Release 3.0.0

Closes gh-2211

.gitattributes

@@ -0,0 +1,6 @@
+*       text eol=lf
+*.bat   text eol=crlf
+*.jar   binary
+*.jpg   binary
+*.png   binary
+*.mmdb  binary

.github/workflows/antora-generate.yml

@@ -1,7 +1,6 @@
 name: Generate Antora Files and Request Build
 
 on:
-  workflow_dispatch:  # Manual trigger
   push:
     branches-ignore:
       - 'gh-pages'
@@ -15,6 +14,12 @@ jobs:
     steps:
       - name: Checkout Source
         uses: actions/checkout@v2
+      - name: Set up JDK 17
+        uses: actions/setup-java@v2
+        with:
+          java-version: '17'
+          distribution: 'adopt'
+          cache: gradle
       - name: Generate antora.yml
         run: ./gradlew :spring-session-docs:generateAntora
       - name: Extract Branch Name

.github/workflows/continuous-integration-workflow.yml

@@ -20,7 +20,7 @@ jobs:
     if: github.repository == 'spring-projects/spring-session'
     strategy:
       matrix:
-        jdk: [8, 11]
+        jdk: [17]
       fail-fast: false
     steps:
       - uses: actions/checkout@v2
@@ -53,7 +53,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v1
         with:
-          java-version: '8'
+          java-version: '17'
       - name: Setup gradle user name
         run: |
           mkdir -p ~/.gradle
@@ -81,7 +81,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v1
         with:
-          java-version: '8'
+          java-version: '17'
       - name: Setup gradle user name
         run: |
           mkdir -p ~/.gradle

.github/workflows/deploy-reference.yml

@@ -13,10 +13,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - name: Set up JDK 11
+      - name: Set up JDK 17
         uses: actions/setup-java@v2
         with:
-          java-version: '11'
+          java-version: '17'
           distribution: 'adopt'
           cache: gradle
       - name: Validate Gradle wrapper

.github/workflows/pr-build-workflow.yml

@@ -9,7 +9,7 @@ jobs:
     if: github.repository == 'spring-projects/spring-session'
     strategy:
       matrix:
-        jdk: [8, 11]
+        jdk: [17]
       fail-fast: false
     steps:
       - uses: actions/checkout@v2

.gitignore

@@ -14,3 +14,5 @@ out
 !etc/eclipse/.checkstyle
 !**/src/**/build
 .DS_Store
+spring-session-docs/package-lock.json
+spring-session-docs/node_modules/

.sdkmanrc

@@ -3,4 +3,4 @@
 # See https://sdkman.io/usage#config
 # A summary is to add the following to ~/.sdkman/etc/config
 # sdkman_auto_env=true
-java=8.0.332-zulu
+java=17.0.2-tem

CONTRIBUTING.adoc

@@ -25,13 +25,6 @@ If you are reporting a bug, please help to speed up problem diagnosis by providi
 information as possible. Ideally, that would include a small sample project that
 reproduces the problem.
 
-== Create your branch from the oldest maintenance branch
-
-Create your topic branch to be submitted as a pull request from the oldest impacted and supported maintenance branch.
-You can find the supported versions by looking at the https://github.com/spring-projects/spring-session/milestones[milestones page].
-Switch to a branch named `<major>.<minor>.x` from the smallest milestone in the format of `<major>.<minor>.<patch>(-<prerelease>)`.
-The spring team will ensure the code gets merged forward into additional branches.
-
 
 == Sign the Contributor License Agreement
 If you have not previously done so, please fill out and

README.adoc

@@ -25,7 +25,7 @@ Additional Spring Session modules can be found in the https://github.com/spring-
 
 == Getting Started
 
-We recommend you visit the https://docs.spring.io/spring-session/reference/index.html[Spring Session Reference] and look through the "Samples and Guides" section to see which one best suits your needs.
+We recommend you visit the https://docs.spring.io/spring-session/docs/current/reference/html5/#samples[Spring Session Reference] and look through the "Samples and Guides" section to see which one best suits your needs.
 
 == Samples
 
@@ -63,7 +63,7 @@ Compile and test; build all jars, distribution zips, and docs
 
 You can find the documentation, samples, and guides for using Spring Session on the https://projects.spring.io/spring-session/[Spring Session project site].
 
-For more in depth information, visit the https://docs.spring.io/spring-session/docs/current/reference/html5/[Spring Session Reference].
+For more in depth information, visit the https://docs.spring.io/spring-session/reference/[Spring Session Reference].
 
 == Code of Conduct
 

RELEASE.adoc

@@ -18,7 +18,7 @@ You can manually check at https://github.com/spring-projects/spring-session/mile
 
 == 3. Update Release Version
 
-Update the version number in `gradle.properties` for the release, for example `2.7.0-M1`, `2.7.0-RC1`, `2.7.3`
+Update the version number in `gradle.properties` for the release, for example `3.0.0-M1`, `3.0.0-RC1`, `3.0.4`
 
 == 4. Update Antora Version
 
@@ -26,9 +26,9 @@ You will need to update the antora.yml version.
 
 For milestone / release candidate releases you should follow this format:
 ----
-version: '2.7.0-RC1'
+version: '3.0.0-RC1'
 prerelease: 'true'
-display_version: '2.7.0-RC1'
+display_version: '3.0.0-RC1'
 ----
 
 == 5. Build Locally
@@ -50,8 +50,8 @@ Wait for the artifact to appear in https://repo1.maven.org/maven2/org/springfram
 Tag the release and then push the tag
 
 ....
-git tag 2.7.0-RC1
-git push origin 2.7.0-RC1
+git tag 3.0.0-RC1
+git push origin 3.0.0-RC1
 ....
 
 == 8. Update to Next Development Version
@@ -76,7 +76,7 @@ java -jar github-changelog-generator.jar \
     $MILESTONE release-notes
 ....
 
-Note 1: `+$MILESTONE+` is something like `+2.7.1+` or `+2.7.0-M1+`. +
+Note 1: `+$MILESTONE+` is something like `+3.0.4+` or `+3.0.0-M1+`. +
 Note 2: This will create a file on your filesystem
 called `+release-notes+`.
 

build.gradle

@@ -4,7 +4,7 @@ buildscript {
 		snapshotBuild = version.endsWith('SNAPSHOT')
 		milestoneBuild = !(releaseBuild || snapshotBuild)
 
-		springBootVersion = '2.7.8'
+		springBootVersion = '3.0.0-SNAPSHOT'
 	}
 
 	repositories {
@@ -35,7 +35,7 @@ subprojects {
 	apply plugin: 'io.spring.javaformat'
 
 	plugins.withType(JavaPlugin) {
-		sourceCompatibility = JavaVersion.VERSION_1_8
+		sourceCompatibility = JavaVersion.VERSION_17
 	}
 
 	tasks.withType(Test) {
@@ -45,4 +45,6 @@ subprojects {
 
 nohttp {
     source.exclude "buildSrc/build/**"
+	source.exclude "spring-session-docs/.gradle/nodejs/**"
+	source.exclude "spring-session-docs/modules/ROOT/examples/**/build/**"
 }

buildSrc/build.gradle

@@ -4,7 +4,7 @@ plugins {
     id "groovy"
 }
 
-sourceCompatibility = 1.8
+sourceCompatibility = JavaVersion.VERSION_11
 
 repositories {
     jcenter()
@@ -62,9 +62,9 @@ dependencies {
     implementation 'com.apollographql.apollo:apollo-runtime:2.4.5'
     implementation 'com.github.ben-manes:gradle-versions-plugin:0.38.0'
     implementation 'com.github.spullara.mustache.java:compiler:0.9.10'
-    implementation 'io.spring.javaformat:spring-javaformat-gradle-plugin:0.0.15'
+    implementation 'io.spring.javaformat:spring-javaformat-gradle-plugin:0.0.34'
     implementation 'io.spring.nohttp:nohttp-gradle:0.0.9'
-    implementation 'net.sourceforge.htmlunit:htmlunit:2.55.0'
+    implementation 'net.sourceforge.htmlunit:htmlunit:2.37.0'
     implementation 'org.hidetake:gradle-ssh-plugin:2.10.1'
     implementation 'org.jfrog.buildinfo:build-info-extractor-gradle:4.29.0'
     implementation 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.7.1'

buildSrc/gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.3-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

buildSrc/src/main/groovy/io/spring/gradle/convention/AbstractSpringJavaPlugin.groovy

@@ -35,6 +35,7 @@ public abstract class AbstractSpringJavaPlugin implements Plugin<Project> {
 
 	@Override
 	public final void apply(Project project) {
+		initialPlugins(project);
 		PluginManager pluginManager = project.getPluginManager();
 		pluginManager.apply(JavaPlugin.class);
 		pluginManager.apply(ManagementConfigurationPlugin.class)
@@ -69,5 +70,7 @@ public abstract class AbstractSpringJavaPlugin implements Plugin<Project> {
 		additionalPlugins(project);
 	}
 
+	protected void initialPlugins(Project project) {}
+
 	protected abstract void additionalPlugins(Project project);
 }

buildSrc/src/main/groovy/io/spring/gradle/convention/JacocoPlugin.groovy

@@ -34,7 +34,7 @@ class JacocoPlugin implements Plugin<Project> {
 			project.tasks.check.dependsOn project.tasks.jacocoTestReport
 
 			project.jacoco {
-				toolVersion = '0.8.2'
+				toolVersion = '0.8.7'
 			}
 		}
 	}

buildSrc/src/main/groovy/io/spring/gradle/convention/SpringSamplePlugin.groovy

@@ -30,4 +30,19 @@ public class SpringSamplePlugin extends AbstractSpringJavaPlugin {
             project.sonarqube.skipProject = true
         }
     }
+
+	@Override
+	protected void initialPlugins(Project project) {
+		if (project.hasProperty('springBootVersion')) {
+			String springBootVersion = project.springBootVersion
+
+			if (Utils.isSnapshot(springBootVersion)) {
+				project.ext.forceMavenRepositories = 'snapshot'
+			}
+			else if (Utils.isMilestone(springBootVersion)) {
+				project.ext.forceMavenRepositories = 'milestone'
+			}
+		}
+
+	}
 }

buildSrc/src/main/groovy/io/spring/gradle/convention/SpringSampleWarPlugin.groovy

@@ -36,7 +36,7 @@ public class SpringSampleWarPlugin extends SpringSamplePlugin {
         pluginManager.apply("org.gretty");
 
         project.gretty {
-            servletContainer = 'tomcat85'
+            servletContainer = 'tomcat10'
             contextPath = '/'
             fileLogEnabled = false
         }

buildSrc/src/main/groovy/io/spring/gradle/convention/Utils.groovy

@@ -14,16 +14,29 @@ public class Utils {
 
 	static boolean isSnapshot(Project project) {
 		String projectVersion = projectVersion(project)
-		return projectVersion.matches('^.*([.-]BUILD)?-SNAPSHOT$')
+		return isSnapshot(projectVersion)
 	}
 
 	static boolean isMilestone(Project project) {
 		String projectVersion = projectVersion(project)
-		return projectVersion.matches('^.*[.-]M\\d+$') || projectVersion.matches('^.*[.-]RC\\d+$')
+		return isMilestone(projectVersion)
 	}
 
 	static boolean isRelease(Project project) {
-		return !(isSnapshot(project) || isMilestone(project))
+		String projectVersion = projectVersion(project)
+		return isRelease(projectVersion)
+	}
+
+	static boolean isSnapshot(String projectVersion) {
+		return projectVersion.matches('^.*([.-]BUILD)?-SNAPSHOT$')
+	}
+
+	static boolean isMilestone(String projectVersion) {
+		return projectVersion.matches('^.*[.-]M\\d+$') || projectVersion.matches('^.*[.-]RC\\d+$')
+	}
+
+	static boolean isRelease(String projectVersion) {
+		return !(isSnapshot(projectVersion) || isMilestone(projectVersion))
 	}
 
 	private static String projectVersion(Project project) {

buildSrc/src/test/java/io/spring/gradle/convention/JavadocApiPluginITest.java

@@ -28,7 +28,7 @@ public class JavadocApiPluginITest {
 				.build();
 		assertThat(result.task(":api").getOutcome()).isEqualTo(TaskOutcome.SUCCESS);
         File allClasses = new File(testKit.getRootDir(), "build/api/allclasses-noframe.html");
-		File index = new File(testKit.getRootDir(), "build/api/allclasses.html");
+		File index = new File(testKit.getRootDir(), "build/api/allclasses-index.html");
 		File listing = allClasses.exists() ? allClasses : index;
 		String listingText = FileUtils.readFileToString(listing);
 		assertThat(listingText).contains("sample/Api.html");

buildSrc/src/test/resources/samples/integrationtest/withpropdeps/build.gradle

@@ -9,7 +9,7 @@ repositories {
 }
 
 dependencies {
-	optional 'jakarta.servlet:jakarta.servlet-api:4.0.4'
+	optional 'jakarta.servlet:jakarta.servlet-api:5.0.0'
 	testImplementation platform('org.junit:junit-bom:5.8.1')
 	testImplementation 'org.junit.jupiter:junit-jupiter-api'
 	testImplementation 'org.junit.jupiter:junit-jupiter-engine'

buildSrc/src/test/resources/samples/integrationtest/withpropdeps/src/integration-test/java/sample/TheTest.java

@@ -1,7 +1,7 @@
 package sample;
 
 import org.junit.jupiter.api.Test;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 public class TheTest {
 	@Test

buildSrc/src/test/resources/samples/showcase/samples/sgbcs-sample-war/build.gradle

@@ -1,10 +1,10 @@
 plugins {
-    id "org.gretty" version "3.0.7"
+    id "org.gretty" version "4.0.0"
     id "io.spring.convention.spring-sample-war"
 }
 
 dependencies {
-	provided 'jakarta.servlet:jakarta.servlet-api:4.0.4'
+	provided 'jakarta.servlet:jakarta.servlet-api:5.0.0'
     testImplementation 'commons-io:commons-io:2.11.0'
     testImplementation 'org.assertj:assertj-core:3.21.0'
     testImplementation platform('org.junit:junit-bom:5.8.1')

buildSrc/src/test/resources/samples/showcase/samples/sgbcs-sample-war/src/main/java/sample/HelloServlet.java

@@ -18,11 +18,11 @@ package sample;
 
 import java.io.IOException;
 
-import javax.servlet.ServletException;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 @WebServlet("/")
 public class HelloServlet extends HttpServlet {

git/hooks/forward-merge

@@ -1,135 +0,0 @@
-#!/usr/bin/ruby
-require 'json'
-require 'net/http'
-require 'yaml'
-require 'logger'
-
-$log = Logger.new(STDOUT)
-$log.level = Logger::WARN
-
-class ForwardMerge
-  attr_reader :issue, :milestone, :message, :line
-  def initialize(issue, milestone, message, line)
-    @issue = issue
-    @milestone = milestone
-    @message = message
-    @line = line
-  end
-end
-
-def find_forward_merges(message_file)
-  $log.debug "Searching for forward merge"
-  rev=`git rev-parse -q --verify MERGE_HEAD`.strip
-  $log.debug "Found #{rev} from git rev-parse"
-  return nil unless rev
-  message = File.read(message_file)
-  forward_merges = []
-  message.each_line do |line|
-    $log.debug "Checking #{line} for message"
-    match = /^(?:Fixes|Closes) gh-(\d+) in (\d\.\d\.[\dx](?:[\.\-](?:M|RC)\d)?)$/.match(line)
-    if match then
-      issue = match[1]
-      milestone = match[2]
-      $log.debug "Matched reference to issue #{issue} in milestone #{milestone}"
-      forward_merges << ForwardMerge.new(issue, milestone, message, line)
-    end
-  end
-  $log.debug "No match in merge message" unless forward_merges
-  return forward_merges
-end
-
-def get_issue(username, password, repository, number)
-  $log.debug "Getting issue #{number} from GitHub repository #{repository}"
-  uri = URI("https://api.github.com/repos/#{repository}/issues/#{number}")
-  http = Net::HTTP.new(uri.host, uri.port)
-  http.use_ssl=true
-  request = Net::HTTP::Get.new(uri.path)
-  request.basic_auth(username, password)
-  response = http.request(request)
-  $log.debug "Get HTTP response #{response.code}"
-  return JSON.parse(response.body) unless response.code != '200'
-  puts "Failed to retrieve issue #{number}: #{response.message}"
-  exit 1
-end
-
-def find_milestone(username, password, repository, title)
-  $log.debug "Finding milestone #{title} from GitHub repository #{repository}"
-  uri = URI("https://api.github.com/repos/#{repository}/milestones")
-  http = Net::HTTP.new(uri.host, uri.port)
-  http.use_ssl=true
-  request = Net::HTTP::Get.new(uri.path)
-  request.basic_auth(username, password)
-  response = http.request(request)
-  milestones = JSON.parse(response.body)
-  if title.end_with?(".x")
-    prefix = title.delete_suffix('.x')
-    $log.debug "Finding nearest milestone from candidates starting with #{prefix}"
-    titles = milestones.map { |milestone| milestone['title'] }
-    titles = titles.select{ |title| title.start_with?(prefix) unless title.end_with?('.x')}
-    titles = titles.sort_by { |v| Gem::Version.new(v) }
-    $log.debug "Considering candidates #{titles}"
-    if(titles.empty?)
-      puts "Cannot find nearest milestone for prefix #{title}"
-      exit 1
-    end
-    title = titles.first
-    $log.debug "Found nearest milestone #{title}"
-  end
-  milestones.each do |milestone|
-    $log.debug "Considering #{milestone['title']}"
-    return milestone['number'] if milestone['title'] == title
-  end
-  puts "Milestone #{title} not found in #{repository}"
-  exit 1
-end
-
-def create_issue(username, password, repository, original, title, labels, milestone, milestone_name, dry_run)
-  $log.debug "Finding forward-merge issue in GitHub repository #{repository} for '#{title}'"
-  uri = URI("https://api.github.com/repos/#{repository}/issues")
-  http = Net::HTTP.new(uri.host, uri.port)
-  http.use_ssl=true
-  request = Net::HTTP::Post.new(uri.path, 'Content-Type' => 'application/json')
-  request.basic_auth(username, password)
-  request.body = {
-    title: title,
-    labels: labels,
-    milestone: milestone.to_i,
-    body: "Forward port of issue ##{original} to #{milestone_name}."
-  }.to_json
-  if dry_run then
-    puts "Dry run"
-    puts "POSTing to #{uri} with body #{request.body}"
-    return "dry-run"
-  end
-  response = JSON.parse(http.request(request).body)
-  $log.debug "Created new issue #{response['number']}"
-  return response['number']
-end
-
-$log.debug "Running forward-merge hook script"
-message_file=ARGV[0]
-
-forward_merges = find_forward_merges(message_file)
-exit 0 unless forward_merges
-
-$log.debug "Loading config from ~/.spring-boot/forward_merge.yml"
-config = YAML.load_file(File.join(Dir.home, '.spring-boot', 'forward-merge.yml'))
-username = config['github']['credentials']['username']
-password = config['github']['credentials']['password']
-dry_run = config['dry_run']
-repository = 'spring-projects/spring-session'
-
-forward_merges.each do |forward_merge|
-  existing_issue = get_issue(username, password, repository, forward_merge.issue)
-  title = existing_issue['title']
-  labels = existing_issue['labels'].map { |label| label['name'] }
-  labels << "status: forward-port"
-  $log.debug "Processing issue '#{title}'"
-
-  milestone = find_milestone(username, password, repository, forward_merge.milestone)
-  new_issue_number = create_issue(username, password, repository, forward_merge.issue, title, labels, milestone, forward_merge.milestone, dry_run)
-
-  puts "Created gh-#{new_issue_number} for forward port of gh-#{forward_merge.issue} into #{forward_merge.milestone}"
-  rewritten_message = forward_merge.message.sub(forward_merge.line, "Closes gh-#{new_issue_number}\n")
-  File.write(message_file, rewritten_message)
-end

git/hooks/prepare-forward-merge

@@ -1,71 +0,0 @@
-#!/usr/bin/ruby
-require 'json'
-require 'net/http'
-require 'yaml'
-require 'logger'
-
-$main_branch = "3.0.x"
-
-$log = Logger.new(STDOUT)
-$log.level = Logger::WARN
-
-def get_fixed_issues()
-  $log.debug "Searching for for forward merge"
-  rev=`git rev-parse -q --verify MERGE_HEAD`.strip
-  $log.debug "Found #{rev} from git rev-parse"
-  return nil unless rev
-  fixed = []
-  message = `git log -1 --pretty=%B #{rev}`
-  message.each_line do |line|
-    $log.debug "Checking #{line} for message"
-    fixed << line.strip if /^(?:Fixes|Closes) gh-(\d+)/.match(line)
-  end
-  $log.debug "Found fixed issues #{fixed}"
-  return fixed;
-end
-
-def rewrite_message(message_file, fixed)
-  current_branch = `git rev-parse --abbrev-ref HEAD`.strip
-  if current_branch == "main"
-    current_branch = $main_branch
-  end
-  rewritten_message = ""
-  message = File.read(message_file)
-  message.each_line do |line|
-    match = /^Merge.*branch\ '(.*)'(?:\ into\ (.*))?$/.match(line)
-    if match
-      from_branch = match[1]
-      if from_branch.include? "/"
-        from_branch = from_branch.partition("/").last
-      end
-      to_brach = match[2]
-      $log.debug "Rewriting merge message"
-      line = "Merge branch '#{from_branch}'" + (to_brach ? " into #{to_brach}\n" : "\n")
-    end
-    if fixed and line.start_with?("#")
-      $log.debug "Adding fixed"
-      rewritten_message << "\n"
-      fixed.each do |fixes|
-        rewritten_message << "#{fixes} in #{current_branch}\n"
-      end
-      fixed = nil
-    end
-    rewritten_message << line
-  end
-  return rewritten_message
-end
-
-$log.debug "Running prepare-forward-merge hook script"
-
-message_file=ARGV[0]
-message_type=ARGV[1]
-
-if message_type != "merge"
-  $log.debug "Not a merge commit"
-  exit 0;
-end
-
-$log.debug "Searching for for forward merge"
-fixed = get_fixed_issues()
-rewritten_message = rewrite_message(message_file, fixed)
-File.write(message_file, rewritten_message)

gradle.properties

@@ -1,3 +1,3 @@
 org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
 org.gradle.parallel=true
-version=2.7.1
+version=3.0.0

gradle/dependency-management.gradle

@@ -1,49 +1,45 @@
 dependencyManagement {
 	imports {
-		mavenBom 'io.projectreactor:reactor-bom:2020.0.30'
-		mavenBom 'com.fasterxml.jackson:jackson-bom:2.13.5'
-		mavenBom 'org.junit:junit-bom:5.8.2'
-		mavenBom 'org.springframework:spring-framework-bom:5.3.26'
-		mavenBom 'org.springframework.data:spring-data-bom:2021.2.9'
-		mavenBom 'org.springframework.security:spring-security-bom:5.7.7'
-		mavenBom 'org.testcontainers:testcontainers-bom:1.17.6'
+		mavenBom 'io.projectreactor:reactor-bom:2022.0.0'
+		mavenBom 'com.fasterxml.jackson:jackson-bom:2.13.4.20221013'
+		mavenBom 'org.junit:junit-bom:5.9.1'
+		mavenBom 'org.mockito:mockito-bom:4.8.1'
+		mavenBom 'org.springframework:spring-framework-bom:6.0.0'
+		mavenBom 'org.springframework.data:spring-data-bom:2022.0.0'
+		mavenBom 'org.springframework.security:spring-security-bom:6.0.0'
+		mavenBom 'org.testcontainers:testcontainers-bom:1.17.3'
 	}
 
 	dependencies {
-		dependencySet(group: 'com.hazelcast', version: '3.12.12') {
-			entry 'hazelcast'
-			entry 'hazelcast-client'
-		}
-
+		dependency 'com.hazelcast:hazelcast:5.1.4'
 		dependency 'org.aspectj:aspectjweaver:1.9.9.1'
-		dependency 'ch.qos.logback:logback-core:1.2.11'
+		dependency 'ch.qos.logback:logback-core:1.4.4'
 		dependency 'com.google.code.findbugs:jsr305:3.0.2'
-		dependency 'com.h2database:h2:1.4.200'
-		dependency 'com.ibm.db2:jcc:11.5.8.0'
-		dependency 'com.microsoft.sqlserver:mssql-jdbc:9.4.1.jre8'
-		dependency 'com.oracle.database.jdbc:ojdbc8:21.5.0.0'
-		dependency 'com.zaxxer:HikariCP:4.0.3'
+		dependency 'com.h2database:h2:2.1.214'
+		dependency 'com.ibm.db2:jcc:11.5.7.0'
+		dependency 'com.microsoft.sqlserver:mssql-jdbc:11.2.1.jre17'
+		dependency 'com.oracle.database.jdbc:ojdbc8:21.7.0.0'
+		dependency 'com.zaxxer:HikariCP:5.0.1'
 		dependency 'edu.umd.cs.mtc:multithreadedtc:1.01'
-		dependency 'io.lettuce:lettuce-core:6.1.10.RELEASE'
-		dependency 'jakarta.annotation:jakarta.annotation-api:1.3.5'
-		dependency 'jakarta.servlet:jakarta.servlet-api:4.0.4'
-		dependency 'mysql:mysql-connector-java:8.0.32'
-		dependency 'org.apache.derby:derby:10.14.2.0'
-		dependency 'org.assertj:assertj-core:3.22.0'
-		dependency 'org.hamcrest:hamcrest:2.2'
-		dependency 'org.hsqldb:hsqldb:2.5.2'
-		dependency 'org.mariadb.jdbc:mariadb-java-client:2.7.8'
-		dependencySet(group: 'org.mockito', version: '4.5.1') {
-        	entry 'mockito-core'
-			entry 'mockito-junit-jupiter'
+		dependency 'io.lettuce:lettuce-core:6.2.1.RELEASE'
+		dependency 'jakarta.servlet:jakarta.servlet-api:6.0.0'
+		dependency 'jakarta.websocket:jakarta.websocket-api:2.1.0'
+		dependency 'jakarta.websocket:jakarta.websocket-client-api:2.1.0'
+		dependency 'mysql:mysql-connector-java:8.0.30'
+		dependencySet(group: 'org.apache.derby', version: '10.16.1.1') {
+			entry 'derby'
+			entry 'derbytools'
 		}
-
-		dependencySet(group: 'org.mongodb', version: '4.6.1') {
+		dependency 'org.assertj:assertj-core:3.23.1'
+		dependency 'org.hamcrest:hamcrest:2.2'
+		dependency 'org.hsqldb:hsqldb:2.7.0'
+		dependency 'org.mariadb.jdbc:mariadb-java-client:3.0.7'
+		dependencySet(group: 'org.mongodb', version: '4.8.0-beta0') {
 			entry 'mongodb-driver-core'
 			entry 'mongodb-driver-sync'
 			entry 'mongodb-driver-reactivestreams'
 		}
-		dependency 'org.postgresql:postgresql:42.3.8'
+		dependency 'org.postgresql:postgresql:42.5.0'
 	}
 }
 

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.3-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.5.1-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradlew

@@ -205,6 +205,12 @@ set -- \
         org.gradle.wrapper.GradleWrapperMain \
         "$@"
 
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
 # Use "xargs" to parse quoted args.
 #
 # With -n1 it outputs one arg per line, with the quotes and backslashes removed.

gradlew.bat

@@ -1,89 +1,91 @@
-@rem
-@rem Copyright 2015 the original author or authors.
-@rem
-@rem Licensed under the Apache License, Version 2.0 (the "License");
-@rem you may not use this file except in compliance with the License.
-@rem You may obtain a copy of the License at
-@rem
-@rem      https://www.apache.org/licenses/LICENSE-2.0
-@rem
-@rem Unless required by applicable law or agreed to in writing, software
-@rem distributed under the License is distributed on an "AS IS" BASIS,
-@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-@rem See the License for the specific language governing permissions and
-@rem limitations under the License.
-@rem
-
-@if "%DEBUG%" == "" @echo off
-@rem ##########################################################################
-@rem
-@rem  Gradle startup script for Windows
-@rem
-@rem ##########################################################################
-
-@rem Set local scope for the variables with windows NT shell
-if "%OS%"=="Windows_NT" setlocal
-
-set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
-set APP_BASE_NAME=%~n0
-set APP_HOME=%DIRNAME%
-
-@rem Resolve any "." and ".." in APP_HOME to make it shorter.
-for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
-
-@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
-
-@rem Find java.exe
-if defined JAVA_HOME goto findJavaFromJavaHome
-
-set JAVA_EXE=java.exe
-%JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto execute
-
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
-
-goto fail
-
-:findJavaFromJavaHome
-set JAVA_HOME=%JAVA_HOME:"=%
-set JAVA_EXE=%JAVA_HOME%/bin/java.exe
-
-if exist "%JAVA_EXE%" goto execute
-
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
-
-goto fail
-
-:execute
-@rem Setup the command line
-
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
-
-
-@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
-
-:end
-@rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
-
-:fail
-rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
-rem the _cmd.exe /c_ return code!
-if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
-
-:mainEnd
-if "%OS%"=="Windows_NT" endlocal
-
-:omega
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%"=="" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%"=="" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if %ERRORLEVEL% equ 0 goto execute
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+
+:end
+@rem End local scope for the variables with windows NT shell
+if %ERRORLEVEL% equ 0 goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega

settings.gradle

@@ -6,20 +6,19 @@ pluginManagement {
 }
 
 plugins {
-    id "com.gradle.enterprise" version "3.9"
+    id "com.gradle.enterprise" version "3.11.2"
     id "io.spring.ge.conventions" version "0.0.7"
 }
 
 rootProject.name = 'spring-session-build'
 
+include 'spring-session-bom'
 include 'spring-session-core'
 include 'spring-session-data-mongodb'
 include 'spring-session-data-redis'
 include 'spring-session-docs'
 include 'spring-session-hazelcast'
 include 'spring-session-jdbc'
-include 'hazelcast4'
-project(':hazelcast4').projectDir = file('spring-session-hazelcast/hazelcast4')
 
 file('spring-session-samples').eachDirMatch(~/spring-session-sample-.*/) { dir ->
     include dir.name

spring-session-bom/spring-session-bom.gradle

@@ -0,0 +1,15 @@
+import io.spring.gradle.convention.SpringModulePlugin
+
+plugins {
+	id("io.spring.convention.bom")
+}
+
+dependencies {
+	constraints {
+		project.rootProject.allprojects { project ->
+			project.plugins.withType(SpringModulePlugin) {
+				api(project)
+			}
+		}
+	}
+}

spring-session-core/spring-session-core.gradle

@@ -6,7 +6,6 @@ dependencies {
 	api "org.springframework:spring-jcl"
 
 	optional "io.projectreactor:reactor-core"
-	optional "jakarta.annotation:jakarta.annotation-api"
 	optional "jakarta.servlet:jakarta.servlet-api"
 	optional "org.springframework:spring-context"
 	optional "org.springframework:spring-jdbc"
@@ -19,6 +18,8 @@ dependencies {
 
 	testImplementation "io.projectreactor:reactor-test"
 	testImplementation "org.mockito:mockito-core"
+	testImplementation "org.mockito:mockito-junit-jupiter"
+	testImplementation "org.mockito:mockito-inline"
 	testImplementation "edu.umd.cs.mtc:multithreadedtc"
 	testImplementation "org.springframework:spring-test"
 	testImplementation "org.assertj:assertj-core"

spring-session-core/src/main/java/org/springframework/session/MapSession.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -49,10 +49,16 @@ import java.util.UUID;
 public final class MapSession implements Session, Serializable {
 
 	/**
-	 * Default {@link #setMaxInactiveInterval(Duration)} (30 minutes).
+	 * Default {@link #setMaxInactiveInterval(Duration)} (30 minutes) in seconds.
 	 */
 	public static final int DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS = 1800;
 
+	/**
+	 * Default {@link #setMaxInactiveInterval(Duration)} (30 minutes).
+	 */
+	public static final Duration DEFAULT_MAX_INACTIVE_INTERVAL = Duration
+			.ofSeconds(DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS);
+
 	private String id;
 
 	private final String originalId;
@@ -66,7 +72,7 @@ public final class MapSession implements Session, Serializable {
 	/**
 	 * Defaults to 30 minutes.
 	 */
-	private Duration maxInactiveInterval = Duration.ofSeconds(DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS);
+	private Duration maxInactiveInterval = DEFAULT_MAX_INACTIVE_INTERVAL;
 
 	/**
 	 * Creates a new instance with a secure randomly generated identifier.

spring-session-core/src/main/java/org/springframework/session/MapSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@ import java.util.Map;
 
 import org.springframework.session.events.SessionDeletedEvent;
 import org.springframework.session.events.SessionExpiredEvent;
+import org.springframework.util.Assert;
 
 /**
  * A {@link SessionRepository} backed by a {@link java.util.Map} and that uses a
@@ -38,11 +39,7 @@ import org.springframework.session.events.SessionExpiredEvent;
  */
 public class MapSessionRepository implements SessionRepository<MapSession> {
 
-	/**
-	 * If non-null, this value is used to override
-	 * {@link Session#setMaxInactiveInterval(Duration)}.
-	 */
-	private Integer defaultMaxInactiveInterval;
+	private Duration defaultMaxInactiveInterval = Duration.ofSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS);
 
 	private final Map<String, Session> sessions;
 
@@ -59,12 +56,13 @@ public class MapSessionRepository implements SessionRepository<MapSession> {
 	}
 
 	/**
-	 * If non-null, this value is used to override
-	 * {@link Session#setMaxInactiveInterval(Duration)}.
-	 * @param defaultMaxInactiveInterval the number of seconds that the {@link Session}
-	 * should be kept alive between client requests.
+	 * Set the maximum inactive interval in seconds between requests before newly created
+	 * sessions will be invalidated. A negative time indicates that the session will never
+	 * time out. The default is 30 minutes.
+	 * @param defaultMaxInactiveInterval the default maxInactiveInterval
 	 */
-	public void setDefaultMaxInactiveInterval(int defaultMaxInactiveInterval) {
+	public void setDefaultMaxInactiveInterval(Duration defaultMaxInactiveInterval) {
+		Assert.notNull(defaultMaxInactiveInterval, "defaultMaxInactiveInterval must not be null");
 		this.defaultMaxInactiveInterval = defaultMaxInactiveInterval;
 	}
 
@@ -97,9 +95,7 @@ public class MapSessionRepository implements SessionRepository<MapSession> {
 	@Override
 	public MapSession createSession() {
 		MapSession result = new MapSession();
-		if (this.defaultMaxInactiveInterval != null) {
-			result.setMaxInactiveInterval(Duration.ofSeconds(this.defaultMaxInactiveInterval));
-		}
+		result.setMaxInactiveInterval(this.defaultMaxInactiveInterval);
 		return result;
 	}
 

spring-session-core/src/main/java/org/springframework/session/ReactiveMapSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,6 +23,7 @@ import reactor.core.publisher.Mono;
 
 import org.springframework.session.events.SessionDeletedEvent;
 import org.springframework.session.events.SessionExpiredEvent;
+import org.springframework.util.Assert;
 
 /**
  * A {@link ReactiveSessionRepository} backed by a {@link Map} and that uses a
@@ -40,11 +41,7 @@ import org.springframework.session.events.SessionExpiredEvent;
  */
 public class ReactiveMapSessionRepository implements ReactiveSessionRepository<MapSession> {
 
-	/**
-	 * If non-null, this value is used to override
-	 * {@link Session#setMaxInactiveInterval(Duration)}.
-	 */
-	private Integer defaultMaxInactiveInterval;
+	private Duration defaultMaxInactiveInterval = Duration.ofSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS);
 
 	private final Map<String, Session> sessions;
 
@@ -61,12 +58,13 @@ public class ReactiveMapSessionRepository implements ReactiveSessionRepository<M
 	}
 
 	/**
-	 * If non-null, this value is used to override
-	 * {@link Session#setMaxInactiveInterval(Duration)}.
-	 * @param defaultMaxInactiveInterval the number of seconds that the {@link Session}
-	 * should be kept alive between client requests.
+	 * Set the maximum inactive interval in seconds between requests before newly created
+	 * sessions will be invalidated. A negative time indicates that the session will never
+	 * time out. The default is 30 minutes.
+	 * @param defaultMaxInactiveInterval the default maxInactiveInterval
 	 */
-	public void setDefaultMaxInactiveInterval(int defaultMaxInactiveInterval) {
+	public void setDefaultMaxInactiveInterval(Duration defaultMaxInactiveInterval) {
+		Assert.notNull(defaultMaxInactiveInterval, "defaultMaxInactiveInterval must not be null");
 		this.defaultMaxInactiveInterval = defaultMaxInactiveInterval;
 	}
 
@@ -99,9 +97,7 @@ public class ReactiveMapSessionRepository implements ReactiveSessionRepository<M
 	public Mono<MapSession> createSession() {
 		return Mono.defer(() -> {
 			MapSession result = new MapSession();
-			if (this.defaultMaxInactiveInterval != null) {
-				result.setMaxInactiveInterval(Duration.ofSeconds(this.defaultMaxInactiveInterval));
-			}
+			result.setMaxInactiveInterval(this.defaultMaxInactiveInterval);
 			return Mono.just(result);
 		});
 	}

spring-session-core/src/main/java/org/springframework/session/aot/hint/CommonSessionRuntimeHints.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.aot.hint;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.TreeSet;
+
+import org.springframework.aot.hint.RuntimeHints;
+import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.aot.hint.TypeReference;
+
+/**
+ * A {@link RuntimeHintsRegistrar} for common session hints.
+ *
+ * @author Marcus Da Coregio
+ */
+class CommonSessionRuntimeHints implements RuntimeHintsRegistrar {
+
+	@Override
+	public void registerHints(RuntimeHints hints, ClassLoader classLoader) {
+		Arrays.asList(TypeReference.of(String.class), TypeReference.of(ArrayList.class),
+				TypeReference.of(TreeSet.class), TypeReference.of(Number.class), TypeReference.of(Long.class),
+				TypeReference.of(Integer.class), TypeReference.of(StackTraceElement.class),
+				TypeReference.of(Throwable.class), TypeReference.of(Exception.class),
+				TypeReference.of(RuntimeException.class),
+				TypeReference.of("java.util.Collections$UnmodifiableCollection"),
+				TypeReference.of("java.util.Collections$UnmodifiableList"),
+				TypeReference.of("java.util.Collections$EmptyList"),
+				TypeReference.of("java.util.Collections$UnmodifiableRandomAccessList"),
+				TypeReference.of("java.util.Collections$UnmodifiableSet")).forEach(hints.serialization()::registerType);
+	}
+
+}

spring-session-core/src/main/java/org/springframework/session/aot/hint/CommonSessionSecurityRuntimeHints.java

@@ -0,0 +1,86 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.aot.hint;
+
+import java.util.Arrays;
+
+import org.springframework.aot.hint.RuntimeHints;
+import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.aot.hint.TypeReference;
+
+/**
+ * A {@link RuntimeHintsRegistrar} for common session security hints.
+ *
+ * @author Marcus Da Coregio
+ */
+class CommonSessionSecurityRuntimeHints implements RuntimeHintsRegistrar {
+
+	@Override
+	public void registerHints(RuntimeHints hints, ClassLoader classLoader) {
+		registerSecurityHintsIfNeeded(hints);
+		registerOAuth2ClientHintsIfNeeded(hints);
+		registerOAuth2ResourceServerHintsIfNeeded(hints);
+	}
+
+	private void registerSecurityHintsIfNeeded(RuntimeHints hints) {
+		Arrays.asList(TypeReference.of("org.springframework.security.core.context.SecurityContextImpl"),
+				TypeReference.of("org.springframework.security.core.authority.SimpleGrantedAuthority"),
+				TypeReference.of("org.springframework.security.core.userdetails.User"),
+				TypeReference.of("org.springframework.security.authentication.AbstractAuthenticationToken"),
+				TypeReference.of("org.springframework.security.authentication.UsernamePasswordAuthenticationToken"),
+				TypeReference.of("org.springframework.security.core.AuthenticationException"),
+				TypeReference.of("org.springframework.security.authentication.BadCredentialsException"),
+				TypeReference.of("org.springframework.security.core.userdetails.UsernameNotFoundException"),
+				TypeReference.of("org.springframework.security.authentication.AccountExpiredException"),
+				TypeReference.of("org.springframework.security.authentication.ProviderNotFoundException"),
+				TypeReference.of("org.springframework.security.authentication.DisabledException"),
+				TypeReference.of("org.springframework.security.authentication.LockedException"),
+				TypeReference.of("org.springframework.security.authentication.AuthenticationServiceException"),
+				TypeReference.of("org.springframework.security.authentication.CredentialsExpiredException"),
+				TypeReference.of("org.springframework.security.authentication.InsufficientAuthenticationException"),
+				TypeReference
+						.of("org.springframework.security.web.authentication.session.SessionAuthenticationException"),
+				TypeReference.of(
+						"org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException"),
+				TypeReference.of("org.springframework.security.core.userdetails.User$AuthorityComparator"))
+				.forEach((type) -> hints.serialization().registerType(type, (hint) -> hint.onReachableType(
+						TypeReference.of("org.springframework.security.core.context.SecurityContextImpl"))));
+	}
+
+	private void registerOAuth2ResourceServerHintsIfNeeded(RuntimeHints hints) {
+		Arrays.asList(
+				TypeReference.of("org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken"),
+				TypeReference.of(
+						"org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken"),
+				TypeReference.of("org.springframework.security.oauth2.core.OAuth2AuthenticationException"))
+				.forEach((type) -> hints.serialization().registerType(type, (hint) -> hint.onReachableType(TypeReference
+						.of("org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken"))));
+	}
+
+	private void registerOAuth2ClientHintsIfNeeded(RuntimeHints hints) {
+		Arrays.asList(
+				TypeReference.of("org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken"),
+				TypeReference
+						.of("org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken"),
+				TypeReference.of(
+						"org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken"),
+				TypeReference.of("org.springframework.security.oauth2.core.OAuth2AuthenticationException"))
+				.forEach((type) -> hints.serialization().registerType(type, (hint) -> hint.onReachableType(TypeReference
+						.of("org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken"))));
+	}
+
+}

spring-session-core/src/main/java/org/springframework/session/aot/hint/server/WebSessionSecurityRuntimeHints.java

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.aot.hint.server;
+
+import org.springframework.aot.hint.RuntimeHints;
+import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.security.web.server.csrf.DefaultCsrfToken;
+import org.springframework.util.ClassUtils;
+
+/**
+ * {@link RuntimeHintsRegistrar} for Reactive Session hints.
+ *
+ * @author Marcus Da Coregio
+ */
+class WebSessionSecurityRuntimeHints implements RuntimeHintsRegistrar {
+
+	@Override
+	public void registerHints(RuntimeHints hints, ClassLoader classLoader) {
+		if (!ClassUtils.isPresent("org.springframework.web.server.WebSession", classLoader) || !ClassUtils
+				.isPresent("org.springframework.security.web.server.csrf.DefaultCsrfToken", classLoader)) {
+			return;
+		}
+		hints.serialization().registerType(DefaultCsrfToken.class);
+	}
+
+}

spring-session-core/src/main/java/org/springframework/session/aot/hint/servlet/HttpSessionSecurityRuntimeHints.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.aot.hint.servlet;
+
+import java.util.Arrays;
+import java.util.Locale;
+import java.util.TreeMap;
+
+import org.springframework.aot.hint.RuntimeHints;
+import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.aot.hint.TypeReference;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+import org.springframework.security.web.csrf.DefaultCsrfToken;
+import org.springframework.security.web.savedrequest.DefaultSavedRequest;
+import org.springframework.security.web.savedrequest.SavedCookie;
+import org.springframework.util.ClassUtils;
+
+/**
+ * {@link RuntimeHintsRegistrar} for Servlet Session hints.
+ *
+ * @author Marcus Da Coregio
+ */
+class HttpSessionSecurityRuntimeHints implements RuntimeHintsRegistrar {
+
+	@Override
+	public void registerHints(RuntimeHints hints, ClassLoader classLoader) {
+		if (!ClassUtils.isPresent("jakarta.servlet.http.HttpSession", classLoader)
+				|| !ClassUtils.isPresent("org.springframework.security.web.csrf.DefaultCsrfToken", classLoader)) {
+			return;
+		}
+		Arrays.asList(TypeReference.of(TreeMap.class), TypeReference.of(Locale.class),
+				TypeReference.of(DefaultSavedRequest.class), TypeReference.of(DefaultCsrfToken.class),
+				TypeReference.of(WebAuthenticationDetails.class), TypeReference.of(SavedCookie.class),
+				TypeReference.of("java.lang.String$CaseInsensitiveComparator"))
+				.forEach(hints.serialization()::registerType);
+	}
+
+}

spring-session-core/src/main/java/org/springframework/session/config/annotation/web/http/EnableSpringHttpSession.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,7 +20,6 @@ import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.Target;
 
-import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.session.SessionRepository;
 import org.springframework.session.events.SessionCreatedEvent;
@@ -34,7 +33,7 @@ import org.springframework.session.events.SessionDestroyedEvent;
  *
  * <pre>
  * <code>
- * {@literal @Configuration}
+ * {@literal @Configuration(proxyBeanMethods = false)}
  * {@literal @EnableSpringHttpSession}
  * public class SpringHttpSessionConfig {
  *
@@ -74,7 +73,6 @@ import org.springframework.session.events.SessionDestroyedEvent;
 @Target({ java.lang.annotation.ElementType.TYPE })
 @Documented
 @Import(SpringHttpSessionConfiguration.class)
-@Configuration(proxyBeanMethods = false)
 public @interface EnableSpringHttpSession {
 
 }

spring-session-core/src/main/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,15 +19,15 @@ package org.springframework.session.config.annotation.web.http;
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.annotation.PostConstruct;
-import javax.servlet.ServletContext;
-import javax.servlet.SessionCookieConfig;
-import javax.servlet.http.HttpSessionListener;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.SessionCookieConfig;
+import jakarta.servlet.http.HttpSessionListener;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
@@ -91,7 +91,7 @@ import org.springframework.util.ObjectUtils;
  * @see EnableSpringHttpSession
  */
 @Configuration(proxyBeanMethods = false)
-public class SpringHttpSessionConfiguration implements ApplicationContextAware {
+public class SpringHttpSessionConfiguration implements InitializingBean, ApplicationContextAware {
 
 	private final Log logger = LogFactory.getLog(getClass());
 
@@ -107,8 +107,8 @@ public class SpringHttpSessionConfiguration implements ApplicationContextAware {
 
 	private List<HttpSessionListener> httpSessionListeners = new ArrayList<>();
 
-	@PostConstruct
-	public void init() {
+	@Override
+	public void afterPropertiesSet() {
 		CookieSerializer cookieSerializer = (this.cookieSerializer != null) ? this.cookieSerializer
 				: createDefaultCookieSerializer();
 		this.defaultHttpSessionIdResolver.setCookieSerializer(cookieSerializer);

spring-session-core/src/main/java/org/springframework/session/config/annotation/web/server/EnableSpringWebSession.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,7 +20,6 @@ import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.Target;
 
-import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 
 /**
@@ -31,7 +30,7 @@ import org.springframework.context.annotation.Import;
  *
  * <pre>
  * <code>
- * {@literal @Configuration}
+ * {@literal @Configuration(proxyBeanMethods = false)}
  * {@literal @EnableSpringWebSession}
  * public class SpringWebFluxConfig {
  *
@@ -50,7 +49,6 @@ import org.springframework.context.annotation.Import;
 @Target({ java.lang.annotation.ElementType.TYPE })
 @Documented
 @Import(SpringWebSessionConfiguration.class)
-@Configuration(proxyBeanMethods = false)
 public @interface EnableSpringWebSession {
 
 }

spring-session-core/src/main/java/org/springframework/session/security/web/authentication/SpringSessionRememberMeServices.java

@@ -16,9 +16,9 @@
 
 package org.springframework.session.security.web.authentication;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

spring-session-core/src/main/java/org/springframework/session/web/context/AbstractHttpSessionApplicationInitializer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,10 +19,10 @@ package org.springframework.session.web.context;
 import java.util.Arrays;
 import java.util.EnumSet;
 
-import javax.servlet.DispatcherType;
-import javax.servlet.Filter;
-import javax.servlet.FilterRegistration.Dynamic;
-import javax.servlet.ServletContext;
+import jakarta.servlet.DispatcherType;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterRegistration.Dynamic;
+import jakarta.servlet.ServletContext;
 
 import org.springframework.context.ApplicationContext;
 import org.springframework.core.Conventions;

spring-session-core/src/main/java/org/springframework/session/web/http/CookieHttpSessionIdResolver.java

@@ -18,8 +18,8 @@ package org.springframework.session.web.http;
 
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.session.web.http.CookieSerializer.CookieValue;
 
@@ -32,8 +32,8 @@ import org.springframework.session.web.http.CookieSerializer.CookieValue;
  * When a session is created, the HTTP response will have a cookie with the specified
  * cookie name and the value of the session id. The cookie will be marked as a session
  * cookie, use the context path for the path of the cookie, marked as HTTPOnly, and if
- * {@link javax.servlet.http.HttpServletRequest#isSecure()} returns true, the cookie will
- * be marked as secure. For example:
+ * {@link jakarta.servlet.http.HttpServletRequest#isSecure()} returns true, the cookie
+ * will be marked as secure. For example:
  *
  * <pre>
  * HTTP/1.1 200 OK

spring-session-core/src/main/java/org/springframework/session/web/http/CookieSerializer.java

@@ -18,9 +18,9 @@ package org.springframework.session.web.http;
 
 import java.util.List;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Strategy for reading and writing a cookie value to the {@link HttpServletResponse}.

spring-session-core/src/main/java/org/springframework/session/web/http/DefaultCookieSerializer.java

@@ -28,9 +28,9 @@ import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -88,7 +88,8 @@ public class DefaultCookieSerializer implements CookieSerializer {
 	private String sameSite = "Lax";
 
 	/*
-	 * @see org.springframework.session.web.http.CookieSerializer#readCookieValues(javax.
+	 * @see
+	 * org.springframework.session.web.http.CookieSerializer#readCookieValues(jakarta.
 	 * servlet.http.HttpServletRequest)
 	 */
 	@Override

spring-session-core/src/main/java/org/springframework/session/web/http/HeaderHttpSessionIdResolver.java

@@ -19,8 +19,8 @@ package org.springframework.session.web.http;
 import java.util.Collections;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * A {@link HttpSessionIdResolver} that uses a header to resolve the session id.
@@ -98,6 +98,7 @@ public class HeaderHttpSessionIdResolver implements HttpSessionIdResolver {
 	@Override
 	public List<String> resolveSessionIds(HttpServletRequest request) {
 		String headerValue = request.getHeader(this.headerName);
+		System.out.println(headerValue);
 		return (headerValue != null) ? Collections.singletonList(headerValue) : Collections.emptyList();
 	}
 

spring-session-core/src/main/java/org/springframework/session/web/http/HttpSessionAdapter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,14 +19,11 @@ package org.springframework.session.web.http;
 import java.time.Duration;
 import java.util.Collections;
 import java.util.Enumeration;
-import java.util.NoSuchElementException;
-import java.util.Set;
 
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpSession;
-import javax.servlet.http.HttpSessionBindingEvent;
-import javax.servlet.http.HttpSessionBindingListener;
-import javax.servlet.http.HttpSessionContext;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSessionBindingEvent;
+import jakarta.servlet.http.HttpSessionBindingListener;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -41,12 +38,11 @@ import org.springframework.session.Session;
  * @author Vedran Pavic
  * @since 1.1
  */
-@SuppressWarnings("deprecation")
 class HttpSessionAdapter<S extends Session> implements HttpSession {
 
 	private static final Log logger = LogFactory.getLog(HttpSessionAdapter.class);
 
-	private S session;
+	private final S session;
 
 	private final ServletContext servletContext;
 
@@ -101,35 +97,18 @@ class HttpSessionAdapter<S extends Session> implements HttpSession {
 		return (int) this.session.getMaxInactiveInterval().getSeconds();
 	}
 
-	@Override
-	public HttpSessionContext getSessionContext() {
-		return NOOP_SESSION_CONTEXT;
-	}
-
 	@Override
 	public Object getAttribute(String name) {
 		checkState();
 		return this.session.getAttribute(name);
 	}
 
-	@Override
-	public Object getValue(String name) {
-		return getAttribute(name);
-	}
-
 	@Override
 	public Enumeration<String> getAttributeNames() {
 		checkState();
 		return Collections.enumeration(this.session.getAttributeNames());
 	}
 
-	@Override
-	public String[] getValueNames() {
-		checkState();
-		Set<String> attrs = this.session.getAttributeNames();
-		return attrs.toArray(new String[0]);
-	}
-
 	@Override
 	public void setAttribute(String name, Object value) {
 		checkState();
@@ -156,11 +135,6 @@ class HttpSessionAdapter<S extends Session> implements HttpSession {
 		}
 	}
 
-	@Override
-	public void putValue(String name, Object value) {
-		setAttribute(name, value);
-	}
-
 	@Override
 	public void removeAttribute(String name) {
 		checkState();
@@ -176,11 +150,6 @@ class HttpSessionAdapter<S extends Session> implements HttpSession {
 		}
 	}
 
-	@Override
-	public void removeValue(String name) {
-		removeAttribute(name);
-	}
-
 	@Override
 	public void invalidate() {
 		checkState();
@@ -203,32 +172,4 @@ class HttpSessionAdapter<S extends Session> implements HttpSession {
 		}
 	}
 
-	private static final HttpSessionContext NOOP_SESSION_CONTEXT = new HttpSessionContext() {
-
-		@Override
-		public HttpSession getSession(String sessionId) {
-			return null;
-		}
-
-		@Override
-		public Enumeration<String> getIds() {
-			return EMPTY_ENUMERATION;
-		}
-
-	};
-
-	private static final Enumeration<String> EMPTY_ENUMERATION = new Enumeration<String>() {
-
-		@Override
-		public boolean hasMoreElements() {
-			return false;
-		}
-
-		@Override
-		public String nextElement() {
-			throw new NoSuchElementException("a");
-		}
-
-	};
-
 }

spring-session-core/src/main/java/org/springframework/session/web/http/HttpSessionIdResolver.java

@@ -18,8 +18,8 @@ package org.springframework.session.web.http;
 
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Contract for session id resolution strategies. Allows for session id resolution through

spring-session-core/src/main/java/org/springframework/session/web/http/OnCommittedResponseWrapper.java

@@ -20,14 +20,14 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.Locale;
 
-import javax.servlet.ServletOutputStream;
-import javax.servlet.WriteListener;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
+import jakarta.servlet.ServletOutputStream;
+import jakarta.servlet.WriteListener;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponseWrapper;
 
 /**
  * Base class for response wrappers which encapsulate the logic for handling an event when
- * the {@link javax.servlet.http.HttpServletResponse} is committed.
+ * the {@link jakarta.servlet.http.HttpServletResponse} is committed.
  *
  * @author Rob Winch
  * @since 1.0
@@ -84,16 +84,16 @@ abstract class OnCommittedResponseWrapper extends HttpServletResponseWrapper {
 	/**
 	 * Invoke this method to disable invoking
 	 * {@link OnCommittedResponseWrapper#onResponseCommitted()} when the
-	 * {@link javax.servlet.http.HttpServletResponse} is committed. This can be useful in
-	 * the event that Async Web Requests are made.
+	 * {@link jakarta.servlet.http.HttpServletResponse} is committed. This can be useful
+	 * in the event that Async Web Requests are made.
 	 */
 	private void disableOnResponseCommitted() {
 		this.disableOnCommitted = true;
 	}
 
 	/**
-	 * Implement the logic for handling the {@link javax.servlet.http.HttpServletResponse}
-	 * being committed.
+	 * Implement the logic for handling the
+	 * {@link jakarta.servlet.http.HttpServletResponse} being committed.
 	 */
 	protected abstract void onResponseCommitted();
 
@@ -474,8 +474,9 @@ abstract class OnCommittedResponseWrapper extends HttpServletResponseWrapper {
 	/**
 	 * Ensures{@link OnCommittedResponseWrapper#onResponseCommitted()} is invoked before
 	 * calling methods that commit the response. We delegate all methods to the original
-	 * {@link javax.servlet.ServletOutputStream} to ensure that the behavior is as close
-	 * to the original {@link javax.servlet.ServletOutputStream} as possible. See SEC-2039
+	 * {@link jakarta.servlet.ServletOutputStream} to ensure that the behavior is as close
+	 * to the original {@link jakarta.servlet.ServletOutputStream} as possible. See
+	 * SEC-2039
 	 *
 	 * @author Rob Winch
 	 */

spring-session-core/src/main/java/org/springframework/session/web/http/OncePerRequestFilter.java

@@ -18,15 +18,15 @@ package org.springframework.session.web.http;
 
 import java.io.IOException;
 
-import javax.servlet.DispatcherType;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.DispatcherType;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Allows for easily ensuring that a request is only invoked once per request. This is a

spring-session-core/src/main/java/org/springframework/session/web/http/SessionEventHttpSessionListenerAdapter.java

@@ -18,10 +18,10 @@ package org.springframework.session.web.http;
 
 import java.util.List;
 
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpSession;
-import javax.servlet.http.HttpSessionEvent;
-import javax.servlet.http.HttpSessionListener;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSessionEvent;
+import jakarta.servlet.http.HttpSessionListener;
 
 import org.springframework.context.ApplicationListener;
 import org.springframework.session.Session;
@@ -79,9 +79,8 @@ public class SessionEventHttpSessionListenerAdapter
 	}
 
 	/*
-	 * @see
-	 * org.springframework.web.context.ServletContextAware#setServletContext(javax.servlet
-	 * .ServletContext)
+	 * @see org.springframework.web.context.ServletContextAware#setServletContext(jakarta.
+	 * servlet.ServletContext)
 	 */
 	@Override
 	public void setServletContext(ServletContext servletContext) {

spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2021 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,16 +20,16 @@ import java.io.IOException;
 import java.time.Instant;
 import java.util.List;
 
-import javax.servlet.FilterChain;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.RequestDispatcher;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -39,29 +39,29 @@ import org.springframework.session.Session;
 import org.springframework.session.SessionRepository;
 
 /**
- * Switches the {@link javax.servlet.http.HttpSession} implementation to be backed by a
+ * Switches the {@link jakarta.servlet.http.HttpSession} implementation to be backed by a
  * {@link org.springframework.session.Session}.
  *
  * The {@link SessionRepositoryFilter} wraps the
- * {@link javax.servlet.http.HttpServletRequest} and overrides the methods to get an
- * {@link javax.servlet.http.HttpSession} to be backed by a
+ * {@link jakarta.servlet.http.HttpServletRequest} and overrides the methods to get an
+ * {@link jakarta.servlet.http.HttpSession} to be backed by a
  * {@link org.springframework.session.Session} returned by the
  * {@link org.springframework.session.SessionRepository}.
  *
  * The {@link SessionRepositoryFilter} uses a {@link HttpSessionIdResolver} (default
  * {@link CookieHttpSessionIdResolver}) to bridge logic between an
- * {@link javax.servlet.http.HttpSession} and the
+ * {@link jakarta.servlet.http.HttpSession} and the
  * {@link org.springframework.session.Session} abstraction. Specifically:
  *
  * <ul>
  * <li>The session id is looked up using
- * {@link HttpSessionIdResolver#resolveSessionIds(javax.servlet.http.HttpServletRequest)}
+ * {@link HttpSessionIdResolver#resolveSessionIds(jakarta.servlet.http.HttpServletRequest)}
  * . The default is to look in a cookie named SESSION.</li>
  * <li>The session id of newly created {@link org.springframework.session.Session} is sent
  * to the client using
- * {@link HttpSessionIdResolver#setSessionId(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, String)}
+ * {@link HttpSessionIdResolver#setSessionId(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse, String)}
  * <li>The client is notified that the session id is no longer valid with
- * {@link HttpSessionIdResolver#expireSession(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)}
+ * {@link HttpSessionIdResolver#expireSession(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse)}
  * </li>
  * </ul>
  *
@@ -75,6 +75,7 @@ import org.springframework.session.SessionRepository;
  * @author Rob Winch
  * @author Vedran Pavic
  * @author Josh Cummings
+ * @author Yanming Zhou
  * @since 1.0
  */
 @Order(SessionRepositoryFilter.DEFAULT_ORDER)
@@ -183,8 +184,8 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 	}
 
 	/**
-	 * A {@link javax.servlet.http.HttpServletRequest} that retrieves the
-	 * {@link javax.servlet.http.HttpSession} using a
+	 * A {@link jakarta.servlet.http.HttpServletRequest} that retrieves the
+	 * {@link jakarta.servlet.http.HttpSession} using a
 	 * {@link org.springframework.session.SessionRepository}.
 	 *
 	 * @author Rob Winch
@@ -222,10 +223,11 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 			}
 			else {
 				S session = wrappedSession.getSession();
+				String requestedSessionId = getRequestedSessionId();
 				clearRequestedSessionCache();
 				SessionRepositoryFilter.this.sessionRepository.save(session);
 				String sessionId = session.getId();
-				if (!isRequestedSessionIdValid() || !sessionId.equals(getRequestedSessionId())) {
+				if (!isRequestedSessionIdValid() || !sessionId.equals(requestedSessionId)) {
 					SessionRepositoryFilter.this.httpSessionIdResolver.setSessionId(this, this.response, sessionId);
 				}
 			}
@@ -265,14 +267,7 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 				if (requestedSession != null) {
 					requestedSession.setLastAccessedTime(Instant.now());
 				}
-				return isRequestedSessionIdValid(requestedSession);
-			}
-			return this.requestedSessionIdValid;
-		}
-
-		private boolean isRequestedSessionIdValid(S session) {
-			if (this.requestedSessionIdValid == null) {
-				this.requestedSessionIdValid = session != null;
+				this.requestedSessionIdValid = (requestedSession != null);
 			}
 			return this.requestedSessionIdValid;
 		}
@@ -356,7 +351,6 @@ public class SessionRepositoryFilter<S extends Session> extends OncePerRequestFi
 					S session = SessionRepositoryFilter.this.sessionRepository.findById(sessionId);
 					if (session != null) {
 						this.requestedSession = session;
-						this.requestedSessionId = sessionId;
 						break;
 					}
 				}

spring-session-core/src/main/java/org/springframework/session/web/socket/server/SessionRepositoryMessageInterceptor.java

@@ -21,7 +21,7 @@ import java.util.EnumSet;
 import java.util.Map;
 import java.util.Set;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.springframework.http.server.ServerHttpRequest;
 import org.springframework.http.server.ServerHttpResponse;

spring-session-core/src/main/resources/META-INF/spring/aot.factories

@@ -0,0 +1,5 @@
+org.springframework.aot.hint.RuntimeHintsRegistrar=\
+org.springframework.session.aot.hint.CommonSessionRuntimeHints,\
+org.springframework.session.aot.hint.CommonSessionSecurityRuntimeHints,\
+org.springframework.session.aot.hint.servlet.HttpSessionSecurityRuntimeHints,\
+org.springframework.session.aot.hint.server.WebSessionSecurityRuntimeHints

spring-session-core/src/test/java/org/springframework/session/MapSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -60,8 +60,8 @@ class MapSessionRepositoryTests {
 
 	@Test
 	void createSessionCustomDefaultExpiration() {
-		final Duration expectedMaxInterval = new MapSession().getMaxInactiveInterval().plusSeconds(10);
-		this.repository.setDefaultMaxInactiveInterval((int) expectedMaxInterval.getSeconds());
+		Duration expectedMaxInterval = new MapSession().getMaxInactiveInterval().plusSeconds(10);
+		this.repository.setDefaultMaxInactiveInterval(expectedMaxInterval);
 
 		Session session = this.repository.createSession();
 

spring-session-core/src/test/java/org/springframework/session/ReactiveMapSessionRepositoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -103,8 +103,8 @@ class ReactiveMapSessionRepositoryTests {
 
 	@Test
 	void createSessionWhenCustomMaxInactiveIntervalThenCustomMaxInactiveInterval() {
-		final Duration expectedMaxInterval = new MapSession().getMaxInactiveInterval().plusSeconds(10);
-		this.repository.setDefaultMaxInactiveInterval((int) expectedMaxInterval.getSeconds());
+		Duration expectedMaxInterval = new MapSession().getMaxInactiveInterval().plusSeconds(10);
+		this.repository.setDefaultMaxInactiveInterval(expectedMaxInterval);
 
 		Session session = this.repository.createSession().block();
 

spring-session-core/src/test/java/org/springframework/session/aot/hint/CommonSessionRuntimeHintsTests.java

@@ -0,0 +1,74 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.aot.hint;
+
+import java.util.ArrayList;
+import java.util.TreeSet;
+import java.util.stream.Stream;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import org.springframework.aot.hint.RuntimeHints;
+import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.aot.hint.TypeReference;
+import org.springframework.aot.hint.predicate.RuntimeHintsPredicates;
+import org.springframework.core.io.support.SpringFactoriesLoader;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Tests for {@link CommonSessionRuntimeHints}
+ *
+ * @author Marcus Da Coregio
+ */
+class CommonSessionRuntimeHintsTests {
+
+	private final RuntimeHints hints = new RuntimeHints();
+
+	private final CommonSessionRuntimeHints commonSessionRuntimeHints = new CommonSessionRuntimeHints();
+
+	@ParameterizedTest
+	@MethodSource("getSerializationHintTypes")
+	void commonSessionTypesHasHints(TypeReference typeReference) {
+		this.commonSessionRuntimeHints.registerHints(this.hints, getClass().getClassLoader());
+		assertThat(RuntimeHintsPredicates.serialization().onType(typeReference)).accepts(this.hints);
+	}
+
+	@Test
+	void aotFactoriesContainsRegistrar() {
+		boolean match = SpringFactoriesLoader.forResourceLocation("META-INF/spring/aot.factories")
+				.load(RuntimeHintsRegistrar.class).stream()
+				.anyMatch((registrar) -> registrar instanceof CommonSessionRuntimeHints);
+		assertThat(match).isTrue();
+	}
+
+	private static Stream<TypeReference> getSerializationHintTypes() {
+		return Stream.of(TypeReference.of(String.class), TypeReference.of(ArrayList.class),
+				TypeReference.of(TreeSet.class), TypeReference.of(Number.class), TypeReference.of(Long.class),
+				TypeReference.of(Integer.class), TypeReference.of(StackTraceElement.class),
+				TypeReference.of(Throwable.class), TypeReference.of(Exception.class),
+				TypeReference.of(RuntimeException.class),
+				TypeReference.of("java.util.Collections$UnmodifiableCollection"),
+				TypeReference.of("java.util.Collections$UnmodifiableList"),
+				TypeReference.of("java.util.Collections$EmptyList"),
+				TypeReference.of("java.util.Collections$UnmodifiableRandomAccessList"),
+				TypeReference.of("java.util.Collections$UnmodifiableSet"));
+	}
+
+}

spring-session-core/src/test/java/org/springframework/session/aot/hint/CommonSessionSecurityRuntimeHintsTests.java

@@ -0,0 +1,92 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.aot.hint;
+
+import java.util.stream.Stream;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import org.springframework.aot.hint.RuntimeHints;
+import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.aot.hint.TypeReference;
+import org.springframework.aot.hint.predicate.RuntimeHintsPredicates;
+import org.springframework.core.io.support.SpringFactoriesLoader;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Tests for {@link CommonSessionSecurityRuntimeHints}
+ *
+ * @author Marcus Da Coregio
+ */
+class CommonSessionSecurityRuntimeHintsTests {
+
+	private final RuntimeHints hints = new RuntimeHints();
+
+	private final CommonSessionSecurityRuntimeHints commonSessionSecurityRuntimeHints = new CommonSessionSecurityRuntimeHints();
+
+	@ParameterizedTest
+	@MethodSource("getSerializationHintTypes")
+	void commonSecurityTypesHasHints(TypeReference typeReference) {
+		this.commonSessionSecurityRuntimeHints.registerHints(this.hints, getClass().getClassLoader());
+		assertThat(RuntimeHintsPredicates.serialization().onType(typeReference)).accepts(this.hints);
+	}
+
+	@Test
+	void aotFactoriesContainsRegistrar() {
+		boolean match = SpringFactoriesLoader.forResourceLocation("META-INF/spring/aot.factories")
+				.load(RuntimeHintsRegistrar.class).stream()
+				.anyMatch((registrar) -> registrar instanceof CommonSessionSecurityRuntimeHints);
+		assertThat(match).isTrue();
+	}
+
+	private static Stream<TypeReference> getSerializationHintTypes() {
+		return Stream.of(TypeReference.of("org.springframework.security.core.context.SecurityContextImpl"),
+				TypeReference.of("org.springframework.security.core.authority.SimpleGrantedAuthority"),
+				TypeReference.of("org.springframework.security.core.userdetails.User"),
+				TypeReference.of("org.springframework.security.authentication.AbstractAuthenticationToken"),
+				TypeReference.of("org.springframework.security.authentication.UsernamePasswordAuthenticationToken"),
+				TypeReference.of("org.springframework.security.core.AuthenticationException"),
+				TypeReference.of("org.springframework.security.authentication.BadCredentialsException"),
+				TypeReference.of("org.springframework.security.core.userdetails.UsernameNotFoundException"),
+				TypeReference.of("org.springframework.security.authentication.AccountExpiredException"),
+				TypeReference.of("org.springframework.security.authentication.ProviderNotFoundException"),
+				TypeReference.of("org.springframework.security.authentication.DisabledException"),
+				TypeReference.of("org.springframework.security.authentication.LockedException"),
+				TypeReference.of("org.springframework.security.authentication.AuthenticationServiceException"),
+				TypeReference.of("org.springframework.security.authentication.CredentialsExpiredException"),
+				TypeReference.of("org.springframework.security.authentication.InsufficientAuthenticationException"),
+				TypeReference
+						.of("org.springframework.security.web.authentication.session.SessionAuthenticationException"),
+				TypeReference.of(
+						"org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException"),
+				TypeReference.of("org.springframework.security.core.userdetails.User$AuthorityComparator"),
+				TypeReference.of("org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken"),
+				TypeReference.of(
+						"org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken"),
+				TypeReference.of("org.springframework.security.oauth2.core.OAuth2AuthenticationException"),
+				TypeReference.of("org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken"),
+				TypeReference
+						.of("org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken"),
+				TypeReference.of(
+						"org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken"),
+				TypeReference.of("org.springframework.security.oauth2.core.OAuth2AuthenticationException"));
+	}
+
+}

spring-session-core/src/test/java/org/springframework/session/aot/hint/server/WebSessionSecurityRuntimeHintsTests.java

@@ -0,0 +1,81 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.aot.hint.server;
+
+import org.junit.jupiter.api.Test;
+import org.mockito.MockedStatic;
+
+import org.springframework.aot.hint.RuntimeHints;
+import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.aot.hint.predicate.RuntimeHintsPredicates;
+import org.springframework.core.io.support.SpringFactoriesLoader;
+import org.springframework.security.web.server.csrf.DefaultCsrfToken;
+import org.springframework.util.ClassUtils;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mockStatic;
+
+/**
+ * Tests for {@link WebSessionSecurityRuntimeHints}
+ *
+ * @author Marcus Da Coregio
+ */
+class WebSessionSecurityRuntimeHintsTests {
+
+	private final RuntimeHints hints = new RuntimeHints();
+
+	private final WebSessionSecurityRuntimeHints webSessionSecurityRuntimeHints = new WebSessionSecurityRuntimeHints();
+
+	@Test
+	void defaultCsrfTokenHasHints() {
+		this.webSessionSecurityRuntimeHints.registerHints(this.hints, getClass().getClassLoader());
+		assertThat(RuntimeHintsPredicates.serialization().onType(DefaultCsrfToken.class)).accepts(this.hints);
+	}
+
+	@Test
+	void registerHintsWhenWebSessionMissingThenDoNotRegisterHints() {
+		try (MockedStatic<ClassUtils> classUtilsMock = mockStatic(ClassUtils.class)) {
+			classUtilsMock.when(() -> ClassUtils.isPresent(eq("org.springframework.web.server.WebSession"), any()))
+					.thenReturn(false);
+			this.webSessionSecurityRuntimeHints.registerHints(this.hints, getClass().getClassLoader());
+			assertThat(this.hints.serialization().javaSerializationHints()).isEmpty();
+		}
+	}
+
+	@Test
+	void registerHintsWhenDefaultCsrfTokenMissingThenDoNotRegisterHints() {
+		try (MockedStatic<ClassUtils> classUtilsMock = mockStatic(ClassUtils.class)) {
+			classUtilsMock
+					.when(() -> ClassUtils
+							.isPresent(eq("org.springframework.security.web.server.csrf.DefaultCsrfToken"), any()))
+					.thenReturn(false);
+			this.webSessionSecurityRuntimeHints.registerHints(this.hints, getClass().getClassLoader());
+			assertThat(this.hints.serialization().javaSerializationHints()).isEmpty();
+		}
+	}
+
+	@Test
+	void aotFactoriesContainsRegistrar() {
+		boolean match = SpringFactoriesLoader.forResourceLocation("META-INF/spring/aot.factories")
+				.load(RuntimeHintsRegistrar.class).stream()
+				.anyMatch((registrar) -> registrar instanceof WebSessionSecurityRuntimeHints);
+		assertThat(match).isTrue();
+	}
+
+}

spring-session-core/src/test/java/org/springframework/session/aot/hint/servlet/HttpSessionSecurityRuntimeHintsTests.java

@@ -0,0 +1,98 @@
+/*
+ * Copyright 2014-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.aot.hint.servlet;
+
+import java.util.Locale;
+import java.util.TreeMap;
+import java.util.stream.Stream;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
+import org.mockito.MockedStatic;
+
+import org.springframework.aot.hint.RuntimeHints;
+import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.aot.hint.TypeReference;
+import org.springframework.aot.hint.predicate.RuntimeHintsPredicates;
+import org.springframework.core.io.support.SpringFactoriesLoader;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+import org.springframework.security.web.csrf.DefaultCsrfToken;
+import org.springframework.security.web.savedrequest.DefaultSavedRequest;
+import org.springframework.security.web.savedrequest.SavedCookie;
+import org.springframework.util.ClassUtils;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mockStatic;
+
+/**
+ * Tests for {@link HttpSessionSecurityRuntimeHints}
+ *
+ * @author Marcus Da Coregio
+ */
+class HttpSessionSecurityRuntimeHintsTests {
+
+	private final RuntimeHints hints = new RuntimeHints();
+
+	private final HttpSessionSecurityRuntimeHints httpSessionSecurityRuntimeHints = new HttpSessionSecurityRuntimeHints();
+
+	@ParameterizedTest
+	@MethodSource("getSerializationHintTypes")
+	void httpSessionHasHints(TypeReference typeReference) {
+		this.httpSessionSecurityRuntimeHints.registerHints(this.hints, getClass().getClassLoader());
+		assertThat(RuntimeHintsPredicates.serialization().onType(typeReference)).accepts(this.hints);
+	}
+
+	@Test
+	void registerHintsWhenHttpSessionMissingThenDoNotRegisterHints() {
+		try (MockedStatic<ClassUtils> classUtilsMock = mockStatic(ClassUtils.class)) {
+			classUtilsMock.when(() -> ClassUtils.isPresent(eq("jakarta.servlet.http.HttpSession"), any()))
+					.thenReturn(false);
+			this.httpSessionSecurityRuntimeHints.registerHints(this.hints, getClass().getClassLoader());
+			assertThat(this.hints.serialization().javaSerializationHints()).isEmpty();
+		}
+	}
+
+	@Test
+	void registerHintsWhenDefaultCsrfTokenMissingThenDoNotRegisterHints() {
+		try (MockedStatic<ClassUtils> classUtilsMock = mockStatic(ClassUtils.class)) {
+			classUtilsMock.when(
+					() -> ClassUtils.isPresent(eq("org.springframework.security.web.csrf.DefaultCsrfToken"), any()))
+					.thenReturn(false);
+			this.httpSessionSecurityRuntimeHints.registerHints(this.hints, getClass().getClassLoader());
+			assertThat(this.hints.serialization().javaSerializationHints()).isEmpty();
+		}
+	}
+
+	@Test
+	void aotFactoriesContainsRegistrar() {
+		boolean match = SpringFactoriesLoader.forResourceLocation("META-INF/spring/aot.factories")
+				.load(RuntimeHintsRegistrar.class).stream()
+				.anyMatch((registrar) -> registrar instanceof HttpSessionSecurityRuntimeHints);
+		assertThat(match).isTrue();
+	}
+
+	private static Stream<TypeReference> getSerializationHintTypes() {
+		return Stream.of(TypeReference.of(TreeMap.class), TypeReference.of(Locale.class),
+				TypeReference.of(DefaultSavedRequest.class), TypeReference.of(DefaultCsrfToken.class),
+				TypeReference.of(WebAuthenticationDetails.class), TypeReference.of(SavedCookie.class),
+				TypeReference.of("java.lang.String$CaseInsensitiveComparator"));
+	}
+
+}

spring-session-core/src/test/java/org/springframework/session/config/annotation/web/http/EnableSpringHttpSessionCustomCookieSerializerTests.java

@@ -19,10 +19,10 @@ package org.springframework.session.config.annotation.web.http;
 import java.io.IOException;
 import java.util.Collections;
 
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;

spring-session-core/src/test/java/org/springframework/session/config/annotation/web/http/SpringHttpSessionConfigurationTests.java

@@ -18,7 +18,7 @@ package org.springframework.session.config.annotation.web.http;
 
 import java.util.concurrent.ConcurrentHashMap;
 
-import javax.servlet.ServletContext;
+import jakarta.servlet.ServletContext;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;

spring-session-core/src/test/java/org/springframework/session/config/annotation/web/server/SpringWebSessionConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@ import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.UnsatisfiedDependencyException;
 import org.springframework.context.annotation.AnnotationConfigApplicationContext;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.session.ReactiveMapSessionRepository;
 import org.springframework.session.ReactiveSessionRepository;
 import org.springframework.web.server.adapter.WebHttpHandlerBuilder;
@@ -105,6 +106,7 @@ class SpringWebSessionConfigurationTests {
 	/**
 	 * A configuration with all the right parts.
 	 */
+	@Configuration(proxyBeanMethods = false)
 	@EnableSpringWebSession
 	static class GoodConfig {
 
@@ -122,11 +124,13 @@ class SpringWebSessionConfigurationTests {
 	/**
 	 * A configuration where no {@link ReactiveSessionRepository} is defined. It's BAD!
 	 */
+	@Configuration(proxyBeanMethods = false)
 	@EnableSpringWebSession
 	static class BadConfig {
 
 	}
 
+	@Configuration(proxyBeanMethods = false)
 	@EnableSpringWebSession
 	static class OverrideSessionIdResolver {
 

spring-session-core/src/test/java/org/springframework/session/security/SpringSessionBackedSessionRegistryTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2021 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,12 +24,12 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
-import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
+import org.mockito.junit.jupiter.MockitoExtension;
 
 import org.springframework.security.core.AuthenticatedPrincipal;
 import org.springframework.security.core.Authentication;
@@ -44,10 +44,12 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.BDDMockito.mock;
 import static org.mockito.BDDMockito.verify;
+import static org.mockito.Mockito.withSettings;
 
 /**
  * Tests for {@link SpringSessionBackedSessionRegistry}.
  */
+@ExtendWith(MockitoExtension.class)
 class SpringSessionBackedSessionRegistryTest {
 
 	private static final String SESSION_ID = "sessionId";
@@ -66,11 +68,6 @@ class SpringSessionBackedSessionRegistryTest {
 	@InjectMocks
 	private SpringSessionBackedSessionRegistry<Session> sessionRegistry;
 
-	@BeforeEach
-	void setUp() {
-		MockitoAnnotations.initMocks(this);
-	}
-
 	@Test
 	void sessionInformationForExistingSession() {
 		Session session = createSession(SESSION_ID, USER_NAME, NOW);
@@ -157,7 +154,7 @@ class SpringSessionBackedSessionRegistryTest {
 	private Session createSession(String sessionId, String userName, Instant lastAccessed) {
 		MapSession session = new MapSession(sessionId);
 		session.setLastAccessedTime(lastAccessed);
-		Authentication authentication = mock(Authentication.class);
+		Authentication authentication = mock(Authentication.class, withSettings().lenient());
 		given(authentication.getName()).willReturn(userName);
 		SecurityContextImpl securityContext = new SecurityContextImpl();
 		securityContext.setAuthentication(authentication);

spring-session-core/src/test/java/org/springframework/session/security/web/authentication/SpringSessionRememberMeServicesTests.java

@@ -16,9 +16,9 @@
 
 package org.springframework.session.security.web.authentication;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.Test;
 

spring-session-core/src/test/java/org/springframework/session/web/http/CookieHttpSessionIdResolverTests.java

@@ -19,7 +19,7 @@ package org.springframework.session.web.http;
 import java.util.Base64;
 import java.util.Collections;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;

spring-session-core/src/test/java/org/springframework/session/web/http/DefaultCookieSerializerTests.java

@@ -23,7 +23,7 @@ import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.Base64;
 
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.Cookie;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;

spring-session-core/src/test/java/org/springframework/session/web/http/OnCommittedResponseWrapperTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,23 +21,25 @@ import java.io.PrintWriter;
 import java.nio.charset.StandardCharsets;
 import java.util.Locale;
 
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletOutputStream;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
+import org.mockito.junit.jupiter.MockitoExtension;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.verify;
 
+@ExtendWith(MockitoExtension.class)
 class OnCommittedResponseWrapperTests {
 
 	private static final String NL = "\r\n";
 
-	@Mock
+	@Mock(lenient = true)
 	HttpServletResponse delegate;
 
 	@Mock
@@ -52,7 +54,6 @@ class OnCommittedResponseWrapperTests {
 
 	@BeforeEach
 	void setup() throws Exception {
-		MockitoAnnotations.initMocks(this);
 		this.response = new OnCommittedResponseWrapper(this.delegate) {
 			@Override
 			protected void onResponseCommitted() {

spring-session-core/src/test/java/org/springframework/session/web/http/OncePerRequestFilterTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,12 +20,12 @@ import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.servlet.DispatcherType;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.DispatcherType;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;

spring-session-core/src/test/java/org/springframework/session/web/http/SessionEventHttpSessionListenerAdapterTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,16 +19,17 @@ package org.springframework.session.web.http;
 import java.util.Arrays;
 import java.util.Collections;
 
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpSessionEvent;
-import javax.servlet.http.HttpSessionListener;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.http.HttpSessionEvent;
+import jakarta.servlet.http.HttpSessionListener;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
+import org.mockito.junit.jupiter.MockitoExtension;
 
 import org.springframework.mock.web.MockServletContext;
 import org.springframework.session.MapSession;
@@ -47,6 +48,7 @@ import static org.mockito.Mockito.verifyNoMoreInteractions;
  * @author Rob Winch
  * @since 1.1
  */
+@ExtendWith(MockitoExtension.class)
 class SessionEventHttpSessionListenerAdapterTests {
 
 	@Mock
@@ -69,7 +71,6 @@ class SessionEventHttpSessionListenerAdapterTests {
 
 	@BeforeEach
 	void setup() {
-		MockitoAnnotations.initMocks(this);
 		this.listener = new SessionEventHttpSessionListenerAdapter(Arrays.asList(this.listener1, this.listener2));
 		this.listener.setServletContext(new MockServletContext());
 

spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,29 +24,28 @@ import java.util.Base64;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.NoSuchElementException;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicInteger;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import javax.servlet.http.HttpSessionBindingEvent;
-import javax.servlet.http.HttpSessionBindingListener;
-import javax.servlet.http.HttpSessionContext;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSessionBindingEvent;
+import jakarta.servlet.http.HttpSessionBindingListener;
 
 import org.assertj.core.data.Offset;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
+import org.mockito.junit.jupiter.MockitoExtension;
 
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.AnnotationAwareOrderComparator;
@@ -78,7 +77,7 @@ import static org.mockito.Mockito.verifyNoMoreInteractions;
 /**
  * Tests for {@link SessionRepositoryFilter}.
  */
-@SuppressWarnings("deprecation")
+@ExtendWith(MockitoExtension.class)
 class SessionRepositoryFilterTests {
 
 	@Mock
@@ -98,7 +97,6 @@ class SessionRepositoryFilterTests {
 
 	@BeforeEach
 	void setup() {
-		MockitoAnnotations.initMocks(this);
 		this.sessions = new HashMap<>();
 		this.sessionRepository = new MapSessionRepository(this.sessions);
 		this.filter = new SessionRepositoryFilter<>(this.sessionRepository);
@@ -315,52 +313,6 @@ class SessionRepositoryFilterTests {
 		});
 	}
 
-	@Test
-	void doFilterValue() throws Exception {
-		final String ATTR = "ATTR";
-		final String VALUE = "VALUE";
-		doFilter(new DoInFilter() {
-			@Override
-			public void doFilter(HttpServletRequest wrappedRequest) {
-				wrappedRequest.getSession().putValue(ATTR, VALUE);
-				assertThat(wrappedRequest.getSession().getValue(ATTR)).isEqualTo(VALUE);
-				assertThat(Arrays.asList(wrappedRequest.getSession().getValueNames())).containsOnly(ATTR);
-			}
-		});
-
-		nextRequest();
-
-		doFilter(new DoInFilter() {
-			@Override
-			public void doFilter(HttpServletRequest wrappedRequest) {
-				assertThat(wrappedRequest.getSession().getValue(ATTR)).isEqualTo(VALUE);
-				assertThat(Arrays.asList(wrappedRequest.getSession().getValueNames())).containsOnly(ATTR);
-			}
-		});
-
-		nextRequest();
-
-		doFilter(new DoInFilter() {
-			@Override
-			public void doFilter(HttpServletRequest wrappedRequest) {
-				assertThat(wrappedRequest.getSession().getValue(ATTR)).isEqualTo(VALUE);
-
-				wrappedRequest.getSession().removeValue(ATTR);
-
-				assertThat(wrappedRequest.getSession().getValue(ATTR)).isNull();
-			}
-		});
-
-		nextRequest();
-
-		doFilter(new DoInFilter() {
-			@Override
-			public void doFilter(HttpServletRequest wrappedRequest) {
-				assertThat(wrappedRequest.getSession().getValue(ATTR)).isNull();
-			}
-		});
-	}
-
 	@Test
 	void doFilterIsNewTrue() throws Exception {
 		doFilter(new DoInFilter() {
@@ -636,27 +588,6 @@ class SessionRepositoryFilterTests {
 		assertThat(session.getSecure()).describedAs("Session Cookie should be marked as Secure").isTrue();
 	}
 
-	@Test
-	void doFilterSessionContext() throws Exception {
-		doFilter(new DoInFilter() {
-			@Override
-			public void doFilter(HttpServletRequest wrappedRequest) {
-				HttpSessionContext sessionContext = wrappedRequest.getSession().getSessionContext();
-				assertThat(sessionContext).isNotNull();
-				assertThat(sessionContext.getSession("a")).isNull();
-				assertThat(sessionContext.getIds()).isNotNull();
-				assertThat(sessionContext.getIds().hasMoreElements()).isFalse();
-
-				try {
-					sessionContext.getIds().nextElement();
-					fail("Expected Exception");
-				}
-				catch (NoSuchElementException ignored) {
-				}
-			}
-		});
-	}
-
 	// --- saving
 
 	@Test
@@ -740,23 +671,6 @@ class SessionRepositoryFilterTests {
 		});
 	}
 
-	@Test
-	void doFilterInvalidateValueIllegalState() throws Exception {
-		doFilter(new DoInFilter() {
-			@Override
-			public void doFilter(HttpServletRequest wrappedRequest) {
-				HttpSession session = wrappedRequest.getSession();
-				session.invalidate();
-				try {
-					session.getValue("attr");
-					fail("Expected Exception");
-				}
-				catch (IllegalStateException ignored) {
-				}
-			}
-		});
-	}
-
 	@Test
 	void doFilterInvalidateAttributeNamesIllegalState() throws Exception {
 		doFilter(new DoInFilter() {
@@ -774,23 +688,6 @@ class SessionRepositoryFilterTests {
 		});
 	}
 
-	@Test
-	void doFilterInvalidateValueNamesIllegalState() throws Exception {
-		doFilter(new DoInFilter() {
-			@Override
-			public void doFilter(HttpServletRequest wrappedRequest) {
-				HttpSession session = wrappedRequest.getSession();
-				session.invalidate();
-				try {
-					session.getValueNames();
-					fail("Expected Exception");
-				}
-				catch (IllegalStateException ignored) {
-				}
-			}
-		});
-	}
-
 	@Test
 	void doFilterInvalidateSetAttributeIllegalState() throws Exception {
 		doFilter(new DoInFilter() {
@@ -808,23 +705,6 @@ class SessionRepositoryFilterTests {
 		});
 	}
 
-	@Test
-	void doFilterInvalidatePutValueIllegalState() throws Exception {
-		doFilter(new DoInFilter() {
-			@Override
-			public void doFilter(HttpServletRequest wrappedRequest) {
-				HttpSession session = wrappedRequest.getSession();
-				session.invalidate();
-				try {
-					session.putValue("a", "b");
-					fail("Expected Exception");
-				}
-				catch (IllegalStateException ignored) {
-				}
-			}
-		});
-	}
-
 	@Test
 	void doFilterInvalidateRemoveAttributeIllegalState() throws Exception {
 		doFilter(new DoInFilter() {
@@ -842,23 +722,6 @@ class SessionRepositoryFilterTests {
 		});
 	}
 
-	@Test
-	void doFilterInvalidateRemoveValueIllegalState() throws Exception {
-		doFilter(new DoInFilter() {
-			@Override
-			public void doFilter(HttpServletRequest wrappedRequest) {
-				HttpSession session = wrappedRequest.getSession();
-				session.invalidate();
-				try {
-					session.removeValue("name");
-					fail("Expected Exception");
-				}
-				catch (IllegalStateException ignored) {
-				}
-			}
-		});
-	}
-
 	@Test
 	void doFilterInvalidateNewIllegalState() throws Exception {
 		doFilter(new DoInFilter() {
@@ -920,20 +783,6 @@ class SessionRepositoryFilterTests {
 		});
 	}
 
-	@Test
-	void doFilterInvalidateSessionContext() throws Exception {
-		doFilter(new DoInFilter() {
-			@Override
-			public void doFilter(HttpServletRequest wrappedRequest) {
-				HttpSession session = wrappedRequest.getSession();
-				session.invalidate();
-
-				// no exception
-				session.getSessionContext();
-			}
-		});
-	}
-
 	@Test
 	void doFilterInvalidateMaxInteractiveInterval() throws Exception {
 		doFilter(new DoInFilter() {
@@ -1326,8 +1175,8 @@ class SessionRepositoryFilterTests {
 			}
 		});
 
-		// 3 invocations expected: initial resolution, after invalidation, after commit
-		verify(sessionRepository, times(3)).findById(eq(session.getId()));
+		// 2 invocations expected: initial resolution, after invalidation
+		verify(sessionRepository, times(2)).findById(eq(session.getId()));
 		verify(sessionRepository).deleteById(eq(session.getId()));
 		verify(sessionRepository).createSession();
 		verify(sessionRepository).save(any());
@@ -1338,8 +1187,9 @@ class SessionRepositoryFilterTests {
 
 	@Test
 	void order() {
-		assertThat(AnnotationAwareOrderComparator.INSTANCE.compare(this.filter,
-				new SessionRepositoryFilterDefaultOrder()));
+		assertThat(
+				AnnotationAwareOrderComparator.INSTANCE.compare(this.filter, new SessionRepositoryFilterDefaultOrder()))
+						.isZero();
 	}
 
 	// We want the filter to work without any dependencies on Spring
@@ -1551,7 +1401,7 @@ class SessionRepositoryFilterTests {
 
 	}
 
-	private abstract class DoInFilter {
+	private abstract static class DoInFilter {
 
 		void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse)
 				throws ServletException, IOException {

spring-session-core/src/test/java/org/springframework/session/web/server/session/SpringSessionWebSessionStoreTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,8 +23,9 @@ import java.util.Set;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
+import org.mockito.junit.jupiter.MockitoExtension;
 import reactor.core.publisher.Mono;
 
 import org.springframework.session.ReactiveSessionRepository;
@@ -43,9 +44,10 @@ import static org.mockito.Mockito.verify;
  * @author Rob Winch
  * @author Vedran Pavic
  */
+@ExtendWith(MockitoExtension.class)
 class SpringSessionWebSessionStoreTests<S extends Session> {
 
-	@Mock
+	@Mock(lenient = true)
 	private ReactiveSessionRepository<S> sessionRepository;
 
 	@Mock
@@ -58,7 +60,6 @@ class SpringSessionWebSessionStoreTests<S extends Session> {
 
 	@BeforeEach
 	void setup() {
-		MockitoAnnotations.initMocks(this);
 		this.webSessionStore = new SpringSessionWebSessionStore<>(this.sessionRepository);
 		given(this.sessionRepository.findById(any())).willReturn(Mono.just(this.findByIdSession));
 		given(this.sessionRepository.createSession()).willReturn(Mono.just(this.createSession));

spring-session-core/src/test/java/org/springframework/session/web/socket/handler/WebSocketConnectHandlerDecoratorFactoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,10 +18,11 @@ package org.springframework.session.web.socket.handler;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
+import org.mockito.junit.jupiter.MockitoExtension;
 
 import org.springframework.context.ApplicationEvent;
 import org.springframework.context.ApplicationEventPublisher;
@@ -35,6 +36,7 @@ import static org.mockito.BDDMockito.willThrow;
 import static org.mockito.Mockito.any;
 import static org.mockito.Mockito.verify;
 
+@ExtendWith(MockitoExtension.class)
 class WebSocketConnectHandlerDecoratorFactoryTests {
 
 	@Mock
@@ -53,7 +55,6 @@ class WebSocketConnectHandlerDecoratorFactoryTests {
 
 	@BeforeEach
 	void setup() {
-		MockitoAnnotations.initMocks(this);
 		this.factory = new WebSocketConnectHandlerDecoratorFactory(this.eventPublisher);
 	}
 

spring-session-core/src/test/java/org/springframework/session/web/socket/handler/WebSocketRegistryListenerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,8 +22,9 @@ import java.util.Map;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
+import org.mockito.junit.jupiter.MockitoExtension;
 
 import org.springframework.messaging.Message;
 import org.springframework.messaging.MessageHeaders;
@@ -44,15 +45,16 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 
+@ExtendWith(MockitoExtension.class)
 class WebSocketRegistryListenerTests {
 
-	@Mock
+	@Mock(lenient = true)
 	private WebSocketSession wsSession;
 
-	@Mock
+	@Mock(lenient = true)
 	private WebSocketSession wsSession2;
 
-	@Mock
+	@Mock(lenient = true)
 	private Message<byte[]> message;
 
 	@Mock
@@ -74,7 +76,6 @@ class WebSocketRegistryListenerTests {
 
 	@BeforeEach
 	void setup() {
-		MockitoAnnotations.initMocks(this);
 		String sessionId = "session-id";
 		MapSession session = new MapSession(sessionId);
 

spring-session-core/src/test/java/org/springframework/session/web/socket/server/SessionRepositoryMessageInterceptorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,13 +23,14 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.ArgumentMatcher;
 import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
+import org.mockito.junit.jupiter.MockitoExtension;
 
 import org.springframework.http.server.ServletServerHttpRequest;
 import org.springframework.messaging.Message;
@@ -51,9 +52,10 @@ import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 
+@ExtendWith(MockitoExtension.class)
 class SessionRepositoryMessageInterceptorTests {
 
-	@Mock
+	@Mock(lenient = true)
 	SessionRepository<Session> sessionRepository;
 
 	@Mock
@@ -70,7 +72,6 @@ class SessionRepositoryMessageInterceptorTests {
 
 	@BeforeEach
 	void setup() {
-		MockitoAnnotations.initMocks(this);
 		this.interceptor = new SessionRepositoryMessageInterceptor<>(this.sessionRepository);
 		this.headers = SimpMessageHeaderAccessor.create();
 		this.headers.setSessionId("session");

spring-session-data-mongodb/spring-session-data-mongodb.gradle

@@ -18,6 +18,8 @@ dependencies {
     optional "org.mongodb:mongodb-driver-core"
     testImplementation "org.mongodb:mongodb-driver-sync"
     testImplementation "org.mongodb:mongodb-driver-reactivestreams"
+    testImplementation 'jakarta.websocket:jakarta.websocket-api'
+    testImplementation 'jakarta.websocket:jakarta.websocket-client-api'
     integrationTestCompile "org.testcontainers:mongodb"
 
     // Everything else

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/AbstractClassLoaderTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2018 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.session.data.mongo.integration;
+package org.springframework.session.data.mongo;
 
 import java.lang.reflect.Field;
 
@@ -25,9 +25,6 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.core.serializer.DefaultDeserializer;
 import org.springframework.core.serializer.support.DeserializingConverter;
-import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
-import org.springframework.session.data.mongo.Assert;
-import org.springframework.session.data.mongo.JdkMongoSessionConverter;
 import org.springframework.util.ReflectionUtils;
 
 /**
@@ -49,8 +46,7 @@ public abstract class AbstractClassLoaderTest<T> extends AbstractITest {
 
 		Field mongoSessionConverterField = ReflectionUtils.findField(this.sessionRepository.getClass(),
 				"mongoSessionConverter");
-		ReflectionUtils.makeAccessible(
-				Assert.requireNonNull(mongoSessionConverterField, "mongoSessionConverter must not be null!"));
+		ReflectionUtils.makeAccessible(mongoSessionConverterField);
 		AbstractMongoSessionConverter sessionConverter = (AbstractMongoSessionConverter) ReflectionUtils
 				.getField(mongoSessionConverterField, this.sessionRepository);
 
@@ -70,7 +66,7 @@ public abstract class AbstractClassLoaderTest<T> extends AbstractITest {
 	private static Object extractField(Class<?> clazz, String fieldName, Object obj) {
 
 		Field field = ReflectionUtils.findField(clazz, fieldName);
-		ReflectionUtils.makeAccessible(Assert.requireNonNull(field, fieldName + " must not be null!"));
+		ReflectionUtils.makeAccessible(field);
 		return ReflectionUtils.getField(field, obj);
 	}
 

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/AbstractITest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.session.data.mongo.integration;
+package org.springframework.session.data.mongo;
 
 import java.util.UUID;
 

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/AbstractMongoRepositoryITest.java

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.session.data.mongo.integration;
+package org.springframework.session.data.mongo;
 
 import java.time.Duration;
 import java.time.Instant;
@@ -37,8 +37,6 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.session.FindByIndexNameSessionRepository;
 import org.springframework.session.Session;
-import org.springframework.session.data.mongo.MongoIndexedSessionRepository;
-import org.springframework.session.data.mongo.MongoSession;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -389,11 +387,13 @@ public abstract class AbstractMongoRepositoryITest extends AbstractITest {
 
 	protected static class BaseConfig {
 
-		private static final String DOCKER_IMAGE = "mongo:4.4.1";
+		private static final String DOCKER_IMAGE = "mongo:5.0.11";
 
-		@Bean(initMethod = "start", destroyMethod = "stop")
-		public MongoDBContainer mongoContainer() {
-			return new MongoDBContainer(DOCKER_IMAGE).withExposedPorts(27017);
+		@Bean
+		public MongoDBContainer mongoDbContainer() {
+			MongoDBContainer mongoDbContainer = new MongoDBContainer(DOCKER_IMAGE);
+			mongoDbContainer.start();
+			return mongoDbContainer;
 		}
 
 		@Bean

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/MongoDbDeleteJacksonSessionVerificationTest.java

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.session.data.mongo.integration;
+package org.springframework.session.data.mongo;
 
 import java.net.URI;
 
@@ -41,8 +41,6 @@ import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.web.server.SecurityWebFilterChain;
-import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
-import org.springframework.session.data.mongo.JacksonMongoSessionConverter;
 import org.springframework.session.data.mongo.config.annotation.web.reactive.EnableMongoWebSession;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
@@ -137,6 +135,7 @@ public class MongoDbDeleteJacksonSessionVerificationTest {
 
 	}
 
+	@Configuration(proxyBeanMethods = false)
 	@EnableWebFluxSecurity
 	static class SecurityConfig {
 
@@ -156,9 +155,8 @@ public class MongoDbDeleteJacksonSessionVerificationTest {
 
 		@Bean
 		MapReactiveUserDetailsService userDetailsService() {
-			return new MapReactiveUserDetailsService(User.withDefaultPasswordEncoder() //
-					.username("admin") //
-					.password("password") //
+			return new MapReactiveUserDetailsService(User.withUsername("admin") //
+					.password("{noop}password") //
 					.roles("USER,ADMIN") //
 					.build());
 		}
@@ -175,11 +173,13 @@ public class MongoDbDeleteJacksonSessionVerificationTest {
 	@EnableMongoWebSession
 	static class Config {
 
-		private static final String DOCKER_IMAGE = "mongo:4.4.1";
+		private static final String DOCKER_IMAGE = "mongo:5.0.11";
 
-		@Bean(initMethod = "start", destroyMethod = "stop")
-		MongoDBContainer mongoContainer() {
-			return new MongoDBContainer(DOCKER_IMAGE).withExposedPorts(27017);
+		@Bean
+		MongoDBContainer mongoDbContainer() {
+			MongoDBContainer mongoDbContainer = new MongoDBContainer(DOCKER_IMAGE);
+			mongoDbContainer.start();
+			return mongoDbContainer;
 		}
 
 		@Bean

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/MongoDbLogoutVerificationTest.java

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.session.data.mongo.integration;
+package org.springframework.session.data.mongo;
 
 import java.net.URI;
 
@@ -135,6 +135,7 @@ public class MongoDbLogoutVerificationTest {
 
 	}
 
+	@Configuration(proxyBeanMethods = false)
 	@EnableWebFluxSecurity
 	static class SecurityConfig {
 
@@ -156,9 +157,8 @@ public class MongoDbLogoutVerificationTest {
 		@Bean
 		MapReactiveUserDetailsService userDetailsService() {
 
-			return new MapReactiveUserDetailsService(User.withDefaultPasswordEncoder() //
-					.username("admin") //
-					.password("password") //
+			return new MapReactiveUserDetailsService(User.withUsername("admin") //
+					.password("{noop}password") //
 					.roles("USER,ADMIN") //
 					.build());
 		}
@@ -170,11 +170,13 @@ public class MongoDbLogoutVerificationTest {
 	@EnableMongoWebSession
 	static class Config {
 
-		private static final String DOCKER_IMAGE = "mongo:4.4.1";
+		private static final String DOCKER_IMAGE = "mongo:5.0.11";
 
-		@Bean(initMethod = "start", destroyMethod = "stop")
-		MongoDBContainer mongoContainer() {
-			return new MongoDBContainer(DOCKER_IMAGE).withExposedPorts(27017);
+		@Bean
+		MongoDBContainer mongoDbContainer() {
+			MongoDBContainer mongoDbContainer = new MongoDBContainer(DOCKER_IMAGE);
+			mongoDbContainer.start();
+			return mongoDbContainer;
 		}
 
 		@Bean

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/MongoRepositoryJacksonITest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.session.data.mongo.integration;
+package org.springframework.session.data.mongo;
 
 import java.util.Collections;
 import java.util.Map;
@@ -25,9 +25,6 @@ import org.junit.jupiter.api.Test;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.geo.GeoModule;
-import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
-import org.springframework.session.data.mongo.JacksonMongoSessionConverter;
-import org.springframework.session.data.mongo.MongoSession;
 import org.springframework.session.data.mongo.config.annotation.web.http.EnableMongoHttpSession;
 import org.springframework.test.context.ContextConfiguration;
 

spring-session-data-mongodb/src/integration-test/java/org/springframework/session/data/mongo/MongoRepositoryJdkSerializationITest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.session.data.mongo.integration;
+package org.springframework.session.data.mongo;
 
 import java.time.Duration;
 import java.util.Map;
@@ -23,9 +23,6 @@ import org.junit.jupiter.api.Test;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
-import org.springframework.session.data.mongo.JdkMongoSessionConverter;
-import org.springframework.session.data.mongo.MongoSession;
 import org.springframework.session.data.mongo.config.annotation.web.http.EnableMongoHttpSession;
 import org.springframework.test.context.ContextConfiguration;
 

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/AbstractMongoSessionConverter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,6 +36,8 @@ import org.springframework.session.DelegatingIndexResolver;
 import org.springframework.session.FindByIndexNameSessionRepository;
 import org.springframework.session.IndexResolver;
 import org.springframework.session.PrincipalNameIndexResolver;
+import org.springframework.session.Session;
+import org.springframework.util.Assert;
 
 /**
  * Base class for serializing and deserializing session objects. To create custom
@@ -54,8 +56,7 @@ public abstract class AbstractMongoSessionConverter implements GenericConverter
 
 	private static final String SPRING_SECURITY_CONTEXT = "SPRING_SECURITY_CONTEXT";
 
-	private IndexResolver<MongoSession> indexResolver = new DelegatingIndexResolver<>(
-			new PrincipalNameIndexResolver<>());
+	private IndexResolver<Session> indexResolver = new DelegatingIndexResolver<>(new PrincipalNameIndexResolver<>());
 
 	/**
 	 * Returns query to be executed to return sessions based on a particular index.
@@ -122,8 +123,9 @@ public abstract class AbstractMongoSessionConverter implements GenericConverter
 
 	protected abstract MongoSession convert(Document sessionWrapper);
 
-	public void setIndexResolver(IndexResolver<MongoSession> indexResolver) {
-		this.indexResolver = Assert.requireNonNull(indexResolver, "indexResolver must not be null!");
+	public void setIndexResolver(IndexResolver<Session> indexResolver) {
+		Assert.notNull(indexResolver, "indexResolver must not be null");
+		this.indexResolver = indexResolver;
 	}
 
 }

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/JacksonMongoSessionConverter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,7 +29,7 @@ import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.Module;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.PropertyNamingStrategy;
+import com.fasterxml.jackson.databind.PropertyNamingStrategies;
 import com.mongodb.BasicDBObject;
 import com.mongodb.DBObject;
 import org.apache.commons.logging.Log;
@@ -168,18 +168,18 @@ public class JacksonMongoSessionConverter extends AbstractMongoSessionConverter
 
 	}
 
-	private static class MongoIdNamingStrategy extends PropertyNamingStrategy.PropertyNamingStrategyBase {
+	private static class MongoIdNamingStrategy extends PropertyNamingStrategies.NamingBase {
 
 		@Override
 		public String translate(String propertyName) {
 
 			switch (propertyName) {
-			case "id":
-				return "_id";
-			case "_id":
-				return "id";
-			default:
-				return propertyName;
+				case "id":
+					return "_id";
+				case "_id":
+					return "id";
+				default:
+					return propertyName;
 			}
 		}
 

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/MongoIndexedSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,6 +22,7 @@ import java.util.Map;
 import java.util.Optional;
 import java.util.stream.Collectors;
 
+import com.mongodb.DBObject;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.bson.Document;
@@ -34,9 +35,11 @@ import org.springframework.data.mongodb.core.MongoOperations;
 import org.springframework.data.mongodb.core.index.IndexOperations;
 import org.springframework.lang.Nullable;
 import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.MapSession;
 import org.springframework.session.events.SessionCreatedEvent;
 import org.springframework.session.events.SessionDeletedEvent;
 import org.springframework.session.events.SessionExpiredEvent;
+import org.springframework.util.Assert;
 
 /**
  * Session repository implementation which stores sessions in Mongo. Uses
@@ -46,6 +49,7 @@ import org.springframework.session.events.SessionExpiredEvent;
  *
  * @author Jakub Kubrynski
  * @author Greg Turnquist
+ * @author Vedran Pavic
  * @since 2.2.0
  */
 public class MongoIndexedSessionRepository
@@ -53,8 +57,11 @@ public class MongoIndexedSessionRepository
 
 	/**
 	 * The default time period in seconds in which a session will expire.
+	 * @deprecated since 3.0.0 in favor of
+	 * {@link MapSession#DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS}
 	 */
-	public static final int DEFAULT_INACTIVE_INTERVAL = 1800;
+	@Deprecated
+	public static final int DEFAULT_INACTIVE_INTERVAL = MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS;
 
 	/**
 	 * the default collection name for storing session.
@@ -65,12 +72,12 @@ public class MongoIndexedSessionRepository
 
 	private final MongoOperations mongoOperations;
 
-	private Integer maxInactiveIntervalInSeconds = DEFAULT_INACTIVE_INTERVAL;
+	private Duration defaultMaxInactiveInterval = Duration.ofSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS);
 
 	private String collectionName = DEFAULT_COLLECTION_NAME;
 
 	private AbstractMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(
-			Duration.ofSeconds(this.maxInactiveIntervalInSeconds));
+			this.defaultMaxInactiveInterval);
 
 	private ApplicationEventPublisher eventPublisher;
 
@@ -83,9 +90,7 @@ public class MongoIndexedSessionRepository
 
 		MongoSession session = new MongoSession();
 
-		if (this.maxInactiveIntervalInSeconds != null) {
-			session.setMaxInactiveInterval(Duration.ofSeconds(this.maxInactiveIntervalInSeconds));
-		}
+		session.setMaxInactiveInterval(this.defaultMaxInactiveInterval);
 
 		publishEvent(new SessionCreatedEvent(this, session));
 
@@ -94,9 +99,9 @@ public class MongoIndexedSessionRepository
 
 	@Override
 	public void save(MongoSession session) {
-		this.mongoOperations
-				.save(Assert.requireNonNull(MongoSessionUtils.convertToDBObject(this.mongoSessionConverter, session),
-						"convertToDBObject must not null!"), this.collectionName);
+		DBObject dbObject = MongoSessionUtils.convertToDBObject(this.mongoSessionConverter, session);
+		Assert.notNull(dbObject, "dbObject must not be null");
+		this.mongoOperations.save(dbObject, this.collectionName);
 	}
 
 	@Override
@@ -178,8 +183,29 @@ public class MongoIndexedSessionRepository
 		}
 	}
 
-	public void setMaxInactiveIntervalInSeconds(final Integer maxInactiveIntervalInSeconds) {
-		this.maxInactiveIntervalInSeconds = maxInactiveIntervalInSeconds;
+	/**
+	 * Set the maximum inactive interval in seconds between requests before newly created
+	 * sessions will be invalidated. A negative time indicates that the session will never
+	 * time out. The default is 30 minutes.
+	 * @param defaultMaxInactiveInterval the default maxInactiveInterval
+	 */
+	public void setDefaultMaxInactiveInterval(Duration defaultMaxInactiveInterval) {
+		org.springframework.util.Assert.notNull(defaultMaxInactiveInterval,
+				"defaultMaxInactiveInterval must not be null");
+		this.defaultMaxInactiveInterval = defaultMaxInactiveInterval;
+	}
+
+	/**
+	 * Set the maximum inactive interval in seconds between requests before newly created
+	 * sessions will be invalidated. A negative time indicates that the session will never
+	 * time out. The default is 1800 (30 minutes).
+	 * @param defaultMaxInactiveInterval the default maxInactiveInterval in seconds
+	 * @deprecated since 3.0.0, in favor of
+	 * {@link #setDefaultMaxInactiveInterval(Duration)}
+	 */
+	@Deprecated(since = "3.0.0")
+	public void setMaxInactiveIntervalInSeconds(Integer defaultMaxInactiveInterval) {
+		setDefaultMaxInactiveInterval(Duration.ofSeconds(defaultMaxInactiveInterval));
 	}
 
 	public void setCollectionName(final String collectionName) {

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/MongoOperationsSessionRepository.java

@@ -1,36 +0,0 @@
-/*
- * Copyright 2014-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.session.data.mongo;
-
-import org.springframework.data.mongodb.core.MongoOperations;
-
-/**
- * This {@link org.springframework.session.FindByIndexNameSessionRepository}
- * implementation is kept to support backwards compatibility.
- *
- * @author Rob Winch
- * @since 1.2
- * @deprecated since 2.2.0 in favor of {@link MongoIndexedSessionRepository}.
- */
-@Deprecated
-public class MongoOperationsSessionRepository extends MongoIndexedSessionRepository {
-
-	public MongoOperationsSessionRepository(MongoOperations mongoOperations) {
-		super(mongoOperations);
-	}
-
-}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/MongoSession.java

@@ -27,6 +27,7 @@ import java.util.UUID;
 import java.util.stream.Collectors;
 
 import org.springframework.lang.Nullable;
+import org.springframework.session.MapSession;
 import org.springframework.session.Session;
 
 /**
@@ -36,7 +37,7 @@ import org.springframework.session.Session;
  * @author Greg Turnquist
  * @since 1.2
  */
-public class MongoSession implements Session {
+class MongoSession implements Session {
 
 	/**
 	 * Mongo doesn't support {@literal dot} in field names. We replace it with a unicode
@@ -65,15 +66,15 @@ public class MongoSession implements Session {
 
 	private Map<String, Object> attrs = new HashMap<>();
 
-	public MongoSession() {
-		this(MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL);
+	MongoSession() {
+		this(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS);
 	}
 
-	public MongoSession(long maxInactiveIntervalInSeconds) {
+	MongoSession(long maxInactiveIntervalInSeconds) {
 		this(UUID.randomUUID().toString(), maxInactiveIntervalInSeconds);
 	}
 
-	public MongoSession(String id, long maxInactiveIntervalInSeconds) {
+	MongoSession(String id, long maxInactiveIntervalInSeconds) {
 
 		this.id = id;
 		this.originalSessionId = id;
@@ -129,7 +130,7 @@ public class MongoSession implements Session {
 		return Instant.ofEpochMilli(this.createdMillis);
 	}
 
-	public void setCreationTime(long created) {
+	void setCreationTime(long created) {
 		this.createdMillis = created;
 	}
 
@@ -183,11 +184,11 @@ public class MongoSession implements Session {
 		return this.id;
 	}
 
-	public Date getExpireAt() {
+	Date getExpireAt() {
 		return this.expireAt;
 	}
 
-	public void setExpireAt(final Date expireAt) {
+	void setExpireAt(final Date expireAt) {
 		this.expireAt = expireAt;
 	}
 

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/MongoSessionUtils.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,7 +27,7 @@ import org.springframework.lang.Nullable;
  *
  * @author Greg Turnquist
  */
-public final class MongoSessionUtils {
+final class MongoSessionUtils {
 
 	private MongoSessionUtils() {
 	}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/ReactiveMongoOperationsSessionRepository.java

@@ -1,36 +0,0 @@
-/*
- * Copyright 2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.session.data.mongo;
-
-import org.springframework.data.mongodb.core.ReactiveMongoOperations;
-import org.springframework.session.ReactiveSessionRepository;
-
-/**
- * This {@link ReactiveSessionRepository} implementation is kept to support migration to
- * {@link ReactiveMongoSessionRepository} in a backwards compatible manner.
- *
- * @author Greg Turnquist
- * @deprecated since 2.2.0 in favor of {@link ReactiveMongoSessionRepository}.
- */
-@Deprecated
-public class ReactiveMongoOperationsSessionRepository extends ReactiveMongoSessionRepository {
-
-	public ReactiveMongoOperationsSessionRepository(ReactiveMongoOperations mongoOperations) {
-		super(mongoOperations);
-	}
-
-}

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/ReactiveMongoSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,14 +32,17 @@ import org.springframework.data.mongodb.core.ReactiveMongoOperations;
 import org.springframework.data.mongodb.core.index.IndexOperations;
 import org.springframework.data.mongodb.core.query.Criteria;
 import org.springframework.data.mongodb.core.query.Query;
+import org.springframework.session.MapSession;
 import org.springframework.session.ReactiveSessionRepository;
 import org.springframework.session.events.SessionCreatedEvent;
 import org.springframework.session.events.SessionDeletedEvent;
+import org.springframework.util.Assert;
 
 /**
  * A {@link ReactiveSessionRepository} implementation that uses Spring Data MongoDB.
  *
  * @author Greg Turnquist
+ * @author Vedran Pavic
  * @since 2.2.0
  */
 public class ReactiveMongoSessionRepository
@@ -47,8 +50,11 @@ public class ReactiveMongoSessionRepository
 
 	/**
 	 * The default time period in seconds in which a session will expire.
+	 * @deprecated since 3.0.0 in favor of
+	 * {@link MapSession#DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS}
 	 */
-	public static final int DEFAULT_INACTIVE_INTERVAL = 1800;
+	@Deprecated
+	public static final int DEFAULT_INACTIVE_INTERVAL = MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS;
 
 	/**
 	 * The default collection name for storing session.
@@ -59,12 +65,12 @@ public class ReactiveMongoSessionRepository
 
 	private final ReactiveMongoOperations mongoOperations;
 
-	private Integer maxInactiveIntervalInSeconds = DEFAULT_INACTIVE_INTERVAL;
+	private Duration defaultMaxInactiveInterval = Duration.ofSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS);
 
 	private String collectionName = DEFAULT_COLLECTION_NAME;
 
 	private AbstractMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(
-			Duration.ofSeconds(this.maxInactiveIntervalInSeconds));
+			this.defaultMaxInactiveInterval);
 
 	private MongoOperations blockingMongoOperations;
 
@@ -88,7 +94,7 @@ public class ReactiveMongoSessionRepository
 	@Override
 	public Mono<MongoSession> createSession() {
 
-		return Mono.justOrEmpty(this.maxInactiveIntervalInSeconds) //
+		return Mono.justOrEmpty(this.defaultMaxInactiveInterval.toSeconds()) //
 				.map(MongoSession::new) //
 				.doOnNext((mongoSession) -> publishEvent(new SessionCreatedEvent(this, mongoSession))) //
 				.switchIfEmpty(Mono.just(new MongoSession()));
@@ -170,12 +176,28 @@ public class ReactiveMongoSessionRepository
 		}
 	}
 
-	public Integer getMaxInactiveIntervalInSeconds() {
-		return this.maxInactiveIntervalInSeconds;
+	/**
+	 * Set the maximum inactive interval in seconds between requests before newly created
+	 * sessions will be invalidated. A negative time indicates that the session will never
+	 * time out. The default is 30 minutes.
+	 * @param defaultMaxInactiveInterval the default maxInactiveInterval
+	 */
+	public void setDefaultMaxInactiveInterval(Duration defaultMaxInactiveInterval) {
+		Assert.notNull(defaultMaxInactiveInterval, "defaultMaxInactiveInterval must not be null");
+		this.defaultMaxInactiveInterval = defaultMaxInactiveInterval;
 	}
 
-	public void setMaxInactiveIntervalInSeconds(final Integer maxInactiveIntervalInSeconds) {
-		this.maxInactiveIntervalInSeconds = maxInactiveIntervalInSeconds;
+	/**
+	 * Set the maximum inactive interval in seconds between requests before newly created
+	 * sessions will be invalidated. A negative time indicates that the session will never
+	 * time out. The default is 1800 (30 minutes).
+	 * @param defaultMaxInactiveInterval the default maxInactiveInterval in seconds
+	 * @deprecated since 3.0.0, in favor of
+	 * {@link #setDefaultMaxInactiveInterval(Duration)}
+	 */
+	@Deprecated(since = "3.0.0")
+	public void setMaxInactiveIntervalInSeconds(Integer defaultMaxInactiveInterval) {
+		setDefaultMaxInactiveInterval(Duration.ofSeconds(defaultMaxInactiveInterval));
 	}
 
 	public String getCollectionName() {

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/config/annotation/web/http/EnableMongoHttpSession.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,8 +22,8 @@ import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
-import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
+import org.springframework.session.MapSession;
 import org.springframework.session.data.mongo.MongoIndexedSessionRepository;
 
 /**
@@ -34,6 +34,7 @@ import org.springframework.session.data.mongo.MongoIndexedSessionRepository;
  *
  * <pre>
  * <code>
+ * {@literal @Configuration(proxyBeanMethods = false)}
  * {@literal @EnableMongoHttpSession}
  * public class MongoHttpSessionConfig {
  *
@@ -52,14 +53,13 @@ import org.springframework.session.data.mongo.MongoIndexedSessionRepository;
 @Target(ElementType.TYPE)
 @Documented
 @Import(MongoHttpSessionConfiguration.class)
-@Configuration(proxyBeanMethods = false)
 public @interface EnableMongoHttpSession {
 
 	/**
 	 * The maximum time a session will be kept if it is inactive.
 	 * @return default max inactive interval in seconds
 	 */
-	int maxInactiveIntervalInSeconds() default MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL;
+	int maxInactiveIntervalInSeconds() default MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS;
 
 	/**
 	 * The collection name to use.

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/config/annotation/web/http/MongoHttpSessionConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,6 +26,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.EmbeddedValueResolverAware;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.ImportAware;
 import org.springframework.core.annotation.AnnotationAttributes;
 import org.springframework.core.serializer.support.DeserializingConverter;
@@ -33,12 +34,13 @@ import org.springframework.core.serializer.support.SerializingConverter;
 import org.springframework.core.type.AnnotationMetadata;
 import org.springframework.data.mongodb.core.MongoOperations;
 import org.springframework.session.IndexResolver;
+import org.springframework.session.MapSession;
+import org.springframework.session.Session;
 import org.springframework.session.config.SessionRepositoryCustomizer;
 import org.springframework.session.config.annotation.web.http.SpringHttpSessionConfiguration;
 import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
 import org.springframework.session.data.mongo.JdkMongoSessionConverter;
 import org.springframework.session.data.mongo.MongoIndexedSessionRepository;
-import org.springframework.session.data.mongo.MongoSession;
 import org.springframework.util.StringUtils;
 import org.springframework.util.StringValueResolver;
 
@@ -51,12 +53,12 @@ import org.springframework.util.StringValueResolver;
  * @since 1.2
  */
 @Configuration(proxyBeanMethods = false)
-public class MongoHttpSessionConfiguration extends SpringHttpSessionConfiguration
-		implements BeanClassLoaderAware, EmbeddedValueResolverAware, ImportAware {
+@Import(SpringHttpSessionConfiguration.class)
+public class MongoHttpSessionConfiguration implements BeanClassLoaderAware, EmbeddedValueResolverAware, ImportAware {
 
 	private AbstractMongoSessionConverter mongoSessionConverter;
 
-	private Integer maxInactiveIntervalInSeconds;
+	private Duration maxInactiveInterval = MapSession.DEFAULT_MAX_INACTIVE_INTERVAL;
 
 	private String collectionName;
 
@@ -66,13 +68,13 @@ public class MongoHttpSessionConfiguration extends SpringHttpSessionConfiguratio
 
 	private ClassLoader classLoader;
 
-	private IndexResolver<MongoSession> indexResolver;
+	private IndexResolver<Session> indexResolver;
 
 	@Bean
 	public MongoIndexedSessionRepository mongoSessionRepository(MongoOperations mongoOperations) {
 
 		MongoIndexedSessionRepository repository = new MongoIndexedSessionRepository(mongoOperations);
-		repository.setMaxInactiveIntervalInSeconds(this.maxInactiveIntervalInSeconds);
+		repository.setDefaultMaxInactiveInterval(this.maxInactiveInterval);
 
 		if (this.mongoSessionConverter != null) {
 			repository.setMongoSessionConverter(this.mongoSessionConverter);
@@ -84,7 +86,7 @@ public class MongoHttpSessionConfiguration extends SpringHttpSessionConfiguratio
 		else {
 			JdkMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(new SerializingConverter(),
 					new DeserializingConverter(this.classLoader),
-					Duration.ofSeconds(MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL));
+					Duration.ofSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS));
 
 			if (this.indexResolver != null) {
 				mongoSessionConverter.setIndexResolver(this.indexResolver);
@@ -107,8 +109,13 @@ public class MongoHttpSessionConfiguration extends SpringHttpSessionConfiguratio
 		this.collectionName = collectionName;
 	}
 
+	public void setMaxInactiveInterval(Duration maxInactiveInterval) {
+		this.maxInactiveInterval = maxInactiveInterval;
+	}
+
+	@Deprecated
 	public void setMaxInactiveIntervalInSeconds(Integer maxInactiveIntervalInSeconds) {
-		this.maxInactiveIntervalInSeconds = maxInactiveIntervalInSeconds;
+		setMaxInactiveInterval(Duration.ofSeconds(maxInactiveIntervalInSeconds));
 	}
 
 	public void setImportMetadata(AnnotationMetadata importMetadata) {
@@ -117,10 +124,8 @@ public class MongoHttpSessionConfiguration extends SpringHttpSessionConfiguratio
 				.fromMap(importMetadata.getAnnotationAttributes(EnableMongoHttpSession.class.getName()));
 
 		if (attributes != null) {
-			this.maxInactiveIntervalInSeconds = attributes.getNumber("maxInactiveIntervalInSeconds");
-		}
-		else {
-			this.maxInactiveIntervalInSeconds = MongoIndexedSessionRepository.DEFAULT_INACTIVE_INTERVAL;
+			this.maxInactiveInterval = Duration
+					.ofSeconds(attributes.<Integer>getNumber("maxInactiveIntervalInSeconds"));
 		}
 
 		String collectionNameValue = (attributes != null) ? attributes.getString("collectionName") : "";
@@ -151,7 +156,7 @@ public class MongoHttpSessionConfiguration extends SpringHttpSessionConfiguratio
 	}
 
 	@Autowired(required = false)
-	public void setIndexResolver(IndexResolver<MongoSession> indexResolver) {
+	public void setIndexResolver(IndexResolver<Session> indexResolver) {
 		this.indexResolver = indexResolver;
 	}
 

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/config/annotation/web/reactive/EnableMongoWebSession.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 the original author or authors.
+ * Copyright 2014-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.Target;
 
-import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
+import org.springframework.session.MapSession;
 import org.springframework.session.data.mongo.ReactiveMongoSessionRepository;
 
 /**
@@ -32,7 +32,7 @@ import org.springframework.session.data.mongo.ReactiveMongoSessionRepository;
  *
  * <pre>
  * <code>
- * {@literal @Configuration}
+ * {@literal @Configuration(proxyBeanMethods = false)}
  * {@literal @EnableMongoWebSession}
  * public class SpringWebFluxConfig {
  *
@@ -45,21 +45,20 @@ import org.springframework.session.data.mongo.ReactiveMongoSessionRepository;
  * </code> </pre>
  *
  * @author Greg Turnquist
- * @author Vedran Pavić
+ * @author Vedran Pavic
  * @since 2.0
  */
 @Retention(java.lang.annotation.RetentionPolicy.RUNTIME)
 @Target({ java.lang.annotation.ElementType.TYPE })
 @Documented
 @Import(ReactiveMongoWebSessionConfiguration.class)
-@Configuration(proxyBeanMethods = false)
 public @interface EnableMongoWebSession {
 
 	/**
 	 * The maximum time a session will be kept if it is inactive.
 	 * @return default max inactive interval in seconds
 	 */
-	int maxInactiveIntervalInSeconds() default ReactiveMongoSessionRepository.DEFAULT_INACTIVE_INTERVAL;
+	int maxInactiveIntervalInSeconds() default MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS;
 
 	/**
 	 * The collection name to use.

spring-session-data-mongodb/src/main/java/org/springframework/session/data/mongo/config/annotation/web/reactive/ReactiveMongoWebSessionConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 the original author or authors.
+ * Copyright 2016-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,6 +26,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.EmbeddedValueResolverAware;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.ImportAware;
 import org.springframework.core.annotation.AnnotationAttributes;
 import org.springframework.core.serializer.support.DeserializingConverter;
@@ -34,11 +35,12 @@ import org.springframework.core.type.AnnotationMetadata;
 import org.springframework.data.mongodb.core.MongoOperations;
 import org.springframework.data.mongodb.core.ReactiveMongoOperations;
 import org.springframework.session.IndexResolver;
+import org.springframework.session.MapSession;
+import org.springframework.session.Session;
 import org.springframework.session.config.ReactiveSessionRepositoryCustomizer;
 import org.springframework.session.config.annotation.web.server.SpringWebSessionConfiguration;
 import org.springframework.session.data.mongo.AbstractMongoSessionConverter;
 import org.springframework.session.data.mongo.JdkMongoSessionConverter;
-import org.springframework.session.data.mongo.MongoSession;
 import org.springframework.session.data.mongo.ReactiveMongoSessionRepository;
 import org.springframework.util.StringUtils;
 import org.springframework.util.StringValueResolver;
@@ -48,15 +50,16 @@ import org.springframework.util.StringValueResolver;
  * {@link ReactiveMongoOperations}.
  *
  * @author Greg Turnquist
- * @author Vedran Pavić
+ * @author Vedran Pavic
  */
 @Configuration(proxyBeanMethods = false)
-public class ReactiveMongoWebSessionConfiguration extends SpringWebSessionConfiguration
+@Import(SpringWebSessionConfiguration.class)
+public class ReactiveMongoWebSessionConfiguration
 		implements BeanClassLoaderAware, EmbeddedValueResolverAware, ImportAware {
 
 	private AbstractMongoSessionConverter mongoSessionConverter;
 
-	private Integer maxInactiveIntervalInSeconds;
+	private Duration maxInactiveInterval = MapSession.DEFAULT_MAX_INACTIVE_INTERVAL;
 
 	private String collectionName;
 
@@ -69,7 +72,7 @@ public class ReactiveMongoWebSessionConfiguration extends SpringWebSessionConfig
 
 	private ClassLoader classLoader;
 
-	private IndexResolver<MongoSession> indexResolver;
+	private IndexResolver<Session> indexResolver;
 
 	@Bean
 	public ReactiveMongoSessionRepository reactiveMongoSessionRepository(ReactiveMongoOperations operations) {
@@ -87,7 +90,7 @@ public class ReactiveMongoWebSessionConfiguration extends SpringWebSessionConfig
 		else {
 			JdkMongoSessionConverter mongoSessionConverter = new JdkMongoSessionConverter(new SerializingConverter(),
 					new DeserializingConverter(this.classLoader),
-					Duration.ofSeconds(ReactiveMongoSessionRepository.DEFAULT_INACTIVE_INTERVAL));
+					Duration.ofSeconds(MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS));
 
 			if (this.indexResolver != null) {
 				mongoSessionConverter.setIndexResolver(this.indexResolver);
@@ -96,9 +99,7 @@ public class ReactiveMongoWebSessionConfiguration extends SpringWebSessionConfig
 			repository.setMongoSessionConverter(mongoSessionConverter);
 		}
 
-		if (this.maxInactiveIntervalInSeconds != null) {
-			repository.setMaxInactiveIntervalInSeconds(this.maxInactiveIntervalInSeconds);
-		}
+		repository.setDefaultMaxInactiveInterval(this.maxInactiveInterval);
 
 		if (this.collectionName != null) {
 			repository.setCollectionName(this.collectionName);
@@ -126,10 +127,8 @@ public class ReactiveMongoWebSessionConfiguration extends SpringWebSessionConfig
 				.fromMap(importMetadata.getAnnotationAttributes(EnableMongoWebSession.class.getName()));
 
 		if (attributes != null) {
-			this.maxInactiveIntervalInSeconds = attributes.getNumber("maxInactiveIntervalInSeconds");
-		}
-		else {
-			this.maxInactiveIntervalInSeconds = ReactiveMongoSessionRepository.DEFAULT_INACTIVE_INTERVAL;
+			this.maxInactiveInterval = Duration
+					.ofSeconds(attributes.<Integer>getNumber("maxInactiveIntervalInSeconds"));
 		}
 
 		String collectionNameValue = (attributes != null) ? attributes.getString("collectionName") : "";
@@ -149,12 +148,17 @@ public class ReactiveMongoWebSessionConfiguration extends SpringWebSessionConfig
 		this.embeddedValueResolver = embeddedValueResolver;
 	}
 
-	public Integer getMaxInactiveIntervalInSeconds() {
-		return this.maxInactiveIntervalInSeconds;
+	public Duration getMaxInactiveInterval() {
+		return this.maxInactiveInterval;
 	}
 
+	public void setMaxInactiveInterval(Duration maxInactiveInterval) {
+		this.maxInactiveInterval = maxInactiveInterval;
+	}
+
+	@Deprecated
 	public void setMaxInactiveIntervalInSeconds(Integer maxInactiveIntervalInSeconds) {
-		this.maxInactiveIntervalInSeconds = maxInactiveIntervalInSeconds;
+		setMaxInactiveInterval(Duration.ofSeconds(maxInactiveIntervalInSeconds));
 	}
 
 	public String getCollectionName() {
@@ -172,7 +176,7 @@ public class ReactiveMongoWebSessionConfiguration extends SpringWebSessionConfig
 	}
 
 	@Autowired(required = false)
-	public void setIndexResolver(IndexResolver<MongoSession> indexResolver) {
+	public void setIndexResolver(IndexResolver<Session> indexResolver) {
 		this.indexResolver = indexResolver;
 	}