Upgrade to Spring Security 5.0.0.M1

Closes gh-8714

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java

@@ -18,6 +18,7 @@ package org.springframework.boot.autoconfigure.security.oauth2.resource;
 
 import java.io.IOException;
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.List;
 import java.util.Map;
 
@@ -45,7 +46,6 @@ import org.springframework.http.MediaType;
 import org.springframework.http.client.ClientHttpRequestExecution;
 import org.springframework.http.client.ClientHttpRequestInterceptor;
 import org.springframework.http.client.ClientHttpResponse;
-import org.springframework.security.crypto.codec.Base64;
 import org.springframework.security.oauth2.client.OAuth2ClientContext;
 import org.springframework.security.oauth2.client.OAuth2RestOperations;
 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
@@ -298,7 +298,8 @@ public class ResourceServerTokenServicesConfiguration {
 			String username = this.resource.getClientId();
 			String password = this.resource.getClientSecret();
 			if (username != null && password != null) {
-				byte[] token = Base64.encode((username + ":" + password).getBytes());
+				byte[] token = Base64.getEncoder()
+						.encode((username + ":" + password).getBytes());
 				headers.add("Authorization", "Basic " + new String(token));
 			}
 			HttpEntity<Void> request = new HttpEntity<>(headers);

spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/OAuth2AutoConfigurationTests.java

@@ -19,6 +19,7 @@ package org.springframework.boot.autoconfigure.security.oauth2;
 import java.net.URI;
 import java.net.URL;
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.List;
 
 import com.fasterxml.jackson.databind.JsonNode;
@@ -72,7 +73,6 @@ import org.springframework.security.config.annotation.method.configuration.Globa
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.crypto.codec.Base64;
 import org.springframework.security.oauth2.client.OAuth2ClientContext;
 import org.springframework.security.oauth2.client.OAuth2RestOperations;
 import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
@@ -455,7 +455,7 @@ public class OAuth2AutoConfigurationTests {
 
 	private HttpHeaders getHeaders(ClientDetails config) {
 		HttpHeaders headers = new HttpHeaders();
-		String token = new String(Base64.encode(
+		String token = new String(Base64.getEncoder().encode(
 				(config.getClientId() + ":" + config.getClientSecret()).getBytes()));
 		headers.set("Authorization", "Basic " + token);
 		return headers;

spring-boot-dependencies/pom.xml

@@ -165,7 +165,7 @@
 		<spring-plugin.version>1.2.0.RELEASE</spring-plugin.version>
 		<spring-restdocs.version>1.2.1.BUILD-SNAPSHOT</spring-restdocs.version>
 		<spring-retry.version>1.2.0.RELEASE</spring-retry.version>
-		<spring-security.version>5.0.0.BUILD-SNAPSHOT</spring-security.version>
+		<spring-security.version>5.0.0.M1</spring-security.version>
 		<spring-security-jwt.version>1.0.7.RELEASE</spring-security-jwt.version>
 		<spring-security-oauth.version>2.1.0.RELEASE</spring-security-oauth.version>
 		<spring-session.version>2.0.0.BUILD-SNAPSHOT</spring-session.version>

spring-boot-integration-tests/spring-boot-security-tests/spring-boot-security-test-web-helloworld/src/test/java/sample/HelloWebSecurityApplicationTests.java

 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package sample;
 
+import java.util.Base64;
+
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.Before;
@@ -28,7 +30,6 @@ import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.crypto.codec.Base64;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.test.context.junit4.SpringRunner;
 
@@ -63,8 +64,8 @@ public class HelloWebSecurityApplicationTests {
 
 	@Test
 	public void userAuthenticates() throws Exception {
-		this.request.addHeader("Authorization",
-				"Basic " + new String(Base64.encode("user:password".getBytes("UTF-8"))));
+		this.request.addHeader("Authorization", "Basic " + new String(
+				Base64.getEncoder().encode("user:password".getBytes("UTF-8"))));
 
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);