Add End-of-Life Notice

Fixes gh-1351

Jenkinsfile

@@ -1,179 +0,0 @@
-properties([
-		buildDiscarder(logRotator(numToKeepStr: '10')),
-		pipelineTriggers([
-				cron('@daily')
-		]),
-])
-
-def SUCCESS = hudson.model.Result.SUCCESS.toString()
-currentBuild.result = SUCCESS
-
-try {
-	parallel check: {
-		stage('Check') {
-			timeout(time: 45, unit: 'MINUTES') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-						withEnv(["JAVA_HOME=${tool 'jdk8'}"]) {
-							sh './gradlew clean check --no-daemon --refresh-dependencies --stacktrace'
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: check'
-						throw e
-					}
-					finally {
-						junit '**/build/test-results/*/*.xml'
-					}
-				}
-			}
-		}
-	},
-	jdk9: {
-		stage('JDK 9') {
-			timeout(time: 45, unit: 'MINUTES') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-						withEnv(["JAVA_HOME=${tool 'jdk9'}"]) {
-							sh './gradlew clean test --no-daemon --refresh-dependencies --stacktrace'
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: jdk9'
-						throw e
-					}
-				}
-			}
-		}
-	},
-	jdk10: {
-		stage('JDK 10') {
-			timeout(time: 45, unit: 'MINUTES') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-						withEnv(["JAVA_HOME=${tool 'jdk10'}"]) {
-							sh './gradlew clean test --no-daemon --refresh-dependencies --stacktrace'
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: jdk10'
-						throw e
-					}
-				}
-			}
-		}
-	},
-	jdk11: {
-		stage('JDK 11') {
-			timeout(time: 45, unit: 'MINUTES') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-						withEnv(["JAVA_HOME=${tool 'jdk11'}"]) {
-							sh './gradlew clean test integrationTest --no-daemon --refresh-dependencies --stacktrace'
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: jdk11'
-						throw e
-					}
-				}
-			}
-		}
-	},
-	jdk12: {
-		stage('JDK 12') {
-			timeout(time: 45, unit: 'MINUTES') {
-				node('linux') {
-					checkout scm
-					try {
-						withEnv(["JAVA_HOME=${tool 'openjdk12'}"]) {
-							sh './gradlew clean test integrationTest --no-daemon --refresh-dependencies --stacktrace'
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: jdk12'
-						throw e
-					}
-				}
-			}
-		}
-	}
-
-	if (currentBuild.result == 'SUCCESS') {
-		parallel artifacts: {
-			stage('Deploy Artifacts') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-						withCredentials([file(credentialsId: 'spring-signing-secring.gpg', variable: 'SIGNING_KEYRING_FILE')]) {
-							withCredentials([string(credentialsId: 'spring-gpg-passphrase', variable: 'SIGNING_PASSWORD')]) {
-								withCredentials([usernamePassword(credentialsId: 'oss-token', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USERNAME')]) {
-									withCredentials([usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD')]) {
-										withEnv(["JAVA_HOME=${tool 'jdk8'}"]) {
-											sh './gradlew deployArtifacts finalizeDeployArtifacts --no-daemon --refresh-dependencies --stacktrace -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password=$SIGNING_PASSWORD -PossrhUsername=$OSSRH_USERNAME -PossrhPassword=$OSSRH_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD'
-										}
-									}
-								}
-							}
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: artifacts'
-						throw e
-					}
-				}
-			}
-		},
-		docs: {
-			stage('Deploy Docs') {
-				node('linux') {
-					checkout scm
-					sh "git clean -dfx"
-					try {
-						withCredentials([file(credentialsId: 'docs.spring.io-jenkins_private_ssh_key', variable: 'DEPLOY_SSH_KEY')]) {
-							withEnv(["JAVA_HOME=${tool 'jdk8'}"]) {
-								sh './gradlew deployDocs --no-daemon --refresh-dependencies --stacktrace -PdeployDocsSshKeyPath=$DEPLOY_SSH_KEY -PdeployDocsSshUsername=$SPRING_DOCS_USERNAME'
-							}
-						}
-					}
-					catch (e) {
-						currentBuild.result = 'FAILED: docs'
-						throw e
-					}
-				}
-			}
-		}
-	}
-}
-finally {
-	def buildStatus = currentBuild.result
-	def buildNotSuccess = !SUCCESS.equals(buildStatus)
-	def lastBuildNotSuccess = !SUCCESS.equals(currentBuild.previousBuild?.result)
-
-	if (buildNotSuccess || lastBuildNotSuccess) {
-		stage('Notify') {
-			node {
-				final def RECIPIENTS = [[$class: 'DevelopersRecipientProvider'], [$class: 'RequesterRecipientProvider']]
-
-				def subject = "${buildStatus}: Build ${env.JOB_NAME} ${env.BUILD_NUMBER} status is now ${buildStatus}"
-				def details = "The build status changed to ${buildStatus}. For details see ${env.BUILD_URL}"
-
-				emailext(
-						subject: subject,
-						body: details,
-						recipientProviders: RECIPIENTS,
-						to: "$SPRING_SESSION_TEAM_EMAILS"
-				)
-			}
-		}
-	}
-}

README.adoc

@@ -1,3 +1,9 @@
+[NOTE]
+======
+This branch of Spring Session has reached its https://github.com/spring-projects/spring-boot/wiki/Supported-Versions[End of Life], meaning that there are no further maintenance releases or security patches planned.
+Please migrate to a supported branch as soon as possible.
+======
+
 = Spring Session
 
 image:https://travis-ci.org/spring-projects/spring-session.svg?branch=master["Build Status", link="https://travis-ci.org/spring-projects/spring-session"] image:https://badges.gitter.im/spring-projects/spring-session.svg[link="https://gitter.im/spring-projects/spring-session?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"]

build.gradle

@@ -1,40 +1,18 @@
 buildscript {
-	ext {
-		releaseBuild = version.endsWith('RELEASE')
-		snapshotBuild = version.endsWith('SNAPSHOT')
-		milestoneBuild = !(releaseBuild || snapshotBuild)
-
-		springBootVersion = '2.2.0.M2'
-	}
-
-	repositories {
-		gradlePluginPortal()
-		maven { url 'https://repo.spring.io/plugins-release/' }
-	}
-
 	dependencies {
 		classpath 'io.spring.gradle:spring-build-conventions:0.0.25.RELEASE'
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
-		classpath 'io.spring.nohttp:nohttp-gradle:0.0.2.RELEASE'
+	}
+	repositories {
+		gradlePluginPortal()
+		maven { url 'https://repo.spring.io/plugins-release' }
 	}
 }
-
 apply plugin: 'io.spring.convention.root'
-apply plugin: 'io.spring.nohttp'
-
-repositories {
-	mavenCentral()
-}
 
 group = 'org.springframework.session'
 description = 'Spring Session'
 
-subprojects {
-	plugins.withType(JavaPlugin) {
-		sourceCompatibility = JavaVersion.VERSION_1_8
-
-		tasks.withType(Test) {
-			useJUnitPlatform()
-		}
-	}
-}
+ext.releaseBuild = version.endsWith('RELEASE')
+ext.snapshotBuild = version.endsWith('SNAPSHOT')
+ext.milestoneBuild = !(releaseBuild || snapshotBuild)

docs/spring-session-docs.gradle

@@ -13,14 +13,13 @@ dependencies {
 	testCompile 'org.springframework.security:spring-security-config'
 	testCompile 'org.springframework.security:spring-security-web'
 	testCompile 'org.springframework.security:spring-security-test'
+	testCompile 'junit:junit'
 	testCompile 'org.mockito:mockito-core'
 	testCompile 'org.springframework:spring-test'
 	testCompile 'org.assertj:assertj-core'
 	testCompile 'com.hazelcast:hazelcast'
 	testCompile 'io.lettuce:lettuce-core'
 	testCompile 'javax.servlet:javax.servlet-api'
-	testCompile 'org.junit.jupiter:junit-jupiter-api'
-	testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine'
 }
 
 def versions = dependencyManagement.managedVersions
@@ -29,15 +28,15 @@ asciidoctor {
 	def ghTag = snapshotBuild ? 'master' : project.version
 	def ghUrl = "https://github.com/spring-projects/spring-session/tree/$ghTag"
 
-	attributes 'docs-itest-dir': "$rootProject.projectDir.path/spring-session-docs/src/integration-test/java/",
-			'docs-test-dir': "$rootProject.projectDir.path/spring-session-docs/src/test/java/",
-			'docs-test-resources-dir': "$rootProject.projectDir.path/spring-session-docs/src/test/resources/",
+	attributes 'docs-itest-dir': "$rootProject.projectDir.path/docs/src/integration-test/java/",
+			'docs-test-dir': "$rootProject.projectDir.path/docs/src/test/java/",
+			'docs-test-resources-dir': "$rootProject.projectDir.path/docs/src/test/resources/",
 			'download-url': "https://github.com/spring-projects/spring-session/archive/${ghTag}.zip",
-			'gh-samples-url': "$ghUrl/spring-session-samples/",
+			'gh-samples-url': "$ghUrl/samples/",
 			'gh-url': ghUrl,
 			'hazelcast-version': versions['com.hazelcast:hazelcast'],
 			'lettuce-version': versions['io.lettuce:lettuce-core'],
-			'samples-dir': "$rootProject.projectDir.path/spring-session-samples/",
+			'samples-dir': "$rootProject.projectDir.path/samples/",
 			'session-jdbc-main-resources-dir': "${project(':spring-session-jdbc').projectDir.path}/src/main/resources/",
 			'spring-boot-version': project.springBootVersion,
 			'spring-data-redis-version': versions['org.springframework.data:spring-data-redis'],

docs/src/docs/asciidoc/guides/boot-findbyusername.adoc

@@ -0,0 +1,140 @@
+= Spring Session - find by username
+Rob Winch
+:toc:
+
+This guide describes how to use Spring Session to find sessions by username.
+
+NOTE: The completed guide can be found in the <<findbyusername-sample, findbyusername application>>.
+
+
+[[findbyusername-assumptions]]
+== Assumptions
+
+The guide assumes you have already added Spring Session using the built in Redis configuration support to your application.
+The guide also assumes you have already applied Spring Security to your application.
+However, we the guide will be somewhat general purpose and can be applied to any technology with minimal changes we will discuss.
+
+[NOTE]
+====
+If you need to learn how to add Spring Session to your project, please refer to the listing of link:../#samples[samples and guides]
+====
+
+== About the Sample
+
+Our sample is using this feature to invalidate the users session that might have been compromised.
+Consider the following scenario:
+
+* User goes to library and authenticates to the application
+* User goes home and realizes they forgot to log out
+* User can log in and terminate the session from the library using clues like the location, created time, last accessed time, etc.
+
+Wouldn't it be nice if we could allow the user to invalidate the session at the library from any device they authenticate with?
+This sample demonstrates how this is possible.
+
+[[findbyindexnamesessionrepository]]
+== FindByIndexNameSessionRepository
+
+In order to look up a user by their username, you must first choose a `SessionRepository` that implements link:../#api-findbyindexnamesessionrepository[FindByIndexNameSessionRepository].
+Our sample application assumes that the Redis support is already setup, so we are ready to go.
+
+== Mapping the username
+
+`FindByIndexNameSessionRepository` can only find a session by the username, if the developer instructs Spring Session what user is associated with the `Session`.
+This is done by ensuring that the session attribute with the name `FindByUsernameSessionRepository.PRINCIPAL_NAME_INDEX_NAME` is populated with the username.
+
+Generally, speaking this can be done with the following code immediately after the user authenticates:
+
+[source,java,indent=0]
+----
+include::{docs-test-dir}docs/FindByIndexNameSessionRepositoryTests.java[tags=set-username]
+----
+
+== Mapping the username with Spring Security
+
+Since we are using Spring Security, the user name is automatically indexed for us.
+This means we will not have to perform any steps to ensure the user name is indexed.
+
+== Adding Additional Data to Session
+
+It may be nice to associate additional information (i.e. IP Address, the browser, location, etc) to the session.
+This makes it easier for the user to know which session they are looking at.
+
+To do this simply determine which session attribute you want to use and what information you wish to provide.
+Then create a Java bean that is added as a session attribute.
+For example, our sample application includes the location and access type of the session
+
+[source,java,indent=0]
+----
+include::{samples-dir}boot/findbyusername/src/main/java/sample/session/SessionDetails.java[tags=class]
+----
+
+We then inject that information into the session on each HTTP request using a `SessionDetailsFilter`.
+For example:
+
+[source,java,indent=0]
+----
+include::{samples-dir}boot/findbyusername/src/main/java/sample/session/SessionDetailsFilter.java[tags=dofilterinternal]
+----
+
+We obtain the information we want and then set the `SessionDetails` as an attribute in the `Session`.
+When we retrieve the `Session` by username, we can then use the session to access our `SessionDetails` just like any other session attribute.
+
+[NOTE]
+====
+You might be wondering at this point why Spring Session does not provide `SessionDetails` functionality out of the box.
+The reason, is twofold.
+The first is that it is very trivial for applications to implement this themselves.
+The second reason is that the information that is populated in the session (and how frequently that information is updated) is highly application dependent.
+====
+
+== Finding sessions for a specific user
+
+We can now find all the sessions for a specific user.
+
+[source,java,indent=0]
+----
+include::{samples-dir}boot/findbyusername/src/main/java/sample/mvc/IndexController.java[tags=findbyusername]
+----
+
+In our instance, we find all sessions for the currently logged in user.
+However, this could easily be modified for an administrator to use a form to specify which user to look up.
+
+[[findbyusername-sample]]
+== findbyusername Sample Application
+
+=== Running the findbyusername Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
+
+[NOTE]
+====
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+====
+
+----
+$ ./gradlew :spring-session-sample-boot-findbyusername:bootRun
+----
+
+You should now be able to access the application at http://localhost:8080/
+
+=== Exploring the security Sample Application
+
+Try using the application. Enter the following to log in:
+
+* **Username** _user_
+* **Password** _password_
+
+Now click the **Login** button.
+You should now see a message indicating your are logged in with the user entered previously.
+You should also see a listing of active sessions for the currently logged in user.
+
+Let's emulate the flow we discussed in the <<About the Sample>> section
+
+* Open a new incognito window and navigate to  http://localhost:8080/
+* Enter the following to log in:
+** **Username** _user_
+** **Password** _password_
+* Terminate your original session
+* Refresh the original window and see you are logged out

docs/src/docs/asciidoc/guides/boot-jdbc.adoc

@@ -2,17 +2,15 @@
 Rob Winch, Vedran Pavić
 :toc:
 
-This guide describes how to use Spring Session to transparently leverage a relational database to back a web application's `HttpSession` when you use Spring Boot.
+This guide describes how to use Spring Session to transparently leverage a relational database to back a web application's `HttpSession` when using Spring Boot.
 
-NOTE: You can find the completed guide in the <<httpsession-jdbc-boot-sample, httpsession-jdbc-boot sample application>>.
+NOTE: The completed guide can be found in the <<httpsession-jdbc-boot-sample, httpsession-jdbc-boot sample application>>.
 
 == Updating Dependencies
-
-Before you use Spring Session, you must update your dependencies.
+Before you use Spring Session, you must ensure to update your dependencies.
 We assume you are working with a working Spring Boot web application.
-If you use Maven, you must add the following dependencies:
+If you are using Maven, ensure to add the following dependencies:
 
-====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -26,9 +24,8 @@ If you use Maven, you must add the following dependencies:
 	</dependency>
 </dependencies>
 ----
-====
 
-Spring Boot provides dependency management for Spring Session modules, so you need not explicitly declare the dependency version.
+Spring Boot provides dependency management for Spring Session modules, so there's no need to explicitly declare dependency version.
 
 // tag::config[]
 
@@ -36,106 +33,95 @@ Spring Boot provides dependency management for Spring Session modules, so you ne
 == Spring Boot Configuration
 
 After adding the required dependencies, we can create our Spring Boot configuration.
-Thanks to first-class auto configuration support, setting up Spring Session backed by a relational database is as simple as adding a single configuration property to your `application.properties`.
-The following listing shows how to do so:
+Thanks to first-class auto configuration support, setting up Spring Session backed by a relational database is as simple as adding a single configuration property to your `application.properties`:
 
-====
 .src/main/resources/application.properties
 ----
 spring.session.store-type=jdbc # Session store type.
 ----
-====
 
-Under the hood, Spring Boot applies configuration that is equivalent to manually adding the `@EnableJdbcHttpSession` annotation.
-This creates a Spring bean with the name of `springSessionRepositoryFilter`. That bean implements `Filter`.
-The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+Under the hood, Spring Boot will apply configuration that is equivalent to manually adding `@EnableJdbcHttpSession` annotation.
+This creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
+The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
 
-You can further customize by using `application.properties`.
-The following listing shows how to do so:
+Further customization is possible using `application.properties`:
 
-====
 .src/main/resources/application.properties
 ----
-server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds are used.
+server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
 spring.session.jdbc.initialize-schema=embedded # Database schema initialization mode.
 spring.session.jdbc.schema=classpath:org/springframework/session/jdbc/schema-@@platform@@.sql # Path to the SQL file to use to initialize the database schema.
 spring.session.jdbc.table-name=SPRING_SESSION # Name of the database table used to store sessions.
 ----
-====
 
-For more information, see the https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
+For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
 
 [[httpsession-jdbc-boot-configuration]]
-== Configuring the `DataSource`
+== Configuring the DataSource
 
-Spring Boot automatically creates a `DataSource` that connects Spring Session to an embedded instance of an H2 database.
-In a production environment, you need to update your configuration to point to your relational database.
-For example, you can include the following in your application.properties:
+Spring Boot automatically creates a `DataSource` that connects Spring Session to an embedded instance of H2 database.
+In a production environment you need to ensure to update your configuration to point to your relational database.
+For example, you can include the following in your *application.properties*
 
-====
 .src/main/resources/application.properties
 ----
 spring.datasource.url= # JDBC URL of the database.
 spring.datasource.username= # Login username of the database.
 spring.datasource.password= # Login password of the database.
 ----
-====
 
-For more information, see the https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-configure-datasource[Configure a DataSource] portion of the Spring Boot documentation.
+For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-configure-datasource[Configure a DataSource] portion of the Spring Boot documentation.
 
 [[httpsession-jdbc-boot-servlet-configuration]]
 == Servlet Container Initialization
 
-Our <<httpsession-jdbc-boot-spring-configuration,Spring Boot Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<httpsession-jdbc-boot-spring-configuration,Spring Boot Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
-Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
 Fortunately, Spring Boot takes care of both of these steps for us.
 
 // end::config[]
 
 [[httpsession-jdbc-boot-sample]]
-== `httpsession-jdbc-boot` Sample Application
+== httpsession-jdbc-boot Sample Application
 
-The httpsession-jdbc-boot Sample Application demonstrates how to use Spring Session to transparently leverage an H2 database to back a web application's `HttpSession` when you use Spring Boot.
+The httpsession-jdbc-boot Sample Application demonstrates how to use Spring Session to transparently leverage H2 database to back a web application's `HttpSession` when using Spring Boot.
 
 [[httpsession-jdbc-boot-running]]
-=== Running the `httpsession-jdbc-boot` Sample Application
+=== Running the httpsession-jdbc-boot Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
-====
 ----
 $ ./gradlew :spring-session-sample-boot-jdbc:bootRun
 ----
-====
 
 You should now be able to access the application at http://localhost:8080/
 
 [[httpsession-jdbc-boot-explore]]
-=== Exploring the Security Sample Application
+=== Exploring the security Sample Application
 
-You can now try using the application.
-To do so, enter the following to log in:
+Try using the application. Enter the following to log in:
 
-* *Username* _user_
-* *Password* _password_
+* **Username** _user_
+* **Password** _password_
 
-Now click the *Login* button.
-You should now see a message indicating that your are logged in with the user entered previously.
-The user's information is stored in the H2 database rather than Tomcat's `HttpSession` implementation.
+Now click the **Login** button.
+You should now see a message indicating your are logged in with the user entered previously.
+The user's information is stored in H2 database rather than Tomcat's `HttpSession` implementation.
 
 [[httpsession-jdbc-boot-how]]
-=== How Does It Work?
+=== How does it work?
 
-Instead of using Tomcat's `HttpSession`, we persist the values in the H2 database.
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in H2 database.
 Spring Session replaces the `HttpSession` with an implementation that is backed by a relational database.
-When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`, it is then persisted into the H2 database.
+When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into H2 database.
 
-When a new `HttpSession` is created, Spring Session creates a cookie named `SESSION` in your browser. That cookie contains the ID of your session.
-You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-You can remove the session by using the H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL).
+If you like, you can easily remove the session using H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL)
 
-Now you can visit the application at http://localhost:8080/ and see that we are no longer authenticated.
+Now visit the application at http://localhost:8080/ and observe that we are no longer authenticated.

docs/src/docs/asciidoc/guides/boot-redis.adoc

@@ -2,17 +2,15 @@
 Rob Winch, Vedran Pavić
 :toc:
 
-This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when you use Spring Boot.
+This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using Spring Boot.
 
-NOTE: You can find the completed guide in the <<boot-sample, boot sample application>>.
+NOTE: The completed guide can be found in the <<boot-sample, boot sample application>>.
 
 == Updating Dependencies
-
-Before you use Spring Session, you must ensure your dependencies.
+Before you use Spring Session, you must ensure to update your dependencies.
 We assume you are working with a working Spring Boot web application.
-If you are using Maven, you must add the following dependencies:
+If you are using Maven, ensure to add the following dependencies:
 
-====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -26,131 +24,114 @@ If you are using Maven, you must add the following dependencies:
 	</dependency>
 </dependencies>
 ----
-====
 
-Spring Boot provides dependency management for Spring Session modules, so you need not explicitly declare dependency version.
+Spring Boot provides dependency management for Spring Session modules, so there's no need to explicitly declare dependency version.
 
 [[boot-spring-configuration]]
 == Spring Boot Configuration
 
 After adding the required dependencies, we can create our Spring Boot configuration.
-Thanks to first-class auto configuration support, setting up Spring Session backed by Redis is as simple as adding a single configuration property to your `application.properties`, as the following listing shows:
+Thanks to first-class auto configuration support, setting up Spring Session backed by Redis is as simple as adding a single configuration property to your `application.properties`:
 
-====
 .src/main/resources/application.properties
 ----
 spring.session.store-type=redis # Session store type.
 ----
-====
 
-Under the hood, Spring Boot applies configuration that is equivalent to manually adding `@EnableRedisHttpSession` annotation.
-This creates a Spring bean with the name of `springSessionRepositoryFilter` that implements `Filter`.
-The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+Under the hood, Spring Boot will apply configuration that is equivalent to manually adding `@EnableRedisHttpSession` annotation.
+This creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
+The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
 
-Further customization is possible by using `application.properties`, as the following listing shows:
+Further customization is possible using `application.properties`:
 
-====
 .src/main/resources/application.properties
 ----
-server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds is used.
+server.servlet.session.timeout= # Session timeout. If a duration suffix is not specified, seconds will be used.
 spring.session.redis.flush-mode=on-save # Sessions flush mode.
 spring.session.redis.namespace=spring:session # Namespace for keys used to store sessions.
 ----
-====
 
-For more information, see the https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
+For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-session[Spring Session] portion of the Spring Boot documentation.
 
 [[boot-redis-configuration]]
 == Configuring the Redis Connection
 
 Spring Boot automatically creates a `RedisConnectionFactory` that connects Spring Session to a Redis Server on localhost on port 6379 (default port).
-In a production environment, you need to update your configuration to point to your Redis server.
-For example, you can include the following in your application.properties:
+In a production environment you need to ensure to update your configuration to point to your Redis server.
+For example, you can include the following in your *application.properties*
 
-====
 .src/main/resources/application.properties
 ----
 spring.redis.host=localhost # Redis server host.
 spring.redis.password= # Login password of the redis server.
 spring.redis.port=6379 # Redis server port.
 ----
-====
 
-For more information, see the https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
+For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
 
 [[boot-servlet-configuration]]
 == Servlet Container Initialization
 
-Our <<boot-spring-configuration,Spring Boot Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<boot-spring-configuration,Spring Boot Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
-Last, we need to ensure that our servlet container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
 Fortunately, Spring Boot takes care of both of these steps for us.
 
 [[boot-sample]]
 == Boot Sample Application
 
-The Boot Sample Application demonstrates how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when you use Spring Boot.
+The Boot Sample Application demonstrates how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using Spring Boot.
 
 [[boot-running]]
 === Running the Boot Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
+[NOTE]
 ====
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+====
+
 ----
 $ ./gradlew :spring-session-sample-boot-redis:bootRun
 ----
-====
-
-NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 
 You should now be able to access the application at http://localhost:8080/
 
 [[boot-explore]]
-=== Exploring the `security` Sample Application
+=== Exploring the security Sample Application
 
-Now you can try using the application. Enter the following to log in:
+Try using the application. Enter the following to log in:
 
-* *Username* _user_
-* *Password* _password_
+* **Username** _user_
+* **Password** _password_
 
-Now click the *Login* button.
+Now click the **Login** button.
 You should now see a message indicating your are logged in with the user entered previously.
 The user's information is stored in Redis rather than Tomcat's `HttpSession` implementation.
 
 [[boot-how]]
-=== How Does It Work?
+=== How does it work?
 
-Instead of using Tomcat's `HttpSession`, we persist the values in Redis.
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
 Spring Session replaces the `HttpSession` with an implementation that is backed by Redis.
-When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`, it is then persisted into Redis.
+When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Redis.
 
-When a new `HttpSession` is created, Spring Session creates a cookie named `SESSION` in your browser.
-That cookie contains the ID of your session.
-You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-You can remove the session by using redis-cli.
-For example, on a Linux based system you can type the following:
+If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
 
-====
-----
 	$ redis-cli keys '*' | xargs redis-cli del
-----
-====
 
 TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
-Alternatively, you can also delete the explicit key.
-To do so, enter the following into your terminal, being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your `SESSION` cookie:
+Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
 
-====
-----
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
-----
-=====
 
-Now you can visit the application at http://localhost:8080/ and observe that we are no longer authenticated.
+Now visit the application at http://localhost:8080/ and observe that we are no longer authenticated.

docs/src/docs/asciidoc/guides/boot-websocket.adoc

@@ -7,8 +7,9 @@ This guide describes how to use Spring Session to ensure that WebSocket messages
 
 // tag::disclaimer[]
 
-NOTE: Spring Session's WebSocket support works only with Spring's WebSocket support.
-Specifically,it does not work with using https://www.jcp.org/en/jsr/detail?id=356[JSR-356] directly, because JSR-356 does not have a mechanism for intercepting incoming WebSocket messages.
+NOTE: Spring Session's WebSocket support only works with Spring's WebSocket support.
+Specifically it does not work with using https://www.jcp.org/en/jsr/detail?id=356[JSR-356] directly.
+This is due to the fact that JSR-356 does not have a mechanism for intercepting incoming WebSocket messages.
 
 // end::disclaimer[]
 
@@ -16,38 +17,34 @@ Specifically,it does not work with using https://www.jcp.org/en/jsr/detail?id=35
 
 The first step is to integrate Spring Session with the HttpSession. These steps are already outlined in the link:httpsession.html[HttpSession Guide].
 
-Please make sure you have already integrated Spring Session with HttpSession before proceeding.
+Please make sure you have already integrated Spring Session with the HttpSession before proceeding.
 
 // tag::config[]
 
 [[websocket-spring-configuration]]
 == Spring Configuration
 
-In a typical Spring WebSocket application, you would implement `WebSocketMessageBrokerConfigurer`.
+In a typical Spring WebSocket application users would implement `WebSocketMessageBrokerConfigurer`.
 For example, the configuration might look something like the following:
 
-====
 [source,java]
 ----
 include::{websocketdoc-test-dir}WebSocketConfig.java[tags=class]
 ----
-====
 
-We can update our configuration to use Spring Session's WebSocket support.
-The following example shows how to do so:
+We can easily update our configuration to use Spring Session's WebSocket support.
+For example:
 
-====
 .src/main/java/samples/config/WebSocketConfig.java
 [source,java]
 ----
-include::{samples-dir}spring-session-sample-boot-websocket/src/main/java/sample/config/WebSocketConfig.java[tags=class]
+include::{samples-dir}boot/websocket/src/main/java/sample/config/WebSocketConfig.java[tags=class]
 ----
 
 To hook in the Spring Session support we only need to change two things:
 
-<1> Instead of implementing `WebSocketMessageBrokerConfigurer`, we extend `AbstractSessionWebSocketMessageBrokerConfigurer`
+<1> Instead of implementing `WebSocketMessageBrokerConfigurer` we extend `AbstractSessionWebSocketMessageBrokerConfigurer`
 <2> We rename the `registerStompEndpoints` method to `configureStompEndpoints`
-====
 
 What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes?
 
@@ -55,89 +52,87 @@ What does `AbstractSessionWebSocketMessageBrokerConfigurer` do behind the scenes
 This ensures a custom `SessionConnectEvent` is fired that contains the `WebSocketSession`.
 The `WebSocketSession` is necessary to terminate any WebSocket connections that are still open when a Spring Session is terminated.
 * `SessionRepositoryMessageInterceptor` is added as a `HandshakeInterceptor` to every `StompWebSocketEndpointRegistration`.
-This ensures that the `Session` is added to the WebSocket properties to enable updating the last accessed time.
+This ensures that the Session is added to the WebSocket properties to enable updating the last accessed time.
 * `SessionRepositoryMessageInterceptor` is added as a `ChannelInterceptor` to our inbound `ChannelRegistration`.
 This ensures that every time an inbound message is received, that the last accessed time of our Spring Session is updated.
-* `WebSocketRegistryListener` is created as a Spring bean.
-This ensures that we have a mapping of all of the `Session` IDs to the corresponding WebSocket connections.
+* `WebSocketRegistryListener` is created as a Spring Bean.
+This ensures that we have a mapping of all of the Session id to the corresponding WebSocket connections.
 By maintaining this mapping, we can close all the WebSocket connections when a Spring Session (HttpSession) is terminated.
 
 
 // end::config[]
 
 [[websocket-sample]]
-== `websocket` Sample Application
+== websocket Sample Application
 
-The `websocket` sample application demonstrates how to use Spring Session with WebSockets.
+The websocket sample application demonstrates how to use Spring Session with WebSockets.
 
-=== Running the `websocket` Sample Application
+=== Running the websocket Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
-====
-----
-$ ./gradlew :spring-session-sample-boot-websocket:bootRun
-----
-====
-
 [TIP]
-=====
-For the purposes of testing session expiration, you may want to change the session expiration to be 1 minute (the default is 30 minutes) by adding the following configuration property before starting the application:
-
 ====
+For the purposes of testing session expiration, you may want to change the session expiration to be 1 minute (default is 30 minutes) by adding the following configuration property starting before the application:
+
 .src/main/resources/application.properties
 ----
 server.servlet.session.timeout=1m # Session timeout. If a duration suffix is not specified, seconds will be used.
 ----
 ====
-=====
 
-NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+[NOTE]
+====
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
 Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost.
-See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+====
+
+----
+$ ./gradlew :spring-session-sample-boot-websocket:bootRun
+----
 
 You should now be able to access the application at http://localhost:8080/
 
-=== Exploring the `websocket` Sample Application
+=== Exploring the websocket Sample Application
 
-Now you can try using the application. Authenticate with the following information:
+Try using the application. Authenticate with the following information:
 
-* *Username* _rob_
-* *Password* _password_
+* **Username** _rob_
+* **Password** _password_
 
-Now click the *Login* button. You should now be authenticated as the user **rob**.
+Now click the **Login** button. You should now be authenticated as the user **rob**.
 
 Open an incognito window and access http://localhost:8080/
 
-You are prompted with a login form. Authenticate with the following information:
+You will be prompted with a log in form. Authenticate with the following information:
 
-* *Username* _luke_
-* *Password* _password_
+* **Username** _luke_
+* **Password** _password_
 
-Now send a message from rob to luke. The message should appear.
+Now send a message from *rob* to *luke*. The message should appear.
 
-Wait for two minutes and try sending a message from rob to luke again.
-You can see that the message is no longer sent.
+Wait for two minutes and try sending a message from *rob* to *luke* again.
+You will see that the message is no longer sent.
 
 [NOTE]
 .Why two minutes?
 ====
-Spring Session expires in 60 seconds, but the notification from Redis is not guaranteed to happen within 60 seconds.
+Spring Session will expire in 60 seconds, but the notification from Redis is not guaranteed to happen within 60 seconds.
 To ensure the socket is closed in a reasonable amount of time, Spring Session runs a background task every minute at 00 seconds that forcibly cleans up any expired sessions.
-This means you need to wait at most two minutes before the WebSocket connection is terminated.
+This means you will need to wait at most two minutes before the WebSocket connection is terminated.
 ====
 
-You can now try accessing http://localhost:8080/
-You are prompted to authenticate again.
+Try accessing http://localhost:8080/
+You will be prompted to authenticate again.
 This demonstrates that the session properly expires.
 
-Now repeat the same exercise, but instead of waiting two minutes, send a message from each of the users every 30 seconds.
-You can see that the messages continue to be sent.
+Now repeat the same exercise, but instead of waiting two minutes send a message from *each* of the users every 30 seconds.
+You will see that the messages continue to be sent.
 Try accessing http://localhost:8080/
-You are not prompted to authenticate again.
+You will not be prompted to authenticate again.
 This demonstrates the session is kept alive.
 
 NOTE: Only messages sent from a user keep the session alive.
 This is because only messages coming from a user imply user activity.
-Received messages do not imply activity and, thus, do not renew the session expiration.
+Messages received do not imply activity and thus do not renew the session expiration.

docs/src/docs/asciidoc/guides/grails3.adoc

@@ -0,0 +1,133 @@
+= Spring Session - Grails
+Eric Helgeson
+:toc:
+
+This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using Grails 3.1
+
+NOTE: Grails 3.1 is based off spring boot 1.3 so much of the advanced configuration and options can be found in the boot docs as well.
+
+NOTE: The completed guide can be found in the <<grails3-sample, Grails 3 sample application>>.
+
+== Updating Dependencies
+Before you use Spring Session, you must ensure to update your dependencies.
+We assume you are working with a working Grails 3.1 web profile.
+Add the following dependencies:
+
+.build.gradle
+[source,groovy]
+[subs="verbatim,attributes"]
+----
+dependencies {
+    compile 'org.springframework.boot:spring-boot-starter-redis'
+    compile 'org.springframework.session:spring-session:{spring-session-version}'
+}
+----
+
+ifeval::["{version-snapshot}" == "true"]
+Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.build.gradle
+[source,groovy]
+----
+repositories {
+    maven {
+        url 'https://repo.spring.io/libs-snapshot'
+    }
+}
+----
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.build.gradle
+[source,groovy]
+----
+repositories {
+    maven {
+        url 'https://repo.spring.io/libs-milestone'
+    }
+}
+----
+endif::[]
+
+[[grails3-redis-configuration]]
+== Configuring the Redis Connection
+
+Spring Boot automatically creates a `RedisConnectionFactory` that connects Spring Session to a Redis Server on localhost on port 6379 (default port).
+In a production environment you need to ensure to update your configuration to point to your Redis server.
+For example, you can include the following in your *application.yml*
+
+.grails-app/conf/application.yml
+[source,yml]
+----
+spring:
+  redis:
+    host: localhost
+    password: secret
+    port: 6397
+----
+
+For more information, refer to https://docs.spring.io/spring-boot/docs/{spring-boot-version}/reference/htmlsingle/#boot-features-connecting-to-redis[Connecting to Redis] portion of the Spring Boot documentation.
+
+[[grails3-sample]]
+== Grails 3 Sample Application
+
+The Grails 3 Sample Application demonstrates how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using Grails.
+
+[[grails3-running]]
+=== Running the Grails 3 Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
+
+[NOTE]
+====
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+====
+
+----
+$ ./gradlew :spring-session-sample-misc-grails3:bootRun
+----
+
+You should now be able to access the application at http://localhost:8080/test/index
+
+[[grails3-explore]]
+=== Exploring the security Sample Application
+
+Try using the application. Enter the following to log in:
+
+* **Username** _user_
+* **Password** _password_
+
+Now click the **Login** button.
+You should now see a message indicating your are logged in with the user entered previously.
+The user's information is stored in Redis rather than Tomcat's `HttpSession` implementation.
+
+[[grails3-how]]
+=== How does it work?
+
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
+Spring Session replaces the `HttpSession` with an implementation that is backed by Redis.
+When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Redis.
+
+When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+
+If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
+
+	$ redis-cli keys '*' | xargs redis-cli del
+
+TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
+
+Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
+
+	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+
+Now visit the application at http://localhost:8080/test/index and observe that we are no longer authenticated.
+
+NOTE: Spring Session will not work with grails flash scope without additional work. +
+See this answer for an explanation: https://stackoverflow.com/a/43311427

docs/src/docs/asciidoc/guides/java-custom-cookie.adoc

@@ -0,0 +1,102 @@
+= Spring Session - Custom Cookie
+Rob Winch
+:toc:
+
+This guide describes how to configure Spring Session to use custom cookies with Java Configuration.
+The guide assumes you have already link:./httpsession.html[setup Spring Session in your project].
+
+NOTE: The completed guide can be found in the <<custom-cookie-sample, Custom Cookie sample application>>.
+
+[[custom-cookie-spring-configuration]]
+== Spring Java Configuration
+
+Once you have setup Spring Session you can easily customize how the session cookie is written by exposing a `CookieSerializer` as a Spring Bean.
+Out of the box, Spring Session comes with `DefaultCookieSerializer`.
+Simply exposing the `DefaultCookieSerializer` as a Spring Bean will augment the existing configuration when using configurations like `@EnableRedisHttpSession`.
+You can find an example of customizing Spring Session's cookie below:
+
+[source,java]
+----
+include::{samples-dir}javaconfig/custom-cookie/src/main/java/sample/Config.java[tags=cookie-serializer]
+----
+
+<1> We customize the name of the cookie to be JSESSIONID
+<2> We customize the path of the cookie to be "/" (rather than the default of the context root)
+<3> We customize the domain name pattern (a regular expression) to be `^.+?\\.(\\w+\\.[a-z]+)$`
+This allows sharing a session across domains and applications.
+If the regular expression does not match, no domain is set and the existing domain will be used.
+If the regular expression matches, the first https://docs.oracle.com/javase/tutorial/essential/regex/groups.html[grouping] will be used as the domain.
+This means that a request to https://child.example.com will set the domain to example.com.
+However, a request to http://localhost:8080/ or https://192.168.1.100:8080/ will leave the cookie unset and thus still work in development without any changes necessary for production.
+
+[WARNING]
+====
+It is important to note that users should only match on valid domain characters since the domain name is reflected in the response.
+This is prevent a malicious user from performing attacks like https://en.wikipedia.org/wiki/HTTP_response_splitting[HTTP Response Splitting].
+====
+
+[[custom-cookie-options]]
+== Configuration Options
+
+The configuration options available are:
+
+* `cookieName` - the name of the cookie to use
+Default "SESSION"
+* `useSecureCookie` - specify if a secure cookie be used
+Default use value of `HttpServletRequest.isSecure()` at the time of creation.
+* `cookiePath` - the path of the cookie
+Default is context root
+* `cookieMaxAge` - specifies the max age of the cookie to be set at the time the session is created.
+Default is -1 which indicates the cookie will be removed when the browser is closed.
+* `jvmRoute` - specifies a suffix to be appended to the session id and included in the cookie.
+Used to identify which JVM to route to for session affinity.
+With some implementations (i.e. Redis) this provides no performance benefit.
+However, this can help with tracing logs of a particular user.
+* `domainName` - allows specifying a specific domain name to be used for the cookie.
+This option is simple to understand, but will likely require a different configuration between development and production environments.
+See domainNamePattern as an alternative.
+* `domainNamePattern` - a case insensitive pattern used to extract the domain name from the `HttpServletRequest#getServerName()`.
+The pattern should provide a single grouping used to extract the value of the cookie domain.
+If the regular expression does not match, no domain is set and the existing domain will be used.
+If the regular expression matches, the first https://docs.oracle.com/javase/tutorial/essential/regex/groups.html[grouping] will be used as the domain.
+
+[WARNING]
+====
+It is important to note that users should only match on valid domain characters since the domain name is reflected in the response.
+This is prevent a malicious user from performing attacks like https://en.wikipedia.org/wiki/HTTP_response_splitting[HTTP Response Splitting].
+====
+
+
+[[custom-cookie-sample]]
+== custom-cookie Sample Application
+
+
+
+=== Running the custom-cookie Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
+
+[NOTE]
+====
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+====
+
+----
+$ ./gradlew :spring-session-sample-javaconfig-custom-cookie:tomcatRun
+----
+
+You should now be able to access the application at http://localhost:8080/
+
+=== Exploring the custom-cookie Sample Application
+
+Try using the application. Fill out the form with the following information:
+
+* **Attribute Name:** _username_
+* **Attribute Value:** _rob_
+
+Now click the **Set Attribute** button.
+You should now see the values displayed in the table.
+
+If you look at the cookies for the application, you can see the cookie is saved to the custom name of JSESSIONID

docs/src/docs/asciidoc/guides/java-hazelcast.adoc

@@ -0,0 +1,195 @@
+= Spring Session and Spring Security with Hazelcast
+Tommy Ludwig; Rob Winch
+:toc:
+
+This guide describes how to use Spring Session along with Spring Security using Hazelcast as your data store.
+It assumes you have already applied Spring Security to your application.
+
+NOTE: The completed guide can be found in the <<hazelcast-spring-security-sample, Hazelcast Spring Security sample application>>.
+
+== Updating Dependencies
+Before you use Spring Session, you must ensure to update your dependencies.
+If you are using Maven, ensure to add the following dependencies:
+
+.pom.xml
+[source,xml]
+[subs="verbatim,attributes"]
+----
+<dependencies>
+	<!-- ... -->
+
+	<dependency>
+		<groupId>com.hazelcast</groupId>
+		<artifactId>hazelcast</artifactId>
+		<version>{hazelcast-version}</version>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-web</artifactId>
+		<version>{spring-framework-version}</version>
+	</dependency>
+</dependencies>
+----
+
+ifeval::["{version-snapshot}" == "true"]
+Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+
+	<!-- ... -->
+
+	<repository>
+	<id>spring-snapshot</id>
+	<url>https://repo.spring.io/libs-snapshot</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repository>
+<id>spring-milestone</id>
+<url>https://repo.spring.io/libs-milestone</url>
+</repository>
+----
+endif::[]
+
+// tag::config[]
+
+[[security-spring-configuration]]
+== Spring Configuration
+
+After adding the required dependencies, we can create our Spring configuration.
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+Add the following Spring Configuration:
+
+[source,java]
+----
+include::{docs-test-dir}docs/http/HazelcastHttpSessionConfig.java[tags=config]
+----
+
+<1> The `@EnableHazelcastHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
+The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+In this instance Spring Session is backed by Hazelcast.
+<2> In order to support retrieval of sessions by principal name index, appropriate `ValueExtractor` needs to be registered.
+Spring Session provides `PrincipalNameExtractor` for this purpose.
+<3> We create a `HazelcastInstance` that connects Spring Session to Hazelcast.
+By default, an embedded instance of Hazelcast is started and connected to by the application.
+For more information on configuring Hazelcast, refer to the https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[reference documentation].
+
+== Servlet Container Initialization
+
+Our <<security-spring-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
+
+In order for our `Filter` to do its magic, Spring needs to load our `SessionConfig` class.
+Since our application is already loading Spring configuration using our `SecurityInitializer` class, we can simply add our `SessionConfig` class to it.
+
+.src/main/java/sample/SecurityInitializer.java
+[source,java]
+----
+include::{samples-dir}javaconfig/hazelcast/src/main/java/sample/SecurityInitializer.java[tags=class]
+----
+
+Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
+It is extremely important that Spring Session's `springSessionRepositoryFilter` is invoked before Spring Security's `springSecurityFilterChain`.
+This ensures that the `HttpSession` that Spring Security uses is backed by Spring Session.
+Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` that makes this extremely easy.
+You can find an example below:
+
+.src/main/java/sample/Initializer.java
+[source,java]
+----
+include::{samples-dir}javaconfig/hazelcast/src/main/java/sample/Initializer.java[tags=class]
+----
+
+NOTE: The name of our class (Initializer) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
+
+By extending `AbstractHttpSessionApplicationInitializer` we ensure that the Spring Bean by the name `springSessionRepositoryFilter` is registered with our Servlet Container for every request before Spring Security's `springSecurityFilterChain`.
+
+// end::config[]
+
+[[hazelcast-spring-security-sample]]
+== Hazelcast Spring Security Sample Application
+
+=== Running the Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
+
+[NOTE]
+====
+Hazelcast will run in embedded mode with your application by default, but if you want to connect
+to a stand alone instance instead, you can configure it by following the instructions in the
+https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-configuration[reference documentation].
+====
+
+----
+$ ./gradlew :spring-session-sample-javaconfig-hazelcast:tomcatRun
+----
+
+You should now be able to access the application at http://localhost:8080/
+
+=== Exploring the security Sample Application
+
+Try using the application. Enter the following to log in:
+
+* **Username** _user_
+* **Password** _password_
+
+Now click the **Login** button.
+You should now see a message indicating your are logged in with the user entered previously.
+The user's information is stored in Hazelcast rather than Tomcat's `HttpSession` implementation.
+
+=== How does it work?
+
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Hazelcast.
+Spring Session replaces the `HttpSession` with an implementation that is backed by a `Map` in Hazelcast.
+When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Hazelcast.
+
+When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+
+=== Interact with the data store
+
+If you like, you can remove the session using https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#hazelcast-java-client[a Java client],
+https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#other-client-implementations[one of the other clients], or the
+https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#management-center[management center].
+
+==== Using the console
+
+For example, using the management center console after connecting to your Hazelcast node:
+
+	default> ns spring:session:sessions
+	spring:session:sessions> m.clear
+
+TIP: The Hazelcast documentation has instructions for https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#executing-console-commands[the console].
+
+Alternatively, you can also delete the explicit key. Enter the following into the console ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
+
+	spring:session:sessions> m.remove 7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+
+Now visit the application at http://localhost:8080/ and observe that we are no longer authenticated.
+
+==== Using the REST API
+
+As described in the other clients section of the documentation, there is a 
+https://docs.hazelcast.org/docs/{hazelcast-version}/manual/html-single/index.html#rest-client[REST API]
+provided by the Hazelcast node(s).
+
+For example, you could delete an individual key as follows (replacing `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie):
+
+	$ curl -v -X DELETE http://localhost:xxxxx/hazelcast/rest/maps/spring:session:sessions/7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+
+TIP: The port number of the Hazelcast node will be printed to the console on startup. Replace `xxxxx` above with the port number.
+
+Now observe that you are no longer authenticated with this session.

docs/src/docs/asciidoc/guides/java-jdbc.adoc

@@ -0,0 +1,152 @@
+= Spring Session - HttpSession (Quick Start)
+Rob Winch, Vedran Pavić
+:toc:
+
+This guide describes how to use Spring Session to transparently leverage a relational database to back a web application's `HttpSession` with Java Configuration.
+
+NOTE: The completed guide can be found in the <<httpsession-jdbc-sample, httpsession-jdbc sample application>>.
+
+== Updating Dependencies
+Before you use Spring Session, you must ensure to update your dependencies.
+If you are using Maven, ensure to add the following dependencies:
+
+.pom.xml
+[source,xml]
+[subs="verbatim,attributes"]
+----
+<dependencies>
+	<!-- ... -->
+
+	<dependency>
+		<groupId>org.springframework.session</groupId>
+		<artifactId>spring-session-jdbc</artifactId>
+		<version>{spring-session-version}</version>
+		<type>pom</type>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-web</artifactId>
+		<version>{spring-framework-version}</version>
+	</dependency>
+</dependencies>
+----
+
+ifeval::["{version-snapshot}" == "true"]
+Since we are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+
+	<!-- ... -->
+
+	<repository>
+		<id>spring-snapshot</id>
+		<url>https://repo.spring.io/libs-snapshot</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repository>
+	<id>spring-milestone</id>
+	<url>https://repo.spring.io/libs-milestone</url>
+</repository>
+----
+endif::[]
+
+// tag::config[]
+
+[[httpsession-jdbc-spring-configuration]]
+== Spring Java Configuration
+
+After adding the required dependencies, we can create our Spring configuration.
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+Add the following Spring Configuration:
+
+[source,java]
+----
+include::{samples-dir}javaconfig/jdbc/src/main/java/sample/Config.java[tags=class]
+----
+
+<1> The `@EnableJdbcHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
+The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+In this instance Spring Session is backed by a relational database.
+<2> We create a `dataSource` that connects Spring Session to an embedded instance of H2 database.
+We configure the H2 database to create database tables using the SQL script which is included in Spring Session.
+<3> We create a `transactionManager` that manages transactions for previously configured `dataSource`.
+
+For additional information on how to configure data access related concerns, please refer to the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/data-access.html[Spring Framework Reference Documentation].
+
+== Java Servlet Container Initialization
+
+Our <<httpsession-spring-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
+
+In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
+Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` both of these steps extremely easy.
+You can find an example below:
+
+.src/main/java/sample/Initializer.java
+[source,java]
+----
+include::{samples-dir}javaconfig/jdbc/src/main/java/sample/Initializer.java[tags=class]
+----
+
+NOTE: The name of our class (Initializer) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
+
+<1> The first step is to extend `AbstractHttpSessionApplicationInitializer`.
+This ensures that the Spring Bean by the name `springSessionRepositoryFilter` is registered with our Servlet Container for every request.
+<2> `AbstractHttpSessionApplicationInitializer` also provides a mechanism to easily ensure Spring loads our `Config`.
+
+// end::config[]
+
+[[httpsession-jdbc-sample]]
+== httpsession-jdbc Sample Application
+
+=== Running the httpsession-jdbc Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
+
+----
+$ ./gradlew :spring-session-sample-javaconfig-jdbc:tomcatRun
+----
+
+You should now be able to access the application at http://localhost:8080/
+
+=== Exploring the httpsession-jdbc Sample Application
+
+Try using the application. Fill out the form with the following information:
+
+* **Attribute Name:** _username_
+* **Attribute Value:** _rob_
+
+Now click the **Set Attribute** button. You should now see the values displayed in the table.
+
+=== How does it work?
+
+We interact with the standard `HttpSession` in the `SessionServlet` shown below:
+
+.src/main/java/sample/SessionServlet.java
+[source,java]
+----
+include::{samples-dir}javaconfig/jdbc/src/main/java/sample/SessionServlet.java[tags=class]
+----
+
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in H2 database.
+Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+
+If you like, you can easily remove the session using H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL)
+
+Now visit the application at http://localhost:8080/ and observe that the attribute we added is no longer displayed.

docs/src/docs/asciidoc/guides/java-redis.adoc

@@ -1,17 +1,15 @@
 = Spring Session - HttpSession (Quick Start)
 Rob Winch
 :toc:
-:version-snapshot: true
 
 This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` with Java Configuration.
 
-NOTE: You can find the completed guide in the <<httpsession-sample, httpsession sample application>>.
+NOTE: The completed guide can be found in the <<httpsession-sample, httpsession sample application>>.
 
 == Updating Dependencies
-Before you use Spring Session, you must update your dependencies.
-If you are using Maven, you must add the following dependencies:
+Before you use Spring Session, you must ensure to update your dependencies.
+If you are using Maven, ensure to add the following dependencies:
 
-====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -37,13 +35,11 @@ If you are using Maven, you must add the following dependencies:
 	</dependency>
 </dependencies>
 ----
-====
 
 ifeval::["{version-snapshot}" == "true"]
 Since we are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
-You must have the following in your pom.xml:
+Ensure you have the following in your pom.xml:
 
-====
 .pom.xml
 [source,xml]
 ----
@@ -57,14 +53,12 @@ You must have the following in your pom.xml:
 	</repository>
 </repositories>
 ----
-====
 endif::[]
 
 ifeval::["{version-milestone}" == "true"]
-Since we are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
-You must have the following in your pom.xml:
+Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
+Ensure you have the following in your pom.xml:
 
-====
 .pom.xml
 [source,xml]
 ----
@@ -73,7 +67,6 @@ You must have the following in your pom.xml:
 	<url>https://repo.spring.io/libs-milestone</url>
 </repository>
 ----
-====
 endif::[]
 
 // tag::config[]
@@ -82,22 +75,20 @@ endif::[]
 == Spring Java Configuration
 
 After adding the required dependencies, we can create our Spring configuration.
-The Spring configuration is responsible for creating a servlet filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
-To do so, add the following Spring Configuration:
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+Add the following Spring Configuration:
 
-====
 [source,java]
 ----
-include::{samples-dir}spring-session-sample-javaconfig-redis/src/main/java/sample/Config.java[tags=class]
+include::{samples-dir}javaconfig/redis/src/main/java/sample/Config.java[tags=class]
 ----
 
-<1> The `@EnableRedisHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements `Filter`.
-The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
-In this instance, Spring Session is backed by Redis.
+<1> The `@EnableRedisHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
+The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+In this instance Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
-We configure the connection to connect to localhost on the default port (6379).
-For more information on configuring Spring Data Redis, see the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
-====
+We configure the connection to connect to localhost on the default port (6379)
+For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
 
 == Java Servlet Container Initialization
 
@@ -105,24 +96,22 @@ Our <<httpsession-spring-configuration,Spring Configuration>> created a Spring B
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
-Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
-Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` to make both of these steps easy.
-The following shows an example:
+Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` both of these steps extremely easy.
+You can find an example below:
 
-====
 .src/main/java/sample/Initializer.java
 [source,java]
 ----
-include::{samples-dir}spring-session-sample-javaconfig-redis/src/main/java/sample/Initializer.java[tags=class]
+include::{samples-dir}javaconfig/redis/src/main/java/sample/Initializer.java[tags=class]
 ----
 
-
-NOTE: The name of our class (`Initializer`) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
+NOTE: The name of our class (Initializer) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
 
 <1> The first step is to extend `AbstractHttpSessionApplicationInitializer`.
-Doing so ensures that the Spring Bean by the name of `springSessionRepositoryFilter` is registered with our Servlet Container for every request.
-<2> `AbstractHttpSessionApplicationInitializer` also provides a mechanism to ensure Spring loads our `Config`.
-====
+This ensures that the Spring Bean by the name `springSessionRepositoryFilter` is registered with our Servlet Container for every request.
+<2> `AbstractHttpSessionApplicationInitializer` also provides a mechanism to easily ensure Spring loads our `Config`.
+
 // end::config[]
 
 [[httpsession-sample]]
@@ -130,66 +119,54 @@ Doing so ensures that the Spring Bean by the name of `springSessionRepositoryFil
 
 
 
-=== Running the `httpsession` Sample Application
+=== Running the httpsession Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
+[NOTE]
 ====
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+====
+
 ----
 $ ./gradlew :spring-session-sample-javaconfig-redis:tomcatRun
 ----
-====
-
-NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost.
-See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 
 You should now be able to access the application at http://localhost:8080/
 
-=== Exploring the `httpsession` Sample Application
+=== Exploring the httpsession Sample Application
 
-Now you can try to use the application. To do so, fill out the form with the following information:
+Try using the application. Fill out the form with the following information:
 
-* *Attribute Name:* _username_
-* *Attribute Value:* _rob_
+* **Attribute Name:** _username_
+* **Attribute Value:** _rob_
 
-Now click the *Set Attribute* button. You should now see the values displayed in the table.
+Now click the **Set Attribute** button. You should now see the values displayed in the table.
 
-=== How Does It Work?
+=== How does it work?
 
-We interact with the standard `HttpSession` in the `SessionServlet` shown in the following listing:
+We interact with the standard `HttpSession` in the `SessionServlet` shown below:
 
-====
 .src/main/java/sample/SessionServlet.java
 [source,java]
 ----
-include::{samples-dir}spring-session-sample-javaconfig-redis/src/main/java/sample/SessionServlet.java[tags=class]
+include::{samples-dir}javaconfig/redis/src/main/java/sample/SessionServlet.java[tags=class]
 ----
-====
 
-Instead of using Tomcat's `HttpSession`, we persist the values in Redis.
-Spring Session creates a cookie named `SESSION` in your browser.
-That cookie contains the ID of your session.
-You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
+Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-You can remove the session by using redis-cli.
-For example, on a Linux based system you can type the following:
+If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
 
-====
-----
 	$ redis-cli keys '*' | xargs redis-cli del
-----
-====
 
 TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
-Alternatively, you can also delete the explicit key. Enter the following into your terminal, being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
+Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
 
-====
-----
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
-----
-====
 
-Now you can visit the application at http://localhost:8080/ and see that the attribute we added is no longer displayed.
+Now visit the application at http://localhost:8080/ and observe that the attribute we added is no longer displayed.

docs/src/docs/asciidoc/guides/java-rest.adoc

@@ -0,0 +1,220 @@
+= Spring Session - REST
+Rob Winch
+:toc:
+
+This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` when using REST endpoints.
+
+NOTE: The completed guide can be found in the <<rest-sample, rest sample application>>.
+
+== Updating Dependencies
+Before you use Spring Session, you must ensure to update your dependencies.
+If you are using Maven, ensure to add the following dependencies:
+
+.pom.xml
+[source,xml]
+[subs="verbatim,attributes"]
+----
+<dependencies>
+	<!-- ... -->
+
+	<dependency>
+		<groupId>org.springframework.session</groupId>
+		<artifactId>spring-session-data-redis</artifactId>
+		<version>{spring-session-version}</version>
+		<type>pom</type>
+	</dependency>
+	<dependency>
+		<groupId>io.lettuce</groupId>
+		<artifactId>lettuce-core</artifactId>
+		<version>{lettuce-version}</version>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-web</artifactId>
+		<version>{spring-framework-version}</version>
+	</dependency>
+</dependencies>
+----
+
+ifeval::["{version-snapshot}" == "true"]
+Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+
+	<!-- ... -->
+
+	<repository>
+		<id>spring-snapshot</id>
+		<url>https://repo.spring.io/libs-snapshot</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repository>
+	<id>spring-milestone</id>
+	<url>https://repo.spring.io/libs-milestone</url>
+</repository>
+----
+endif::[]
+
+// tag::config[]
+
+[[rest-spring-configuration]]
+== Spring Configuration
+
+After adding the required dependencies, we can create our Spring configuration.
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+Add the following Spring Configuration:
+
+[source,java]
+----
+include::{samples-dir}javaconfig/rest/src/main/java/sample/HttpSessionConfig.java[tags=class]
+----
+
+<1> The `@EnableRedisHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements `Filter`.
+The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+In this instance Spring Session is backed by Redis.
+<2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
+We configure the connection to connect to localhost on the default port (6379)
+For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
+<3> We customize Spring Session's HttpSession integration to use HTTP headers to convey the current session information instead of cookies.
+
+== Servlet Container Initialization
+
+Our <<rest-spring-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
+
+In order for our `Filter` to do its magic, Spring needs to load our `Config` class. We provide the configuration in our Spring `MvcInitializer` as shown below:
+
+.src/main/java/sample/mvc/MvcInitializer.java
+[source,java,indent=0]
+----
+include::{samples-dir}javaconfig/rest/src/main/java/sample/mvc/MvcInitializer.java[tags=config]
+----
+
+Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` that makes this extremely easy. Simply extend the class with the default constructor as shown below:
+
+.src/main/java/sample/Initializer.java
+[source,java]
+----
+include::{samples-dir}javaconfig/rest/src/main/java/sample/Initializer.java[tags=class]
+----
+
+NOTE: The name of our class (Initializer) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
+
+// end::config[]
+
+[[rest-sample]]
+== rest Sample Application
+
+=== Running the rest Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
+
+[NOTE]
+====
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+====
+
+----
+$ ./gradlew :spring-session-sample-javaconfig-rest:tomcatRun
+----
+
+You should now be able to access the application at http://localhost:8080/
+
+=== Exploring the rest Sample Application
+
+Try using the application. Use your favorite REST client to request http://localhost:8080/
+
+	$ curl -v http://localhost:8080/
+
+Observe that we are prompted for basic authentication. Provide the following information for the username and password:
+
+* **Username** *user*
+* **Password** *password*
+
+$ curl -v http://localhost:8080/ -u user:password
+
+In the output you will notice the following:
+
+----
+HTTP/1.1 200 OK
+...
+X-Auth-Token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3
+
+{"username":"user"}
+----
+
+Specifically, we notice the following things about our response:
+
+* The HTTP Status is now a 200
+* We have a header with the name of *X-Auth-Token* which contains a new session id
+* The current username is displayed
+
+We can now use the *X-Auth-Token* to make another request without providing the username and password again. For example, the following outputs the username just as before:
+
+	$ curl -v http://localhost:8080/ -H "X-Auth-Token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3"
+
+The only difference is that the session id is not provided in the response headers because we are reusing an existing session.
+
+If we invalidate the session, then the X-Auth-Token is displayed in the response with an empty value. For example, the following will invalidate our session:
+
+	$ curl -v http://localhost:8080/logout -H "X-Auth-Token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3"
+
+You will see in the output that the X-Auth-Token provides an empty String indicating that the previous session was invalidated.
+
+----
+HTTP/1.1 204 No Content
+...
+X-Auth-Token:
+----
+
+=== How does it work?
+
+Spring Security interacts with the standard `HttpSession` in `SecurityContextPersistenceFilter`.
+
+Instead of using Tomcat's `HttpSession`, Spring Security is now persisting the values in Redis.
+Spring Session creates a header named X-Auth-Token in your browser that contains the id of your session.
+
+If you like, you can easily see that the session is created in Redis. First create a session using the following:
+
+$ curl -v http://localhost:8080/ -u user:password
+
+In the output you will notice the following:
+
+----
+HTTP/1.1 200 OK
+...
+X-Auth-Token: 7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+
+{"username":"user"}
+----
+
+Now remove the session using redis-cli. For example, on a Linux based system you can type:
+
+	$ redis-cli keys '*' | xargs redis-cli del
+
+TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
+
+Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
+
+	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
+
+We can now use the *X-Auth-Token* to make another request with the session we deleted and observe we are prompted for a authentication. For example, the following returns an HTTP 401:
+
+	$ curl -v http://localhost:8080/ -H "X-Auth-Token: 0dc1f6e1-c7f1-41ac-8ce2-32b6b3e57aa3"

docs/src/docs/asciidoc/guides/java-security.adoc

@@ -5,13 +5,12 @@ Rob Winch
 This guide describes how to use Spring Session along with Spring Security.
 It assumes you have already applied Spring Security to your application.
 
-NOTE: You can find the completed guide in the <<security-sample, security sample application>>.
+NOTE: The completed guide can be found in the <<security-sample, security sample application>>.
 
 == Updating Dependencies
-Before you use Spring Session, you must update your dependencies.
-If you use Maven, you must add the following dependencies:
+Before you use Spring Session, you must ensure to update your dependencies.
+If you are using Maven, ensure to add the following dependencies:
 
-====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -37,13 +36,11 @@ If you use Maven, you must add the following dependencies:
 	</dependency>
 </dependencies>
 ----
-====
 
 ifeval::["{version-snapshot}" == "true"]
-Since we are using a SNAPSHOT version, we need to add the Spring Snapshot Maven Repository.
-You must have the following in your pom.xml:
+Since We are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
+Ensure you have the following in your pom.xml:
 
-====
 .pom.xml
 [source,xml]
 ----
@@ -57,14 +54,12 @@ You must have the following in your pom.xml:
 	</repository>
 </repositories>
 ----
-====
 endif::[]
 
 ifeval::["{version-milestone}" == "true"]
-Since we are using a Milestone version, we need to add the Spring Milestone Maven Repository.
-You must have the following in your pom.xml:
+Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
+Ensure you have the following in your pom.xml:
 
-====
 .pom.xml
 [source,xml]
 ----
@@ -73,121 +68,107 @@ You must have the following in your pom.xml:
 <url>https://repo.spring.io/libs-milestone</url>
 </repository>
 ----
-====
 endif::[]
 
 [[security-spring-configuration]]
 == Spring Configuration
 
 After adding the required dependencies, we can create our Spring configuration.
-The Spring configuration is responsible for creating a servlet filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
-To do so, add the following Spring Configuration:
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+Add the following Spring Configuration:
 
-====
 [source,java]
 ----
-include::{samples-dir}spring-session-sample-javaconfig-security/src/main/java/sample/Config.java[tags=class]
+include::{samples-dir}javaconfig/security/src/main/java/sample/Config.java[tags=class]
 ----
 
-<1> The `@EnableRedisHttpSession` annotation creates a Spring bean with the name of `springSessionRepositoryFilter` that implements `Filter`.
-The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+<1> The `@EnableRedisHttpSession` annotation creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
+The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
 In this instance Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
 We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, see the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
-====
+For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
 
 == Servlet Container Initialization
 
-Our <<security-spring-configuration,Spring Configuration>> created a Spring bean named `springSessionRepositoryFilter` that implements `Filter`.
+Our <<security-spring-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, Spring needs to load our `Config` class.
-Since our application is already loading Spring configuration by using our `SecurityInitializer` class, we can add our configuration class to it.
-The following example shows how to do so:
+Since our application is already loading Spring configuration using our `SecurityInitializer` class, we can simply add our Config class to it.
 
-====
 .src/main/java/sample/SecurityInitializer.java
 [source,java]
 ----
-include::{samples-dir}spring-session-sample-javaconfig-security/src/main/java/sample/SecurityInitializer.java[tags=class]
+include::{samples-dir}javaconfig/security/src/main/java/sample/SecurityInitializer.java[tags=class]
 ----
-====
 
-Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
 It is extremely important that Spring Session's `springSessionRepositoryFilter` is invoked before Spring Security's `springSecurityFilterChain`.
 This ensures that the `HttpSession` that Spring Security uses is backed by Spring Session.
-Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` that makes doing so easy.
-The following example shows how to do so:
+Fortunately, Spring Session provides a utility class named `AbstractHttpSessionApplicationInitializer` that makes this extremely easy.
+You can find an example below:
 
-====
 .src/main/java/sample/Initializer.java
 [source,java]
 ----
-include::{samples-dir}spring-session-sample-javaconfig-security/src/main/java/sample/Initializer.java[tags=class]
+include::{samples-dir}javaconfig/security/src/main/java/sample/Initializer.java[tags=class]
 ----
-====
 
 NOTE: The name of our class (Initializer) does not matter. What is important is that we extend `AbstractHttpSessionApplicationInitializer`.
 
-By extending `AbstractHttpSessionApplicationInitializer`, we ensure that the Spring bean named `springSessionRepositoryFilter` is registered with our Servlet Container for every request before Spring Security's `springSecurityFilterChain` .
+By extending `AbstractHttpSessionApplicationInitializer` we ensure that the Spring Bean by the name `springSessionRepositoryFilter` is registered with our Servlet Container for every request before Spring Security's `springSecurityFilterChain` .
 
 [[security-sample]]
-== `security` Sample Application
+== security Sample Application
 
-This section describes how to work with the `security` sample application.
 
-=== Running the `security` Sample Application
+
+=== Running the security Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
+[NOTE]
 ====
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
+Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
+====
+
 ----
 $ ./gradlew :spring-session-sample-javaconfig-security:tomcatRun
 ----
-====
-
-NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
-Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
-Another option is to use https://www.docker.com/[Docker] to run Redis on localhost.
-See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
 
 You should now be able to access the application at http://localhost:8080/
 
-=== Exploring the `security` Sample Application
+=== Exploring the security Sample Application
 
-Now you can use the application. Enter the following to log in:
+Try using the application. Enter the following to log in:
 
-* *Username* _user_
-* *Password* _password_
+* **Username** _user_
+* **Password** _password_
 
-Now click the *Login* button.
+Now click the **Login** button.
 You should now see a message indicating your are logged in with the user entered previously.
 The user's information is stored in Redis rather than Tomcat's `HttpSession` implementation.
 
-=== How Does It Work?
+=== How does it work?
 
-Instead of using Tomcat's `HttpSession`, we persist the values in Redis.
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
 Spring Session replaces the `HttpSession` with an implementation that is backed by Redis.
-When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession`, it is then persisted into Redis.
+When Spring Security's `SecurityContextPersistenceFilter` saves the `SecurityContext` to the `HttpSession` it is then persisted into Redis.
 
-When a new `HttpSession` is created, Spring Session creates a cookie named `SESSION` in your browser.
-That cookie contains the ID of your session.
-You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+When a new `HttpSession` is created, Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-You can remove the session using redis-cli. For example, on a Linux-based system you can type the following command:
+If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
 
-====
-----
 	$ redis-cli keys '*' | xargs redis-cli del
-----
-====
 
 TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
-Alternatively, you can also delete the explicit key.
-Enter the following command into your terminal, being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your `SESSION` cookie:
+Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
 
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
 
-Now you can visit the application at http://localhost:8080/ and see that we are no longer authenticated.
+Now visit the application at http://localhost:8080/ and observe that we are no longer authenticated.

docs/src/docs/asciidoc/guides/xml-jdbc.adoc

@@ -0,0 +1,162 @@
+= Spring Session - HttpSession (Quick Start)
+Rob Winch, Vedran Pavić
+:toc:
+
+This guide describes how to use Spring Session to transparently leverage a relational to back a web application's `HttpSession` with XML based configuration.
+
+NOTE: The completed guide can be found in the <<httpsession-jdbc-xml-sample, httpsession-jdbc-xml sample application>>.
+
+== Updating Dependencies
+Before you use Spring Session, you must ensure to update your dependencies.
+If you are using Maven, ensure to add the following dependencies:
+
+.pom.xml
+[source,xml]
+[subs="verbatim,attributes"]
+----
+<dependencies>
+	<!-- ... -->
+
+	<dependency>
+		<groupId>org.springframework.session</groupId>
+		<artifactId>spring-session-jdbc</artifactId>
+		<version>{spring-session-version}</version>
+		<type>pom</type>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-web</artifactId>
+		<version>{spring-framework-version}</version>
+	</dependency>
+</dependencies>
+----
+
+ifeval::["{version-snapshot}" == "true"]
+Since we are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repositories>
+
+	<!-- ... -->
+
+	<repository>
+		<id>spring-snapshot</id>
+		<url>https://repo.spring.io/libs-snapshot</url>
+	</repository>
+</repositories>
+----
+endif::[]
+
+ifeval::["{version-milestone}" == "true"]
+Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
+Ensure you have the following in your pom.xml:
+
+.pom.xml
+[source,xml]
+----
+<repository>
+	<id>spring-milestone</id>
+	<url>https://repo.spring.io/libs-milestone</url>
+</repository>
+----
+endif::[]
+
+// tag::config[]
+
+[[httpsession-jdbc-xml-spring-configuration]]
+== Spring XML Configuration
+
+After adding the required dependencies, we can create our Spring configuration.
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+Add the following Spring Configuration:
+
+.src/main/webapp/WEB-INF/spring/session.xml
+[source,xml,indent=0]
+----
+include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/spring/session.xml[tags=beans]
+----
+
+<1> We use the combination of `<context:annotation-config/>` and `JdbcHttpSessionConfiguration` because Spring Session does not yet provide XML Namespace support (see https://github.com/spring-projects/spring-session/issues/104[gh-104]).
+This creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
+The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+In this instance Spring Session is backed by a relational database.
+<2> We create a `dataSource` that connects Spring Session to an embedded instance of H2 database.
+We configure the H2 database to create database tables using the SQL script which is included in Spring Session.
+<3> We create a `transactionManager` that manages transactions for previously configured `dataSource`.
+
+For additional information on how to configure data access related concerns, please refer to the https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/data-access.html[Spring Framework Reference Documentation].
+
+== XML Servlet Container Initialization
+
+Our <<httpsession-xml-spring-configuration,Spring Configuration>> created a Spring Bean named `springSessionRepositoryFilter` that implements `Filter`.
+The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
+
+In order for our `Filter` to do its magic, we need to instruct Spring to load our `session.xml` configuration.
+We do this with the following configuration:
+
+
+.src/main/webapp/WEB-INF/web.xml
+[source,xml,indent=0]
+----
+include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/web.xml[tags=context-param]
+include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/web.xml[tags=listeners]
+----
+
+The https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/core.html#context-create[ContextLoaderListener] reads the contextConfigLocation and picks up our session.xml configuration.
+
+Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
+The following snippet performs this last step for us:
+
+.src/main/webapp/WEB-INF/web.xml
+[source,xml,indent=0]
+----
+include::{samples-dir}xml/jdbc/src/main/webapp/WEB-INF/web.xml[tags=springSessionRepositoryFilter]
+----
+
+The https://docs.spring.io/spring-framework/docs/{spring-framework-version}/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy] will look up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
+For every request that `DelegatingFilterProxy` is invoked, the `springSessionRepositoryFilter` will be invoked.
+
+// end::config[]
+
+[[httpsession-jdbc-xml-sample]]
+== httpsession-jdbc-xml Sample Application
+
+=== Running the httpsession-jdbc-xml Sample Application
+
+You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
+
+----
+$ ./gradlew :spring-session-sample-xml-jdbc:tomcatRun
+----
+
+You should now be able to access the application at http://localhost:8080/
+
+=== Exploring the httpsession-jdbc-xml Sample Application
+
+Try using the application. Fill out the form with the following information:
+
+* **Attribute Name:** _username_
+* **Attribute Value:** _rob_
+
+Now click the **Set Attribute** button. You should now see the values displayed in the table.
+
+=== How does it work?
+
+We interact with the standard `HttpSession` in the `SessionServlet` shown below:
+
+.src/main/java/sample/SessionServlet.java
+[source,java]
+----
+include::{samples-dir}xml/jdbc/src/main/java/sample/SessionServlet.java[tags=class]
+----
+
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in H2 database.
+Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+
+If you like, you can easily remove the session using H2 web console available at: http://localhost:8080/h2-console/ (use `jdbc:h2:mem:testdb` for JDBC URL)
+
+Now visit the application at http://localhost:8080/ and observe that the attribute we added is no longer displayed.

docs/src/docs/asciidoc/guides/xml-redis.adoc

@@ -2,15 +2,14 @@
 Rob Winch
 :toc:
 
-This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` with XML-based configuration.
+This guide describes how to use Spring Session to transparently leverage Redis to back a web application's `HttpSession` with XML based configuration.
 
-NOTE: You can find the completed guide in the <<httpsession-xml-sample, httpsession-xml sample application>>.
+NOTE: The completed guide can be found in the <<httpsession-xml-sample, httpsession-xml sample application>>.
 
 == Updating Dependencies
-Before you use Spring Session, you must update your dependencies.
-If you use Maven, you must add the following dependencies:
+Before you use Spring Session, you must ensure to update your dependencies.
+If you are using Maven, ensure to add the following dependencies:
 
-====
 .pom.xml
 [source,xml]
 [subs="verbatim,attributes"]
@@ -36,13 +35,11 @@ If you use Maven, you must add the following dependencies:
 	</dependency>
 </dependencies>
 ----
-====
 
 ifeval::["{version-snapshot}" == "true"]
-Since we are using a SNAPSHOT version, we need to add the Spring Snapshot Maven Repository.
-You must have the following in your pom.xml:
+Since we are using a SNAPSHOT version, we need to ensure to add the Spring Snapshot Maven Repository.
+Ensure you have the following in your pom.xml:
 
-====
 .pom.xml
 [source,xml]
 ----
@@ -56,14 +53,12 @@ You must have the following in your pom.xml:
 	</repository>
 </repositories>
 ----
-====
 endif::[]
 
 ifeval::["{version-milestone}" == "true"]
-Since we are using a Milestone version, we need to add the Spring Milestone Maven Repository.
-You must have the following in your pom.xml:
+Since We are using a Milestone version, we need to ensure to add the Spring Milestone Maven Repository.
+Ensure you have the following in your pom.xml:
 
-====
 .pom.xml
 [source,xml]
 ----
@@ -72,7 +67,6 @@ You must have the following in your pom.xml:
 	<url>https://repo.spring.io/libs-milestone</url>
 </repository>
 ----
-====
 endif::[]
 
 // tag::config[]
@@ -81,24 +75,22 @@ endif::[]
 == Spring XML Configuration
 
 After adding the required dependencies, we can create our Spring configuration.
-The Spring configuration is responsible for creating a servlet filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
-To do so, add the following Spring Configuration:
+The Spring configuration is responsible for creating a Servlet Filter that replaces the `HttpSession` implementation with an implementation backed by Spring Session.
+Add the following Spring Configuration:
 
-====
 .src/main/webapp/WEB-INF/spring/session.xml
 [source,xml,indent=0]
 ----
-include::{samples-dir}spring-session-sample-xml-redis/src/main/webapp/WEB-INF/spring/session.xml[tags=beans]
+include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/spring/session.xml[tags=beans]
 ----
 
 <1> We use the combination of `<context:annotation-config/>` and `RedisHttpSessionConfiguration` because Spring Session does not yet provide XML Namespace support (see https://github.com/spring-projects/spring-session/issues/104[gh-104]).
-This creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements `Filter`.
-The filter is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
-In this instance, Spring Session is backed by Redis.
+This creates a Spring Bean with the name of `springSessionRepositoryFilter` that implements Filter.
+The filter is what is in charge of replacing the `HttpSession` implementation to be backed by Spring Session.
+In this instance Spring Session is backed by Redis.
 <2> We create a `RedisConnectionFactory` that connects Spring Session to the Redis Server.
 We configure the connection to connect to localhost on the default port (6379)
-For more information on configuring Spring Data Redis, see the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
-====
+For more information on configuring Spring Data Redis, refer to the https://docs.spring.io/spring-data/data-redis/docs/{spring-data-redis-version}/reference/html/[reference documentation].
 
 == XML Servlet Container Initialization
 
@@ -106,99 +98,83 @@ Our <<httpsession-xml-spring-configuration,Spring Configuration>> created a Spri
 The `springSessionRepositoryFilter` bean is responsible for replacing the `HttpSession` with a custom implementation that is backed by Spring Session.
 
 In order for our `Filter` to do its magic, we need to instruct Spring to load our `session.xml` configuration.
-We can do so with the following configuration:
+We do this with the following configuration:
+
 
-====
 .src/main/webapp/WEB-INF/web.xml
 [source,xml,indent=0]
 ----
-include::{samples-dir}spring-session-sample-xml-redis/src/main/webapp/WEB-INF/web.xml[tags=context-param]
-include::{samples-dir}spring-session-sample-xml-redis/src/main/webapp/WEB-INF/web.xml[tags=listeners]
+include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/web.xml[tags=context-param]
+include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/web.xml[tags=listeners]
 ----
-====
 
-The https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/core.html#context-create[`ContextLoaderListener`] reads the contextConfigLocation and picks up our session.xml configuration.
+The https://docs.spring.io/spring/docs/{spring-framework-version}/spring-framework-reference/core.html#context-create[ContextLoaderListener] reads the contextConfigLocation and picks up our session.xml configuration.
 
-Last, we need to ensure that our Servlet Container (that is, Tomcat) uses our `springSessionRepositoryFilter` for every request.
+Last we need to ensure that our Servlet Container (i.e. Tomcat) uses our `springSessionRepositoryFilter` for every request.
 The following snippet performs this last step for us:
 
-====
 .src/main/webapp/WEB-INF/web.xml
 [source,xml,indent=0]
 ----
-include::{samples-dir}spring-session-sample-xml-redis/src/main/webapp/WEB-INF/web.xml[tags=springSessionRepositoryFilter]
+include::{samples-dir}xml/redis/src/main/webapp/WEB-INF/web.xml[tags=springSessionRepositoryFilter]
 ----
-====
 
-The https://docs.spring.io/spring-framework/docs/{spring-framework-version}/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[`DelegatingFilterProxy`] looks up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
-For every request that `DelegatingFilterProxy` is invoked, the `springSessionRepositoryFilter` is invoked.
+The https://docs.spring.io/spring-framework/docs/{spring-framework-version}/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html[DelegatingFilterProxy] will look up a Bean by the name of `springSessionRepositoryFilter` and cast it to a `Filter`.
+For every request that `DelegatingFilterProxy` is invoked, the `springSessionRepositoryFilter` will be invoked.
 
 // end::config[]
 
 [[httpsession-xml-sample]]
-== `httpsession-xml` Sample Application
+== httpsession-xml Sample Application
 
-This section describes how to work with the `httpsession-xml` sample application.
-
-=== Running the `httpsession-xml` Sample Application
+=== Running the httpsession-xml Sample Application
 
 You can run the sample by obtaining the {download-url}[source code] and invoking the following command:
 
-NOTE: For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
+[NOTE]
+====
+For the sample to work, you must https://redis.io/download[install Redis 2.8+] on localhost and run it with the default port (6379).
 Alternatively, you can update the `RedisConnectionFactory` to point to a Redis server.
 Another option is to use https://www.docker.com/[Docker] to run Redis on localhost. See https://hub.docker.com/_/redis/[Docker Redis repository] for detailed instructions.
-
 ====
+
 ----
 $ ./gradlew :spring-session-sample-xml-redis:tomcatRun
 ----
-====
 
 You should now be able to access the application at http://localhost:8080/
 
-=== Exploring the `httpsession-xml` Sample Application
+=== Exploring the httpsession-xml Sample Application
 
-Now you can try using the application. Fill out the form with the following information:
+Try using the application. Fill out the form with the following information:
 
-* *Attribute Name:* _username_
-* *Attribute Value:* _rob_
+* **Attribute Name:** _username_
+* **Attribute Value:** _rob_
 
-Now click the *Set Attribute* button. You should now see the values displayed in the table.
+Now click the **Set Attribute** button. You should now see the values displayed in the table.
 
-=== How Does It Work?
+=== How does it work?
 
-We interact with the standard `HttpSession` in the `SessionServlet` shown in the following listing:
+We interact with the standard `HttpSession` in the `SessionServlet` shown below:
 
-====
 .src/main/java/sample/SessionServlet.java
 [source,java]
 ----
-include::{samples-dir}spring-session-sample-xml-redis/src/main/java/sample/SessionServlet.java[tags=class]
+include::{samples-dir}xml/redis/src/main/java/sample/SessionServlet.java[tags=class]
 ----
-====
 
-Instead of using Tomcat's `HttpSession`, we persist the values in Redis.
-Spring Session creates a cookie named SESSION in your browser.
-That cookie contains the ID of your session.
-You can view the cookies (with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
+Instead of using Tomcat's `HttpSession`, we are actually persisting the values in Redis.
+Spring Session creates a cookie named SESSION in your browser that contains the id of your session.
+Go ahead and view the cookies (click for help with https://developers.google.com/web/tools/chrome-devtools/manage-data/cookies[Chrome] or https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector[Firefox]).
 
-You can remove the session using redis-cli.
-For example, on a Linux based system you can type the following:
+If you like, you can easily remove the session using redis-cli. For example, on a Linux based system you can type:
 
-====
-----
 	$ redis-cli keys '*' | xargs redis-cli del
-----
-====
 
 TIP: The Redis documentation has instructions for https://redis.io/topics/quickstart[installing redis-cli].
 
-Alternatively, you can also delete the explicit key. To do so, enter the following into your terminal, being sure to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
+Alternatively, you can also delete the explicit key. Enter the following into your terminal ensuring to replace `7e8383a4-082c-4ffe-a4bc-c40fd3363c5e` with the value of your SESSION cookie:
 
-====
-----
 	$ redis-cli del spring:session:sessions:7e8383a4-082c-4ffe-a4bc-c40fd3363c5e
-----
-====
 
-Now you can visit the application at http://localhost:8080/ and see that the attribute we added is no longer displayed.
+Now visit the application at http://localhost:8080/ and observe that the attribute we added is no longer displayed.

docs/src/test/java/docs/FindByIndexNameSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,10 +18,10 @@ package docs;
 
 import java.util.Map;
 
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
+import org.mockito.junit.MockitoJUnitRunner;
 
 import org.springframework.session.FindByIndexNameSessionRepository;
 import org.springframework.session.Session;
@@ -30,17 +30,13 @@ import org.springframework.session.Session;
  * @author Rob Winch
  *
  */
+@RunWith(MockitoJUnitRunner.class)
 public class FindByIndexNameSessionRepositoryTests {
 	@Mock
 	FindByIndexNameSessionRepository<Session> sessionRepository;
 	@Mock
 	Session session;
 
-	@BeforeEach
-	void setUp() {
-		MockitoAnnotations.initMocks(this);
-	}
-
 	@Test
 	public void setUsername() {
 		// tag::set-username[]
@@ -56,7 +52,9 @@ public class FindByIndexNameSessionRepositoryTests {
 		// tag::findby-username[]
 		String username = "username";
 		Map<String, Session> sessionIdToSession = this.sessionRepository
-				.findByPrincipalName(username);
+				.findByIndexNameAndIndexValue(
+						FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
+						username);
 		// end::findby-username[]
 	}
 }

docs/src/test/java/docs/HttpSessionConfigurationNoOpConfigureRedisActionXmlTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,15 +16,15 @@
 
 package docs;
 
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.session.Session;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -33,7 +33,7 @@ import static org.mockito.Mockito.mock;
 /**
  * @author Rob Winch
  */
-@ExtendWith(SpringExtension.class)
+@RunWith(SpringRunner.class)
 @ContextConfiguration
 @WebAppConfiguration
 public class HttpSessionConfigurationNoOpConfigureRedisActionXmlTests {

docs/src/test/java/docs/IndexDocTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,7 +22,7 @@ import java.util.concurrent.ConcurrentHashMap;
 import com.hazelcast.config.Config;
 import com.hazelcast.core.Hazelcast;
 import com.hazelcast.core.HazelcastInstance;
-import org.junit.jupiter.api.Test;
+import org.junit.Test;
 
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.data.redis.core.ReactiveRedisTemplate;

docs/src/test/java/docs/RedisHttpSessionConfigurationNoOpConfigureRedisActionTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,8 +16,8 @@
 
 package docs;
 
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -25,7 +25,7 @@ import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.session.data.redis.config.ConfigureRedisAction;
 import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 
 import static org.mockito.Mockito.mock;
@@ -33,7 +33,7 @@ import static org.mockito.Mockito.mock;
 /**
  * @author Rob Winch
  */
-@ExtendWith(SpringExtension.class)
+@RunWith(SpringRunner.class)
 @ContextConfiguration
 @WebAppConfiguration
 public class RedisHttpSessionConfigurationNoOpConfigureRedisActionTests {

docs/src/test/java/docs/http/AbstractHttpSessionListenerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,8 +18,8 @@ package docs.http;
 
 import java.util.Properties;
 
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationEventPublisher;
@@ -29,7 +29,7 @@ import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.security.core.session.SessionDestroyedEvent;
 import org.springframework.session.MapSession;
 import org.springframework.session.Session;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -42,7 +42,7 @@ import static org.mockito.Mockito.mock;
  * @author Mark Paluch
  * @since 1.2
  */
-@ExtendWith(SpringExtension.class)
+@RunWith(SpringRunner.class)
 @WebAppConfiguration
 public abstract class AbstractHttpSessionListenerTests {
 	@Autowired

docs/src/test/java/docs/security/RememberMeSecurityConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,16 +21,16 @@ import java.util.Base64;
 
 import javax.servlet.http.Cookie;
 
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
@@ -43,9 +43,8 @@ import static org.springframework.security.test.web.servlet.setup.SecurityMockMv
 
 /**
  * @author rwinch
- * @author Vedran Pavic
  */
-@ExtendWith(SpringExtension.class)
+@RunWith(SpringRunner.class)
 @ContextConfiguration(classes = RememberMeSecurityConfiguration.class)
 @WebAppConfiguration
 @SuppressWarnings("rawtypes")
@@ -59,7 +58,7 @@ public class RememberMeSecurityConfigurationTests<T extends Session> {
 
 	MockMvc mockMvc;
 
-	@BeforeEach
+	@Before
 	public void setup() {
 		// @formatter:off
 		this.mockMvc = MockMvcBuilders
@@ -87,6 +86,5 @@ public class RememberMeSecurityConfigurationTests<T extends Session> {
 				.isEqualTo(Duration.ofDays(30));
 
 	}
-
 }
 // end::class[]

docs/src/test/java/docs/security/RememberMeSecurityConfigurationXmlTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,16 +21,16 @@ import java.util.Base64;
 
 import javax.servlet.http.Cookie;
 
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
 import org.springframework.session.web.http.SessionRepositoryFilter;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.context.web.WebAppConfiguration;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
@@ -43,9 +43,8 @@ import static org.springframework.security.test.web.servlet.setup.SecurityMockMv
 
 /**
  * @author rwinch
- * @author Vedran Pavic
  */
-@ExtendWith(SpringExtension.class)
+@RunWith(SpringRunner.class)
 @ContextConfiguration
 @WebAppConfiguration
 @SuppressWarnings("rawtypes")
@@ -59,7 +58,7 @@ public class RememberMeSecurityConfigurationXmlTests<T extends Session> {
 
 	MockMvc mockMvc;
 
-	@BeforeEach
+	@Before
 	public void setup() {
 		// @formatter:off
 		this.mockMvc = MockMvcBuilders
@@ -87,6 +86,5 @@ public class RememberMeSecurityConfigurationXmlTests<T extends Session> {
 				.isEqualTo(Duration.ofDays(30));
 
 	}
-
 }
 // end::class[]

etc/checkstyle/checkstyle.xml

@@ -2,36 +2,11 @@
 <!DOCTYPE module PUBLIC "-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
 		"https://checkstyle.org/dtds/configuration_1_3.dtd">
 <module name="Checker">
+	<!-- Supressions -->
 	<module name="SuppressionFilter">
 		<property name="file" value="${config_loc}/suppressions.xml"/>
 	</module>
+
+	<!-- Root Checks -->
 	<module name="io.spring.javaformat.checkstyle.SpringChecks"/>
-	<module name="com.puppycrawl.tools.checkstyle.TreeWalker">
-		<module name="com.puppycrawl.tools.checkstyle.checks.imports.IllegalImportCheck">
-			<property name="regexp" value="true"/>
-			<property name="illegalPkgs"
-					value="^sun.*, ^org\.apache\.commons\.(?!compress|dbcp2|lang|lang3|logging|pool2).*, ^com\.google\.common.*, ^org\.flywaydb\.core\.internal.*, ^org\.testcontainers\.shaded.*"/>
-			<property name="illegalClasses"
-					value="^reactor\.core\.support\.Assert, ^org\.junit\.rules\.ExpectedException, ^org\.slf4j\.LoggerFactory"/>
-		</module>
-		<module name="com.puppycrawl.tools.checkstyle.checks.regexp.RegexpSinglelineJavaCheck">
-			<property name="maximum" value="0"/>
-			<property name="format" value="org\.junit\.Assert\.assert"/>
-			<property name="message" value="Please use AssertJ imports."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-		<module name="com.puppycrawl.tools.checkstyle.checks.regexp.RegexpSinglelineJavaCheck">
-			<property name="maximum" value="0"/>
-			<property name="format"
-					value="assertThatExceptionOfType\((NullPointerException|IllegalArgumentException|IOException|IllegalStateException)\.class\)"/>
-			<property name="message" value="Please use specialized AssertJ assertThat*Exception method."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-		<module name="com.puppycrawl.tools.checkstyle.checks.regexp.RegexpSinglelineJavaCheck">
-			<property name="maximum" value="0"/>
-			<property name="format" value="org\.mockito\.Mockito\.(when|doThrow|doAnswer)"/>
-			<property name="message" value="Please use BDDMockito imports."/>
-			<property name="ignoreComments" value="true"/>
-		</module>
-	</module>
 </module>

etc/checkstyle/suppressions.xml

@@ -2,10 +2,16 @@
 <!DOCTYPE suppressions PUBLIC "-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
+	<!-- global -->
 	<suppress files="[\\/]src[\\/]integration-test[\\/]java[\\/]" checks="Javadoc*"/>
-	<suppress files="[\\/]spring-session-docs[\\/]" checks="Javadoc*"/>
-	<suppress files="[\\/]spring-session-docs[\\/]" checks="InnerTypeLast"/>
-	<suppress files="[\\/]spring-session-samples[\\/]" checks="Javadoc*"/>
-	<suppress files="[\\/]spring-session-samples[\\/].+Application\.java" checks="HideUtilityClassConstructor"/>
+
+	<!-- docs -->
+	<suppress files="[\\/]docs[\\/]" checks="Javadoc*"/>
+	<suppress files="[\\/]docs[\\/]" checks="InnerTypeLast"/>
+
+	<!-- samples -->
+	<suppress files="[\\/]samples[\\/]" checks="Javadoc*"/>
+	<suppress files="[\\/]samples[\\/].+Application\.java" checks="HideUtilityClassConstructor"/>
+
 	<suppress files="SessionRepositoryFilterTests\.java" checks="SpringLambda"/>
 </suppressions>

gradle.properties

@@ -1 +1,2 @@
-version=2.2.0.M2
+springBootVersion=2.0.8.RELEASE
+version=2.0.11.BUILD-SNAPSHOT

gradle/dependency-management.gradle

@@ -1,33 +1,32 @@
 dependencyManagement {
 	imports {
 		mavenBom 'com.fasterxml.jackson:jackson-bom:2.9.6'
-		mavenBom 'io.projectreactor:reactor-bom:Dysprosium-M2'
-		mavenBom 'org.junit:junit-bom:5.4.2'
-		mavenBom 'org.springframework:spring-framework-bom:5.2.0.M3'
-		mavenBom 'org.springframework.data:spring-data-releasetrain:Moore-RC1'
-		mavenBom 'org.springframework.security:spring-security-bom:5.2.0.M3'
-		mavenBom 'org.testcontainers:testcontainers-bom:1.11.3'
+		mavenBom 'io.projectreactor:reactor-bom:Bismuth-SR1'
+		mavenBom 'org.springframework:spring-framework-bom:5.0.13.RELEASE'
+		mavenBom 'org.springframework.data:spring-data-releasetrain:Kay-SR14'
+		mavenBom 'org.springframework.security:spring-security-bom:5.0.12.RELEASE'
+		mavenBom 'org.testcontainers:testcontainers-bom:1.10.5'
 	}
 
 	dependencies {
-		dependencySet(group: 'com.hazelcast', version: '3.12.1') {
+		dependencySet(group: 'com.hazelcast', version: '3.9.4') {
 			entry 'hazelcast'
 			entry 'hazelcast-client'
 		}
 
-		dependency 'com.h2database:h2:1.4.199'
-		dependency 'com.microsoft.sqlserver:mssql-jdbc:7.2.2.jre8'
-		dependency 'com.zaxxer:HikariCP:3.3.1'
+		dependency 'com.h2database:h2:1.4.197'
+		dependency 'com.microsoft.sqlserver:mssql-jdbc:7.0.0.jre8'
 		dependency 'edu.umd.cs.mtc:multithreadedtc:1.01'
-		dependency 'io.lettuce:lettuce-core:5.1.7.RELEASE'
+		dependency 'io.lettuce:lettuce-core:5.1.3.RELEASE'
 		dependency 'javax.annotation:javax.annotation-api:1.3.2'
-		dependency 'javax.servlet:javax.servlet-api:4.0.1'
-		dependency 'mysql:mysql-connector-java:8.0.16'
+		dependency 'javax.servlet:javax.servlet-api:3.1.0'
+		dependency 'junit:junit:4.12'
+		dependency 'mysql:mysql-connector-java:8.0.13'
 		dependency 'org.apache.derby:derby:10.14.2.0'
-		dependency 'org.assertj:assertj-core:3.12.2'
-		dependency 'org.hsqldb:hsqldb:2.5.0'
-		dependency 'org.mariadb.jdbc:mariadb-java-client:2.4.1'
-		dependency 'org.mockito:mockito-core:2.28.2'
+		dependency 'org.assertj:assertj-core:3.11.1'
+		dependency 'org.hsqldb:hsqldb:2.4.1'
+		dependency 'org.mariadb.jdbc:mariadb-java-client:2.3.0'
+		dependency 'org.mockito:mockito-core:2.23.4'
 		dependency 'org.postgresql:postgresql:42.2.5'
 	}
 }

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-5.4.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.10.3-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradlew

@@ -1,21 +1,5 @@
 #!/usr/bin/env sh
 
-#
-# Copyright 2015 the original author or authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
 ##############################################################################
 ##
 ##  Gradle start up script for UN*X
@@ -44,7 +28,7 @@ APP_NAME="Gradle"
 APP_BASE_NAME=`basename "$0"`
 
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+DEFAULT_JVM_OPTS=""
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD="maximum"

gradlew.bat

@@ -1,19 +1,3 @@
-@rem
-@rem Copyright 2015 the original author or authors.
-@rem
-@rem Licensed under the Apache License, Version 2.0 (the "License");
-@rem you may not use this file except in compliance with the License.
-@rem You may obtain a copy of the License at
-@rem
-@rem      https://www.apache.org/licenses/LICENSE-2.0
-@rem
-@rem Unless required by applicable law or agreed to in writing, software
-@rem distributed under the License is distributed on an "AS IS" BASIS,
-@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-@rem See the License for the specific language governing permissions and
-@rem limitations under the License.
-@rem
-
 @if "%DEBUG%" == "" @echo off
 @rem ##########################################################################
 @rem
@@ -30,7 +14,7 @@ set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
 @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+set DEFAULT_JVM_OPTS=
 
 @rem Find java.exe
 if defined JAVA_HOME goto findJavaFromJavaHome

samples/boot/findbyusername/spring-session-sample-boot-findbyusername.gradle

@@ -16,8 +16,6 @@ dependencies {
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"
 	testCompile "org.assertj:assertj-core"
-	testCompile "org.junit.jupiter:junit-jupiter-api"
-	testRuntime "org.junit.jupiter:junit-jupiter-engine"
 
 	integrationTestCompile seleniumDependencies
 	integrationTestCompile "org.testcontainers:testcontainers"

samples/boot/findbyusername/src/integration-test/java/sample/FindByUsernameTests.java

@@ -16,10 +16,10 @@
 
 package sample;
 
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
 import org.testcontainers.containers.GenericContainer;
 import sample.pages.HomePage;
@@ -32,7 +32,7 @@ import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
 
@@ -41,24 +41,24 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
  * @author Rob Winch
  * @author Vedran Pavic
  */
-@ExtendWith(SpringExtension.class)
+@RunWith(SpringRunner.class)
 @AutoConfigureMockMvc
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 public class FindByUsernameTests {
 
-	private static final String DOCKER_IMAGE = "redis:5.0.5";
+	private static final String DOCKER_IMAGE = "redis:4.0.12";
 
 	@Autowired
 	private MockMvc mockMvc;
 
 	private WebDriver driver;
 
-	@BeforeEach
+	@Before
 	public void setup() {
 		this.driver = MockMvcHtmlUnitDriverBuilder.mockMvcSetup(this.mockMvc).build();
 	}
 
-	@AfterEach
+	@After
 	public void tearDown() {
 		this.driver.quit();
 	}

samples/boot/findbyusername/src/main/java/sample/mvc/IndexController.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -44,7 +44,10 @@ public class IndexController {
 	@RequestMapping("/")
 	public String index(Principal principal, Model model) {
 		Collection<? extends Session> usersSessions = this.sessions
-				.findByPrincipalName(principal.getName()).values();
+				.findByIndexNameAndIndexValue(
+						FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
+						principal.getName())
+				.values();
 		model.addAttribute("sessions", usersSessions);
 		return "index";
 	}
@@ -53,8 +56,9 @@ public class IndexController {
 	@RequestMapping(value = "/sessions/{sessionIdToDelete}", method = RequestMethod.DELETE)
 	public String removeSession(Principal principal,
 			@PathVariable String sessionIdToDelete) {
-		Set<String> usersSessionIds = this.sessions
-				.findByPrincipalName(principal.getName()).keySet();
+		Set<String> usersSessionIds = this.sessions.findByIndexNameAndIndexValue(
+				FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME,
+				principal.getName()).keySet();
 		if (usersSessionIds.contains(sessionIdToDelete)) {
 			this.sessions.deleteById(sessionIdToDelete);
 		}

samples/boot/findbyusername/src/test/java/sample/session/SessionDetailsFilterTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,14 +17,14 @@
 package sample.session;
 
 import com.maxmind.geoip2.DatabaseReader;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 import sample.config.GeoConfig;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -32,7 +32,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Rob Winch
  *
  */
-@ExtendWith(SpringExtension.class)
+@RunWith(SpringRunner.class)
 @ContextConfiguration(classes = GeoConfig.class)
 public class SessionDetailsFilterTests {
 	@Autowired
@@ -40,7 +40,7 @@ public class SessionDetailsFilterTests {
 
 	SessionDetailsFilter filter;
 
-	@BeforeEach
+	@Before
 	public void setup() {
 		this.filter = new SessionDetailsFilter(this.reader);
 	}

samples/boot/jdbc/spring-session-sample-boot-jdbc.gradle

@@ -14,8 +14,6 @@ dependencies {
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"
 	testCompile "org.assertj:assertj-core"
-	testCompile "org.junit.jupiter:junit-jupiter-api"
-	testRuntime "org.junit.jupiter:junit-jupiter-engine"
 
 	integrationTestCompile seleniumDependencies
 }

samples/boot/jdbc/src/integration-test/java/sample/BootTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,10 +16,10 @@
 
 package sample;
 
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
 import sample.pages.HomePage;
 import sample.pages.LoginPage;
@@ -28,15 +28,14 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
 
 /**
  * @author Eddú Meléndez
- * @author Vedran Pavic
  */
-@ExtendWith(SpringExtension.class)
+@RunWith(SpringRunner.class)
 @AutoConfigureMockMvc
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 public class BootTests {
@@ -46,12 +45,12 @@ public class BootTests {
 
 	private WebDriver driver;
 
-	@BeforeEach
+	@Before
 	public void setup() {
 		this.driver = MockMvcHtmlUnitDriverBuilder.mockMvcSetup(this.mockMvc).build();
 	}
 
-	@AfterEach
+	@After
 	public void tearDown() {
 		this.driver.quit();
 	}

samples/boot/jdbc/src/integration-test/java/sample/pages/LoginPage.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2018 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@ public class LoginPage extends BasePage {
 	}
 
 	public void assertAt() {
-		assertThat(getDriver().getTitle()).isEqualTo("Please sign in");
+		assertThat(getDriver().getTitle()).isEqualTo("Login Page");
 	}
 
 	public Form form() {
@@ -51,7 +51,7 @@ public class LoginPage extends BasePage {
 		@FindBy(name = "password")
 		private WebElement password;
 
-		@FindBy(tagName = "button")
+		@FindBy(name = "submit")
 		private WebElement button;
 
 		public Form(SearchContext context) {

samples/boot/redis-json/spring-session-sample-boot-redis-json.gradle

@@ -16,8 +16,6 @@ dependencies {
 	testCompile "org.springframework.boot:spring-boot-starter-test"
 	testCompile "org.assertj:assertj-core"
 	testCompile "org.skyscreamer:jsonassert"
-	testCompile "org.junit.jupiter:junit-jupiter-api"
-	testRuntime "org.junit.jupiter:junit-jupiter-engine"
 
 	integrationTestCompile seleniumDependencies
 	integrationTestCompile "org.testcontainers:testcontainers"

samples/boot/redis-json/src/integration-test/java/sample/HttpRedisJsonTest.java

@@ -18,10 +18,10 @@ package sample;
 
 import java.util.List;
 
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
 import org.testcontainers.containers.GenericContainer;
 import sample.pages.HomePage;
@@ -35,7 +35,7 @@ import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
 
@@ -45,24 +45,24 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Eddú Meléndez
  * @author Vedran Pavic
  */
-@ExtendWith(SpringExtension.class)
+@RunWith(SpringRunner.class)
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 @AutoConfigureMockMvc
 public class HttpRedisJsonTest {
 
-	private static final String DOCKER_IMAGE = "redis:5.0.5";
+	private static final String DOCKER_IMAGE = "redis:4.0.12";
 
 	@Autowired
 	private MockMvc mockMvc;
 
 	private WebDriver driver;
 
-	@BeforeEach
+	@Before
 	public void setup() {
 		this.driver = MockMvcHtmlUnitDriverBuilder.mockMvcSetup(this.mockMvc).build();
 	}
 
-	@AfterEach
+	@After
 	public void tearDown() {
 		this.driver.quit();
 	}

samples/boot/redis-json/src/integration-test/java/sample/RedisSerializerTest.java

@@ -16,8 +16,8 @@
 
 package sample;
 
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 import org.testcontainers.containers.GenericContainer;
 
 import org.springframework.boot.test.context.SpringBootTest;
@@ -27,7 +27,7 @@ import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactor
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
 import org.springframework.session.data.redis.config.annotation.SpringSessionRedisOperations;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -35,11 +35,11 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author jitendra
  * @author Vedran Pavic
  */
-@ExtendWith(SpringExtension.class)
+@RunWith(SpringRunner.class)
 @SpringBootTest
 public class RedisSerializerTest {
 
-	private static final String DOCKER_IMAGE = "redis:5.0.5";
+	private static final String DOCKER_IMAGE = "redis:4.0.12";
 
 	@SpringSessionRedisOperations
 	private RedisTemplate<Object, Object> sessionRedisTemplate;

samples/boot/redis/spring-session-sample-boot-redis.gradle

@@ -13,8 +13,6 @@ dependencies {
 	compile "org.webjars:webjars-locator-core"
 
 	testCompile "org.springframework.boot:spring-boot-starter-test"
-	testCompile "org.junit.jupiter:junit-jupiter-api"
-	testRuntime "org.junit.jupiter:junit-jupiter-engine"
 
 	integrationTestCompile seleniumDependencies
 	integrationTestCompile "org.testcontainers:testcontainers"

samples/boot/redis/src/integration-test/java/sample/BootTests.java

@@ -16,10 +16,10 @@
 
 package sample;
 
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
 import org.openqa.selenium.WebDriver;
 import org.testcontainers.containers.GenericContainer;
 import sample.pages.HomePage;
@@ -32,7 +32,7 @@ import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDriverBuilder;
 
@@ -40,24 +40,24 @@ import org.springframework.test.web.servlet.htmlunit.webdriver.MockMvcHtmlUnitDr
  * @author Eddú Meléndez
  * @author Vedran Pavic
  */
-@ExtendWith(SpringExtension.class)
+@RunWith(SpringRunner.class)
 @AutoConfigureMockMvc
 @SpringBootTest(webEnvironment = WebEnvironment.MOCK)
 public class BootTests {
 
-	private static final String DOCKER_IMAGE = "redis:5.0.5";
+	private static final String DOCKER_IMAGE = "redis:4.0.12";
 
 	@Autowired
 	private MockMvc mockMvc;
 
 	private WebDriver driver;
 
-	@BeforeEach
+	@Before
 	public void setup() {
 		this.driver = MockMvcHtmlUnitDriverBuilder.mockMvcSetup(this.mockMvc).build();
 	}
 
-	@AfterEach
+	@After
 	public void tearDown() {
 		this.driver.quit();
 	}