annotation-api:1.3.2'
 		dependency 'javax.servlet:javax.servlet-api:3.1.0'
 		dependency 'junit:junit:4.12'
-		dependency 'mysql:mysql-connector-java:5.1.45'
-		dependency 'org.apache.derby:derby:10.14.1.0'
-		dependency 'org.assertj:assertj-core:3.9.0'
-		dependency 'org.hsqldb:hsqldb:2.4.0'
-		dependency 'org.mariadb.jdbc:mariadb-java-client:2.2.1'
-		dependency 'org.mockito:mockito-core:2.13.0'
-		dependency 'org.postgresql:postgresql:42.2.0'
-		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.29.0'
+		dependency 'mysql:mysql-connector-java:8.0.13'
+		dependency 'org.apache.derby:derby:10.14.2.0'
+		dependency 'org.assertj:assertj-core:3.11.1'
+		dependency 'org.hsqldb:hsqldb:2.4.1'
+		dependency 'org.mariadb.jdbc:mariadb-java-client:2.3.0'
+		dependency 'org.mockito:mockito-core:2.23.4'
+		dependency 'org.postgresql:postgresql:42.2.5'
 	}
 }

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.10.1-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.4.1-bin.zip

samples/boot/findbyusername/README.adoc

@@ -1,4 +0,0 @@
-Demonstrates using Spring Session to lookup a user's session by the username.
-The sample provides a hook to add the current username to the session (required for finding the user) by providing a custom implementation of Spring Security's `AuthenticationSuccessHandler`.
-
-NOTE: This product includes GeoLite2 data created by MaxMind, available from http://www.maxmind.com

samples/boot/findbyusername/spring-session-sample-boot-findbyusername.gradle

@@ -10,7 +10,7 @@ dependencies {
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:html5shiv"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 	compile "com.maxmind.geoip2:geoip2"
 	compile "org.apache.httpcomponents:httpclient"
 

samples/boot/findbyusername/src/integration-test/java/sample/FindByUsernameTests.java

@@ -18,7 +18,6 @@ package sample;
 
 import org.junit.After;
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
@@ -30,10 +29,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
@@ -45,15 +43,10 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
  */
 @RunWith(SpringRunner.class)
 @AutoConfigureMockMvc
-@SpringBootTest(classes = FindByUsernameApplication.class, webEnvironment = WebEnvironment.MOCK)
-@ContextConfiguration(initializers = FindByUsernameTests.Initializer.class)
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 public class FindByUsernameTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@Autowired
 	private MockMvc mockMvc;
@@ -86,16 +79,21 @@ public class FindByUsernameTests {
 		home.terminateButtonDisabled();
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/findbyusername/src/main/java/sample/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,14 +16,10 @@
 
 package sample.config;
 
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
  * Spring Security configuration.
@@ -34,20 +30,13 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	// tag::config[]
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/findbyusername/src/main/java/sample/session/SessionDetailsFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -92,7 +92,7 @@ public class SessionDetailsFilter extends OncePerRequestFilter {
 			}
 			return cityName + ", " + countryName;
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
 			return UNKNOWN;
 
 		}

samples/boot/findbyusername/src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.security.user.password=password

samples/boot/jdbc/README.adoc

@@ -1 +0,0 @@
-Demonstrates using Spring Session with Spring Boot and Spring Security. You can log in with the username "user" and the password "password".

samples/boot/jdbc/spring-session-sample-boot-jdbc.gradle

@@ -9,7 +9,7 @@ dependencies {
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:html5shiv"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 	compile "com.h2database:h2"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"

samples/boot/jdbc/src/main/java/sample/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,15 +16,11 @@
 
 package sample.config;
 
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
  * Spring Security configuration.
@@ -35,18 +31,11 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	@Override
-	public void configure(WebSecurity web) throws Exception {
+	public void configure(WebSecurity web) {
 		web
-			.ignoring().antMatchers("/h2-console/**");
+			.ignoring().requestMatchers(PathRequest.toH2Console());
 	}
 	// @formatter:on
 
@@ -56,7 +45,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/jdbc/src/main/resources/application.properties

@@ -1 +1,2 @@
+spring.security.user.password=password
 spring.h2.console.enabled=true

samples/boot/redis-json/spring-session-sample-boot-redis-json.gradle

@@ -10,7 +10,7 @@ dependencies {
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:html5shiv"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 	compile "org.apache.httpcomponents:httpclient"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"

samples/boot/redis-json/src/integration-test/java/sample/HttpRedisJsonTest.java

@@ -20,7 +20,6 @@ import java.util.List;
 
 import org.junit.After;
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
@@ -33,10 +32,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
@@ -48,16 +46,11 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(classes = Application.class, webEnvironment = WebEnvironment.MOCK)
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureMockMvc
-@ContextConfiguration(initializers = HttpRedisJsonTest.Initializer.class)
 public class HttpRedisJsonTest {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@Autowired
 	private MockMvc mockMvc;
@@ -110,16 +103,21 @@ public class HttpRedisJsonTest {
 		assertThat(attributes).extracting("attributeValue").contains("Demo Value");
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/redis-json/src/integration-test/java/sample/RedisSerializerTest.java

@@ -16,19 +16,17 @@
 
 package sample;
 
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
 import org.springframework.session.data.redis.config.annotation.SpringSessionRedisOperations;
-import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -38,15 +36,10 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(classes = Application.class)
-@ContextConfiguration(initializers = RedisSerializerTest.Initializer.class)
+@SpringBootTest
 public class RedisSerializerTest {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@SpringSessionRedisOperations
 	private RedisTemplate<Object, Object> sessionRedisTemplate;
@@ -59,16 +52,21 @@ public class RedisSerializerTest {
 				.isInstanceOf(GenericJackson2JsonRedisSerializer.class);
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/redis-json/src/main/java/sample/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,14 +16,10 @@
 
 package sample.config;
 
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
  * Spring Security configuration.
@@ -34,19 +30,12 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/redis-json/src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.security.user.password=password

samples/boot/redis/README.adoc

@@ -1 +0,0 @@
-Demonstrates using Spring Session with Spring Boot and Spring Security. You can log in with the username "user" and the password "password".

samples/boot/redis/spring-session-sample-boot-redis.gradle

@@ -10,7 +10,7 @@ dependencies {
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:html5shiv"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"
 

samples/boot/redis/src/integration-test/java/sample/BootTests.java

@@ -18,7 +18,6 @@ package sample;
 
 import org.junit.After;
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
@@ -30,10 +29,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
@@ -44,15 +42,10 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
  */
 @RunWith(SpringRunner.class)
 @AutoConfigureMockMvc
-@SpringBootTest(classes = Application.class, webEnvironment = WebEnvironment.MOCK)
-@ContextConfiguration(initializers = BootTests.Initializer.class)
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 public class BootTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@Autowired
 	private MockMvc mockMvc;
@@ -92,16 +85,21 @@ public class BootTests {
 		login.assertAt();
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/redis/src/main/java/sample/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,14 +16,10 @@
 
 package sample.config;
 
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 /**
  * Spring Security configuration.
@@ -34,20 +30,13 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 @Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	// tag::config[]
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/redis/src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.security.user.password=password

samples/boot/webflux/src/integration-test/java/sample/AttributeTests.java

@@ -20,7 +20,6 @@ import java.util.List;
 
 import org.junit.After;
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
@@ -31,11 +30,10 @@ import sample.pages.HomePage.Attribute;
 
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
+import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.boot.web.server.LocalServerPort;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -43,17 +41,13 @@ import static org.assertj.core.api.Assertions.assertThat;
 /**
  * @author Eddú Meléndez
  * @author Rob Winch
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(classes = HelloWebFluxApplication.class, webEnvironment = WebEnvironment.RANDOM_PORT)
-@ContextConfiguration(initializers = AttributeTests.Initializer.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 public class AttributeTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@LocalServerPort
 	private int port;
@@ -99,16 +93,21 @@ public class AttributeTests {
 		assertThat(row.getAttributeValue()).isEqualTo("b");
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/websocket/spring-session-sample-boot-websocket.gradle

@@ -18,7 +18,7 @@ dependencies {
 	compile "org.webjars:knockout"
 	compile "org.webjars:sockjs-client"
 	compile "org.webjars:stomp-websocket"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 	compile "com.h2database:h2"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"

samples/boot/websocket/src/main/java/sample/config/WebSecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,30 +17,20 @@
 package sample.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
 @Configuration
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
-	@Bean
-	@Override
-	public UserDetailsService userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
-	}
-
 	// @formatter:off
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth,
@@ -53,9 +43,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
 	// @formatter:off
 	@Override
-	public void configure(WebSecurity web) throws Exception {
+	public void configure(WebSecurity web) {
 		web
-			.ignoring().antMatchers("/h2-console/**");
+			.ignoring().requestMatchers(PathRequest.toH2Console());
 	}
 	// @formatter:on
 
@@ -64,7 +54,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http
 			.authorizeRequests()
-				.requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()
+				.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 				.anyRequest().authenticated()
 				.and()
 			.formLogin()

samples/boot/websocket/src/main/java/sample/security/UserRepositoryUserDetailsService.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -59,7 +59,7 @@ public class UserRepositoryUserDetailsService implements UserDetailsService {
 		return new CustomUserDetails(user);
 	}
 
-	private final static class CustomUserDetails extends User implements UserDetails {
+	private static final class CustomUserDetails extends User implements UserDetails {
 
 		private CustomUserDetails(User user) {
 			super(user);

samples/boot/websocket/src/main/java/sample/websocket/WebSocketDisconnectHandler.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -42,7 +42,7 @@ public class WebSocketDisconnectHandler<S>
 		if (id == null) {
 			return;
 		}
-		this.repository.findById(id).ifPresent(user -> {
+		this.repository.findById(id).ifPresent((user) -> {
 			this.repository.deleteById(id);
 			this.messagingTemplate.convertAndSend("/topic/friends/signout",
 					Arrays.asList(user.getUsername()));

samples/boot/websocket/src/main/resources/application.properties

@@ -1,2 +1,2 @@
-#server.session.timeout=60
+#server.servlet.session.timeout=1m
 spring.h2.console.enabled=true

samples/boot/websocket/src/test/java/sample/ApplicationTests.java

@@ -20,10 +20,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.ExecutionException;
 
-import org.junit.ClassRule;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.testcontainers.containers.GenericContainer;
 
@@ -31,10 +28,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.util.concurrent.ListenableFuture;
 import org.springframework.web.socket.TextMessage;
@@ -46,23 +42,17 @@ import org.springframework.web.socket.sockjs.client.SockJsClient;
 import org.springframework.web.socket.sockjs.client.Transport;
 import org.springframework.web.socket.sockjs.client.WebSocketTransport;
 
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
 /**
  * @author Rob Winch
  * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(classes = Application.class, webEnvironment = WebEnvironment.RANDOM_PORT)
-@ContextConfiguration(initializers = ApplicationTests.Initializer.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 public class ApplicationTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
-
-	@Rule
-	public final ExpectedException thrown = ExpectedException.none();
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@Value("${local.server.port}")
 	private String port;
@@ -71,7 +61,7 @@ public class ApplicationTests {
 	private WebSocketHandler webSocketHandler;
 
 	@Test
-	public void run() throws Exception {
+	public void run() {
 		List<Transport> transports = new ArrayList<>(2);
 		transports.add(new WebSocketTransport(new StandardWebSocketClient()));
 		transports.add(new RestTemplateXhrTransport());
@@ -80,20 +70,25 @@ public class ApplicationTests {
 		ListenableFuture<WebSocketSession> wsSession = sockJsClient.doHandshake(
 				this.webSocketHandler, "ws://localhost:" + this.port + "/sockjs");
 
-		this.thrown.expect(ExecutionException.class);
-		wsSession.get().sendMessage(new TextMessage("a"));
+		assertThatThrownBy(() -> wsSession.get().sendMessage(new TextMessage("a")))
+				.isInstanceOf(ExecutionException.class);
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/gradle/dependency-management.gradle

@@ -5,6 +5,7 @@ dependencyManagement {
 		dependency 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.2.1'
 		dependency 'javax.servlet.jsp:javax.servlet.jsp-api:2.3.2-b02'
 		dependency 'org.apache.taglibs:taglibs-standard-jstlel:1.2.5'
+		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.29.3'
 		dependency 'org.slf4j:jcl-over-slf4j:1.7.25'
 		dependency 'org.slf4j:log4j-over-slf4j:1.7.25'
 		dependency 'org.webjars:bootstrap:2.3.2'

samples/javaconfig/custom-cookie/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.7";
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

samples/javaconfig/hazelcast/src/main/java/sample/ObjectStreamSerializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -55,8 +55,8 @@ public class ObjectStreamSerializer implements StreamSerializer<Object> {
 		try {
 			return in.readObject();
 		}
-		catch (ClassNotFoundException e) {
-			throw new IOException(e);
+		catch (ClassNotFoundException ex) {
+			throw new IOException(ex);
 		}
 	}
 

samples/javaconfig/hazelcast/src/main/java/sample/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,7 +28,7 @@ import org.springframework.security.core.userdetails.User;
 public class SecurityConfig {
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-		auth.inMemoryAuthentication().withUser(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
+		auth.inMemoryAuthentication().withUser(User.withUsername("user")
+				.password("{noop}password").roles("USER").build());
 	}
 }

samples/javaconfig/hazelcast/src/main/java/sample/SessionConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -42,7 +42,8 @@ public class SessionConfig {
 		int port = SocketUtils.findAvailableTcpPort();
 
 		config.getNetworkConfig()
-				.setPort(port);
+				.setPort(port)
+				.getJoin().getMulticastConfig().setEnabled(false);
 
 		System.out.println("Hazelcast port #: " + port);
 

samples/javaconfig/redis/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.7";
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

samples/javaconfig/rest/spring-session-sample-javaconfig-rest.gradle

@@ -17,7 +17,6 @@ dependencies {
 	testCompile "org.springframework.security:spring-security-test"
 	testCompile "org.assertj:assertj-core"
 	testCompile "org.springframework:spring-test"
-	testCompile "commons-codec:commons-codec"
 
 	integrationTestCompile "org.testcontainers:testcontainers"
 }

samples/javaconfig/rest/src/integration-test/java/rest/RestMockMvcTests.java

@@ -17,7 +17,6 @@
 package rest;
 
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.testcontainers.containers.GenericContainer;
@@ -55,11 +54,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @WebAppConfiguration
 public class RestMockMvcTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@Autowired
 	private SessionRepositoryFilter<? extends Session> sessionRepositoryFilter;
@@ -97,10 +92,18 @@ public class RestMockMvcTests {
 	@EnableRedisHttpSession
 	static class Config {
 
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
 		@Bean
 		public LettuceConnectionFactory redisConnectionFactory() {
-			return new LettuceConnectionFactory(redisContainer.getContainerIpAddress(),
-					redisContainer.getFirstMappedPort());
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 		@Bean

samples/javaconfig/rest/src/integration-test/java/sample/RestTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,8 +17,8 @@
 package sample;
 
 import java.util.Arrays;
+import java.util.Base64;
 
-import org.apache.commons.codec.binary.Base64;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -32,6 +32,7 @@ import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * @author Pool Dolorier
@@ -52,13 +53,14 @@ public class RestTests {
 		this.restTemplate = new RestTemplate();
 	}
 
-	@Test(expected = HttpClientErrorException.class)
+	@Test
 	public void unauthenticatedUserSentToLogInPage() {
 		HttpHeaders headers = new HttpHeaders();
 		headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
-		ResponseEntity<String> entity = getForUser(this.baseUrl + "/",
-				headers, String.class);
-		assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
+		assertThatThrownBy(() -> getForUser(this.baseUrl + "/", headers, String.class))
+				.isInstanceOf(HttpClientErrorException.class)
+				.satisfies((e) -> assertThat(((HttpClientErrorException) e).getStatusCode())
+						.isEqualTo(HttpStatus.UNAUTHORIZED));
 	}
 
 	@Test
@@ -122,6 +124,6 @@ public class RestTests {
 
 	private String getAuth(String user, String password) {
 		String auth = user + ":" + password;
-		return new String(Base64.encodeBase64(auth.getBytes()));
+		return Base64.getEncoder().encodeToString(auth.getBytes());
 	}
 }

samples/javaconfig/rest/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.7";
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

samples/javaconfig/rest/src/main/java/sample/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,7 +43,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-		auth.inMemoryAuthentication().withUser(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
+		auth.inMemoryAuthentication().withUser(User.withUsername("user")
+				.password("{noop}password").roles("USER").build());
 	}
 }

samples/javaconfig/security/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.7";
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

samples/javaconfig/security/src/main/java/sample/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,7 +28,7 @@ import org.springframework.security.core.userdetails.User;
 public class SecurityConfig {
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-		auth.inMemoryAuthentication().withUser(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
+		auth.inMemoryAuthentication().withUser(User.withUsername("user")
+				.password("{noop}password").roles("USER").build());
 	}
 }

samples/misc/hazelcast/src/main/java/sample/Initializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -64,7 +64,9 @@ public class Initializer implements ServletContextListener {
 	private HazelcastInstance createHazelcastInstance() {
 		Config config = new Config();
 
-		config.getNetworkConfig().setPort(getAvailablePort());
+		config.getNetworkConfig()
+				.setPort(getAvailablePort())
+				.getJoin().getMulticastConfig().setEnabled(false);
 
 		config.getMapConfig(SESSION_MAP_NAME)
 				.setTimeToLiveSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS);
@@ -78,14 +80,14 @@ public class Initializer implements ServletContextListener {
 			socket = new ServerSocket(0);
 			return socket.getLocalPort();
 		}
-		catch (IOException e) {
-			throw new RuntimeException(e);
+		catch (IOException ex) {
+			throw new RuntimeException(ex);
 		}
 		finally {
 			try {
 				socket.close();
 			}
-			catch (IOException e) {
+			catch (IOException ex) {
 			}
 		}
 	}

samples/xml/redis/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.7";
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

settings.gradle

@@ -10,7 +10,7 @@ String rootDirPath = rootDir.absolutePath + File.separator
 buildFiles.each { File buildFile ->
 	if (buildFile.name == 'build.gradle') {
 		String buildFilePath = buildFile.parentFile.absolutePath
-		String projectPath = buildFilePath.replace(rootDirPath, '').replaceAll(File.separator, ':')
+		String projectPath = buildFilePath.replace(rootDirPath, '').replace(File.separator, ':')
 		include projectPath
 	}
 	else {

spring-session-core/src/main/java/org/springframework/session/MapSession.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import java.io.Serializable;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
@@ -122,7 +123,12 @@ public final class MapSession implements Session, Serializable {
 		return this.id;
 	}
 
-	String getOriginalId() {
+	/**
+	 * Get the original session id.
+	 * @return the original session id
+	 * @see #changeSessionId()
+	 */
+	public String getOriginalId() {
 		return this.originalId;
 	}
 
@@ -172,7 +178,7 @@ public final class MapSession implements Session, Serializable {
 
 	@Override
 	public Set<String> getAttributeNames() {
-		return this.sessionAttrs.keySet();
+		return new HashSet<>(this.sessionAttrs.keySet());
 	}
 
 	@Override

spring-session-core/src/main/java/org/springframework/session/MapSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

spring-session-core/src/main/java/org/springframework/session/ReactiveMapSessionRepository.java

@@ -86,7 +86,7 @@ public class ReactiveMapSessionRepository implements ReactiveSessionRepository<M
 	public Mono<MapSession> findById(String id) {
 		// @formatter:off
 		return Mono.defer(() -> Mono.justOrEmpty(this.sessions.get(id))
-				.filter(session -> !session.isExpired())
+				.filter((session) -> !session.isExpired())
 				.map(MapSession::new)
 				.switchIfEmpty(deleteById(id).then(Mono.empty())));
 		// @formatter:on

spring-session-core/src/main/java/org/springframework/session/Session.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -47,7 +47,7 @@ public interface Session {
 	 * Gets the Object associated with the specified name or null if no Object is
 	 * associated to that name.
 	 *
-	 * @param <T> The return type of the attribute
+	 * @param <T> the return type of the attribute
 	 * @param attributeName the name of the attribute to get
 	 * @return the Object associated with the specified name or null if no Object is
 	 * associated to that name
@@ -81,7 +81,7 @@ public interface Session {
 	@SuppressWarnings("unchecked")
 	default <T> T getAttributeOrDefault(String name, T defaultValue) {
 		T result = getAttribute(name);
-		return result == null ? defaultValue : result;
+		return (result != null) ? result : defaultValue;
 	}
 
 	/**

spring-session-core/src/main/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -110,8 +110,9 @@ public class SpringHttpSessionConfiguration implements ApplicationContextAware {
 
 	@PostConstruct
 	public void init() {
-		CookieSerializer cookieSerializer = this.cookieSerializer != null
-				? this.cookieSerializer : createDefaultCookieSerializer();
+		CookieSerializer cookieSerializer = (this.cookieSerializer != null)
+				? this.cookieSerializer
+				: createDefaultCookieSerializer();
 		this.defaultHttpSessionIdResolver.setCookieSerializer(cookieSerializer);
 	}
 
@@ -169,9 +170,9 @@ public class SpringHttpSessionConfiguration implements ApplicationContextAware {
 			try {
 				sessionCookieConfig = this.servletContext.getSessionCookieConfig();
 			}
-			catch (UnsupportedOperationException e) {
+			catch (UnsupportedOperationException ex) {
 				this.logger
-						.warn("Unable to obtain SessionCookieConfig: " + e.getMessage());
+						.warn("Unable to obtain SessionCookieConfig: " + ex.getMessage());
 			}
 			if (sessionCookieConfig != null) {
 				if (sessionCookieConfig.getName() != null) {

spring-session-core/src/main/java/org/springframework/session/events/AbstractSessionEvent.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -45,7 +45,7 @@ public abstract class AbstractSessionEvent extends ApplicationEvent {
 	 * implementations it may not be possible to get the original session in which case
 	 * this may be null.
 	 *
-	 * @param <S> The type of Session
+	 * @param <S> the type of Session
 	 * @return the expired {@link Session} or null if the data store does not support
 	 * obtaining it
 	 */

spring-session-core/src/main/java/org/springframework/session/security/SpringSessionBackedSessionInformation.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -63,7 +63,7 @@ class SpringSessionBackedSessionInformation<S extends Session>
 	/**
 	 * Tries to determine the principal's name from the given Session.
 	 *
-	 * @param session Spring Session session
+	 * @param session the session
 	 * @return the principal's name, or empty String if it couldn't be determined
 	 */
 	private static String resolvePrincipal(Session session) {

spring-session-core/src/main/java/org/springframework/session/web/http/CookieSerializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -78,7 +78,7 @@ public interface CookieSerializer {
 		 * modified by the {@link CookieSerializer} when writing to the actual cookie so
 		 * long as the original value is returned when the cookie is read.
 		 */
-		CookieValue(HttpServletRequest request, HttpServletResponse response,
+		public CookieValue(HttpServletRequest request, HttpServletResponse response,
 				String cookieValue) {
 			this.request = request;
 			this.response = response;

spring-session-core/src/main/java/org/springframework/session/web/http/DefaultCookieSerializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,11 +22,13 @@ import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import javax.servlet.ServletRequest;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 /**
  * The default implementation of {@link CookieSerializer}.
  *
@@ -37,11 +39,13 @@ import javax.servlet.http.HttpServletResponse;
  */
 public class DefaultCookieSerializer implements CookieSerializer {
 
+	private static final Log logger = LogFactory.getLog(DefaultCookieSerializer.class);
+
 	private String cookieName = "SESSION";
 
 	private Boolean useSecureCookie;
 
-	private boolean useHttpOnlyCookie = isServlet3();
+	private boolean useHttpOnlyCookie = true;
 
 	private String cookiePath;
 
@@ -70,8 +74,8 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		if (cookies != null) {
 			for (Cookie cookie : cookies) {
 				if (this.cookieName.equals(cookie.getName())) {
-					String sessionId = this.useBase64Encoding
-							? base64Decode(cookie.getValue()) : cookie.getValue();
+					String sessionId = (this.useBase64Encoding
+							? base64Decode(cookie.getValue()) : cookie.getValue());
 					if (sessionId == null) {
 						continue;
 					}
@@ -98,8 +102,9 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		HttpServletResponse response = cookieValue.getResponse();
 
 		String requestedCookieValue = cookieValue.getCookieValue();
-		String actualCookieValue = this.jvmRoute == null ? requestedCookieValue
-				: requestedCookieValue + this.jvmRoute;
+		String actualCookieValue = (this.jvmRoute != null)
+				? requestedCookieValue + this.jvmRoute
+				: requestedCookieValue;
 
 		Cookie sessionCookie = new Cookie(this.cookieName, this.useBase64Encoding
 				? base64Encode(actualCookieValue) : actualCookieValue);
@@ -141,7 +146,8 @@ public class DefaultCookieSerializer implements CookieSerializer {
 			byte[] decodedCookieBytes = Base64.getDecoder().decode(base64Value);
 			return new String(decodedCookieBytes);
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
+			logger.debug("Unable to Base64 decode value: " + base64Value);
 			return null;
 		}
 	}
@@ -168,16 +174,11 @@ public class DefaultCookieSerializer implements CookieSerializer {
 	}
 
 	/**
-	 * Sets if a Cookie marked as HTTP Only should be used. The default is true in Servlet
-	 * 3+ environments, else false.
+	 * Sets if a Cookie marked as HTTP Only should be used. The default is true.
 	 *
 	 * @param useHttpOnlyCookie determines if the cookie should be marked as HTTP Only.
 	 */
 	public void setUseHttpOnlyCookie(boolean useHttpOnlyCookie) {
-		if (useHttpOnlyCookie && !isServlet3()) {
-			throw new IllegalArgumentException(
-					"You cannot set useHttpOnlyCookie to true in pre Servlet 3 environment");
-		}
 		this.useHttpOnlyCookie = useHttpOnlyCookie;
 	}
 
@@ -337,19 +338,4 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		return this.cookiePath;
 	}
 
-	/**
-	 * Returns true if the Servlet 3 APIs are detected.
-	 *
-	 * @return whether the Servlet 3 APIs are detected
-	 */
-	private boolean isServlet3() {
-		try {
-			ServletRequest.class.getMethod("startAsync");
-			return true;
-		}
-		catch (NoSuchMethodException e) {
-		}
-		return false;
-	}
-
 }

spring-session-core/src/main/java/org/springframework/session/web/http/HeaderHttpSessionIdResolver.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -98,7 +98,7 @@ public class HeaderHttpSessionIdResolver implements HttpSessionIdResolver {
 	@Override
 	public List<String> resolveSessionIds(HttpServletRequest request) {
 		String headerValue = request.getHeader(this.headerName);
-		return headerValue != null ? Collections.singletonList(headerValue)
+		return (headerValue != null) ? Collections.singletonList(headerValue)
 				: Collections.emptyList();
 	}
 

spring-session-core/src/main/java/org/springframework/session/web/http/HttpSessionIdResolver.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,7 +28,7 @@ import javax.servlet.http.HttpServletResponse;
  *
  * @author Rob Winch
  * @author Vedran Pavic
- * @since 1.0
+ * @since 2.0.0
  */
 public interface HttpSessionIdResolver {
 

spring-session-core/src/main/java/org/springframework/session/web/http/OnCommittedResponseWrapper.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -174,11 +174,11 @@ abstract class OnCommittedResponseWrapper extends HttpServletResponseWrapper {
 	}
 
 	private void trackContentLength(byte[] content) {
-		checkContentLength(content == null ? 0 : content.length);
+		checkContentLength((content != null) ? content.length : 0);
 	}
 
 	private void trackContentLength(char[] content) {
-		checkContentLength(content == null ? 0 : content.length);
+		checkContentLength((content != null) ? content.length : 0);
 	}
 
 	private void trackContentLength(int content) {
@@ -257,13 +257,13 @@ abstract class OnCommittedResponseWrapper extends HttpServletResponseWrapper {
 		}
 
 		@Override
-		public int hashCode() {
-			return this.delegate.hashCode();
+		public boolean equals(Object obj) {
+			return this.delegate.equals(obj);
 		}
 
 		@Override
-		public boolean equals(Object obj) {
-			return this.delegate.equals(obj);
+		public int hashCode() {
+			return this.delegate.hashCode();
 		}
 
 		@Override
@@ -502,13 +502,13 @@ abstract class OnCommittedResponseWrapper extends HttpServletResponseWrapper {
 		}
 
 		@Override
-		public int hashCode() {
-			return this.delegate.hashCode();
+		public boolean equals(Object obj) {
+			return this.delegate.equals(obj);
 		}
 
 		@Override
-		public boolean equals(Object obj) {
-			return this.delegate.equals(obj);
+		public int hashCode() {
+			return this.delegate.hashCode();
 		}
 
 		@Override

spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,10 +18,14 @@ package org.springframework.session.web.http;
 
 import java.io.IOException;
 import java.time.Instant;
+import java.util.List;
 
 import javax.servlet.FilterChain;
+import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
@@ -70,6 +74,7 @@ import org.springframework.session.SessionRepository;
  * @since 1.0
  * @author Rob Winch
  * @author Vedran Pavic
+ * @author Josh Cummings
  */
 @Order(SessionRepositoryFilter.DEFAULT_ORDER)
 public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFilter {
@@ -196,14 +201,20 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 	private final class SessionRepositoryRequestWrapper
 			extends HttpServletRequestWrapper {
 
-		private Boolean requestedSessionIdValid;
-
-		private boolean requestedSessionInvalidated;
-
 		private final HttpServletResponse response;
 
 		private final ServletContext servletContext;
 
+		private S requestedSession;
+
+		private boolean requestedSessionCached;
+
+		private String requestedSessionId;
+
+		private Boolean requestedSessionIdValid;
+
+		private boolean requestedSessionInvalidated;
+
 		private SessionRepositoryRequestWrapper(HttpServletRequest request,
 				HttpServletResponse response, ServletContext servletContext) {
 			super(request);
@@ -225,6 +236,7 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 			}
 			else {
 				S session = wrappedSession.getSession();
+				clearRequestedSessionCache();
 				SessionRepositoryFilter.this.sessionRepository.save(session);
 				String sessionId = session.getId();
 				if (!isRequestedSessionIdValid()
@@ -265,11 +277,12 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 		@Override
 		public boolean isRequestedSessionIdValid() {
 			if (this.requestedSessionIdValid == null) {
-				String sessionId = getRequestedSessionId();
-				S session = sessionId == null ? null : getSession(sessionId);
-				return isRequestedSessionIdValid(session);
+				S requestedSession = getRequestedSession();
+				if (requestedSession != null) {
+					requestedSession.setLastAccessedTime(Instant.now());
+				}
+				return isRequestedSessionIdValid(requestedSession);
 			}
-
 			return this.requestedSessionIdValid;
 		}
 
@@ -284,28 +297,18 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 			return getCurrentSession() == null && this.requestedSessionInvalidated;
 		}
 
-		private S getSession(String sessionId) {
-			S session = SessionRepositoryFilter.this.sessionRepository
-					.findById(sessionId);
-			if (session == null) {
-				return null;
-			}
-			session.setLastAccessedTime(Instant.now());
-			return session;
-		}
-
 		@Override
 		public HttpSessionWrapper getSession(boolean create) {
 			HttpSessionWrapper currentSession = getCurrentSession();
 			if (currentSession != null) {
 				return currentSession;
 			}
-			String requestedSessionId = getRequestedSessionId();
-			if (requestedSessionId != null) {
+			S requestedSession = getRequestedSession();
+			if (requestedSession != null) {
 				if (getAttribute(INVALID_SESSION_ID_ATTR) == null) {
-					S session = getSession(requestedSessionId);
+					requestedSession.setLastAccessedTime(Instant.now());
 					this.requestedSessionIdValid = true;
-					currentSession = new HttpSessionWrapper(session, getServletContext());
+					currentSession = new HttpSessionWrapper(requestedSession, getServletContext());
 					currentSession.setNew(false);
 					setCurrentSession(currentSession);
 					return currentSession;
@@ -353,11 +356,43 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 
 		@Override
 		public String getRequestedSessionId() {
-			return SessionRepositoryFilter.this.httpSessionIdResolver
-					.resolveSessionIds(this).stream()
-					.filter(sessionId -> SessionRepositoryFilter.this.sessionRepository
-							.findById(sessionId) != null)
-					.findFirst().orElse(null);
+			if (this.requestedSessionId == null) {
+				getRequestedSession();
+			}
+			return this.requestedSessionId;
+		}
+
+		@Override
+		public RequestDispatcher getRequestDispatcher(String path) {
+			RequestDispatcher requestDispatcher = super.getRequestDispatcher(path);
+			return new SessionCommittingRequestDispatcher(requestDispatcher);
+		}
+
+		private S getRequestedSession() {
+			if (!this.requestedSessionCached) {
+				List<String> sessionIds = SessionRepositoryFilter.this.httpSessionIdResolver
+						.resolveSessionIds(this);
+				for (String sessionId : sessionIds) {
+					if (this.requestedSessionId == null) {
+						this.requestedSessionId = sessionId;
+					}
+					S session = SessionRepositoryFilter.this.sessionRepository
+							.findById(sessionId);
+					if (session != null) {
+						this.requestedSession = session;
+						this.requestedSessionId = sessionId;
+						break;
+					}
+				}
+				this.requestedSessionCached = true;
+			}
+			return this.requestedSession;
+		}
+
+		private void clearRequestedSessionCache() {
+			this.requestedSessionCached = false;
+			this.requestedSession = null;
+			this.requestedSessionId = null;
 		}
 
 		/**
@@ -377,10 +412,40 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 				super.invalidate();
 				SessionRepositoryRequestWrapper.this.requestedSessionInvalidated = true;
 				setCurrentSession(null);
+				clearRequestedSessionCache();
 				SessionRepositoryFilter.this.sessionRepository.deleteById(getId());
 			}
 		}
 
+		/**
+		 * Ensures session is committed before issuing an include.
+		 *
+		 * @since 2.0.8
+		 */
+		private final class SessionCommittingRequestDispatcher
+				implements RequestDispatcher {
+
+			private final RequestDispatcher delegate;
+
+			SessionCommittingRequestDispatcher(RequestDispatcher delegate) {
+				this.delegate = delegate;
+			}
+
+			@Override
+			public void forward(ServletRequest request, ServletResponse response)
+					throws ServletException, IOException {
+				this.delegate.forward(request, response);
+			}
+
+			@Override
+			public void include(ServletRequest request, ServletResponse response)
+					throws ServletException, IOException {
+				SessionRepositoryRequestWrapper.this.commitSession();
+				this.delegate.include(request, response);
+			}
+
+		}
+
 	}
 
 }

spring-session-core/src/main/java/org/springframework/session/web/server/session/SpringSessionWebSessionStore.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -46,6 +46,7 @@ import org.springframework.web.server.session.WebSessionStore;
  *
  * @param <S> the {@link Session} type
  * @author Rob Winch
+ * @author Vedran Pavic
  * @since 2.0
  */
 public class SpringSessionWebSessionStore<S extends Session> implements WebSessionStore {
@@ -94,7 +95,9 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 
 	@Override
 	public Mono<WebSession> retrieveSession(String sessionId) {
-		return this.sessions.findById(sessionId).map(this::existingSession);
+		return this.sessions.findById(sessionId)
+				.doOnNext((session) -> session.setLastAccessedTime(this.clock.instant()))
+				.map(this::existingSession);
 	}
 
 	@Override
@@ -161,6 +164,7 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 
 		@Override
 		public Mono<Void> invalidate() {
+			this.state.set(State.EXPIRED);
 			return SpringSessionWebSessionStore.this.sessions.deleteById(this.session.getId());
 		}
 
@@ -171,7 +175,14 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 
 		@Override
 		public boolean isExpired() {
-			return this.session.isExpired();
+			if (this.state.get().equals(State.EXPIRED)) {
+				return true;
+			}
+			if (this.session.isExpired()) {
+				this.state.set(State.EXPIRED);
+				return true;
+			}
+			return false;
 		}
 
 		@Override
@@ -196,7 +207,7 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 	}
 
 	private enum State {
-		NEW, STARTED
+		NEW, STARTED, EXPIRED
 	}
 
 	private static class SpringSessionMap implements Map<String, Object> {
@@ -228,7 +239,7 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 		@Override
 		public boolean containsValue(Object value) {
 			return this.session.getAttributeNames().stream()
-					.anyMatch(attrName -> this.session.getAttribute(attrName) != null);
+					.anyMatch((attrName) -> this.session.getAttribute(attrName) != null);
 		}
 
 		@Override

spring-session-core/src/main/java/org/springframework/session/web/socket/config/annotation/AbstractSessionWebSocketMessageBrokerConfigurer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,10 +25,10 @@ import org.springframework.session.SessionRepository;
 import org.springframework.session.web.socket.handler.WebSocketConnectHandlerDecoratorFactory;
 import org.springframework.session.web.socket.handler.WebSocketRegistryListener;
 import org.springframework.session.web.socket.server.SessionRepositoryMessageInterceptor;
-import org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 import org.springframework.web.socket.config.annotation.StompWebSocketEndpointRegistration;
 import org.springframework.web.socket.config.annotation.WebMvcStompEndpointRegistry;
+import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
 import org.springframework.web.socket.config.annotation.WebSocketTransportRegistration;
 import org.springframework.web.socket.messaging.StompSubProtocolErrorHandler;
 import org.springframework.web.socket.server.HandshakeInterceptor;
@@ -75,7 +75,7 @@ import org.springframework.web.util.UrlPathHelper;
  * @since 1.0
  */
 public abstract class AbstractSessionWebSocketMessageBrokerConfigurer<S extends Session>
-		extends AbstractWebSocketMessageBrokerConfigurer {
+		implements WebSocketMessageBrokerConfigurer {
 
 	@Autowired
 	@SuppressWarnings("rawtypes")

spring-session-core/src/main/java/org/springframework/session/web/socket/handler/WebSocketRegistryListener.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -71,8 +71,9 @@ public final class WebSocketRegistryListener
 			SessionDisconnectEvent e = (SessionDisconnectEvent) event;
 			Map<String, Object> sessionAttributes = SimpMessageHeaderAccessor
 					.getSessionAttributes(e.getMessage().getHeaders());
-			String httpSessionId = sessionAttributes == null ? null
-					: SessionRepositoryMessageInterceptor.getSessionId(sessionAttributes);
+			String httpSessionId = (sessionAttributes != null)
+					? SessionRepositoryMessageInterceptor.getSessionId(sessionAttributes)
+					: null;
 			afterConnectionClosed(httpSessionId, e.getSessionId());
 		}
 	}
@@ -140,10 +141,10 @@ public final class WebSocketRegistryListener
 			try {
 				toClose.close(SESSION_EXPIRED_STATUS);
 			}
-			catch (IOException e) {
+			catch (IOException ex) {
 				logger.debug(
 						"Failed to close WebSocketSession (this is nothing to worry about but for debugging only)",
-						e);
+						ex);
 			}
 		}
 	}

spring-session-core/src/main/java/org/springframework/session/web/socket/server/SessionRepositoryMessageInterceptor.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,7 +31,6 @@ import org.springframework.messaging.MessageChannel;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
 import org.springframework.messaging.simp.SimpMessageType;
 import org.springframework.messaging.support.ChannelInterceptor;
-import org.springframework.messaging.support.ChannelInterceptorAdapter;
 import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
 import org.springframework.util.Assert;
@@ -63,7 +62,7 @@ import org.springframework.web.socket.server.HandshakeInterceptor;
  * @since 1.0
  */
 public final class SessionRepositoryMessageInterceptor<S extends Session>
-		extends ChannelInterceptorAdapter implements HandshakeInterceptor {
+		implements ChannelInterceptor, HandshakeInterceptor {
 
 	private static final String SPRING_SESSION_ID_ATTR_NAME = "SPRING.SESSION.ID";
 
@@ -114,12 +113,13 @@ public final class SessionRepositoryMessageInterceptor<S extends Session>
 		SimpMessageType messageType = SimpMessageHeaderAccessor
 				.getMessageType(message.getHeaders());
 		if (!this.matchingMessageTypes.contains(messageType)) {
-			return super.preSend(message, channel);
+			return message;
 		}
 		Map<String, Object> sessionHeaders = SimpMessageHeaderAccessor
 				.getSessionAttributes(message.getHeaders());
-		String sessionId = sessionHeaders == null ? null
-				: (String) sessionHeaders.get(SPRING_SESSION_ID_ATTR_NAME);
+		String sessionId = (sessionHeaders != null)
+				? (String) sessionHeaders.get(SPRING_SESSION_ID_ATTR_NAME)
+				: null;
 		if (sessionId != null) {
 			S session = this.sessionRepository.findById(sessionId);
 			if (session != null) {
@@ -128,7 +128,7 @@ public final class SessionRepositoryMessageInterceptor<S extends Session>
 				this.sessionRepository.save(session);
 			}
 		}
-		return super.preSend(message, channel);
+		return message;
 	}
 
 	@Override

spring-session-core/src/test/java/org/springframework/session/MapSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -100,4 +100,17 @@ public class MapSessionRepositoryTests {
 		assertThat(this.repository.findById(createSession.getId())).isNotNull();
 	}
 
+	@Test // gh-1120
+	public void getAttributeNamesAndRemove() {
+		MapSession session = this.repository.createSession();
+		session.setAttribute("attribute1", "value1");
+		session.setAttribute("attribute2", "value2");
+
+		for (String attributeName : session.getAttributeNames()) {
+			session.removeAttribute(attributeName);
+		}
+
+		assertThat(session.getAttributeNames()).isEmpty();
+	}
+
 }

spring-session-core/src/test/java/org/springframework/session/MapSessionTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@ import org.junit.Before;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 public class MapSessionTests {
 
@@ -35,9 +36,11 @@ public class MapSessionTests {
 		this.session.setLastAccessedTime(Instant.ofEpochMilli(1413258262962L));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullSession() {
-		new MapSession((Session) null);
+		assertThatThrownBy(() -> new MapSession((Session) null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("session cannot be null");
 	}
 
 	@Test
@@ -65,9 +68,11 @@ public class MapSessionTests {
 		assertThat(result).isEqualTo(attrValue);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void getRequiredAttributeWhenNullThenException() {
-		this.session.getRequiredAttribute("attrName");
+		assertThatThrownBy(() -> this.session.getRequiredAttribute("attrName"))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("Required attribute 'attrName' is missing.");
 	}
 
 	@Test
@@ -128,6 +133,18 @@ public class MapSessionTests {
 		assertThat(this.session.isExpired(now)).isTrue();
 	}
 
+	@Test // gh-1120
+	public void getAttributeNamesAndRemove() {
+		this.session.setAttribute("attribute1", "value1");
+		this.session.setAttribute("attribute2", "value2");
+
+		for (String attributeName : this.session.getAttributeNames()) {
+			this.session.removeAttribute(attributeName);
+		}
+
+		assertThat(this.session.getAttributeNames()).isEmpty();
+	}
+
 	static class CustomSession implements Session {
 
 		@Override

spring-session-core/src/test/java/org/springframework/session/ReactiveMapSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,6 +27,7 @@ import org.junit.Before;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * Tests for {@link ReactiveMapSessionRepository}.
@@ -57,10 +58,11 @@ public class ReactiveMapSessionRepositoryTests {
 		assertThat(findByIdSession.getId()).isEqualTo(this.session.getId());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorMapWhenNullThenThrowsIllegalArgumentException() {
-		Map<String, Session> sessions = null;
-		new ReactiveMapSessionRepository(sessions);
+		assertThatThrownBy(() -> new ReactiveMapSessionRepository(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("sessions cannot be null");
 	}
 
 	@Test
@@ -142,4 +144,17 @@ public class ReactiveMapSessionRepositoryTests {
 		assertThat(this.repository.findById(createSession.getId()).block()).isNotNull();
 	}
 
+	@Test // gh-1120
+	public void getAttributeNamesAndRemove() {
+		MapSession session = this.repository.createSession().block();
+		session.setAttribute("attribute1", "value1");
+		session.setAttribute("attribute2", "value2");
+
+		for (String attributeName : session.getAttributeNames()) {
+			session.removeAttribute(attributeName);
+		}
+
+		assertThat(session.getAttributeNames()).isEmpty();
+	}
+
 }

spring-session-core/src/test/java/org/springframework/session/config/annotation/web/http/EnableSpringHttpSessionCustomCookieSerializerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -49,6 +49,7 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.verify;
 
 /**
@@ -82,6 +83,9 @@ public class EnableSpringHttpSessionCustomCookieSerializerTests {
 	@Before
 	public void setup() {
 		this.chain = new MockFilterChain();
+
+		reset(this.sessionRepository);
+		reset(this.cookieSerializer);
 	}
 
 	@Test
@@ -99,7 +103,7 @@ public class EnableSpringHttpSessionCustomCookieSerializerTests {
 
 	@Test
 	public void usesWrite() throws Exception {
-		given(this.sessionRepository.findById(anyString())).willReturn(new MapSession());
+		given(this.sessionRepository.createSession()).willReturn(new MapSession());
 
 		this.sessionRepositoryFilter.doFilter(this.request, this.response,
 				new MockFilterChain() {

spring-session-core/src/test/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,11 +21,7 @@ import java.util.concurrent.ConcurrentHashMap;
 import javax.servlet.ServletContext;
 
 import org.junit.After;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
-import org.junit.runner.RunWith;
-import org.mockito.junit.MockitoJUnitRunner;
 
 import org.springframework.beans.factory.UnsatisfiedDependencyException;
 import org.springframework.context.annotation.AnnotationConfigApplicationContext;
@@ -42,18 +38,15 @@ import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * Tests for {@link SpringHttpSessionConfiguration}.
  *
  * @author Vedran Pavic
  */
-@RunWith(MockitoJUnitRunner.class)
 public class SpringHttpSessionConfigurationTests {
 
-	@Rule
-	public final ExpectedException thrown = ExpectedException.none();
-
 	private AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
 
 	@After
@@ -70,10 +63,9 @@ public class SpringHttpSessionConfigurationTests {
 
 	@Test
 	public void noSessionRepositoryConfiguration() {
-		this.thrown.expect(UnsatisfiedDependencyException.class);
-		this.thrown.expectMessage("org.springframework.session.SessionRepository");
-
-		registerAndRefresh(EmptyConfiguration.class);
+		assertThatThrownBy(() -> registerAndRefresh(EmptyConfiguration.class))
+				.isInstanceOf(UnsatisfiedDependencyException.class)
+				.hasMessageContaining("org.springframework.session.SessionRepository");
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/security/web/authentication/SpringSessionRememberMeServicesTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,15 +20,14 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -43,9 +42,6 @@ import static org.mockito.Mockito.verifyZeroInteractions;
  */
 public class SpringSessionRememberMeServicesTests {
 
-	@Rule
-	public ExpectedException thrown = ExpectedException.none();
-
 	private SpringSessionRememberMeServices rememberMeServices;
 
 	@Test
@@ -71,10 +67,10 @@ public class SpringSessionRememberMeServicesTests {
 
 	@Test
 	public void createWithNullParameter() {
-		this.thrown.expect(IllegalArgumentException.class);
-		this.thrown.expectMessage("rememberMeParameterName cannot be empty or null");
 		this.rememberMeServices = new SpringSessionRememberMeServices();
-		this.rememberMeServices.setRememberMeParameterName(null);
+		assertThatThrownBy(() -> this.rememberMeServices.setRememberMeParameterName(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("rememberMeParameterName cannot be empty or null");
 	}
 
 	@Test
@@ -114,7 +110,8 @@ public class SpringSessionRememberMeServicesTests {
 		this.rememberMeServices = new SpringSessionRememberMeServices();
 		this.rememberMeServices.loginFail(request, response);
 		verify(request, times(1)).getSession(eq(false));
-		verify(session, times(1)).removeAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
+		verify(session, times(1)).removeAttribute(
+				HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
 		verifyZeroInteractions(request, response, session);
 	}
 

spring-session-core/src/test/java/org/springframework/session/web/http/DefaultCookieSerializerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,9 +21,7 @@ import java.util.Base64;
 import javax.servlet.http.Cookie;
 
 import org.junit.Before;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 import org.junit.runners.Parameterized.Parameters;
@@ -34,6 +32,7 @@ import org.springframework.session.web.http.CookieSerializer.CookieValue;
 import org.springframework.util.StringUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * Tests for {@link DefaultCookieSerializer}.
@@ -50,9 +49,6 @@ public class DefaultCookieSerializerTests {
 		return new Object[] { false, true };
 	}
 
-	@Rule
-	public ExpectedException thrown = ExpectedException.none();
-
 	private boolean useBase64Encoding;
 
 	private String cookieName;
@@ -214,10 +210,12 @@ public class DefaultCookieSerializerTests {
 		assertThat(getCookie().getDomain()).isEqualTo(domainName);
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void setDomainNameAndDomainNamePatternThrows() {
 		this.serializer.setDomainName("example.com");
-		this.serializer.setDomainNamePattern(".*");
+		assertThatThrownBy(() -> this.serializer.setDomainNamePattern(".*"))
+				.isInstanceOf(IllegalStateException.class)
+				.hasMessage("Cannot set both domainName and domainNamePattern");
 	}
 
 	// --- domainNamePattern ---
@@ -246,10 +244,12 @@ public class DefaultCookieSerializerTests {
 		}
 	}
 
-	@Test(expected = IllegalStateException.class)
+	@Test
 	public void setDomainNamePatternAndDomainNameThrows() {
 		this.serializer.setDomainNamePattern(".*");
-		this.serializer.setDomainName("example.com");
+		assertThatThrownBy(() -> this.serializer.setDomainName("example.com"))
+				.isInstanceOf(IllegalStateException.class)
+				.hasMessage("Cannot set both domainName and domainNamePattern");
 	}
 
 	// --- cookieName ---
@@ -271,9 +271,11 @@ public class DefaultCookieSerializerTests {
 		assertThat(getCookie().getName()).isEqualTo(cookieName);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setCookieNameNullThrows() {
-		this.serializer.setCookieName(null);
+		assertThatThrownBy(() -> this.serializer.setCookieName(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("cookieName cannot be null");
 	}
 
 	// --- cookiePath ---

spring-session-core/src/test/java/org/springframework/session/web/http/HeaderHttpSessionIdResolverTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,15 +20,14 @@ import java.util.Collections;
 import java.util.UUID;
 
 import org.junit.Before;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * Tests for {@link HeaderHttpSessionIdResolver}.
@@ -37,9 +36,6 @@ public class HeaderHttpSessionIdResolverTests {
 
 	private static final String HEADER_X_AUTH_TOKEN = "X-Auth-Token";
 
-	@Rule
-	public ExpectedException thrown = ExpectedException.none();
-
 	private MockHttpServletRequest request;
 
 	private MockHttpServletResponse response;
@@ -47,7 +43,7 @@ public class HeaderHttpSessionIdResolverTests {
 	private HeaderHttpSessionIdResolver resolver;
 
 	@Before
-	public void setup() throws Exception {
+	public void setup() {
 		this.request = new MockHttpServletRequest();
 		this.response = new MockHttpServletResponse();
 		this.resolver = HeaderHttpSessionIdResolver.xAuthToken();
@@ -78,9 +74,9 @@ public class HeaderHttpSessionIdResolverTests {
 
 	@Test
 	public void createResolverWithNullHeaderName() {
-		this.thrown.expect(IllegalArgumentException.class);
-		this.thrown.expectMessage("headerName cannot be null");
-		new HeaderHttpSessionIdResolver(null);
+		assertThatThrownBy(() -> new HeaderHttpSessionIdResolver(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("headerName cannot be null");
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -58,6 +58,7 @@ import org.springframework.session.SessionRepository;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -66,6 +67,7 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyZeroInteractions;
 
@@ -1164,6 +1166,23 @@ public class SessionRepositoryFilterTests {
 		});
 	}
 
+	@Test // gh-1243
+	public void doFilterInclude() throws Exception {
+		doFilter(new DoInFilter() {
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest,
+					HttpServletResponse wrappedResponse)
+					throws IOException, ServletException {
+				String id = wrappedRequest.getSession().getId();
+				wrappedRequest.getRequestDispatcher("/").include(wrappedRequest,
+						wrappedResponse);
+				assertThat(
+						SessionRepositoryFilterTests.this.sessionRepository.findById(id))
+								.isNotNull();
+			}
+		});
+	}
+
 	// --- HttpSessionIdResolver
 
 	@Test
@@ -1190,6 +1209,29 @@ public class SessionRepositoryFilterTests {
 		});
 	}
 
+	@Test // gh-1229
+	public void doFilterAdapterGetRequestedSessionIdForInvalidSession() throws Exception {
+		SessionRepository<MapSession> sessionRepository = new MapSessionRepository(
+				new HashMap<>());
+
+		this.filter = new SessionRepositoryFilter<>(sessionRepository);
+		this.filter.setHttpSessionIdResolver(this.strategy);
+		final String expectedId = "HttpSessionIdResolver-requested-id1";
+		final String otherId = "HttpSessionIdResolver-requested-id2";
+
+		given(this.strategy.resolveSessionIds(any(HttpServletRequest.class)))
+				.willReturn(Arrays.asList(expectedId, otherId));
+
+		doFilter(new DoInFilter() {
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest,
+					HttpServletResponse wrappedResponse) {
+				assertThat(wrappedRequest.getRequestedSessionId()).isEqualTo(expectedId);
+				assertThat(wrappedRequest.isRequestedSessionIdValid()).isFalse();
+			}
+		});
+	}
+
 	@Test
 	public void doFilterAdapterOnNewSession() throws Exception {
 		this.filter.setHttpSessionIdResolver(this.strategy);
@@ -1334,6 +1376,32 @@ public class SessionRepositoryFilterTests {
 		verifyZeroInteractions(sessionRepository);
 	}
 
+	@Test
+	public void doFilterSessionRetrievalIsCached() throws Exception {
+		MapSession session = this.sessionRepository.createSession();
+		this.sessionRepository.save(session);
+		SessionRepository<MapSession> sessionRepository = spy(this.sessionRepository);
+		setSessionCookie(session.getId());
+
+		this.filter = new SessionRepositoryFilter<>(sessionRepository);
+
+		doFilter(new DoInFilter() {
+			@Override
+			public void doFilter(HttpServletRequest wrappedRequest,
+					HttpServletResponse wrappedResponse) {
+				wrappedRequest.getSession().invalidate();
+				wrappedRequest.getSession();
+			}
+		});
+
+		// 3 invocations expected: initial resolution, after invalidation, after commit
+		verify(sessionRepository, times(3)).findById(eq(session.getId()));
+		verify(sessionRepository).deleteById(eq(session.getId()));
+		verify(sessionRepository).createSession();
+		verify(sessionRepository).save(any());
+		verifyZeroInteractions(sessionRepository);
+	}
+
 	// --- order
 
 	@Test
@@ -1343,15 +1411,19 @@ public class SessionRepositoryFilterTests {
 	}
 
 	// We want the filter to work without any dependencies on Spring
-	@Test(expected = ClassCastException.class)
+	@Test
 	@SuppressWarnings("unused")
 	public void doesNotImplementOrdered() {
-		Ordered o = (Ordered) this.filter;
+		assertThatThrownBy(() -> {
+			Ordered o = (Ordered) this.filter;
+		}).isInstanceOf(ClassCastException.class);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setHttpSessionIdResolverNull() {
-		this.filter.setHttpSessionIdResolver(null);
+		assertThatThrownBy(() -> this.filter.setHttpSessionIdResolver(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("httpSessionIdResolver cannot be null");
 	}
 
 	// --- helper methods

spring-session-core/src/test/java/org/springframework/session/web/server/session/SpringSessionWebSessionStoreTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -33,6 +33,7 @@ import org.springframework.session.Session;
 import org.springframework.web.server.WebSession;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
@@ -41,7 +42,7 @@ import static org.mockito.Mockito.verify;
  * Tests for {@link SpringSessionWebSessionStore}.
  *
  * @author Rob Winch
- * @since 5.0
+ * @author Vedran Pavic
  */
 @RunWith(MockitoJUnitRunner.class)
 public class SpringSessionWebSessionStoreTests<S extends Session> {
@@ -66,9 +67,11 @@ public class SpringSessionWebSessionStoreTests<S extends Session> {
 				.willReturn(Mono.just(this.createSession));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorWhenNullRepositoryThenThrowsIllegalArgumentException() {
-		new SpringSessionWebSessionStore<S>(null);
+		assertThatThrownBy(() -> new SpringSessionWebSessionStore<S>(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("reactiveSessionRepository cannot be null");
 	}
 
 	@Test
@@ -268,6 +271,7 @@ public class SpringSessionWebSessionStoreTests<S extends Session> {
 				.retrieveSession(id).block();
 
 		assertThat(retrievedWebSession.isStarted()).isTrue();
+		verify(this.findByIdSession).setLastAccessedTime(any());
 	}
 
 	@Test
@@ -280,8 +284,28 @@ public class SpringSessionWebSessionStoreTests<S extends Session> {
 		verify(this.sessionRepository).deleteById(sessionId);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setClockWhenNullThenException() {
-		this.webSessionStore.setClock(null);
+		assertThatThrownBy(() -> this.webSessionStore.setClock(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("clock cannot be null");
 	}
+
+	@Test // gh-1114
+	public void createSessionThenSessionIsNotExpired() {
+		WebSession createdWebSession = this.webSessionStore.createWebSession().block();
+
+		assertThat(createdWebSession.isExpired()).isFalse();
+	}
+
+	@Test // gh-1114
+	public void invalidateSessionThenSessionIsExpired() {
+		WebSession createdWebSession = this.webSessionStore.createWebSession().block();
+		given(createdWebSession.invalidate()).willReturn(Mono.empty());
+
+		createdWebSession.invalidate().block();
+
+		assertThat(createdWebSession.isExpired()).isTrue();
+	}
+
 }

spring-session-core/src/test/java/org/springframework/session/web/socket/handler/WebSocketConnectHandlerDecoratorFactoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@ import org.springframework.web.socket.WebSocketHandler;
 import org.springframework.web.socket.WebSocketSession;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.any;
 import static org.mockito.Mockito.verify;
@@ -53,9 +54,11 @@ public class WebSocketConnectHandlerDecoratorFactoryTests {
 		this.factory = new WebSocketConnectHandlerDecoratorFactory(this.eventPublisher);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullEventPublisher() {
-		new WebSocketConnectHandlerDecoratorFactory(null);
+		assertThatThrownBy(() -> new WebSocketConnectHandlerDecoratorFactory(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("eventPublisher cannot be null");
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/web/socket/server/SessionRepositoryMessageInterceptorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,6 +43,7 @@ import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.argThat;
@@ -79,9 +80,11 @@ public class SessionRepositoryMessageInterceptorTests {
 		given(this.sessionRepository.findById(sessionId)).willReturn(this.session);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void preSendconstructorNullRepository() {
-		new SessionRepositoryMessageInterceptor<>(null);
+		assertThatThrownBy(() -> new SessionRepositoryMessageInterceptor<>(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("sessionRepository cannot be null");
 	}
 
 	@Test
@@ -129,14 +132,19 @@ public class SessionRepositoryMessageInterceptorTests {
 		verifyZeroInteractions(this.sessionRepository);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setMatchingMessageTypesNull() {
-		this.interceptor.setMatchingMessageTypes(null);
+		assertThatThrownBy(() -> this.interceptor.setMatchingMessageTypes(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("matchingMessageTypes cannot be null or empty");
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void setMatchingMessageTypesEmpty() {
-		this.interceptor.setMatchingMessageTypes(Collections.emptySet());
+		assertThatThrownBy(
+				() -> this.interceptor.setMatchingMessageTypes(Collections.emptySet()))
+						.isInstanceOf(IllegalArgumentException.class)
+						.hasMessage("matchingMessageTypes cannot be null or empty");
 	}
 
 	@Test

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/SessionEventRegistry.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -66,6 +66,6 @@ public class SessionEventRegistry implements ApplicationListener<AbstractSession
 	}
 
 	private Object getLock(String sessionId) {
-		return this.locks.computeIfAbsent(sessionId, k -> new Object());
+		return this.locks.computeIfAbsent(sessionId, (k) -> new Object());
 	}
 }

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/AbstractRedisITests.java

@@ -16,7 +16,6 @@
 
 package org.springframework.session.data.redis;
 
-import org.junit.ClassRule;
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,19 +29,23 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
  */
 public abstract class AbstractRedisITests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.7";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	protected static class BaseConfig {
 
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
 		@Bean
 		public LettuceConnectionFactory redisConnectionFactory() {
 			RedisStandaloneConfiguration configuration = new RedisStandaloneConfiguration(
-					redisContainer.getContainerIpAddress(),
-					redisContainer.getFirstMappedPort());
+					redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 			return new LettuceConnectionFactory(configuration);
 		}
 

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/ReactiveRedisOperationsSessionRepositoryITests.java

@@ -16,6 +16,8 @@
 
 package org.springframework.session.data.redis;
 
+import java.time.Instant;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
@@ -191,6 +193,28 @@ public class ReactiveRedisOperationsSessionRepositoryITests extends AbstractRedi
 		assertThat(this.repository.findById(originalId).block()).isNull();
 	}
 
+	// gh-1111
+	@Test
+	public void changeSessionSaveOldSessionInstance() {
+		ReactiveRedisOperationsSessionRepository.RedisSession toSave = this.repository
+				.createSession().block();
+		String sessionId = toSave.getId();
+
+		this.repository.save(toSave).block();
+
+		ReactiveRedisOperationsSessionRepository.RedisSession session = this.repository
+				.findById(sessionId).block();
+		session.changeSessionId();
+		session.setLastAccessedTime(Instant.now());
+		this.repository.save(session).block();
+
+		toSave.setLastAccessedTime(Instant.now());
+		this.repository.save(toSave).block();
+
+		assertThat(this.repository.findById(sessionId).block()).isNull();
+		assertThat(this.repository.findById(session.getId()).block()).isNotNull();
+	}
+
 	@Configuration
 	@EnableRedisWebSession
 	static class Config extends BaseConfig {

spring-session-data-redis/src/integration-test/java/org/springframework/session/data/redis/RedisOperationsSessionRepositoryITests.java

@@ -16,6 +16,7 @@
 
 package org.springframework.session.data.redis;
 
+import java.nio.charset.StandardCharsets;
 import java.util.Map;
 import java.util.UUID;
 
@@ -190,9 +191,10 @@ public class RedisOperationsSessionRepositoryITests extends AbstractRedisITests
 
 		String body = "RedisOperationsSessionRepositoryITests:sessions:expires:"
 				+ toSave.getId();
-		String channel = ":expired";
-		DefaultMessage message = new DefaultMessage(channel.getBytes("UTF-8"),
-				body.getBytes("UTF-8"));
+		String channel = "__keyevent@0__:expired";
+		DefaultMessage message = new DefaultMessage(
+				channel.getBytes(StandardCharsets.UTF_8),
+				body.getBytes(StandardCharsets.UTF_8));
 		byte[] pattern = new byte[] {};
 		this.repository.onMessage(message, pattern);
 
@@ -358,9 +360,10 @@ public class RedisOperationsSessionRepositoryITests extends AbstractRedisITests
 
 		String body = "RedisOperationsSessionRepositoryITests:sessions:expires:"
 				+ toSave.getId();
-		String channel = ":expired";
-		DefaultMessage message = new DefaultMessage(channel.getBytes("UTF-8"),
-				body.getBytes("UTF-8"));
+		String channel = "__keyevent@0__:expired";
+		DefaultMessage message = new DefaultMessage(
+				channel.getBytes(StandardCharsets.UTF_8),
+				body.getBytes(StandardCharsets.UTF_8));
 		byte[] pattern = new byte[] {};
 		this.repository.onMessage(message, pattern);
 
@@ -581,6 +584,22 @@ public class RedisOperationsSessionRepositoryITests extends AbstractRedisITests
 		assertThat(this.repository.findById(originalId)).isNull();
 	}
 
+	// gh-1137
+	@Test
+	public void changeSessionIdWhenSessionIsDeleted() {
+		RedisSession toSave = this.repository.createSession();
+		String sessionId = toSave.getId();
+		this.repository.save(toSave);
+
+		this.repository.deleteById(sessionId);
+
+		toSave.changeSessionId();
+		this.repository.save(toSave);
+
+		assertThat(this.repository.findById(toSave.getId())).isNull();
+		assertThat(this.repository.findById(sessionId)).isNull();
+	}
+
 	private String getSecurityName() {
 		return this.context.getAuthentication().getName();
 	}