docs: update

docs/modules/ROOT/pages/servlet/architecture.adoc

@@ -372,7 +372,7 @@ You can also use `HttpSecurity#addFilterAfter` to add the filter after a particu
 
 And that's it, now the `TenantFilter` will be invoked in the filter chain and will check if the current user has access to the tenant id.
 
-Be careful when you declare your filter as a Spring bean, either by annotating it with `@Component` or by declaring it as a bean in your configuration, because Spring Boot will automatically {spring-boot-reference-url}web.html#web.servlet.embedded-container.servlets-filters-listeners.beans[register it with the embedded container].
+Be careful when you declare your filter as a Spring bean, either by annotating it with `@Component` or by declaring it as a bean in your configuration, because Spring Boot will automatically {spring-boot-reference-url}reference/web/servlet.html#web.servlet.embedded-container.servlets-filters-listeners.beans[register it with the embedded container].
 That may cause the filter to be invoked twice, once by the container and once by Spring Security and in a different order.
 
 If you still want to declare your filter as a Spring bean to take advantage of dependency injection for example, and avoid the duplicate invocation, you can tell Spring Boot to not register it with the container by declaring a `FilterRegistrationBean` bean and setting its `enabled` property to `false`:

docs/modules/ROOT/pages/servlet/authentication/logout.adoc

@@ -19,7 +19,7 @@ The rest of this section covers a number of use cases for you to consider:
 [[logout-java-configuration]]
 == Understanding Logout's Architecture
 
-When you include {spring-boot-reference-url}using.html#using.build-systems.starters[the `spring-boot-starter-security` dependency] or use the `@EnableWebSecurity` annotation, Spring Security will add its logout support and by default respond both to `GET /logout` and `POST /logout`.
+When you include {spring-boot-reference-url}reference/using/build-systems.html#using.build-systems.starters[the `spring-boot-starter-security` dependency] or use the `@EnableWebSecurity` annotation, Spring Security will add its logout support and by default respond both to `GET /logout` and `POST /logout`.
 
 If you request `GET /logout`, then Spring Security displays a logout confirmation page.
 Aside from providing a valuable double-checking mechanism for the user, it also provides a simple way to provide xref:servlet/exploits/csrf.adoc[the needed CSRF token] to `POST /logout`.

docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc

@@ -124,7 +124,7 @@ In this case, authorization happens twice; once for authorizing `/endpoint` and
 
 For that reason, you may want to <<match-by-dispatcher-type, permit all `FORWARD` dispatches>>.
 
-Another example of this principle is {spring-boot-reference-url}web.html#web.servlet.spring-mvc.error-handling[how Spring Boot handles errors].
+Another example of this principle is {spring-boot-reference-url}reference/web/servlet.html#web.servlet.spring-mvc.error-handling[how Spring Boot handles errors].
 If the container catches an exception, say like the following:
 
 .Sample Erroring Spring MVC Controller

docs/modules/ROOT/pages/servlet/authorization/method-security.adoc

@@ -35,7 +35,7 @@ Xml::
 Then, you are immediately able to annotate any Spring-managed class or method with <<use-preauthorize, `@PreAuthorize`>>, <<use-postauthorize,`@PostAuthorize`>>, <<use-prefilter,`@PreFilter`>>, and <<use-postfilter,`@PostFilter`>> to authorize method invocations, including the input parameters and return values.
 
 [NOTE]
-{spring-boot-reference-url}using.html#using.build-systems.starters[Spring Boot Starter Security] does not activate method-level authorization by default.
+{spring-boot-reference-url}reference/using/build-systems.html#using.build-systems.starters[Spring Boot Starter Security] does not activate method-level authorization by default.
 
 Method Security supports many other use cases as well including <<use-aspectj, AspectJ support>>, <<use-programmatic-authorization,custom annotations>>, and several configuration points.
 Consider learning about the following use cases:

docs/modules/ROOT/pages/servlet/getting-started.adoc

@@ -17,7 +17,7 @@ You first need to add Spring Security to your application's classpath; two ways
 [[servlet-hello-starting]]
 == Starting Hello Spring Security Boot
 
-With Spring Security <<servlet-hello-dependencies,on the classpath>>, you can now {spring-boot-reference-url}#using.running-your-application[run the Spring Boot application].
+With Spring Security <<servlet-hello-dependencies,on the classpath>>, you can now {spring-boot-reference-url}reference/using/running-your-application.html[run the Spring Boot application].
 The following snippet shows some of the output that indicates that Spring Security is enabled in your application:
 
 .Running Spring Boot Application

docs/spring-security-docs.gradle

@@ -56,8 +56,8 @@ def generateAttributes() {
 	def securityReferenceUrl = "$securityDocsUrl/reference/html5/"
 	def springFrameworkApiUrl = "https://docs.spring.io/spring-framework/docs/$springFrameworkVersion/javadoc-api/"
 	def springFrameworkReferenceUrl = "https://docs.spring.io/spring-framework/reference/$springFrameworkVersion/"
-	def springBootReferenceUrl = "https://docs.spring.io/spring-boot/docs/$springBootVersion/reference/html/"
-	def springBootApiUrl = "https://docs.spring.io/spring-boot/docs/$springBootVersion/api/"
+	def springBootReferenceUrl = "https://docs.spring.io/spring-boot/$springBootVersion/"
+	def springBootApiUrl = "https://docs.spring.io/spring-boot/$springBootVersion/api/java/"
 
 	return	['gh-old-samples-url': ghOldSamplesUrl.toString(),
 		'gh-samples-url': ghSamplesUrl.toString(),

gradle.properties

@@ -14,7 +14,7 @@
 # limitations under the License.
 #
 
-springBootVersion=3.1.1
+springBootVersion=3.3.3
 version=6.4.0-SNAPSHOT
 samplesBranch=main
 org.gradle.jvmargs=-Xmx3g -XX:+HeapDumpOnOutOfMemoryError