Revert "Restructure of security packages"

See gh-14412

Revert "Restructure of security packages"
See gh-14412
474da80b · Stephane Nicoll · ea42fb44 · 474da80b · 474da80b · 474da80b
Commit 474da80b authored Oct 17, 2018 by Stephane Nicoll
81 changed files
--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/reactive/EndpointRequest.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/reactive/EndpointRequest.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.actuate.autoconfigure.security.web.reactive;
+package org.springframework.boot.actuate.autoconfigure.security.reactive;

 import java.util.ArrayList;
 import java.util.Arrays;
@@ -49,7 +49,7 @@ import org.springframework.web.server.ServerWebExchange;
 * endpoint locations.
 *
 * @author Madhura Bhave
- * @since 2.1.0
+ * @since 2.0.0
 */
 public final class EndpointRequest {


--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/reactive/ReactiveManagementWebSecurityAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/reactive/ReactiveManagementWebSecurityAutoConfiguration.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.actuate.autoconfigure.security.web.reactive;
+package org.springframework.boot.actuate.autoconfigure.security.reactive;

 import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.health.HealthEndpointAutoConfiguration;
@@ -27,8 +27,8 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
-import org.springframework.boot.autoconfigure.security.oauth2.client.ReactiveOAuth2ClientAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.oauth2.client.reactive.ReactiveOAuth2ClientAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
@@ -48,7 +48,7 @@ import org.springframework.security.web.server.WebFilterChainProxy;
 @ConditionalOnClass({ EnableWebFluxSecurity.class, WebFilterChainProxy.class })
 @ConditionalOnMissingBean({ SecurityWebFilterChain.class, WebFilterChainProxy.class })
 @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
-@AutoConfigureBefore(ReactiveWebSecurityAutoConfiguration.class)
+@AutoConfigureBefore(ReactiveSecurityAutoConfiguration.class)
 @AutoConfigureAfter({ HealthEndpointAutoConfiguration.class,
 		InfoEndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class,
 		ReactiveOAuth2ClientAutoConfiguration.class })

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/reactive/package-info.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/reactive/package-info.java
@@ -17,4 +17,4 @@
 /**
 * Auto-configuration for actuator security using WebFlux.
 */
-package org.springframework.boot.actuate.autoconfigure.security.web.reactive;
+package org.springframework.boot.actuate.autoconfigure.security.reactive;
--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/servlet/EndpointRequest.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/servlet/EndpointRequest.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.actuate.autoconfigure.security.web.servlet;
+package org.springframework.boot.actuate.autoconfigure.security.servlet;

 import java.util.ArrayList;
 import java.util.Arrays;
@@ -34,7 +34,7 @@ import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointPr
 import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
 import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoints;
-import org.springframework.boot.autoconfigure.security.web.servlet.RequestMatcherProvider;
+import org.springframework.boot.autoconfigure.security.servlet.RequestMatcherProvider;
 import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
 import org.springframework.core.annotation.AnnotatedElementUtils;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -50,7 +50,7 @@ import org.springframework.web.context.WebApplicationContext;
 *
 * @author Madhura Bhave
 * @author Phillip Webb
- * @since 2.1.0
+ * @since 2.0.0
 */
 public final class EndpointRequest {


--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/servlet/ManagementWebSecurityAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/servlet/ManagementWebSecurityAutoConfiguration.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.actuate.autoconfigure.security.web.servlet;
+package org.springframework.boot.actuate.autoconfigure.security.servlet;

 import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.health.HealthEndpointAutoConfiguration;
@@ -25,9 +25,9 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
-import org.springframework.boot.autoconfigure.security.oauth2.client.web.OAuth2ClientAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.EnableWebSecurityConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.WebSecurityEnablerConfiguration;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -44,12 +44,12 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 @ConditionalOnClass(WebSecurityConfigurerAdapter.class)
 @ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class)
 @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
-@AutoConfigureBefore(ServletWebSecurityAutoConfiguration.class)
+@AutoConfigureBefore(SecurityAutoConfiguration.class)
 @AutoConfigureAfter({ HealthEndpointAutoConfiguration.class,
 		InfoEndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class,
 		OAuth2ClientAutoConfiguration.class })
 @Import({ ManagementWebSecurityConfigurerAdapter.class,
-		EnableWebSecurityConfiguration.class })
+		WebSecurityEnablerConfiguration.class })
 public class ManagementWebSecurityAutoConfiguration {

 }
--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/servlet/ManagementWebSecurityConfigurerAdapter.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/servlet/ManagementWebSecurityConfigurerAdapter.java
@@ -14,22 +14,23 @@
 * limitations under the License.
 */

-package org.springframework.boot.actuate.autoconfigure.security.web.servlet;
+package org.springframework.boot.actuate.autoconfigure.security.servlet;

 import org.springframework.boot.actuate.health.HealthEndpoint;
 import org.springframework.boot.actuate.info.InfoEndpoint;
-import org.springframework.boot.autoconfigure.security.web.servlet.SpringBootWebSecurityConfiguration;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

 /**
 * The default configuration for web security when the actuator dependency is on the
- * classpath. It is different from {@link SpringBootWebSecurityConfiguration} in that it
- * allows unauthenticated access to the {@link HealthEndpoint} and {@link InfoEndpoint}.
- * If the user specifies their own {@link WebSecurityConfigurerAdapter}, this will
- * back-off completely and the user should specify all the bits that they want to
- * configure as part of the custom security configuration.
+ * classpath. It is different from
+ * {@link org.springframework.boot.autoconfigure.security.servlet.SpringBootWebSecurityConfiguration}
+ * in that it allows unauthenticated access to the {@link HealthEndpoint} and
+ * {@link InfoEndpoint}. If the user specifies their own
+ * {@link WebSecurityConfigurerAdapter}, this will back-off completely and the user should
+ * specify all the bits that they want to configure as part of the custom security
+ * configuration.
 *
 * @author Madhura Bhave
 */

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/servlet/package-info.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/web/servlet/package-info.java
@@ -17,4 +17,4 @@
 /**
 * Auto-configuration for actuator security using Spring MVC.
 */
-package org.springframework.boot.actuate.autoconfigure.security.web.servlet;
+package org.springframework.boot.actuate.autoconfigure.security.servlet;
--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/resources/META-INF/spring.factories
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/resources/META-INF/spring.factories
@@ -77,8 +77,8 @@ org.springframework.boot.actuate.autoconfigure.neo4j.Neo4jHealthIndicatorAutoCon
 org.springframework.boot.actuate.autoconfigure.redis.RedisHealthIndicatorAutoConfiguration,\
 org.springframework.boot.actuate.autoconfigure.redis.RedisReactiveHealthIndicatorAutoConfiguration,\
 org.springframework.boot.actuate.autoconfigure.scheduling.ScheduledTasksEndpointAutoConfiguration,\
-org.springframework.boot.actuate.autoconfigure.security.web.reactive.ReactiveManagementWebSecurityAutoConfiguration,\
-org.springframework.boot.actuate.autoconfigure.security.web.servlet.ManagementWebSecurityAutoConfiguration,\
+org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration,\
+org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration,\
 org.springframework.boot.actuate.autoconfigure.session.SessionsEndpointAutoConfiguration,\
 org.springframework.boot.actuate.autoconfigure.solr.SolrHealthIndicatorAutoConfiguration,\
 org.springframework.boot.actuate.autoconfigure.system.DiskSpaceHealthIndicatorAutoConfiguration,\

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/CloudFoundryReactiveHealthEndpointWebExtensionTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/CloudFoundryReactiveHealthEndpointWebExtensionTests.java
@@ -27,8 +27,8 @@ import org.springframework.boot.autoconfigure.AutoConfigurations;
 import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
 import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
 import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.ReactiveUserDetailsServiceAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.reactive.ReactiveUserDetailsServiceAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.reactive.WebFluxAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.reactive.function.client.WebClientAutoConfiguration;
 import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
@@ -45,7 +45,7 @@ public class CloudFoundryReactiveHealthEndpointWebExtensionTests {
 	private ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner()
 			.withPropertyValues("VCAP_APPLICATION={}")
 			.withConfiguration(AutoConfigurations.of(
-					ReactiveWebSecurityAutoConfiguration.class,
+					ReactiveSecurityAutoConfiguration.class,
 					ReactiveUserDetailsServiceAutoConfiguration.class,
 					WebFluxAutoConfiguration.class, JacksonAutoConfiguration.class,
 					HttpMessageConvertersAutoConfiguration.class,

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/ReactiveCloudFoundryActuatorAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/ReactiveCloudFoundryActuatorAutoConfigurationTests.java
@@ -44,8 +44,8 @@ import org.springframework.boot.autoconfigure.AutoConfigurations;
 import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
 import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
 import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.ReactiveUserDetailsServiceAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.reactive.ReactiveUserDetailsServiceAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.reactive.WebFluxAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.reactive.function.client.WebClientAutoConfiguration;
 import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
@@ -76,7 +76,7 @@ public class ReactiveCloudFoundryActuatorAutoConfigurationTests {

 	private final ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner()
 			.withConfiguration(AutoConfigurations.of(
-					ReactiveWebSecurityAutoConfiguration.class,
+					ReactiveSecurityAutoConfiguration.class,
 					ReactiveUserDetailsServiceAutoConfiguration.class,
 					WebFluxAutoConfiguration.class, JacksonAutoConfiguration.class,
 					HttpMessageConvertersAutoConfiguration.class,

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfigurationTests.java
@@ -38,8 +38,7 @@ import org.springframework.boot.autoconfigure.AutoConfigurations;
 import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
 import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
 import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.client.RestTemplateAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
@@ -71,7 +70,6 @@ public class CloudFoundryActuatorAutoConfigurationTests {

 	private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
 			.withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class,
-					ServletWebSecurityAutoConfiguration.class,
 					WebMvcAutoConfiguration.class, JacksonAutoConfiguration.class,
 					DispatcherServletAutoConfiguration.class,
 					HttpMessageConvertersAutoConfiguration.class,

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryHealthEndpointWebExtensionTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryHealthEndpointWebExtensionTests.java
@@ -28,7 +28,7 @@ import org.springframework.boot.autoconfigure.AutoConfigurations;
 import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
 import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
 import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.client.RestTemplateAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/integrationtest/ControllerEndpointWebMvcIntegrationTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/integrationtest/ControllerEndpointWebMvcIntegrationTests.java
@@ -31,8 +31,7 @@ import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
 import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
 import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
 import org.springframework.boot.test.util.TestPropertyValues;
@@ -119,8 +118,7 @@ public class ControllerEndpointWebMvcIntegrationTests {
 	}

 	@Import(DefaultConfiguration.class)
-	@ImportAutoConfiguration({ SecurityAutoConfiguration.class,
-			ServletWebSecurityAutoConfiguration.class })
+	@ImportAutoConfiguration({ SecurityAutoConfiguration.class })
 	static class SecureConfiguration {

 	}

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/integrationtest/WebMvcEndpointIntegrationTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/integrationtest/WebMvcEndpointIntegrationTests.java
@@ -39,8 +39,7 @@ import org.springframework.boot.autoconfigure.data.rest.RepositoryRestMvcAutoCon
 import org.springframework.boot.autoconfigure.hateoas.HypermediaAutoConfiguration;
 import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
 import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
 import org.springframework.boot.test.util.TestPropertyValues;
@@ -165,8 +164,7 @@ public class WebMvcEndpointIntegrationTests {
 	}

 	@Import(DefaultConfiguration.class)
-	@ImportAutoConfiguration({ SecurityAutoConfiguration.class,
-			ServletWebSecurityAutoConfiguration.class })
+	@ImportAutoConfiguration({ SecurityAutoConfiguration.class })
 	static class SecureConfiguration {

 	}

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/EndpointRequestTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/EndpointRequestTests.java
@@ -23,7 +23,6 @@ import org.assertj.core.api.AssertDelegateTarget;
 import org.junit.Test;

 import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
-import org.springframework.boot.actuate.autoconfigure.security.web.reactive.EndpointRequest;
 import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.ExposableEndpoint;
 import org.springframework.boot.actuate.endpoint.Operation;

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfigurationTests.java
@@ -30,10 +30,9 @@ import org.springframework.boot.actuate.autoconfigure.env.EnvironmentEndpointAut
 import org.springframework.boot.actuate.autoconfigure.health.HealthEndpointAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.health.HealthIndicatorAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration;
-import org.springframework.boot.actuate.autoconfigure.security.web.reactive.ReactiveManagementWebSecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.AutoConfigurations;
-import org.springframework.boot.autoconfigure.security.ReactiveUserDetailsServiceAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.reactive.ReactiveUserDetailsServiceAutoConfiguration;
 import org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext;
 import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
 import org.springframework.context.ApplicationContext;
@@ -70,7 +69,7 @@ public class ReactiveManagementWebSecurityAutoConfigurationTests {
 					InfoEndpointAutoConfiguration.class,
 					EnvironmentEndpointAutoConfiguration.class,
 					EndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class,
-					ReactiveWebSecurityAutoConfiguration.class,
+					ReactiveSecurityAutoConfiguration.class,
 					ReactiveUserDetailsServiceAutoConfiguration.class,
 					ReactiveManagementWebSecurityAutoConfiguration.class));


--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AbstractEndpointRequestIntegrationTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AbstractEndpointRequestIntegrationTests.java
@@ -21,7 +21,6 @@ import java.util.List;

 import org.junit.Test;

-import org.springframework.boot.actuate.autoconfigure.security.web.servlet.EndpointRequest;
 import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.ExposableEndpoint;
 import org.springframework.boot.actuate.endpoint.Operation;

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequestTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequestTests.java
@@ -25,7 +25,6 @@ import org.assertj.core.api.AssertDelegateTarget;
 import org.junit.Test;

 import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
-import org.springframework.boot.actuate.autoconfigure.security.web.servlet.EndpointRequest;
 import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.ExposableEndpoint;
 import org.springframework.boot.actuate.endpoint.Operation;
@@ -33,7 +32,7 @@ import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
 import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoint;
 import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoints;
 import org.springframework.boot.actuate.endpoint.web.annotation.ServletEndpoint;
-import org.springframework.boot.autoconfigure.security.web.servlet.RequestMatcherProvider;
+import org.springframework.boot.autoconfigure.security.servlet.RequestMatcherProvider;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockServletContext;
 import org.springframework.security.web.util.matcher.RequestMatcher;

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/JerseyEndpointRequestIntegrationTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/JerseyEndpointRequestIntegrationTests.java
@@ -25,7 +25,6 @@ import org.glassfish.jersey.server.ResourceConfig;
 import org.glassfish.jersey.server.model.Resource;

 import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
-import org.springframework.boot.actuate.autoconfigure.security.web.servlet.EndpointRequest;
 import org.springframework.boot.actuate.endpoint.http.ActuatorMediaType;
 import org.springframework.boot.actuate.endpoint.invoke.convert.ConversionServiceParameterValueMapper;
 import org.springframework.boot.actuate.endpoint.web.EndpointLinksResolver;
@@ -37,10 +36,9 @@ import org.springframework.boot.autoconfigure.AutoConfigurations;
 import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
 import org.springframework.boot.autoconfigure.jersey.JerseyAutoConfiguration;
 import org.springframework.boot.autoconfigure.jersey.ResourceConfigCustomizer;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.UserDetailsServiceAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.SecurityRequestMatcherProviderAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityRequestMatcherProviderAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
@@ -65,7 +63,6 @@ public class JerseyEndpointRequestIntegrationTests
 								SecurityConfiguration.class, BaseConfiguration.class)
 						.withConfiguration(AutoConfigurations.of(
 								SecurityAutoConfiguration.class,
-								ServletWebSecurityAutoConfiguration.class,
 								UserDetailsServiceAutoConfiguration.class,
 								SecurityRequestMatcherProviderAutoConfiguration.class,
 								JacksonAutoConfiguration.class,

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java
@@ -27,10 +27,8 @@ import org.springframework.boot.actuate.autoconfigure.env.EnvironmentEndpointAut
 import org.springframework.boot.actuate.autoconfigure.health.HealthEndpointAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.health.HealthIndicatorAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration;
-import org.springframework.boot.actuate.autoconfigure.security.web.servlet.ManagementWebSecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.AutoConfigurations;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 import org.springframework.boot.test.context.assertj.AssertableWebApplicationContext;
 import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
 import org.springframework.context.annotation.Configuration;
@@ -60,7 +58,6 @@ public class ManagementWebSecurityAutoConfigurationTests {
 					EnvironmentEndpointAutoConfiguration.class,
 					EndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class,
 					SecurityAutoConfiguration.class,
-					ServletWebSecurityAutoConfiguration.class,
 					ManagementWebSecurityAutoConfiguration.class));

 	@Test

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/MvcEndpointRequestIntegrationTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/MvcEndpointRequestIntegrationTests.java
@@ -22,7 +22,6 @@ import java.util.List;
 import org.junit.Test;

 import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
-import org.springframework.boot.actuate.autoconfigure.security.web.servlet.EndpointRequest;
 import org.springframework.boot.actuate.endpoint.http.ActuatorMediaType;
 import org.springframework.boot.actuate.endpoint.invoke.convert.ConversionServiceParameterValueMapper;
 import org.springframework.boot.actuate.endpoint.web.EndpointLinksResolver;
@@ -33,10 +32,9 @@ import org.springframework.boot.actuate.endpoint.web.servlet.WebMvcEndpointHandl
 import org.springframework.boot.autoconfigure.AutoConfigurations;
 import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
 import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.UserDetailsServiceAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.SecurityRequestMatcherProviderAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityRequestMatcherProviderAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
@@ -101,7 +99,6 @@ public class MvcEndpointRequestIntegrationTests
 								SecurityConfiguration.class, BaseConfiguration.class)
 						.withConfiguration(AutoConfigurations.of(
 								SecurityAutoConfiguration.class,
-								ServletWebSecurityAutoConfiguration.class,
 								UserDetailsServiceAutoConfiguration.class,
 								WebMvcAutoConfiguration.class,
 								SecurityRequestMatcherProviderAutoConfiguration.class,

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityDataConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityDataConfiguration.java
+/*
+ * Copyright 2012-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.autoconfigure.security;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
+
+/**
+ * Automatically adds Spring Security's integration with Spring Data.
+ *
+ * @author Rob Winch
+ * @since 1.3
+ */
+@Configuration
+@ConditionalOnClass(SecurityEvaluationContextExtension.class)
+public class SecurityDataConfiguration {
+
+	@Bean
+	@ConditionalOnMissingBean
+	public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
+		return new SecurityEvaluationContextExtension();
+	}
+
+}
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ReactiveOAuth2ClientAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/ReactiveOAuth2ClientAutoConfiguration.java
@@ -13,7 +13,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.oauth2.client;
+package org.springframework.boot.autoconfigure.security.oauth2.client.reactive;

 import java.util.ArrayList;
 import java.util.List;
@@ -27,7 +27,10 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.boot.autoconfigure.condition.NoneNestedConditions;
-import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition;
+import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
+import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter;
+import org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Conditional;
@@ -49,7 +52,7 @@ import org.springframework.security.oauth2.client.web.server.ServerOAuth2Authori
 * @since 2.1.0
 */
 @Configuration
-@AutoConfigureBefore(ReactiveWebSecurityAutoConfiguration.class)
+@AutoConfigureBefore(ReactiveSecurityAutoConfiguration.class)
 @EnableConfigurationProperties(OAuth2ClientProperties.class)
 @Conditional(ReactiveOAuth2ClientAutoConfiguration.NonServletApplicationCondition.class)
 @ConditionalOnClass({ Flux.class, EnableWebFluxSecurity.class, ClientRegistration.class })

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/reactive/package-info.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/reactive/package-info.java
+/*
+ * Copyright 2012-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Auto-configuration for Spring Security's Reactive OAuth 2 client.
+ */
+package org.springframework.boot.autoconfigure.security.oauth2.client.reactive;
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/web/OAuth2ClientAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/web/OAuth2ClientAutoConfiguration.java
@@ -14,13 +14,13 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.oauth2.client.web;
+package org.springframework.boot.autoconfigure.security.oauth2.client.servlet;

 import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -31,7 +31,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 *
 * @author Madhura Bhave
 * @author Phillip Webb
- * @since 2.1.0
+ * @since 2.0.0
 */
 @Configuration
 @AutoConfigureBefore(SecurityAutoConfiguration.class)

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/web/OAuth2ClientRegistrationRepositoryConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/web/OAuth2ClientRegistrationRepositoryConfiguration.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.oauth2.client.web;
+package org.springframework.boot.autoconfigure.security.oauth2.client.servlet;

 import java.util.ArrayList;
 import java.util.List;

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/web/OAuth2WebSecurityConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/web/OAuth2WebSecurityConfiguration.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.oauth2.client.web;
+package org.springframework.boot.autoconfigure.security.oauth2.client.servlet;

 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
@@ -33,7 +33,7 @@ import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepo
 *
 * @author Madhura Bhave
 * @author Phillip Webb
- * @since 2.1.0
+ * @since 2.0.0
 */
 @Configuration
 @ConditionalOnBean(ClientRegistrationRepository.class)

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/package-info.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/package-info.java
+/*
+ * Copyright 2012-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Auto-configuration for Spring Security's OAuth 2 client.
+ */
+package org.springframework.boot.autoconfigure.security.oauth2.client.servlet;
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ReactiveOAuth2ResourceServerAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ReactiveOAuth2ResourceServerAutoConfiguration.java
@@ -13,13 +13,14 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.oauth2.resource;
+package org.springframework.boot.autoconfigure.security.oauth2.resource.reactive;

 import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
-import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
+import org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
@@ -34,7 +35,7 @@ import org.springframework.security.oauth2.server.resource.BearerTokenAuthentica
 * @since 2.1.0
 */
 @Configuration
-@AutoConfigureBefore(ReactiveWebSecurityAutoConfiguration.class)
+@AutoConfigureBefore(ReactiveSecurityAutoConfiguration.class)
 @EnableConfigurationProperties(OAuth2ResourceServerProperties.class)
 @ConditionalOnClass({ EnableWebFluxSecurity.class, BearerTokenAuthenticationToken.class })
 @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ReactiveOAuth2ResourceServerJwkConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ReactiveOAuth2ResourceServerJwkConfiguration.java
@@ -13,10 +13,12 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.oauth2.resource;
+package org.springframework.boot.autoconfigure.security.oauth2.resource.reactive;

 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.IssuerUriCondition;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ReactiveOAuth2ResourceServerWebSecurityConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ReactiveOAuth2ResourceServerWebSecurityConfiguration.java
@@ -13,7 +13,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.oauth2.resource;
+package org.springframework.boot.autoconfigure.security.oauth2.resource.reactive;

 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/package-info.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/package-info.java
+/*
+ * Copyright 2012-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Auto-configuration for Spring Security's Reactive OAuth2 resource server.
+ */
+package org.springframework.boot.autoconfigure.security.oauth2.resource.reactive;
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerAutoConfiguration.java
@@ -13,13 +13,14 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.oauth2.resource;
+package org.springframework.boot.autoconfigure.security.oauth2.resource.servlet;

 import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerJwkConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerJwkConfiguration.java
@@ -13,10 +13,12 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.oauth2.resource;
+package org.springframework.boot.autoconfigure.security.oauth2.resource.servlet;

 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.IssuerUriCondition;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerWebSecurityConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerWebSecurityConfiguration.java
@@ -13,7 +13,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.oauth2.resource;
+package org.springframework.boot.autoconfigure.security.oauth2.resource.servlet;

 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/package-info.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/package-info.java
+/*
+ * Copyright 2012-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Auto-configuration for Spring Security's OAuth2 resource server.
+ */
+package org.springframework.boot.autoconfigure.security.oauth2.resource.servlet;
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/reactive/PathRequest.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/reactive/PathRequest.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.reactive;
+package org.springframework.boot.autoconfigure.security.reactive;

 import org.springframework.boot.autoconfigure.security.StaticResourceLocation;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/reactive/ReactiveWebSecurityAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/reactive/ReactiveWebSecurityAutoConfiguration.java
@@ -14,16 +14,14 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.reactive;
+package org.springframework.boot.autoconfigure.security.reactive;

 import reactor.core.publisher.Flux;

-import org.springframework.boot.autoconfigure.AutoConfigureAfter;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
@@ -44,8 +42,7 @@ import org.springframework.security.web.server.WebFilterChainProxy;
 @EnableConfigurationProperties(SecurityProperties.class)
 @ConditionalOnClass({ Flux.class, EnableWebFluxSecurity.class,
 		WebFilterChainProxy.class })
-@AutoConfigureAfter(SecurityAutoConfiguration.class)
-public class ReactiveWebSecurityAutoConfiguration {
+public class ReactiveSecurityAutoConfiguration {

 	@Configuration
 	@ConditionalOnMissingBean(WebFilterChainProxy.class)

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/ReactiveUserDetailsServiceAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/ReactiveUserDetailsServiceAutoConfiguration.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security;
+package org.springframework.boot.autoconfigure.security.reactive;

 import java.util.List;
 import java.util.regex.Pattern;
@@ -26,6 +26,7 @@ import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
@@ -37,17 +38,12 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.util.StringUtils;

 /**
- * Default user {@link Configuration} for a reactive application. Configures a
+ * Default user {@link Configuration} for a reactive web application. Configures a
 * {@link ReactiveUserDetailsService} with a default user and generated password. This
 * backs-off completely if there is a bean of type {@link ReactiveUserDetailsService} or
 * {@link ReactiveAuthenticationManager}.
- * <p>
- * Note that the current reactive application detection mechanism is limited to web
- * applications only. If you're writing a non-web application you will currently need to
- * configure reactive security yourself.
 *
 * @author Madhura Bhave
- * @since 2.1.0
 */
 @Configuration
 @ConditionalOnClass({ ReactiveAuthenticationManager.class })

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/reactive/StaticResourceRequest.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/reactive/StaticResourceRequest.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.reactive;
+package org.springframework.boot.autoconfigure.security.reactive;

 import java.util.EnumSet;
 import java.util.LinkedHashSet;

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/reactive/package-info.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/reactive/package-info.java
@@ -17,4 +17,4 @@
 /**
 * Auto-configuration for reactive Spring Security.
 */
-package org.springframework.boot.autoconfigure.security.web.reactive;
+package org.springframework.boot.autoconfigure.security.reactive;
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/MvcRequestMatcherProvider.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/MvcRequestMatcherProvider.java
@@ -13,7 +13,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;

 import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
@@ -24,7 +24,7 @@ import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 * used for Spring MVC applications.
 *
 * @author Madhura Bhave
- * @since 2.1.0
+ * @since 2.0.5
 */
 public class MvcRequestMatcherProvider implements RequestMatcherProvider {


--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/PathRequest.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/PathRequest.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;

 import java.util.function.Supplier;

@@ -31,7 +31,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 *
 * @author Madhura Bhave
 * @author Phillip Webb
- * @since 2.1.0
+ * @since 2.0.0
 */
 public final class PathRequest {


--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/RequestMatcherProvider.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/RequestMatcherProvider.java
@@ -13,7 +13,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;

 import org.springframework.security.web.util.matcher.RequestMatcher;

@@ -22,7 +22,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 * Spring Security.
 *
 * @author Madhura Bhave
- * @since 2.1.0
+ * @since 2.0.5
 */
 @FunctionalInterface
 public interface RequestMatcherProvider {

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfiguration.java
@@ -14,18 +14,20 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security;
+package org.springframework.boot.autoconfigure.security.servlet;

 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.security.SecurityDataConfiguration;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
 import org.springframework.security.authentication.AuthenticationEventPublisher;
 import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
-import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;

 /**
 * {@link EnableAutoConfiguration Auto-configuration} for Spring Security.
@@ -33,12 +35,12 @@ import org.springframework.security.data.repository.query.SecurityEvaluationCont
 * @author Dave Syer
 * @author Andy Wilkinson
 * @author Madhura Bhave
- * @author Rob Winch
- * @since 2.1.0
 */
 @Configuration
 @ConditionalOnClass(DefaultAuthenticationEventPublisher.class)
 @EnableConfigurationProperties(SecurityProperties.class)
+@Import({ SpringBootWebSecurityConfiguration.class, WebSecurityEnablerConfiguration.class,
+		SecurityDataConfiguration.class })
 public class SecurityAutoConfiguration {

 	@Bean
@@ -48,16 +50,4 @@ public class SecurityAutoConfiguration {
 		return new DefaultAuthenticationEventPublisher(publisher);
 	}

-	@Configuration
-	@ConditionalOnClass(SecurityEvaluationContextExtension.class)
-	static class SecurityDataConfiguration {
-
-		@Bean
-		@ConditionalOnMissingBean
-		public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
-			return new SecurityEvaluationContextExtension();
-		}
-
-	}
-
 }
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/SecurityFilterAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/SecurityFilterAutoConfiguration.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;

 import java.util.EnumSet;
 import java.util.stream.Collectors;
@@ -22,14 +22,12 @@ import java.util.stream.Collectors;
 import javax.servlet.DispatcherType;

 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
-import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
 import org.springframework.boot.autoconfigure.security.SecurityProperties;
-import org.springframework.boot.autoconfigure.security.UserDetailsServiceAutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.web.servlet.DelegatingFilterProxyRegistrationBean;
 import org.springframework.context.annotation.Bean;
@@ -47,15 +45,14 @@ import org.springframework.security.web.context.AbstractSecurityWebApplicationIn
 * @author Rob Winch
 * @author Phillip Webb
 * @author Andy Wilkinson
- * @since 2.1.0
+ * @since 1.3
 */
 @Configuration
 @ConditionalOnWebApplication(type = Type.SERVLET)
 @EnableConfigurationProperties(SecurityProperties.class)
 @ConditionalOnClass({ AbstractSecurityWebApplicationInitializer.class,
 		SessionCreationPolicy.class })
-@AutoConfigureAfter(ServletWebSecurityAutoConfiguration.class)
-@AutoConfigureBefore(UserDetailsServiceAutoConfiguration.class)
+@AutoConfigureAfter(SecurityAutoConfiguration.class)
 public class SecurityFilterAutoConfiguration {

 	private static final String DEFAULT_FILTER_NAME = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME;

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/SecurityRequestMatcherProviderAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/SecurityRequestMatcherProviderAutoConfiguration.java
@@ -13,7 +13,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;

 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
@@ -28,7 +28,7 @@ import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 * Auto-configuration for {@link RequestMatcherProvider}.
 *
 * @author Madhura Bhave
- * @since 2.1.0
+ * @since 2.0.5
 */
 @Configuration
 @ConditionalOnClass({ RequestMatcher.class, DispatcherServlet.class })

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/SpringBootWebSecurityConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/SpringBootWebSecurityConfiguration.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;

 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
@@ -33,7 +33,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 * part of the custom security configuration.
 *
 * @author Madhura Bhave
- * @since 2.1.0
+ * @since 2.0.0
 */
 @Configuration
 @ConditionalOnClass(WebSecurityConfigurerAdapter.class)

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/StaticResourceRequest.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/StaticResourceRequest.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;

 import java.util.EnumSet;
 import java.util.LinkedHashSet;
@@ -40,7 +40,7 @@ import org.springframework.util.Assert;
 *
 * @author Madhura Bhave
 * @author Phillip Webb
- * @since 2.1.0
+ * @since 2.0.0
 * @see PathRequest
 */
 public final class StaticResourceRequest {

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/UserDetailsServiceAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/UserDetailsServiceAutoConfiguration.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security;
+package org.springframework.boot.autoconfigure.security.servlet;

 import java.util.List;
 import java.util.regex.Pattern;
@@ -27,6 +27,7 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Lazy;
@@ -49,7 +50,6 @@ import org.springframework.util.StringUtils;
 * @author Dave Syer
 * @author Rob Winch
 * @author Madhura Bhave
- * @since 2.1.0
 */
 @Configuration
 @ConditionalOnClass(AuthenticationManager.class)

--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/EnableWebSecurityConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/EnableWebSecurityConfiguration.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;

 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
@@ -33,13 +33,13 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 * been configured by the user, this will back-off.
 *
 * @author Madhura Bhave
- * @since 2.1.0
+ * @since 2.0.0
 */
 @Configuration
 @ConditionalOnBean(WebSecurityConfigurerAdapter.class)
 @ConditionalOnMissingBean(name = BeanIds.SPRING_SECURITY_FILTER_CHAIN)
 @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
 @EnableWebSecurity
-public class EnableWebSecurityConfiguration {
+public class WebSecurityEnablerConfiguration {

 }
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/package-info.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/package-info.java
@@ -17,4 +17,4 @@
 /**
 * Auto-configuration for Servlet-based Spring Security.
 */
-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/ServletWebSecurityAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/web/servlet/ServletWebSecurityAutoConfiguration.java
-/*
- * Copyright 2012-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.boot.autoconfigure.security.web.servlet;
-
-import org.springframework.boot.autoconfigure.AutoConfigureAfter;
-import org.springframework.boot.autoconfigure.AutoConfigureBefore;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.SecurityProperties;
-import org.springframework.boot.autoconfigure.security.UserDetailsServiceAutoConfiguration;
-import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
-import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
-
-/**
- * {@link EnableAutoConfiguration Auto-configuration} for Spring Security in a servlet web
- * application.
- *
- * @author Madhura Bhave
- * @since 2.1.0
- */
-@Configuration
-@EnableConfigurationProperties(SecurityProperties.class)
-@ConditionalOnClass(DefaultAuthenticationEventPublisher.class)
-@AutoConfigureAfter(SecurityAutoConfiguration.class)
-@AutoConfigureBefore(UserDetailsServiceAutoConfiguration.class)
-@Import({ SpringBootWebSecurityConfiguration.class,
-		EnableWebSecurityConfiguration.class })
-public class ServletWebSecurityAutoConfiguration {
-
-}
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories
@@ -99,19 +99,18 @@ org.springframework.boot.autoconfigure.mustache.MustacheAutoConfiguration,\
 org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,\
 org.springframework.boot.autoconfigure.quartz.QuartzAutoConfiguration,\
 org.springframework.boot.autoconfigure.reactor.core.ReactorCoreAutoConfiguration,\
-org.springframework.boot.autoconfigure.security.ReactiveUserDetailsServiceAutoConfiguration,\
-org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration,\
-org.springframework.boot.autoconfigure.security.UserDetailsServiceAutoConfiguration,\
-org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration,\
-org.springframework.boot.autoconfigure.security.web.servlet.SecurityRequestMatcherProviderAutoConfiguration,\
-org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration,\
-org.springframework.boot.autoconfigure.security.web.servlet.SecurityFilterAutoConfiguration,\
+org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,\
+org.springframework.boot.autoconfigure.security.servlet.SecurityRequestMatcherProviderAutoConfiguration,\
+org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration,\
+org.springframework.boot.autoconfigure.security.servlet.SecurityFilterAutoConfiguration,\
+org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration,\
+org.springframework.boot.autoconfigure.security.reactive.ReactiveUserDetailsServiceAutoConfiguration,\
 org.springframework.boot.autoconfigure.sendgrid.SendGridAutoConfiguration,\
 org.springframework.boot.autoconfigure.session.SessionAutoConfiguration,\
-org.springframework.boot.autoconfigure.security.oauth2.client.web.OAuth2ClientAutoConfiguration,\
-org.springframework.boot.autoconfigure.security.oauth2.client.ReactiveOAuth2ClientAutoConfiguration,\
-org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerAutoConfiguration,\
-org.springframework.boot.autoconfigure.security.oauth2.resource.ReactiveOAuth2ResourceServerAutoConfiguration,\
+org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration,\
+org.springframework.boot.autoconfigure.security.oauth2.client.reactive.ReactiveOAuth2ClientAutoConfiguration,\
+org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerAutoConfiguration,\
+org.springframework.boot.autoconfigure.security.oauth2.resource.reactive.ReactiveOAuth2ResourceServerAutoConfiguration,\
 org.springframework.boot.autoconfigure.solr.SolrAutoConfiguration,\
 org.springframework.boot.autoconfigure.task.TaskExecutionAutoConfiguration,\
 org.springframework.boot.autoconfigure.task.TaskSchedulingAutoConfiguration,\

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/jpa/JpaUserDetailsTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/jpa/JpaUserDetailsTests.java
@@ -24,7 +24,7 @@ import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoCon
 import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
 import org.springframework.boot.autoconfigure.jdbc.EmbeddedDataSourceConfiguration;
 import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 import org.springframework.boot.test.context.SpringBootContextLoader;
 import org.springframework.context.annotation.Import;
 import org.springframework.test.annotation.DirtiesContext;

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/ReactiveOAuth2ClientAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/ReactiveOAuth2ClientAutoConfigurationTests.java
@@ -13,7 +13,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.oauth2.client;
+package org.springframework.boot.autoconfigure.security.oauth2.client.reactive;

 import java.util.ArrayList;
 import java.util.List;

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/web/OAuth2ClientRegistrationRepositoryConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/web/OAuth2ClientRegistrationRepositoryConfigurationTests.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.oauth2.client.web;
+package org.springframework.boot.autoconfigure.security.oauth2.client.servlet;

 import org.junit.Test;


--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/web/OAuth2WebSecurityConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/web/OAuth2WebSecurityConfigurationTests.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.oauth2.client.web;
+package org.springframework.boot.autoconfigure.security.oauth2.client.servlet;

 import java.util.ArrayList;
 import java.util.List;

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ReactiveOAuth2ResourceServerAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ReactiveOAuth2ResourceServerAutoConfigurationTests.java
@@ -13,7 +13,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.oauth2.resource;
+package org.springframework.boot.autoconfigure.security.oauth2.resource.reactive;

 import java.io.IOException;
 import java.util.Collections;

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerAutoConfigurationTests.java
@@ -13,7 +13,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.oauth2.resource;
+package org.springframework.boot.autoconfigure.security.oauth2.resource.servlet;

 import java.util.Collections;
 import java.util.HashMap;

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/reactive/PathRequestTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/reactive/PathRequestTests.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.reactive;
+package org.springframework.boot.autoconfigure.security.reactive;

 import org.junit.Test;


--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/reactive/ReactiveWebSecurityAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/reactive/ReactiveWebSecurityAutoConfigurationTests.java
@@ -14,12 +14,11 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.reactive;
+package org.springframework.boot.autoconfigure.security.reactive;

 import org.junit.Test;

 import org.springframework.boot.autoconfigure.AutoConfigurations;
-import org.springframework.boot.autoconfigure.security.ReactiveUserDetailsServiceAutoConfiguration;
 import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -29,11 +28,11 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;

 /**
- * Tests for {@link ReactiveWebSecurityAutoConfiguration}.
+ * Tests for {@link ReactiveSecurityAutoConfiguration}.
 *
 * @author Madhura Bhave
 */
-public class ReactiveWebSecurityAutoConfigurationTests {
+public class ReactiveSecurityAutoConfigurationTests {

 	private ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner();

@@ -41,7 +40,7 @@ public class ReactiveWebSecurityAutoConfigurationTests {
 	public void backsOffWhenWebFilterChainProxyBeanPresent() {
 		this.contextRunner
 				.withConfiguration(
-						AutoConfigurations.of(ReactiveWebSecurityAutoConfiguration.class))
+						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
 				.withUserConfiguration(WebFilterChainProxyConfiguration.class)
 				.run((context) -> assertThat(context)
 						.hasSingleBean(WebFilterChainProxy.class));
@@ -51,7 +50,7 @@ public class ReactiveWebSecurityAutoConfigurationTests {
 	public void enablesWebFluxSecurity() {
 		this.contextRunner
 				.withConfiguration(
-						AutoConfigurations.of(ReactiveWebSecurityAutoConfiguration.class,
+						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class,
 								ReactiveUserDetailsServiceAutoConfiguration.class))
 				.run((context) -> assertThat(context).getBean(WebFilterChainProxy.class)
 						.isNotNull());

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/ReactiveUserDetailsServiceAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/ReactiveUserDetailsServiceAutoConfigurationTests.java
@@ -14,12 +14,13 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security;
+package org.springframework.boot.autoconfigure.security.reactive;

 import org.junit.Test;
 import reactor.core.publisher.Mono;

 import org.springframework.boot.autoconfigure.AutoConfigurations;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
 import org.springframework.context.annotation.Bean;
@@ -80,6 +81,8 @@ public class ReactiveUserDetailsServiceAutoConfigurationTests {
 		this.contextRunner
 				.withUserConfiguration(AuthenticationManagerConfig.class,
 						TestSecurityConfiguration.class)
+				.withConfiguration(
+						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
 				.run((context) -> assertThat(context)
 						.getBean(ReactiveUserDetailsService.class).isNull());
 	}

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/reactive/StaticResourceRequestTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/reactive/StaticResourceRequestTests.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.reactive;
+package org.springframework.boot.autoconfigure.security.reactive;

 import org.assertj.core.api.AssertDelegateTarget;
 import org.junit.Test;

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/servlet/PathRequestTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/servlet/PathRequestTests.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;

 import javax.servlet.http.HttpServletRequest;


--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java
@@ -14,7 +14,11 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security;
+package org.springframework.boot.autoconfigure.security.servlet;
+
+import java.util.EnumSet;
+
+import javax.servlet.DispatcherType;

 import org.junit.Rule;
 import org.junit.Test;
@@ -25,20 +29,24 @@ import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoCon
 import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
 import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration;
 import org.springframework.boot.autoconfigure.orm.jpa.test.City;
-import org.springframework.boot.autoconfigure.security.web.servlet.SecurityFilterAutoConfiguration;
 import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
 import org.springframework.boot.test.rule.OutputCapture;
+import org.springframework.boot.web.servlet.DelegatingFilterProxyRegistrationBean;
+import org.springframework.boot.web.servlet.filter.OrderedFilter;
 import org.springframework.context.annotation.AnnotationConfigApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.orm.jpa.JpaTransactionManager;
 import org.springframework.security.authentication.AuthenticationEventPublisher;
 import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.test.util.ReflectionTestUtils;

 import static org.assertj.core.api.Assertions.assertThat;

@@ -59,6 +67,27 @@ public class SecurityAutoConfigurationTests {
 	@Rule
 	public OutputCapture outputCapture = new OutputCapture();

+	@Test
+	public void testWebConfiguration() {
+		this.contextRunner.run((context) -> {
+			assertThat(context.getBean(AuthenticationManagerBuilder.class)).isNotNull();
+			assertThat(context.getBean(FilterChainProxy.class).getFilterChains())
+					.hasSize(1);
+		});
+	}
+
+	@Test
+	public void testDefaultFilterOrderWithSecurityAdapter() {
+		this.contextRunner
+				.withConfiguration(AutoConfigurations.of(WebSecurity.class,
+						SecurityFilterAutoConfiguration.class))
+				.run((context) -> assertThat(context
+						.getBean("securityFilterChainRegistration",
+								DelegatingFilterProxyRegistrationBean.class)
+						.getOrder()).isEqualTo(
+								OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER - 100));
+	}
+
 	@Test
 	public void testFilterIsNotRegisteredInNonWeb() {
 		try (AnnotationConfigApplicationContext customContext = new AnnotationConfigApplicationContext()) {
@@ -87,6 +116,30 @@ public class SecurityAutoConfigurationTests {
 								AuthenticationEventPublisherConfiguration.TestAuthenticationEventPublisher.class));
 	}

+	@Test
+	public void testDefaultFilterOrder() {
+		this.contextRunner
+				.withConfiguration(
+						AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
+				.run((context) -> assertThat(context
+						.getBean("securityFilterChainRegistration",
+								DelegatingFilterProxyRegistrationBean.class)
+						.getOrder()).isEqualTo(
+								OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER - 100));
+	}
+
+	@Test
+	public void testCustomFilterOrder() {
+		this.contextRunner
+				.withConfiguration(
+						AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
+				.withPropertyValues("spring.security.filter.order:12345").run(
+						(context) -> assertThat(context
+								.getBean("securityFilterChainRegistration",
+										DelegatingFilterProxyRegistrationBean.class)
+								.getOrder()).isEqualTo(12345));
+	}
+
 	@Test
 	public void testJpaCoexistsHappily() {
 		this.contextRunner
@@ -108,6 +161,42 @@ public class SecurityAutoConfigurationTests {
 				.getBean(SecurityEvaluationContextExtension.class).isNotNull());
 	}

+	@Test
+	public void defaultFilterDispatcherTypes() {
+		this.contextRunner
+				.withConfiguration(
+						AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
+				.run((context) -> {
+					DelegatingFilterProxyRegistrationBean bean = context.getBean(
+							"securityFilterChainRegistration",
+							DelegatingFilterProxyRegistrationBean.class);
+					@SuppressWarnings("unchecked")
+					EnumSet<DispatcherType> dispatcherTypes = (EnumSet<DispatcherType>) ReflectionTestUtils
+							.getField(bean, "dispatcherTypes");
+					assertThat(dispatcherTypes).containsOnly(DispatcherType.ASYNC,
+							DispatcherType.ERROR, DispatcherType.REQUEST);
+				});
+	}
+
+	@Test
+	public void customFilterDispatcherTypes() {
+		this.contextRunner
+				.withPropertyValues(
+						"spring.security.filter.dispatcher-types:INCLUDE,ERROR")
+				.withConfiguration(
+						AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
+				.run((context) -> {
+					DelegatingFilterProxyRegistrationBean bean = context.getBean(
+							"securityFilterChainRegistration",
+							DelegatingFilterProxyRegistrationBean.class);
+					@SuppressWarnings("unchecked")
+					EnumSet<DispatcherType> dispatcherTypes = (EnumSet<DispatcherType>) ReflectionTestUtils
+							.getField(bean, "dispatcherTypes");
+					assertThat(dispatcherTypes).containsOnly(DispatcherType.INCLUDE,
+							DispatcherType.ERROR);
+				});
+	}
+
 	@Configuration
 	@TestAutoConfigurationPackage(City.class)
 	protected static class EntityConfiguration {

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/servlet/SecurityFilterAutoConfigurationEarlyInitializationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/servlet/SecurityFilterAutoConfigurationEarlyInitializationTests.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;

 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.DeserializationContext;
@@ -28,8 +28,6 @@ import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
 import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
 import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.UserDetailsServiceAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
 import org.springframework.boot.test.rule.OutputCapture;
@@ -82,7 +80,6 @@ public class SecurityFilterAutoConfigurationEarlyInitializationTests {
 			DispatcherServletAutoConfiguration.class, SecurityAutoConfiguration.class,
 			UserDetailsServiceAutoConfiguration.class,
 			SecurityFilterAutoConfiguration.class,
-			ServletWebSecurityAutoConfiguration.class,
 			PropertyPlaceholderAutoConfiguration.class })
 	static class Config {


--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/servlet/SecurityFilterAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/servlet/SecurityFilterAutoConfigurationTests.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;

 import org.junit.Test;

@@ -22,16 +22,16 @@ import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
 import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
 import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.ConverterBean;
-import org.springframework.boot.autoconfigure.security.web.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.DeserializerBean;
-import org.springframework.boot.autoconfigure.security.web.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.ExampleController;
-import org.springframework.boot.autoconfigure.security.web.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.JacksonModuleBean;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfigurationTests.WebSecurity;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.ConverterBean;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.DeserializerBean;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.ExampleController;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.JacksonModuleBean;
 import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.mock.web.MockServletContext;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;

 /**
@@ -56,7 +56,6 @@ public class SecurityFilterAutoConfigurationTests {
 	@ImportAutoConfiguration({ WebMvcAutoConfiguration.class,
 			JacksonAutoConfiguration.class, HttpMessageConvertersAutoConfiguration.class,
 			DispatcherServletAutoConfiguration.class, WebSecurity.class,
-			ServletWebSecurityAutoConfiguration.class,
 			SecurityFilterAutoConfiguration.class,
 			PropertyPlaceholderAutoConfiguration.class })
 	static class Config {

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/servlet/SecurityRequestMatcherProviderAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/servlet/SecurityRequestMatcherProviderAutoConfigurationTests.java
@@ -13,7 +13,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;

 import org.junit.Test;


--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/servlet/StaticResourceRequestTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/servlet/StaticResourceRequestTests.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security.web.servlet;
+package org.springframework.boot.autoconfigure.security.servlet;

 import javax.servlet.http.HttpServletRequest;


--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/UserDetailsServiceAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/UserDetailsServiceAutoConfigurationTests.java
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-package org.springframework.boot.autoconfigure.security;
+package org.springframework.boot.autoconfigure.security.servlet;

 import java.util.Collections;

@@ -22,6 +22,7 @@ import org.junit.Rule;
 import org.junit.Test;

 import org.springframework.boot.autoconfigure.AutoConfigurations;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.test.context.runner.ApplicationContextRunner;
 import org.springframework.boot.test.rule.OutputCapture;

--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/servlet/ServletWebSecurityAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/web/servlet/ServletWebSecurityAutoConfigurationTests.java
-/*
- * Copyright 2012-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.boot.autoconfigure.security.web.servlet;
-
-import java.util.EnumSet;
-
-import javax.servlet.DispatcherType;
-
-import org.junit.Test;
-
-import org.springframework.boot.autoconfigure.AutoConfigurations;
-import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
-import org.springframework.boot.web.servlet.DelegatingFilterProxyRegistrationBean;
-import org.springframework.boot.web.servlet.filter.OrderedFilter;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.web.FilterChainProxy;
-import org.springframework.test.util.ReflectionTestUtils;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-/**
- * Tests for {@link ServletWebSecurityAutoConfiguration}.
- *
- * @author Phillip Webb
- */
-public class ServletWebSecurityAutoConfigurationTests {
-
-	private WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
-			.withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class,
-					ServletWebSecurityAutoConfiguration.class,
-					PropertyPlaceholderAutoConfiguration.class));
-
-	@Test
-	public void testWebConfiguration() {
-		this.contextRunner.run((context) -> {
-			assertThat(context.getBean(AuthenticationManagerBuilder.class)).isNotNull();
-			assertThat(context.getBean(FilterChainProxy.class).getFilterChains())
-					.hasSize(1);
-		});
-	}
-
-	@Test
-	public void testDefaultFilterOrderWithSecurityAdapter() {
-		this.contextRunner
-				.withConfiguration(AutoConfigurations.of(WebSecurity.class,
-						SecurityFilterAutoConfiguration.class))
-				.run((context) -> assertThat(context
-						.getBean("securityFilterChainRegistration",
-								DelegatingFilterProxyRegistrationBean.class)
-						.getOrder()).isEqualTo(
-								OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER - 100));
-	}
-
-	@Test
-	public void testDefaultFilterOrder() {
-		this.contextRunner
-				.withConfiguration(
-						AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
-				.run((context) -> assertThat(context
-						.getBean("securityFilterChainRegistration",
-								DelegatingFilterProxyRegistrationBean.class)
-						.getOrder()).isEqualTo(
-								OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER - 100));
-	}
-
-	@Test
-	public void testCustomFilterOrder() {
-		this.contextRunner
-				.withConfiguration(
-						AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
-				.withPropertyValues("spring.security.filter.order:12345").run(
-						(context) -> assertThat(context
-								.getBean("securityFilterChainRegistration",
-										DelegatingFilterProxyRegistrationBean.class)
-								.getOrder()).isEqualTo(12345));
-	}
-
-	@Test
-	public void defaultFilterDispatcherTypes() {
-		this.contextRunner
-				.withConfiguration(
-						AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
-				.run((context) -> {
-					DelegatingFilterProxyRegistrationBean bean = context.getBean(
-							"securityFilterChainRegistration",
-							DelegatingFilterProxyRegistrationBean.class);
-					@SuppressWarnings("unchecked")
-					EnumSet<DispatcherType> dispatcherTypes = (EnumSet<DispatcherType>) ReflectionTestUtils
-							.getField(bean, "dispatcherTypes");
-					assertThat(dispatcherTypes).containsOnly(DispatcherType.ASYNC,
-							DispatcherType.ERROR, DispatcherType.REQUEST);
-				});
-	}
-
-	@Test
-	public void customFilterDispatcherTypes() {
-		this.contextRunner
-				.withPropertyValues(
-						"spring.security.filter.dispatcher-types:INCLUDE,ERROR")
-				.withConfiguration(
-						AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
-				.run((context) -> {
-					DelegatingFilterProxyRegistrationBean bean = context.getBean(
-							"securityFilterChainRegistration",
-							DelegatingFilterProxyRegistrationBean.class);
-					@SuppressWarnings("unchecked")
-					EnumSet<DispatcherType> dispatcherTypes = (EnumSet<DispatcherType>) ReflectionTestUtils
-							.getField(bean, "dispatcherTypes");
-					assertThat(dispatcherTypes).containsOnly(DispatcherType.INCLUDE,
-							DispatcherType.ERROR);
-				});
-	}
-
-}
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/servlet/FilterOrderingIntegrationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/servlet/FilterOrderingIntegrationTests.java
@@ -28,8 +28,7 @@ import org.junit.Test;

 import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
 import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.session.SessionAutoConfiguration;
 import org.springframework.boot.testsupport.web.servlet.MockServletWebServer.RegisteredFilter;
 import org.springframework.boot.web.server.WebServerFactoryCustomizerBeanPostProcessor;
@@ -90,7 +89,7 @@ public class FilterOrderingIntegrationTests {
 		this.context.register(MockWebServerConfiguration.class,
 				TestSessionConfiguration.class, TestRedisConfiguration.class,
 				WebMvcAutoConfiguration.class, SecurityAutoConfiguration.class,
-				ServletWebSecurityAutoConfiguration.class, SessionAutoConfiguration.class,
+				SessionAutoConfiguration.class,
 				HttpMessageConvertersAutoConfiguration.class,
 				PropertyPlaceholderAutoConfiguration.class,
 				HttpEncodingAutoConfiguration.class);

--- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/CustomWebFluxSecurityExample.java
+++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/CustomWebFluxSecurityExample.java
@@ -16,7 +16,7 @@

 package org.springframework.boot.docs.web.security;

-import org.springframework.boot.autoconfigure.security.web.reactive.PathRequest;
+import org.springframework.boot.autoconfigure.security.reactive.PathRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.web.server.SecurityWebFilterChain;

--- a/spring-boot-project/spring-boot-test-autoconfigure/src/main/java/org/springframework/boot/test/autoconfigure/web/servlet/MockMvcSecurityAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-test-autoconfigure/src/main/java/org/springframework/boot/test/autoconfigure/web/servlet/MockMvcSecurityAutoConfiguration.java
@@ -17,9 +17,8 @@
 package org.springframework.boot.test.autoconfigure.web.servlet;

 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.UserDetailsServiceAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;

@@ -31,8 +30,8 @@ import org.springframework.context.annotation.Import;
 */
 @Configuration
 @ConditionalOnProperty(prefix = "spring.test.mockmvc", name = "secure", havingValue = "true", matchIfMissing = true)
-@Import({ SecurityAutoConfiguration.class, ServletWebSecurityAutoConfiguration.class,
-		UserDetailsServiceAutoConfiguration.class, MockMvcSecurityConfiguration.class })
+@Import({ SecurityAutoConfiguration.class, UserDetailsServiceAutoConfiguration.class,
+		MockMvcSecurityConfiguration.class })
 public class MockMvcSecurityAutoConfiguration {

 }
--- a/spring-boot-project/spring-boot-test-autoconfigure/src/main/resources/META-INF/spring.factories
+++ b/spring-boot-project/spring-boot-test-autoconfigure/src/main/resources/META-INF/spring.factories
@@ -88,8 +88,8 @@ org.springframework.boot.autoconfigure.jsonb.JsonbAutoConfiguration

 # AutoConfigureWebClient auto-configuration imports
 org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient=\
-org.springframework.boot.autoconfigure.security.ReactiveUserDetailsServiceAutoConfiguration,\
-org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration,\
+org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration,\
+org.springframework.boot.autoconfigure.security.reactive.ReactiveUserDetailsServiceAutoConfiguration,\
 org.springframework.boot.test.autoconfigure.web.reactive.WebTestClientAutoConfiguration

 # AutoConfigureWebFlux auto-configuration imports

--- a/spring-boot-project/spring-boot-test-autoconfigure/src/test/java/org/springframework/boot/test/autoconfigure/restdocs/RestDocsTestApplication.java
+++ b/spring-boot-project/spring-boot-test-autoconfigure/src/test/java/org/springframework/boot/test/autoconfigure/restdocs/RestDocsTestApplication.java
@@ -17,16 +17,14 @@
 package org.springframework.boot.test.autoconfigure.restdocs;

 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
-import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;

 /**
 * Test application used with {@link AutoConfigureRestDocs} tests.
 *
 * @author Andy Wilkinson
 */
-@SpringBootApplication(exclude = { SecurityAutoConfiguration.class,
-		ServletWebSecurityAutoConfiguration.class })
+@SpringBootApplication(exclude = SecurityAutoConfiguration.class)
 public class RestDocsTestApplication {

 }
--- a/spring-boot-samples/spring-boot-sample-actuator-custom-security/src/main/java/sample/actuator/customsecurity/SecurityConfiguration.java
+++ b/spring-boot-samples/spring-boot-sample-actuator-custom-security/src/main/java/sample/actuator/customsecurity/SecurityConfiguration.java
@@ -16,9 +16,9 @@

 package sample.actuator.customsecurity;

-import org.springframework.boot.actuate.autoconfigure.security.web.servlet.EndpointRequest;
+import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
 import org.springframework.boot.actuate.web.mappings.MappingsEndpoint;
-import org.springframework.boot.autoconfigure.security.web.servlet.PathRequest;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;

--- a/spring-boot-samples/spring-boot-sample-secure-webflux/src/test/java/sample/secure/webflux/SampleSecureWebFluxCustomSecurityTests.java
+++ b/spring-boot-samples/spring-boot-sample-secure-webflux/src/test/java/sample/secure/webflux/SampleSecureWebFluxCustomSecurityTests.java
@@ -22,9 +22,9 @@ import org.junit.Test;
 import org.junit.runner.RunWith;

 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.actuate.autoconfigure.security.web.reactive.EndpointRequest;
+import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest;
 import org.springframework.boot.actuate.web.mappings.MappingsEndpoint;
-import org.springframework.boot.autoconfigure.security.web.reactive.PathRequest;
+import org.springframework.boot.autoconfigure.security.reactive.PathRequest;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

--- a/spring-boot-samples/spring-boot-sample-web-method-security/src/main/java/sample/security/method/SampleMethodSecurityApplication.java
+++ b/spring-boot-samples/spring-boot-sample-web-method-security/src/main/java/sample/security/method/SampleMethodSecurityApplication.java
@@ -19,7 +19,7 @@ package sample.security.method;
 import java.util.Date;
 import java.util.Map;

-import org.springframework.boot.actuate.autoconfigure.security.web.servlet.EndpointRequest;
+import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.context.annotation.Bean;

--- a/spring-boot-samples/spring-boot-sample-web-secure/src/main/java/sample/web/secure/SampleWebSecureApplication.java
+++ b/spring-boot-samples/spring-boot-sample-web-secure/src/main/java/sample/web/secure/SampleWebSecureApplication.java
@@ -20,7 +20,7 @@ import java.util.Date;
 import java.util.Map;

 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.security.web.servlet.PathRequest;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;