Upgrade to Spring Security 5.5.0-M2

Closes gh-25255

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java

 /*
- * Copyright 2012-2020 the original author or authors.
+ * Copyright 2012-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -86,7 +86,7 @@ class OAuth2ClientPropertiesRegistrationAdapterTests {
 		assertThat(adapted.getClientId()).isEqualTo("clientId");
 		assertThat(adapted.getClientSecret()).isEqualTo("clientSecret");
 		assertThat(adapted.getClientAuthenticationMethod())
-				.isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.POST);
+				.isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.CLIENT_SECRET_POST);
 		assertThat(adapted.getAuthorizationGrantType())
 				.isEqualTo(org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(adapted.getRedirectUri()).isEqualTo("https://example.com/redirect");
@@ -116,7 +116,7 @@ class OAuth2ClientPropertiesRegistrationAdapterTests {
 		assertThat(adapted.getClientId()).isEqualTo("clientId");
 		assertThat(adapted.getClientSecret()).isEqualTo("clientSecret");
 		assertThat(adapted.getClientAuthenticationMethod())
-				.isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.BASIC);
+				.isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
 		assertThat(adapted.getAuthorizationGrantType())
 				.isEqualTo(org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(adapted.getRedirectUri()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
@@ -146,7 +146,7 @@ class OAuth2ClientPropertiesRegistrationAdapterTests {
 		assertThat(adapted.getClientId()).isEqualTo("clientId");
 		assertThat(adapted.getClientSecret()).isEqualTo("clientSecret");
 		assertThat(adapted.getClientAuthenticationMethod())
-				.isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.POST);
+				.isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.CLIENT_SECRET_POST);
 		assertThat(adapted.getAuthorizationGrantType())
 				.isEqualTo(org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(adapted.getRedirectUri()).isEqualTo("https://example.com/redirect");
@@ -187,7 +187,7 @@ class OAuth2ClientPropertiesRegistrationAdapterTests {
 		assertThat(adapted.getClientId()).isEqualTo("clientId");
 		assertThat(adapted.getClientSecret()).isEqualTo("clientSecret");
 		assertThat(adapted.getClientAuthenticationMethod())
-				.isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.BASIC);
+				.isEqualTo(org.springframework.security.oauth2.core.ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
 		assertThat(adapted.getAuthorizationGrantType())
 				.isEqualTo(org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(adapted.getRedirectUri()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
@@ -254,7 +254,7 @@ class OAuth2ClientPropertiesRegistrationAdapterTests {
 				.getClientRegistrations(properties);
 		ClientRegistration adapted = registrations.get("okta");
 		ProviderDetails providerDetails = adapted.getProviderDetails();
-		assertThat(adapted.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.POST);
+		assertThat(adapted.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_POST);
 		assertThat(adapted.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(adapted.getRegistrationId()).isEqualTo("okta");
 		assertThat(adapted.getClientName()).isEqualTo(issuer);
@@ -283,7 +283,7 @@ class OAuth2ClientPropertiesRegistrationAdapterTests {
 		registration.setProvider(provider);
 		registration.setClientId("clientId");
 		registration.setClientSecret("clientSecret");
-		registration.setClientAuthenticationMethod("post");
+		registration.setClientAuthenticationMethod("client_secret_post");
 		registration.setRedirectUri("https://example.com/redirect");
 		registration.setScope(Collections.singleton("user"));
 		registration.setAuthorizationGrantType("authorization_code");
@@ -305,7 +305,7 @@ class OAuth2ClientPropertiesRegistrationAdapterTests {
 				.getClientRegistrations(properties);
 		ClientRegistration adapted = registrations.get("okta");
 		ProviderDetails providerDetails = adapted.getProviderDetails();
-		assertThat(adapted.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
+		assertThat(adapted.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
 		assertThat(adapted.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(adapted.getRegistrationId()).isEqualTo("okta");
 		assertThat(adapted.getClientName()).isEqualTo(issuer);

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/reactive/ReactiveOAuth2ClientAutoConfigurationTests.java

 /*
- * Copyright 2012-2020 the original author or authors.
+ * Copyright 2012-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -207,7 +207,7 @@ class ReactiveOAuth2ClientAutoConfigurationTests {
 			ClientRegistration.Builder builder = ClientRegistration.withRegistrationId(id);
 			builder.clientName("foo").clientId("foo")
 					.clientAuthenticationMethod(
-							org.springframework.security.oauth2.core.ClientAuthenticationMethod.BASIC)
+							org.springframework.security.oauth2.core.ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
 					.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).scope("read")
 					.clientSecret("secret").redirectUri("https://redirect-uri.com")
 					.authorizationUri("https://authorization-uri.com").tokenUri("https://token-uri.com")

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfigurationTests.java

 /*
- * Copyright 2012-2020 the original author or authors.
+ * Copyright 2012-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -219,7 +219,7 @@ class OAuth2WebSecurityConfigurationTests {
 			ClientRegistration.Builder builder = ClientRegistration.withRegistrationId(id);
 			builder.clientName("foo").clientId("foo")
 					.clientAuthenticationMethod(
-							org.springframework.security.oauth2.core.ClientAuthenticationMethod.BASIC)
+							org.springframework.security.oauth2.core.ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
 					.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).scope("read")
 					.clientSecret("secret").redirectUri("https://redirect-uri.com")
 					.authorizationUri("https://authorization-uri.com").tokenUri("https://token-uri.com")

spring-boot-project/spring-boot-dependencies/build.gradle

@@ -1687,7 +1687,7 @@ bom {
 			]
 		}
 	}
-	library("Spring Security", "5.5.0-M1") {
+	library("Spring Security", "5.5.0-M2") {
 		group("org.springframework.security") {
 			imports = [
 				"spring-security-bom"