Upgrade to Spring Security 5.0.0.BUILD-SNAPSHOT

Following some changes in the latest snapshot this includes: - Some updates to oauth2 client auto-config - Security auto-config no longer relies on GlobalAuthenticationConfigurerAdapter - Remove reactive security starter Closes gh-10704
2017-10-19 15:14:58 -07:00 · 2017-10-19 15:14:58 -07:00 · 8600bd7294
parent eb446d07d9
commit 8600bd7294
19 changed files with 52 additions and 147 deletions
--- a/spring-boot-project/spring-boot-autoconfigure/pom.xml
+++ b/spring-boot-project/spring-boot-autoconfigure/pom.xml
@ -523,11 +523,6 @@
 			<artifactId>spring-security-data</artifactId>
 			<optional>true</optional>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-webflux</artifactId>
 			<optional>true</optional>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-jwt-jose</artifactId>
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfiguration.java
@ -27,7 +27,7 @@ import org.springframework.context.annotation.Import;
 import org.springframework.security.authentication.AuthenticationEventPublisher;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
-import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 /**
@ -42,7 +42,7 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 */
@Configuration
@ConditionalOnClass({ AuthenticationManager.class,
-		GlobalAuthenticationConfigurerAdapter.class })
+		EnableWebSecurity.class })
@EnableConfigurationProperties(SecurityProperties.class)
@Import({ SpringBootWebSecurityConfiguration.class, WebSecurityEnablerConfiguration.class,
 		AuthenticationManagerConfiguration.class, SecurityDataConfiguration.class })
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java
@ -16,14 +16,12 @@
 package org.springframework.boot.autoconfigure.security;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 /**
@ -36,7 +34,6 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 * @author Madhura Bhave
 * @since 2.0.0
 */
@ConditionalOnClass(EnableWebSecurity.class)
@ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class)
@ConditionalOnWebApplication(type = Type.SERVLET)
 public class SpringBootWebSecurityConfiguration {
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/WebSecurityEnablerConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/WebSecurityEnablerConfiguration.java
@ -17,7 +17,6 @@
 package org.springframework.boot.autoconfigure.security;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@ -34,7 +33,6 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 * @since 2.0.0
 */
@ConditionalOnBean(WebSecurityConfigurerAdapter.class)
@ConditionalOnClass(EnableWebSecurity.class)
@ConditionalOnMissingBean(WebSecurityConfiguration.class)
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
@EnableWebSecurity
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java
@ -76,7 +76,7 @@ final class OAuth2ClientPropertiesRegistrationAdapter {
 			throw new IllegalStateException(getErrorMessage(configuredProviderId, registrationId));
 		}
 		Builder builder = (provider != null ? provider.getBuilder(registrationId)
-				: new Builder(registrationId));
+				: ClientRegistration.withRegistrationId(registrationId));
 		if (providers.containsKey(providerId)) {
 			return getBuilder(builder, providers.get(providerId));
 		}
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveAuthenticationManagerConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveAuthenticationManagerConfiguration.java
@ -27,15 +27,15 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplicat
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
-import org.springframework.security.core.userdetails.MapUserDetailsRepository;
+import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsRepository;
 /**
 * Default user {@link Configuration} for a reactive web application. Configures a
- * {@link UserDetailsRepository} with a default user and generated password. This
+ * {@link ReactiveUserDetailsService} with a default user and generated password. This
- * backs-off completely if there is a bean of type {@link UserDetailsRepository} or
+ * backs-off completely if there is a bean of type {@link ReactiveUserDetailsService} or
 * {@link ReactiveAuthenticationManager}.
 *
 * @author Madhura Bhave
@ -44,7 +44,7 @@ import org.springframework.security.core.userdetails.UserDetailsRepository;
@Configuration
@ConditionalOnClass({ ReactiveAuthenticationManager.class })
@ConditionalOnMissingBean({ ReactiveAuthenticationManager.class,
-		UserDetailsRepository.class })
+		ReactiveUserDetailsService.class })
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
 public class ReactiveAuthenticationManagerConfiguration {
@ -52,11 +52,11 @@ public class ReactiveAuthenticationManagerConfiguration {
 			.getLog(ReactiveAuthenticationManagerConfiguration.class);
 	@Bean
-	public MapUserDetailsRepository userDetailsRepository() {
+	public MapReactiveUserDetailsService reactiveUserDetailsService() {
 		String password = UUID.randomUUID().toString();
 		logger.info(String.format("%n%nUsing default security password: %s%n", password));
 		UserDetails user = User.withUsername("user").password(password).roles().build();
-		return new MapUserDetailsRepository(user);
+		return new MapReactiveUserDetailsService(user);
 	}
 }
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/jpa/JpaUserDetailsTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/jpa/JpaUserDetailsTests.java
@ -25,9 +25,7 @@ import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
 import org.springframework.boot.autoconfigure.jdbc.EmbeddedDataSourceConfiguration;
 import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.user.SecurityConfig;
 import org.springframework.boot.test.context.SpringBootContextLoader;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Import;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.context.ContextConfiguration;
@ -57,7 +55,6 @@ public class JpaUserDetailsTests {
 	@Import({ EmbeddedDataSourceConfiguration.class, DataSourceAutoConfiguration.class,
 			HibernateJpaAutoConfiguration.class,
 			PropertyPlaceholderAutoConfiguration.class, SecurityAutoConfiguration.class })
 	@ComponentScan(basePackageClasses = SecurityConfig.class)
 	public static class Main {
 	}
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java
@ -78,7 +78,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
 		assertThat(adapted.getAuthorizationGrantType()).isEqualTo(
 				org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(adapted.getRedirectUri()).isEqualTo("http://example.com/redirect");
-		assertThat(adapted.getScope()).containsExactly("scope");
+		assertThat(adapted.getScopes()).containsExactly("scope");
 		assertThat(adapted.getClientName()).isEqualTo("clientName");
 	}
@ -112,7 +112,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
 				org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(adapted.getRedirectUri()).isEqualTo(
 				"{scheme}://{serverName}:{serverPort}{contextPath}/oauth2/authorize/code/{registrationId}");
-		assertThat(adapted.getScope()).containsExactly("openid", "profile", "email",
+		assertThat(adapted.getScopes()).containsExactly("openid", "profile", "email",
 				"address", "phone");
 		assertThat(adapted.getClientName()).isEqualTo("Google");
 	}
@ -151,7 +151,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
 		assertThat(adapted.getAuthorizationGrantType()).isEqualTo(
 				org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(adapted.getRedirectUri()).isEqualTo("http://example.com/redirect");
-		assertThat(adapted.getScope()).containsExactly("scope");
+		assertThat(adapted.getScopes()).containsExactly("scope");
 		assertThat(adapted.getClientName()).isEqualTo("clientName");
 	}
@ -196,7 +196,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
 				org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(adapted.getRedirectUri()).isEqualTo(
 				"{scheme}://{serverName}:{serverPort}{contextPath}/oauth2/authorize/code/{registrationId}");
-		assertThat(adapted.getScope()).containsExactly("openid", "profile", "email",
+		assertThat(adapted.getScopes()).containsExactly("openid", "profile", "email",
 				"address", "phone");
 		assertThat(adapted.getClientName()).isEqualTo("Google");
 	}
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2WebSecurityConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2WebSecurityConfigurationTests.java
@ -36,7 +36,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
 import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationFilter;
-import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
+import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.SecurityFilterChain;
@ -97,7 +97,7 @@ public class OAuth2WebSecurityConfigurationTests {
 				.getField(filterChains.get(0), "filters");
 		List<Filter> oauth2Filters = filters.stream()
 				.filter((f) -> f instanceof AuthorizationCodeAuthenticationFilter
-						|| f instanceof AuthorizationCodeRequestRedirectFilter)
+						|| f instanceof AuthorizationRequestRedirectFilter)
 				.collect(Collectors.toList());
 		return oauth2Filters.stream()
 				.filter((f) -> f instanceof AuthorizationCodeAuthenticationFilter)
@ -111,7 +111,7 @@ public class OAuth2WebSecurityConfigurationTests {
 				&& ObjectUtils.nullSafeEquals(reg1.getClientName(), reg2.getClientName());
 		result = result && ObjectUtils.nullSafeEquals(reg1.getClientSecret(),
 				reg2.getClientSecret());
-		result = result && ObjectUtils.nullSafeEquals(reg1.getScope(), reg2.getScope());
+		result = result && ObjectUtils.nullSafeEquals(reg1.getScopes(), reg2.getScopes());
 		result = result && ObjectUtils.nullSafeEquals(reg1.getRedirectUri(),
 				reg2.getRedirectUri());
 		result = result && ObjectUtils.nullSafeEquals(reg1.getRegistrationId(),
@ -154,7 +154,7 @@ public class OAuth2WebSecurityConfigurationTests {
 		}
 		private ClientRegistration getClientRegistration(String id, String userInfoUri) {
-			ClientRegistration.Builder builder = new ClientRegistration.Builder(id);
+			ClientRegistration.Builder builder = ClientRegistration.withRegistrationId(id);
 			builder.clientName("foo").clientId("foo")
 					.clientAuthenticationMethod(
 							org.springframework.security.oauth2.core.ClientAuthenticationMethod.BASIC)
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfigurationTests.java
@ -29,14 +29,14 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.server.reactive.HttpHandler;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
-import org.springframework.security.config.annotation.web.reactive.HttpSecurityConfiguration;
+import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfiguration;
 import org.springframework.security.config.annotation.web.reactive.WebFluxSecurityConfiguration;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.userdetails.MapUserDetailsRepository;
+import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsRepository;
+import org.springframework.security.web.server.WebFilterChainProxy;
 import org.springframework.security.web.server.WebFilterChainFilter;
 import org.springframework.web.reactive.config.EnableWebFlux;
 import org.springframework.web.server.adapter.WebHttpHandlerBuilder;
@ -58,11 +58,11 @@ public class ReactiveSecurityAutoConfigurationTests {
 				.withConfiguration(
 						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
 				.run((context) -> {
-					assertThat(context).getBean(HttpSecurityConfiguration.class)
+					assertThat(context).getBean(ServerHttpSecurityConfiguration.class)
 							.isNotNull();
 					assertThat(context).getBean(WebFluxSecurityConfiguration.class)
 							.isNotNull();
-					assertThat(context).getBean(WebFilterChainFilter.class).isNotNull();
+					assertThat(context).getBean(WebFilterChainProxy.class).isNotNull();
 				});
 	}
@ -72,9 +72,9 @@ public class ReactiveSecurityAutoConfigurationTests {
 				.withConfiguration(
 						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
 				.run((context) -> {
-					UserDetailsRepository userDetailsRepository = context
+					ReactiveUserDetailsService userDetailsService = context
-							.getBean(UserDetailsRepository.class);
+							.getBean(ReactiveUserDetailsService.class);
-					assertThat(userDetailsRepository.findByUsername("user").block())
+					assertThat(userDetailsService.findByUsername("user").block())
 							.isNotNull();
 				});
 	}
@ -85,13 +85,13 @@ public class ReactiveSecurityAutoConfigurationTests {
 				.withConfiguration(
 						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
 				.run((context) -> {
-					UserDetailsRepository userDetailsRepository = context
+					ReactiveUserDetailsService userDetailsService = context
-							.getBean(UserDetailsRepository.class);
+							.getBean(ReactiveUserDetailsService.class);
-					assertThat(userDetailsRepository.findByUsername("user").block())
+					assertThat(userDetailsService.findByUsername("user").block())
 							.isNull();
-					assertThat(userDetailsRepository.findByUsername("foo").block())
+					assertThat(userDetailsService.findByUsername("foo").block())
 							.isNotNull();
-					assertThat(userDetailsRepository.findByUsername("admin").block())
+					assertThat(userDetailsService.findByUsername("admin").block())
 							.isNotNull();
 				});
 	}
@ -103,7 +103,7 @@ public class ReactiveSecurityAutoConfigurationTests {
 						TestConfig.class)
 				.withConfiguration(
 						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
-				.run((context) -> assertThat(context).getBean(UserDetailsRepository.class)
+				.run((context) -> assertThat(context).getBean(ReactiveUserDetailsService.class)
 						.isNull());
 	}
@ -127,12 +127,12 @@ public class ReactiveSecurityAutoConfigurationTests {
 	static class UserConfig {
 		@Bean
-		public MapUserDetailsRepository userDetailsRepository() {
+		public MapReactiveUserDetailsService userDetailsService() {
 			UserDetails foo = User.withUsername("foo").password("foo").roles("USER")
 					.build();
 			UserDetails admin = User.withUsername("admin").password("admin")
 					.roles("USER", "ADMIN").build();
-			return new MapUserDetailsRepository(foo, admin);
+			return new MapReactiveUserDetailsService(foo, admin);
 		}
 	}
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/user/SecurityConfig.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/user/SecurityConfig.java
@ -1,43 +0,0 @@
 /*
 * Copyright 2012-2017 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.boot.autoconfigure.security.user;
 import org.springframework.boot.autoconfigure.domain.EntityScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
@EntityScan(basePackageClasses = User.class)
@EnableJpaRepositories(basePackageClasses = User.class)
 public class SecurityConfig extends GlobalAuthenticationConfigurerAdapter {
 	protected final UserRepository userRepository;
 	public SecurityConfig(UserRepository userRepository) {
 		this.userRepository = userRepository;
 	}
 	@Override
 	public void init(AuthenticationManagerBuilder auth) throws Exception {
 		System.err.println("Global security config");
 	}
 }
--- a/spring-boot-project/spring-boot-dependencies/pom.xml
+++ b/spring-boot-project/spring-boot-dependencies/pom.xml
@ -154,7 +154,7 @@
 		<spring-plugin.version>1.2.0.RELEASE</spring-plugin.version>
 		<spring-restdocs.version>1.2.2.RELEASE</spring-restdocs.version>
 		<spring-retry.version>1.2.1.RELEASE</spring-retry.version>
-		<spring-security.version>5.0.0.M5</spring-security.version>
+		<spring-security.version>5.0.0.BUILD-SNAPSHOT</spring-security.version>
 		<spring-session.version>2.0.0.M5</spring-session.version>
 		<spring-session-data-mongodb.version>2.0.0.M4</spring-session-data-mongodb.version>
 		<spring-social.version>2.0.0.M4</spring-social.version>
--- a/spring-boot-project/spring-boot-docs/pom.xml
+++ b/spring-boot-project/spring-boot-docs/pom.xml
@ -712,11 +712,6 @@
 			<artifactId>spring-security-test</artifactId>
 			<optional>true</optional>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-webflux</artifactId>
 			<optional>true</optional>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.session</groupId>
 			<artifactId>spring-session-core</artifactId>
--- a/spring-boot-project/spring-boot-starters/pom.xml
+++ b/spring-boot-project/spring-boot-starters/pom.xml
@ -58,7 +58,6 @@
 		<module>spring-boot-starter-quartz</module>
 		<module>spring-boot-starter-reactor-netty</module>
 		<module>spring-boot-starter-security</module>
 		<module>spring-boot-starter-security-reactive</module>
 		<module>spring-boot-starter-social-facebook</module>
 		<module>spring-boot-starter-social-twitter</module>
 		<module>spring-boot-starter-social-linkedin</module>
--- a/spring-boot-project/spring-boot-starters/spring-boot-starter-security-reactive/pom.xml
+++ b/spring-boot-project/spring-boot-starters/spring-boot-starter-security-reactive/pom.xml
@ -1,34 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starters</artifactId>
 		<version>${revision}</version>
 	</parent>
 	<artifactId>spring-boot-starter-security-reactive</artifactId>
 	<name>Spring Boot Security Reactive Starter</name>
 	<description>Starter for using reactive Spring Security</description>
 	<properties>
 		<main.basedir>${basedir}/../../..</main.basedir>
 	</properties>
 	<dependencies>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-aop</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-config</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-webflux</artifactId>
 		</dependency>
 	</dependencies>
 </project>
--- a/spring-boot-project/spring-boot-starters/spring-boot-starter-security-reactive/src/main/resources/META-INF/spring.provides
+++ b/spring-boot-project/spring-boot-starters/spring-boot-starter-security-reactive/src/main/resources/META-INF/spring.provides
@ -1 +0,0 @@
 provides: spring-security-webflux,spring-security-config
--- a/spring-boot-samples/spring-boot-sample-secure-webflux/pom.xml
+++ b/spring-boot-samples/spring-boot-sample-secure-webflux/pom.xml
@ -27,7 +27,7 @@
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-security-reactive</artifactId>
+			<artifactId>spring-boot-starter-security</artifactId>
 		</dependency>
 		<!-- Test -->
 		<dependency>
--- a/spring-boot-samples/spring-boot-sample-secure-webflux/src/main/java/sample/secure/webflux/SampleSecureWebFluxApplication.java
+++ b/spring-boot-samples/spring-boot-sample-secure-webflux/src/main/java/sample/secure/webflux/SampleSecureWebFluxApplication.java
@ -19,9 +19,9 @@ package sample.secure.webflux;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
-import org.springframework.security.core.userdetails.MapUserDetailsRepository;
+import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetailsRepository;
 import org.springframework.web.reactive.function.server.RouterFunction;
 import org.springframework.web.reactive.function.server.ServerResponse;
@ -41,8 +41,8 @@ public class SampleSecureWebFluxApplication {
 	}
 	@Bean
-	public UserDetailsRepository userDetailsRepository() {
+	public ReactiveUserDetailsService userDetailsRepository() {
-		return new MapUserDetailsRepository(
+		return new MapReactiveUserDetailsService(
 				User.withUsername("foo").password("password").roles("USER").build());
 	}
--- a/spring-boot-samples/spring-boot-sample-web-method-security/src/main/java/sample/security/method/SampleMethodSecurityApplication.java
+++ b/spring-boot-samples/spring-boot-sample-web-method-security/src/main/java/sample/security/method/SampleMethodSecurityApplication.java
@ -18,19 +18,21 @@ package sample.security.method;
 import java.util.Date;
 import java.util.Map;
 import java.util.UUID;
 import org.springframework.boot.actuate.autoconfigure.security.EndpointRequest;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
@ -67,14 +69,14 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer {
 	@Order(Ordered.HIGHEST_PRECEDENCE)
 	@Configuration
-	protected static class AuthenticationSecurity
+	protected static class AuthenticationSecurity {
 			extends GlobalAuthenticationConfigurerAdapter {
-		@Override
+		@Bean
-		public void init(AuthenticationManagerBuilder auth) throws Exception {
+		public InMemoryUserDetailsManager inMemoryUserDetailsManager() throws Exception {
-			auth.inMemoryAuthentication().withUser("admin").password("admin")
+			String password = UUID.randomUUID().toString();
-					.roles("ADMIN", "USER", "ACTUATOR").and().withUser("user")
+			return new InMemoryUserDetailsManager(
-					.password("user").roles("USER");
+					User.withUsername("admin").password("admin").roles("ADMIN", "USER", "ACTUATOR").build(),
 					User.withUsername("user").password("user").roles("USER").build());
 		}
 	}
		`@ -1 +0,0 @@`
			`provides: spring-security-webflux,spring-security-config`