Release 2.1.0.RC1

Resolves: #1157

.editorconfig

@@ -0,0 +1,19 @@
+root = true
+
+[*]
+end_of_line = lf
+trim_trailing_whitespace = true
+insert_final_newline = true
+max_line_length = 120
+
+[*.java]
+indent_style = tab
+indent_size = 4
+charset = latin1
+continuation_indent_size = 8
+
+[*.xml]
+indent_style = tab
+indent_size = 4
+charset = latin1
+continuation_indent_size = 8

.github/ISSUE_TEMPLATE.md

@@ -1,3 +1,7 @@
+<!--
+For Security Vulnerabilities, please use https://pivotal.io/security#reporting
+-->
+
 <!--
 Thanks for raising a Spring Session issue. Please provide a brief description of your problem along with the version of Spring Session that you are using. If possible, please also consider putting together a sample application that reproduces the issue.
 -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,3 +1,7 @@
+<!--
+For Security Vulnerabilities, please use https://pivotal.io/security#reporting
+-->
+
 <!--
 Thanks for contributing to Spring Session. Please provide a brief description of your pull-request and reference any related issue numbers (prefix references with #).
 -->

.gitignore

@@ -10,6 +10,6 @@ target
 out
 .springBeans
 *.rdb
-!eclispe/.checkstyle
 .checkstyle
+!etc/eclipse/.checkstyle
 !**/src/**/build

Jenkinsfile

@@ -1,9 +1,9 @@
-def projectProperties = [
-	[$class: 'BuildDiscarderProperty',
-		strategy: [$class: 'LogRotator', numToKeepStr: '5']],
-	pipelineTriggers([cron('@daily')])
-]
-properties(projectProperties)
+properties([
+		buildDiscarder(logRotator(numToKeepStr: '10')),
+		pipelineTriggers([
+				cron('@daily')
+		]),
+])
 
 def SUCCESS = hudson.model.Result.SUCCESS.toString()
 currentBuild.result = SUCCESS
@@ -11,49 +11,80 @@ currentBuild.result = SUCCESS
 try {
 	parallel check: {
 		stage('Check') {
-			node {
-				checkout scm
-				try {
-					sh "./gradlew clean check  --refresh-dependencies --no-daemon"
-				} catch(Exception e) {
-					currentBuild.result = 'FAILED: check'
-					throw e
-				} finally {
-					junit '**/build/*-results/*.xml'
+			timeout(time: 45, unit: 'MINUTES') {
+				node('ubuntu1804') {
+					checkout scm
+					try {
+						sh './gradlew clean check --no-daemon --refresh-dependencies'
+					}
+					catch (e) {
+						currentBuild.result = 'FAILED: check'
+						throw e
+					}
+					finally {
+						junit '**/build/test-results/*/*.xml'
+					}
 				}
 			}
 		}
 	},
-	springio: {
-		stage('Spring IO') {
-			node {
-				checkout scm
-				try {
-					sh "./gradlew clean springIoCheck -PplatformVersion=Cairo-BUILD-SNAPSHOT -PexcludeProjects='**/samples/**' --refresh-dependencies --no-daemon --stacktrace"
-				} catch(Exception e) {
-					currentBuild.result = 'FAILED: springio'
-					throw e
-				} finally {
-					junit '**/build/spring-io*-results/*.xml'
+	jdk10: {
+		stage('JDK 10') {
+			timeout(time: 45, unit: 'MINUTES') {
+				node('ubuntu1804') {
+					checkout scm
+					try {
+						withEnv(["JAVA_HOME=${tool 'jdk10'}"]) {
+							sh './gradlew clean test integrationTest --no-daemon --refresh-dependencies'
+						}
+					}
+					catch (e) {
+						currentBuild.result = 'FAILED: jdk10'
+						throw e
+					}
+				}
+			}
+		}
+	},
+	jdk11: {
+		stage('JDK 11') {
+			timeout(time: 45, unit: 'MINUTES') {
+				node('ubuntu1804') {
+					checkout scm
+					try {
+						withEnv(["JAVA_HOME=${tool 'jdk11'}"]) {
+							sh './gradlew clean test integrationTest --no-daemon --refresh-dependencies'
+						}
+					}
+					catch (e) {
+						currentBuild.result = 'FAILED: jdk11'
+						throw e
+					}
 				}
 			}
 		}
 	}
 
-	if(currentBuild.result == 'SUCCESS') {
+	if (currentBuild.result == 'SUCCESS') {
 		parallel artifacts: {
 			stage('Deploy Artifacts') {
 				node {
 					checkout scm
-					withCredentials([file(credentialsId: 'spring-signing-secring.gpg', variable: 'SIGNING_KEYRING_FILE')]) {
-						withCredentials([string(credentialsId: 'spring-gpg-passphrase', variable: 'SIGNING_PASSWORD')]) {
-							withCredentials([usernamePassword(credentialsId: 'oss-token', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USERNAME')]) {
-								withCredentials([usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD')]) {
-									sh "./gradlew deployArtifacts finalizeDeployArtifacts -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password='$SIGNING_PASSWORD' -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --refresh-dependencies --no-daemon --stacktrace"
+					try {
+						withCredentials([file(credentialsId: 'spring-signing-secring.gpg', variable: 'SIGNING_KEYRING_FILE')]) {
+							withCredentials([string(credentialsId: 'spring-gpg-passphrase', variable: 'SIGNING_PASSWORD')]) {
+								withCredentials([usernamePassword(credentialsId: 'oss-token', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USERNAME')]) {
+									withCredentials([usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD')]) {
+										sh './gradlew deployArtifacts finalizeDeployArtifacts --stacktrace --no-daemon --refresh-dependencies -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password=$SIGNING_PASSWORD -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD'
+									}
 								}
 							}
 						}
 					}
+					catch (e) {
+						currentBuild.result = 'FAILED: artifacts'
+						throw e
+					}
 				}
 			}
 		},
@@ -61,32 +92,38 @@ try {
 			stage('Deploy Docs') {
 				node {
 					checkout scm
-					withCredentials([file(credentialsId: 'docs.spring.io-jenkins_private_ssh_key', variable: 'DEPLOY_SSH_KEY')]) {
-						sh "./gradlew deployDocs -PdeployDocsSshKeyPath=$DEPLOY_SSH_KEY -PdeployDocsSshUsername=$SPRING_DOCS_USERNAME --refresh-dependencies --no-daemon --stacktrace"
+					try {
+						withCredentials([file(credentialsId: 'docs.spring.io-jenkins_private_ssh_key', variable: 'DEPLOY_SSH_KEY')]) {
+							sh './gradlew deployDocs --stacktrace --no-daemon --refresh-dependencies -PdeployDocsSshKeyPath=$DEPLOY_SSH_KEY -PdeployDocsSshUsername=$SPRING_DOCS_USERNAME'
+						}
+					}
+					catch (e) {
+						currentBuild.result = 'FAILED: docs'
+						throw e
 					}
 				}
 			}
 		}
 	}
-} finally {
+}
+finally {
 	def buildStatus = currentBuild.result
-	def buildNotSuccess =  !SUCCESS.equals(buildStatus)
+	def buildNotSuccess = !SUCCESS.equals(buildStatus)
 	def lastBuildNotSuccess = !SUCCESS.equals(currentBuild.previousBuild?.result)
 
-	if(buildNotSuccess || lastBuildNotSuccess) {
-
-		stage('Notifiy') {
+	if (buildNotSuccess || lastBuildNotSuccess) {
+		stage('Notify') {
 			node {
 				final def RECIPIENTS = [[$class: 'DevelopersRecipientProvider'], [$class: 'RequesterRecipientProvider']]
 
 				def subject = "${buildStatus}: Build ${env.JOB_NAME} ${env.BUILD_NUMBER} status is now ${buildStatus}"
-				def details = """The build status changed to ${buildStatus}. For details see ${env.BUILD_URL}"""
+				def details = "The build status changed to ${buildStatus}. For details see ${env.BUILD_URL}"
 
-				emailext (
-					subject: subject,
-					body: details,
-					recipientProviders: RECIPIENTS,
-					to: "$SPRING_SESSION_TEAM_EMAILS"
+				emailext(
+						subject: subject,
+						body: details,
+						recipientProviders: RECIPIENTS,
+						to: "$SPRING_SESSION_TEAM_EMAILS"
 				)
 			}
 		}

build.gradle

@@ -1,20 +1,38 @@
 buildscript {
+	ext {
+		releaseBuild = version.endsWith('RELEASE')
+		snapshotBuild = version.endsWith('SNAPSHOT')
+		milestoneBuild = !(releaseBuild || snapshotBuild)
+
+		springBootVersion = '2.1.0.M3'
+	}
+
+	repositories {
+		gradlePluginPortal()
+		maven { url 'https://repo.spring.io/plugins-release/' }
+	}
+
 	dependencies {
-		classpath 'io.spring.gradle:spring-build-conventions:0.0.13.RELEASE'
+		classpath 'io.spring.gradle:spring-build-conventions:0.0.19.RELEASE'
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
 	}
-	repositories {
-		maven { url 'https://repo.spring.io/plugins-release' }
-	}
 }
+
 apply plugin: 'io.spring.convention.root'
 
 group = 'org.springframework.session'
 description = 'Spring Session'
 
-
-ext.releaseBuild = version.endsWith('RELEASE')
-ext.snapshotBuild = version.endsWith('SNAPSHOT')
-ext.milestoneBuild = !(releaseBuild || snapshotBuild)
-
-
+gradle.taskGraph.whenReady { graph ->
+	def jacocoEnabled = graph.allTasks.any { it instanceof JacocoReport }
+	subprojects {
+		plugins.withType(JavaPlugin) {
+			sourceCompatibility = 1.8
+		}
+		plugins.withType(JacocoPlugin) {
+			tasks.withType(Test) {
+				jacoco.enabled = jacocoEnabled
+			}
+		}
+	}
+}

docs/spring-session-docs.gradle

@@ -38,6 +38,7 @@ asciidoctor {
 			'lettuce-version': versions['io.lettuce:lettuce-core'],
 			'samples-dir': "$rootProject.projectDir.path/samples/",
 			'session-jdbc-main-resources-dir': "${project(':spring-session-jdbc').projectDir.path}/src/main/resources/",
+			'spring-boot-version': project.springBootVersion,
 			'spring-data-redis-version': versions['org.springframework.data:spring-data-redis'],
 			'spring-framework-version': versions['org.springframework:spring-core'],
 			'spring-security-version': versions['org.springframework.security:spring-security-core'],

docs/src/docs/asciidoc/guides/boot-jdbc.adoc

@@ -37,7 +37,7 @@ Thanks to first-class auto configuration support, setting up Spring Session back
 
 .src/main/resources/application.properties
 ----
-spring.session.store-type=jdbc
+spring.session.store-type=jdbc # Session store type.
 ----
 
 Under the hood, Spring Boot will apply configuration that is equivalent to manually adding `@EnableJdbcHttpSession` annotation.
@@ -48,10 +48,10 @@ Further customization is possible using `application.properties`:
 
 .src/main/resources/application.properties
 ----
-server.session.timeout= # Session timeout in seconds.
-spring.session.jdbc.initializer.enabled= # Create the required session tables on startup if necessary. Enabled automatically if the default table name is set or a custom schema is configured.
+server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
+spring.session.jdbc.initialize-schema=embedded # Database schema initialization mode.
 spring.session.jdbc.schema=classpath:org/springframework/session/jdbc/schema-@@platform@@.sql # Path to the SQL file to use to initialize the database schema.
-spring.session.jdbc.table-name=SPRING_SESSION # Name of database table used to store sessions.
+spring.session.jdbc.table-name=SPRING_SESSION # Name of the database table used to store sessions.
 ----
 
 For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
@@ -65,9 +65,9 @@ For example, you can include the following in your *application.properties*
 
 .src/main/resources/application.properties
 ----
-spring.datasource.url=jdbc:postgresql://localhost:5432/myapp
-spring.datasource.username=myapp
-spring.datasource.password=secret
+spring.datasource.url= # JDBC URL of the database.
+spring.datasource.username= # Login username of the database.
+spring.datasource.password= # Login password of the database.
 ----
 
 For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-configure-datasource[Configure a DataSource] portion of the Spring Boot documentation.

docs/src/docs/asciidoc/guides/boot-redis.adoc

@@ -35,7 +35,7 @@ Thanks to first-class auto configuration support, setting up Spring Session back
 
 .src/main/resources/application.properties
 ----
-spring.session.store-type=redis
+spring.session.store-type=redis # Session store type.
 ----
 
 Under the hood, Spring Boot will apply configuration that is equivalent to manually adding `@EnableRedisHttpSession` annotation.
@@ -46,9 +46,9 @@ Further customization is possible using `application.properties`:
 
 .src/main/resources/application.properties
 ----
-server.session.timeout= # Session timeout in seconds.
-spring.session.redis.flush-mode= # Sessions flush mode.
-spring.session.redis.namespace= # Namespace for keys used to store sessions.
+server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
+spring.session.redis.flush-mode=on-save # Sessions flush mode.
+spring.session.redis.namespace=spring:session # Namespace for keys used to store sessions.
 ----
 
 For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
@@ -62,9 +62,9 @@ For example, you can include the following in your *application.properties*
 
 .src/main/resources/application.properties
 ----
-spring.redis.host=localhost
-spring.redis.password=secret
-spring.redis.port=6379
+spring.redis.host=localhost # Redis server host.
+spring.redis.password= # Login password of the redis server.
+spring.redis.port=6379 # Redis server port.
 ----
 
 For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.

docs/src/docs/asciidoc/guides/boot-websocket.adoc

@@ -77,7 +77,7 @@ For the purposes of testing session expiration, you may want to change the sessi
 
 .src/main/resources/application.properties
 ----
-server.session.timeout=60
+server.servlet.session.timeout=1m # Session timeout. If a duration suffix is not specified, seconds will be used.
 ----
 ====
 

docs/src/docs/asciidoc/index.adoc

@@ -147,11 +147,12 @@ As a part of this split, the Spring Session Data MongoDB and Spring Session Data
 * https://github.com/spring-projects/spring-session-data-mongodb[`spring-session-data-mongodb` repository]
 ** Hosts Spring Session Data MongoDB module
 * https://github.com/spring-projects/spring-session-data-geode[`spring-session-data-geode` repository]
-** Hosts Spring Session Data Geode/GemFire module
+** Hosts Spring Session Data Geode and Spring Session Data Geode modules
 
-Going forward, the plan is to externalize each of the `SessionRepository` implementations into a dedicated repository and provide a Maven BOM (as in "bill of materials") module in order to help users with version management concerns.
+Finally, Spring Session now also provides a Maven BOM (as in "bill of materials") module in order to help users with version management concerns:
 
-Modules maintained by the members of Spring Team will be hosted within the https://github.com/spring-projects[`spring-projects` organization], while the community maintained modules will continue to be promoted via <<community-extensions,Community Extensions>> section of this manual.
+* https://github.com/spring-projects/spring-session-bom[`spring-session-bom` repository]
+** Hosts Spring Session BOM module
 
 [[httpsession]]
 == HttpSession Integration
@@ -613,9 +614,10 @@ Spring Session's most basic API for using a `Session` is the `SessionRepository`
 This API is intentionally very simple, so that it is easy to provide additional implementations with basic functionality.
 
 Some `SessionRepository` implementations may choose to implement `FindByIndexNameSessionRepository` also.
-For example, Spring's Redis support implements `FindByIndexNameSessionRepository`.
+For example, Spring's Redis, JDBC and Hazelcast support all implement `FindByIndexNameSessionRepository`.
 
-The `FindByIndexNameSessionRepository` adds a single method to look up all the sessions for a particular user.
+The `FindByIndexNameSessionRepository` provides a method to look up all the sessions with a given index name and index value.
+As a common use case that is supported by all provided `FindByIndexNameSessionRepository` implementations, there's a convenient method to look up all the sessions for a particular user.
 This is done by ensuring that the session attribute with the name `FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME` is populated with the username.
 It is the responsibility of the developer to ensure the attribute is populated since Spring Session is not aware of the authentication mechanism being used.
 An example of how this might be used can be seen below:
@@ -1199,7 +1201,7 @@ Note that these two have moved to separate repositories, and will continue to be
 === Dropped Support
 
 As a part of the changes to `HttpSessionStrategy` and it's alignment to the counterpart from the reactive world, the support for managing multiple users' sessions in a single browser instance has been removed.
-This introduction of new API to replace this functionality in consideration for future releases.
+The introduction of a new API to replace this functionality is under consideration for future releases.
 
 [[community]]
 == Spring Session Community

docs/src/test/java/docs/FindByIndexNameSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -52,9 +52,7 @@ public class FindByIndexNameSessionRepositoryTests {
 		// tag::findby-username[]
 		String username = "username";
 		Map<String, Session> sessionIdToSession = this.sessionRepository
-				.findByIndexNameAndIndexValue(
-						FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
-						username);
+				.findByPrincipalName(username);
 		// end::findby-username[]
 	}
 }

docs/src/test/java/docs/security/RememberMeSecurityConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,7 +24,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
-import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.session.MapSessionRepository;
 import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
 import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices;
@@ -54,7 +53,7 @@ public class RememberMeSecurityConfiguration extends WebSecurityConfigurerAdapte
 
 	// tag::rememberme-bean[]
 	@Bean
-	RememberMeServices rememberMeServices() {
+	public SpringSessionRememberMeServices rememberMeServices() {
 		SpringSessionRememberMeServices rememberMeServices =
 				new SpringSessionRememberMeServices();
 		// optionally customize
@@ -67,8 +66,8 @@ public class RememberMeSecurityConfiguration extends WebSecurityConfigurerAdapte
 	@Override
 	@Bean
 	public InMemoryUserDetailsManager userDetailsService() {
-		return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
+		return new InMemoryUserDetailsManager(User.withUsername("user")
+				.password("{noop}password").roles("USER").build());
 	}
 
 	@Bean

docs/src/test/java/docs/security/RememberMeSecurityConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,6 +43,7 @@ import static org.springframework.security.test.web.servlet.setup.SecurityMockMv
 
 /**
  * @author rwinch
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
 @ContextConfiguration(classes = RememberMeSecurityConfiguration.class)
@@ -86,5 +87,6 @@ public class RememberMeSecurityConfigurationTests<T extends Session> {
 				.isEqualTo(Duration.ofDays(30));
 
 	}
+
 }
 // end::class[]

docs/src/test/java/docs/security/RememberMeSecurityConfigurationXmlTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,6 +43,7 @@ import static org.springframework.security.test.web.servlet.setup.SecurityMockMv
 
 /**
  * @author rwinch
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
 @ContextConfiguration
@@ -86,5 +87,6 @@ public class RememberMeSecurityConfigurationXmlTests<T extends Session> {
 				.isEqualTo(Duration.ofDays(30));
 
 	}
+
 }
 // end::class[]

etc/checkstyle/checkstyle.xml

@@ -2,165 +2,11 @@
 <!DOCTYPE module PUBLIC "-//Puppy Crawl//DTD Check Configuration 1.3//EN"
 		"http://www.puppycrawl.com/dtds/configuration_1_3.dtd">
 <module name="Checker">
-	<!-- Suppressions -->
+	<!-- Supressions -->
 	<module name="SuppressionFilter">
-		<property name="file" value="${configDir}/suppressions.xml"/>
+		<property name="file" value="${config_loc}/suppressions.xml"/>
 	</module>
 
 	<!-- Root Checks -->
-	<module name="RegexpHeader">
-		<property name="headerFile" value="${configDir}/header.txt"/>
-		<property name="fileExtensions" value="java"/>
-	</module>
-	<module name="NewlineAtEndOfFile">
-		<property name="lineSeparator" value="lf"/>
-		<property name="fileExtensions" value="java,xml"/>
-	</module>
-
-	<!-- TreeWalker Checks -->
-	<module name="TreeWalker">
-		<!-- Annotations -->
-		<module name="AnnotationUseStyle">
-			<property name="elementStyle" value="compact"/>
-		</module>
-		<module name="MissingOverride"/>
-		<module name="PackageAnnotation"/>
-		<module name="AnnotationLocation">
-			<property name="allowSamelineSingleParameterlessAnnotation" value="false" />
-		</module>
-
-		<!-- Block Checks -->
-		<module name="EmptyBlock">
-			<property name="option" value="text"/>
-		</module>
-		<module name="LeftCurly"/>
-		<module name="RightCurly">
-			<property name="option" value="alone"/>
-		</module>
-		<module name="NeedBraces"/>
-		<module name="AvoidNestedBlocks"/>
-
-		<!-- Class Design -->
-		<module name="FinalClass"/>
-		<module name="InterfaceIsType"/>
-		<module name="HideUtilityClassConstructor"/>
-		<module name="MutableException"/>
-		<module name="InnerTypeLast"/>
-		<module name="OneTopLevelClass"/>
-
-		<!-- Coding -->
-		<module name="CovariantEquals"/>
-		<module name="EmptyStatement"/>
-		<module name="EqualsHashCode"/>
-		<module name="InnerAssignment"/>
-		<module name="SimplifyBooleanExpression"/>
-		<module name="SimplifyBooleanReturn"/>
-		<module name="StringLiteralEquality"/>
-		<module name="NestedForDepth">
-			<property name="max" value="3"/>
-		</module>
-		<module name="NestedIfDepth">
-			<property name="max" value="3"/>
-		</module>
-		<module name="NestedTryDepth">
-			<property name="max" value="3"/>
-		</module>
-		<module name="MultipleVariableDeclarations"/>
-		<module name="RequireThis">
-			<property name="checkMethods" value="false"/>
-		</module>
-		<module name="OneStatementPerLine"/>
-
-		<!-- Imports -->
-		<module name="AvoidStarImport"/>
-		<module name="AvoidStaticImport">
-			<property name="excludes"
-					value="org.assertj.core.api.Assertions.*, org.mockito.Mockito.*, org.mockito.BDDMockito.*, org.mockito.AdditionalMatchers.*, org.mockito.ArgumentMatchers.*, org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*, org.springframework.test.web.servlet.result.MockMvcResultHandlers.*, org.springframework.test.web.servlet.result.MockMvcResultMatchers.*, org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*, org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.*, org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.*, org.springframework.hateoas.mvc.ControllerLinkBuilder.linkTo"/>
-		</module>
-		<module name="IllegalImport"/>
-		<module name="RedundantImport"/>
-		<module name="UnusedImports">
-			<property name="processJavadoc" value="true"/>
-		</module>
-		<module name="ImportOrder">
-			<property name="groups" value="java,/^javax?\./,*,org.springframework"/>
-			<property name="ordered" value="true"/>
-			<property name="separated" value="true"/>
-			<property name="option" value="bottom"/>
-			<property name="sortStaticImportsAlphabetically" value="true"/>
-		</module>
-
-		<!-- Javadoc Comments -->
-		<module name="JavadocType">
-			<property name="scope" value="package"/>
-			<property name="authorFormat" value=".+\s.+"/>
-		</module>
-		<module name="JavadocMethod">
-			<property name="allowMissingJavadoc" value="true"/>
-		</module>
-		<module name="JavadocVariable">
-			<property name="scope" value="public"/>
-		</module>
-		<module name="JavadocStyle">
-			<property name="checkEmptyJavadoc" value="true"/>
-		</module>
-		<module name="NonEmptyAtclauseDescription"/>
-		<module name="JavadocTagContinuationIndentation">
-			<property name="offset" value="0"/>
-		</module>
-		<module name="AtclauseOrder">
-			<property name="target" value="CLASS_DEF, INTERFACE_DEF, ENUM_DEF"/>
-			<property name="tagOrder" value="@param, @author, @since, @see, @version, @serial, @deprecated"/>
-		</module>
-		<module name="AtclauseOrder">
-			<property name="target" value="METHOD_DEF, CTOR_DEF, VARIABLE_DEF"/>
-			<property name="tagOrder" value="@param, @return, @throws, @since, @deprecated, @see"/>
-		</module>
-
-		<!-- Miscellaneous -->
-		<module name="CommentsIndentation"/>
-		<module name="UpperEll"/>
-		<module name="ArrayTypeStyle"/>
-		<module name="OuterTypeFilename"/>
-
-		<!-- Modifiers -->
-		<module name="RedundantModifier"/>
-
-		<!-- Regexp -->
-		<module name="RegexpSinglelineJava">
-			<property name="format" value="^\t* +\t*\S"/>
-			<property name="message" value="Line has leading space characters; indentation should be performed with tabs only."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-		<module name="RegexpSinglelineJava">
-			<property name="maximum" value="0"/>
-			<property name="format" value="org\.mockito\.Mockito\.(when|doThrow|doAnswer)"/>
-			<property name="message"
-				value="Please use BDDMockto imports."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-		<module name="RegexpSinglelineJava">
-			<property name="maximum" value="0"/>
-			<property name="format" value="org\.junit\.Assert\.assert"/>
-			<property name="message" value="Please use AssertJ imports."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-		<module name="Regexp">
-			<property name="format" value="[ \t]+$"/>
-			<property name="illegalPattern" value="true"/>
-			<property name="message" value="Trailing whitespace"/>
-		</module>
-
-		<!-- Whitespace -->
-		<module name="GenericWhitespace"/>
-		<module name="MethodParamPad"/>
-		<module name="NoWhitespaceAfter">
-			<property name="tokens" value="BNOT, DEC, DOT, INC, LNOT, UNARY_MINUS, UNARY_PLUS, ARRAY_DECLARATOR"/>
-		</module>
-		<module name="NoWhitespaceBefore"/>
-		<module name="ParenPad"/>
-		<module name="TypecastParenPad"/>
-		<module name="WhitespaceAfter"/>
-		<module name="WhitespaceAround"/>
-	</module>
+	<module name="io.spring.javaformat.checkstyle.SpringChecks"/>
 </module>

etc/checkstyle/header.txt

@@ -1,16 +0,0 @@
-^\Q/*\E$
-^\Q * Copyright 2014-\E20\d\d\Q the original author or authors.\E$
-^\Q *\E$
-^\Q * Licensed under the Apache License, Version 2.0 (the "License");\E$
-^\Q * you may not use this file except in compliance with the License.\E$
-^\Q * You may obtain a copy of the License at\E$
-^\Q *\E$
-^\Q *      http://www.apache.org/licenses/LICENSE-2.0\E$
-^\Q *\E$
-^\Q * Unless required by applicable law or agreed to in writing, software\E$
-^\Q * distributed under the License is distributed on an "AS IS" BASIS,\E$
-^\Q * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\E$
-^\Q * See the License for the specific language governing permissions and\E$
-^\Q * limitations under the License.\E$
-^\Q */\E$
-^.*$

etc/checkstyle/suppressions.xml

@@ -2,17 +2,14 @@
 <!DOCTYPE suppressions PUBLIC "-//Puppy Crawl//DTD Suppressions 1.1//EN"
 		"http://www.puppycrawl.com/dtds/suppressions_1_1.dtd">
 <suppressions>
-	<suppress files=".+Application\.java" checks="HideUtilityClassConstructor"/>
-	<suppress files=".+Configuration\.java" checks="HideUtilityClassConstructor"/>
+	<!-- global -->
+	<suppress files="[\\/]src[\\/]integration-test[\\/]java[\\/]" checks="Javadoc*"/>
 
-	<suppress files="[\\/]src[\\/]test[\\/]java[\\/]" checks="Javadoc"/>
-	<suppress files="[\\/]src[\\/]integration-test[\\/]java[\\/]" checks="Javadoc"/>
-
-	<suppress files="[\\/]docs[\\/]" checks="Javadoc"/>
-	<suppress files="[\\/]docs[\\/]" checks="CommentsIndentation"/>
+	<!-- docs -->
+	<suppress files="[\\/]docs[\\/]" checks="Javadoc*"/>
 	<suppress files="[\\/]docs[\\/]" checks="InnerTypeLast"/>
 
-	<suppress files="[\\/]samples[\\/]" checks="Javadoc"/>
-	<suppress files="[\\/]samples[\\/]" checks="CommentsIndentation"/>
-	<suppress files="[\\/]samples[\\/]" checks="InnerTypeLast"/>
+	<!-- samples -->
+	<suppress files="[\\/]samples[\\/]" checks="Javadoc*"/>
+	<suppress files="[\\/]samples[\\/].+Application\.java" checks="HideUtilityClassConstructor"/>
 </suppressions>

gradle.properties

@@ -1,2 +1 @@
-springBootVersion=2.0.0.RC1
-version=2.0.2.RELEASE
+version=2.1.0.RC1

gradle/dependency-management.gradle

@@ -1,39 +1,32 @@
 dependencyManagement {
 	imports {
-		mavenBom 'com.fasterxml.jackson:jackson-bom:2.9.4'
-		mavenBom 'io.projectreactor:reactor-bom:Bismuth-SR6'
-		mavenBom 'org.springframework:spring-framework-bom:5.0.4.RELEASE'
-		mavenBom 'org.springframework.data:spring-data-releasetrain:Kay-SR4'
-		mavenBom 'org.springframework.security:spring-security-bom:5.0.2.RELEASE'
+		mavenBom 'com.fasterxml.jackson:jackson-bom:2.9.6'
+		mavenBom 'io.projectreactor:reactor-bom:Californium-RELEASE'
+		mavenBom 'org.springframework:spring-framework-bom:5.1.0.RELEASE'
+		mavenBom 'org.springframework.data:spring-data-releasetrain:Lovelace-RELEASE'
+		mavenBom 'org.springframework.security:spring-security-bom:5.1.0.RELEASE'
+		mavenBom 'org.testcontainers:testcontainers-bom:1.9.0-rc2'
 	}
 
 	dependencies {
-		dependencySet(group: 'com.hazelcast', version: '3.9.3') {
+		dependencySet(group: 'com.hazelcast', version: '3.10.5') {
 			entry 'hazelcast'
 			entry 'hazelcast-client'
 		}
 
-		dependencySet(group: 'org.testcontainers', version: '1.6.0') {
-			entry 'mariadb'
-			entry 'mssqlserver'
-			entry 'mysql'
-			entry 'postgresql'
-			entry 'testcontainers'
-		}
-
-		dependency 'com.h2database:h2:1.4.196'
-		dependency 'com.microsoft.sqlserver:mssql-jdbc:6.2.2.jre8'
+		dependency 'com.h2database:h2:1.4.197'
+		dependency 'com.microsoft.sqlserver:mssql-jdbc:7.0.0.jre8'
 		dependency 'edu.umd.cs.mtc:multithreadedtc:1.01'
-		dependency 'io.lettuce:lettuce-core:5.0.2.RELEASE'
-		dependency 'javax.servlet:javax.servlet-api:3.1.0'
+		dependency 'io.lettuce:lettuce-core:5.1.0.RELEASE'
+		dependency 'javax.annotation:javax.annotation-api:1.3.2'
+		dependency 'javax.servlet:javax.servlet-api:4.0.1'
 		dependency 'junit:junit:4.12'
-		dependency 'mysql:mysql-connector-java:5.1.45'
-		dependency 'org.apache.derby:derby:10.14.1.0'
-		dependency 'org.assertj:assertj-core:3.9.0'
-		dependency 'org.hsqldb:hsqldb:2.4.0'
-		dependency 'org.mariadb.jdbc:mariadb-java-client:2.2.1'
-		dependency 'org.mockito:mockito-core:2.15.0'
-		dependency 'org.postgresql:postgresql:42.2.1'
-		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.29.2'
+		dependency 'mysql:mysql-connector-java:8.0.12'
+		dependency 'org.apache.derby:derby:10.14.2.0'
+		dependency 'org.assertj:assertj-core:3.11.1'
+		dependency 'org.hsqldb:hsqldb:2.4.1'
+		dependency 'org.mariadb.jdbc:mariadb-java-client:2.3.0'
+		dependency 'org.mockito:mockito-core:2.22.0'
+		dependency 'org.postgresql:postgresql:42.2.5'
 	}
 }

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.10.2-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.5.1-bin.zip

samples/boot/findbyusername/spring-session-sample-boot-findbyusername.gradle

@@ -10,7 +10,7 @@ dependencies {
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:html5shiv"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 	compile "com.maxmind.geoip2:geoip2"
 	compile "org.apache.httpcomponents:httpclient"
 

samples/boot/findbyusername/src/integration-test/java/sample/FindByUsernameTests.java

@@ -18,7 +18,6 @@ package sample;
 
 import org.junit.After;
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
@@ -30,10 +29,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
@@ -45,15 +43,10 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
  */
 @RunWith(SpringRunner.class)
 @AutoConfigureMockMvc
-@SpringBootTest(classes = FindByUsernameApplication.class, webEnvironment = WebEnvironment.MOCK)
-@ContextConfiguration(initializers = FindByUsernameTests.Initializer.class)
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 public class FindByUsernameTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.8";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@Autowired
 	private MockMvc mockMvc;
@@ -86,16 +79,21 @@ public class FindByUsernameTests {
 		home.terminateButtonDisabled();
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/findbyusername/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/boot/findbyusername/src/main/java/sample/mvc/IndexController.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -44,10 +44,7 @@ public class IndexController {
 	@RequestMapping("/")
 	public String index(Principal principal, Model model) {
 		Collection<? extends Session> usersSessions = this.sessions
-				.findByIndexNameAndIndexValue(
-						FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
-						principal.getName())
-				.values();
+				.findByPrincipalName(principal.getName()).values();
 		model.addAttribute("sessions", usersSessions);
 		return "index";
 	}
@@ -56,9 +53,8 @@ public class IndexController {
 	@RequestMapping(value = "/sessions/{sessionIdToDelete}", method = RequestMethod.DELETE)
 	public String removeSession(Principal principal,
 			@PathVariable String sessionIdToDelete) {
-		Set<String> usersSessionIds = this.sessions.findByIndexNameAndIndexValue(
-				FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
-				principal.getName()).keySet();
+		Set<String> usersSessionIds = this.sessions
+				.findByPrincipalName(principal.getName()).keySet();
 		if (usersSessionIds.contains(sessionIdToDelete)) {
 			this.sessions.deleteById(sessionIdToDelete);
 		}

samples/boot/findbyusername/src/main/java/sample/session/SessionDetailsFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -92,7 +92,7 @@ public class SessionDetailsFilter extends OncePerRequestFilter {
 			}
 			return cityName + ", " + countryName;
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
 			return UNKNOWN;
 
 		}

samples/boot/jdbc/spring-session-sample-boot-jdbc.gradle

@@ -9,7 +9,7 @@ dependencies {
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:html5shiv"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 	compile "com.h2database:h2"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"

samples/boot/jdbc/src/integration-test/java/sample/BootTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,6 +34,7 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
 
 /**
  * @author Eddú Meléndez
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
 @AutoConfigureMockMvc

samples/boot/jdbc/src/integration-test/java/sample/pages/LoginPage.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@ public class LoginPage extends BasePage {
 	}
 
 	public void assertAt() {
-		assertThat(getDriver().getTitle()).isEqualTo("Login Page");
+		assertThat(getDriver().getTitle()).isEqualTo("Please sign in");
 	}
 
 	public Form form() {
@@ -51,7 +51,7 @@ public class LoginPage extends BasePage {
 		@FindBy(name = "password")
 		private WebElement password;
 
-		@FindBy(name = "submit")
+		@FindBy(tagName = "button")
 		private WebElement button;
 
 		public Form(SearchContext context) {

samples/boot/jdbc/src/main/java/sample/config/SecurityConfig.java

@@ -35,7 +35,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	public void configure(WebSecurity web) {
 		web
-			.ignoring().antMatchers("/h2-console/**");
+			.ignoring().requestMatchers(PathRequest.toH2Console());
 	}
 	// @formatter:on
 

samples/boot/redis-json/spring-session-sample-boot-redis-json.gradle

@@ -10,7 +10,7 @@ dependencies {
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:html5shiv"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 	compile "org.apache.httpcomponents:httpclient"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"

samples/boot/redis-json/src/integration-test/java/sample/HttpRedisJsonTest.java

@@ -20,7 +20,6 @@ import java.util.List;
 
 import org.junit.After;
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
@@ -33,10 +32,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
@@ -48,16 +46,11 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(classes = Application.class, webEnvironment = WebEnvironment.MOCK)
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureMockMvc
-@ContextConfiguration(initializers = HttpRedisJsonTest.Initializer.class)
 public class HttpRedisJsonTest {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.8";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@Autowired
 	private MockMvc mockMvc;
@@ -110,16 +103,21 @@ public class HttpRedisJsonTest {
 		assertThat(attributes).extracting("attributeValue").contains("Demo Value");
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/redis-json/src/integration-test/java/sample/RedisSerializerTest.java

@@ -16,19 +16,17 @@
 
 package sample;
 
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
 import org.springframework.session.data.redis.config.annotation.SpringSessionRedisOperations;
-import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -38,15 +36,10 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(classes = Application.class)
-@ContextConfiguration(initializers = RedisSerializerTest.Initializer.class)
+@SpringBootTest
 public class RedisSerializerTest {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.8";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@SpringSessionRedisOperations
 	private RedisTemplate<Object, Object> sessionRedisTemplate;
@@ -59,16 +52,21 @@ public class RedisSerializerTest {
 				.isInstanceOf(GenericJackson2JsonRedisSerializer.class);
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/redis-json/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/boot/redis/spring-session-sample-boot-redis.gradle

@@ -10,7 +10,7 @@ dependencies {
 	compile "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect"
 	compile "org.webjars:bootstrap"
 	compile "org.webjars:html5shiv"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"
 

samples/boot/redis/src/integration-test/java/sample/BootTests.java

@@ -18,7 +18,6 @@ package sample;
 
 import org.junit.After;
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
@@ -30,10 +29,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
@@ -44,15 +42,10 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
  */
 @RunWith(SpringRunner.class)
 @AutoConfigureMockMvc
-@SpringBootTest(classes = Application.class, webEnvironment = WebEnvironment.MOCK)
-@ContextConfiguration(initializers = BootTests.Initializer.class)
+@SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 public class BootTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.8";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@Autowired
 	private MockMvc mockMvc;
@@ -92,16 +85,21 @@ public class BootTests {
 		login.assertAt();
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/redis/src/integration-test/java/sample/pages/LoginPage.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@ public class LoginPage extends BasePage {
 	}
 
 	public void assertAt() {
-		assertThat(getDriver().getTitle()).isEqualTo("Login Page");
+		assertThat(getDriver().getTitle()).isEqualTo("Please sign in");
 	}
 
 	public Form form() {
@@ -51,7 +51,7 @@ public class LoginPage extends BasePage {
 		@FindBy(name = "password")
 		private WebElement password;
 
-		@FindBy(name = "submit")
+		@FindBy(tagName = "button")
 		private WebElement button;
 
 		public Form(SearchContext context) {

samples/boot/redis/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/boot/webflux/src/integration-test/java/sample/AttributeTests.java

@@ -20,7 +20,6 @@ import java.util.List;
 
 import org.junit.After;
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
@@ -31,11 +30,10 @@ import sample.pages.HomePage.Attribute;
 
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
+import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.boot.web.server.LocalServerPort;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -43,17 +41,13 @@ import static org.assertj.core.api.Assertions.assertThat;
 /**
  * @author Eddú Meléndez
  * @author Rob Winch
+ * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(classes = HelloWebFluxApplication.class, webEnvironment = WebEnvironment.RANDOM_PORT)
-@ContextConfiguration(initializers = AttributeTests.Initializer.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 public class AttributeTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.8";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@LocalServerPort
 	private int port;
@@ -99,16 +93,21 @@ public class AttributeTests {
 		assertThat(row.getAttributeValue()).isEqualTo("b");
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/webflux/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/boot/websocket/spring-session-sample-boot-websocket.gradle

@@ -18,10 +18,11 @@ dependencies {
 	compile "org.webjars:knockout"
 	compile "org.webjars:sockjs-client"
 	compile "org.webjars:stomp-websocket"
-	compile "org.webjars:webjars-locator"
+	compile "org.webjars:webjars-locator-core"
 	compile "com.h2database:h2"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"
 	testCompile "org.springframework.security:spring-security-test"
-	testCompile "org.testcontainers:testcontainers"
+
+	integrationTestCompile "org.testcontainers:testcontainers"
 }

samples/boot/websocket/src/integration-test/java/sample/ApplicationTests.java

@@ -20,10 +20,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.ExecutionException;
 
-import org.junit.ClassRule;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.testcontainers.containers.GenericContainer;
 
@@ -31,10 +28,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.util.concurrent.ListenableFuture;
 import org.springframework.web.socket.TextMessage;
@@ -46,23 +42,17 @@ import org.springframework.web.socket.sockjs.client.SockJsClient;
 import org.springframework.web.socket.sockjs.client.Transport;
 import org.springframework.web.socket.sockjs.client.WebSocketTransport;
 
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
 /**
  * @author Rob Winch
  * @author Vedran Pavic
  */
 @RunWith(SpringRunner.class)
-@SpringBootTest(classes = Application.class, webEnvironment = WebEnvironment.RANDOM_PORT)
-@ContextConfiguration(initializers = ApplicationTests.Initializer.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 public class ApplicationTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.8";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
-
-	@Rule
-	public final ExpectedException thrown = ExpectedException.none();
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@Value("${local.server.port}")
 	private String port;
@@ -71,7 +61,7 @@ public class ApplicationTests {
 	private WebSocketHandler webSocketHandler;
 
 	@Test
-	public void run() throws Exception {
+	public void run() {
 		List<Transport> transports = new ArrayList<>(2);
 		transports.add(new WebSocketTransport(new StandardWebSocketClient()));
 		transports.add(new RestTemplateXhrTransport());
@@ -80,20 +70,25 @@ public class ApplicationTests {
 		ListenableFuture<WebSocketSession> wsSession = sockJsClient.doHandshake(
 				this.webSocketHandler, "ws://localhost:" + this.port + "/sockjs");
 
-		this.thrown.expect(ExecutionException.class);
-		wsSession.get().sendMessage(new TextMessage("a"));
+		assertThatThrownBy(() -> wsSession.get().sendMessage(new TextMessage("a")))
+				.isInstanceOf(ExecutionException.class);
 	}
 
-	static class Initializer
-			implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+	@TestConfiguration
+	static class Config {
 
-		@Override
-		public void initialize(
-				ConfigurableApplicationContext configurableApplicationContext) {
-			TestPropertyValues
-					.of("spring.redis.host=" + redisContainer.getContainerIpAddress(),
-							"spring.redis.port=" + redisContainer.getFirstMappedPort())
-					.applyTo(configurableApplicationContext.getEnvironment());
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
+		@Bean
+		public LettuceConnectionFactory redisConnectionFactory() {
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 	}

samples/boot/websocket/src/integration-test/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/boot/websocket/src/main/java/sample/config/WebSecurityConfig.java

@@ -45,7 +45,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	public void configure(WebSecurity web) {
 		web
-			.ignoring().antMatchers("/h2-console/**");
+			.ignoring().requestMatchers(PathRequest.toH2Console());
 	}
 	// @formatter:on
 

samples/boot/websocket/src/main/java/sample/security/UserRepositoryUserDetailsService.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -59,7 +59,7 @@ public class UserRepositoryUserDetailsService implements UserDetailsService {
 		return new CustomUserDetails(user);
 	}
 
-	private final static class CustomUserDetails extends User implements UserDetails {
+	private static final class CustomUserDetails extends User implements UserDetails {
 
 		private CustomUserDetails(User user) {
 			super(user);

samples/boot/websocket/src/main/java/sample/websocket/WebSocketDisconnectHandler.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -42,7 +42,7 @@ public class WebSocketDisconnectHandler<S>
 		if (id == null) {
 			return;
 		}
-		this.repository.findById(id).ifPresent(user -> {
+		this.repository.findById(id).ifPresent((user) -> {
 			this.repository.deleteById(id);
 			this.messagingTemplate.convertAndSend("/topic/friends/signout",
 					Arrays.asList(user.getUsername()));

samples/boot/websocket/src/main/resources/application.properties

@@ -1,2 +1,2 @@
-#server.session.timeout=60
+#server.servlet.session.timeout=1m
 spring.h2.console.enabled=true

samples/gradle/dependency-management.gradle

@@ -5,6 +5,7 @@ dependencyManagement {
 		dependency 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.2.1'
 		dependency 'javax.servlet.jsp:javax.servlet.jsp-api:2.3.2-b02'
 		dependency 'org.apache.taglibs:taglibs-standard-jstlel:1.2.5'
+		dependency 'org.seleniumhq.selenium:htmlunit-driver:2.32.0'
 		dependency 'org.slf4j:jcl-over-slf4j:1.7.25'
 		dependency 'org.slf4j:log4j-over-slf4j:1.7.25'
 		dependency 'org.webjars:bootstrap:2.3.2'

samples/javaconfig/custom-cookie/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.8";
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

samples/javaconfig/custom-cookie/src/main/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/javaconfig/hazelcast/src/integration-test/java/sample/pages/LoginPage.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@ public class LoginPage extends BasePage {
 	}
 
 	public void assertAt() {
-		assertThat(getDriver().getTitle()).isEqualTo("Login Page");
+		assertThat(getDriver().getTitle()).isEqualTo("Please sign in");
 	}
 
 	public Form form() {
@@ -51,7 +51,7 @@ public class LoginPage extends BasePage {
 		@FindBy(name = "password")
 		private WebElement password;
 
-		@FindBy(name = "submit")
+		@FindBy(tagName = "button")
 		private WebElement button;
 
 		public Form(SearchContext context) {

samples/javaconfig/hazelcast/src/main/java/sample/ObjectStreamSerializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -55,8 +55,8 @@ public class ObjectStreamSerializer implements StreamSerializer<Object> {
 		try {
 			return in.readObject();
 		}
-		catch (ClassNotFoundException e) {
-			throw new IOException(e);
+		catch (ClassNotFoundException ex) {
+			throw new IOException(ex);
 		}
 	}
 

samples/javaconfig/hazelcast/src/main/java/sample/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,7 +28,7 @@ import org.springframework.security.core.userdetails.User;
 public class SecurityConfig {
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-		auth.inMemoryAuthentication().withUser(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
+		auth.inMemoryAuthentication().withUser(User.withUsername("user")
+				.password("{noop}password").roles("USER").build());
 	}
 }

samples/javaconfig/redis/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.8";
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

samples/javaconfig/redis/src/main/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/javaconfig/rest/spring-session-sample-javaconfig-rest.gradle

@@ -17,9 +17,6 @@ dependencies {
 	testCompile "org.springframework.security:spring-security-test"
 	testCompile "org.assertj:assertj-core"
 	testCompile "org.springframework:spring-test"
-	testCompile "commons-codec:commons-codec"
-
-	integrationTestCompile "org.testcontainers:testcontainers"
 }
 
 gretty {

samples/javaconfig/rest/src/integration-test/java/rest/RestMockMvcTests.java

@@ -17,7 +17,6 @@
 package rest;
 
 import org.junit.Before;
-import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.testcontainers.containers.GenericContainer;
@@ -55,11 +54,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @WebAppConfiguration
 public class RestMockMvcTests {
 
-	private static final String DOCKER_IMAGE = "redis:4.0.8";
-
-	@ClassRule
-	public static GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
-			.withExposedPorts(6379);
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
 	@Autowired
 	private SessionRepositoryFilter<? extends Session> sessionRepositoryFilter;
@@ -97,10 +92,18 @@ public class RestMockMvcTests {
 	@EnableRedisHttpSession
 	static class Config {
 
+		@Bean
+		public GenericContainer redisContainer() {
+			GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+					.withExposedPorts(6379);
+			redisContainer.start();
+			return redisContainer;
+		}
+
 		@Bean
 		public LettuceConnectionFactory redisConnectionFactory() {
-			return new LettuceConnectionFactory(redisContainer.getContainerIpAddress(),
-					redisContainer.getFirstMappedPort());
+			return new LettuceConnectionFactory(redisContainer().getContainerIpAddress(),
+					redisContainer().getFirstMappedPort());
 		}
 
 		@Bean

samples/javaconfig/rest/src/integration-test/java/sample/RestTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,8 +17,8 @@
 package sample;
 
 import java.util.Arrays;
+import java.util.Base64;
 
-import org.apache.commons.codec.binary.Base64;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -32,6 +32,7 @@ import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * @author Pool Dolorier
@@ -52,13 +53,14 @@ public class RestTests {
 		this.restTemplate = new RestTemplate();
 	}
 
-	@Test(expected = HttpClientErrorException.class)
+	@Test
 	public void unauthenticatedUserSentToLogInPage() {
 		HttpHeaders headers = new HttpHeaders();
 		headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
-		ResponseEntity<String> entity = getForUser(this.baseUrl + "/",
-				headers, String.class);
-		assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
+		assertThatThrownBy(() -> getForUser(this.baseUrl + "/", headers, String.class))
+				.isInstanceOf(HttpClientErrorException.class)
+				.satisfies((e) -> assertThat(((HttpClientErrorException) e).getStatusCode())
+						.isEqualTo(HttpStatus.UNAUTHORIZED));
 	}
 
 	@Test
@@ -122,6 +124,6 @@ public class RestTests {
 
 	private String getAuth(String user, String password) {
 		String auth = user + ":" + password;
-		return new String(Base64.encodeBase64(auth.getBytes()));
+		return Base64.getEncoder().encodeToString(auth.getBytes());
 	}
 }

samples/javaconfig/rest/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.8";
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

samples/javaconfig/rest/src/main/java/sample/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,7 +43,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-		auth.inMemoryAuthentication().withUser(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
+		auth.inMemoryAuthentication().withUser(User.withUsername("user")
+				.password("{noop}password").roles("USER").build());
 	}
 }

samples/javaconfig/rest/src/main/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/javaconfig/security/src/integration-test/java/sample/pages/LoginPage.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ public class LoginPage extends BasePage {
 	@FindBy(name = "password")
 	private WebElement password;
 
-	@FindBy(css = "input[type='submit']")
+	@FindBy(tagName = "button")
 	private WebElement button;
 
 	public LoginPage(WebDriver driver) {
@@ -47,7 +47,7 @@ public class LoginPage extends BasePage {
 	}
 
 	public void assertAt() {
-		assertThat(getDriver().getTitle()).isEqualTo("Login Page");
+		assertThat(getDriver().getTitle()).isEqualTo("Please sign in");
 	}
 
 	public HomePage login(String user, String password) {

samples/javaconfig/security/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.8";
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

samples/javaconfig/security/src/main/java/sample/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,7 +28,7 @@ import org.springframework.security.core.userdetails.User;
 public class SecurityConfig {
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-		auth.inMemoryAuthentication().withUser(User.withDefaultPasswordEncoder()
-				.username("user").password("password").roles("USER").build());
+		auth.inMemoryAuthentication().withUser(User.withUsername("user")
+				.password("{noop}password").roles("USER").build());
 	}
 }

samples/javaconfig/security/src/main/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

samples/misc/hazelcast/src/main/java/sample/Initializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -78,14 +78,14 @@ public class Initializer implements ServletContextListener {
 			socket = new ServerSocket(0);
 			return socket.getLocalPort();
 		}
-		catch (IOException e) {
-			throw new RuntimeException(e);
+		catch (IOException ex) {
+			throw new RuntimeException(ex);
 		}
 		finally {
 			try {
 				socket.close();
 			}
-			catch (IOException e) {
+			catch (IOException ex) {
 			}
 		}
 	}

samples/xml/redis/src/main/java/sample/EmbeddedRedisConfig.java

@@ -16,8 +16,6 @@
 
 package sample;
 
-import java.io.IOException;
-
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.context.annotation.Bean;
@@ -30,23 +28,14 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 @Profile("embedded-redis")
 public class EmbeddedRedisConfig {
 
-	private static final String REDIS_DOCKER_IMAGE = "redis:4.0.8";
+	private static final String DOCKER_IMAGE = "redis:4.0.11";
 
-	@Bean(initMethod = "start")
+	@Bean
 	public GenericContainer redisContainer() {
-		return new GenericContainer(REDIS_DOCKER_IMAGE) {
-
-			@Override
-			public void close() {
-				super.close();
-				try {
-					this.dockerClient.close();
-				}
-				catch (IOException ignored) {
-				}
-			}
-
-		}.withExposedPorts(6379);
+		GenericContainer redisContainer = new GenericContainer(DOCKER_IMAGE)
+				.withExposedPorts(6379);
+		redisContainer.start();
+		return redisContainer;
 	}
 
 	@Bean

samples/xml/redis/src/main/resources/testcontainers.properties

@@ -0,0 +1 @@
+ryuk.container.timeout=120

settings.gradle

@@ -1,16 +1,19 @@
-rootProject.name = 'spring-session-build'
+rootProject.name = 'spring-session'
 
 FileTree buildFiles = fileTree(rootDir) {
 	include '**/*.gradle'
-	exclude '**/gradle', 'settings.gradle', 'buildSrc', '/build.gradle', '.*'
+	exclude 'build', '**/gradle', 'settings.gradle', 'buildSrc', '/build.gradle', '.*', 'out'
 	exclude '**/grails3'
+	gradle.startParameter.projectProperties.get('excludeProjects')?.split(',')?.each { excludeProject ->
+		exclude excludeProject
+	}
 }
 
 String rootDirPath = rootDir.absolutePath + File.separator
-buildFiles.each { File buildFile ->
+buildFiles.each { buildFile ->
 	if (buildFile.name == 'build.gradle') {
 		String buildFilePath = buildFile.parentFile.absolutePath
-		String projectPath = buildFilePath.replace(rootDirPath, '').replaceAll(File.separator, ':')
+		String projectPath = buildFilePath.replace(rootDirPath, '').replace(File.separator, ':')
 		include projectPath
 	}
 	else {

spring-session-core/spring-session-core.gradle

@@ -6,6 +6,7 @@ dependencies {
 	compile "org.springframework:spring-jcl"
 
 	optional "io.projectreactor:reactor-core"
+	optional "javax.annotation:javax.annotation-api"
 	optional "javax.servlet:javax.servlet-api"
 	optional "org.springframework:spring-context"
 	optional "org.springframework:spring-jdbc"

spring-session-core/src/main/java/org/springframework/session/FindByIndexNameSessionRepository.java

@@ -19,27 +19,22 @@ package org.springframework.session;
 import java.util.Map;
 
 /**
- * Extends a basic {@link SessionRepository} to allow finding a session id by the
- * principal name. The principal name is defined by the {@link Session} attribute with the
- * name {@link FindByIndexNameSessionRepository#PRINCIPAL_NAME_INDEX_NAME}.
+ * Extends a basic {@link SessionRepository} to allow finding sessions by the specified
+ * index name and index value.
  *
  * @param <S> the type of Session being managed by this
  * {@link FindByIndexNameSessionRepository}
  * @author Rob Winch
+ * @author Vedran Pavic
  */
 public interface FindByIndexNameSessionRepository<S extends Session>
 		extends SessionRepository<S> {
 
 	/**
+	 * A session index that contains the current principal name (i.e. username).
 	 * <p>
-	 * A common session attribute that contains the current principal name (i.e.
-	 * username).
-	 * </p>
-	 *
-	 * <p>
-	 * It is the responsibility of the developer to ensure the attribute is populated
-	 * since Spring Session is not aware of the authentication mechanism being used.
-	 * </p>
+	 * It is the responsibility of the developer to ensure the index is populated since
+	 * Spring Session is not aware of the authentication mechanism being used.
 	 *
 	 * @since 1.1
 	 */
@@ -47,17 +42,34 @@ public interface FindByIndexNameSessionRepository<S extends Session>
 			.concat(".PRINCIPAL_NAME_INDEX_NAME");
 
 	/**
-	 * Find a Map of the session id to the {@link Session} of all sessions that contain
-	 * the session attribute with the name
-	 * {@link FindByIndexNameSessionRepository#PRINCIPAL_NAME_INDEX_NAME} and the value of
-	 * the specified principal name.
+	 * Find a {@link Map} of the session id to the {@link Session} of all sessions that
+	 * contain the specified index name index value.
 	 *
 	 * @param indexName the name of the index (i.e.
 	 * {@link FindByIndexNameSessionRepository#PRINCIPAL_NAME_INDEX_NAME})
 	 * @param indexValue the value of the index to search for.
-	 * @return a Map (never null) of the session id to the {@link Session} of all sessions
-	 * that contain the session specified index name and the value of the specified index
-	 * name. If no results are found, an empty Map is returned.
+	 * @return a {@code Map} (never {@code null}) of the session id to the {@code Session}
+	 * of all sessions that contain the specified index name and index value. If no
+	 * results are found, an empty {@code Map} is returned.
 	 */
 	Map<String, S> findByIndexNameAndIndexValue(String indexName, String indexValue);
+
+	/**
+	 * Find a {@link Map} of the session id to the {@link Session} of all sessions that
+	 * contain the index with the name
+	 * {@link FindByIndexNameSessionRepository#PRINCIPAL_NAME_INDEX_NAME} and the
+	 * specified principal name.
+	 *
+	 * @param principalName the principal name
+	 * @return a {@code Map} (never {@code null}) of the session id to the {@code Session}
+	 * of all sessions that contain the specified principal name. If no results are found,
+	 * an empty {@code Map} is returned.
+	 * @since 2.1.0
+	 */
+	default Map<String, S> findByPrincipalName(String principalName) {
+
+		return findByIndexNameAndIndexValue(PRINCIPAL_NAME_INDEX_NAME, principalName);
+
+	}
+
 }

spring-session-core/src/main/java/org/springframework/session/MapSession.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ import java.io.Serializable;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
@@ -52,7 +53,7 @@ public final class MapSession implements Session, Serializable {
 	public static final int DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS = 1800;
 
 	private String id;
-	private String originalId;
+	private final String originalId;
 	private Map<String, Object> sessionAttrs = new HashMap<>();
 	private Instant creationTime = Instant.now();
 	private Instant lastAccessedTime = this.creationTime;
@@ -122,14 +123,15 @@ public final class MapSession implements Session, Serializable {
 		return this.id;
 	}
 
-	String getOriginalId() {
+	/**
+	 * Get the original session id.
+	 * @return the original session id
+	 * @see #changeSessionId()
+	 */
+	public String getOriginalId() {
 		return this.originalId;
 	}
 
-	void setOriginalId(String originalId) {
-		this.originalId = originalId;
-	}
-
 	@Override
 	public String changeSessionId() {
 		String changedId = generateId();
@@ -172,7 +174,7 @@ public final class MapSession implements Session, Serializable {
 
 	@Override
 	public Set<String> getAttributeNames() {
-		return this.sessionAttrs.keySet();
+		return new HashSet<>(this.sessionAttrs.keySet());
 	}
 
 	@Override

spring-session-core/src/main/java/org/springframework/session/MapSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -73,7 +73,6 @@ public class MapSessionRepository implements SessionRepository<MapSession> {
 	public void save(MapSession session) {
 		if (!session.getId().equals(session.getOriginalId())) {
 			this.sessions.remove(session.getOriginalId());
-			session.setOriginalId(session.getId());
 		}
 		this.sessions.put(session.getId(), new MapSession(session));
 	}

spring-session-core/src/main/java/org/springframework/session/ReactiveMapSessionRepository.java

@@ -76,7 +76,6 @@ public class ReactiveMapSessionRepository implements ReactiveSessionRepository<M
 		return Mono.fromRunnable(() -> {
 			if (!session.getId().equals(session.getOriginalId())) {
 				this.sessions.remove(session.getOriginalId());
-				session.setOriginalId(session.getId());
 			}
 			this.sessions.put(session.getId(), new MapSession(session));
 		});
@@ -86,7 +85,7 @@ public class ReactiveMapSessionRepository implements ReactiveSessionRepository<M
 	public Mono<MapSession> findById(String id) {
 		// @formatter:off
 		return Mono.defer(() -> Mono.justOrEmpty(this.sessions.get(id))
-				.filter(session -> !session.isExpired())
+				.filter((session) -> !session.isExpired())
 				.map(MapSession::new)
 				.switchIfEmpty(deleteById(id).then(Mono.empty())));
 		// @formatter:on

spring-session-core/src/main/java/org/springframework/session/Session.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -47,7 +47,7 @@ public interface Session {
 	 * Gets the Object associated with the specified name or null if no Object is
 	 * associated to that name.
 	 *
-	 * @param <T> The return type of the attribute
+	 * @param <T> the return type of the attribute
 	 * @param attributeName the name of the attribute to get
 	 * @return the Object associated with the specified name or null if no Object is
 	 * associated to that name
@@ -81,7 +81,7 @@ public interface Session {
 	@SuppressWarnings("unchecked")
 	default <T> T getAttributeOrDefault(String name, T defaultValue) {
 		T result = getAttribute(name);
-		return result == null ? defaultValue : result;
+		return (result != null) ? result : defaultValue;
 	}
 
 	/**

spring-session-core/src/main/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -110,8 +110,9 @@ public class SpringHttpSessionConfiguration implements ApplicationContextAware {
 
 	@PostConstruct
 	public void init() {
-		CookieSerializer cookieSerializer = this.cookieSerializer != null
-				? this.cookieSerializer : createDefaultCookieSerializer();
+		CookieSerializer cookieSerializer = (this.cookieSerializer != null)
+				? this.cookieSerializer
+				: createDefaultCookieSerializer();
 		this.defaultHttpSessionIdResolver.setCookieSerializer(cookieSerializer);
 	}
 
@@ -169,9 +170,9 @@ public class SpringHttpSessionConfiguration implements ApplicationContextAware {
 			try {
 				sessionCookieConfig = this.servletContext.getSessionCookieConfig();
 			}
-			catch (UnsupportedOperationException e) {
+			catch (UnsupportedOperationException ex) {
 				this.logger
-						.warn("Unable to obtain SessionCookieConfig: " + e.getMessage());
+						.warn("Unable to obtain SessionCookieConfig: " + ex.getMessage());
 			}
 			if (sessionCookieConfig != null) {
 				if (sessionCookieConfig.getName() != null) {

spring-session-core/src/main/java/org/springframework/session/events/AbstractSessionEvent.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -45,7 +45,7 @@ public abstract class AbstractSessionEvent extends ApplicationEvent {
 	 * implementations it may not be possible to get the original session in which case
 	 * this may be null.
 	 *
-	 * @param <S> The type of Session
+	 * @param <S> the type of Session
 	 * @return the expired {@link Session} or null if the data store does not support
 	 * obtaining it
 	 */

spring-session-core/src/main/java/org/springframework/session/security/SpringSessionBackedSessionInformation.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -63,7 +63,7 @@ class SpringSessionBackedSessionInformation<S extends Session>
 	/**
 	 * Tries to determine the principal's name from the given Session.
 	 *
-	 * @param session Spring Session session
+	 * @param session the session
 	 * @return the principal's name, or empty String if it couldn't be determined
 	 */
 	private static String resolvePrincipal(Session session) {

spring-session-core/src/main/java/org/springframework/session/security/SpringSessionBackedSessionRegistry.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -65,9 +65,8 @@ public class SpringSessionBackedSessionRegistry<S extends Session>
 	@Override
 	public List<SessionInformation> getAllSessions(Object principal,
 			boolean includeExpiredSessions) {
-		Collection<S> sessions = this.sessionRepository.findByIndexNameAndIndexValue(
-				FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
-				name(principal)).values();
+		Collection<S> sessions = this.sessionRepository
+				.findByPrincipalName(name(principal)).values();
 		List<SessionInformation> infos = new ArrayList<>();
 		for (S session : sessions) {
 			if (includeExpiredSessions || !Boolean.TRUE.equals(session

spring-session-core/src/main/java/org/springframework/session/web/http/DefaultCookieSerializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,17 +16,24 @@
 
 package org.springframework.session.web.http;
 
+import java.time.Instant;
+import java.time.OffsetDateTime;
+import java.time.ZoneOffset;
+import java.time.format.DateTimeFormatter;
 import java.util.ArrayList;
 import java.util.Base64;
+import java.util.BitSet;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import javax.servlet.ServletRequest;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 /**
  * The default implementation of {@link CookieSerializer}.
  *
@@ -37,11 +44,29 @@ import javax.servlet.http.HttpServletResponse;
  */
 public class DefaultCookieSerializer implements CookieSerializer {
 
+	private static final Log logger = LogFactory.getLog(DefaultCookieSerializer.class);
+
+	private static final BitSet domainValid = new BitSet(128);
+
+	static {
+		for (char c = '0'; c <= '9'; c++) {
+			domainValid.set(c);
+		}
+		for (char c = 'a'; c <= 'z'; c++) {
+			domainValid.set(c);
+		}
+		for (char c = 'A'; c <= 'Z'; c++) {
+			domainValid.set(c);
+		}
+		domainValid.set('.');
+		domainValid.set('-');
+	}
+
 	private String cookieName = "SESSION";
 
 	private Boolean useSecureCookie;
 
-	private boolean useHttpOnlyCookie = isServlet3();
+	private boolean useHttpOnlyCookie = true;
 
 	private String cookiePath;
 
@@ -57,6 +82,8 @@ public class DefaultCookieSerializer implements CookieSerializer {
 
 	private String rememberMeRequestAttribute;
 
+	private String sameSite = "Lax";
+
 	/*
 	 * (non-Javadoc)
 	 *
@@ -70,8 +97,9 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		if (cookies != null) {
 			for (Cookie cookie : cookies) {
 				if (this.cookieName.equals(cookie.getName())) {
-					String sessionId = this.useBase64Encoding
-							? base64Decode(cookie.getValue()) : cookie.getValue();
+					String sessionId = (this.useBase64Encoding
+							? base64Decode(cookie.getValue())
+							: cookie.getValue());
 					if (sessionId == null) {
 						continue;
 					}
@@ -97,37 +125,43 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		HttpServletRequest request = cookieValue.getRequest();
 		HttpServletResponse response = cookieValue.getResponse();
 
-		String requestedCookieValue = cookieValue.getCookieValue();
-		String actualCookieValue = this.jvmRoute == null ? requestedCookieValue
-				: requestedCookieValue + this.jvmRoute;
-
-		Cookie sessionCookie = new Cookie(this.cookieName, this.useBase64Encoding
-				? base64Encode(actualCookieValue) : actualCookieValue);
-		sessionCookie.setSecure(isSecureCookie(request));
-		sessionCookie.setPath(getCookiePath(request));
-		String domainName = getDomainName(request);
-		if (domainName != null) {
-			sessionCookie.setDomain(domainName);
+		StringBuilder sb = new StringBuilder();
+		sb.append(this.cookieName).append('=');
+		String value = getValue(cookieValue);
+		if (value != null && value.length() > 0) {
+			validateValue(value);
+			sb.append(value);
+		}
+		int maxAge = getMaxAge(cookieValue);
+		if (maxAge > -1) {
+			sb.append("; Max-Age=").append(cookieValue.getCookieMaxAge());
+			OffsetDateTime expires = (maxAge != 0)
+					? OffsetDateTime.now().plusSeconds(maxAge)
+					: Instant.EPOCH.atOffset(ZoneOffset.UTC);
+			sb.append("; Expires=")
+					.append(expires.format(DateTimeFormatter.RFC_1123_DATE_TIME));
+		}
+		String domain = getDomainName(request);
+		if (domain != null && domain.length() > 0) {
+			validateDomain(domain);
+			sb.append("; Domain=").append(domain);
+		}
+		String path = getCookiePath(request);
+		if (path != null && path.length() > 0) {
+			validatePath(path);
+			sb.append("; Path=").append(path);
+		}
+		if (isSecureCookie(request)) {
+			sb.append("; Secure");
 		}
-
 		if (this.useHttpOnlyCookie) {
-			sessionCookie.setHttpOnly(true);
+			sb.append("; HttpOnly");
+		}
+		if (this.sameSite != null) {
+			sb.append("; SameSite=").append(this.sameSite);
 		}
 
-		if (cookieValue.getCookieMaxAge() < 0) {
-			if (this.rememberMeRequestAttribute != null
-					&& request.getAttribute(this.rememberMeRequestAttribute) != null) {
-				// the cookie is only written at time of session creation, so we rely on
-				// session expiration rather than cookie expiration if remember me is enabled
-				cookieValue.setCookieMaxAge(Integer.MAX_VALUE);
-			}
-			else if (this.cookieMaxAge != null) {
-				cookieValue.setCookieMaxAge(this.cookieMaxAge);
-			}
-		}
-		sessionCookie.setMaxAge(cookieValue.getCookieMaxAge());
-
-		response.addCookie(sessionCookie);
+		response.addHeader("Set-Cookie", sb.toString());
 	}
 
 	/**
@@ -141,7 +175,8 @@ public class DefaultCookieSerializer implements CookieSerializer {
 			byte[] decodedCookieBytes = Base64.getDecoder().decode(base64Value);
 			return new String(decodedCookieBytes);
 		}
-		catch (Exception e) {
+		catch (Exception ex) {
+			logger.debug("Unable to Base64 decode value: " + base64Value);
 			return null;
 		}
 	}
@@ -157,6 +192,81 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		return new String(encodedCookieBytes);
 	}
 
+	private String getValue(CookieValue cookieValue) {
+		String requestedCookieValue = cookieValue.getCookieValue();
+		String actualCookieValue = requestedCookieValue;
+		if (this.jvmRoute != null) {
+			actualCookieValue = requestedCookieValue + this.jvmRoute;
+		}
+		if (this.useBase64Encoding) {
+			actualCookieValue = base64Encode(actualCookieValue);
+		}
+		return actualCookieValue;
+	}
+
+	private void validateValue(String value) {
+		int start = 0;
+		int end = value.length();
+		if ((end > 1) && (value.charAt(0) == '"') && (value.charAt(end - 1) == '"')) {
+			start = 1;
+			end--;
+		}
+		char[] chars = value.toCharArray();
+		for (int i = start; i < end; i++) {
+			char c = chars[i];
+			if (c < 0x21 || c == 0x22 || c == 0x2c || c == 0x3b || c == 0x5c
+					|| c == 0x7f) {
+				throw new IllegalArgumentException(
+						"Invalid character in cookie value: " + Integer.toString(c));
+			}
+		}
+	}
+
+	private int getMaxAge(CookieValue cookieValue) {
+		int maxAge = cookieValue.getCookieMaxAge();
+		if (maxAge < 0) {
+			if (this.rememberMeRequestAttribute != null && cookieValue.getRequest()
+					.getAttribute(this.rememberMeRequestAttribute) != null) {
+				// the cookie is only written at time of session creation, so we rely on
+				// session expiration rather than cookie expiration if remember me is
+				// enabled
+				cookieValue.setCookieMaxAge(Integer.MAX_VALUE);
+			}
+			else if (this.cookieMaxAge != null) {
+				cookieValue.setCookieMaxAge(this.cookieMaxAge);
+			}
+		}
+		return cookieValue.getCookieMaxAge();
+	}
+
+	private void validateDomain(String domain) {
+		int i = 0;
+		int cur = -1;
+		int prev;
+		char[] chars = domain.toCharArray();
+		while (i < chars.length) {
+			prev = cur;
+			cur = chars[i];
+			if (!domainValid.get(cur)
+					|| ((prev == '.' || prev == -1) && (cur == '.' || cur == '-'))
+					|| (prev == '-' && cur == '.')) {
+				throw new IllegalArgumentException("Invalid cookie domain: " + domain);
+			}
+			i++;
+		}
+		if (cur == '.' || cur == '-') {
+			throw new IllegalArgumentException("Invalid cookie domain: " + domain);
+		}
+	}
+
+	private void validatePath(String path) {
+		for (char ch : path.toCharArray()) {
+			if (ch < 0x20 || ch > 0x7E || ch == ';') {
+				throw new IllegalArgumentException("Invalid cookie path: " + path);
+			}
+		}
+	}
+
 	/**
 	 * Sets if a Cookie marked as secure should be used. The default is to use the value
 	 * of {@link HttpServletRequest#isSecure()}.
@@ -168,16 +278,11 @@ public class DefaultCookieSerializer implements CookieSerializer {
 	}
 
 	/**
-	 * Sets if a Cookie marked as HTTP Only should be used. The default is true in Servlet
-	 * 3+ environments, else false.
+	 * Sets if a Cookie marked as HTTP Only should be used. The default is true.
 	 *
 	 * @param useHttpOnlyCookie determines if the cookie should be marked as HTTP Only.
 	 */
 	public void setUseHttpOnlyCookie(boolean useHttpOnlyCookie) {
-		if (useHttpOnlyCookie && !isServlet3()) {
-			throw new IllegalArgumentException(
-					"You cannot set useHttpOnlyCookie to true in pre Servlet 3 environment");
-		}
 		this.useHttpOnlyCookie = useHttpOnlyCookie;
 	}
 
@@ -317,6 +422,16 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		this.rememberMeRequestAttribute = rememberMeRequestAttribute;
 	}
 
+	/**
+	 * Set the value for the {@code SameSite} cookie directive. The default value is
+	 * {@code Lax}.
+	 * @param sameSite the SameSite directive value
+	 * @since 2.1.0
+	 */
+	public void setSameSite(String sameSite) {
+		this.sameSite = sameSite;
+	}
+
 	private String getDomainName(HttpServletRequest request) {
 		if (this.domainName != null) {
 			return this.domainName;
@@ -337,19 +452,4 @@ public class DefaultCookieSerializer implements CookieSerializer {
 		return this.cookiePath;
 	}
 
-	/**
-	 * Returns true if the Servlet 3 APIs are detected.
-	 *
-	 * @return whether the Servlet 3 APIs are detected
-	 */
-	private boolean isServlet3() {
-		try {
-			ServletRequest.class.getMethod("startAsync");
-			return true;
-		}
-		catch (NoSuchMethodException e) {
-		}
-		return false;
-	}
-
 }

spring-session-core/src/main/java/org/springframework/session/web/http/HeaderHttpSessionIdResolver.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -98,7 +98,7 @@ public class HeaderHttpSessionIdResolver implements HttpSessionIdResolver {
 	@Override
 	public List<String> resolveSessionIds(HttpServletRequest request) {
 		String headerValue = request.getHeader(this.headerName);
-		return headerValue != null ? Collections.singletonList(headerValue)
+		return (headerValue != null) ? Collections.singletonList(headerValue)
 				: Collections.emptyList();
 	}
 

spring-session-core/src/main/java/org/springframework/session/web/http/HttpSessionAdapter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,8 +24,13 @@ import java.util.Set;
 
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpSessionBindingEvent;
+import javax.servlet.http.HttpSessionBindingListener;
 import javax.servlet.http.HttpSessionContext;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 import org.springframework.session.Session;
 
 /**
@@ -33,11 +38,14 @@ import org.springframework.session.Session;
  *
  * @param <S> the {@link Session} type
  * @author Rob Winch
+ * @author Vedran Pavic
  * @since 1.1
  */
 @SuppressWarnings("deprecation")
 class HttpSessionAdapter<S extends Session> implements HttpSession {
 
+	private static final Log logger = LogFactory.getLog(HttpSessionAdapter.class);
+
 	private S session;
 
 	private final ServletContext servletContext;
@@ -129,7 +137,28 @@ class HttpSessionAdapter<S extends Session> implements HttpSession {
 	@Override
 	public void setAttribute(String name, Object value) {
 		checkState();
+		Object oldValue = this.session.getAttribute(name);
 		this.session.setAttribute(name, value);
+		if (value != oldValue) {
+			if (oldValue instanceof HttpSessionBindingListener) {
+				try {
+					((HttpSessionBindingListener) oldValue).valueUnbound(
+							new HttpSessionBindingEvent(this, name, oldValue));
+				}
+				catch (Throwable th) {
+					logger.error("Error invoking session binding event listener", th);
+				}
+			}
+			if (value instanceof HttpSessionBindingListener) {
+				try {
+					((HttpSessionBindingListener) value)
+							.valueBound(new HttpSessionBindingEvent(this, name, value));
+				}
+				catch (Throwable th) {
+					logger.error("Error invoking session binding event listener", th);
+				}
+			}
+		}
 	}
 
 	@Override
@@ -140,7 +169,17 @@ class HttpSessionAdapter<S extends Session> implements HttpSession {
 	@Override
 	public void removeAttribute(String name) {
 		checkState();
+		Object oldValue = this.session.getAttribute(name);
 		this.session.removeAttribute(name);
+		if (oldValue instanceof HttpSessionBindingListener) {
+			try {
+				((HttpSessionBindingListener) oldValue)
+						.valueUnbound(new HttpSessionBindingEvent(this, name, oldValue));
+			}
+			catch (Throwable th) {
+				logger.error("Error invoking session binding event listener", th);
+			}
+		}
 	}
 
 	@Override

spring-session-core/src/main/java/org/springframework/session/web/http/OnCommittedResponseWrapper.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -174,11 +174,11 @@ abstract class OnCommittedResponseWrapper extends HttpServletResponseWrapper {
 	}
 
 	private void trackContentLength(byte[] content) {
-		checkContentLength(content == null ? 0 : content.length);
+		checkContentLength((content != null) ? content.length : 0);
 	}
 
 	private void trackContentLength(char[] content) {
-		checkContentLength(content == null ? 0 : content.length);
+		checkContentLength((content != null) ? content.length : 0);
 	}
 
 	private void trackContentLength(int content) {
@@ -257,13 +257,13 @@ abstract class OnCommittedResponseWrapper extends HttpServletResponseWrapper {
 		}
 
 		@Override
-		public int hashCode() {
-			return this.delegate.hashCode();
+		public boolean equals(Object obj) {
+			return this.delegate.equals(obj);
 		}
 
 		@Override
-		public boolean equals(Object obj) {
-			return this.delegate.equals(obj);
+		public int hashCode() {
+			return this.delegate.hashCode();
 		}
 
 		@Override
@@ -502,13 +502,13 @@ abstract class OnCommittedResponseWrapper extends HttpServletResponseWrapper {
 		}
 
 		@Override
-		public int hashCode() {
-			return this.delegate.hashCode();
+		public boolean equals(Object obj) {
+			return this.delegate.equals(obj);
 		}
 
 		@Override
-		public boolean equals(Object obj) {
-			return this.delegate.equals(obj);
+		public int hashCode() {
+			return this.delegate.hashCode();
 		}
 
 		@Override

spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@ package org.springframework.session.web.http;
 
 import java.io.IOException;
 import java.time.Instant;
+import java.util.List;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletContext;
@@ -196,14 +197,18 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 	private final class SessionRepositoryRequestWrapper
 			extends HttpServletRequestWrapper {
 
-		private Boolean requestedSessionIdValid;
-
-		private boolean requestedSessionInvalidated;
-
 		private final HttpServletResponse response;
 
 		private final ServletContext servletContext;
 
+		private S requestedSession;
+
+		private boolean requestedSessionCached;
+
+		private Boolean requestedSessionIdValid;
+
+		private boolean requestedSessionInvalidated;
+
 		private SessionRepositoryRequestWrapper(HttpServletRequest request,
 				HttpServletResponse response, ServletContext servletContext) {
 			super(request);
@@ -225,6 +230,7 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 			}
 			else {
 				S session = wrappedSession.getSession();
+				clearRequestedSessionCache();
 				SessionRepositoryFilter.this.sessionRepository.save(session);
 				String sessionId = session.getId();
 				if (!isRequestedSessionIdValid()
@@ -265,9 +271,11 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 		@Override
 		public boolean isRequestedSessionIdValid() {
 			if (this.requestedSessionIdValid == null) {
-				String sessionId = getRequestedSessionId();
-				S session = sessionId == null ? null : getSession(sessionId);
-				return isRequestedSessionIdValid(session);
+				S requestedSession = getRequestedSession();
+				if (requestedSession != null) {
+					requestedSession.setLastAccessedTime(Instant.now());
+				}
+				return isRequestedSessionIdValid(requestedSession);
 			}
 
 			return this.requestedSessionIdValid;
@@ -284,28 +292,18 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 			return getCurrentSession() == null && this.requestedSessionInvalidated;
 		}
 
-		private S getSession(String sessionId) {
-			S session = SessionRepositoryFilter.this.sessionRepository
-					.findById(sessionId);
-			if (session == null) {
-				return null;
-			}
-			session.setLastAccessedTime(Instant.now());
-			return session;
-		}
-
 		@Override
 		public HttpSessionWrapper getSession(boolean create) {
 			HttpSessionWrapper currentSession = getCurrentSession();
 			if (currentSession != null) {
 				return currentSession;
 			}
-			String requestedSessionId = getRequestedSessionId();
-			if (requestedSessionId != null) {
+			S requestedSession = getRequestedSession();
+			if (requestedSession != null) {
 				if (getAttribute(INVALID_SESSION_ID_ATTR) == null) {
-					S session = getSession(requestedSessionId);
+					requestedSession.setLastAccessedTime(Instant.now());
 					this.requestedSessionIdValid = true;
-					currentSession = new HttpSessionWrapper(session, getServletContext());
+					currentSession = new HttpSessionWrapper(requestedSession, getServletContext());
 					currentSession.setNew(false);
 					setCurrentSession(currentSession);
 					return currentSession;
@@ -353,11 +351,30 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 
 		@Override
 		public String getRequestedSessionId() {
-			return SessionRepositoryFilter.this.httpSessionIdResolver
-					.resolveSessionIds(this).stream()
-					.filter(sessionId -> SessionRepositoryFilter.this.sessionRepository
-							.findById(sessionId) != null)
-					.findFirst().orElse(null);
+			S requestedSession = getRequestedSession();
+			return (requestedSession != null) ? requestedSession.getId() : null;
+		}
+
+		private S getRequestedSession() {
+			if (!this.requestedSessionCached) {
+				List<String> sessionIds = SessionRepositoryFilter.this.httpSessionIdResolver
+						.resolveSessionIds(this);
+				for (String sessionId : sessionIds) {
+					S session = SessionRepositoryFilter.this.sessionRepository
+							.findById(sessionId);
+					if (session != null) {
+						this.requestedSession = session;
+						break;
+					}
+				}
+				this.requestedSessionCached = true;
+			}
+			return this.requestedSession;
+		}
+
+		private void clearRequestedSessionCache() {
+			this.requestedSessionCached = false;
+			this.requestedSession = null;
 		}
 
 		/**
@@ -377,6 +394,7 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 				super.invalidate();
 				SessionRepositoryRequestWrapper.this.requestedSessionInvalidated = true;
 				setCurrentSession(null);
+				clearRequestedSessionCache();
 				SessionRepositoryFilter.this.sessionRepository.deleteById(getId());
 			}
 		}

spring-session-core/src/main/java/org/springframework/session/web/server/session/SpringSessionWebSessionStore.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -46,6 +46,7 @@ import org.springframework.web.server.session.WebSessionStore;
  *
  * @param <S> the {@link Session} type
  * @author Rob Winch
+ * @author Vedran Pavic
  * @since 2.0
  */
 public class SpringSessionWebSessionStore<S extends Session> implements WebSessionStore {
@@ -86,15 +87,11 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 		return Mono.just(session);
 	}
 
-	public Mono<Void> storeSession(WebSession session) {
-		@SuppressWarnings("unchecked")
-		SpringSessionWebSession springWebSession = (SpringSessionWebSession) session;
-		return this.sessions.save(springWebSession.session);
-	}
-
 	@Override
 	public Mono<WebSession> retrieveSession(String sessionId) {
-		return this.sessions.findById(sessionId).map(this::existingSession);
+		return this.sessions.findById(sessionId)
+				.doOnNext((session) -> session.setLastAccessedTime(this.clock.instant()))
+				.map(this::existingSession);
 	}
 
 	@Override
@@ -161,6 +158,7 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 
 		@Override
 		public Mono<Void> invalidate() {
+			this.state.set(State.EXPIRED);
 			return SpringSessionWebSessionStore.this.sessions.deleteById(this.session.getId());
 		}
 
@@ -171,7 +169,14 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 
 		@Override
 		public boolean isExpired() {
-			return this.session.isExpired();
+			if (this.state.get().equals(State.EXPIRED)) {
+				return true;
+			}
+			if (this.session.isExpired()) {
+				this.state.set(State.EXPIRED);
+				return true;
+			}
+			return false;
 		}
 
 		@Override
@@ -196,7 +201,7 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 	}
 
 	private enum State {
-		NEW, STARTED
+		NEW, STARTED, EXPIRED
 	}
 
 	private static class SpringSessionMap implements Map<String, Object> {
@@ -228,7 +233,7 @@ public class SpringSessionWebSessionStore<S extends Session> implements WebSessi
 		@Override
 		public boolean containsValue(Object value) {
 			return this.session.getAttributeNames().stream()
-					.anyMatch(attrName -> this.session.getAttribute(attrName) != null);
+					.anyMatch((attrName) -> this.session.getAttribute(attrName) != null);
 		}
 
 		@Override

spring-session-core/src/main/java/org/springframework/session/web/socket/handler/WebSocketRegistryListener.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -71,8 +71,9 @@ public final class WebSocketRegistryListener
 			SessionDisconnectEvent e = (SessionDisconnectEvent) event;
 			Map<String, Object> sessionAttributes = SimpMessageHeaderAccessor
 					.getSessionAttributes(e.getMessage().getHeaders());
-			String httpSessionId = sessionAttributes == null ? null
-					: SessionRepositoryMessageInterceptor.getSessionId(sessionAttributes);
+			String httpSessionId = (sessionAttributes != null)
+					? SessionRepositoryMessageInterceptor.getSessionId(sessionAttributes)
+					: null;
 			afterConnectionClosed(httpSessionId, e.getSessionId());
 		}
 	}
@@ -140,10 +141,10 @@ public final class WebSocketRegistryListener
 			try {
 				toClose.close(SESSION_EXPIRED_STATUS);
 			}
-			catch (IOException e) {
+			catch (IOException ex) {
 				logger.debug(
 						"Failed to close WebSocketSession (this is nothing to worry about but for debugging only)",
-						e);
+						ex);
 			}
 		}
 	}

spring-session-core/src/main/java/org/springframework/session/web/socket/server/SessionRepositoryMessageInterceptor.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,7 +31,6 @@ import org.springframework.messaging.MessageChannel;
 import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
 import org.springframework.messaging.simp.SimpMessageType;
 import org.springframework.messaging.support.ChannelInterceptor;
-import org.springframework.messaging.support.ChannelInterceptorAdapter;
 import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
 import org.springframework.util.Assert;
@@ -63,7 +62,7 @@ import org.springframework.web.socket.server.HandshakeInterceptor;
  * @since 1.0
  */
 public final class SessionRepositoryMessageInterceptor<S extends Session>
-		extends ChannelInterceptorAdapter implements HandshakeInterceptor {
+		implements ChannelInterceptor, HandshakeInterceptor {
 
 	private static final String SPRING_SESSION_ID_ATTR_NAME = "SPRING.SESSION.ID";
 
@@ -114,12 +113,13 @@ public final class SessionRepositoryMessageInterceptor<S extends Session>
 		SimpMessageType messageType = SimpMessageHeaderAccessor
 				.getMessageType(message.getHeaders());
 		if (!this.matchingMessageTypes.contains(messageType)) {
-			return super.preSend(message, channel);
+			return message;
 		}
 		Map<String, Object> sessionHeaders = SimpMessageHeaderAccessor
 				.getSessionAttributes(message.getHeaders());
-		String sessionId = sessionHeaders == null ? null
-				: (String) sessionHeaders.get(SPRING_SESSION_ID_ATTR_NAME);
+		String sessionId = (sessionHeaders != null)
+				? (String) sessionHeaders.get(SPRING_SESSION_ID_ATTR_NAME)
+				: null;
 		if (sessionId != null) {
 			S session = this.sessionRepository.findById(sessionId);
 			if (session != null) {
@@ -128,7 +128,7 @@ public final class SessionRepositoryMessageInterceptor<S extends Session>
 				this.sessionRepository.save(session);
 			}
 		}
-		return super.preSend(message, channel);
+		return message;
 	}
 
 	@Override

spring-session-core/src/test/java/org/springframework/session/MapSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -100,4 +100,17 @@ public class MapSessionRepositoryTests {
 		assertThat(this.repository.findById(createSession.getId())).isNotNull();
 	}
 
+	@Test // gh-1120
+	public void getAttributeNamesAndRemove() {
+		MapSession session = this.repository.createSession();
+		session.setAttribute("attribute1", "value1");
+		session.setAttribute("attribute2", "value2");
+
+		for (String attributeName : session.getAttributeNames()) {
+			session.removeAttribute(attributeName);
+		}
+
+		assertThat(session.getAttributeNames()).isEmpty();
+	}
+
 }

spring-session-core/src/test/java/org/springframework/session/MapSessionTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@ import org.junit.Before;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 public class MapSessionTests {
 
@@ -35,9 +36,11 @@ public class MapSessionTests {
 		this.session.setLastAccessedTime(Instant.ofEpochMilli(1413258262962L));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorNullSession() {
-		new MapSession((Session) null);
+		assertThatThrownBy(() -> new MapSession((Session) null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("session cannot be null");
 	}
 
 	@Test
@@ -65,9 +68,11 @@ public class MapSessionTests {
 		assertThat(result).isEqualTo(attrValue);
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void getRequiredAttributeWhenNullThenException() {
-		this.session.getRequiredAttribute("attrName");
+		assertThatThrownBy(() -> this.session.getRequiredAttribute("attrName"))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("Required attribute 'attrName' is missing.");
 	}
 
 	@Test
@@ -128,6 +133,18 @@ public class MapSessionTests {
 		assertThat(this.session.isExpired(now)).isTrue();
 	}
 
+	@Test // gh-1120
+	public void getAttributeNamesAndRemove() {
+		this.session.setAttribute("attribute1", "value1");
+		this.session.setAttribute("attribute2", "value2");
+
+		for (String attributeName : this.session.getAttributeNames()) {
+			this.session.removeAttribute(attributeName);
+		}
+
+		assertThat(this.session.getAttributeNames()).isEmpty();
+	}
+
 	static class CustomSession implements Session {
 
 		@Override

spring-session-core/src/test/java/org/springframework/session/ReactiveMapSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,6 +27,7 @@ import org.junit.Before;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * Tests for {@link ReactiveMapSessionRepository}.
@@ -57,10 +58,11 @@ public class ReactiveMapSessionRepositoryTests {
 		assertThat(findByIdSession.getId()).isEqualTo(this.session.getId());
 	}
 
-	@Test(expected = IllegalArgumentException.class)
+	@Test
 	public void constructorMapWhenNullThenThrowsIllegalArgumentException() {
-		Map<String, Session> sessions = null;
-		new ReactiveMapSessionRepository(sessions);
+		assertThatThrownBy(() -> new ReactiveMapSessionRepository(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("sessions cannot be null");
 	}
 
 	@Test
@@ -142,4 +144,17 @@ public class ReactiveMapSessionRepositoryTests {
 		assertThat(this.repository.findById(createSession.getId()).block()).isNotNull();
 	}
 
+	@Test // gh-1120
+	public void getAttributeNamesAndRemove() {
+		MapSession session = this.repository.createSession().block();
+		session.setAttribute("attribute1", "value1");
+		session.setAttribute("attribute2", "value2");
+
+		for (String attributeName : session.getAttributeNames()) {
+			session.removeAttribute(attributeName);
+		}
+
+		assertThat(session.getAttributeNames()).isEmpty();
+	}
+
 }

spring-session-core/src/test/java/org/springframework/session/config/annotation/web/http/EnableSpringHttpSessionCustomCookieSerializerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -49,6 +49,7 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.verify;
 
 /**
@@ -82,6 +83,9 @@ public class EnableSpringHttpSessionCustomCookieSerializerTests {
 	@Before
 	public void setup() {
 		this.chain = new MockFilterChain();
+
+		reset(this.sessionRepository);
+		reset(this.cookieSerializer);
 	}
 
 	@Test
@@ -99,7 +103,7 @@ public class EnableSpringHttpSessionCustomCookieSerializerTests {
 
 	@Test
 	public void usesWrite() throws Exception {
-		given(this.sessionRepository.findById(anyString())).willReturn(new MapSession());
+		given(this.sessionRepository.createSession()).willReturn(new MapSession());
 
 		this.sessionRepositoryFilter.doFilter(this.request, this.response,
 				new MockFilterChain() {

spring-session-core/src/test/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,11 +21,7 @@ import java.util.concurrent.ConcurrentHashMap;
 import javax.servlet.ServletContext;
 
 import org.junit.After;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
-import org.junit.runner.RunWith;
-import org.mockito.junit.MockitoJUnitRunner;
 
 import org.springframework.beans.factory.UnsatisfiedDependencyException;
 import org.springframework.context.annotation.AnnotationConfigApplicationContext;
@@ -42,18 +38,15 @@ import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * Tests for {@link SpringHttpSessionConfiguration}.
  *
  * @author Vedran Pavic
  */
-@RunWith(MockitoJUnitRunner.class)
 public class SpringHttpSessionConfigurationTests {
 
-	@Rule
-	public final ExpectedException thrown = ExpectedException.none();
-
 	private AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
 
 	@After
@@ -70,10 +63,9 @@ public class SpringHttpSessionConfigurationTests {
 
 	@Test
 	public void noSessionRepositoryConfiguration() {
-		this.thrown.expect(UnsatisfiedDependencyException.class);
-		this.thrown.expectMessage("org.springframework.session.SessionRepository");
-
-		registerAndRefresh(EmptyConfiguration.class);
+		assertThatThrownBy(() -> registerAndRefresh(EmptyConfiguration.class))
+				.isInstanceOf(UnsatisfiedDependencyException.class)
+				.hasMessageContaining("org.springframework.session.SessionRepository");
 	}
 
 	@Test

spring-session-core/src/test/java/org/springframework/session/security/SpringSessionBackedSessionRegistryTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
 package org.springframework.session.security;
 
 import java.time.Instant;
+import java.time.temporal.ChronoUnit;
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
@@ -74,7 +75,9 @@ public class SpringSessionBackedSessionRegistryTest {
 				.getSessionInformation(SESSION_ID);
 
 		assertThat(sessionInfo.getSessionId()).isEqualTo(SESSION_ID);
-		assertThat(sessionInfo.getLastRequest().toInstant()).isEqualTo(NOW);
+		assertThat(
+				sessionInfo.getLastRequest().toInstant().truncatedTo(ChronoUnit.MILLIS))
+						.isEqualTo(NOW.truncatedTo(ChronoUnit.MILLIS));
 		assertThat(sessionInfo.getPrincipal()).isEqualTo(USER_NAME);
 		assertThat(sessionInfo.isExpired()).isFalse();
 	}
@@ -90,7 +93,9 @@ public class SpringSessionBackedSessionRegistryTest {
 				.getSessionInformation(SESSION_ID);
 
 		assertThat(sessionInfo.getSessionId()).isEqualTo(SESSION_ID);
-		assertThat(sessionInfo.getLastRequest().toInstant()).isEqualTo(NOW);
+		assertThat(
+				sessionInfo.getLastRequest().toInstant().truncatedTo(ChronoUnit.MILLIS))
+				.isEqualTo(NOW.truncatedTo(ChronoUnit.MILLIS));
 		assertThat(sessionInfo.getPrincipal()).isEqualTo(USER_NAME);
 		assertThat(sessionInfo.isExpired()).isTrue();
 	}
@@ -162,9 +167,8 @@ public class SpringSessionBackedSessionRegistryTest {
 		Map<String, Session> sessions = new LinkedHashMap<>();
 		sessions.put(session1.getId(), session1);
 		sessions.put(session2.getId(), session2);
-		when(this.sessionRepository.findByIndexNameAndIndexValue(
-				FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, USER_NAME))
-						.thenReturn(sessions);
+		when(this.sessionRepository.findByPrincipalName(USER_NAME))
+				.thenReturn(sessions);
 	}
 
 }

spring-session-core/src/test/java/org/springframework/session/security/web/authentication/SpringSessionRememberMeServicesTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,15 +20,14 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
@@ -43,9 +42,6 @@ import static org.mockito.Mockito.verifyZeroInteractions;
  */
 public class SpringSessionRememberMeServicesTests {
 
-	@Rule
-	public ExpectedException thrown = ExpectedException.none();
-
 	private SpringSessionRememberMeServices rememberMeServices;
 
 	@Test
@@ -71,10 +67,10 @@ public class SpringSessionRememberMeServicesTests {
 
 	@Test
 	public void createWithNullParameter() {
-		this.thrown.expect(IllegalArgumentException.class);
-		this.thrown.expectMessage("rememberMeParameterName cannot be empty or null");
 		this.rememberMeServices = new SpringSessionRememberMeServices();
-		this.rememberMeServices.setRememberMeParameterName(null);
+		assertThatThrownBy(() -> this.rememberMeServices.setRememberMeParameterName(null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("rememberMeParameterName cannot be empty or null");
 	}
 
 	@Test
@@ -114,7 +110,8 @@ public class SpringSessionRememberMeServicesTests {
 		this.rememberMeServices = new SpringSessionRememberMeServices();
 		this.rememberMeServices.loginFail(request, response);
 		verify(request, times(1)).getSession(eq(false));
-		verify(session, times(1)).removeAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
+		verify(session, times(1)).removeAttribute(
+				HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
 		verifyZeroInteractions(request, response, session);
 	}
 

spring-session-core/src/test/java/org/springframework/session/web/http/CookieHttpSessionIdResolverTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2017 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.